projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
USB: g_mass_storage: code cleaned up and comments updated
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / drivers / usb / gadget / f_mass_storage.c
CommitLineData
d5e2b67a 1/*
d26a6aa0 2 * f_mass_storage.c -- Mass Storage USB Composite Function
d5e2b67a
MN		 3 *
4 * Copyright (C) 2003-2008 Alan Stern
d26a6aa0
MN		 5 * Copyright (C) 2009 Samsung Electronics
6 * Author: Michal Nazarewicz <m.nazarewicz@samsung.com>
d5e2b67a
MN		 7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions, and the following disclaimer,
14 * without modification.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. The names of the above-listed copyright holders may not be used
19 * to endorse or promote products derived from this software without
20 * specific prior written permission.
21 *
22 * ALTERNATIVELY, this software may be distributed under the terms of the
23 * GNU General Public License ("GPL") as published by the Free Software
24 * Foundation, either version 2 of that License or (at your option) any
25 * later version.
26 *
27 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
28 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
29 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
30 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
31 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
32 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
33 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
34 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
35 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
36 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
37 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
38 */
39
40
41/*
d26a6aa0
MN		 42 * The Mass Storage Function acts as a USB Mass Storage device,
43 * appearing to the host as a disk drive or as a CD-ROM drive. In
44 * addition to providing an example of a genuinely useful composite
45 * function for a USB device, it also illustrates a technique of
46 * double-buffering for increased throughput.
d5e2b67a 47 *
d26a6aa0
MN		 48 * Function supports multiple logical units (LUNs). Backing storage
49 * for each LUN is provided by a regular file or a block device.
50 * Access for each LUN can be limited to read-only. Moreover, the
51 * function can indicate that LUN is removable and/or CD-ROM. (The
52 * later implies read-only access.)
53 *
54 * MSF is configured by specifying a fsg_config structure. It has the
55 * following fields:
56 *
57 * nluns Number of LUNs function have (anywhere from 1
58 * to FSG_MAX_LUNS which is 8).
59 * luns An array of LUN configuration values. This
60 * should be filled for each LUN that
61 * function will include (ie. for "nluns"
62 * LUNs). Each element of the array has
63 * the following fields:
64 * ->filename The path to the backing file for the LUN.
65 * Required if LUN is not marked as
66 * removable.
67 * ->ro Flag specifying access to the LUN shall be
68 * read-only. This is implied if CD-ROM
69 * emulation is enabled as well as when
70 * it was impossible to open "filename"
71 * in R/W mode.
72 * ->removable Flag specifying that LUN shall be indicated as
73 * being removable.
74 * ->cdrom Flag specifying that LUN shall be reported as
75 * being a CD-ROM.
76 *
77 * lun_name_format A printf-like format for names of the LUN
78 * devices. This determines how the
79 * directory in sysfs will be named.
80 * Unless you are using several MSFs in
81 * a single gadget (as opposed to single
82 * MSF in many configurations) you may
83 * leave it as NULL (in which case
84 * "lun%d" will be used). In the format
85 * you can use "%d" to index LUNs for
86 * MSF's with more than one LUN. (Beware
87 * that there is only one integer given
88 * as an argument for the format and
89 * specifying invalid format may cause
90 * unspecified behaviour.)
91 * thread_name Name of the kernel thread process used by the
92 * MSF. You can safely set it to NULL
93 * (in which case default "file-storage"
94 * will be used).
95 *
96 * vendor_name
97 * product_name
98 * release Information used as a reply to INQUIRY
99 * request. To use default set to NULL,
100 * NULL, 0xffff respectively. The first
101 * field should be 8 and the second 16
102 * characters or less.
103 *
104 * can_stall Set to permit function to halt bulk endpoints.
105 * Disabled on some USB devices known not
106 * to work correctly. You should set it
107 * to true.
108 *
109 * If "removable" is not set for a LUN then a backing file must be
110 * specified. If it is set, then NULL filename means the LUN's medium
111 * is not loaded (an empty string as "filename" in the fsg_config
112 * structure causes error). The CD-ROM emulation includes a single
113 * data track and no audio tracks; hence there need be only one
114 * backing file per LUN. Note also that the CD-ROM block length is
115 * set to 512 rather than the more common value 2048.
116 *
117 *
118 * MSF includes support for module parameters. If gadget using it
119 * decides to use it, the following module parameters will be
120 * available:
121 *
122 * file=filename[,filename...]
123 * Names of the files or block devices used for
124 * backing storage.
125 * ro=b[,b...] Default false, boolean for read-only access.
126 * removable=b[,b...]
127 * Default true, boolean for removable media.
128 * cdrom=b[,b...] Default false, boolean for whether to emulate
129 * a CD-ROM drive.
130 * luns=N Default N = number of filenames, number of
131 * LUNs to support.
132 * stall Default determined according to the type of
133 * USB device controller (usually true),
134 * boolean to permit the driver to halt
135 * bulk endpoints.
136 *
137 * The module parameters may be prefixed with some string. You need
138 * to consult gadget's documentation or source to verify whether it is
139 * using those module parameters and if it does what are the prefixes
140 * (look for FSG_MODULE_PARAMETERS() macro usage, what's inside it is
141 * the prefix).
d5e2b67a 142 *
d5e2b67a
MN		 143 *
144 * Requirements are modest; only a bulk-in and a bulk-out endpoint are
d26a6aa0
MN		 145 * needed. The memory requirement amounts to two 16K buffers, size
146 * configurable by a parameter. Support is included for both
147 * full-speed and high-speed operation.
d5e2b67a
MN		 148 *
149 * Note that the driver is slightly non-portable in that it assumes a
150 * single memory/DMA buffer will be useable for bulk-in, bulk-out, and
151 * interrupt-in endpoints. With most device controllers this isn't an
152 * issue, but there may be some with hardware restrictions that prevent
153 * a buffer from being used by more than one endpoint.
154 *
d5e2b67a 155 *
d26a6aa0
MN		 156 * The pathnames of the backing files and the ro settings are
157 * available in the attribute files "file" and "ro" in the lun<n> (or
158 * to be more precise in a directory which name comes from
159 * "lun_name_format" option!) subdirectory of the gadget's sysfs
160 * directory. If the "removable" option is set, writing to these
161 * files will simulate ejecting/loading the medium (writing an empty
162 * line means eject) and adjusting a write-enable tab. Changes to the
163 * ro setting are not allowed when the medium is loaded or if CD-ROM
164 * emulation is being used.
d5e2b67a 165 *
d5e2b67a 166 *
d26a6aa0
MN		 167 * This function is heavily based on "File-backed Storage Gadget" by
168 * Alan Stern which in turn is heavily based on "Gadget Zero" by David
169 * Brownell. The driver's SCSI command interface was based on the
170 * "Information technology - Small Computer System Interface - 2"
171 * document from X3T9.2 Project 375D, Revision 10L, 7-SEP-93,
172 * available at <http://www.t10.org/ftp/t10/drafts/s2/s2-r10l.pdf>.
173 * The single exception is opcode 0x23 (READ FORMAT CAPACITIES), which
174 * was based on the "Universal Serial Bus Mass Storage Class UFI
175 * Command Specification" document, Revision 1.0, December 14, 1998,
176 * available at
d5e2b67a
MN		 177 * <http://www.usb.org/developers/devclass_docs/usbmass-ufi10.pdf>.
178 */
179
180
181/*
182 * Driver Design
183 *
d26a6aa0 184 * The MSF is fairly straightforward. There is a main kernel
d5e2b67a
MN		 185 * thread that handles most of the work. Interrupt routines field
186 * callbacks from the controller driver: bulk- and interrupt-request
187 * completion notifications, endpoint-0 events, and disconnect events.
188 * Completion events are passed to the main thread by wakeup calls. Many
189 * ep0 requests are handled at interrupt time, but SetInterface,
190 * SetConfiguration, and device reset requests are forwarded to the
191 * thread in the form of "exceptions" using SIGUSR1 signals (since they
192 * should interrupt any ongoing file I/O operations).
193 *
194 * The thread's main routine implements the standard command/data/status
195 * parts of a SCSI interaction. It and its subroutines are full of tests
196 * for pending signals/exceptions -- all this polling is necessary since
197 * the kernel has no setjmp/longjmp equivalents. (Maybe this is an
198 * indication that the driver really wants to be running in userspace.)
199 * An important point is that so long as the thread is alive it keeps an
200 * open reference to the backing file. This will prevent unmounting
201 * the backing file's underlying filesystem and could cause problems
202 * during system shutdown, for example. To prevent such problems, the
203 * thread catches INT, TERM, and KILL signals and converts them into
204 * an EXIT exception.
