Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
f_fs.c
Go to the documentation of this file.
1 /*
2  * f_fs.c -- user mode file system API for USB composite function controllers
3  *
4  * Copyright (C) 2010 Samsung Electronics
5  * Author: Michal Nazarewicz <[email protected]>
6  *
7  * Based on inode.c (GadgetFS) which was:
8  * Copyright (C) 2003-2004 David Brownell
9  * Copyright (C) 2003 Agilent Technologies
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  */
16 
17 
18 /* #define DEBUG */
19 /* #define VERBOSE_DEBUG */
20 
21 #include <linux/blkdev.h>
22 #include <linux/pagemap.h>
23 #include <linux/export.h>
24 #include <linux/hid.h>
25 #include <asm/unaligned.h>
26 
27 #include <linux/usb/composite.h>
28 #include <linux/usb/functionfs.h>
29 
30 
31 #define FUNCTIONFS_MAGIC 0xa647361 /* Chosen by a honest dice roll ;) */
32 
33 
34 /* Debugging ****************************************************************/
35 
36 #ifdef VERBOSE_DEBUG
37 # define pr_vdebug pr_debug
38 # define ffs_dump_mem(prefix, ptr, len) \
39  print_hex_dump_bytes(pr_fmt(prefix ": "), DUMP_PREFIX_NONE, ptr, len)
40 #else
41 # define pr_vdebug(...) do { } while (0)
42 # define ffs_dump_mem(prefix, ptr, len) do { } while (0)
43 #endif /* VERBOSE_DEBUG */
44 
45 #define ENTER() pr_vdebug("%s()\n", __func__)
46 
47 
48 /* The data structure and setup file ****************************************/
49 
50 enum ffs_state {
51  /*
52  * Waiting for descriptors and strings.
53  *
54  * In this state no open(2), read(2) or write(2) on epfiles
55  * may succeed (which should not be the problem as there
56  * should be no such files opened in the first place).
57  */
58  FFS_READ_DESCRIPTORS,
59  FFS_READ_STRINGS,
60 
61  /*
62  * We've got descriptors and strings. We are or have called
63  * functionfs_ready_callback(). functionfs_bind() may have
64  * been called but we don't know.
65  *
66  * This is the only state in which operations on epfiles may
67  * succeed.
68  */
69  FFS_ACTIVE,
70 
71  /*
72  * All endpoints have been closed. This state is also set if
73  * we encounter an unrecoverable error. The only
74  * unrecoverable error is situation when after reading strings
75  * from user space we fail to initialise epfiles or
76  * functionfs_ready_callback() returns with error (<0).
77  *
78  * In this state no open(2), read(2) or write(2) (both on ep0
79  * as well as epfile) may succeed (at this point epfiles are
80  * unlinked and all closed so this is not a problem; ep0 is
81  * also closed but ep0 file exists and so open(2) on ep0 must
82  * fail).
83  */
84  FFS_CLOSING
85 };
86 
87 
88 enum ffs_setup_state {
89  /* There is no setup request pending. */
90  FFS_NO_SETUP,
91  /*
92  * User has read events and there was a setup request event
93  * there. The next read/write on ep0 will handle the
94  * request.
95  */
96  FFS_SETUP_PENDING,
97  /*
98  * There was event pending but before user space handled it
99  * some other event was introduced which canceled existing
100  * setup. If this state is set read/write on ep0 return
101  * -EIDRM. This state is only set when adding event.
102  */
103  FFS_SETUP_CANCELED
104 };
105 
106 
107 
108 struct ffs_epfile;
109 struct ffs_function;
110 
111 struct ffs_data {
112  struct usb_gadget *gadget;
113 
114  /*
115  * Protect access read/write operations, only one read/write
116  * at a time. As a consequence protects ep0req and company.
117  * While setup request is being processed (queued) this is
118  * held.
119  */
120  struct mutex mutex;
121 
122  /*
123  * Protect access to endpoint related structures (basically
124  * usb_ep_queue(), usb_ep_dequeue(), etc. calls) except for
125  * endpoint zero.
126  */
127  spinlock_t eps_lock;
128 
129  /*
130  * XXX REVISIT do we need our own request? Since we are not
131  * handling setup requests immediately user space may be so
132  * slow that another setup will be sent to the gadget but this
133  * time not to us but another function and then there could be
134  * a race. Is that the case? Or maybe we can use cdev->req
135  * after all, maybe we just need some spinlock for that?
136  */
137  struct usb_request *ep0req; /* P: mutex */
138  struct completion ep0req_completion; /* P: mutex */
139  int ep0req_status; /* P: mutex */
140 
141  /* reference counter */
142  atomic_t ref;
143  /* how many files are opened (EP0 and others) */
144  atomic_t opened;
145 
146  /* EP0 state */
147  enum ffs_state state;
148 
149  /*
150  * Possible transitions:
151  * + FFS_NO_SETUP -> FFS_SETUP_PENDING -- P: ev.waitq.lock
152  * happens only in ep0 read which is P: mutex
153  * + FFS_SETUP_PENDING -> FFS_NO_SETUP -- P: ev.waitq.lock
154  * happens only in ep0 i/o which is P: mutex
155  * + FFS_SETUP_PENDING -> FFS_SETUP_CANCELED -- P: ev.waitq.lock
156  * + FFS_SETUP_CANCELED -> FFS_NO_SETUP -- cmpxchg
157  */
158  enum ffs_setup_state setup_state;
159 
160 #define FFS_SETUP_STATE(ffs) \
161  ((enum ffs_setup_state)cmpxchg(&(ffs)->setup_state, \
162  FFS_SETUP_CANCELED, FFS_NO_SETUP))
163 
164  /* Events & such. */
165  struct {
166  u8 types[4];
167  unsigned short count;
168  /* XXX REVISIT need to update it in some places, or do we? */
169  unsigned short can_stall;
170  struct usb_ctrlrequest setup;
171 
172  wait_queue_head_t waitq;
173  } ev; /* the whole structure, P: ev.waitq.lock */
174 
175  /* Flags */
176  unsigned long flags;
177 #define FFS_FL_CALL_CLOSED_CALLBACK 0
178 #define FFS_FL_BOUND 1
179 
180  /* Active function */
181  struct ffs_function *func;
182 
183  /*
184  * Device name, write once when file system is mounted.
185  * Intended for user to read if she wants.
186  */
187  const char *dev_name;
188  /* Private data for our user (ie. gadget). Managed by user. */
189  void *private_data;
190 
191  /* filled by __ffs_data_got_descs() */
192  /*
193  * Real descriptors are 16 bytes after raw_descs (so you need
194  * to skip 16 bytes (ie. ffs->raw_descs + 16) to get to the
195  * first full speed descriptor). raw_descs_length and
196  * raw_fs_descs_length do not have those 16 bytes added.
197  */
198  const void *raw_descs;
199  unsigned raw_descs_length;
200  unsigned raw_fs_descs_length;
201  unsigned fs_descs_count;
202  unsigned hs_descs_count;
203 
204  unsigned short strings_count;
205  unsigned short interfaces_count;
206  unsigned short eps_count;
207  unsigned short _pad1;
208 
209  /* filled by __ffs_data_got_strings() */
210  /* ids in stringtabs are set in functionfs_bind() */
211  const void *raw_strings;
212  struct usb_gadget_strings **stringtabs;
213 
214  /*
215  * File system's super block, write once when file system is
216  * mounted.
217  */
218  struct super_block *sb;
219 
220  /* File permissions, written once when fs is mounted */
221  struct ffs_file_perms {
222  umode_t mode;
223  uid_t uid;
224  gid_t gid;
225  } file_perms;
226 
227  /*
228  * The endpoint files, filled by ffs_epfiles_create(),
229  * destroyed by ffs_epfiles_destroy().
230  */
231  struct ffs_epfile *epfiles;
232 };
233 
234 /* Reference counter handling */
235 static void ffs_data_get(struct ffs_data *ffs);
236 static void ffs_data_put(struct ffs_data *ffs);
237 /* Creates new ffs_data object. */
238 static struct ffs_data *__must_check ffs_data_new(void) __attribute__((malloc));
239 
240 /* Opened counter handling. */
241 static void ffs_data_opened(struct ffs_data *ffs);
242 static void ffs_data_closed(struct ffs_data *ffs);
243 
244 /* Called with ffs->mutex held; take over ownership of data. */
245 static int __must_check
246 __ffs_data_got_descs(struct ffs_data *ffs, char *data, size_t len);
247 static int __must_check
248 __ffs_data_got_strings(struct ffs_data *ffs, char *data, size_t len);
249 
250 
251 /* The function structure ***************************************************/
252 
253 struct ffs_ep;
254 
255 struct ffs_function {
256  struct usb_configuration *conf;
257  struct usb_gadget *gadget;
258  struct ffs_data *ffs;
259 
260  struct ffs_ep *eps;
261  u8 eps_revmap[16];
262  short *interfaces_nums;
263 
264  struct usb_function function;
265 };
266 
267 
268 static struct ffs_function *ffs_func_from_usb(struct usb_function *f)
269 {
270  return container_of(f, struct ffs_function, function);
271 }
272 
273 static void ffs_func_free(struct ffs_function *func);
274 
275 static void ffs_func_eps_disable(struct ffs_function *func);
276 static int __must_check ffs_func_eps_enable(struct ffs_function *func);
277 
278 static int ffs_func_bind(struct usb_configuration *,
279  struct usb_function *);
280 static void ffs_func_unbind(struct usb_configuration *,
281  struct usb_function *);
282 static int ffs_func_set_alt(struct usb_function *, unsigned, unsigned);
283 static void ffs_func_disable(struct usb_function *);
284 static int ffs_func_setup(struct usb_function *,
285  const struct usb_ctrlrequest *);
286 static void ffs_func_suspend(struct usb_function *);
287 static void ffs_func_resume(struct usb_function *);
288 
289 
290 static int ffs_func_revmap_ep(struct ffs_function *func, u8 num);
291 static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf);
292 
293 
294 /* The endpoints structures *************************************************/
295 
296 struct ffs_ep {
297  struct usb_ep *ep; /* P: ffs->eps_lock */
298  struct usb_request *req; /* P: epfile->mutex */
299 
300  /* [0]: full speed, [1]: high speed */
301  struct usb_endpoint_descriptor *descs[2];
302 
303  u8 num;
304 
305  int status; /* P: epfile->mutex */
306 };
307 
308 struct ffs_epfile {
309  /* Protects ep->ep and ep->req. */
310  struct mutex mutex;
311  wait_queue_head_t wait;
312 
313  struct ffs_data *ffs;
314  struct ffs_ep *ep; /* P: ffs->eps_lock */
315 
316  struct dentry *dentry;
317 
318  char name[5];
319 
320  unsigned char in; /* P: ffs->eps_lock */
321  unsigned char isoc; /* P: ffs->eps_lock */
322 
323  unsigned char _pad;
324 };
325 
326 static int __must_check ffs_epfiles_create(struct ffs_data *ffs);
327 static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count);
328 
329 static struct inode *__must_check
330 ffs_sb_create_file(struct super_block *sb, const char *name, void *data,
331  const struct file_operations *fops,
332  struct dentry **dentry_p);
333 
334 
335 /* Misc helper functions ****************************************************/
336 
337 static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
338  __attribute__((warn_unused_result, nonnull));
339 static char *ffs_prepare_buffer(const char * __user buf, size_t len)
340  __attribute__((warn_unused_result, nonnull));
341 
342 
343 /* Control file aka ep0 *****************************************************/
344 
345 static void ffs_ep0_complete(struct usb_ep *ep, struct usb_request *req)
346 {
347  struct ffs_data *ffs = req->context;
348 
349  complete_all(&ffs->ep0req_completion);
350 }
351 
352 static int __ffs_ep0_queue_wait(struct ffs_data *ffs, char *data, size_t len)
353 {
354  struct usb_request *req = ffs->ep0req;
355  int ret;
356 
357  req->zero = len < le16_to_cpu(ffs->ev.setup.wLength);
358 
359  spin_unlock_irq(&ffs->ev.waitq.lock);
360 
361  req->buf = data;
362  req->length = len;
363 
364  /*
365  * UDC layer requires to provide a buffer even for ZLP, but should
366  * not use it at all. Let's provide some poisoned pointer to catch
367  * possible bug in the driver.
