This source file includes following definitions.
- ffs_func_from_usb
- ffs_setup_state_clear_cancelled
- ffs_ep0_complete
- __ffs_ep0_queue_wait
- __ffs_ep0_stall
- ffs_ep0_write
- __ffs_ep0_read_events
- ffs_ep0_read
- ffs_ep0_open
- ffs_ep0_release
- ffs_ep0_ioctl
- ffs_ep0_poll
- ffs_epfile_io_complete
- ffs_copy_to_iter
- ffs_build_sg_list
- ffs_alloc_buffer
- ffs_free_buffer
- ffs_user_copy_worker
- ffs_epfile_async_io_complete
- __ffs_epfile_read_buffer_free
- __ffs_epfile_read_buffered
- __ffs_epfile_read_data
- ffs_epfile_io
- ffs_epfile_open
- ffs_aio_cancel
- ffs_epfile_write_iter
- ffs_epfile_read_iter
- ffs_epfile_release
- ffs_epfile_ioctl
- ffs_epfile_compat_ioctl
- ffs_sb_make_inode
- ffs_sb_create_file
- ffs_sb_fill
- ffs_fs_parse_param
- ffs_fs_get_tree
- ffs_fs_free_fc
- ffs_fs_init_fs_context
- ffs_fs_kill_sb
- functionfs_init
- functionfs_cleanup
- ffs_data_get
- ffs_data_opened
- ffs_data_put
- ffs_data_closed
- ffs_data_new
- ffs_data_clear
- ffs_data_reset
- functionfs_bind
- functionfs_unbind
- ffs_epfiles_create
- ffs_epfiles_destroy
- ffs_func_eps_disable
- ffs_func_eps_enable
- ffs_do_single_desc
- ffs_do_descs
- __ffs_data_do_entity
- __ffs_do_os_desc_header
- ffs_do_single_os_desc
- ffs_do_os_descs
- __ffs_data_do_os_desc
- __ffs_data_got_descs
- __ffs_data_got_strings
- __ffs_event_add
- ffs_event_add
- ffs_ep_addr2idx
- __ffs_func_bind_do_descs
- __ffs_func_bind_do_nums
- __ffs_func_bind_do_os_desc
- ffs_do_functionfs_bind
- _ffs_func_bind
- ffs_func_bind
- ffs_reset_work
- ffs_func_set_alt
- ffs_func_disable
- ffs_func_setup
- ffs_func_req_match
- ffs_func_suspend
- ffs_func_resume
- ffs_func_revmap_ep
- ffs_func_revmap_intf
- _ffs_do_find_dev
- _ffs_get_single_dev
- _ffs_find_dev
- to_ffs_opts
- ffs_attr_release
- ffs_free_inst
- ffs_set_inst_name
- ffs_alloc_inst
- ffs_free
- ffs_func_unbind
- ffs_alloc
- _ffs_alloc_dev
- ffs_name_dev
- ffs_single_dev
- _ffs_free_dev
- ffs_acquire_dev
- ffs_release_dev
- ffs_ready
- ffs_closed
- ffs_mutex_lock
- ffs_prepare_buffer
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 #include <linux/blkdev.h>
18 #include <linux/pagemap.h>
19 #include <linux/export.h>
20 #include <linux/fs_parser.h>
21 #include <linux/hid.h>
22 #include <linux/mm.h>
23 #include <linux/module.h>
24 #include <linux/scatterlist.h>
25 #include <linux/sched/signal.h>
26 #include <linux/uio.h>
27 #include <linux/vmalloc.h>
28 #include <asm/unaligned.h>
29
30 #include <linux/usb/ccid.h>
31 #include <linux/usb/composite.h>
32 #include <linux/usb/functionfs.h>
33
34 #include <linux/aio.h>
35 #include <linux/mmu_context.h>
36 #include <linux/poll.h>
37 #include <linux/eventfd.h>
38
39 #include "u_fs.h"
40 #include "u_f.h"
41 #include "u_os_desc.h"
42 #include "configfs.h"
43
44 #define FUNCTIONFS_MAGIC 0xa647361
45
46
47 static void ffs_data_get(struct ffs_data *ffs);
48 static void ffs_data_put(struct ffs_data *ffs);
49
50 static struct ffs_data *__must_check ffs_data_new(const char *dev_name)
51 __attribute__((malloc));
52
53
54 static void ffs_data_opened(struct ffs_data *ffs);
55 static void ffs_data_closed(struct ffs_data *ffs);
56
57
58 static int __must_check
59 __ffs_data_got_descs(struct ffs_data *ffs, char *data, size_t len);
60 static int __must_check
61 __ffs_data_got_strings(struct ffs_data *ffs, char *data, size_t len);
62
63
64
65
66 struct ffs_ep;
67
68 struct ffs_function {
69 struct usb_configuration *conf;
70 struct usb_gadget *gadget;
71 struct ffs_data *ffs;
72
73 struct ffs_ep *eps;
74 u8 eps_revmap[16];
75 short *interfaces_nums;
76
77 struct usb_function function;
78 };
79
80
81 static struct ffs_function *ffs_func_from_usb(struct usb_function *f)
82 {
83 return container_of(f, struct ffs_function, function);
84 }
85
86
87 static inline enum ffs_setup_state
88 ffs_setup_state_clear_cancelled(struct ffs_data *ffs)
89 {
90 return (enum ffs_setup_state)
91 cmpxchg(&ffs->setup_state, FFS_SETUP_CANCELLED, FFS_NO_SETUP);
92 }
93
94
95 static void ffs_func_eps_disable(struct ffs_function *func);
96 static int __must_check ffs_func_eps_enable(struct ffs_function *func);
97
98 static int ffs_func_bind(struct usb_configuration *,
99 struct usb_function *);
100 static int ffs_func_set_alt(struct usb_function *, unsigned, unsigned);
101 static void ffs_func_disable(struct usb_function *);
102 static int ffs_func_setup(struct usb_function *,
103 const struct usb_ctrlrequest *);
104 static bool ffs_func_req_match(struct usb_function *,
105 const struct usb_ctrlrequest *,
106 bool config0);
107 static void ffs_func_suspend(struct usb_function *);
108 static void ffs_func_resume(struct usb_function *);
109
110
111 static int ffs_func_revmap_ep(struct ffs_function *func, u8 num);
112 static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf);
113
114
115
116
117 struct ffs_ep {
118 struct usb_ep *ep;
119 struct usb_request *req;
120
121
122 struct usb_endpoint_descriptor *descs[3];
123
124 u8 num;
125
126 int status;
127 };
128
129 struct ffs_epfile {
130
131 struct mutex mutex;
132
133 struct ffs_data *ffs;
134 struct ffs_ep *ep;
135
136 struct dentry *dentry;
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193 struct ffs_buffer *read_buffer;
194 #define READ_BUFFER_DROP ((struct ffs_buffer *)ERR_PTR(-ESHUTDOWN))
195
196 char name[5];
197
198 unsigned char in;
199 unsigned char isoc;
200
201 unsigned char _pad;
202 };
203
204 struct ffs_buffer {
205 size_t length;
206 char *data;
207 char storage[];
208 };
209
210
211
212 struct ffs_io_data {
213 bool aio;
214 bool read;
215
216 struct kiocb *kiocb;
217 struct iov_iter data;
218 const void *to_free;
219 char *buf;
220
221 struct mm_struct *mm;
222 struct work_struct work;
223
224 struct usb_ep *ep;
225 struct usb_request *req;
226 struct sg_table sgt;
227 bool use_sg;
228
229 struct ffs_data *ffs;
230 };
231
232 struct ffs_desc_helper {
233 struct ffs_data *ffs;
234 unsigned interfaces_count;
235 unsigned eps_count;
236 };
237
238 static int __must_check ffs_epfiles_create(struct ffs_data *ffs);
239 static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count);
240
241 static struct dentry *
242 ffs_sb_create_file(struct super_block *sb, const char *name, void *data,
243 const struct file_operations *fops);
244
245
246
247 DEFINE_MUTEX(ffs_lock);
248 EXPORT_SYMBOL_GPL(ffs_lock);
249
250 static struct ffs_dev *_ffs_find_dev(const char *name);
251 static struct ffs_dev *_ffs_alloc_dev(void);
252 static void _ffs_free_dev(struct ffs_dev *dev);
253 static void *ffs_acquire_dev(const char *dev_name);
254 static void ffs_release_dev(struct ffs_data *ffs_data);
255 static int ffs_ready(struct ffs_data *ffs);
256 static void ffs_closed(struct ffs_data *ffs);
257
258
259
260 static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
261 __attribute__((warn_unused_result, nonnull));
262 static char *ffs_prepare_buffer(const char __user *buf, size_t len)
263 __attribute__((warn_unused_result, nonnull));
264
265
266
267
268 static void ffs_ep0_complete(struct usb_ep *ep, struct usb_request *req)
269 {
270 struct ffs_data *ffs = req->context;
271
272 complete(&ffs->ep0req_completion);
273 }
274
275 static int __ffs_ep0_queue_wait(struct ffs_data *ffs, char *data, size_t len)
276 __releases(&ffs->ev.waitq.lock)
277 {
278 struct usb_request *req = ffs->ep0req;
279 int ret;
280
281 req->zero = len < le16_to_cpu(ffs->ev.setup.wLength);
282
283 spin_unlock_irq(&ffs->ev.waitq.lock);
284
285 req->buf = data;
286 req->length = len;
287
288
289
290
291
292
293 if (req->buf == NULL)
294 req->buf = (void *)0xDEADBABE;
295
296 reinit_completion(&ffs->ep0req_completion);
297
298 ret = usb_ep_queue(ffs->gadget->ep0, req, GFP_ATOMIC);
299 if (unlikely(ret < 0))
300 return ret;
301
302 ret = wait_for_completion_interruptible(&ffs->ep0req_completion);
303 if (unlikely(ret)) {
304 usb_ep_dequeue(ffs->gadget->ep0, req);
305 return -EINTR;
306 }
307
308 ffs->setup_state = FFS_NO_SETUP;
309 return req->status ? req->status : req->actual;
310 }
311
312 static int __ffs_ep0_stall(struct ffs_data *ffs)
313 {
314 if (ffs->ev.can_stall) {
315 pr_vdebug("ep0 stall\n");
316 usb_ep_set_halt(ffs->gadget->ep0);
317 ffs->setup_state = FFS_NO_SETUP;
318 return -EL2HLT;
319 } else {
320 pr_debug("bogus ep0 stall!\n");
321 return -ESRCH;
322 }
323 }
324
325 static ssize_t ffs_ep0_write(struct file *file, const char __user *buf,
326 size_t len, loff_t *ptr)
327 {
328 struct ffs_data *ffs = file->private_data;
329 ssize_t ret;
330 char *data;
331
332 ENTER();
333
334
335 if (ffs_setup_state_clear_cancelled(ffs) == FFS_SETUP_CANCELLED)
336 return -EIDRM;
337
338
339 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
340 if (unlikely(ret < 0))
341 return ret;
342
343
344 switch (ffs->state) {
345 case FFS_READ_DESCRIPTORS:
346 case FFS_READ_STRINGS:
347
348 if (unlikely(len < 16)) {
349 ret = -EINVAL;
350 break;
351 }
352
353 data = ffs_prepare_buffer(buf, len);
354 if (IS_ERR(data)) {
355 ret = PTR_ERR(data);
356 break;
357 }
358
359
360 if (ffs->state == FFS_READ_DESCRIPTORS) {
361 pr_info("read descriptors\n");
362 ret = __ffs_data_got_descs(ffs, data, len);
363 if (unlikely(ret < 0))
364 break;
365
366 ffs->state = FFS_READ_STRINGS;
367 ret = len;
368 } else {
369 pr_info("read strings\n");
370 ret = __ffs_data_got_strings(ffs, data, len);
371 if (unlikely(ret < 0))
372 break;
373
374 ret = ffs_epfiles_create(ffs);
375 if (unlikely(ret)) {
376 ffs->state = FFS_CLOSING;
377 break;
378 }
379
380 ffs->state = FFS_ACTIVE;
381 mutex_unlock(&ffs->mutex);
382
383 ret = ffs_ready(ffs);
384 if (unlikely(ret < 0)) {
385 ffs->state = FFS_CLOSING;
386 return ret;
387 }
388
389 return len;
390 }
391 break;
392
393 case FFS_ACTIVE:
394 data = NULL;
395
396
397
398
399 spin_lock_irq(&ffs->ev.waitq.lock);
400 switch (ffs_setup_state_clear_cancelled(ffs)) {
401 case FFS_SETUP_CANCELLED:
402 ret = -EIDRM;
403 goto done_spin;
404
405 case FFS_NO_SETUP:
406 ret = -ESRCH;
407 goto done_spin;
408
409 case FFS_SETUP_PENDING:
410 break;
411 }
412
413
414 if (!(ffs->ev.setup.bRequestType & USB_DIR_IN)) {
415 spin_unlock_irq(&ffs->ev.waitq.lock);
416 ret = __ffs_ep0_stall(ffs);
417 break;
418 }
419
420
421 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
422
423 spin_unlock_irq(&ffs->ev.waitq.lock);
424
425 data = ffs_prepare_buffer(buf, len);
426 if (IS_ERR(data)) {
427 ret = PTR_ERR(data);
428 break;
429 }
430
431 spin_lock_irq(&ffs->ev.waitq.lock);
432
433
434
435
436
437
438
439
440
441
442
443
444
445 if (ffs_setup_state_clear_cancelled(ffs) ==
446 FFS_SETUP_CANCELLED) {
447 ret = -EIDRM;
448 done_spin:
449 spin_unlock_irq(&ffs->ev.waitq.lock);
450 } else {
451
452 ret = __ffs_ep0_queue_wait(ffs, data, len);
453 }
454 kfree(data);
455 break;
456
457 default:
458 ret = -EBADFD;
459 break;
460 }
461
462 mutex_unlock(&ffs->mutex);
463 return ret;
464 }
465
466
467 static ssize_t __ffs_ep0_read_events(struct ffs_data *ffs, char __user *buf,
468 size_t n)
469 __releases(&ffs->ev.waitq.lock)
470 {
471
472
473
474
475
476 struct usb_functionfs_event events[ARRAY_SIZE(ffs->ev.types)];
477 const size_t size = n * sizeof *events;
478 unsigned i = 0;
479
480 memset(events, 0, size);
481
482 do {
483 events[i].type = ffs->ev.types[i];
484 if (events[i].type == FUNCTIONFS_SETUP) {