205 *
206 * In normal operation the main thread is started during the gadget's
d26a6aa0
MN		 207 * fsg_bind() callback and stopped during fsg_unbind(). But it can
208 * also exit when it receives a signal, and there's no point leaving
209 * the gadget running when the thread is dead. At of this moment, MSF
210 * provides no way to deregister the gadget when thread dies -- maybe
211 * a callback functions is needed.
d5e2b67a
MN		 212 *
213 * To provide maximum throughput, the driver uses a circular pipeline of
214 * buffer heads (struct fsg_buffhd). In principle the pipeline can be
215 * arbitrarily long; in practice the benefits don't justify having more
216 * than 2 stages (i.e., double buffering). But it helps to think of the
217 * pipeline as being a long one. Each buffer head contains a bulk-in and
218 * a bulk-out request pointer (since the buffer can be used for both
219 * output and input -- directions always are given from the host's
220 * point of view) as well as a pointer to the buffer and various state
221 * variables.
222 *
223 * Use of the pipeline follows a simple protocol. There is a variable
224 * (fsg->next_buffhd_to_fill) that points to the next buffer head to use.
225 * At any time that buffer head may still be in use from an earlier
226 * request, so each buffer head has a state variable indicating whether
227 * it is EMPTY, FULL, or BUSY. Typical use involves waiting for the
228 * buffer head to be EMPTY, filling the buffer either by file I/O or by
229 * USB I/O (during which the buffer head is BUSY), and marking the buffer
230 * head FULL when the I/O is complete. Then the buffer will be emptied
231 * (again possibly by USB I/O, during which it is marked BUSY) and
232 * finally marked EMPTY again (possibly by a completion routine).
233 *
234 * A module parameter tells the driver to avoid stalling the bulk
235 * endpoints wherever the transport specification allows. This is
236 * necessary for some UDCs like the SuperH, which cannot reliably clear a
237 * halt on a bulk endpoint. However, under certain circumstances the
238 * Bulk-only specification requires a stall. In such cases the driver
239 * will halt the endpoint and set a flag indicating that it should clear
240 * the halt in software during the next device reset. Hopefully this
241 * will permit everything to work correctly. Furthermore, although the
242 * specification allows the bulk-out endpoint to halt when the host sends
243 * too much data, implementing this would cause an unavoidable race.
244 * The driver will always use the "no-stall" approach for OUT transfers.
245 *
246 * One subtle point concerns sending status-stage responses for ep0
247 * requests. Some of these requests, such as device reset, can involve
248 * interrupting an ongoing file I/O operation, which might take an
249 * arbitrarily long time. During that delay the host might give up on
250 * the original ep0 request and issue a new one. When that happens the
251 * driver should not notify the host about completion of the original
252 * request, as the host will no longer be waiting for it. So the driver
253 * assigns to each ep0 request a unique tag, and it keeps track of the
254 * tag value of the request associated with a long-running exception
255 * (device-reset, interface-change, or configuration-change). When the
256 * exception handler is finished, the status-stage response is submitted
257 * only if the current ep0 request tag is equal to the exception request
258 * tag. Thus only the most recently received ep0 request will get a
259 * status-stage response.
260 *
261 * Warning: This driver source file is too long. It ought to be split up
262 * into a header file plus about 3 separate .c files, to handle the details
263 * of the Gadget, USB Mass Storage, and SCSI protocols.
264 */
265
266
267/* #define VERBOSE_DEBUG */
268/* #define DUMP_MSGS */
269
270
271#include <linux/blkdev.h>
272#include <linux/completion.h>
273#include <linux/dcache.h>
274#include <linux/delay.h>
275#include <linux/device.h>
276#include <linux/fcntl.h>
277#include <linux/file.h>
278#include <linux/fs.h>
279#include <linux/kref.h>
280#include <linux/kthread.h>
281#include <linux/limits.h>
282#include <linux/rwsem.h>
283#include <linux/slab.h>
284#include <linux/spinlock.h>
285#include <linux/string.h>
286#include <linux/freezer.h>
287#include <linux/utsname.h>
288
289#include <linux/usb/ch9.h>
290#include <linux/usb/gadget.h>
291
292#include "gadget_chips.h"
293
294
295
e8b6f8c5 296/*------------------------------------------------------------------------*/
d5e2b67a 297
d23b0f08 298#define FSG_DRIVER_DESC "Mass Storage Function"
d26a6aa0 299#define FSG_DRIVER_VERSION "2009/09/11"
d5e2b67a 300
d5e2b67a
MN		 301static const char fsg_string_interface[] = "Mass Storage";
302
303
93bcf12e 304#define FSG_NO_INTR_EP 1
606206c2 305#define FSG_BUFFHD_STATIC_BUFFER 1
d23b0f08
MN		 306#define FSG_NO_DEVICE_STRINGS 1
307#define FSG_NO_OTG 1
308#define FSG_NO_INTR_EP 1
93bcf12e 309
d5e2b67a
MN		 310#include "storage_common.c"
311
312
d5e2b67a
MN		 313/*-------------------------------------------------------------------------*/
314
315
a41ae418
MN		 316/* Data shared by all the FSG instances. */
317struct fsg_common {
9c610213
MN		 318 struct usb_gadget *gadget;
319
a41ae418
MN		 320 /* filesem protects: backing files in use */
321 struct rw_semaphore filesem;
322
323 struct fsg_buffhd *next_buffhd_to_fill;
324 struct fsg_buffhd *next_buffhd_to_drain;
325 struct fsg_buffhd buffhds[FSG_NUM_BUFFERS];
326
327 int cmnd_size;
328 u8 cmnd[MAX_COMMAND_SIZE];
329
330 unsigned int nluns;
331 unsigned int lun;
332 struct fsg_lun *luns;
333 struct fsg_lun *curlun;
9c610213 334
481e4929 335 unsigned int can_stall:1;
9c610213
MN		 336 unsigned int free_storage_on_release:1;
337
e8b6f8c5
MN		 338 const char *thread_name;
339
481e4929
MN		 340 /* Vendor (8 chars), product (16 chars), release (4
341 * hexadecimal digits) and NUL byte */
342 char inquiry_string[8 + 16 + 4 + 1];
343
9c610213 344 struct kref ref;
a41ae418
MN		 345};
346
347
481e4929
MN		 348struct fsg_config {
349 unsigned nluns;
350 struct fsg_lun_config {
351 const char *filename;
352 char ro;
353 char removable;
354 char cdrom;
355 } luns[FSG_MAX_LUNS];
356
e8b6f8c5
MN		 357 const char *lun_name_format;
358 const char *thread_name;
359
481e4929
MN		 360 const char *vendor_name; /* 8 characters or less */
361 const char *product_name; /* 16 characters or less */
362 u16 release;
363
364 char can_stall;
365};
366
367
d5e2b67a 368struct fsg_dev {
d23b0f08 369 struct usb_function function;
d26a6aa0 370 struct usb_composite_dev *cdev;
d23b0f08 371 struct usb_gadget *gadget; /* Copy of cdev->gadget */
a41ae418
MN		 372 struct fsg_common *common;
373
d23b0f08
MN		 374 u16 interface_number;
375
a41ae418 376 /* lock protects: state, all the req_busy's */
d5e2b67a 377 spinlock_t lock;
d5e2b67a 378
d23b0f08
MN		 379 struct usb_ep *ep0; /* Copy of gadget->ep0 */
380 struct usb_request *ep0req; /* Copy of cdev->req */
d5e2b67a
MN		 381 unsigned int ep0_req_tag;
382 const char *ep0req_name;
383
d5e2b67a 384 unsigned int bulk_out_maxpacket;
d26a6aa0 385 enum fsg_state state; /* For exception handling */
d5e2b67a
MN		 386 unsigned int exception_req_tag;
387
388 u8 config, new_config;
389
d26a6aa0
MN		 390 unsigned int running:1;
391 unsigned int bulk_in_enabled:1;
392 unsigned int bulk_out_enabled:1;
393 unsigned int phase_error:1;
394 unsigned int short_packet_received:1;
395 unsigned int bad_lun_okay:1;
396 unsigned int can_stall:1;
d5e2b67a
MN		 397
398 unsigned long atomic_bitflags;
399#define REGISTERED 0
400#define IGNORE_BULK_OUT 1
d5e2b67a
MN		 401
402 struct usb_ep *bulk_in;
403 struct usb_ep *bulk_out;
d5e2b67a 404
d5e2b67a
MN		 405 int thread_wakeup_needed;
406 struct completion thread_notifier;
407 struct task_struct *thread_task;
408
d5e2b67a
MN		 409 enum data_direction data_dir;
410 u32 data_size;
411 u32 data_size_from_cmnd;
412 u32 tag;
d5e2b67a
MN		 413 u32 residue;
414 u32 usb_amount_left;
d5e2b67a
MN		 415};
416
d23b0f08
MN		 417
418static inline struct fsg_dev *fsg_from_func(struct usb_function *f)
419{
420 return container_of(f, struct fsg_dev, function);
421}
422
423
d5e2b67a
MN		 424typedef void (*fsg_routine_t)(struct fsg_dev *);
425
426static int exception_in_progress(struct fsg_dev *fsg)
427{
428 return (fsg->state > FSG_STATE_IDLE);
429}
430
431/* Make bulk-out requests be divisible by the maxpacket size */
432static void set_bulk_out_req_length(struct fsg_dev *fsg,
433 struct fsg_buffhd *bh, unsigned int length)
434{
435 unsigned int rem;
436
437 bh->bulk_out_intended_length = length;
438 rem = length % fsg->bulk_out_maxpacket;
439 if (rem > 0)
440 length += fsg->bulk_out_maxpacket - rem;
441 bh->outreq->length = length;
442}
443
d5e2b67a
MN		 444/*-------------------------------------------------------------------------*/
445
446static int fsg_set_halt(struct fsg_dev *fsg, struct usb_ep *ep)
447{
448 const char *name;
449
450 if (ep == fsg->bulk_in)
451 name = "bulk-in";
452 else if (ep == fsg->bulk_out)
453 name = "bulk-out";
454 else
455 name = ep->name;
456 DBG(fsg, "%s set halt\n", name);
457 return usb_ep_set_halt(ep);
458}
459
460
d5e2b67a
MN		 461/*-------------------------------------------------------------------------*/
462
463/* These routines may be called in process context or in_irq */
464
465/* Caller must hold fsg->lock */
466static void wakeup_thread(struct fsg_dev *fsg)
467{
468 /* Tell the main thread that something has happened */
469 fsg->thread_wakeup_needed = 1;
470 if (fsg->thread_task)
471 wake_up_process(fsg->thread_task);
472}
473
474
475static void raise_exception(struct fsg_dev *fsg, enum fsg_state new_state)
476{
477 unsigned long flags;
478
479 /* Do nothing if a higher-priority exception is already in progress.