368  */
369  if (req->buf == NULL)
370  req->buf = (void *)0xDEADBABE;
371 
372  INIT_COMPLETION(ffs->ep0req_completion);
373 
374  ret = usb_ep_queue(ffs->gadget->ep0, req, GFP_ATOMIC);
375  if (unlikely(ret < 0))
376  return ret;
377 
378  ret = wait_for_completion_interruptible(&ffs->ep0req_completion);
379  if (unlikely(ret)) {
380  usb_ep_dequeue(ffs->gadget->ep0, req);
381  return -EINTR;
382  }
383 
384  ffs->setup_state = FFS_NO_SETUP;
385  return ffs->ep0req_status;
386 }
387 
388 static int __ffs_ep0_stall(struct ffs_data *ffs)
389 {
390  if (ffs->ev.can_stall) {
391  pr_vdebug("ep0 stall\n");
392  usb_ep_set_halt(ffs->gadget->ep0);
393  ffs->setup_state = FFS_NO_SETUP;
394  return -EL2HLT;
395  } else {
396  pr_debug("bogus ep0 stall!\n");
397  return -ESRCH;
398  }
399 }
400 
401 static ssize_t ffs_ep0_write(struct file *file, const char __user *buf,
402  size_t len, loff_t *ptr)
403 {
404  struct ffs_data *ffs = file->private_data;
405  ssize_t ret;
406  char *data;
407 
408  ENTER();
409 
410  /* Fast check if setup was canceled */
411  if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED)
412  return -EIDRM;
413 
414  /* Acquire mutex */
415  ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
416  if (unlikely(ret < 0))
417  return ret;
418 
419  /* Check state */
420  switch (ffs->state) {
421  case FFS_READ_DESCRIPTORS:
422  case FFS_READ_STRINGS:
423  /* Copy data */
424  if (unlikely(len < 16)) {
425  ret = -EINVAL;
426  break;
427  }
428 
429  data = ffs_prepare_buffer(buf, len);
430  if (IS_ERR(data)) {
431  ret = PTR_ERR(data);
432  break;
433  }
434 
435  /* Handle data */
436  if (ffs->state == FFS_READ_DESCRIPTORS) {
437  pr_info("read descriptors\n");
438  ret = __ffs_data_got_descs(ffs, data, len);
439  if (unlikely(ret < 0))
440  break;
441 
442  ffs->state = FFS_READ_STRINGS;
443  ret = len;
444  } else {
445  pr_info("read strings\n");
446  ret = __ffs_data_got_strings(ffs, data, len);
447  if (unlikely(ret < 0))
448  break;
449 
450  ret = ffs_epfiles_create(ffs);
451  if (unlikely(ret)) {
452  ffs->state = FFS_CLOSING;
453  break;
454  }
455 
456  ffs->state = FFS_ACTIVE;
457  mutex_unlock(&ffs->mutex);
458 
459  ret = functionfs_ready_callback(ffs);
460  if (unlikely(ret < 0)) {
461  ffs->state = FFS_CLOSING;
462  return ret;
463  }
464 
465  set_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags);
466  return len;
467  }
468  break;
469 
470  case FFS_ACTIVE:
471  data = NULL;
472  /*
473  * We're called from user space, we can use _irq
474  * rather then _irqsave
475  */
476  spin_lock_irq(&ffs->ev.waitq.lock);
477  switch (FFS_SETUP_STATE(ffs)) {
478  case FFS_SETUP_CANCELED:
479  ret = -EIDRM;
480  goto done_spin;
481 
482  case FFS_NO_SETUP:
483  ret = -ESRCH;
484  goto done_spin;
485 
486  case FFS_SETUP_PENDING:
487  break;
488  }
489 
490  /* FFS_SETUP_PENDING */
491  if (!(ffs->ev.setup.bRequestType & USB_DIR_IN)) {
492  spin_unlock_irq(&ffs->ev.waitq.lock);
493  ret = __ffs_ep0_stall(ffs);
494  break;
495  }
496 
497  /* FFS_SETUP_PENDING and not stall */
498  len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
499 
500  spin_unlock_irq(&ffs->ev.waitq.lock);
501 
502  data = ffs_prepare_buffer(buf, len);
503  if (IS_ERR(data)) {
504  ret = PTR_ERR(data);
505  break;
506  }
507 
508  spin_lock_irq(&ffs->ev.waitq.lock);
509 
510  /*
511  * We are guaranteed to be still in FFS_ACTIVE state
512  * but the state of setup could have changed from
513  * FFS_SETUP_PENDING to FFS_SETUP_CANCELED so we need
514  * to check for that. If that happened we copied data
515  * from user space in vain but it's unlikely.
516  *
517  * For sure we are not in FFS_NO_SETUP since this is
518  * the only place FFS_SETUP_PENDING -> FFS_NO_SETUP
519  * transition can be performed and it's protected by
520  * mutex.
521  */
522  if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED) {
523  ret = -EIDRM;
524 done_spin:
525  spin_unlock_irq(&ffs->ev.waitq.lock);
526  } else {
527  /* unlocks spinlock */
528  ret = __ffs_ep0_queue_wait(ffs, data, len);
529  }
530  kfree(data);
531  break;
532 
533  default:
534  ret = -EBADFD;
535  break;
536  }
537 
538  mutex_unlock(&ffs->mutex);
539  return ret;
540 }
541 
542 static ssize_t __ffs_ep0_read_events(struct ffs_data *ffs, char __user *buf,
543  size_t n)
544 {
545  /*
546  * We are holding ffs->ev.waitq.lock and ffs->mutex and we need
547  * to release them.