485 events[i].u.setup = ffs->ev.setup;
486 ffs->setup_state = FFS_SETUP_PENDING;
487 }
488 } while (++i < n);
489
490 ffs->ev.count -= n;
491 if (ffs->ev.count)
492 memmove(ffs->ev.types, ffs->ev.types + n,
493 ffs->ev.count * sizeof *ffs->ev.types);
494
495 spin_unlock_irq(&ffs->ev.waitq.lock);
496 mutex_unlock(&ffs->mutex);
497
498 return unlikely(copy_to_user(buf, events, size)) ? -EFAULT : size;
499 }
500
501 static ssize_t ffs_ep0_read(struct file *file, char __user *buf,
502 size_t len, loff_t *ptr)
503 {
504 struct ffs_data *ffs = file->private_data;
505 char *data = NULL;
506 size_t n;
507 int ret;
508
509 ENTER();
510
511
512 if (ffs_setup_state_clear_cancelled(ffs) == FFS_SETUP_CANCELLED)
513 return -EIDRM;
514
515
516 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
517 if (unlikely(ret < 0))
518 return ret;
519
520
521 if (ffs->state != FFS_ACTIVE) {
522 ret = -EBADFD;
523 goto done_mutex;
524 }
525
526
527
528
529
530 spin_lock_irq(&ffs->ev.waitq.lock);
531
532 switch (ffs_setup_state_clear_cancelled(ffs)) {
533 case FFS_SETUP_CANCELLED:
534 ret = -EIDRM;
535 break;
536
537 case FFS_NO_SETUP:
538 n = len / sizeof(struct usb_functionfs_event);
539 if (unlikely(!n)) {
540 ret = -EINVAL;
541 break;
542 }
543
544 if ((file->f_flags & O_NONBLOCK) && !ffs->ev.count) {
545 ret = -EAGAIN;
546 break;
547 }
548
549 if (wait_event_interruptible_exclusive_locked_irq(ffs->ev.waitq,
550 ffs->ev.count)) {
551 ret = -EINTR;
552 break;
553 }
554
555
556 return __ffs_ep0_read_events(ffs, buf,
557 min(n, (size_t)ffs->ev.count));
558
559 case FFS_SETUP_PENDING:
560 if (ffs->ev.setup.bRequestType & USB_DIR_IN) {
561 spin_unlock_irq(&ffs->ev.waitq.lock);
562 ret = __ffs_ep0_stall(ffs);
563 goto done_mutex;
564 }
565
566 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
567
568 spin_unlock_irq(&ffs->ev.waitq.lock);
569
570 if (likely(len)) {
571 data = kmalloc(len, GFP_KERNEL);
572 if (unlikely(!data)) {
573 ret = -ENOMEM;
574 goto done_mutex;
575 }
576 }
577
578 spin_lock_irq(&ffs->ev.waitq.lock);
579
580
581 if (ffs_setup_state_clear_cancelled(ffs) ==
582 FFS_SETUP_CANCELLED) {
583 ret = -EIDRM;
584 break;
585 }
586
587
588 ret = __ffs_ep0_queue_wait(ffs, data, len);
589 if (likely(ret > 0) && unlikely(copy_to_user(buf, data, len)))
590 ret = -EFAULT;
591 goto done_mutex;
592
593 default:
594 ret = -EBADFD;
595 break;
596 }
597
598 spin_unlock_irq(&ffs->ev.waitq.lock);
599 done_mutex:
600 mutex_unlock(&ffs->mutex);
601 kfree(data);
602 return ret;
603 }
604
605 static int ffs_ep0_open(struct inode *inode, struct file *file)
606 {
607 struct ffs_data *ffs = inode->i_private;
608
609 ENTER();
610
611 if (unlikely(ffs->state == FFS_CLOSING))
612 return -EBUSY;
613
614 file->private_data = ffs;
615 ffs_data_opened(ffs);
616
617 return 0;
618 }
619
620 static int ffs_ep0_release(struct inode *inode, struct file *file)
621 {
622 struct ffs_data *ffs = file->private_data;
623
624 ENTER();
625
626 ffs_data_closed(ffs);
627
628 return 0;
629 }
630
631 static long ffs_ep0_ioctl(struct file *file, unsigned code, unsigned long value)
632 {
633 struct ffs_data *ffs = file->private_data;
634 struct usb_gadget *gadget = ffs->gadget;
635 long ret;
636
637 ENTER();
638
639 if (code == FUNCTIONFS_INTERFACE_REVMAP) {
640 struct ffs_function *func = ffs->func;
641 ret = func ? ffs_func_revmap_intf(func, value) : -ENODEV;
642 } else if (gadget && gadget->ops->ioctl) {
643 ret = gadget->ops->ioctl(gadget, code, value);
644 } else {
645 ret = -ENOTTY;
646 }
647
648 return ret;
649 }
650
651 static __poll_t ffs_ep0_poll(struct file *file, poll_table *wait)
652 {
653 struct ffs_data *ffs = file->private_data;
654 __poll_t mask = EPOLLWRNORM;
655 int ret;
656
657 poll_wait(file, &ffs->ev.waitq, wait);
658
659 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
660 if (unlikely(ret < 0))
661 return mask;
662
663 switch (ffs->state) {
664 case FFS_READ_DESCRIPTORS:
665 case FFS_READ_STRINGS:
666 mask |= EPOLLOUT;
667 break;
668
669 case FFS_ACTIVE:
670 switch (ffs->setup_state) {
671 case FFS_NO_SETUP:
672 if (ffs->ev.count)
673 mask |= EPOLLIN;
674 break;
675
676 case FFS_SETUP_PENDING:
677 case FFS_SETUP_CANCELLED:
678 mask |= (EPOLLIN | EPOLLOUT);
679 break;
680 }
681 case FFS_CLOSING:
682 break;
683 case FFS_DEACTIVATED:
684 break;
685 }
686
687 mutex_unlock(&ffs->mutex);
688
689 return mask;
690 }
691
692 static const struct file_operations ffs_ep0_operations = {
693 .llseek = no_llseek,
694
695 .open = ffs_ep0_open,
696 .write = ffs_ep0_write,
697 .read = ffs_ep0_read,
698 .release = ffs_ep0_release,
699 .unlocked_ioctl = ffs_ep0_ioctl,
700 .poll = ffs_ep0_poll,
701 };
702
703
704
705
706 static void ffs_epfile_io_complete(struct usb_ep *_ep, struct usb_request *req)
707 {
708 ENTER();
709 if (likely(req->context)) {
710 struct ffs_ep *ep = _ep->driver_data;
711 ep->status = req->status ? req->status : req->actual;
712 complete(req->context);
713 }
714 }
715
716 static ssize_t ffs_copy_to_iter(void *data, int data_len, struct iov_iter *iter)
717 {
718 ssize_t ret = copy_to_iter(data, data_len, iter);
719 if (likely(ret == data_len))
720 return ret;
721
722 if (unlikely(iov_iter_count(iter)))
723 return -EFAULT;
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752 pr_err("functionfs read size %d > requested size %zd, dropping excess data. "
753 "Align read buffer size to max packet size to avoid the problem.\n",
754 data_len, ret);
755
756 return ret;
757 }
758
759
760
761
762
763
764 static void *ffs_build_sg_list(struct sg_table *sgt, size_t sz)
765 {
766 struct page **pages;
767 void *vaddr, *ptr;
768 unsigned int n_pages;
769 int i;
770
771 vaddr = vmalloc(sz);
772 if (!vaddr)
773 return NULL;
774
775 n_pages = PAGE_ALIGN(sz) >> PAGE_SHIFT;
776 pages = kvmalloc_array(n_pages, sizeof(struct page *), GFP_KERNEL);
777 if (!pages) {
778 vfree(vaddr);
779
780 return NULL;
781 }
782 for (i = 0, ptr = vaddr; i < n_pages; ++i, ptr += PAGE_SIZE)
783 pages[i] = vmalloc_to_page(ptr);
784
785 if (sg_alloc_table_from_pages(sgt, pages, n_pages, 0, sz, GFP_KERNEL)) {
786 kvfree(pages);
787 vfree(vaddr);
788
789 return NULL;
790 }
791 kvfree(pages);
792
793 return vaddr;
794 }
795
796 static inline void *ffs_alloc_buffer(struct ffs_io_data *io_data,
797 size_t data_len)
798 {
799 if (io_data->use_sg)
800 return ffs_build_sg_list(&io_data->sgt, data_len);
801
802 return kmalloc(data_len, GFP_KERNEL);
803 }
804
805 static inline void ffs_free_buffer(struct ffs_io_data *io_data)
806 {
807 if (!io_data->buf)
808 return;
809
810 if (io_data->use_sg) {
811 sg_free_table(&io_data->sgt);
812 vfree(io_data->buf);
813 } else {
814 kfree(io_data->buf);
815 }
816 }
817
818 static void ffs_user_copy_worker(struct work_struct *work)
819 {
820 struct ffs_io_data *io_data = container_of(work, struct ffs_io_data,
821 work);
822 int ret = io_data->req->status ? io_data->req->status :
823 io_data->req->actual;
824 bool kiocb_has_eventfd = io_data->kiocb->ki_flags & IOCB_EVENTFD;
825
826 if (io_data->read && ret > 0) {
827 mm_segment_t oldfs = get_fs();
828
829 set_fs(USER_DS);
830 use_mm(io_data->mm);
831 ret = ffs_copy_to_iter(io_data->buf, ret, &io_data->data);
832 unuse_mm(io_data->mm);
833 set_fs(oldfs);
834 }
835
836 io_data->kiocb->ki_complete(io_data->kiocb, ret, ret);
837
838 if (io_data->ffs->ffs_eventfd && !kiocb_has_eventfd)
839 eventfd_signal(io_data->ffs->ffs_eventfd, 1);
840
841 usb_ep_free_request(io_data->ep, io_data->req);
842
843 if (io_data->read)
844 kfree(io_data->to_free);
845 ffs_free_buffer(io_data);
846 kfree(io_data);
847 }
848
849 static void ffs_epfile_async_io_complete(struct usb_ep *_ep,
850 struct usb_request *req)
851 {
852 struct ffs_io_data *io_data = req->context;
853 struct ffs_data *ffs = io_data->ffs;
854
855 ENTER();
856
857 INIT_WORK(&io_data->work, ffs_user_copy_worker);
858 queue_work(ffs->io_completion_wq, &io_data->work);
859 }
860
861 static void __ffs_epfile_read_buffer_free(struct ffs_epfile *epfile)
862 {
863
864
865
866
867 struct ffs_buffer *buf = xchg(&epfile->read_buffer, READ_BUFFER_DROP);
868 if (buf && buf != READ_BUFFER_DROP)
869 kfree(buf);
870 }
871
872
873 static ssize_t __ffs_epfile_read_buffered(struct ffs_epfile *epfile,
874 struct iov_iter *iter)
875 {
876
877
878
879
880
881 struct ffs_buffer *buf = xchg(&epfile->read_buffer, NULL);
882 ssize_t ret;
883 if (!buf || buf == READ_BUFFER_DROP)
884 return 0;
885
886 ret = copy_to_iter(buf->data, buf->length, iter);
887 if (buf->length == ret) {
888 kfree(buf);
889 return ret;
890 }
891
892 if (unlikely(iov_iter_count(iter))) {
893 ret = -EFAULT;
894 } else {
895 buf->length -= ret;
896 buf->data += ret;
897 }
898
899 if (cmpxchg(&epfile->read_buffer, NULL, buf))
900 kfree(buf);
901
902 return ret;
903 }
904
905
906 static ssize_t __ffs_epfile_read_data(struct ffs_epfile *epfile,
907 void *data, int data_len,
908 struct iov_iter *iter)
909 {
910 struct ffs_buffer *buf;
911
912 ssize_t ret = copy_to_iter(data, data_len, iter);
913 if (likely(data_len == ret))
914 return ret;
915
916 if (unlikely(iov_iter_count(iter)))
917 return -EFAULT;
918
919
920 pr_warn("functionfs read size %d > requested size %zd, splitting request into multiple reads.",
921 data_len, ret);
922
923 data_len -= ret;
924 buf = kmalloc(sizeof(*buf) + data_len, GFP_KERNEL);
925 if (!buf)
926 return -ENOMEM;
927 buf->length = data_len;
928 buf->data = buf->storage;
929 memcpy(buf->storage, data + ret, data_len);
930
931
932
933
934
935
936
937 if (unlikely(cmpxchg(&epfile->read_buffer, NULL, buf)))
938 kfree(buf);
939
940 return ret;
941 }
942
943 static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
944 {
945 struct ffs_epfile *epfile = file->private_data;
946 struct usb_request *req;
947 struct ffs_ep *ep;
948 char *data = NULL;
949 ssize_t ret, data_len = -EINVAL;
950 int halt;
951
952
953 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
954 return -ENODEV;
955
956
957 ep = epfile->ep;
958 if (!ep) {
959 if (file->f_flags & O_NONBLOCK)
960 return -EAGAIN;
961
962 ret = wait_event_interruptible(
963 epfile->ffs->wait, (ep = epfile->ep));
964 if (ret)
965 return -EINTR;
966 }
967
968
969 halt = (!io_data->read == !epfile->in);
970 if (halt && epfile->isoc)
971 return -EINVAL;
972
973
974 ret = ffs_mutex_lock(&epfile->mutex, file->f_flags & O_NONBLOCK);
975 if (unlikely(ret))
976 goto error;
977
978
979 if (!halt) {
980 struct usb_gadget *gadget;
981
982
983
984
985
986
987
988
989 if (!io_data->aio && io_data->read) {
990 ret = __ffs_epfile_read_buffered(epfile, &io_data->data);
991 if (ret)
992 goto error_mutex;
993 }
994
995
996
997
998
999
1000 gadget = epfile->ffs->gadget;
1001
1002 spin_lock_irq(&epfile->ffs->eps_lock);
1003
1004 if (epfile->ep != ep) {
1005 ret = -ESHUTDOWN;
1006 goto error_lock;
1007 }
1008 data_len = iov_iter_count(&io_data->data);
1009
1010
1011
1012
1013 if (io_data->read)
1014 data_len = usb_ep_align_maybe(gadget, ep->ep, data_len);
1015
1016 io_data->use_sg = gadget->sg_supported && data_len > PAGE_SIZE;
1017 spin_unlock_irq(&epfile->ffs->eps_lock);
1018
1019 data = ffs_alloc_buffer(io_data, data_len);
1020 if (unlikely(!data)) {
1021 ret = -ENOMEM;
1022 goto error_mutex;
1023 }
1024 if (!io_data->read &&
1025 !copy_from_iter_full(data, data_len, &io_data->data)) {
1026 ret = -EFAULT;