480 * If a lower-or-equal priority exception is in progress, preempt it
481 * and notify the main thread by sending it a signal. */
482 spin_lock_irqsave(&fsg->lock, flags);
483 if (fsg->state <= new_state) {
484 fsg->exception_req_tag = fsg->ep0_req_tag;
485 fsg->state = new_state;
486 if (fsg->thread_task)
487 send_sig_info(SIGUSR1, SEND_SIG_FORCED,
488 fsg->thread_task);
489 }
490 spin_unlock_irqrestore(&fsg->lock, flags);
491}
492
493
494/*-------------------------------------------------------------------------*/
495
d5e2b67a
MN		 496static int ep0_queue(struct fsg_dev *fsg)
497{
498 int rc;
499
500 rc = usb_ep_queue(fsg->ep0, fsg->ep0req, GFP_ATOMIC);
d23b0f08 501 fsg->ep0->driver_data = fsg;
d5e2b67a
MN		 502 if (rc != 0 && rc != -ESHUTDOWN) {
503
504 /* We can't do much more than wait for a reset */
505 WARNING(fsg, "error in submission: %s --> %d\n",
506 fsg->ep0->name, rc);
507 }
508 return rc;
509}
510
d5e2b67a
MN		 511/*-------------------------------------------------------------------------*/
512
513/* Bulk and interrupt endpoint completion handlers.
514 * These always run in_irq. */
515
516static void bulk_in_complete(struct usb_ep *ep, struct usb_request *req)
517{
518 struct fsg_dev *fsg = ep->driver_data;
519 struct fsg_buffhd *bh = req->context;
520
521 if (req->status || req->actual != req->length)
522 DBG(fsg, "%s --> %d, %u/%u\n", __func__,
523 req->status, req->actual, req->length);
d26a6aa0 524 if (req->status == -ECONNRESET) /* Request was cancelled */
d5e2b67a
MN		 525 usb_ep_fifo_flush(ep);
526
527 /* Hold the lock while we update the request and buffer states */
528 smp_wmb();
529 spin_lock(&fsg->lock);
530 bh->inreq_busy = 0;
531 bh->state = BUF_STATE_EMPTY;
532 wakeup_thread(fsg);
533 spin_unlock(&fsg->lock);
534}
535
536static void bulk_out_complete(struct usb_ep *ep, struct usb_request *req)
537{
538 struct fsg_dev *fsg = ep->driver_data;
539 struct fsg_buffhd *bh = req->context;
540
541 dump_msg(fsg, "bulk-out", req->buf, req->actual);
542 if (req->status || req->actual != bh->bulk_out_intended_length)
543 DBG(fsg, "%s --> %d, %u/%u\n", __func__,
544 req->status, req->actual,
545 bh->bulk_out_intended_length);
d26a6aa0 546 if (req->status == -ECONNRESET) /* Request was cancelled */
d5e2b67a
MN		 547 usb_ep_fifo_flush(ep);
548
549 /* Hold the lock while we update the request and buffer states */
550 smp_wmb();
551 spin_lock(&fsg->lock);
552 bh->outreq_busy = 0;
553 bh->state = BUF_STATE_FULL;
554 wakeup_thread(fsg);
555 spin_unlock(&fsg->lock);
556}
557
558
d5e2b67a
MN		 559/*-------------------------------------------------------------------------*/
560
561/* Ep0 class-specific handlers. These always run in_irq. */
562
d23b0f08 563static int fsg_setup(struct usb_function *f,
d5e2b67a
MN		 564 const struct usb_ctrlrequest *ctrl)
565{
d23b0f08 566 struct fsg_dev *fsg = fsg_from_func(f);
d5e2b67a 567 struct usb_request *req = fsg->ep0req;
d5e2b67a 568 u16 w_index = le16_to_cpu(ctrl->wIndex);
93bcf12e 569 u16 w_value = le16_to_cpu(ctrl->wValue);
d5e2b67a
MN		 570 u16 w_length = le16_to_cpu(ctrl->wLength);
571
572 if (!fsg->config)
93bcf12e 573 return -EOPNOTSUPP;
d5e2b67a 574
93bcf12e 575 switch (ctrl->bRequest) {
d5e2b67a 576
93bcf12e
MN		 577 case USB_BULK_RESET_REQUEST:
578 if (ctrl->bRequestType !=
579 (USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE))
d5e2b67a 580 break;
d23b0f08 581 if (w_index != fsg->interface_number || w_value != 0)
93bcf12e 582 return -EDOM;
d5e2b67a 583
93bcf12e
MN		 584 /* Raise an exception to stop the current operation
585 * and reinitialize our state. */
586 DBG(fsg, "bulk reset request\n");
587 raise_exception(fsg, FSG_STATE_RESET);
588 return DELAYED_STATUS;
d5e2b67a 589
93bcf12e
MN		 590 case USB_BULK_GET_MAX_LUN_REQUEST:
591 if (ctrl->bRequestType !=
592 (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE))
d5e2b67a 593 break;
d23b0f08 594 if (w_index != fsg->interface_number || w_value != 0)
93bcf12e
MN		 595 return -EDOM;
596 VDBG(fsg, "get max LUN\n");
a41ae418 597 *(u8 *) req->buf = fsg->common->nluns - 1;
93bcf12e
MN		 598 return 1;
599 }
600
601 VDBG(fsg,
602 "unknown class-specific control req "
603 "%02x.%02x v%04x i%04x l%u\n",
604 ctrl->bRequestType, ctrl->bRequest,
605 le16_to_cpu(ctrl->wValue), w_index, w_length);
606 return -EOPNOTSUPP;
d5e2b67a
MN		 607}
608
609
d5e2b67a
MN		 610/*-------------------------------------------------------------------------*/
611
612/* All the following routines run in process context */
613
614
615/* Use this for bulk or interrupt transfers, not ep0 */
616static void start_transfer(struct fsg_dev *fsg, struct usb_ep *ep,
617 struct usb_request *req, int *pbusy,
618 enum fsg_buffer_state *state)
619{
620 int rc;
621
622 if (ep == fsg->bulk_in)
623 dump_msg(fsg, "bulk-in", req->buf, req->length);
d5e2b67a
MN		 624
625 spin_lock_irq(&fsg->lock);
626 *pbusy = 1;
627 *state = BUF_STATE_BUSY;
628 spin_unlock_irq(&fsg->lock);
629 rc = usb_ep_queue(ep, req, GFP_KERNEL);
630 if (rc != 0) {
631 *pbusy = 0;
632 *state = BUF_STATE_EMPTY;
633
634 /* We can't do much more than wait for a reset */
635
636 /* Note: currently the net2280 driver fails zero-length
637 * submissions if DMA is enabled. */
638 if (rc != -ESHUTDOWN && !(rc == -EOPNOTSUPP &&
639 req->length == 0))
640 WARNING(fsg, "error in submission: %s --> %d\n",
641 ep->name, rc);
642 }
643}
644
645
646static int sleep_thread(struct fsg_dev *fsg)
647{
648 int rc = 0;
649
650 /* Wait until a signal arrives or we are woken up */
651 for (;;) {
652 try_to_freeze();
653 set_current_state(TASK_INTERRUPTIBLE);
654 if (signal_pending(current)) {
655 rc = -EINTR;
656 break;
657 }
658 if (fsg->thread_wakeup_needed)
659 break;
660 schedule();
661 }
662 __set_current_state(TASK_RUNNING);
663 fsg->thread_wakeup_needed = 0;
664 return rc;
665}
666
667
668/*-------------------------------------------------------------------------*/
669
670static int do_read(struct fsg_dev *fsg)
671{
a41ae418 672 struct fsg_lun *curlun = fsg->common->curlun;
d5e2b67a
MN		 673 u32 lba;
674 struct fsg_buffhd *bh;
675 int rc;
676 u32 amount_left;
677 loff_t file_offset, file_offset_tmp;
678 unsigned int amount;
679 unsigned int partial_page;
680 ssize_t nread;
681
682 /* Get the starting Logical Block Address and check that it's
683 * not too big */
a41ae418
MN		 684 if (fsg->common->cmnd[0] == SC_READ_6)
685 lba = get_unaligned_be24(&fsg->common->cmnd[1]);
d5e2b67a 686 else {
a41ae418 687 lba = get_unaligned_be32(&fsg->common->cmnd[2]);
d5e2b67a
MN		 688
689 /* We allow DPO (Disable Page Out = don't save data in the
690 * cache) and FUA (Force Unit Access = don't read from the
691 * cache), but we don't implement them. */
a41ae418 692 if ((fsg->common->cmnd[1] & ~0x18) != 0) {
d5e2b67a
MN		 693 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
694 return -EINVAL;
695 }
696 }
697 if (lba >= curlun->num_sectors) {
698 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
699 return -EINVAL;
700 }
701 file_offset = ((loff_t) lba) << 9;
702
703 /* Carry out the file reads */
704 amount_left = fsg->data_size_from_cmnd;
705 if (unlikely(amount_left == 0))
d26a6aa0 706 return -EIO; /* No default reply */
d5e2b67a
MN		 707
708 for (;;) {
709
710 /* Figure out how much we need to read:
711 * Try to read the remaining amount.