548  */
549  struct usb_functionfs_event events[n];
550  unsigned i = 0;
551 
552  memset(events, 0, sizeof events);
553 
554  do {
555  events[i].type = ffs->ev.types[i];
556  if (events[i].type == FUNCTIONFS_SETUP) {
557  events[i].u.setup = ffs->ev.setup;
558  ffs->setup_state = FFS_SETUP_PENDING;
559  }
560  } while (++i < n);
561 
562  if (n < ffs->ev.count) {
563  ffs->ev.count -= n;
564  memmove(ffs->ev.types, ffs->ev.types + n,
565  ffs->ev.count * sizeof *ffs->ev.types);
566  } else {
567  ffs->ev.count = 0;
568  }
569 
570  spin_unlock_irq(&ffs->ev.waitq.lock);
571  mutex_unlock(&ffs->mutex);
572 
573  return unlikely(__copy_to_user(buf, events, sizeof events))
574  ? -EFAULT : sizeof events;
575 }
576 
577 static ssize_t ffs_ep0_read(struct file *file, char __user *buf,
578  size_t len, loff_t *ptr)
579 {
580  struct ffs_data *ffs = file->private_data;
581  char *data = NULL;
582  size_t n;
583  int ret;
584 
585  ENTER();
586 
587  /* Fast check if setup was canceled */
588  if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED)
589  return -EIDRM;
590 
591  /* Acquire mutex */
592  ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
593  if (unlikely(ret < 0))
594  return ret;
595 
596  /* Check state */
597  if (ffs->state != FFS_ACTIVE) {
598  ret = -EBADFD;
599  goto done_mutex;
600  }
601 
602  /*
603  * We're called from user space, we can use _irq rather then
604  * _irqsave
605  */
606  spin_lock_irq(&ffs->ev.waitq.lock);
607 
608  switch (FFS_SETUP_STATE(ffs)) {
609  case FFS_SETUP_CANCELED:
610  ret = -EIDRM;
611  break;
612 
613  case FFS_NO_SETUP:
614  n = len / sizeof(struct usb_functionfs_event);
615  if (unlikely(!n)) {
616  ret = -EINVAL;
617  break;
618  }
619 
620  if ((file->f_flags & O_NONBLOCK) && !ffs->ev.count) {
621  ret = -EAGAIN;
622  break;
623  }
624 
625  if (wait_event_interruptible_exclusive_locked_irq(ffs->ev.waitq,
626  ffs->ev.count)) {
627  ret = -EINTR;
628  break;
629  }
630 
631  return __ffs_ep0_read_events(ffs, buf,
632  min(n, (size_t)ffs->ev.count));
633 
634  case FFS_SETUP_PENDING:
635  if (ffs->ev.setup.bRequestType & USB_DIR_IN) {
636  spin_unlock_irq(&ffs->ev.waitq.lock);
637  ret = __ffs_ep0_stall(ffs);
638  goto done_mutex;
639  }
640 
641  len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
642 
643  spin_unlock_irq(&ffs->ev.waitq.lock);
644 
645  if (likely(len)) {
646  data = kmalloc(len, GFP_KERNEL);
647  if (unlikely(!data)) {
648  ret = -ENOMEM;
649  goto done_mutex;
650  }
651  }
652 
653  spin_lock_irq(&ffs->ev.waitq.lock);
654 
655  /* See ffs_ep0_write() */
656  if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED) {
657  ret = -EIDRM;
658  break;
659  }
660 
661  /* unlocks spinlock */
662  ret = __ffs_ep0_queue_wait(ffs, data, len);
663  if (likely(ret > 0) && unlikely(__copy_to_user(buf, data, len)))
664  ret = -EFAULT;
665  goto done_mutex;
666 
667  default:
668  ret = -EBADFD;
669  break;
670  }
671 
672  spin_unlock_irq(&ffs->ev.waitq.lock);
673 done_mutex:
674  mutex_unlock(&ffs->mutex);
675  kfree(data);
676  return ret;
677 }
678 
679 static int ffs_ep0_open(struct inode *inode, struct file *file)
680 {
681  struct ffs_data *ffs = inode->i_private;
682 
683  ENTER();
684 
685  if (unlikely(ffs->state == FFS_CLOSING))
686  return -EBUSY;
687 
688  file->private_data = ffs;
689  ffs_data_opened(ffs);
690 
691  return 0;
692 }
693 
694 static int ffs_ep0_release(struct inode *inode, struct file *file)
695 {
696  struct ffs_data *ffs = file->private_data;
697 
698  ENTER();
699 
700  ffs_data_closed(ffs);
701 
702  return 0;
703 }
704 
705 static long ffs_ep0_ioctl(struct file *file, unsigned code, unsigned long value)
706 {
707  struct ffs_data *ffs = file->private_data;
708  struct usb_gadget *gadget = ffs->gadget;
709  long ret;
710 
711  ENTER();
712 
713  if (code == FUNCTIONFS_INTERFACE_REVMAP) {
714  struct ffs_function *func = ffs->func;
715  ret = func ? ffs_func_revmap_intf(func, value) : -ENODEV;
716  } else if (gadget && gadget->ops->ioctl) {
717  ret = gadget->ops->ioctl(gadget, code, value);
718  } else {
719  ret = -ENOTTY;
720  }
721 
722  return ret;
723 }
724 
725 static const struct file_operations ffs_ep0_operations = {
726  .owner = THIS_MODULE,
727  .llseek = no_llseek,
728 
729  .open = ffs_ep0_open,
730  .write = ffs_ep0_write,
731  .read = ffs_ep0_read,
732  .release = ffs_ep0_release,
733  .unlocked_ioctl = ffs_ep0_ioctl,
734 };
735 
736 
737 /* "Normal" endpoints operations ********************************************/
738 
739 static void ffs_epfile_io_complete(struct usb_ep *_ep, struct usb_request *req)
740 {
741  ENTER();
742  if (likely(req->context)) {
743  struct ffs_ep *ep = _ep->driver_data;
744  ep->status = req->status ? req->status : req->actual;
745  complete(req->context);
746  }
747 }
748 
749 static ssize_t ffs_epfile_io(struct file *file,
750  char __user *buf, size_t len, int read)
751 {
752  struct ffs_epfile *epfile = file->private_data;
753  struct ffs_ep *ep;
754  char *data = NULL;
755  ssize_t ret;
756  int halt;
757 
758  goto first_try;
759  do {
760  spin_unlock_irq(&epfile->ffs->eps_lock);
761  mutex_unlock(&epfile->mutex);
762 
763 first_try:
764  /* Are we still active? */
765  if (WARN_ON(epfile->ffs->state != FFS_ACTIVE)) {
766  ret = -ENODEV;
767  goto error;
768  }
769 
770  /* Wait for endpoint to be enabled */
771  ep = epfile->ep;
772  if (!ep) {
773  if (file->f_flags & O_NONBLOCK) {
774  ret = -EAGAIN;
775  goto error;
776  }
777 
778  if (wait_event_interruptible(epfile->wait,
779  (ep = epfile->ep))) {
780  ret = -EINTR;
781  goto error;
782  }
783  }
784 
785  /* Do we halt? */
786  halt = !read == !epfile->in;
787  if (halt && epfile->isoc) {
788  ret = -EINVAL;
789  goto error;
790  }
791 
792  /* Allocate & copy */
793  if (!halt && !data) {
794  data = kzalloc(len, GFP_KERNEL);
795  if (unlikely(!data))
796  return -ENOMEM;
797 
798  if (!read &&
799  unlikely(__copy_from_user(data, buf, len))) {
800  ret = -EFAULT;
801  goto error;
802  }
803  }
804 
805  /* We will be using request */
806  ret = ffs_mutex_lock(&epfile->mutex,
807  file->f_flags & O_NONBLOCK);
808  if (unlikely(ret))
809  goto error;
810 
811  /*
812  * We're called from user space, we can use _irq rather then
813  * _irqsave
814  */
815  spin_lock_irq(&epfile->ffs->eps_lock);
816 
817  /*
818  * While we were acquiring mutex endpoint got disabled
819  * or changed?
820  */
821  } while (unlikely(epfile->ep != ep));
822 
823  /* Halt */
824  if (unlikely(halt)) {
825  if (likely(epfile->ep == ep) && !WARN_ON(!ep->ep))
826  usb_ep_set_halt(ep->ep);
827  spin_unlock_irq(&epfile->ffs->eps_lock);
828  ret = -EBADMSG;
829  } else {
830  /* Fire the request */
831  DECLARE_COMPLETION_ONSTACK(done);
832 
833  struct usb_request *req = ep->req;
834  req->context = &done;
835  req->complete = ffs_epfile_io_complete;
836  req->buf = data;
837  req->length = len;
838 
839  ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
840 
841  spin_unlock_irq(&epfile->ffs->eps_lock);
842 
843  if (unlikely(ret < 0)) {
844  /* nop */
845  } else if (unlikely(wait_for_completion_interruptible(&done))) {
846  ret = -EINTR;
847  usb_ep_dequeue(ep->ep, req);
848  } else {
849  ret = ep->status;
850  if (read && ret > 0 &&
851  unlikely(copy_to_user(buf, data, ret)))
852  ret = -EFAULT;
853  }
854  }
855 
856  mutex_unlock(&epfile->mutex);
857 error:
858  kfree(data);
859  return ret;
860 }
861 
862 static ssize_t
863 ffs_epfile_write(struct file *file, const char __user *buf, size_t len,
864  loff_t *ptr)
865 {
866  ENTER();
867 
868  return ffs_epfile_io(file, (char __user *)buf, len, 0);
869 }
870 
871 static ssize_t
872 ffs_epfile_read(struct file *file, char __user *buf, size_t len, loff_t *ptr)
873 {
874  ENTER();
875 
876  return ffs_epfile_io(file, buf, len, 1);
877 }
878 
879 static int
880 ffs_epfile_open(struct inode *inode, struct file *file)
881 {
882  struct ffs_epfile *epfile = inode->i_private;
883 
884  ENTER();
885 
886  if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
887  return -ENODEV;
888 
889  file->private_data = epfile;
890  ffs_data_opened(epfile->ffs);
891 
892  return 0;
893 }
894 
895 static int
896 ffs_epfile_release(struct inode *inode, struct file *file)
897 {
898  struct ffs_epfile *epfile = inode->i_private;
899 
900  ENTER();
901 
902  ffs_data_closed(epfile->ffs);
903 
904  return 0;
905 }
906 
907 static long ffs_epfile_ioctl(struct file *file, unsigned code,
908  unsigned long value)
909 {
910  struct ffs_epfile *epfile = file->private_data;
911  int ret;
912 
913  ENTER();
914 
915  if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
916  return -ENODEV;
917 
918  spin_lock_irq(&epfile->ffs->eps_lock);
919  if (likely(epfile->ep)) {
920  switch (code) {
921  case FUNCTIONFS_FIFO_STATUS:
922  ret = usb_ep_fifo_status(epfile->ep->ep);
923  break;
924  case FUNCTIONFS_FIFO_FLUSH:
925  usb_ep_fifo_flush(epfile->ep->ep);
926  ret = 0;
927  break;
928  case FUNCTIONFS_CLEAR_HALT:
929  ret = usb_ep_clear_halt(epfile->ep->ep);
930  break;
931  case FUNCTIONFS_ENDPOINT_REVMAP:
932  ret = epfile->ep->num;
933  break;
934  default:
935  ret = -ENOTTY;
936  }
937  } else {
938  ret = -ENODEV;
939  }
940  spin_unlock_irq(&epfile->ffs->eps_lock);
941 
942  return ret;
943 }
944 
945 static const struct file_operations ffs_epfile_operations = {
946  .owner = THIS_MODULE,
947  .llseek = no_llseek,
948 
949  .open = ffs_epfile_open,
950  .write = ffs_epfile_write,
951  .read = ffs_epfile_read,
952  .release = ffs_epfile_release,
953  .unlocked_ioctl = ffs_epfile_ioctl,
954 };
955 
956 
957 /* File system and super block operations ***********************************/
958 
959 /*
960  * Mounting the file system creates a controller file, used first for
961  * function configuration then later for event monitoring.