1027 goto error_mutex;
1028 }
1029 }
1030
1031 spin_lock_irq(&epfile->ffs->eps_lock);
1032
1033 if (epfile->ep != ep) {
1034
1035 ret = -ESHUTDOWN;
1036 } else if (halt) {
1037 ret = usb_ep_set_halt(ep->ep);
1038 if (!ret)
1039 ret = -EBADMSG;
1040 } else if (unlikely(data_len == -EINVAL)) {
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052 WARN(1, "%s: data_len == -EINVAL\n", __func__);
1053 ret = -EINVAL;
1054 } else if (!io_data->aio) {
1055 DECLARE_COMPLETION_ONSTACK(done);
1056 bool interrupted = false;
1057
1058 req = ep->req;
1059 if (io_data->use_sg) {
1060 req->buf = NULL;
1061 req->sg = io_data->sgt.sgl;
1062 req->num_sgs = io_data->sgt.nents;
1063 } else {
1064 req->buf = data;
1065 req->num_sgs = 0;
1066 }
1067 req->length = data_len;
1068
1069 io_data->buf = data;
1070
1071 req->context = &done;
1072 req->complete = ffs_epfile_io_complete;
1073
1074 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
1075 if (unlikely(ret < 0))
1076 goto error_lock;
1077
1078 spin_unlock_irq(&epfile->ffs->eps_lock);
1079
1080 if (unlikely(wait_for_completion_interruptible(&done))) {
1081
1082
1083
1084
1085
1086
1087 usb_ep_dequeue(ep->ep, req);
1088 wait_for_completion(&done);
1089 interrupted = ep->status < 0;
1090 }
1091
1092 if (interrupted)
1093 ret = -EINTR;
1094 else if (io_data->read && ep->status > 0)
1095 ret = __ffs_epfile_read_data(epfile, data, ep->status,
1096 &io_data->data);
1097 else
1098 ret = ep->status;
1099 goto error_mutex;
1100 } else if (!(req = usb_ep_alloc_request(ep->ep, GFP_ATOMIC))) {
1101 ret = -ENOMEM;
1102 } else {
1103 if (io_data->use_sg) {
1104 req->buf = NULL;
1105 req->sg = io_data->sgt.sgl;
1106 req->num_sgs = io_data->sgt.nents;
1107 } else {
1108 req->buf = data;
1109 req->num_sgs = 0;
1110 }
1111 req->length = data_len;
1112
1113 io_data->buf = data;
1114 io_data->ep = ep->ep;
1115 io_data->req = req;
1116 io_data->ffs = epfile->ffs;
1117
1118 req->context = io_data;
1119 req->complete = ffs_epfile_async_io_complete;
1120
1121 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
1122 if (unlikely(ret)) {
1123 io_data->req = NULL;
1124 usb_ep_free_request(ep->ep, req);
1125 goto error_lock;
1126 }
1127
1128 ret = -EIOCBQUEUED;
1129
1130
1131
1132
1133 data = NULL;
1134 }
1135
1136 error_lock:
1137 spin_unlock_irq(&epfile->ffs->eps_lock);
1138 error_mutex:
1139 mutex_unlock(&epfile->mutex);
1140 error:
1141 if (ret != -EIOCBQUEUED)
1142 ffs_free_buffer(io_data);
1143 return ret;
1144 }
1145
1146 static int
1147 ffs_epfile_open(struct inode *inode, struct file *file)
1148 {
1149 struct ffs_epfile *epfile = inode->i_private;
1150
1151 ENTER();
1152
1153 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
1154 return -ENODEV;
1155
1156 file->private_data = epfile;
1157 ffs_data_opened(epfile->ffs);
1158
1159 return 0;
1160 }
1161
1162 static int ffs_aio_cancel(struct kiocb *kiocb)
1163 {
1164 struct ffs_io_data *io_data = kiocb->private;
1165 struct ffs_epfile *epfile = kiocb->ki_filp->private_data;
1166 unsigned long flags;
1167 int value;
1168
1169 ENTER();
1170
1171 spin_lock_irqsave(&epfile->ffs->eps_lock, flags);
1172
1173 if (likely(io_data && io_data->ep && io_data->req))
1174 value = usb_ep_dequeue(io_data->ep, io_data->req);
1175 else
1176 value = -EINVAL;
1177
1178 spin_unlock_irqrestore(&epfile->ffs->eps_lock, flags);
1179
1180 return value;
1181 }
1182
1183 static ssize_t ffs_epfile_write_iter(struct kiocb *kiocb, struct iov_iter *from)
1184 {
1185 struct ffs_io_data io_data, *p = &io_data;
1186 ssize_t res;
1187
1188 ENTER();
1189
1190 if (!is_sync_kiocb(kiocb)) {
1191 p = kzalloc(sizeof(io_data), GFP_KERNEL);
1192 if (unlikely(!p))
1193 return -ENOMEM;
1194 p->aio = true;
1195 } else {
1196 memset(p, 0, sizeof(*p));
1197 p->aio = false;
1198 }
1199
1200 p->read = false;
1201 p->kiocb = kiocb;
1202 p->data = *from;
1203 p->mm = current->mm;
1204
1205 kiocb->private = p;
1206
1207 if (p->aio)
1208 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel);
1209
1210 res = ffs_epfile_io(kiocb->ki_filp, p);
1211 if (res == -EIOCBQUEUED)
1212 return res;
1213 if (p->aio)
1214 kfree(p);
1215 else
1216 *from = p->data;
1217 return res;
1218 }
1219
1220 static ssize_t ffs_epfile_read_iter(struct kiocb *kiocb, struct iov_iter *to)
1221 {
1222 struct ffs_io_data io_data, *p = &io_data;
1223 ssize_t res;
1224
1225 ENTER();
1226
1227 if (!is_sync_kiocb(kiocb)) {
1228 p = kzalloc(sizeof(io_data), GFP_KERNEL);
1229 if (unlikely(!p))
1230 return -ENOMEM;
1231 p->aio = true;
1232 } else {
1233 memset(p, 0, sizeof(*p));
1234 p->aio = false;
1235 }
1236
1237 p->read = true;
1238 p->kiocb = kiocb;
1239 if (p->aio) {
1240 p->to_free = dup_iter(&p->data, to, GFP_KERNEL);
1241 if (!p->to_free) {
1242 kfree(p);
1243 return -ENOMEM;
1244 }
1245 } else {
1246 p->data = *to;
1247 p->to_free = NULL;
1248 }
1249 p->mm = current->mm;
1250
1251 kiocb->private = p;
1252
1253 if (p->aio)
1254 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel);
1255
1256 res = ffs_epfile_io(kiocb->ki_filp, p);
1257 if (res == -EIOCBQUEUED)
1258 return res;
1259
1260 if (p->aio) {
1261 kfree(p->to_free);
1262 kfree(p);
1263 } else {
1264 *to = p->data;
1265 }
1266 return res;
1267 }
1268
1269 static int
1270 ffs_epfile_release(struct inode *inode, struct file *file)
1271 {
1272 struct ffs_epfile *epfile = inode->i_private;
1273
1274 ENTER();
1275
1276 __ffs_epfile_read_buffer_free(epfile);
1277 ffs_data_closed(epfile->ffs);
1278
1279 return 0;
1280 }
1281
1282 static long ffs_epfile_ioctl(struct file *file, unsigned code,
1283 unsigned long value)
1284 {
1285 struct ffs_epfile *epfile = file->private_data;
1286 struct ffs_ep *ep;
1287 int ret;
1288
1289 ENTER();
1290
1291 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
1292 return -ENODEV;
1293
1294
1295 ep = epfile->ep;
1296 if (!ep) {
1297 if (file->f_flags & O_NONBLOCK)
1298 return -EAGAIN;
1299
1300 ret = wait_event_interruptible(
1301 epfile->ffs->wait, (ep = epfile->ep));
1302 if (ret)
1303 return -EINTR;
1304 }
1305
1306 spin_lock_irq(&epfile->ffs->eps_lock);
1307
1308
1309 if (epfile->ep != ep) {
1310 spin_unlock_irq(&epfile->ffs->eps_lock);
1311 return -ESHUTDOWN;
1312 }
1313
1314 switch (code) {
1315 case FUNCTIONFS_FIFO_STATUS:
1316 ret = usb_ep_fifo_status(epfile->ep->ep);
1317 break;
1318 case FUNCTIONFS_FIFO_FLUSH:
1319 usb_ep_fifo_flush(epfile->ep->ep);
1320 ret = 0;
1321 break;
1322 case FUNCTIONFS_CLEAR_HALT:
1323 ret = usb_ep_clear_halt(epfile->ep->ep);
1324 break;
1325 case FUNCTIONFS_ENDPOINT_REVMAP:
1326 ret = epfile->ep->num;
1327 break;
1328 case FUNCTIONFS_ENDPOINT_DESC:
1329 {
1330 int desc_idx;
1331 struct usb_endpoint_descriptor *desc;
1332
1333 switch (epfile->ffs->gadget->speed) {
1334 case USB_SPEED_SUPER:
1335 desc_idx = 2;
1336 break;
1337 case USB_SPEED_HIGH:
1338 desc_idx = 1;
1339 break;
1340 default:
1341 desc_idx = 0;
1342 }
1343 desc = epfile->ep->descs[desc_idx];
1344
1345 spin_unlock_irq(&epfile->ffs->eps_lock);
1346 ret = copy_to_user((void __user *)value, desc, desc->bLength);
1347 if (ret)
1348 ret = -EFAULT;
1349 return ret;
1350 }
1351 default:
1352 ret = -ENOTTY;
1353 }
1354 spin_unlock_irq(&epfile->ffs->eps_lock);
1355
1356 return ret;
1357 }
1358
1359 #ifdef CONFIG_COMPAT
1360 static long ffs_epfile_compat_ioctl(struct file *file, unsigned code,
1361 unsigned long value)
1362 {
1363 return ffs_epfile_ioctl(file, code, value);
1364 }
1365 #endif
1366
1367 static const struct file_operations ffs_epfile_operations = {
1368 .llseek = no_llseek,
1369
1370 .open = ffs_epfile_open,
1371 .write_iter = ffs_epfile_write_iter,
1372 .read_iter = ffs_epfile_read_iter,
1373 .release = ffs_epfile_release,
1374 .unlocked_ioctl = ffs_epfile_ioctl,
1375 #ifdef CONFIG_COMPAT
1376 .compat_ioctl = ffs_epfile_compat_ioctl,
1377 #endif
1378 };
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388 static struct inode *__must_check
1389 ffs_sb_make_inode(struct super_block *sb, void *data,
1390 const struct file_operations *fops,
1391 const struct inode_operations *iops,
1392 struct ffs_file_perms *perms)
1393 {
1394 struct inode *inode;
1395
1396 ENTER();
1397
1398 inode = new_inode(sb);
1399
1400 if (likely(inode)) {
1401 struct timespec64 ts = current_time(inode);
1402
1403 inode->i_ino = get_next_ino();
1404 inode->i_mode = perms->mode;
1405 inode->i_uid = perms->uid;
1406 inode->i_gid = perms->gid;
1407 inode->i_atime = ts;
1408 inode->i_mtime = ts;
1409 inode->i_ctime = ts;
1410 inode->i_private = data;
1411 if (fops)
1412 inode->i_fop = fops;
1413 if (iops)
1414 inode->i_op = iops;
1415 }
1416
1417 return inode;
1418 }
1419
1420
1421 static struct dentry *ffs_sb_create_file(struct super_block *sb,
1422 const char *name, void *data,
1423 const struct file_operations *fops)
1424 {
1425 struct ffs_data *ffs = sb->s_fs_info;
1426 struct dentry *dentry;
1427 struct inode *inode;
1428
1429 ENTER();
1430
1431 dentry = d_alloc_name(sb->s_root, name);
1432 if (unlikely(!dentry))
1433 return NULL;
1434
1435 inode = ffs_sb_make_inode(sb, data, fops, NULL, &ffs->file_perms);
1436 if (unlikely(!inode)) {
1437 dput(dentry);
1438 return NULL;
1439 }
1440
1441 d_add(dentry, inode);
1442 return dentry;
1443 }
1444
1445
1446 static const struct super_operations ffs_sb_operations = {
1447 .statfs = simple_statfs,
1448 .drop_inode = generic_delete_inode,
1449 };
1450
1451 struct ffs_sb_fill_data {
1452 struct ffs_file_perms perms;
1453 umode_t root_mode;
1454 const char *dev_name;
1455 bool no_disconnect;
1456 struct ffs_data *ffs_data;
1457 };
1458
1459 static int ffs_sb_fill(struct super_block *sb, struct fs_context *fc)
1460 {
1461 struct ffs_sb_fill_data *data = fc->fs_private;
1462 struct inode *inode;
1463 struct ffs_data *ffs = data->ffs_data;
1464
1465 ENTER();
1466
1467 ffs->sb = sb;
1468 data->ffs_data = NULL;
1469 sb->s_fs_info = ffs;
1470 sb->s_blocksize = PAGE_SIZE;
1471 sb->s_blocksize_bits = PAGE_SHIFT;
1472 sb->s_magic = FUNCTIONFS_MAGIC;
1473 sb->s_op = &ffs_sb_operations;
1474 sb->s_time_gran = 1;
1475
1476
1477 data->perms.mode = data->root_mode;
1478 inode = ffs_sb_make_inode(sb, NULL,
1479 &simple_dir_operations,
1480 &simple_dir_inode_operations,
1481 &data->perms);
1482 sb->s_root = d_make_root(inode);
1483 if (unlikely(!sb->s_root))
1484 return -ENOMEM;
1485
1486
1487 if (unlikely(!ffs_sb_create_file(sb, "ep0", ffs,
1488 &ffs_ep0_operations)))
1489 return -ENOMEM;
1490
1491 return 0;
1492 }
1493
1494 enum {
1495 Opt_no_disconnect,
1496 Opt_rmode,
1497 Opt_fmode,
1498 Opt_mode,
1499 Opt_uid,
1500 Opt_gid,
1501 };
1502
1503 static const struct fs_parameter_spec ffs_fs_param_specs[] = {
1504 fsparam_bool ("no_disconnect", Opt_no_disconnect),
1505 fsparam_u32 ("rmode", Opt_rmode),
1506 fsparam_u32 ("fmode", Opt_fmode),
1507 fsparam_u32 ("mode", Opt_mode),
1508 fsparam_u32 ("uid", Opt_uid),
1509 fsparam_u32 ("gid", Opt_gid),
1510 {}
1511 };
1512
1513 static const struct fs_parameter_description ffs_fs_fs_parameters = {
1514 .name = "kAFS",
1515 .specs = ffs_fs_param_specs,
1516 };
1517
1518 static int ffs_fs_parse_param(struct fs_context *fc, struct fs_parameter *param)
1519 {
1520 struct ffs_sb_fill_data *data = fc->fs_private;
1521 struct fs_parse_result result;
1522 int opt;
1523
1524 ENTER();
1525