712 * But don't read more than the buffer size.
713 * And don't try to read past the end of the file.
714 * Finally, if we're not at a page boundary, don't read past
715 * the next page.
716 * If this means reading 0 then we were asked to read past
717 * the end of file. */
93bcf12e 718 amount = min(amount_left, FSG_BUFLEN);
d5e2b67a
MN		 719 amount = min((loff_t) amount,
720 curlun->file_length - file_offset);
721 partial_page = file_offset & (PAGE_CACHE_SIZE - 1);
722 if (partial_page > 0)
723 amount = min(amount, (unsigned int) PAGE_CACHE_SIZE -
724 partial_page);
725
726 /* Wait for the next buffer to become available */
a41ae418 727 bh = fsg->common->next_buffhd_to_fill;
d5e2b67a
MN		 728 while (bh->state != BUF_STATE_EMPTY) {
729 rc = sleep_thread(fsg);
730 if (rc)
731 return rc;
732 }
733
734 /* If we were asked to read past the end of file,
735 * end with an empty buffer. */
736 if (amount == 0) {
737 curlun->sense_data =
738 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
739 curlun->sense_data_info = file_offset >> 9;
740 curlun->info_valid = 1;
741 bh->inreq->length = 0;
742 bh->state = BUF_STATE_FULL;
743 break;
744 }
745
746 /* Perform the read */
747 file_offset_tmp = file_offset;
748 nread = vfs_read(curlun->filp,
749 (char __user *) bh->buf,
750 amount, &file_offset_tmp);
751 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount,
752 (unsigned long long) file_offset,
753 (int) nread);
754 if (signal_pending(current))
755 return -EINTR;
756
757 if (nread < 0) {
758 LDBG(curlun, "error in file read: %d\n",
759 (int) nread);
760 nread = 0;
761 } else if (nread < amount) {
762 LDBG(curlun, "partial file read: %d/%u\n",
763 (int) nread, amount);
d26a6aa0 764 nread -= (nread & 511); /* Round down to a block */
d5e2b67a
MN		 765 }
766 file_offset += nread;
767 amount_left -= nread;
768 fsg->residue -= nread;
769 bh->inreq->length = nread;
770 bh->state = BUF_STATE_FULL;
771
772 /* If an error occurred, report it and its position */
773 if (nread < amount) {
774 curlun->sense_data = SS_UNRECOVERED_READ_ERROR;
775 curlun->sense_data_info = file_offset >> 9;
776 curlun->info_valid = 1;
777 break;
778 }
779
780 if (amount_left == 0)
d26a6aa0 781 break; /* No more left to read */
d5e2b67a
MN		 782
783 /* Send this buffer and go read some more */
784 bh->inreq->zero = 0;
785 start_transfer(fsg, fsg->bulk_in, bh->inreq,
786 &bh->inreq_busy, &bh->state);
a41ae418 787 fsg->common->next_buffhd_to_fill = bh->next;
d5e2b67a
MN		 788 }
789
d26a6aa0 790 return -EIO; /* No default reply */
d5e2b67a
MN		 791}
792
793
794/*-------------------------------------------------------------------------*/
795
796static int do_write(struct fsg_dev *fsg)
797{
a41ae418 798 struct fsg_lun *curlun = fsg->common->curlun;
d5e2b67a
MN		 799 u32 lba;
800 struct fsg_buffhd *bh;
801 int get_some_more;
802 u32 amount_left_to_req, amount_left_to_write;
803 loff_t usb_offset, file_offset, file_offset_tmp;
804 unsigned int amount;
805 unsigned int partial_page;
806 ssize_t nwritten;
807 int rc;
808
809 if (curlun->ro) {
810 curlun->sense_data = SS_WRITE_PROTECTED;
811 return -EINVAL;
812 }
813 spin_lock(&curlun->filp->f_lock);
d26a6aa0 814 curlun->filp->f_flags &= ~O_SYNC; /* Default is not to wait */
d5e2b67a
MN		 815 spin_unlock(&curlun->filp->f_lock);
816
817 /* Get the starting Logical Block Address and check that it's
818 * not too big */
a41ae418
MN		 819 if (fsg->common->cmnd[0] == SC_WRITE_6)
820 lba = get_unaligned_be24(&fsg->common->cmnd[1]);
d5e2b67a 821 else {
a41ae418 822 lba = get_unaligned_be32(&fsg->common->cmnd[2]);
d5e2b67a
MN		 823
824 /* We allow DPO (Disable Page Out = don't save data in the
825 * cache) and FUA (Force Unit Access = write directly to the
826 * medium). We don't implement DPO; we implement FUA by
827 * performing synchronous output. */
a41ae418 828 if ((fsg->common->cmnd[1] & ~0x18) != 0) {
d5e2b67a
MN		 829 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
830 return -EINVAL;
831 }
d26a6aa0 832 if (fsg->common->cmnd[1] & 0x08) { /* FUA */
d5e2b67a
MN		 833 spin_lock(&curlun->filp->f_lock);
834 curlun->filp->f_flags |= O_SYNC;
835 spin_unlock(&curlun->filp->f_lock);
836 }
837 }
838 if (lba >= curlun->num_sectors) {
839 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
840 return -EINVAL;
841 }
842
843 /* Carry out the file writes */
844 get_some_more = 1;
845 file_offset = usb_offset = ((loff_t) lba) << 9;
846 amount_left_to_req = amount_left_to_write = fsg->data_size_from_cmnd;
847
848 while (amount_left_to_write > 0) {
849
850 /* Queue a request for more data from the host */
a41ae418 851 bh = fsg->common->next_buffhd_to_fill;
d5e2b67a
MN		 852 if (bh->state == BUF_STATE_EMPTY && get_some_more) {
853
854 /* Figure out how much we want to get:
855 * Try to get the remaining amount.
856 * But don't get more than the buffer size.
857 * And don't try to go past the end of the file.
858 * If we're not at a page boundary,
859 * don't go past the next page.
860 * If this means getting 0, then we were asked
861 * to write past the end of file.