962  */
963 
964 static struct inode *__must_check
965 ffs_sb_make_inode(struct super_block *sb, void *data,
966  const struct file_operations *fops,
967  const struct inode_operations *iops,
968  struct ffs_file_perms *perms)
969 {
970  struct inode *inode;
971 
972  ENTER();
973 
974  inode = new_inode(sb);
975 
976  if (likely(inode)) {
977  struct timespec current_time = CURRENT_TIME;
978 
979  inode->i_ino = get_next_ino();
980  inode->i_mode = perms->mode;
981  inode->i_uid = perms->uid;
982  inode->i_gid = perms->gid;
983  inode->i_atime = current_time;
984  inode->i_mtime = current_time;
985  inode->i_ctime = current_time;
986  inode->i_private = data;
987  if (fops)
988  inode->i_fop = fops;
989  if (iops)
990  inode->i_op = iops;
991  }
992 
993  return inode;
994 }
995 
996 /* Create "regular" file */
997 static struct inode *ffs_sb_create_file(struct super_block *sb,
998  const char *name, void *data,
999  const struct file_operations *fops,
1000  struct dentry **dentry_p)
1001 {
1002  struct ffs_data *ffs = sb->s_fs_info;
1003  struct dentry *dentry;
1004  struct inode *inode;
1005 
1006  ENTER();
1007 
1008  dentry = d_alloc_name(sb->s_root, name);
1009  if (unlikely(!dentry))
1010  return NULL;
1011 
1012  inode = ffs_sb_make_inode(sb, data, fops, NULL, &ffs->file_perms);
1013  if (unlikely(!inode)) {
1014  dput(dentry);
1015  return NULL;
1016  }
1017 
1018  d_add(dentry, inode);
1019  if (dentry_p)
1020  *dentry_p = dentry;
1021 
1022  return inode;
1023 }
1024 
1025 /* Super block */
1026 static const struct super_operations ffs_sb_operations = {
1027  .statfs = simple_statfs,
1028  .drop_inode = generic_delete_inode,
1029 };
1030 
1031 struct ffs_sb_fill_data {
1032  struct ffs_file_perms perms;
1033  umode_t root_mode;
1034  const char *dev_name;
1035  union {
1036  /* set by ffs_fs_mount(), read by ffs_sb_fill() */
1037  void *private_data;
1038  /* set by ffs_sb_fill(), read by ffs_fs_mount */
1039  struct ffs_data *ffs_data;
1040  };
1041 };
1042 
1043 static int ffs_sb_fill(struct super_block *sb, void *_data, int silent)
1044 {
1045  struct ffs_sb_fill_data *data = _data;
1046  struct inode *inode;
1047  struct ffs_data *ffs;
1048 
1049  ENTER();
1050 
1051  /* Initialise data */
1052  ffs = ffs_data_new();
1053  if (unlikely(!ffs))
1054  goto Enomem;
1055 
1056  ffs->sb = sb;
1057  ffs->dev_name = kstrdup(data->dev_name, GFP_KERNEL);
1058  if (unlikely(!ffs->dev_name))
1059  goto Enomem;
1060  ffs->file_perms = data->perms;
1061  ffs->private_data = data->private_data;
1062 
1063  /* used by the caller of this function */
1064  data->ffs_data = ffs;
1065 
1066  sb->s_fs_info = ffs;
1067  sb->s_blocksize = PAGE_CACHE_SIZE;
1068  sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
1069  sb->s_magic = FUNCTIONFS_MAGIC;
1070  sb->s_op = &ffs_sb_operations;
1071  sb->s_time_gran = 1;
1072 
1073  /* Root inode */
1074  data->perms.mode = data->root_mode;
1075  inode = ffs_sb_make_inode(sb, NULL,
1076  &simple_dir_operations,
1077  &simple_dir_inode_operations,
1078  &data->perms);
1079  sb->s_root = d_make_root(inode);
1080  if (unlikely(!sb->s_root))
1081  goto Enomem;
1082 
1083  /* EP0 file */
1084  if (unlikely(!ffs_sb_create_file(sb, "ep0", ffs,
1085  &ffs_ep0_operations, NULL)))
1086  goto Enomem;
1087 
1088  return 0;
1089 
1090 Enomem:
1091  return -ENOMEM;
1092 }
1093 
1094 static int ffs_fs_parse_opts(struct ffs_sb_fill_data *data, char *opts)
1095 {
1096  ENTER();
1097 
1098  if (!opts || !*opts)
1099  return 0;
1100 
1101  for (;;) {
1102  char *end, *eq, *comma;
1103  unsigned long value;
1104 
1105  /* Option limit */
1106  comma = strchr(opts, ',');
1107  if (comma)
1108  *comma = 0;
1109 
1110  /* Value limit */
1111  eq = strchr(opts, '=');
1112  if (unlikely(!eq)) {
1113  pr_err("'=' missing in %s\n", opts);
1114  return -EINVAL;
1115  }
1116  *eq = 0;
1117 
1118  /* Parse value */
1119  value = simple_strtoul(eq + 1, &end, 0);
1120  if (unlikely(*end != ',' && *end != 0)) {
1121  pr_err("%s: invalid value: %s\n", opts, eq + 1);
1122  return -EINVAL;
1123  }
1124 
1125  /* Interpret option */
1126  switch (eq - opts) {
1127  case 5:
1128  if (!memcmp(opts, "rmode", 5))
1129  data->root_mode = (value & 0555) | S_IFDIR;
1130  else if (!memcmp(opts, "fmode", 5))
1131  data->perms.mode = (value & 0666) | S_IFREG;
1132  else
1133  goto invalid;
1134  break;
1135 
1136  case 4:
1137  if (!memcmp(opts, "mode", 4)) {
1138  data->root_mode = (value & 0555) | S_IFDIR;
1139  data->perms.mode = (value & 0666) | S_IFREG;
1140  } else {
1141  goto invalid;
1142  }
1143  break;
1144 
1145  case 3:
1146  if (!memcmp(opts, "uid", 3))
1147  data->perms.uid = value;
1148  else if (!memcmp(opts, "gid", 3))
1149  data->perms.gid = value;
1150  else
1151  goto invalid;
1152  break;
1153 
1154  default:
1155 invalid:
1156  pr_err("%s: invalid option\n", opts);
1157  return -EINVAL;
1158  }
1159 
1160  /* Next iteration */
1161  if (!comma)
1162  break;
1163  opts = comma + 1;
1164  }
1165 
1166  return 0;
1167 }
1168 
1169 /* "mount -t functionfs dev_name /dev/function" ends up here */
1170 
1171 static struct dentry *
1172 ffs_fs_mount(struct file_system_type *t, int flags,
1173  const char *dev_name, void *opts)
1174 {
1175  struct ffs_sb_fill_data data = {
1176  .perms = {
1177  .mode = S_IFREG | 0600,
1178  .uid = 0,
1179  .gid = 0
1180  },
1181  .root_mode = S_IFDIR | 0500,
1182  };
1183  struct dentry *rv;
1184  int ret;
1185  void *ffs_dev;
1186 
1187  ENTER();
1188 
1189  ret = ffs_fs_parse_opts(&data, opts);
1190  if (unlikely(ret < 0))
1191  return ERR_PTR(ret);
1192 
1193  ffs_dev = functionfs_acquire_dev_callback(dev_name);
1194  if (IS_ERR(ffs_dev))
1195  return ffs_dev;
1196 
1197  data.dev_name = dev_name;
1198  data.private_data = ffs_dev;
1199  rv = mount_nodev(t, flags, &data, ffs_sb_fill);
1200 
1201  /* data.ffs_data is set by ffs_sb_fill */
1202  if (IS_ERR(rv))
1203  functionfs_release_dev_callback(data.ffs_data);
1204 
1205  return rv;
1206 }
1207 
1208 static void
1209 ffs_fs_kill_sb(struct super_block *sb)
1210 {
1211  ENTER();
1212 
1213  kill_litter_super(sb);
1214  if (sb->s_fs_info) {
1215  functionfs_release_dev_callback(sb->s_fs_info);
1216  ffs_data_put(sb->s_fs_info);
1217  }
1218 }
1219 
1220 static struct file_system_type ffs_fs_type = {
1221  .owner = THIS_MODULE,
1222  .name = "functionfs",
1223  .mount = ffs_fs_mount,
1224  .kill_sb = ffs_fs_kill_sb,
1225 };
1226 
1227 
1228 /* Driver's main init/cleanup functions *************************************/
1229 
1230 static int functionfs_init(void)
1231 {
1232  int ret;
1233 
1234  ENTER();
1235 
1236  ret = register_filesystem(&ffs_fs_type);
1237  if (likely(!ret))
1238  pr_info("file system registered\n");
1239  else
1240  pr_err("failed registering file system (%d)\n", ret);
1241 
1242  return ret;
1243 }
1244 
1245 static void functionfs_cleanup(void)
1246 {
1247  ENTER();
1248 
1249  pr_info("unloading\n");
1250  unregister_filesystem(&ffs_fs_type);
1251 }
1252 
1253 
1254 /* ffs_data and ffs_function construction and destruction code **************/
1255 
1256 static void ffs_data_clear(struct ffs_data *ffs);
1257 static void ffs_data_reset(struct ffs_data *ffs);
1258 
1259 static void ffs_data_get(struct ffs_data *ffs)
1260 {
1261  ENTER();
1262 
1263  atomic_inc(&ffs->ref);
1264 }
1265 
1266 static void ffs_data_opened(struct ffs_data *ffs)
1267 {
1268  ENTER();
1269 
1270  atomic_inc(&ffs->ref);
1271  atomic_inc(&ffs->opened);
1272 }
1273 
1274 static void ffs_data_put(struct ffs_data *ffs)
1275 {
1276  ENTER();
1277 
1278  if (unlikely(atomic_dec_and_test(&ffs->ref))) {
1279  pr_info("%s(): freeing\n", __func__);
1280  ffs_data_clear(ffs);
1281  BUG_ON(waitqueue_active(&ffs->ev.waitq) ||
1282  waitqueue_active(&ffs->ep0req_completion.wait));
1283  kfree(ffs->dev_name);
1284  kfree(ffs);
1285  }
1286 }
1287 
1288 static void ffs_data_closed(struct ffs_data *ffs)
1289 {
1290  ENTER();