1526 opt = fs_parse(fc, &ffs_fs_fs_parameters, param, &result);
1527 if (opt < 0)
1528 return opt;
1529
1530 switch (opt) {
1531 case Opt_no_disconnect:
1532 data->no_disconnect = result.boolean;
1533 break;
1534 case Opt_rmode:
1535 data->root_mode = (result.uint_32 & 0555) | S_IFDIR;
1536 break;
1537 case Opt_fmode:
1538 data->perms.mode = (result.uint_32 & 0666) | S_IFREG;
1539 break;
1540 case Opt_mode:
1541 data->root_mode = (result.uint_32 & 0555) | S_IFDIR;
1542 data->perms.mode = (result.uint_32 & 0666) | S_IFREG;
1543 break;
1544
1545 case Opt_uid:
1546 data->perms.uid = make_kuid(current_user_ns(), result.uint_32);
1547 if (!uid_valid(data->perms.uid))
1548 goto unmapped_value;
1549 break;
1550 case Opt_gid:
1551 data->perms.gid = make_kgid(current_user_ns(), result.uint_32);
1552 if (!gid_valid(data->perms.gid))
1553 goto unmapped_value;
1554 break;
1555
1556 default:
1557 return -ENOPARAM;
1558 }
1559
1560 return 0;
1561
1562 unmapped_value:
1563 return invalf(fc, "%s: unmapped value: %u", param->key, result.uint_32);
1564 }
1565
1566
1567
1568
1569 static int ffs_fs_get_tree(struct fs_context *fc)
1570 {
1571 struct ffs_sb_fill_data *ctx = fc->fs_private;
1572 void *ffs_dev;
1573 struct ffs_data *ffs;
1574
1575 ENTER();
1576
1577 if (!fc->source)
1578 return invalf(fc, "No source specified");
1579
1580 ffs = ffs_data_new(fc->source);
1581 if (unlikely(!ffs))
1582 return -ENOMEM;
1583 ffs->file_perms = ctx->perms;
1584 ffs->no_disconnect = ctx->no_disconnect;
1585
1586 ffs->dev_name = kstrdup(fc->source, GFP_KERNEL);
1587 if (unlikely(!ffs->dev_name)) {
1588 ffs_data_put(ffs);
1589 return -ENOMEM;
1590 }
1591
1592 ffs_dev = ffs_acquire_dev(ffs->dev_name);
1593 if (IS_ERR(ffs_dev)) {
1594 ffs_data_put(ffs);
1595 return PTR_ERR(ffs_dev);
1596 }
1597
1598 ffs->private_data = ffs_dev;
1599 ctx->ffs_data = ffs;
1600 return get_tree_nodev(fc, ffs_sb_fill);
1601 }
1602
1603 static void ffs_fs_free_fc(struct fs_context *fc)
1604 {
1605 struct ffs_sb_fill_data *ctx = fc->fs_private;
1606
1607 if (ctx) {
1608 if (ctx->ffs_data) {
1609 ffs_release_dev(ctx->ffs_data);
1610 ffs_data_put(ctx->ffs_data);
1611 }
1612
1613 kfree(ctx);
1614 }
1615 }
1616
1617 static const struct fs_context_operations ffs_fs_context_ops = {
1618 .free = ffs_fs_free_fc,
1619 .parse_param = ffs_fs_parse_param,
1620 .get_tree = ffs_fs_get_tree,
1621 };
1622
1623 static int ffs_fs_init_fs_context(struct fs_context *fc)
1624 {
1625 struct ffs_sb_fill_data *ctx;
1626
1627 ctx = kzalloc(sizeof(struct ffs_sb_fill_data), GFP_KERNEL);
1628 if (!ctx)
1629 return -ENOMEM;
1630
1631 ctx->perms.mode = S_IFREG | 0600;
1632 ctx->perms.uid = GLOBAL_ROOT_UID;
1633 ctx->perms.gid = GLOBAL_ROOT_GID;
1634 ctx->root_mode = S_IFDIR | 0500;
1635 ctx->no_disconnect = false;
1636
1637 fc->fs_private = ctx;
1638 fc->ops = &ffs_fs_context_ops;
1639 return 0;
1640 }
1641
1642 static void
1643 ffs_fs_kill_sb(struct super_block *sb)
1644 {
1645 ENTER();
1646
1647 kill_litter_super(sb);
1648 if (sb->s_fs_info) {
1649 ffs_release_dev(sb->s_fs_info);
1650 ffs_data_closed(sb->s_fs_info);
1651 }
1652 }
1653
1654 static struct file_system_type ffs_fs_type = {
1655 .owner = THIS_MODULE,
1656 .name = "functionfs",
1657 .init_fs_context = ffs_fs_init_fs_context,
1658 .parameters = &ffs_fs_fs_parameters,
1659 .kill_sb = ffs_fs_kill_sb,
1660 };
1661 MODULE_ALIAS_FS("functionfs");
1662
1663
1664
1665
1666 static int functionfs_init(void)
1667 {
1668 int ret;
1669
1670 ENTER();
1671
1672 ret = register_filesystem(&ffs_fs_type);
1673 if (likely(!ret))
1674 pr_info("file system registered\n");
1675 else
1676 pr_err("failed registering file system (%d)\n", ret);
1677
1678 return ret;
1679 }
1680
1681 static void functionfs_cleanup(void)
1682 {
1683 ENTER();
1684
1685 pr_info("unloading\n");
1686 unregister_filesystem(&ffs_fs_type);
1687 }
1688
1689
1690
1691
1692 static void ffs_data_clear(struct ffs_data *ffs);
1693 static void ffs_data_reset(struct ffs_data *ffs);
1694
1695 static void ffs_data_get(struct ffs_data *ffs)
1696 {
1697 ENTER();
1698
1699 refcount_inc(&ffs->ref);
1700 }
1701
1702 static void ffs_data_opened(struct ffs_data *ffs)
1703 {
1704 ENTER();
1705
1706 refcount_inc(&ffs->ref);
1707 if (atomic_add_return(1, &ffs->opened) == 1 &&
1708 ffs->state == FFS_DEACTIVATED) {
1709 ffs->state = FFS_CLOSING;
1710 ffs_data_reset(ffs);
1711 }
1712 }
1713
1714 static void ffs_data_put(struct ffs_data *ffs)
1715 {
1716 ENTER();
1717
1718 if (unlikely(refcount_dec_and_test(&ffs->ref))) {
1719 pr_info("%s(): freeing\n", __func__);
1720 ffs_data_clear(ffs);
1721 BUG_ON(waitqueue_active(&ffs->ev.waitq) ||
1722 waitqueue_active(&ffs->ep0req_completion.wait) ||
1723 waitqueue_active(&ffs->wait));
1724 destroy_workqueue(ffs->io_completion_wq);
1725 kfree(ffs->dev_name);
1726 kfree(ffs);
1727 }
1728 }
1729
1730 static void ffs_data_closed(struct ffs_data *ffs)
1731 {
1732 ENTER();
1733
1734 if (atomic_dec_and_test(&ffs->opened)) {
1735 if (ffs->no_disconnect) {
1736 ffs->state = FFS_DEACTIVATED;
1737 if (ffs->epfiles) {
1738 ffs_epfiles_destroy(ffs->epfiles,
1739 ffs->eps_count);
1740 ffs->epfiles = NULL;
1741 }
1742 if (ffs->setup_state == FFS_SETUP_PENDING)
1743 __ffs_ep0_stall(ffs);
1744 } else {
1745 ffs->state = FFS_CLOSING;
1746 ffs_data_reset(ffs);
1747 }
1748 }
1749 if (atomic_read(&ffs->opened) < 0) {
1750 ffs->state = FFS_CLOSING;
1751 ffs_data_reset(ffs);
1752 }
1753
1754 ffs_data_put(ffs);
1755 }
1756
1757 static struct ffs_data *ffs_data_new(const char *dev_name)
1758 {
1759 struct ffs_data *ffs = kzalloc(sizeof *ffs, GFP_KERNEL);
1760 if (unlikely(!ffs))
1761 return NULL;
1762
1763 ENTER();
1764
1765 ffs->io_completion_wq = alloc_ordered_workqueue("%s", 0, dev_name);
1766 if (!ffs->io_completion_wq) {
1767 kfree(ffs);
1768 return NULL;
1769 }
1770
1771 refcount_set(&ffs->ref, 1);
1772 atomic_set(&ffs->opened, 0);
1773 ffs->state = FFS_READ_DESCRIPTORS;
1774 mutex_init(&ffs->mutex);
1775 spin_lock_init(&ffs->eps_lock);
1776 init_waitqueue_head(&ffs->ev.waitq);
1777 init_waitqueue_head(&ffs->wait);
1778 init_completion(&ffs->ep0req_completion);
1779
1780
1781 ffs->ev.can_stall = 1;
1782
1783 return ffs;
1784 }
1785
1786 static void ffs_data_clear(struct ffs_data *ffs)
1787 {
1788 ENTER();
1789
1790 ffs_closed(ffs);
1791
1792 BUG_ON(ffs->gadget);
1793
1794 if (ffs->epfiles)
1795 ffs_epfiles_destroy(ffs->epfiles, ffs->eps_count);
1796
1797 if (ffs->ffs_eventfd)
1798 eventfd_ctx_put(ffs->ffs_eventfd);
1799
1800 kfree(ffs->raw_descs_data);
1801 kfree(ffs->raw_strings);
1802 kfree(ffs->stringtabs);
1803 }
1804
1805 static void ffs_data_reset(struct ffs_data *ffs)
1806 {
1807 ENTER();
1808
1809 ffs_data_clear(ffs);
1810
1811 ffs->epfiles = NULL;
1812 ffs->raw_descs_data = NULL;
1813 ffs->raw_descs = NULL;
1814 ffs->raw_strings = NULL;
1815 ffs->stringtabs = NULL;
1816
1817 ffs->raw_descs_length = 0;
1818 ffs->fs_descs_count = 0;
1819 ffs->hs_descs_count = 0;
1820 ffs->ss_descs_count = 0;
1821
1822 ffs->strings_count = 0;
1823 ffs->interfaces_count = 0;
1824 ffs->eps_count = 0;
1825
1826 ffs->ev.count = 0;
1827
1828 ffs->state = FFS_READ_DESCRIPTORS;
1829 ffs->setup_state = FFS_NO_SETUP;
1830 ffs->flags = 0;
1831
1832 ffs->ms_os_descs_ext_prop_count = 0;
1833 ffs->ms_os_descs_ext_prop_name_len = 0;
1834 ffs->ms_os_descs_ext_prop_data_len = 0;
1835 }
1836
1837
1838 static int functionfs_bind(struct ffs_data *ffs, struct usb_composite_dev *cdev)
1839 {
1840 struct usb_gadget_strings **lang;
1841 int first_id;
1842
1843 ENTER();
1844
1845 if (WARN_ON(ffs->state != FFS_ACTIVE
1846 || test_and_set_bit(FFS_FL_BOUND, &ffs->flags)))
1847 return -EBADFD;
1848
1849 first_id = usb_string_ids_n(cdev, ffs->strings_count);
1850 if (unlikely(first_id < 0))
1851 return first_id;
1852
1853 ffs->ep0req = usb_ep_alloc_request(cdev->gadget->ep0, GFP_KERNEL);
1854 if (unlikely(!ffs->ep0req))
1855 return -ENOMEM;
1856 ffs->ep0req->complete = ffs_ep0_complete;
1857 ffs->ep0req->context = ffs;
1858
1859 lang = ffs->stringtabs;
1860 if (lang) {
1861 for (; *lang; ++lang) {
1862 struct usb_string *str = (*lang)->strings;
1863 int id = first_id;
1864 for (; str->s; ++id, ++str)
1865 str->id = id;
1866 }
1867 }
1868
1869 ffs->gadget = cdev->gadget;
1870 ffs_data_get(ffs);
1871 return 0;
1872 }
1873
1874 static void functionfs_unbind(struct ffs_data *ffs)
1875 {
1876 ENTER();
1877
1878 if (!WARN_ON(!ffs->gadget)) {
1879 usb_ep_free_request(ffs->gadget->ep0, ffs->ep0req);
1880 ffs->ep0req = NULL;
1881 ffs->gadget = NULL;
1882 clear_bit(FFS_FL_BOUND, &ffs->flags);
1883 ffs_data_put(ffs);
1884 }
1885 }
1886
1887 static int ffs_epfiles_create(struct ffs_data *ffs)
1888 {
1889 struct ffs_epfile *epfile, *epfiles;
1890 unsigned i, count;
1891
1892 ENTER();
1893
1894 count = ffs->eps_count;
1895 epfiles = kcalloc(count, sizeof(*epfiles), GFP_KERNEL);
1896 if (!epfiles)
1897 return -ENOMEM;
1898
1899 epfile = epfiles;
1900 for (i = 1; i <= count; ++i, ++epfile) {
1901 epfile->ffs = ffs;
1902 mutex_init(&epfile->mutex);
1903 if (ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
1904 sprintf(epfile->name, "ep%02x", ffs->eps_addrmap[i]);
1905 else
1906 sprintf(epfile->name, "ep%u", i);
1907 epfile->dentry = ffs_sb_create_file(ffs->sb, epfile->name,
1908 epfile,
1909 &ffs_epfile_operations);
1910 if (unlikely(!epfile->dentry)) {
1911 ffs_epfiles_destroy(epfiles, i - 1);
1912 return -ENOMEM;
1913 }
1914 }
1915
1916 ffs->epfiles = epfiles;
1917 return 0;
1918 }
1919
1920 static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count)
1921 {
1922 struct ffs_epfile *epfile = epfiles;
1923
1924 ENTER();
1925
1926 for (; count; --count, ++epfile) {
1927 BUG_ON(mutex_is_locked(&epfile->mutex));
1928 if (epfile->dentry) {
1929 d_delete(epfile->dentry);
1930 dput(epfile->dentry);
1931 epfile->dentry = NULL;
1932 }
1933 }
1934
1935 kfree(epfiles);
1936 }
1937
1938 static void ffs_func_eps_disable(struct ffs_function *func)
1939 {
1940 struct ffs_ep *ep = func->eps;
1941 struct ffs_epfile *epfile = func->ffs->epfiles;
1942 unsigned count = func->ffs->eps_count;
1943 unsigned long flags;
1944
1945 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1946 while (count--) {
1947
1948 if (likely(ep->ep))
1949 usb_ep_disable(ep->ep);
1950 ++ep;
1951
1952 if (epfile) {
1953 epfile->ep = NULL;
1954 __ffs_epfile_read_buffer_free(epfile);
1955 ++epfile;
1956 }
1957 }
1958 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1959 }
1960
1961 static int ffs_func_eps_enable(struct ffs_function *func)
1962 {
1963 struct ffs_data *ffs = func->ffs;
1964 struct ffs_ep *ep = func->eps;
1965 struct ffs_epfile *epfile = ffs->epfiles;
1966 unsigned count = ffs->eps_count;
1967 unsigned long flags;
1968 int ret = 0;
1969
1970 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1971 while(count--) {
1972 ep->ep->driver_data = ep;
1973
1974 ret = config_ep_by_speed(func->gadget, &func->function, ep->ep);
1975 if (ret) {
1976 pr_err("%s: config_ep_by_speed(%s) returned %d\n",
1977 __func__, ep->ep->name, ret);
1978 break;
1979 }
1980
1981 ret = usb_ep_enable(ep->ep);
1982 if (likely(!ret)) {
1983 epfile->ep = ep;
1984 epfile->in = usb_endpoint_dir_in(ep->ep->desc);
1985 epfile->isoc = usb_endpoint_xfer_isoc(ep->ep->desc);
1986 } else {
1987 break;
1988 }
1989
1990 ++ep;
1991 ++epfile;
1992 }
1993