862 * Finally, round down to a block boundary. */
93bcf12e 863 amount = min(amount_left_to_req, FSG_BUFLEN);
d5e2b67a
MN		 864 amount = min((loff_t) amount, curlun->file_length -
865 usb_offset);
866 partial_page = usb_offset & (PAGE_CACHE_SIZE - 1);
867 if (partial_page > 0)
868 amount = min(amount,
869 (unsigned int) PAGE_CACHE_SIZE - partial_page);
870
871 if (amount == 0) {
872 get_some_more = 0;
873 curlun->sense_data =
874 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
875 curlun->sense_data_info = usb_offset >> 9;
876 curlun->info_valid = 1;
877 continue;
878 }
879 amount -= (amount & 511);
880 if (amount == 0) {
881
882 /* Why were we were asked to transfer a
883 * partial block? */
884 get_some_more = 0;
885 continue;
886 }
887
888 /* Get the next buffer */
889 usb_offset += amount;
890 fsg->usb_amount_left -= amount;
891 amount_left_to_req -= amount;
892 if (amount_left_to_req == 0)
893 get_some_more = 0;
894
895 /* amount is always divisible by 512, hence by
896 * the bulk-out maxpacket size */
d26a6aa0
MN		 897 bh->outreq->length = amount;
898 bh->bulk_out_intended_length = amount;
d5e2b67a
MN		 899 bh->outreq->short_not_ok = 1;
900 start_transfer(fsg, fsg->bulk_out, bh->outreq,
901 &bh->outreq_busy, &bh->state);
a41ae418 902 fsg->common->next_buffhd_to_fill = bh->next;
d5e2b67a
MN		 903 continue;
904 }
905
906 /* Write the received data to the backing file */
a41ae418 907 bh = fsg->common->next_buffhd_to_drain;
d5e2b67a 908 if (bh->state == BUF_STATE_EMPTY && !get_some_more)
d26a6aa0 909 break; /* We stopped early */
d5e2b67a
MN		 910 if (bh->state == BUF_STATE_FULL) {
911 smp_rmb();
a41ae418 912 fsg->common->next_buffhd_to_drain = bh->next;
d5e2b67a
MN		 913 bh->state = BUF_STATE_EMPTY;
914
915 /* Did something go wrong with the transfer? */
916 if (bh->outreq->status != 0) {
917 curlun->sense_data = SS_COMMUNICATION_FAILURE;
918 curlun->sense_data_info = file_offset >> 9;
919 curlun->info_valid = 1;
920 break;
921 }
922
923 amount = bh->outreq->actual;
924 if (curlun->file_length - file_offset < amount) {
925 LERROR(curlun,
926 "write %u @ %llu beyond end %llu\n",
927 amount, (unsigned long long) file_offset,
928 (unsigned long long) curlun->file_length);
929 amount = curlun->file_length - file_offset;
930 }
931
932 /* Perform the write */
933 file_offset_tmp = file_offset;
934 nwritten = vfs_write(curlun->filp,
935 (char __user *) bh->buf,
936 amount, &file_offset_tmp);
937 VLDBG(curlun, "file write %u @ %llu -> %d\n", amount,
938 (unsigned long long) file_offset,
939 (int) nwritten);
940 if (signal_pending(current))
d26a6aa0 941 return -EINTR; /* Interrupted! */
d5e2b67a
MN		 942
943 if (nwritten < 0) {
944 LDBG(curlun, "error in file write: %d\n",
945 (int) nwritten);
946 nwritten = 0;
947 } else if (nwritten < amount) {
948 LDBG(curlun, "partial file write: %d/%u\n",
949 (int) nwritten, amount);
950 nwritten -= (nwritten & 511);
d26a6aa0 951 /* Round down to a block */
d5e2b67a
MN		 952 }
953 file_offset += nwritten;
954 amount_left_to_write -= nwritten;
955 fsg->residue -= nwritten;
956
957 /* If an error occurred, report it and its position */
958 if (nwritten < amount) {
959 curlun->sense_data = SS_WRITE_ERROR;
960 curlun->sense_data_info = file_offset >> 9;
961 curlun->info_valid = 1;
962 break;
963 }
964
965 /* Did the host decide to stop early? */
966 if (bh->outreq->actual != bh->outreq->length) {
967 fsg->short_packet_received = 1;
968 break;
969 }
970 continue;
971 }
972
973 /* Wait for something to happen */
974 rc = sleep_thread(fsg);
975 if (rc)
976 return rc;
977 }
978
d26a6aa0 979 return -EIO; /* No default reply */
d5e2b67a
MN		 980}
981
982
983/*-------------------------------------------------------------------------*/
984
985static int do_synchronize_cache(struct fsg_dev *fsg)
986{
a41ae418 987 struct fsg_lun *curlun = fsg->common->curlun;
d5e2b67a
MN		 988 int rc;
989
990 /* We ignore the requested LBA and write out all file's
991 * dirty data buffers. */
992 rc = fsg_lun_fsync_sub(curlun);
993 if (rc)
994 curlun->sense_data = SS_WRITE_ERROR;
995 return 0;
996}
997
998
999/*-------------------------------------------------------------------------*/
1000
1001static void invalidate_sub(struct fsg_lun *curlun)
1002{
1003 struct file *filp = curlun->filp;
1004 struct inode *inode = filp->f_path.dentry->d_inode;
1005 unsigned long rc;
1006
1007 rc = invalidate_mapping_pages(inode->i_mapping, 0, -1);
1008 VLDBG(curlun, "invalidate_inode_pages -> %ld\n", rc);
1009}
1010
1011static int do_verify(struct fsg_dev *fsg)
1012{
a41ae418 1013 struct fsg_lun *curlun = fsg->common->curlun;
d5e2b67a
MN		 1014 u32 lba;
1015 u32 verification_length;
a41ae418 1016 struct fsg_buffhd *bh = fsg->common->next_buffhd_to_fill;
d5e2b67a
MN		 1017 loff_t file_offset, file_offset_tmp;
1018 u32 amount_left;
1019 unsigned int amount;
1020 ssize_t nread;
1021
1022 /* Get the starting Logical Block Address and check that it's
1023 * not too big */
a41ae418 1024 lba = get_unaligned_be32(&fsg->common->cmnd[2]);
d5e2b67a
MN		 1025 if (lba >= curlun->num_sectors) {
1026 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1027 return -EINVAL;
1028 }
1029
1030 /* We allow DPO (Disable Page Out = don't save data in the
1031 * cache) but we don't implement it. */
a41ae418 1032 if ((fsg->common->cmnd[1] & ~0x10) != 0) {
d5e2b67a
MN		 1033 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1034 return -EINVAL;
1035 }
1036
a41ae418 1037 verification_length = get_unaligned_be16(&fsg->common->cmnd[7]);
d5e2b67a 1038 if (unlikely(verification_length == 0))
d26a6aa0 1039 return -EIO; /* No default reply */
d5e2b67a
MN		 1040
1041 /* Prepare to carry out the file verify */
1042 amount_left = verification_length << 9;
1043 file_offset = ((loff_t) lba) << 9;
1044
1045 /* Write out all the dirty buffers before invalidating them */
1046 fsg_lun_fsync_sub(curlun);
1047 if (signal_pending(current))
1048 return -EINTR;
1049
1050 invalidate_sub(curlun);
1051 if (signal_pending(current))
1052 return -EINTR;
1053
1054 /* Just try to read the requested blocks */
1055 while (amount_left > 0) {
1056
1057 /* Figure out how much we need to read:
1058 * Try to read the remaining amount, but not more than
1059 * the buffer size.
1060 * And don't try to read past the end of the file.
1061 * If this means reading 0 then we were asked to read
1062 * past the end of file. */
93bcf12e 1063 amount = min(amount_left, FSG_BUFLEN);
d5e2b67a
MN		 1064 amount = min((loff_t) amount,
1065 curlun->file_length - file_offset);
1066 if (amount == 0) {
1067 curlun->sense_data =
1068 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1069 curlun->sense_data_info = file_offset >> 9;
1070 curlun->info_valid = 1;
1071 break;
1072 }
1073
1074 /* Perform the read */
1075 file_offset_tmp = file_offset;
1076 nread = vfs_read(curlun->filp,
1077 (char __user *) bh->buf,
1078 amount, &file_offset_tmp);
1079 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount,
1080 (unsigned long long) file_offset,
1081 (int) nread);
1082 if (signal_pending(current))
1083 return -EINTR;
1084
1085 if (nread < 0) {
1086 LDBG(curlun, "error in file verify: %d\n",
1087 (int) nread);
1088 nread = 0;
1089 } else if (nread < amount) {
1090 LDBG(curlun, "partial file verify: %d/%u\n",
1091 (int) nread, amount);
d26a6aa0 1092 nread -= (nread & 511); /* Round down to a sector */
d5e2b67a
MN		 1093 }
1094 if (nread == 0) {
1095 curlun->sense_data = SS_UNRECOVERED_READ_ERROR;
1096 curlun->sense_data_info = file_offset >> 9;
1097 curlun->info_valid = 1;
1098 break;
1099 }
1100 file_offset += nread;
1101 amount_left -= nread;
1102 }
1103 return 0;
1104}
1105
1106
1107/*-------------------------------------------------------------------------*/
1108
1109static int do_inquiry(struct fsg_dev *fsg, struct fsg_buffhd *bh)
1110{
481e4929 1111 struct fsg_lun *curlun = fsg->common->curlun;
d5e2b67a
MN		 1112 u8 *buf = (u8 *) bh->buf;
1113
481e4929 1114 if (!curlun) { /* Unsupported LUNs are okay */
d5e2b67a
MN		 1115 fsg->bad_lun_okay = 1;
1116 memset(buf, 0, 36);
d26a6aa0
MN		 1117 buf[0] = 0x7f; /* Unsupported, no device-type */
1118 buf[4] = 31; /* Additional length */
d5e2b67a
MN		 1119 return 36;
1120 }
1121
481e4929
MN		 1122 buf[0] = curlun->cdrom ? TYPE_CDROM : TYPE_DISK;
1123 buf[1] = curlun->removable ? 0x80 : 0;
d26a6aa0
MN		 1124 buf[2] = 2; /* ANSI SCSI level 2 */
1125 buf[3] = 2; /* SCSI-2 INQUIRY data format */
1126 buf[4] = 31; /* Additional length */
1127 buf[5] = 0; /* No special options */
481e4929
MN		 1128 buf[6] = 0;
1129 buf[7] = 0;
1130 memcpy(buf + 8, fsg->common->inquiry_string,
1131 sizeof fsg->common->inquiry_string);
d5e2b67a
MN		 1132 return 36;
1133}
1134
1135
1136static int do_request_sense(struct fsg_dev *fsg, struct fsg_buffhd *bh)
1137{
a41ae418 1138 struct fsg_lun *curlun = fsg->common->curlun;
d5e2b67a
MN		 1139 u8 *buf = (u8 *) bh->buf;
1140 u32 sd, sdinfo;
1141 int valid;
1142
1143 /*
1144 * From the SCSI-2 spec., section 7.9 (Unit attention condition):
1145 *
1146 * If a REQUEST SENSE command is received from an initiator
1147 * with a pending unit attention condition (before the target
1148 * generates the contingent allegiance condition), then the
1149 * target shall either:
1150 * a) report any pending sense data and preserve the unit
1151 * attention condition on the logical unit, or,
1152 * b) report the unit attention condition, may discard any
1153 * pending sense data, and clear the unit attention
1154 * condition on the logical unit for that initiator.