1291 
1292  if (atomic_dec_and_test(&ffs->opened)) {
1293  ffs->state = FFS_CLOSING;
1294  ffs_data_reset(ffs);
1295  }
1296 
1297  ffs_data_put(ffs);
1298 }
1299 
1300 static struct ffs_data *ffs_data_new(void)
1301 {
1302  struct ffs_data *ffs = kzalloc(sizeof *ffs, GFP_KERNEL);
1303  if (unlikely(!ffs))
1304  return 0;
1305 
1306  ENTER();
1307 
1308  atomic_set(&ffs->ref, 1);
1309  atomic_set(&ffs->opened, 0);
1310  ffs->state = FFS_READ_DESCRIPTORS;
1311  mutex_init(&ffs->mutex);
1312  spin_lock_init(&ffs->eps_lock);
1313  init_waitqueue_head(&ffs->ev.waitq);
1314  init_completion(&ffs->ep0req_completion);
1315 
1316  /* XXX REVISIT need to update it in some places, or do we? */
1317  ffs->ev.can_stall = 1;
1318 
1319  return ffs;
1320 }
1321 
1322 static void ffs_data_clear(struct ffs_data *ffs)
1323 {
1324  ENTER();
1325 
1326  if (test_and_clear_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags))
1327  functionfs_closed_callback(ffs);
1328 
1329  BUG_ON(ffs->gadget);
1330 
1331  if (ffs->epfiles)
1332  ffs_epfiles_destroy(ffs->epfiles, ffs->eps_count);
1333 
1334  kfree(ffs->raw_descs);
1335  kfree(ffs->raw_strings);
1336  kfree(ffs->stringtabs);
1337 }
1338 
1339 static void ffs_data_reset(struct ffs_data *ffs)
1340 {
1341  ENTER();
1342 
1343  ffs_data_clear(ffs);
1344 
1345  ffs->epfiles = NULL;
1346  ffs->raw_descs = NULL;
1347  ffs->raw_strings = NULL;
1348  ffs->stringtabs = NULL;
1349 
1350  ffs->raw_descs_length = 0;
1351  ffs->raw_fs_descs_length = 0;
1352  ffs->fs_descs_count = 0;
1353  ffs->hs_descs_count = 0;
1354 
1355  ffs->strings_count = 0;
1356  ffs->interfaces_count = 0;
1357  ffs->eps_count = 0;
1358 
1359  ffs->ev.count = 0;
1360 
1361  ffs->state = FFS_READ_DESCRIPTORS;
1362  ffs->setup_state = FFS_NO_SETUP;
1363  ffs->flags = 0;
1364 }
1365 
1366 
1367 static int functionfs_bind(struct ffs_data *ffs, struct usb_composite_dev *cdev)
1368 {
1369  struct usb_gadget_strings **lang;
1370  int first_id;
1371 
1372  ENTER();
1373 
1374  if (WARN_ON(ffs->state != FFS_ACTIVE
1375  || test_and_set_bit(FFS_FL_BOUND, &ffs->flags)))
1376  return -EBADFD;
1377 
1378  first_id = usb_string_ids_n(cdev, ffs->strings_count);
1379  if (unlikely(first_id < 0))
1380  return first_id;
1381 
1382  ffs->ep0req = usb_ep_alloc_request(cdev->gadget->ep0, GFP_KERNEL);
1383  if (unlikely(!ffs->ep0req))
1384  return -ENOMEM;
1385  ffs->ep0req->complete = ffs_ep0_complete;
1386  ffs->ep0req->context = ffs;
1387 
1388  lang = ffs->stringtabs;
1389  for (lang = ffs->stringtabs; *lang; ++lang) {
1390  struct usb_string *str = (*lang)->strings;
1391  int id = first_id;
1392  for (; str->s; ++id, ++str)
1393  str->id = id;
1394  }
1395 
1396  ffs->gadget = cdev->gadget;
1397  ffs_data_get(ffs);
1398  return 0;
1399 }
1400 
1401 static void functionfs_unbind(struct ffs_data *ffs)
1402 {
1403  ENTER();
1404 
1405  if (!WARN_ON(!ffs->gadget)) {
1406  usb_ep_free_request(ffs->gadget->ep0, ffs->ep0req);
1407  ffs->ep0req = NULL;
1408  ffs->gadget = NULL;
1409  ffs_data_put(ffs);
1410  clear_bit(FFS_FL_BOUND, &ffs->flags);
1411  }
1412 }
1413 
1414 static int ffs_epfiles_create(struct ffs_data *ffs)
1415 {
1416  struct ffs_epfile *epfile, *epfiles;
1417  unsigned i, count;
1418 
1419  ENTER();
1420 
1421  count = ffs->eps_count;
1422  epfiles = kcalloc(count, sizeof(*epfiles), GFP_KERNEL);
1423  if (!epfiles)
1424  return -ENOMEM;
1425 
1426  epfile = epfiles;
1427  for (i = 1; i <= count; ++i, ++epfile) {
1428  epfile->ffs = ffs;
1429  mutex_init(&epfile->mutex);
1430  init_waitqueue_head(&epfile->wait);
1431  sprintf(epfiles->name, "ep%u", i);
1432  if (!unlikely(ffs_sb_create_file(ffs->sb, epfiles->name, epfile,
1433  &ffs_epfile_operations,
1434  &epfile->dentry))) {
1435  ffs_epfiles_destroy(epfiles, i - 1);
1436  return -ENOMEM;
1437  }
1438  }
1439 
1440  ffs->epfiles = epfiles;
1441  return 0;
1442 }
1443 
1444 static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count)
1445 {
1446  struct ffs_epfile *epfile = epfiles;
1447 
1448  ENTER();
1449 
1450  for (; count; --count, ++epfile) {
1451  BUG_ON(mutex_is_locked(&epfile->mutex) ||
1452  waitqueue_active(&epfile->wait));
1453  if (epfile->dentry) {
1454  d_delete(epfile->dentry);
1455  dput(epfile->dentry);
1456  epfile->dentry = NULL;
1457  }
1458  }
1459 
1460  kfree(epfiles);
1461 }
1462 
1463 static int functionfs_bind_config(struct usb_composite_dev *cdev,
1464  struct usb_configuration *c,
1465  struct ffs_data *ffs)
1466 {
1467  struct ffs_function *func;
1468  int ret;
1469 
1470  ENTER();
1471 
1472  func = kzalloc(sizeof *func, GFP_KERNEL);
1473  if (unlikely(!func))
1474  return -ENOMEM;
1475 
1476  func->function.name = "Function FS Gadget";
1477  func->function.strings = ffs->stringtabs;
1478 
1479  func->function.bind = ffs_func_bind;
1480  func->function.unbind = ffs_func_unbind;
1481  func->function.set_alt = ffs_func_set_alt;
1482  func->function.disable = ffs_func_disable;
1483  func->function.setup = ffs_func_setup;
1484  func->function.suspend = ffs_func_suspend;
1485  func->function.resume = ffs_func_resume;
1486 
1487  func->conf = c;
1488  func->gadget = cdev->gadget;
1489  func->ffs = ffs;
1490  ffs_data_get(ffs);
1491 
1492  ret = usb_add_function(c, &func->function);
1493  if (unlikely(ret))
1494  ffs_func_free(func);
1495 
1496  return ret;
1497 }
1498 
1499 static void ffs_func_free(struct ffs_function *func)
1500 {
1501  struct ffs_ep *ep = func->eps;
1502  unsigned count = func->ffs->eps_count;
1503  unsigned long flags;
1504 
1505  ENTER();
1506 
1507  /* cleanup after autoconfig */
1508  spin_lock_irqsave(&func->ffs->eps_lock, flags);
1509  do {
1510  if (ep->ep && ep->req)
1511  usb_ep_free_request(ep->ep, ep->req);
1512  ep->req = NULL;
1513  ++ep;
1514  } while (--count);
1515  spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1516 
1517  ffs_data_put(func->ffs);
1518 
1519  kfree(func->eps);
1520  /*
1521  * eps and interfaces_nums are allocated in the same chunk so
1522  * only one free is required. Descriptors are also allocated
1523  * in the same chunk.
1524  */
1525 
1526  kfree(func);
1527 }
1528 
1529 static void ffs_func_eps_disable(struct ffs_function *func)
1530 {
1531  struct ffs_ep *ep = func->eps;
1532  struct ffs_epfile *epfile = func->ffs->epfiles;
1533  unsigned count = func->ffs->eps_count;
1534  unsigned long flags;
1535 
1536  spin_lock_irqsave(&func->ffs->eps_lock, flags);
1537  do {
1538  /* pending requests get nuked */
1539  if (likely(ep->ep))
1540  usb_ep_disable(ep->ep);
1541  epfile->ep = NULL;
1542 
1543  ++ep;
1544  ++epfile;
1545  } while (--count);
1546  spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1547 }
1548 
1549 static int ffs_func_eps_enable(struct ffs_function *func)
1550 {
1551  struct ffs_data *ffs = func->ffs;
1552  struct ffs_ep *ep = func->eps;
1553  struct ffs_epfile *epfile = ffs->epfiles;
1554  unsigned count = ffs->eps_count;
1555  unsigned long flags;
1556  int ret = 0;
1557 
1558  spin_lock_irqsave(&func->ffs->eps_lock, flags);
1559  do {
1560  struct usb_endpoint_descriptor *ds;
1561  ds = ep->descs[ep->descs[1] ? 1 : 0];
1562 
1563  ep->ep->driver_data = ep;
1564  ep->ep->desc = ds;
1565  ret = usb_ep_enable(ep->ep);
1566  if (likely(!ret)) {
1567  epfile->ep = ep;
1568  epfile->in = usb_endpoint_dir_in(ds);
1569  epfile->isoc = usb_endpoint_xfer_isoc(ds);
1570  } else {
1571  break;
1572  }
1573 
1574  wake_up(&epfile->wait);
1575 
1576  ++ep;
1577  ++epfile;
1578  } while (--count);
1579  spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1580 
1581  return ret;
1582 }
1583 
1584 
1585 /* Parsing and building descriptors and strings *****************************/
1586 
1587 /*
1588  * This validates if data pointed by data is a valid USB descriptor as
1589  * well as record how many interfaces, endpoints and strings are
1590  * required by given configuration. Returns address after the
1591  * descriptor or NULL if data is invalid.