1994 wake_up_interruptible(&ffs->wait);
1995 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1996
1997 return ret;
1998 }
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010 enum ffs_entity_type {
2011 FFS_DESCRIPTOR, FFS_INTERFACE, FFS_STRING, FFS_ENDPOINT
2012 };
2013
2014 enum ffs_os_desc_type {
2015 FFS_OS_DESC, FFS_OS_DESC_EXT_COMPAT, FFS_OS_DESC_EXT_PROP
2016 };
2017
2018 typedef int (*ffs_entity_callback)(enum ffs_entity_type entity,
2019 u8 *valuep,
2020 struct usb_descriptor_header *desc,
2021 void *priv);
2022
2023 typedef int (*ffs_os_desc_callback)(enum ffs_os_desc_type entity,
2024 struct usb_os_desc_header *h, void *data,
2025 unsigned len, void *priv);
2026
2027 static int __must_check ffs_do_single_desc(char *data, unsigned len,
2028 ffs_entity_callback entity,
2029 void *priv, int *current_class)
2030 {
2031 struct usb_descriptor_header *_ds = (void *)data;
2032 u8 length;
2033 int ret;
2034
2035 ENTER();
2036
2037
2038 if (len < 2) {
2039 pr_vdebug("descriptor too short\n");
2040 return -EINVAL;
2041 }
2042
2043
2044 length = _ds->bLength;
2045 if (len < length) {
2046 pr_vdebug("descriptor longer then available data\n");
2047 return -EINVAL;
2048 }
2049
2050 #define __entity_check_INTERFACE(val) 1
2051 #define __entity_check_STRING(val) (val)
2052 #define __entity_check_ENDPOINT(val) ((val) & USB_ENDPOINT_NUMBER_MASK)
2053 #define __entity(type, val) do { \
2054 pr_vdebug("entity " #type "(%02x)\n", (val)); \
2055 if (unlikely(!__entity_check_ ##type(val))) { \
2056 pr_vdebug("invalid entity's value\n"); \
2057 return -EINVAL; \
2058 } \
2059 ret = entity(FFS_ ##type, &val, _ds, priv); \
2060 if (unlikely(ret < 0)) { \
2061 pr_debug("entity " #type "(%02x); ret = %d\n", \
2062 (val), ret); \
2063 return ret; \
2064 } \
2065 } while (0)
2066
2067
2068 switch (_ds->bDescriptorType) {
2069 case USB_DT_DEVICE:
2070 case USB_DT_CONFIG:
2071 case USB_DT_STRING:
2072 case USB_DT_DEVICE_QUALIFIER:
2073
2074 pr_vdebug("descriptor reserved for gadget: %d\n",
2075 _ds->bDescriptorType);
2076 return -EINVAL;
2077
2078 case USB_DT_INTERFACE: {
2079 struct usb_interface_descriptor *ds = (void *)_ds;
2080 pr_vdebug("interface descriptor\n");
2081 if (length != sizeof *ds)
2082 goto inv_length;
2083
2084 __entity(INTERFACE, ds->bInterfaceNumber);
2085 if (ds->iInterface)
2086 __entity(STRING, ds->iInterface);
2087 *current_class = ds->bInterfaceClass;
2088 }
2089 break;
2090
2091 case USB_DT_ENDPOINT: {
2092 struct usb_endpoint_descriptor *ds = (void *)_ds;
2093 pr_vdebug("endpoint descriptor\n");
2094 if (length != USB_DT_ENDPOINT_SIZE &&
2095 length != USB_DT_ENDPOINT_AUDIO_SIZE)
2096 goto inv_length;
2097 __entity(ENDPOINT, ds->bEndpointAddress);
2098 }
2099 break;
2100
2101 case USB_TYPE_CLASS | 0x01:
2102 if (*current_class == USB_INTERFACE_CLASS_HID) {
2103 pr_vdebug("hid descriptor\n");
2104 if (length != sizeof(struct hid_descriptor))
2105 goto inv_length;
2106 break;
2107 } else if (*current_class == USB_INTERFACE_CLASS_CCID) {
2108 pr_vdebug("ccid descriptor\n");
2109 if (length != sizeof(struct ccid_descriptor))
2110 goto inv_length;
2111 break;
2112 } else {
2113 pr_vdebug("unknown descriptor: %d for class %d\n",
2114 _ds->bDescriptorType, *current_class);
2115 return -EINVAL;
2116 }
2117
2118 case USB_DT_OTG:
2119 if (length != sizeof(struct usb_otg_descriptor))
2120 goto inv_length;
2121 break;
2122
2123 case USB_DT_INTERFACE_ASSOCIATION: {
2124 struct usb_interface_assoc_descriptor *ds = (void *)_ds;
2125 pr_vdebug("interface association descriptor\n");
2126 if (length != sizeof *ds)
2127 goto inv_length;
2128 if (ds->iFunction)
2129 __entity(STRING, ds->iFunction);
2130 }
2131 break;
2132
2133 case USB_DT_SS_ENDPOINT_COMP:
2134 pr_vdebug("EP SS companion descriptor\n");
2135 if (length != sizeof(struct usb_ss_ep_comp_descriptor))
2136 goto inv_length;
2137 break;
2138
2139 case USB_DT_OTHER_SPEED_CONFIG:
2140 case USB_DT_INTERFACE_POWER:
2141 case USB_DT_DEBUG:
2142 case USB_DT_SECURITY:
2143 case USB_DT_CS_RADIO_CONTROL:
2144
2145 pr_vdebug("unimplemented descriptor: %d\n", _ds->bDescriptorType);
2146 return -EINVAL;
2147
2148 default:
2149
2150 pr_vdebug("unknown descriptor: %d\n", _ds->bDescriptorType);
2151 return -EINVAL;
2152
2153 inv_length:
2154 pr_vdebug("invalid length: %d (descriptor %d)\n",
2155 _ds->bLength, _ds->bDescriptorType);
2156 return -EINVAL;
2157 }
2158
2159 #undef __entity
2160 #undef __entity_check_DESCRIPTOR
2161 #undef __entity_check_INTERFACE
2162 #undef __entity_check_STRING
2163 #undef __entity_check_ENDPOINT
2164
2165 return length;
2166 }
2167
2168 static int __must_check ffs_do_descs(unsigned count, char *data, unsigned len,
2169 ffs_entity_callback entity, void *priv)
2170 {
2171 const unsigned _len = len;
2172 unsigned long num = 0;
2173 int current_class = -1;
2174
2175 ENTER();
2176
2177 for (;;) {
2178 int ret;
2179
2180 if (num == count)
2181 data = NULL;
2182
2183
2184 ret = entity(FFS_DESCRIPTOR, (u8 *)num, (void *)data, priv);
2185 if (unlikely(ret < 0)) {
2186 pr_debug("entity DESCRIPTOR(%02lx); ret = %d\n",
2187 num, ret);
2188 return ret;
2189 }
2190
2191 if (!data)
2192 return _len - len;
2193
2194 ret = ffs_do_single_desc(data, len, entity, priv,
2195 ¤t_class);
2196 if (unlikely(ret < 0)) {
2197 pr_debug("%s returns %d\n", __func__, ret);
2198 return ret;
2199 }
2200
2201 len -= ret;
2202 data += ret;
2203 ++num;
2204 }
2205 }
2206
2207 static int __ffs_data_do_entity(enum ffs_entity_type type,
2208 u8 *valuep, struct usb_descriptor_header *desc,
2209 void *priv)
2210 {
2211 struct ffs_desc_helper *helper = priv;
2212 struct usb_endpoint_descriptor *d;
2213
2214 ENTER();
2215
2216 switch (type) {
2217 case FFS_DESCRIPTOR:
2218 break;
2219
2220 case FFS_INTERFACE:
2221
2222
2223
2224
2225
2226 if (*valuep >= helper->interfaces_count)
2227 helper->interfaces_count = *valuep + 1;
2228 break;
2229
2230 case FFS_STRING:
2231
2232
2233
2234
2235 if (*valuep > helper->ffs->strings_count)
2236 helper->ffs->strings_count = *valuep;
2237 break;
2238
2239 case FFS_ENDPOINT:
2240 d = (void *)desc;
2241 helper->eps_count++;
2242 if (helper->eps_count >= FFS_MAX_EPS_COUNT)
2243 return -EINVAL;
2244
2245 if (!helper->ffs->eps_count && !helper->ffs->interfaces_count)
2246 helper->ffs->eps_addrmap[helper->eps_count] =
2247 d->bEndpointAddress;
2248 else if (helper->ffs->eps_addrmap[helper->eps_count] !=
2249 d->bEndpointAddress)
2250 return -EINVAL;
2251 break;
2252 }
2253
2254 return 0;
2255 }
2256
2257 static int __ffs_do_os_desc_header(enum ffs_os_desc_type *next_type,
2258 struct usb_os_desc_header *desc)
2259 {
2260 u16 bcd_version = le16_to_cpu(desc->bcdVersion);
2261 u16 w_index = le16_to_cpu(desc->wIndex);
2262
2263 if (bcd_version != 1) {
2264 pr_vdebug("unsupported os descriptors version: %d",
2265 bcd_version);
2266 return -EINVAL;
2267 }
2268 switch (w_index) {
2269 case 0x4:
2270 *next_type = FFS_OS_DESC_EXT_COMPAT;
2271 break;
2272 case 0x5:
2273 *next_type = FFS_OS_DESC_EXT_PROP;
2274 break;
2275 default:
2276 pr_vdebug("unsupported os descriptor type: %d", w_index);
2277 return -EINVAL;
2278 }
2279
2280 return sizeof(*desc);
2281 }
2282
2283
2284
2285
2286
2287 static int __must_check ffs_do_single_os_desc(char *data, unsigned len,
2288 enum ffs_os_desc_type type,
2289 u16 feature_count,
2290 ffs_os_desc_callback entity,
2291 void *priv,
2292 struct usb_os_desc_header *h)
2293 {
2294 int ret;
2295 const unsigned _len = len;
2296
2297 ENTER();
2298
2299
2300 while (feature_count--) {
2301 ret = entity(type, h, data, len, priv);
2302 if (unlikely(ret < 0)) {
2303 pr_debug("bad OS descriptor, type: %d\n", type);
2304 return ret;
2305 }
2306 data += ret;
2307 len -= ret;
2308 }
2309 return _len - len;
2310 }
2311
2312
2313 static int __must_check ffs_do_os_descs(unsigned count,
2314 char *data, unsigned len,
2315 ffs_os_desc_callback entity, void *priv)
2316 {
2317 const unsigned _len = len;
2318 unsigned long num = 0;
2319
2320 ENTER();
2321
2322 for (num = 0; num < count; ++num) {
2323 int ret;
2324 enum ffs_os_desc_type type;
2325 u16 feature_count;
2326 struct usb_os_desc_header *desc = (void *)data;
2327
2328 if (len < sizeof(*desc))
2329 return -EINVAL;
2330
2331
2332
2333
2334
2335
2336
2337
2338 if (le32_to_cpu(desc->dwLength) > len)
2339 return -EINVAL;
2340
2341 ret = __ffs_do_os_desc_header(&type, desc);
2342 if (unlikely(ret < 0)) {
2343 pr_debug("entity OS_DESCRIPTOR(%02lx); ret = %d\n",
2344 num, ret);
2345 return ret;
2346 }
2347
2348
2349
2350 feature_count = le16_to_cpu(desc->wCount);
2351 if (type == FFS_OS_DESC_EXT_COMPAT &&
2352 (feature_count > 255 || desc->Reserved))
2353 return -EINVAL;
2354 len -= ret;
2355 data += ret;
2356
2357
2358
2359
2360
2361 ret = ffs_do_single_os_desc(data, len, type,
2362 feature_count, entity, priv, desc);
2363 if (unlikely(ret < 0)) {
2364 pr_debug("%s returns %d\n", __func__, ret);
2365 return ret;
2366 }
2367
2368 len -= ret;
2369 data += ret;
2370 }
2371 return _len - len;
2372 }
2373
2374
2375
2376
2377 static int __ffs_data_do_os_desc(enum ffs_os_desc_type type,
2378 struct usb_os_desc_header *h, void *data,
2379 unsigned len, void *priv)
2380 {
2381 struct ffs_data *ffs = priv;
2382 u8 length;
2383
2384 ENTER();
2385
2386 switch (type) {
2387 case FFS_OS_DESC_EXT_COMPAT: {
2388 struct usb_ext_compat_desc *d = data;
2389 int i;
2390
2391 if (len < sizeof(*d) ||
2392 d->bFirstInterfaceNumber >= ffs->interfaces_count)
2393 return -EINVAL;
2394 if (d->Reserved1 != 1) {
2395
2396
2397
2398
2399
2400
2401 pr_debug("usb_ext_compat_desc::Reserved1 forced to 1\n");
2402 d->Reserved1 = 1;
2403 }
2404 for (i = 0; i < ARRAY_SIZE(d->Reserved2); ++i)
2405 if (d->Reserved2[i])
2406 return -EINVAL;
2407
2408 length = sizeof(struct usb_ext_compat_desc);
2409 }
2410 break;
2411 case FFS_OS_DESC_EXT_PROP: {
2412 struct usb_ext_prop_desc *d = data;
2413 u32 type, pdl;
2414 u16 pnl;
2415
2416 if (len < sizeof(*d) || h->interface >= ffs->interfaces_count)
2417 return -EINVAL;
2418 length = le32_to_cpu(d->dwSize);
2419 if (len < length)
2420 return -EINVAL;
2421 type = le32_to_cpu(d->dwPropertyDataType);
2422 if (type < USB_EXT_PROP_UNICODE ||
2423 type > USB_EXT_PROP_UNICODE_MULTI) {
2424 pr_vdebug("unsupported os descriptor property type: %d",
2425 type);
2426 return -EINVAL;
2427 }
2428 pnl = le16_to_cpu(d->wPropertyNameLength);
2429 if (length < 14 + pnl) {
2430 pr_vdebug("invalid os descriptor length: %d pnl:%d (descriptor %d)\n",
2431 length, pnl, type);
2432 return -EINVAL;
2433 }
2434 pdl = le32_to_cpu(*(__le32 *)((u8 *)data + 10 + pnl));
2435 if (length != 14 + pnl + pdl) {
2436 pr_vdebug("invalid os descriptor length: %d pnl:%d pdl:%d (descriptor %d)\n",
2437 length, pnl, pdl, type);
2438 return -EINVAL;
2439 }
2440 ++ffs->ms_os_descs_ext_prop_count;
2441
2442 ffs->ms_os_descs_ext_prop_name_len += pnl * 2;
2443 ffs->ms_os_descs_ext_prop_data_len += pdl;
2444 }
2445 break;
2446 default:
2447 pr_vdebug("unknown descriptor: %d\n", type);
2448 return -EINVAL;
2449 }
2450 return length;
2451 }
2452
2453 static int __ffs_data_got_descs(struct ffs_data *ffs,
2454 char *const _data, size_t len)
2455 {
2456 char *data = _data, *raw_descs;
2457 unsigned os_descs_count = 0, counts[3], flags;
2458 int ret = -EINVAL, i;