1155 *
1156 * FSG normally uses option a); enable this code to use option b).
1157 */
1158#if 0
1159 if (curlun && curlun->unit_attention_data != SS_NO_SENSE) {
1160 curlun->sense_data = curlun->unit_attention_data;
1161 curlun->unit_attention_data = SS_NO_SENSE;
1162 }
1163#endif
1164
d26a6aa0 1165 if (!curlun) { /* Unsupported LUNs are okay */
d5e2b67a
MN		 1166 fsg->bad_lun_okay = 1;
1167 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
1168 sdinfo = 0;
1169 valid = 0;
1170 } else {
1171 sd = curlun->sense_data;
1172 sdinfo = curlun->sense_data_info;
1173 valid = curlun->info_valid << 7;
1174 curlun->sense_data = SS_NO_SENSE;
1175 curlun->sense_data_info = 0;
1176 curlun->info_valid = 0;
1177 }
1178
1179 memset(buf, 0, 18);
d26a6aa0 1180 buf[0] = valid | 0x70; /* Valid, current error */
d5e2b67a
MN		 1181 buf[2] = SK(sd);
1182 put_unaligned_be32(sdinfo, &buf[3]); /* Sense information */
d26a6aa0 1183 buf[7] = 18 - 8; /* Additional sense length */
d5e2b67a
MN		 1184 buf[12] = ASC(sd);
1185 buf[13] = ASCQ(sd);
1186 return 18;
1187}
1188
1189
1190static int do_read_capacity(struct fsg_dev *fsg, struct fsg_buffhd *bh)
1191{
a41ae418
MN		 1192 struct fsg_lun *curlun = fsg->common->curlun;
1193 u32 lba = get_unaligned_be32(&fsg->common->cmnd[2]);
1194 int pmi = fsg->common->cmnd[8];
d5e2b67a
MN		 1195 u8 *buf = (u8 *) bh->buf;
1196
1197 /* Check the PMI and LBA fields */
1198 if (pmi > 1 || (pmi == 0 && lba != 0)) {
1199 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1200 return -EINVAL;
1201 }
1202
1203 put_unaligned_be32(curlun->num_sectors - 1, &buf[0]);
1204 /* Max logical block */
1205 put_unaligned_be32(512, &buf[4]); /* Block length */
1206 return 8;
1207}
1208
1209
1210static int do_read_header(struct fsg_dev *fsg, struct fsg_buffhd *bh)
1211{
a41ae418
MN		 1212 struct fsg_lun *curlun = fsg->common->curlun;
1213 int msf = fsg->common->cmnd[1] & 0x02;
1214 u32 lba = get_unaligned_be32(&fsg->common->cmnd[2]);
d5e2b67a
MN		 1215 u8 *buf = (u8 *) bh->buf;
1216
a41ae418 1217 if ((fsg->common->cmnd[1] & ~0x02) != 0) { /* Mask away MSF */
d5e2b67a
MN		 1218 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1219 return -EINVAL;
1220 }
1221 if (lba >= curlun->num_sectors) {
1222 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1223 return -EINVAL;
1224 }
1225
1226 memset(buf, 0, 8);
1227 buf[0] = 0x01; /* 2048 bytes of user data, rest is EC */
1228 store_cdrom_address(&buf[4], msf, lba);
1229 return 8;
1230}
1231
1232
1233static int do_read_toc(struct fsg_dev *fsg, struct fsg_buffhd *bh)
1234{
a41ae418
MN		 1235 struct fsg_lun *curlun = fsg->common->curlun;
1236 int msf = fsg->common->cmnd[1] & 0x02;
1237 int start_track = fsg->common->cmnd[6];
d5e2b67a
MN		 1238 u8 *buf = (u8 *) bh->buf;
1239
a41ae418 1240 if ((fsg->common->cmnd[1] & ~0x02) != 0 || /* Mask away MSF */
d5e2b67a
MN		 1241 start_track > 1) {
1242 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1243 return -EINVAL;
1244 }
1245
1246 memset(buf, 0, 20);
1247 buf[1] = (20-2); /* TOC data length */
1248 buf[2] = 1; /* First track number */
1249 buf[3] = 1; /* Last track number */
1250 buf[5] = 0x16; /* Data track, copying allowed */
1251 buf[6] = 0x01; /* Only track is number 1 */
1252 store_cdrom_address(&buf[8], msf, 0);
1253
1254 buf[13] = 0x16; /* Lead-out track is data */
1255 buf[14] = 0xAA; /* Lead-out track number */
1256 store_cdrom_address(&buf[16], msf, curlun->num_sectors);
1257 return 20;
1258}
1259
1260
1261static int do_mode_sense(struct fsg_dev *fsg, struct fsg_buffhd *bh)
1262{
a41ae418
MN		 1263 struct fsg_lun *curlun = fsg->common->curlun;
1264 int mscmnd = fsg->common->cmnd[0];
d5e2b67a
MN		 1265 u8 *buf = (u8 *) bh->buf;
1266 u8 *buf0 = buf;
1267 int pc, page_code;
1268 int changeable_values, all_pages;
1269 int valid_page = 0;
1270 int len, limit;
1271
d26a6aa0 1272 if ((fsg->common->cmnd[1] & ~0x08) != 0) { /* Mask away DBD */
d5e2b67a
MN		 1273 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1274 return -EINVAL;
1275 }
a41ae418
MN		 1276 pc = fsg->common->cmnd[2] >> 6;
1277 page_code = fsg->common->cmnd[2] & 0x3f;
d5e2b67a
MN		 1278 if (pc == 3) {
1279 curlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED;
1280 return -EINVAL;
1281 }
1282 changeable_values = (pc == 1);
1283 all_pages = (page_code == 0x3f);
1284
1285 /* Write the mode parameter header. Fixed values are: default
1286 * medium type, no cache control (DPOFUA), and no block descriptors.