1592  */
1593 
1594 enum ffs_entity_type {
1595  FFS_DESCRIPTOR, FFS_INTERFACE, FFS_STRING, FFS_ENDPOINT
1596 };
1597 
1598 typedef int (*ffs_entity_callback)(enum ffs_entity_type entity,
1599  u8 *valuep,
1600  struct usb_descriptor_header *desc,
1601  void *priv);
1602 
1603 static int __must_check ffs_do_desc(char *data, unsigned len,
1604  ffs_entity_callback entity, void *priv)
1605 {
1606  struct usb_descriptor_header *_ds = (void *)data;
1607  u8 length;
1608  int ret;
1609 
1610  ENTER();
1611 
1612  /* At least two bytes are required: length and type */
1613  if (len < 2) {
1614  pr_vdebug("descriptor too short\n");
1615  return -EINVAL;
1616  }
1617 
1618  /* If we have at least as many bytes as the descriptor takes? */
1619  length = _ds->bLength;
1620  if (len < length) {
1621  pr_vdebug("descriptor longer then available data\n");
1622  return -EINVAL;
1623  }
1624 
1625 #define __entity_check_INTERFACE(val) 1
1626 #define __entity_check_STRING(val) (val)
1627 #define __entity_check_ENDPOINT(val) ((val) & USB_ENDPOINT_NUMBER_MASK)
1628 #define __entity(type, val) do { \
1629  pr_vdebug("entity " #type "(%02x)\n", (val)); \
1630  if (unlikely(!__entity_check_ ##type(val))) { \
1631  pr_vdebug("invalid entity's value\n"); \
1632  return -EINVAL; \
1633  } \
1634  ret = entity(FFS_ ##type, &val, _ds, priv); \
1635  if (unlikely(ret < 0)) { \
1636  pr_debug("entity " #type "(%02x); ret = %d\n", \
1637  (val), ret); \
1638  return ret; \
1639  } \
1640  } while (0)
1641 
1642  /* Parse descriptor depending on type. */
1643  switch (_ds->bDescriptorType) {
1644  case USB_DT_DEVICE:
1645  case USB_DT_CONFIG:
1646  case USB_DT_STRING:
1647  case USB_DT_DEVICE_QUALIFIER:
1648  /* function can't have any of those */
1649  pr_vdebug("descriptor reserved for gadget: %d\n",
1650  _ds->bDescriptorType);
1651  return -EINVAL;
1652 
1653  case USB_DT_INTERFACE: {
1654  struct usb_interface_descriptor *ds = (void *)_ds;
1655  pr_vdebug("interface descriptor\n");
1656  if (length != sizeof *ds)
1657  goto inv_length;
1658 
1659  __entity(INTERFACE, ds->bInterfaceNumber);
1660  if (ds->iInterface)
1661  __entity(STRING, ds->iInterface);
1662  }
1663  break;
1664 
1665  case USB_DT_ENDPOINT: {
1666  struct usb_endpoint_descriptor *ds = (void *)_ds;
1667  pr_vdebug("endpoint descriptor\n");
1668  if (length != USB_DT_ENDPOINT_SIZE &&
1669  length != USB_DT_ENDPOINT_AUDIO_SIZE)
1670  goto inv_length;
1671  __entity(ENDPOINT, ds->bEndpointAddress);
1672  }
1673  break;
1674 
1675  case HID_DT_HID:
1676  pr_vdebug("hid descriptor\n");
1677  if (length != sizeof(struct hid_descriptor))
1678  goto inv_length;
1679  break;
1680 
1681  case USB_DT_OTG:
1682  if (length != sizeof(struct usb_otg_descriptor))
1683  goto inv_length;
1684  break;
1685 
1686  case USB_DT_INTERFACE_ASSOCIATION: {
1687  struct usb_interface_assoc_descriptor *ds = (void *)_ds;
1688  pr_vdebug("interface association descriptor\n");
1689  if (length != sizeof *ds)
1690  goto inv_length;
1691  if (ds->iFunction)
1692  __entity(STRING, ds->iFunction);
1693  }
1694  break;
1695 
1696  case USB_DT_OTHER_SPEED_CONFIG:
1697  case USB_DT_INTERFACE_POWER:
1698  case USB_DT_DEBUG:
1699  case USB_DT_SECURITY:
1700  case USB_DT_CS_RADIO_CONTROL:
1701  /* TODO */
1702  pr_vdebug("unimplemented descriptor: %d\n", _ds->bDescriptorType);
1703  return -EINVAL;
1704 
1705  default:
1706  /* We should never be here */
1707  pr_vdebug("unknown descriptor: %d\n", _ds->bDescriptorType);
1708  return -EINVAL;
1709 
1710 inv_length:
1711  pr_vdebug("invalid length: %d (descriptor %d)\n",
1712  _ds->bLength, _ds->bDescriptorType);
1713  return -EINVAL;
1714  }
1715 
1716 #undef __entity
1717 #undef __entity_check_DESCRIPTOR
1718 #undef __entity_check_INTERFACE
1719 #undef __entity_check_STRING
1720 #undef __entity_check_ENDPOINT
1721 
1722  return length;
1723 }
1724 
1725 static int __must_check ffs_do_descs(unsigned count, char *data, unsigned len,
1726  ffs_entity_callback entity, void *priv)
1727 {
1728  const unsigned _len = len;
1729  unsigned long num = 0;
1730 
1731  ENTER();
1732 
1733  for (;;) {
1734  int ret;
1735 
1736  if (num == count)
1737  data = NULL;
1738 
1739  /* Record "descriptor" entity */
1740  ret = entity(FFS_DESCRIPTOR, (u8 *)num, (void *)data, priv);
1741  if (unlikely(ret < 0)) {
1742  pr_debug("entity DESCRIPTOR(%02lx); ret = %d\n",
1743  num, ret);
1744  return ret;
1745  }
1746 
1747  if (!data)
1748  return _len - len;
1749 
1750  ret = ffs_do_desc(data, len, entity, priv);
1751  if (unlikely(ret < 0)) {
1752  pr_debug("%s returns %d\n", __func__, ret);
1753  return ret;
1754  }
1755 
1756  len -= ret;
1757  data += ret;
1758  ++num;
1759  }
1760 }
1761 
1762 static int __ffs_data_do_entity(enum ffs_entity_type type,
1763  u8 *valuep, struct usb_descriptor_header *desc,
1764  void *priv)
1765 {
1766  struct ffs_data *ffs = priv;
1767 
1768  ENTER();
1769 
1770  switch (type) {
1771  case FFS_DESCRIPTOR:
1772  break;
1773 
1774  case FFS_INTERFACE:
1775  /*
1776  * Interfaces are indexed from zero so if we
1777  * encountered interface "n" then there are at least
1778  * "n+1" interfaces.
1779  */
1780  if (*valuep >= ffs->interfaces_count)
1781  ffs->interfaces_count = *valuep + 1;
1782  break;
1783 
1784  case FFS_STRING:
1785  /*
1786  * Strings are indexed from 1 (0 is magic ;) reserved
1787  * for languages list or some such)
1788  */
1789  if (*valuep > ffs->strings_count)
1790  ffs->strings_count = *valuep;
1791  break;
1792 
1793  case FFS_ENDPOINT:
1794  /* Endpoints are indexed from 1 as well. */
1795  if ((*valuep & USB_ENDPOINT_NUMBER_MASK) > ffs->eps_count)
1796  ffs->eps_count = (*valuep & USB_ENDPOINT_NUMBER_MASK);
1797  break;
1798  }
1799 
1800  return 0;
1801 }
1802 
1803 static int __ffs_data_got_descs(struct ffs_data *ffs,
1804  char *const _data, size_t len)
1805 {
1806  unsigned fs_count, hs_count;
1807  int fs_len, ret = -EINVAL;
1808  char *data = _data;
1809 
1810  ENTER();
1811 
1812  if (unlikely(get_unaligned_le32(data) != FUNCTIONFS_DESCRIPTORS_MAGIC ||
1813  get_unaligned_le32(data + 4) != len))
1814  goto error;
1815  fs_count = get_unaligned_le32(data + 8);
1816  hs_count = get_unaligned_le32(data + 12);
1817 
1818  if (!fs_count && !hs_count)
1819  goto einval;
1820 
1821  data += 16;
1822  len -= 16;
1823 
1824  if (likely(fs_count)) {
1825  fs_len = ffs_do_descs(fs_count, data, len,
1826  __ffs_data_do_entity, ffs);
1827  if (unlikely(fs_len < 0)) {
1828  ret = fs_len;
1829  goto error;
1830  }
1831 
1832  data += fs_len;
1833  len -= fs_len;
1834  } else {
1835  fs_len = 0;
1836  }
1837 
1838  if (likely(hs_count)) {
1839  ret = ffs_do_descs(hs_count, data, len,
1840  __ffs_data_do_entity, ffs);
1841  if (unlikely(ret < 0))
1842  goto error;
1843  } else {
1844  ret = 0;
1845  }
1846 
1847  if (unlikely(len != ret))
1848  goto einval;
1849 
1850  ffs->raw_fs_descs_length = fs_len;
1851  ffs->raw_descs_length = fs_len + ret;
1852  ffs->raw_descs = _data;
1853  ffs->fs_descs_count = fs_count;
1854  ffs->hs_descs_count = hs_count;
1855 
1856  return 0;
1857 
1858 einval:
1859  ret = -EINVAL;
1860 error:
1861  kfree(_data);
1862  return ret;
1863 }
1864 
1865 static int __ffs_data_got_strings(struct ffs_data *ffs,
1866  char *const _data, size_t len)
1867 {
1868  u32 str_count, needed_count, lang_count;
1869  struct usb_gadget_strings **stringtabs, *t;
1870  struct usb_string *strings, *s;
1871  const char *data = _data;
1872 
1873  ENTER();
1874 
1875  if (unlikely(get_unaligned_le32(data) != FUNCTIONFS_STRINGS_MAGIC ||
1876  get_unaligned_le32(data + 4) != len))
1877  goto error;
1878  str_count = get_unaligned_le32(data + 8);
1879  lang_count = get_unaligned_le32(data + 12);
1880 
1881  /* if one is zero the other must be zero */
1882  if (unlikely(!str_count != !lang_count))
1883  goto error;
1884 
1885  /* Do we have at least as many strings as descriptors need? */
1886  needed_count = ffs->strings_count;
1887  if (unlikely(str_count < needed_count))
1888  goto error;
1889 
1890  /*
1891  * If we don't need any strings just return and free all
1892  * memory.