2459 struct ffs_desc_helper helper;
2460
2461 ENTER();
2462
2463 if (get_unaligned_le32(data + 4) != len)
2464 goto error;
2465
2466 switch (get_unaligned_le32(data)) {
2467 case FUNCTIONFS_DESCRIPTORS_MAGIC:
2468 flags = FUNCTIONFS_HAS_FS_DESC | FUNCTIONFS_HAS_HS_DESC;
2469 data += 8;
2470 len -= 8;
2471 break;
2472 case FUNCTIONFS_DESCRIPTORS_MAGIC_V2:
2473 flags = get_unaligned_le32(data + 8);
2474 ffs->user_flags = flags;
2475 if (flags & ~(FUNCTIONFS_HAS_FS_DESC |
2476 FUNCTIONFS_HAS_HS_DESC |
2477 FUNCTIONFS_HAS_SS_DESC |
2478 FUNCTIONFS_HAS_MS_OS_DESC |
2479 FUNCTIONFS_VIRTUAL_ADDR |
2480 FUNCTIONFS_EVENTFD |
2481 FUNCTIONFS_ALL_CTRL_RECIP |
2482 FUNCTIONFS_CONFIG0_SETUP)) {
2483 ret = -ENOSYS;
2484 goto error;
2485 }
2486 data += 12;
2487 len -= 12;
2488 break;
2489 default:
2490 goto error;
2491 }
2492
2493 if (flags & FUNCTIONFS_EVENTFD) {
2494 if (len < 4)
2495 goto error;
2496 ffs->ffs_eventfd =
2497 eventfd_ctx_fdget((int)get_unaligned_le32(data));
2498 if (IS_ERR(ffs->ffs_eventfd)) {
2499 ret = PTR_ERR(ffs->ffs_eventfd);
2500 ffs->ffs_eventfd = NULL;
2501 goto error;
2502 }
2503 data += 4;
2504 len -= 4;
2505 }
2506
2507
2508 for (i = 0; i < 3; ++i) {
2509 if (!(flags & (1 << i))) {
2510 counts[i] = 0;
2511 } else if (len < 4) {
2512 goto error;
2513 } else {
2514 counts[i] = get_unaligned_le32(data);
2515 data += 4;
2516 len -= 4;
2517 }
2518 }
2519 if (flags & (1 << i)) {
2520 if (len < 4) {
2521 goto error;
2522 }
2523 os_descs_count = get_unaligned_le32(data);
2524 data += 4;
2525 len -= 4;
2526 };
2527
2528
2529 raw_descs = data;
2530 helper.ffs = ffs;
2531 for (i = 0; i < 3; ++i) {
2532 if (!counts[i])
2533 continue;
2534 helper.interfaces_count = 0;
2535 helper.eps_count = 0;
2536 ret = ffs_do_descs(counts[i], data, len,
2537 __ffs_data_do_entity, &helper);
2538 if (ret < 0)
2539 goto error;
2540 if (!ffs->eps_count && !ffs->interfaces_count) {
2541 ffs->eps_count = helper.eps_count;
2542 ffs->interfaces_count = helper.interfaces_count;
2543 } else {
2544 if (ffs->eps_count != helper.eps_count) {
2545 ret = -EINVAL;
2546 goto error;
2547 }
2548 if (ffs->interfaces_count != helper.interfaces_count) {
2549 ret = -EINVAL;
2550 goto error;
2551 }
2552 }
2553 data += ret;
2554 len -= ret;
2555 }
2556 if (os_descs_count) {
2557 ret = ffs_do_os_descs(os_descs_count, data, len,
2558 __ffs_data_do_os_desc, ffs);
2559 if (ret < 0)
2560 goto error;
2561 data += ret;
2562 len -= ret;
2563 }
2564
2565 if (raw_descs == data || len) {
2566 ret = -EINVAL;
2567 goto error;
2568 }
2569
2570 ffs->raw_descs_data = _data;
2571 ffs->raw_descs = raw_descs;
2572 ffs->raw_descs_length = data - raw_descs;
2573 ffs->fs_descs_count = counts[0];
2574 ffs->hs_descs_count = counts[1];
2575 ffs->ss_descs_count = counts[2];
2576 ffs->ms_os_descs_count = os_descs_count;
2577
2578 return 0;
2579
2580 error:
2581 kfree(_data);
2582 return ret;
2583 }
2584
2585 static int __ffs_data_got_strings(struct ffs_data *ffs,
2586 char *const _data, size_t len)
2587 {
2588 u32 str_count, needed_count, lang_count;
2589 struct usb_gadget_strings **stringtabs, *t;
2590 const char *data = _data;
2591 struct usb_string *s;
2592
2593 ENTER();
2594
2595 if (unlikely(len < 16 ||
2596 get_unaligned_le32(data) != FUNCTIONFS_STRINGS_MAGIC ||
2597 get_unaligned_le32(data + 4) != len))
2598 goto error;
2599 str_count = get_unaligned_le32(data + 8);
2600 lang_count = get_unaligned_le32(data + 12);
2601
2602
2603 if (unlikely(!str_count != !lang_count))
2604 goto error;
2605
2606
2607 needed_count = ffs->strings_count;
2608 if (unlikely(str_count < needed_count))
2609 goto error;
2610
2611
2612
2613
2614
2615 if (!needed_count) {
2616 kfree(_data);
2617 return 0;
2618 }
2619
2620
2621 {
2622 unsigned i = 0;
2623 vla_group(d);
2624 vla_item(d, struct usb_gadget_strings *, stringtabs,
2625 lang_count + 1);
2626 vla_item(d, struct usb_gadget_strings, stringtab, lang_count);
2627 vla_item(d, struct usb_string, strings,
2628 lang_count*(needed_count+1));
2629
2630 char *vlabuf = kmalloc(vla_group_size(d), GFP_KERNEL);
2631
2632 if (unlikely(!vlabuf)) {
2633 kfree(_data);
2634 return -ENOMEM;
2635 }
2636
2637
2638 stringtabs = vla_ptr(vlabuf, d, stringtabs);
2639 t = vla_ptr(vlabuf, d, stringtab);
2640 i = lang_count;
2641 do {
2642 *stringtabs++ = t++;
2643 } while (--i);
2644 *stringtabs = NULL;
2645
2646
2647 stringtabs = vla_ptr(vlabuf, d, stringtabs);
2648 t = vla_ptr(vlabuf, d, stringtab);
2649 s = vla_ptr(vlabuf, d, strings);
2650 }
2651
2652
2653 data += 16;
2654 len -= 16;
2655
2656 do {
2657 unsigned needed = needed_count;
2658
2659 if (unlikely(len < 3))
2660 goto error_free;
2661 t->language = get_unaligned_le16(data);
2662 t->strings = s;
2663 ++t;
2664
2665 data += 2;
2666 len -= 2;
2667
2668
2669 do {
2670 size_t length = strnlen(data, len);
2671
2672 if (unlikely(length == len))
2673 goto error_free;
2674
2675
2676
2677
2678
2679
2680 if (likely(needed)) {
2681
2682
2683
2684
2685
2686 s->s = data;
2687 --needed;
2688 ++s;
2689 }
2690
2691 data += length + 1;
2692 len -= length + 1;
2693 } while (--str_count);
2694
2695 s->id = 0;
2696 s->s = NULL;
2697 ++s;
2698
2699 } while (--lang_count);
2700
2701
2702 if (unlikely(len))
2703 goto error_free;
2704
2705
2706 ffs->stringtabs = stringtabs;
2707 ffs->raw_strings = _data;
2708
2709 return 0;
2710
2711 error_free:
2712 kfree(stringtabs);
2713 error:
2714 kfree(_data);
2715 return -EINVAL;
2716 }
2717
2718
2719
2720
2721 static void __ffs_event_add(struct ffs_data *ffs,
2722 enum usb_functionfs_event_type type)
2723 {
2724 enum usb_functionfs_event_type rem_type1, rem_type2 = type;
2725 int neg = 0;
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735 if (ffs->setup_state == FFS_SETUP_PENDING)
2736 ffs->setup_state = FFS_SETUP_CANCELLED;
2737
2738
2739
2740
2741
2742
2743
2744
2745 switch (type) {
2746 case FUNCTIONFS_RESUME:
2747 rem_type2 = FUNCTIONFS_SUSPEND;
2748
2749 case FUNCTIONFS_SUSPEND:
2750 case FUNCTIONFS_SETUP:
2751 rem_type1 = type;
2752
2753 break;
2754
2755 case FUNCTIONFS_BIND:
2756 case FUNCTIONFS_UNBIND:
2757 case FUNCTIONFS_DISABLE:
2758 case FUNCTIONFS_ENABLE:
2759
2760 rem_type1 = FUNCTIONFS_SUSPEND;
2761 rem_type2 = FUNCTIONFS_RESUME;
2762 neg = 1;
2763 break;
2764
2765 default:
2766 WARN(1, "%d: unknown event, this should not happen\n", type);
2767 return;
2768 }
2769
2770 {
2771 u8 *ev = ffs->ev.types, *out = ev;
2772 unsigned n = ffs->ev.count;
2773 for (; n; --n, ++ev)
2774 if ((*ev == rem_type1 || *ev == rem_type2) == neg)
2775 *out++ = *ev;
2776 else
2777 pr_vdebug("purging event %d\n", *ev);
2778 ffs->ev.count = out - ffs->ev.types;
2779 }
2780
2781 pr_vdebug("adding event %d\n", type);
2782 ffs->ev.types[ffs->ev.count++] = type;
2783 wake_up_locked(&ffs->ev.waitq);
2784 if (ffs->ffs_eventfd)
2785 eventfd_signal(ffs->ffs_eventfd, 1);
2786 }
2787
2788 static void ffs_event_add(struct ffs_data *ffs,
2789 enum usb_functionfs_event_type type)
2790 {
2791 unsigned long flags;
2792 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
2793 __ffs_event_add(ffs, type);
2794 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
2795 }
2796
2797
2798
2799 static int ffs_ep_addr2idx(struct ffs_data *ffs, u8 endpoint_address)
2800 {
2801 int i;
2802
2803 for (i = 1; i < ARRAY_SIZE(ffs->eps_addrmap); ++i)
2804 if (ffs->eps_addrmap[i] == endpoint_address)
2805 return i;
2806 return -ENOENT;
2807 }
2808
2809 static int __ffs_func_bind_do_descs(enum ffs_entity_type type, u8 *valuep,
2810 struct usb_descriptor_header *desc,
2811 void *priv)
2812 {
2813 struct usb_endpoint_descriptor *ds = (void *)desc;
2814 struct ffs_function *func = priv;
2815 struct ffs_ep *ffs_ep;
2816 unsigned ep_desc_id;
2817 int idx;
2818 static const char *speed_names[] = { "full", "high", "super" };
2819
2820 if (type != FFS_DESCRIPTOR)
2821 return 0;
2822
2823
2824
2825
2826
2827
2828
2829 if (func->function.ss_descriptors) {
2830 ep_desc_id = 2;
2831 func->function.ss_descriptors[(long)valuep] = desc;
2832 } else if (func->function.hs_descriptors) {
2833 ep_desc_id = 1;
2834 func->function.hs_descriptors[(long)valuep] = desc;
2835 } else {
2836 ep_desc_id = 0;
2837 func->function.fs_descriptors[(long)valuep] = desc;
2838 }
2839
2840 if (!desc || desc->bDescriptorType != USB_DT_ENDPOINT)
2841 return 0;
2842
2843 idx = ffs_ep_addr2idx(func->ffs, ds->bEndpointAddress) - 1;
2844 if (idx < 0)
2845 return idx;
2846
2847 ffs_ep = func->eps + idx;
2848
2849 if (unlikely(ffs_ep->descs[ep_desc_id])) {
2850 pr_err("two %sspeed descriptors for EP %d\n",
2851 speed_names[ep_desc_id],
2852 ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
2853 return -EINVAL;
2854 }
2855 ffs_ep->descs[ep_desc_id] = ds;
2856
2857 ffs_dump_mem(": Original ep desc", ds, ds->bLength);
2858 if (ffs_ep->ep) {
2859 ds->bEndpointAddress = ffs_ep->descs[0]->bEndpointAddress;
2860 if (!ds->wMaxPacketSize)
2861 ds->wMaxPacketSize = ffs_ep->descs[0]->wMaxPacketSize;
2862 } else {
2863 struct usb_request *req;
2864 struct usb_ep *ep;
2865 u8 bEndpointAddress;
2866 u16 wMaxPacketSize;
2867
2868
2869
2870
2871
2872 bEndpointAddress = ds->bEndpointAddress;
2873
2874
2875
2876
2877 wMaxPacketSize = ds->wMaxPacketSize;
2878 pr_vdebug("autoconfig\n");
2879 ep = usb_ep_autoconfig(func->gadget, ds);
2880 if (unlikely(!ep))
2881 return -ENOTSUPP;
2882 ep->driver_data = func->eps + idx;
2883
2884 req = usb_ep_alloc_request(ep, GFP_KERNEL);
2885 if (unlikely(!req))
2886 return -ENOMEM;
2887
2888 ffs_ep->ep = ep;
2889 ffs_ep->req = req;
2890 func->eps_revmap[ds->bEndpointAddress &
2891 USB_ENDPOINT_NUMBER_MASK] = idx + 1;
2892
2893
2894
2895
2896 if (func->ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
2897 ds->bEndpointAddress = bEndpointAddress;
2898
2899
2900
2901
2902 ds->wMaxPacketSize = wMaxPacketSize;
2903 }
2904 ffs_dump_mem(": Rewritten ep desc", ds, ds->bLength);
2905
2906 return 0;
2907 }
2908
2909 static int __ffs_func_bind_do_nums(enum ffs_entity_type type, u8 *valuep,
2910 struct usb_descriptor_header *desc,
2911 void *priv)
2912 {
2913 struct ffs_function *func = priv;
2914 unsigned idx;
2915 u8 newValue;
2916
2917 switch (type) {
2918 default:
2919 case FFS_DESCRIPTOR:
2920
2921 return 0;
2922
2923 case FFS_INTERFACE:
2924 idx = *valuep;
2925 if (func->interfaces_nums[idx] < 0) {
2926 int id = usb_interface_id(func->conf, &func->function);
2927 if (unlikely(id < 0))
2928 return id;
2929 func->interfaces_nums[idx] = id;
2930 }
2931 newValue = func->interfaces_nums[idx];
2932 break;
2933
2934 case FFS_STRING:
2935
2936 newValue = func->ffs->stringtabs[0]->strings[*valuep - 1].id;
2937 break;
2938
2939 case FFS_ENDPOINT:
2940
2941
2942
2943
2944 if (desc->bDescriptorType == USB_DT_ENDPOINT)
2945 return 0;
2946
2947 idx = (*valuep & USB_ENDPOINT_NUMBER_MASK) - 1;
2948 if (unlikely(!func->eps[idx].ep))
2949 return -EINVAL;
2950
2951 {
2952 struct usb_endpoint_descriptor **descs;
2953 descs = func->eps[idx].descs;
2954 newValue = descs[descs[0] ? 0 : 1]->bEndpointAddress;
2955 }
2956 break;
2957 }
2958
2959 pr_vdebug("%02x -> %02x\n", *valuep, newValue);
2960 *valuep = newValue;
2961 return 0;
2962 }
2963
2964 static int __ffs_func_bind_do_os_desc(enum ffs_os_desc_type type,
2965 struct usb_os_desc_header *h, void *data,
2966 unsigned len, void *priv)
2967 {