1287 * The only variable value is the WriteProtect bit. We will fill in
1288 * the mode data length later. */
1289 memset(buf, 0, 8);
1290 if (mscmnd == SC_MODE_SENSE_6) {
d26a6aa0 1291 buf[2] = (curlun->ro ? 0x80 : 0x00); /* WP, DPOFUA */
d5e2b67a
MN		 1292 buf += 4;
1293 limit = 255;
d26a6aa0
MN		 1294 } else { /* SC_MODE_SENSE_10 */
1295 buf[3] = (curlun->ro ? 0x80 : 0x00); /* WP, DPOFUA */
d5e2b67a 1296 buf += 8;
d26a6aa0 1297 limit = 65535; /* Should really be FSG_BUFLEN */
d5e2b67a
MN		 1298 }
1299
1300 /* No block descriptors */
1301
1302 /* The mode pages, in numerical order. The only page we support
1303 * is the Caching page. */
1304 if (page_code == 0x08 || all_pages) {
1305 valid_page = 1;
d26a6aa0
MN		 1306 buf[0] = 0x08; /* Page code */
1307 buf[1] = 10; /* Page length */
1308 memset(buf+2, 0, 10); /* None of the fields are changeable */
d5e2b67a
MN		 1309
1310 if (!changeable_values) {
d26a6aa0
MN		 1311 buf[2] = 0x04; /* Write cache enable, */
1312 /* Read cache not disabled */
1313 /* No cache retention priorities */
d5e2b67a
MN		 1314 put_unaligned_be16(0xffff, &buf[4]);
1315 /* Don't disable prefetch */
1316 /* Minimum prefetch = 0 */
1317 put_unaligned_be16(0xffff, &buf[8]);
1318 /* Maximum prefetch */
1319 put_unaligned_be16(0xffff, &buf[10]);
1320 /* Maximum prefetch ceiling */
1321 }
1322 buf += 12;
1323 }
1324
1325 /* Check that a valid page was requested and the mode data length
1326 * isn't too long. */
1327 len = buf - buf0;
1328 if (!valid_page || len > limit) {
1329 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1330 return -EINVAL;
1331 }
1332
1333 /* Store the mode data length */
1334 if (mscmnd == SC_MODE_SENSE_6)
1335 buf0[0] = len - 1;
1336 else
1337 put_unaligned_be16(len - 2, buf0);
1338 return len;
1339}
1340
1341
1342static int do_start_stop(struct fsg_dev *fsg)
1343{
481e4929
MN		 1344 if (!fsg->common->curlun) {
1345 return -EINVAL;
1346 } else if (!fsg->common->curlun->removable) {
a41ae418 1347 fsg->common->curlun->sense_data = SS_INVALID_COMMAND;
d5e2b67a
MN		 1348 return -EINVAL;
1349 }
d5e2b67a
MN		 1350 return 0;
1351}
1352
1353
1354static int do_prevent_allow(struct fsg_dev *fsg)
1355{
a41ae418 1356 struct fsg_lun *curlun = fsg->common->curlun;
d5e2b67a
MN		 1357 int prevent;
1358
481e4929
MN		 1359 if (!fsg->common->curlun) {
1360 return -EINVAL;
1361 } else if (!fsg->common->curlun->removable) {
1362 fsg->common->curlun->sense_data = SS_INVALID_COMMAND;
d5e2b67a
MN		 1363 return -EINVAL;
1364 }
1365
a41ae418 1366 prevent = fsg->common->cmnd[4] & 0x01;
d26a6aa0 1367 if ((fsg->common->cmnd[4] & ~0x01) != 0) { /* Mask away Prevent */
d5e2b67a
MN		 1368 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1369 return -EINVAL;
1370 }
1371
1372 if (curlun->prevent_medium_removal && !prevent)
1373 fsg_lun_fsync_sub(curlun);
1374 curlun->prevent_medium_removal = prevent;
1375 return 0;
1376}
1377
1378
1379static int do_read_format_capacities(struct fsg_dev *fsg,
1380 struct fsg_buffhd *bh)
1381{
a41ae418 1382 struct fsg_lun *curlun = fsg->common->curlun;
d5e2b67a
MN		 1383 u8 *buf = (u8 *) bh->buf;
1384
1385 buf[0] = buf[1] = buf[2] = 0;
d26a6aa0 1386 buf[3] = 8; /* Only the Current/Maximum Capacity Descriptor */
d5e2b67a
MN		 1387 buf += 4;
1388
1389 put_unaligned_be32(curlun->num_sectors, &buf[0]);
1390 /* Number of blocks */
1391 put_unaligned_be32(512, &buf[4]); /* Block length */
1392 buf[4] = 0x02; /* Current capacity */
1393 return 12;
1394}
1395
1396
1397static int do_mode_select(struct fsg_dev *fsg, struct fsg_buffhd *bh)
1398{
a41ae418 1399 struct fsg_lun *curlun = fsg->common->curlun;
d5e2b67a
MN		 1400
1401 /* We don't support MODE SELECT */
1402 curlun->sense_data = SS_INVALID_COMMAND;
1403 return -EINVAL;
1404}
1405
1406
1407/*-------------------------------------------------------------------------*/
1408
1409static int halt_bulk_in_endpoint(struct fsg_dev *fsg)
1410{
1411 int rc;
1412
1413 rc = fsg_set_halt(fsg, fsg->bulk_in);
1414 if (rc == -EAGAIN)
1415 VDBG(fsg, "delayed bulk-in endpoint halt\n");
1416 while (rc != 0) {
1417 if (rc != -EAGAIN) {
1418 WARNING(fsg, "usb_ep_set_halt -> %d\n", rc);
1419 rc = 0;
1420 break;
1421 }
1422
1423 /* Wait for a short time and then try again */
1424 if (msleep_interruptible(100) != 0)
1425 return -EINTR;
1426 rc = usb_ep_set_halt(fsg->bulk_in);
1427 }
1428 return rc;
1429}
1430
1431static int wedge_bulk_in_endpoint(struct fsg_dev *fsg)
1432{
1433 int rc;
1434
1435 DBG(fsg, "bulk-in set wedge\n");
1436 rc = usb_ep_set_wedge(fsg->bulk_in);
1437 if (rc == -EAGAIN)
1438 VDBG(fsg, "delayed bulk-in endpoint wedge\n");
1439 while (rc != 0) {
1440 if (rc != -EAGAIN) {
1441 WARNING(fsg, "usb_ep_set_wedge -> %d\n", rc);
1442 rc = 0;
1443 break;
1444 }
1445
1446 /* Wait for a short time and then try again */
1447 if (msleep_interruptible(100) != 0)
1448 return -EINTR;
1449 rc = usb_ep_set_wedge(fsg->bulk_in);
1450 }
1451 return rc;
1452}
1453
1454static int pad_with_zeros(struct fsg_dev *fsg)
1455{
a41ae418 1456 struct fsg_buffhd *bh = fsg->common->next_buffhd_to_fill;
d5e2b67a
MN		 1457 u32 nkeep = bh->inreq->length;
1458 u32 nsend;
1459 int rc;
1460
d26a6aa0 1461 bh->state = BUF_STATE_EMPTY; /* For the first iteration */
d5e2b67a
MN		 1462 fsg->usb_amount_left = nkeep + fsg->residue;
1463 while (fsg->usb_amount_left > 0) {
1464
1465 /* Wait for the next buffer to be free */
1466 while (bh->state != BUF_STATE_EMPTY) {
1467 rc = sleep_thread(fsg);
1468 if (rc)
1469 return rc;
1470 }
1471
93bcf12e 1472 nsend = min(fsg->usb_amount_left, FSG_BUFLEN);
d5e2b67a
MN		 1473 memset(bh->buf + nkeep, 0, nsend - nkeep);
1474 bh->inreq->length = nsend;
1475 bh->inreq->zero = 0;
1476 start_transfer(fsg, fsg->bulk_in, bh->inreq,
1477 &bh->inreq_busy, &bh->state);
a41ae418 1478 bh = fsg->common->next_buffhd_to_fill = bh->next;
d5e2b67a
MN		 1479 fsg->usb_amount_left -= nsend;
1480 nkeep = 0;
1481 }
1482 return 0;
1483}
1484
1485static int throw_away_data(struct fsg_dev *fsg)
1486{
1487 struct fsg_buffhd *bh;
1488 u32 amount;
1489 int rc;
1490
a41ae418
MN		 1491 for (bh = fsg->common->next_buffhd_to_drain;
1492 bh->state != BUF_STATE_EMPTY || fsg->usb_amount_left > 0;
1493 bh = fsg->common->next_buffhd_to_drain) {
d5e2b67a
MN		 1494
1495 /* Throw away the data in a filled buffer */
1496 if (bh->state == BUF_STATE_FULL) {
1497 smp_rmb();
1498 bh->state = BUF_STATE_EMPTY;
a41ae418 1499 fsg->common->next_buffhd_to_drain = bh->next;
d5e2b67a
MN		 1500
1501 /* A short packet or an error ends everything */
1502 if (bh->outreq->actual != bh->outreq->length ||
1503 bh->outreq->status != 0) {
1504 raise_exception(fsg, FSG_STATE_ABORT_BULK_OUT);
1505 return -EINTR;
1506 }
1507 continue;
1508 }
1509
1510 /* Try to submit another request if we need one */
a41ae418 1511 bh = fsg->common->next_buffhd_to_fill;
d5e2b67a 1512 if (bh->state == BUF_STATE_EMPTY && fsg->usb_amount_left > 0) {
93bcf12e 1513 amount = min(fsg->usb_amount_left, FSG_BUFLEN);
d5e2b67a
MN		 1514
1515 /* amount is always divisible by 512, hence by
1516 * the bulk-out maxpacket size */
d26a6aa0
MN		 1517 bh->outreq->length = amount;
1518 bh->bulk_out_intended_length = amount;
d5e2b67a
MN		 1519 bh->outreq->short_not_ok = 1;
1520 start_transfer(fsg, fsg->bulk_out, bh->outreq,
1521 &bh->outreq_busy, &bh->state);
a41ae418 1522 fsg->common->next_buffhd_to_fill = bh->next;
d5e2b67a
MN		 1523 fsg->usb_amount_left -= amount;
1524 continue;
1525 }
1526
1527 /* Otherwise wait for something to happen */
1528 rc = sleep_thread(fsg);
1529 if (rc)
1530 return rc;
1531 }
1532 return 0;
1533}
1534
1535
1536static int finish_reply(struct fsg_dev *fsg)
1537{
a41ae418 1538 struct fsg_buffhd *bh = fsg->common->next_buffhd_to_fill;
d5e2b67a
MN		 1539 int rc = 0;
1540
1541 switch (fsg->data_dir) {
1542 case DATA_DIR_NONE:
d26a6aa0 1543 break; /* Nothing to send */
d5e2b67a
MN		 1544
1545 /* If we don't know whether the host wants to read or write,
1546 * this must be CB or CBI with an unknown command. We mustn't
1547 * try to send or receive any data. So stall both bulk pipes
1548 * if we can and wait for a reset. */
1549 case DATA_DIR_UNKNOWN:
481e4929 1550 if (fsg->can_stall) {
d5e2b67a
MN		 1551 fsg_set_halt(fsg, fsg->bulk_out);
1552 rc = halt_bulk_in_endpoint(fsg);
1553 }
1554 break;
1555
1556 /* All but the last buffer of data must have already been sent */
1557 case DATA_DIR_TO_HOST:
93bcf12e
MN		 1558 if (fsg->data_size == 0) {
1559 /* Nothing to send */
d5e2b67a
MN		 1560
1561 /* If there's no residue, simply send the last buffer */
93bcf12e 1562 } else if (fsg->residue == 0) {
d5e2b67a
MN		 1563 bh->inreq->zero = 0;
1564 start_transfer(fsg, fsg->bulk_in, bh->inreq,
1565 &bh->inreq_busy, &bh->state);
a41ae418 1566 fsg->common->next_buffhd_to_fill = bh->next;
d5e2b67a
MN		 1567
1568 /* For Bulk-only, if we're allowed to stall then send the
1569 * short packet and halt the bulk-in endpoint. If we can't
1570 * stall, pad out the remaining data with 0's. */
481e4929 1571 } else if (fsg->can_stall) {
93bcf12e
MN		 1572 bh->inreq->zero = 1;
1573 start_transfer(fsg, fsg->bulk_in, bh->inreq,
1574 &bh->inreq_busy, &bh->state);
a41ae418 1575 fsg->common->next_buffhd_to_fill = bh->next;
93bcf12e
MN		 1576 rc = halt_bulk_in_endpoint(fsg);
1577 } else {
1578 rc = pad_with_zeros(fsg);
d5e2b67a
MN		 1579 }
1580 break;
1581
1582 /* We have processed all we want from the data the host has sent.