1893  */
1894  if (!needed_count) {
1895  kfree(_data);
1896  return 0;
1897  }
1898 
1899  /* Allocate everything in one chunk so there's less maintenance. */
1900  {
1901  struct {
1902  struct usb_gadget_strings *stringtabs[lang_count + 1];
1903  struct usb_gadget_strings stringtab[lang_count];
1904  struct usb_string strings[lang_count*(needed_count+1)];
1905  } *d;
1906  unsigned i = 0;
1907 
1908  d = kmalloc(sizeof *d, GFP_KERNEL);
1909  if (unlikely(!d)) {
1910  kfree(_data);
1911  return -ENOMEM;
1912  }
1913 
1914  stringtabs = d->stringtabs;
1915  t = d->stringtab;
1916  i = lang_count;
1917  do {
1918  *stringtabs++ = t++;
1919  } while (--i);
1920  *stringtabs = NULL;
1921 
1922  stringtabs = d->stringtabs;
1923  t = d->stringtab;
1924  s = d->strings;
1925  strings = s;
1926  }
1927 
1928  /* For each language */
1929  data += 16;
1930  len -= 16;
1931 
1932  do { /* lang_count > 0 so we can use do-while */
1933  unsigned needed = needed_count;
1934 
1935  if (unlikely(len < 3))
1936  goto error_free;
1937  t->language = get_unaligned_le16(data);
1938  t->strings = s;
1939  ++t;
1940 
1941  data += 2;
1942  len -= 2;
1943 
1944  /* For each string */
1945  do { /* str_count > 0 so we can use do-while */
1946  size_t length = strnlen(data, len);
1947 
1948  if (unlikely(length == len))
1949  goto error_free;
1950 
1951  /*
1952  * User may provide more strings then we need,
1953  * if that's the case we simply ignore the
1954  * rest
1955  */
1956  if (likely(needed)) {
1957  /*
1958  * s->id will be set while adding
1959  * function to configuration so for
1960  * now just leave garbage here.
1961  */
1962  s->s = data;
1963  --needed;
1964  ++s;
1965  }
1966 
1967  data += length + 1;
1968  len -= length + 1;
1969  } while (--str_count);
1970 
1971  s->id = 0; /* terminator */
1972  s->s = NULL;
1973  ++s;
1974 
1975  } while (--lang_count);
1976 
1977  /* Some garbage left? */
1978  if (unlikely(len))
1979  goto error_free;
1980 
1981  /* Done! */
1982  ffs->stringtabs = stringtabs;
1983  ffs->raw_strings = _data;
1984 
1985  return 0;
1986 
1987 error_free:
1988  kfree(stringtabs);
1989 error:
1990  kfree(_data);
1991  return -EINVAL;
1992 }
1993 
1994 
1995 /* Events handling and management *******************************************/
1996 
1997 static void __ffs_event_add(struct ffs_data *ffs,
1998  enum usb_functionfs_event_type type)
1999 {
2000  enum usb_functionfs_event_type rem_type1, rem_type2 = type;
2001  int neg = 0;
2002 
2003  /*
2004  * Abort any unhandled setup
2005  *
2006  * We do not need to worry about some cmpxchg() changing value
2007  * of ffs->setup_state without holding the lock because when
2008  * state is FFS_SETUP_PENDING cmpxchg() in several places in
2009  * the source does nothing.
2010  */
2011  if (ffs->setup_state == FFS_SETUP_PENDING)
2012  ffs->setup_state = FFS_SETUP_CANCELED;
2013 
2014  switch (type) {
2015  case FUNCTIONFS_RESUME:
2016  rem_type2 = FUNCTIONFS_SUSPEND;
2017  /* FALL THROUGH */
2018  case FUNCTIONFS_SUSPEND:
2019  case FUNCTIONFS_SETUP:
2020  rem_type1 = type;
2021  /* Discard all similar events */
2022  break;
2023 
2024  case FUNCTIONFS_BIND:
2025  case FUNCTIONFS_UNBIND:
2026  case FUNCTIONFS_DISABLE:
2027  case FUNCTIONFS_ENABLE:
2028  /* Discard everything other then power management. */
2029  rem_type1 = FUNCTIONFS_SUSPEND;
2030  rem_type2 = FUNCTIONFS_RESUME;
2031  neg = 1;
2032  break;
2033 
2034  default:
2035  BUG();
2036  }
2037 
2038  {
2039  u8 *ev = ffs->ev.types, *out = ev;
2040  unsigned n = ffs->ev.count;
2041  for (; n; --n, ++ev)
2042  if ((*ev == rem_type1 || *ev == rem_type2) == neg)
2043  *out++ = *ev;
2044  else
2045  pr_vdebug("purging event %d\n", *ev);
2046  ffs->ev.count = out - ffs->ev.types;
2047  }
2048 
2049  pr_vdebug("adding event %d\n", type);
2050  ffs->ev.types[ffs->ev.count++] = type;
2051  wake_up_locked(&ffs->ev.waitq);
2052 }
2053 
2054 static void ffs_event_add(struct ffs_data *ffs,
2055  enum usb_functionfs_event_type type)
2056 {
2057  unsigned long flags;
2058  spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
2059  __ffs_event_add(ffs, type);
2060  spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
2061 }
2062 
2063 
2064 /* Bind/unbind USB function hooks *******************************************/
2065 
2066 static int __ffs_func_bind_do_descs(enum ffs_entity_type type, u8 *valuep,
2067  struct usb_descriptor_header *desc,
2068  void *priv)
2069 {
2070  struct usb_endpoint_descriptor *ds = (void *)desc;
2071  struct ffs_function *func = priv;
2072  struct ffs_ep *ffs_ep;
2073 
2074  /*
2075  * If hs_descriptors is not NULL then we are reading hs
2076  * descriptors now
2077  */
2078  const int isHS = func->function.hs_descriptors != NULL;
2079  unsigned idx;
2080 
2081  if (type != FFS_DESCRIPTOR)
2082  return 0;
2083 
2084  if (isHS)
2085  func->function.hs_descriptors[(long)valuep] = desc;
2086  else
2087  func->function.descriptors[(long)valuep] = desc;
2088 
2089  if (!desc || desc->bDescriptorType != USB_DT_ENDPOINT)
2090  return 0;
2091 
2092  idx = (ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK) - 1;
2093  ffs_ep = func->eps + idx;
2094 
2095  if (unlikely(ffs_ep->descs[isHS])) {
2096  pr_vdebug("two %sspeed descriptors for EP %d\n",
2097  isHS ? "high" : "full",
2098  ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
2099  return -EINVAL;
2100  }
2101  ffs_ep->descs[isHS] = ds;
2102 
2103  ffs_dump_mem(": Original ep desc", ds, ds->bLength);
2104  if (ffs_ep->ep) {
2105  ds->bEndpointAddress = ffs_ep->descs[0]->bEndpointAddress;
2106  if (!ds->wMaxPacketSize)
2107  ds->wMaxPacketSize = ffs_ep->descs[0]->wMaxPacketSize;
2108  } else {
2109  struct usb_request *req;
2110  struct usb_ep *ep;
2111 
2112  pr_vdebug("autoconfig\n");
2113  ep = usb_ep_autoconfig(func->gadget, ds);
2114  if (unlikely(!ep))
2115  return -ENOTSUPP;
2116  ep->driver_data = func->eps + idx;
2117 
2118  req = usb_ep_alloc_request(ep, GFP_KERNEL);
2119  if (unlikely(!req))
2120  return -ENOMEM;
2121 
2122  ffs_ep->ep = ep;
2123  ffs_ep->req = req;
2124  func->eps_revmap[ds->bEndpointAddress &
2125  USB_ENDPOINT_NUMBER_MASK] = idx + 1;
2126  }
2127  ffs_dump_mem(": Rewritten ep desc", ds, ds->bLength);
2128 
2129  return 0;
2130 }
2131 
2132 static int __ffs_func_bind_do_nums(enum ffs_entity_type type, u8 *valuep,
2133  struct usb_descriptor_header *desc,
2134  void *priv)
2135 {
2136  struct ffs_function *func = priv;
2137  unsigned idx;
2138  u8 newValue;
2139 
2140  switch (type) {
2141  default:
2142  case FFS_DESCRIPTOR:
2143  /* Handled in previous pass by __ffs_func_bind_do_descs() */
2144  return 0;
2145 
2146  case FFS_INTERFACE:
2147  idx = *valuep;
2148  if (func->interfaces_nums[idx] < 0) {
2149  int id = usb_interface_id(func->conf, &func->function);
2150  if (unlikely(id < 0))
2151  return id;
2152  func->interfaces_nums[idx] = id;
2153  }
2154  newValue = func->interfaces_nums[idx];
2155  break;
2156 
2157  case FFS_STRING:
2158  /* String' IDs are allocated when fsf_data is bound to cdev */
2159  newValue = func->ffs->stringtabs[0]->strings[*valuep - 1].id;
2160  break;
2161 
2162  case FFS_ENDPOINT:
2163  /*
2164  * USB_DT_ENDPOINT are handled in
2165  * __ffs_func_bind_do_descs().