2968 struct ffs_function *func = priv;
2969 u8 length = 0;
2970
2971 switch (type) {
2972 case FFS_OS_DESC_EXT_COMPAT: {
2973 struct usb_ext_compat_desc *desc = data;
2974 struct usb_os_desc_table *t;
2975
2976 t = &func->function.os_desc_table[desc->bFirstInterfaceNumber];
2977 t->if_id = func->interfaces_nums[desc->bFirstInterfaceNumber];
2978 memcpy(t->os_desc->ext_compat_id, &desc->CompatibleID,
2979 ARRAY_SIZE(desc->CompatibleID) +
2980 ARRAY_SIZE(desc->SubCompatibleID));
2981 length = sizeof(*desc);
2982 }
2983 break;
2984 case FFS_OS_DESC_EXT_PROP: {
2985 struct usb_ext_prop_desc *desc = data;
2986 struct usb_os_desc_table *t;
2987 struct usb_os_desc_ext_prop *ext_prop;
2988 char *ext_prop_name;
2989 char *ext_prop_data;
2990
2991 t = &func->function.os_desc_table[h->interface];
2992 t->if_id = func->interfaces_nums[h->interface];
2993
2994 ext_prop = func->ffs->ms_os_descs_ext_prop_avail;
2995 func->ffs->ms_os_descs_ext_prop_avail += sizeof(*ext_prop);
2996
2997 ext_prop->type = le32_to_cpu(desc->dwPropertyDataType);
2998 ext_prop->name_len = le16_to_cpu(desc->wPropertyNameLength);
2999 ext_prop->data_len = le32_to_cpu(*(__le32 *)
3000 usb_ext_prop_data_len_ptr(data, ext_prop->name_len));
3001 length = ext_prop->name_len + ext_prop->data_len + 14;
3002
3003 ext_prop_name = func->ffs->ms_os_descs_ext_prop_name_avail;
3004 func->ffs->ms_os_descs_ext_prop_name_avail +=
3005 ext_prop->name_len;
3006
3007 ext_prop_data = func->ffs->ms_os_descs_ext_prop_data_avail;
3008 func->ffs->ms_os_descs_ext_prop_data_avail +=
3009 ext_prop->data_len;
3010 memcpy(ext_prop_data,
3011 usb_ext_prop_data_ptr(data, ext_prop->name_len),
3012 ext_prop->data_len);
3013
3014 switch (ext_prop->type) {
3015 case USB_EXT_PROP_UNICODE:
3016 case USB_EXT_PROP_UNICODE_ENV:
3017 case USB_EXT_PROP_UNICODE_LINK:
3018 case USB_EXT_PROP_UNICODE_MULTI:
3019 ext_prop->data_len *= 2;
3020 break;
3021 }
3022 ext_prop->data = ext_prop_data;
3023
3024 memcpy(ext_prop_name, usb_ext_prop_name_ptr(data),
3025 ext_prop->name_len);
3026
3027 ext_prop->name_len *= 2;
3028 ext_prop->name = ext_prop_name;
3029
3030 t->os_desc->ext_prop_len +=
3031 ext_prop->name_len + ext_prop->data_len + 14;
3032 ++t->os_desc->ext_prop_count;
3033 list_add_tail(&ext_prop->entry, &t->os_desc->ext_prop);
3034 }
3035 break;
3036 default:
3037 pr_vdebug("unknown descriptor: %d\n", type);
3038 }
3039
3040 return length;
3041 }
3042
3043 static inline struct f_fs_opts *ffs_do_functionfs_bind(struct usb_function *f,
3044 struct usb_configuration *c)
3045 {
3046 struct ffs_function *func = ffs_func_from_usb(f);
3047 struct f_fs_opts *ffs_opts =
3048 container_of(f->fi, struct f_fs_opts, func_inst);
3049 int ret;
3050
3051 ENTER();
3052
3053
3054
3055
3056
3057
3058
3059
3060 if (!ffs_opts->no_configfs)
3061 ffs_dev_lock();
3062 ret = ffs_opts->dev->desc_ready ? 0 : -ENODEV;
3063 func->ffs = ffs_opts->dev->ffs_data;
3064 if (!ffs_opts->no_configfs)
3065 ffs_dev_unlock();
3066 if (ret)
3067 return ERR_PTR(ret);
3068
3069 func->conf = c;
3070 func->gadget = c->cdev->gadget;
3071
3072
3073
3074
3075
3076
3077
3078
3079 if (!ffs_opts->refcnt) {
3080 ret = functionfs_bind(func->ffs, c->cdev);
3081 if (ret)
3082 return ERR_PTR(ret);
3083 }
3084 ffs_opts->refcnt++;
3085 func->function.strings = func->ffs->stringtabs;
3086
3087 return ffs_opts;
3088 }
3089
3090 static int _ffs_func_bind(struct usb_configuration *c,
3091 struct usb_function *f)
3092 {
3093 struct ffs_function *func = ffs_func_from_usb(f);
3094 struct ffs_data *ffs = func->ffs;
3095
3096 const int full = !!func->ffs->fs_descs_count;
3097 const int high = !!func->ffs->hs_descs_count;
3098 const int super = !!func->ffs->ss_descs_count;
3099
3100 int fs_len, hs_len, ss_len, ret, i;
3101 struct ffs_ep *eps_ptr;
3102
3103
3104 vla_group(d);
3105 vla_item_with_sz(d, struct ffs_ep, eps, ffs->eps_count);
3106 vla_item_with_sz(d, struct usb_descriptor_header *, fs_descs,
3107 full ? ffs->fs_descs_count + 1 : 0);
3108 vla_item_with_sz(d, struct usb_descriptor_header *, hs_descs,
3109 high ? ffs->hs_descs_count + 1 : 0);
3110 vla_item_with_sz(d, struct usb_descriptor_header *, ss_descs,
3111 super ? ffs->ss_descs_count + 1 : 0);
3112 vla_item_with_sz(d, short, inums, ffs->interfaces_count);
3113 vla_item_with_sz(d, struct usb_os_desc_table, os_desc_table,
3114 c->cdev->use_os_string ? ffs->interfaces_count : 0);
3115 vla_item_with_sz(d, char[16], ext_compat,
3116 c->cdev->use_os_string ? ffs->interfaces_count : 0);
3117 vla_item_with_sz(d, struct usb_os_desc, os_desc,
3118 c->cdev->use_os_string ? ffs->interfaces_count : 0);
3119 vla_item_with_sz(d, struct usb_os_desc_ext_prop, ext_prop,
3120 ffs->ms_os_descs_ext_prop_count);
3121 vla_item_with_sz(d, char, ext_prop_name,
3122 ffs->ms_os_descs_ext_prop_name_len);
3123 vla_item_with_sz(d, char, ext_prop_data,
3124 ffs->ms_os_descs_ext_prop_data_len);
3125 vla_item_with_sz(d, char, raw_descs, ffs->raw_descs_length);
3126 char *vlabuf;
3127
3128 ENTER();
3129
3130
3131 if (unlikely(!(full | high | super)))
3132 return -ENOTSUPP;
3133
3134
3135 vlabuf = kzalloc(vla_group_size(d), GFP_KERNEL);
3136 if (unlikely(!vlabuf))
3137 return -ENOMEM;
3138
3139 ffs->ms_os_descs_ext_prop_avail = vla_ptr(vlabuf, d, ext_prop);
3140 ffs->ms_os_descs_ext_prop_name_avail =
3141 vla_ptr(vlabuf, d, ext_prop_name);
3142 ffs->ms_os_descs_ext_prop_data_avail =
3143 vla_ptr(vlabuf, d, ext_prop_data);
3144
3145
3146 memcpy(vla_ptr(vlabuf, d, raw_descs), ffs->raw_descs,
3147 ffs->raw_descs_length);
3148
3149 memset(vla_ptr(vlabuf, d, inums), 0xff, d_inums__sz);
3150 eps_ptr = vla_ptr(vlabuf, d, eps);
3151 for (i = 0; i < ffs->eps_count; i++)
3152 eps_ptr[i].num = -1;
3153
3154
3155
3156
3157 func->eps = vla_ptr(vlabuf, d, eps);
3158 func->interfaces_nums = vla_ptr(vlabuf, d, inums);
3159
3160
3161
3162
3163
3164
3165 if (likely(full)) {
3166 func->function.fs_descriptors = vla_ptr(vlabuf, d, fs_descs);
3167 fs_len = ffs_do_descs(ffs->fs_descs_count,
3168 vla_ptr(vlabuf, d, raw_descs),
3169 d_raw_descs__sz,
3170 __ffs_func_bind_do_descs, func);
3171 if (unlikely(fs_len < 0)) {
3172 ret = fs_len;
3173 goto error;
3174 }
3175 } else {
3176 fs_len = 0;
3177 }
3178
3179 if (likely(high)) {
3180 func->function.hs_descriptors = vla_ptr(vlabuf, d, hs_descs);
3181 hs_len = ffs_do_descs(ffs->hs_descs_count,
3182 vla_ptr(vlabuf, d, raw_descs) + fs_len,
3183 d_raw_descs__sz - fs_len,
3184 __ffs_func_bind_do_descs, func);
3185 if (unlikely(hs_len < 0)) {
3186 ret = hs_len;
3187 goto error;
3188 }
3189 } else {
3190 hs_len = 0;
3191 }
3192
3193 if (likely(super)) {
3194 func->function.ss_descriptors = vla_ptr(vlabuf, d, ss_descs);
3195 ss_len = ffs_do_descs(ffs->ss_descs_count,
3196 vla_ptr(vlabuf, d, raw_descs) + fs_len + hs_len,
3197 d_raw_descs__sz - fs_len - hs_len,
3198 __ffs_func_bind_do_descs, func);
3199 if (unlikely(ss_len < 0)) {
3200 ret = ss_len;
3201 goto error;
3202 }
3203 } else {
3204 ss_len = 0;
3205 }
3206
3207
3208
3209
3210
3211
3212 ret = ffs_do_descs(ffs->fs_descs_count +
3213 (high ? ffs->hs_descs_count : 0) +
3214 (super ? ffs->ss_descs_count : 0),
3215 vla_ptr(vlabuf, d, raw_descs), d_raw_descs__sz,
3216 __ffs_func_bind_do_nums, func);
3217 if (unlikely(ret < 0))
3218 goto error;
3219
3220 func->function.os_desc_table = vla_ptr(vlabuf, d, os_desc_table);
3221 if (c->cdev->use_os_string) {
3222 for (i = 0; i < ffs->interfaces_count; ++i) {
3223 struct usb_os_desc *desc;
3224
3225 desc = func->function.os_desc_table[i].os_desc =
3226 vla_ptr(vlabuf, d, os_desc) +
3227 i * sizeof(struct usb_os_desc);
3228 desc->ext_compat_id =
3229 vla_ptr(vlabuf, d, ext_compat) + i * 16;
3230 INIT_LIST_HEAD(&desc->ext_prop);
3231 }
3232 ret = ffs_do_os_descs(ffs->ms_os_descs_count,
3233 vla_ptr(vlabuf, d, raw_descs) +
3234 fs_len + hs_len + ss_len,
3235 d_raw_descs__sz - fs_len - hs_len -
3236 ss_len,
3237 __ffs_func_bind_do_os_desc, func);
3238 if (unlikely(ret < 0))
3239 goto error;
3240 }
3241 func->function.os_desc_n =
3242 c->cdev->use_os_string ? ffs->interfaces_count : 0;
3243
3244
3245 ffs_event_add(ffs, FUNCTIONFS_BIND);
3246 return 0;
3247
3248 error:
3249
3250 return ret;
3251 }
3252
3253 static int ffs_func_bind(struct usb_configuration *c,
3254 struct usb_function *f)
3255 {
3256 struct f_fs_opts *ffs_opts = ffs_do_functionfs_bind(f, c);
3257 struct ffs_function *func = ffs_func_from_usb(f);
3258 int ret;
3259
3260 if (IS_ERR(ffs_opts))
3261 return PTR_ERR(ffs_opts);
3262
3263 ret = _ffs_func_bind(c, f);
3264 if (ret && !--ffs_opts->refcnt)
3265 functionfs_unbind(func->ffs);
3266
3267 return ret;
3268 }
3269
3270
3271
3272
3273 static void ffs_reset_work(struct work_struct *work)
3274 {
3275 struct ffs_data *ffs = container_of(work,
3276 struct ffs_data, reset_work);
3277 ffs_data_reset(ffs);
3278 }
3279
3280 static int ffs_func_set_alt(struct usb_function *f,
3281 unsigned interface, unsigned alt)
3282 {
3283 struct ffs_function *func = ffs_func_from_usb(f);
3284 struct ffs_data *ffs = func->ffs;
3285 int ret = 0, intf;
3286
3287 if (alt != (unsigned)-1) {
3288 intf = ffs_func_revmap_intf(func, interface);
3289 if (unlikely(intf < 0))
3290 return intf;
3291 }
3292
3293 if (ffs->func)
3294 ffs_func_eps_disable(ffs->func);
3295
3296 if (ffs->state == FFS_DEACTIVATED) {
3297 ffs->state = FFS_CLOSING;
3298 INIT_WORK(&ffs->reset_work, ffs_reset_work);
3299 schedule_work(&ffs->reset_work);
3300 return -ENODEV;
3301 }
3302
3303 if (ffs->state != FFS_ACTIVE)
3304 return -ENODEV;
3305
3306 if (alt == (unsigned)-1) {
3307 ffs->func = NULL;
3308 ffs_event_add(ffs, FUNCTIONFS_DISABLE);
3309 return 0;
3310 }
3311
3312 ffs->func = func;
3313 ret = ffs_func_eps_enable(func);
3314 if (likely(ret >= 0))
3315 ffs_event_add(ffs, FUNCTIONFS_ENABLE);
3316 return ret;
3317 }
3318
3319 static void ffs_func_disable(struct usb_function *f)
3320 {
3321 ffs_func_set_alt(f, 0, (unsigned)-1);
3322 }
3323
3324 static int ffs_func_setup(struct usb_function *f,
3325 const struct usb_ctrlrequest *creq)
3326 {
3327 struct ffs_function *func = ffs_func_from_usb(f);
3328 struct ffs_data *ffs = func->ffs;
3329 unsigned long flags;
3330 int ret;
3331
3332 ENTER();
3333
3334 pr_vdebug("creq->bRequestType = %02x\n", creq->bRequestType);
3335 pr_vdebug("creq->bRequest = %02x\n", creq->bRequest);
3336 pr_vdebug("creq->wValue = %04x\n", le16_to_cpu(creq->wValue));
3337 pr_vdebug("creq->wIndex = %04x\n", le16_to_cpu(creq->wIndex));
3338 pr_vdebug("creq->wLength = %04x\n", le16_to_cpu(creq->wLength));
3339
3340
3341
3342
3343
3344
3345
3346
3347
3348
3349
3350 if (ffs->state != FFS_ACTIVE)
3351 return -ENODEV;
3352
3353 switch (creq->bRequestType & USB_RECIP_MASK) {
3354 case USB_RECIP_INTERFACE:
3355 ret = ffs_func_revmap_intf(func, le16_to_cpu(creq->wIndex));
3356 if (unlikely(ret < 0))
3357 return ret;
3358 break;
3359
3360 case USB_RECIP_ENDPOINT:
3361 ret = ffs_func_revmap_ep(func, le16_to_cpu(creq->wIndex));
3362 if (unlikely(ret < 0))
3363 return ret;
3364 if (func->ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
3365 ret = func->ffs->eps_addrmap[ret];
3366 break;
3367
3368 default:
3369 if (func->ffs->user_flags & FUNCTIONFS_ALL_CTRL_RECIP)
3370 ret = le16_to_cpu(creq->wIndex);
3371 else
3372 return -EOPNOTSUPP;
3373 }
3374
3375 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