2166  */
2167  if (desc->bDescriptorType == USB_DT_ENDPOINT)
2168  return 0;
2169 
2170  idx = (*valuep & USB_ENDPOINT_NUMBER_MASK) - 1;
2171  if (unlikely(!func->eps[idx].ep))
2172  return -EINVAL;
2173 
2174  {
2175  struct usb_endpoint_descriptor **descs;
2176  descs = func->eps[idx].descs;
2177  newValue = descs[descs[0] ? 0 : 1]->bEndpointAddress;
2178  }
2179  break;
2180  }
2181 
2182  pr_vdebug("%02x -> %02x\n", *valuep, newValue);
2183  *valuep = newValue;
2184  return 0;
2185 }
2186 
2187 static int ffs_func_bind(struct usb_configuration *c,
2188  struct usb_function *f)
2189 {
2190  struct ffs_function *func = ffs_func_from_usb(f);
2191  struct ffs_data *ffs = func->ffs;
2192 
2193  const int full = !!func->ffs->fs_descs_count;
2194  const int high = gadget_is_dualspeed(func->gadget) &&
2195  func->ffs->hs_descs_count;
2196 
2197  int ret;
2198 
2199  /* Make it a single chunk, less management later on */
2200  struct {
2201  struct ffs_ep eps[ffs->eps_count];
2202  struct usb_descriptor_header
2203  *fs_descs[full ? ffs->fs_descs_count + 1 : 0];
2204  struct usb_descriptor_header
2205  *hs_descs[high ? ffs->hs_descs_count + 1 : 0];
2206  short inums[ffs->interfaces_count];
2207  char raw_descs[high ? ffs->raw_descs_length
2208  : ffs->raw_fs_descs_length];
2209  } *data;
2210 
2211  ENTER();
2212 
2213  /* Only high speed but not supported by gadget? */
2214  if (unlikely(!(full | high)))
2215  return -ENOTSUPP;
2216 
2217  /* Allocate */
2218  data = kmalloc(sizeof *data, GFP_KERNEL);
2219  if (unlikely(!data))
2220  return -ENOMEM;
2221 
2222  /* Zero */
2223  memset(data->eps, 0, sizeof data->eps);
2224  memcpy(data->raw_descs, ffs->raw_descs + 16, sizeof data->raw_descs);
2225  memset(data->inums, 0xff, sizeof data->inums);
2226  for (ret = ffs->eps_count; ret; --ret)
2227  data->eps[ret].num = -1;
2228 
2229  /* Save pointers */
2230  func->eps = data->eps;
2231  func->interfaces_nums = data->inums;
2232 
2233  /*
2234  * Go through all the endpoint descriptors and allocate
2235  * endpoints first, so that later we can rewrite the endpoint
2236  * numbers without worrying that it may be described later on.
2237  */
2238  if (likely(full)) {
2239  func->function.descriptors = data->fs_descs;
2240  ret = ffs_do_descs(ffs->fs_descs_count,
2241  data->raw_descs,
2242  sizeof data->raw_descs,
2243  __ffs_func_bind_do_descs, func);
2244  if (unlikely(ret < 0))
2245  goto error;
2246  } else {
2247  ret = 0;
2248  }
2249 
2250  if (likely(high)) {
2251  func->function.hs_descriptors = data->hs_descs;
2252  ret = ffs_do_descs(ffs->hs_descs_count,
2253  data->raw_descs + ret,
2254  (sizeof data->raw_descs) - ret,
2255  __ffs_func_bind_do_descs, func);
2256  }
2257 
2258  /*
2259  * Now handle interface numbers allocation and interface and
2260  * endpoint numbers rewriting. We can do that in one go
2261  * now.
2262  */
2263  ret = ffs_do_descs(ffs->fs_descs_count +
2264  (high ? ffs->hs_descs_count : 0),
2265  data->raw_descs, sizeof data->raw_descs,
2266  __ffs_func_bind_do_nums, func);
2267  if (unlikely(ret < 0))
2268  goto error;
2269 
2270  /* And we're done */
2271  ffs_event_add(ffs, FUNCTIONFS_BIND);
2272  return 0;
2273 
2274 error:
2275  /* XXX Do we need to release all claimed endpoints here? */
2276  return ret;
2277 }
2278 
2279 
2280 /* Other USB function hooks *************************************************/
2281 
2282 static void ffs_func_unbind(struct usb_configuration *c,
2283  struct usb_function *f)
2284 {
2285  struct ffs_function *func = ffs_func_from_usb(f);
2286  struct ffs_data *ffs = func->ffs;
2287 
2288  ENTER();
2289 
2290  if (ffs->func == func) {
2291  ffs_func_eps_disable(func);
2292  ffs->func = NULL;
2293  }
2294 
2295  ffs_event_add(ffs, FUNCTIONFS_UNBIND);
2296 
2297  ffs_func_free(func);
2298 }
2299 
2300 static int ffs_func_set_alt(struct usb_function *f,
2301  unsigned interface, unsigned alt)
2302 {
2303  struct ffs_function *func = ffs_func_from_usb(f);
2304  struct ffs_data *ffs = func->ffs;
2305  int ret = 0, intf;
2306 
2307  if (alt != (unsigned)-1) {
2308  intf = ffs_func_revmap_intf(func, interface);
2309  if (unlikely(intf < 0))
2310  return intf;
2311  }
2312 
2313  if (ffs->func)
2314  ffs_func_eps_disable(ffs->func);
2315 
2316  if (ffs->state != FFS_ACTIVE)
2317  return -ENODEV;
2318 
2319  if (alt == (unsigned)-1) {
2320  ffs->func = NULL;
2321  ffs_event_add(ffs, FUNCTIONFS_DISABLE);
2322  return 0;
2323  }
2324 
2325  ffs->func = func;
2326  ret = ffs_func_eps_enable(func);
2327  if (likely(ret >= 0))
2328  ffs_event_add(ffs, FUNCTIONFS_ENABLE);
2329  return ret;
2330 }
2331 
2332 static void ffs_func_disable(struct usb_function *f)
2333 {
2334  ffs_func_set_alt(f, 0, (unsigned)-1);
2335 }
2336 
2337 static int ffs_func_setup(struct usb_function *f,
2338  const struct usb_ctrlrequest *creq)
2339 {
2340  struct ffs_function *func = ffs_func_from_usb(f);
2341  struct ffs_data *ffs = func->ffs;
2342  unsigned long flags;
2343  int ret;
2344 
2345  ENTER();
2346 
2347  pr_vdebug("creq->bRequestType = %02x\n", creq->bRequestType);
2348  pr_vdebug("creq->bRequest = %02x\n", creq->bRequest);
2349  pr_vdebug("creq->wValue = %04x\n", le16_to_cpu(creq->wValue));
2350  pr_vdebug("creq->wIndex = %04x\n", le16_to_cpu(creq->wIndex));
2351  pr_vdebug("creq->wLength = %04x\n", le16_to_cpu(creq->wLength));
2352 
2353  /*
2354  * Most requests directed to interface go through here
2355  * (notable exceptions are set/get interface) so we need to
2356  * handle them. All other either handled by composite or
2357  * passed to usb_configuration->setup() (if one is set). No
2358  * matter, we will handle requests directed to endpoint here
2359  * as well (as it's straightforward) but what to do with any
2360  * other request?
2361  */
2362  if (ffs->state != FFS_ACTIVE)
2363  return -ENODEV;
2364 
2365  switch (creq->bRequestType & USB_RECIP_MASK) {
2366  case USB_RECIP_INTERFACE:
2367  ret = ffs_func_revmap_intf(func, le16_to_cpu(creq->wIndex));
2368  if (unlikely(ret < 0))
2369  return ret;
2370  break;
2371 
2372  case USB_RECIP_ENDPOINT:
2373  ret = ffs_func_revmap_ep(func, le16_to_cpu(creq->wIndex));
2374  if (unlikely(ret < 0))
2375  return ret;
2376  break;
2377 
2378  default:
2379  return -EOPNOTSUPP;
2380  }
2381 
2382  spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
2383  ffs->ev.setup = *creq;
2384  ffs->ev.setup.wIndex = cpu_to_le16(ret);
2385  __ffs_event_add(ffs, FUNCTIONFS_SETUP);
2386  spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
2387 
2388  return 0;
2389 }
2390 
2391 static void ffs_func_suspend(struct usb_function *f)
2392 {
2393  ENTER();
2394  ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_SUSPEND);
2395 }
2396 
2397 static void ffs_func_resume(struct usb_function *f)
2398 {
2399  ENTER();
2400  ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_RESUME);
2401 }
2402 
2403 
2404 /* Endpoint and interface numbers reverse mapping ***************************/
2405 
2406 static int ffs_func_revmap_ep(struct ffs_function *func, u8 num)
2407 {
2408  num = func->eps_revmap[num & USB_ENDPOINT_NUMBER_MASK];
2409  return num ? num : -EDOM;
2410 }
2411 
2412 static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf)
2413 {
2414  short *nums = func->interfaces_nums;
2415  unsigned count = func->ffs->interfaces_count;
2416 
2417  for (; count; --count, ++nums) {
2418  if (*nums >= 0 && *nums == intf)
2419  return nums - func->interfaces_nums;
2420  }
2421 
2422  return -EDOM;
2423 }
2424 
2425 
2426 /* Misc helper functions ****************************************************/
2427 
2428 static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
2429 {
2430  return nonblock
2431  ? likely(mutex_trylock(mutex)) ? 0 : -EAGAIN
2432  : mutex_lock_interruptible(mutex);
2433 }
2434 
2435 static char *ffs_prepare_buffer(const char * __user buf, size_t len)
2436 {
2437  char *data;
2438 
2439  if (unlikely(!len))
2440  return NULL;
2441 
2442  data = kmalloc(len, GFP_KERNEL);
2443  if (unlikely(!data))
2444  return ERR_PTR(-ENOMEM);
2445 
2446  if (unlikely(__copy_from_user(data, buf, len))) {
2447  kfree(data);
2448  return ERR_PTR(-EFAULT);
2449  }
2450 
2451  pr_vdebug("Buffer from user space:\n");
2452  ffs_dump_mem("", data, len);
2453 
2454  return data;
2455 }
Generated on Thu Jan 10 2013 14:26:10 for Linux Kernel by   doxygen 1.8.2