3376 ffs->ev.setup = *creq;
3377 ffs->ev.setup.wIndex = cpu_to_le16(ret);
3378 __ffs_event_add(ffs, FUNCTIONFS_SETUP);
3379 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
3380
3381 return creq->wLength == 0 ? USB_GADGET_DELAYED_STATUS : 0;
3382 }
3383
3384 static bool ffs_func_req_match(struct usb_function *f,
3385 const struct usb_ctrlrequest *creq,
3386 bool config0)
3387 {
3388 struct ffs_function *func = ffs_func_from_usb(f);
3389
3390 if (config0 && !(func->ffs->user_flags & FUNCTIONFS_CONFIG0_SETUP))
3391 return false;
3392
3393 switch (creq->bRequestType & USB_RECIP_MASK) {
3394 case USB_RECIP_INTERFACE:
3395 return (ffs_func_revmap_intf(func,
3396 le16_to_cpu(creq->wIndex)) >= 0);
3397 case USB_RECIP_ENDPOINT:
3398 return (ffs_func_revmap_ep(func,
3399 le16_to_cpu(creq->wIndex)) >= 0);
3400 default:
3401 return (bool) (func->ffs->user_flags &
3402 FUNCTIONFS_ALL_CTRL_RECIP);
3403 }
3404 }
3405
3406 static void ffs_func_suspend(struct usb_function *f)
3407 {
3408 ENTER();
3409 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_SUSPEND);
3410 }
3411
3412 static void ffs_func_resume(struct usb_function *f)
3413 {
3414 ENTER();
3415 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_RESUME);
3416 }
3417
3418
3419
3420
3421 static int ffs_func_revmap_ep(struct ffs_function *func, u8 num)
3422 {
3423 num = func->eps_revmap[num & USB_ENDPOINT_NUMBER_MASK];
3424 return num ? num : -EDOM;
3425 }
3426
3427 static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf)
3428 {
3429 short *nums = func->interfaces_nums;
3430 unsigned count = func->ffs->interfaces_count;
3431
3432 for (; count; --count, ++nums) {
3433 if (*nums >= 0 && *nums == intf)
3434 return nums - func->interfaces_nums;
3435 }
3436
3437 return -EDOM;
3438 }
3439
3440
3441
3442
3443 static LIST_HEAD(ffs_devices);
3444
3445 static struct ffs_dev *_ffs_do_find_dev(const char *name)
3446 {
3447 struct ffs_dev *dev;
3448
3449 if (!name)
3450 return NULL;
3451
3452 list_for_each_entry(dev, &ffs_devices, entry) {
3453 if (strcmp(dev->name, name) == 0)
3454 return dev;
3455 }
3456
3457 return NULL;
3458 }
3459
3460
3461
3462
3463 static struct ffs_dev *_ffs_get_single_dev(void)
3464 {
3465 struct ffs_dev *dev;
3466
3467 if (list_is_singular(&ffs_devices)) {
3468 dev = list_first_entry(&ffs_devices, struct ffs_dev, entry);
3469 if (dev->single)
3470 return dev;
3471 }
3472
3473 return NULL;
3474 }
3475
3476
3477
3478
3479 static struct ffs_dev *_ffs_find_dev(const char *name)
3480 {
3481 struct ffs_dev *dev;
3482
3483 dev = _ffs_get_single_dev();
3484 if (dev)
3485 return dev;
3486
3487 return _ffs_do_find_dev(name);
3488 }
3489
3490
3491
3492 static inline struct f_fs_opts *to_ffs_opts(struct config_item *item)
3493 {
3494 return container_of(to_config_group(item), struct f_fs_opts,
3495 func_inst.group);
3496 }
3497
3498 static void ffs_attr_release(struct config_item *item)
3499 {
3500 struct f_fs_opts *opts = to_ffs_opts(item);
3501
3502 usb_put_function_instance(&opts->func_inst);
3503 }
3504
3505 static struct configfs_item_operations ffs_item_ops = {
3506 .release = ffs_attr_release,
3507 };
3508
3509 static const struct config_item_type ffs_func_type = {
3510 .ct_item_ops = &ffs_item_ops,
3511 .ct_owner = THIS_MODULE,
3512 };
3513
3514
3515
3516
3517 static void ffs_free_inst(struct usb_function_instance *f)
3518 {
3519 struct f_fs_opts *opts;
3520
3521 opts = to_f_fs_opts(f);
3522 ffs_dev_lock();
3523 _ffs_free_dev(opts->dev);
3524 ffs_dev_unlock();
3525 kfree(opts);
3526 }
3527
3528 static int ffs_set_inst_name(struct usb_function_instance *fi, const char *name)
3529 {
3530 if (strlen(name) >= FIELD_SIZEOF(struct ffs_dev, name))
3531 return -ENAMETOOLONG;
3532 return ffs_name_dev(to_f_fs_opts(fi)->dev, name);
3533 }
3534
3535 static struct usb_function_instance *ffs_alloc_inst(void)
3536 {
3537 struct f_fs_opts *opts;
3538 struct ffs_dev *dev;
3539
3540 opts = kzalloc(sizeof(*opts), GFP_KERNEL);
3541 if (!opts)
3542 return ERR_PTR(-ENOMEM);
3543
3544 opts->func_inst.set_inst_name = ffs_set_inst_name;
3545 opts->func_inst.free_func_inst = ffs_free_inst;
3546 ffs_dev_lock();
3547 dev = _ffs_alloc_dev();
3548 ffs_dev_unlock();
3549 if (IS_ERR(dev)) {
3550 kfree(opts);
3551 return ERR_CAST(dev);
3552 }
3553 opts->dev = dev;
3554 dev->opts = opts;
3555
3556 config_group_init_type_name(&opts->func_inst.group, "",
3557 &ffs_func_type);
3558 return &opts->func_inst;
3559 }
3560
3561 static void ffs_free(struct usb_function *f)
3562 {
3563 kfree(ffs_func_from_usb(f));
3564 }
3565
3566 static void ffs_func_unbind(struct usb_configuration *c,
3567 struct usb_function *f)
3568 {
3569 struct ffs_function *func = ffs_func_from_usb(f);
3570 struct ffs_data *ffs = func->ffs;
3571 struct f_fs_opts *opts =
3572 container_of(f->fi, struct f_fs_opts, func_inst);
3573 struct ffs_ep *ep = func->eps;
3574 unsigned count = ffs->eps_count;
3575 unsigned long flags;
3576
3577 ENTER();
3578 if (ffs->func == func) {
3579 ffs_func_eps_disable(func);
3580 ffs->func = NULL;
3581 }
3582
3583 if (!--opts->refcnt)
3584 functionfs_unbind(ffs);
3585
3586
3587 spin_lock_irqsave(&func->ffs->eps_lock, flags);
3588 while (count--) {
3589 if (ep->ep && ep->req)
3590 usb_ep_free_request(ep->ep, ep->req);
3591 ep->req = NULL;
3592 ++ep;
3593 }
3594 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
3595 kfree(func->eps);
3596 func->eps = NULL;
3597
3598
3599
3600
3601 func->function.fs_descriptors = NULL;
3602 func->function.hs_descriptors = NULL;
3603 func->function.ss_descriptors = NULL;
3604 func->interfaces_nums = NULL;
3605
3606 ffs_event_add(ffs, FUNCTIONFS_UNBIND);
3607 }
3608
3609 static struct usb_function *ffs_alloc(struct usb_function_instance *fi)
3610 {
3611 struct ffs_function *func;
3612
3613 ENTER();
3614
3615 func = kzalloc(sizeof(*func), GFP_KERNEL);
3616 if (unlikely(!func))
3617 return ERR_PTR(-ENOMEM);
3618
3619 func->function.name = "Function FS Gadget";
3620
3621 func->function.bind = ffs_func_bind;
3622 func->function.unbind = ffs_func_unbind;
3623 func->function.set_alt = ffs_func_set_alt;
3624 func->function.disable = ffs_func_disable;
3625 func->function.setup = ffs_func_setup;
3626 func->function.req_match = ffs_func_req_match;
3627 func->function.suspend = ffs_func_suspend;
3628 func->function.resume = ffs_func_resume;
3629 func->function.free_func = ffs_free;
3630
3631 return &func->function;
3632 }
3633
3634
3635
3636
3637 static struct ffs_dev *_ffs_alloc_dev(void)
3638 {
3639 struct ffs_dev *dev;
3640 int ret;
3641
3642 if (_ffs_get_single_dev())
3643 return ERR_PTR(-EBUSY);
3644
3645 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3646 if (!dev)
3647 return ERR_PTR(-ENOMEM);
3648
3649 if (list_empty(&ffs_devices)) {
3650 ret = functionfs_init();
3651 if (ret) {
3652 kfree(dev);
3653 return ERR_PTR(ret);
3654 }
3655 }
3656
3657 list_add(&dev->entry, &ffs_devices);
3658
3659 return dev;
3660 }
3661
3662 int ffs_name_dev(struct ffs_dev *dev, const char *name)
3663 {
3664 struct ffs_dev *existing;
3665 int ret = 0;
3666
3667 ffs_dev_lock();
3668
3669 existing = _ffs_do_find_dev(name);
3670 if (!existing)
3671 strlcpy(dev->name, name, ARRAY_SIZE(dev->name));
3672 else if (existing != dev)
3673 ret = -EBUSY;
3674
3675 ffs_dev_unlock();
3676
3677 return ret;
3678 }
3679 EXPORT_SYMBOL_GPL(ffs_name_dev);
3680
3681 int ffs_single_dev(struct ffs_dev *dev)
3682 {
3683 int ret;
3684
3685 ret = 0;
3686 ffs_dev_lock();
3687
3688 if (!list_is_singular(&ffs_devices))
3689 ret = -EBUSY;
3690 else
3691 dev->single = true;
3692
3693 ffs_dev_unlock();
3694 return ret;
3695 }
3696 EXPORT_SYMBOL_GPL(ffs_single_dev);
3697
3698
3699
3700
3701 static void _ffs_free_dev(struct ffs_dev *dev)
3702 {
3703 list_del(&dev->entry);
3704
3705
3706 if (dev->ffs_data)
3707 dev->ffs_data->private_data = NULL;
3708
3709 kfree(dev);
3710 if (list_empty(&ffs_devices))
3711 functionfs_cleanup();
3712 }
3713
3714 static void *ffs_acquire_dev(const char *dev_name)
3715 {
3716 struct ffs_dev *ffs_dev;
3717
3718 ENTER();
3719 ffs_dev_lock();
3720
3721 ffs_dev = _ffs_find_dev(dev_name);
3722 if (!ffs_dev)
3723 ffs_dev = ERR_PTR(-ENOENT);
3724 else if (ffs_dev->mounted)
3725 ffs_dev = ERR_PTR(-EBUSY);
3726 else if (ffs_dev->ffs_acquire_dev_callback &&
3727 ffs_dev->ffs_acquire_dev_callback(ffs_dev))
3728 ffs_dev = ERR_PTR(-ENOENT);
3729 else
3730 ffs_dev->mounted = true;
3731
3732 ffs_dev_unlock();
3733 return ffs_dev;
3734 }
3735
3736 static void ffs_release_dev(struct ffs_data *ffs_data)
3737 {
3738 struct ffs_dev *ffs_dev;
3739
3740 ENTER();
3741 ffs_dev_lock();
3742
3743 ffs_dev = ffs_data->private_data;
3744 if (ffs_dev) {
3745 ffs_dev->mounted = false;
3746
3747 if (ffs_dev->ffs_release_dev_callback)
3748 ffs_dev->ffs_release_dev_callback(ffs_dev);
3749 }
3750
3751 ffs_dev_unlock();
3752 }
3753
3754 static int ffs_ready(struct ffs_data *ffs)
3755 {
3756 struct ffs_dev *ffs_obj;
3757 int ret = 0;
3758
3759 ENTER();
3760 ffs_dev_lock();
3761
3762 ffs_obj = ffs->private_data;
3763 if (!ffs_obj) {
3764 ret = -EINVAL;
3765 goto done;
3766 }
3767 if (WARN_ON(ffs_obj->desc_ready)) {
3768 ret = -EBUSY;
3769 goto done;
3770 }
3771
3772 ffs_obj->desc_ready = true;
3773 ffs_obj->ffs_data = ffs;
3774
3775 if (ffs_obj->ffs_ready_callback) {
3776 ret = ffs_obj->ffs_ready_callback(ffs);
3777 if (ret)
3778 goto done;
3779 }
3780
3781 set_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags);
3782 done:
3783 ffs_dev_unlock();
3784 return ret;
3785 }
3786
3787 static void ffs_closed(struct ffs_data *ffs)
3788 {
3789 struct ffs_dev *ffs_obj;
3790 struct f_fs_opts *opts;
3791 struct config_item *ci;
3792
3793 ENTER();
3794 ffs_dev_lock();
3795
3796 ffs_obj = ffs->private_data;
3797 if (!ffs_obj)
3798 goto done;
3799
3800 ffs_obj->desc_ready = false;
3801 ffs_obj->ffs_data = NULL;
3802
3803 if (test_and_clear_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags) &&
3804 ffs_obj->ffs_closed_callback)
3805 ffs_obj->ffs_closed_callback(ffs);
3806
3807 if (ffs_obj->opts)
3808 opts = ffs_obj->opts;
3809 else
3810 goto done;
3811
3812 if (opts->no_configfs || !opts->func_inst.group.cg_item.ci_parent
3813 || !kref_read(&opts->func_inst.group.cg_item.ci_kref))
3814 goto done;
3815
3816 ci = opts->func_inst.group.cg_item.ci_parent->ci_parent;
3817 ffs_dev_unlock();
3818
3819 if (test_bit(FFS_FL_BOUND, &ffs->flags))
3820 unregister_gadget_item(ci);
3821 return;
3822 done:
3823 ffs_dev_unlock();
3824 }
3825
3826
3827
3828 static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
3829 {
3830 return nonblock
3831 ? likely(mutex_trylock(mutex)) ? 0 : -EAGAIN
3832 : mutex_lock_interruptible(mutex);
3833 }
3834
3835 static char *ffs_prepare_buffer(const char __user *buf, size_t len)
3836 {
3837 char *data;
3838
3839 if (unlikely(!len))
3840 return NULL;
3841
3842 data = kmalloc(len, GFP_KERNEL);
3843 if (unlikely(!data))
3844 return ERR_PTR(-ENOMEM);
3845
3846 if (unlikely(copy_from_user(data, buf, len))) {
3847 kfree(data);
3848 return ERR_PTR(-EFAULT);
3849 }
3850
3851 pr_vdebug("Buffer from user space:\n");
3852 ffs_dump_mem("", data, len);
3853
3854 return data;
3855 }
3856
3857 DECLARE_USB_FUNCTION_INIT(ffs, ffs_alloc_inst, ffs_alloc);
3858 MODULE_LICENSE("GPL");
3859 MODULE_AUTHOR("Michal Nazarewicz");