1583 * There may still be outstanding bulk-out requests. */
1584 case DATA_DIR_FROM_HOST:
d26a6aa0
MN		 1585 if (fsg->residue == 0) {
1586 /* Nothing to receive */
d5e2b67a
MN		 1587
1588 /* Did the host stop sending unexpectedly early? */
d26a6aa0 1589 } else if (fsg->short_packet_received) {
d5e2b67a
MN		 1590 raise_exception(fsg, FSG_STATE_ABORT_BULK_OUT);
1591 rc = -EINTR;
d5e2b67a
MN		 1592
1593 /* We haven't processed all the incoming data. Even though
1594 * we may be allowed to stall, doing so would cause a race.
1595 * The controller may already have ACK'ed all the remaining
1596 * bulk-out packets, in which case the host wouldn't see a
1597 * STALL. Not realizing the endpoint was halted, it wouldn't
1598 * clear the halt -- leading to problems later on. */
1599#if 0
d26a6aa0 1600 } else if (fsg->can_stall) {
d5e2b67a
MN		 1601 fsg_set_halt(fsg, fsg->bulk_out);
1602 raise_exception(fsg, FSG_STATE_ABORT_BULK_OUT);
1603 rc = -EINTR;
d5e2b67a
MN		 1604#endif
1605
1606 /* We can't stall. Read in the excess data and throw it
1607 * all away. */
d26a6aa0 1608 } else {
d5e2b67a 1609 rc = throw_away_data(fsg);
d26a6aa0 1610 }
d5e2b67a
MN		 1611 break;
1612 }
1613 return rc;
1614}
1615
1616
1617static int send_status(struct fsg_dev *fsg)
1618{
a41ae418 1619 struct fsg_lun *curlun = fsg->common->curlun;
d5e2b67a 1620 struct fsg_buffhd *bh;
93bcf12e 1621 struct bulk_cs_wrap *csw;
d5e2b67a
MN		 1622 int rc;
1623 u8 status = USB_STATUS_PASS;
1624 u32 sd, sdinfo = 0;
1625
1626 /* Wait for the next buffer to become available */
a41ae418 1627 bh = fsg->common->next_buffhd_to_fill;
d5e2b67a
MN		 1628 while (bh->state != BUF_STATE_EMPTY) {
1629 rc = sleep_thread(fsg);
1630 if (rc)
1631 return rc;
1632 }
1633
1634 if (curlun) {
1635 sd = curlun->sense_data;
1636 sdinfo = curlun->sense_data_info;
1637 } else if (fsg->bad_lun_okay)
1638 sd = SS_NO_SENSE;
1639 else
1640 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
1641
1642 if (fsg->phase_error) {
1643 DBG(fsg, "sending phase-error status\n");
1644 status = USB_STATUS_PHASE_ERROR;
1645 sd = SS_INVALID_COMMAND;
1646 } else if (sd != SS_NO_SENSE) {
1647 DBG(fsg, "sending command-failure status\n");
1648 status = USB_STATUS_FAIL;
1649 VDBG(fsg, " sense data: SK x%02x, ASC x%02x, ASCQ x%02x;"
1650 " info x%x\n",
1651 SK(sd), ASC(sd), ASCQ(sd), sdinfo);
1652 }
1653
93bcf12e 1654 /* Store and send the Bulk-only CSW */
d26a6aa0 1655 csw = (void *)bh->buf;
d5e2b67a 1656
93bcf12e
MN		 1657 csw->Signature = cpu_to_le32(USB_BULK_CS_SIG);
1658 csw->Tag = fsg->tag;
1659 csw->Residue = cpu_to_le32(fsg->residue);
1660 csw->Status = status;
d5e2b67a 1661
93bcf12e
MN		 1662 bh->inreq->length = USB_BULK_CS_WRAP_LEN;
1663 bh->inreq->zero = 0;
1664 start_transfer(fsg, fsg->bulk_in, bh->inreq,
1665 &bh->inreq_busy, &bh->state);
d5e2b67a 1666
a41ae418 1667 fsg->common->next_buffhd_to_fill = bh->next;
d5e2b67a
MN		 1668 return 0;
1669}
1670
1671
1672/*-------------------------------------------------------------------------*/
1673
1674/* Check whether the command is properly formed and whether its data size
1675 * and direction agree with the values we already have. */
1676static int check_command(struct fsg_dev *fsg, int cmnd_size,
1677 enum data_direction data_dir, unsigned int mask,
1678 int needs_medium, const char *name)
1679{
1680 int i;
a41ae418 1681 int lun = fsg->common->cmnd[1] >> 5;
d5e2b67a
MN		 1682 static const char dirletter[4] = {'u', 'o', 'i', 'n'};
1683 char hdlen[20];
1684 struct fsg_lun *curlun;
1685
d5e2b67a
MN		 1686 hdlen[0] = 0;
1687 if (fsg->data_dir != DATA_DIR_UNKNOWN)
1688 sprintf(hdlen, ", H%c=%u", dirletter[(int) fsg->data_dir],
1689 fsg->data_size);
1690 VDBG(fsg, "SCSI command: %s; Dc=%d, D%c=%u; Hc=%d%s\n",
d26a6aa0
MN		 1691 name, cmnd_size, dirletter[(int) data_dir],
1692 fsg->data_size_from_cmnd, fsg->common->cmnd_size, hdlen);
d5e2b67a
MN		 1693
1694 /* We can't reply at all until we know the correct data direction
1695 * and size. */
1696 if (fsg->data_size_from_cmnd == 0)
1697 data_dir = DATA_DIR_NONE;
d26a6aa0 1698 if (fsg->data_dir == DATA_DIR_UNKNOWN) { /* CB or CBI */
d5e2b67a
MN		 1699 fsg->data_dir = data_dir;
1700 fsg->data_size = fsg->data_size_from_cmnd;
1701
d26a6aa0 1702 } else { /* Bulk-only */
d5e2b67a
MN		 1703 if (fsg->data_size < fsg->data_size_from_cmnd) {
1704
1705 /* Host data size < Device data size is a phase error.
1706 * Carry out the command, but only transfer as much
1707 * as we are allowed. */
1708 fsg->data_size_from_cmnd = fsg->data_size;
1709 fsg->phase_error = 1;
1710 }
1711 }
1712 fsg->residue = fsg->usb_amount_left = fsg->data_size;
1713
1714 /* Conflicting data directions is a phase error */
1715 if (fsg->data_dir != data_dir && fsg->data_size_from_cmnd > 0) {
1716 fsg->phase_error = 1;
1717 return -EINVAL;
1718 }
1719
1720 /* Verify the length of the command itself */
a41ae418 1721 if (cmnd_size != fsg->common->cmnd_size) {
d5e2b67a
MN		 1722
1723 /* Special case workaround: There are plenty of buggy SCSI
1724 * implementations. Many have issues with cbw->Length
1725 * field passing a wrong command size. For those cases we
1726 * always try to work around the problem by using the length
1727 * sent by the host side provided it is at least as large
1728 * as the correct command length.
1729 * Examples of such cases would be MS-Windows, which issues
1730 * REQUEST SENSE with cbw->Length == 12 where it should
1731 * be 6, and xbox360 issuing INQUIRY, TEST UNIT READY and
1732 * REQUEST SENSE with cbw->Length == 10 where it should
1733 * be 6 as well.
1734 */
a41ae418 1735 if (cmnd_size <= fsg->common->cmnd_size) {
d5e2b67a 1736 DBG(fsg, "%s is buggy! Expected length %d "
a41ae418
MN		 1737 "but we got %d\n", name,
1738 cmnd_size, fsg->common->cmnd_size);
1739 cmnd_size = fsg->common->cmnd_size;
d5e2b67a
MN		 1740 } else {
1741 fsg->phase_error = 1;
1742 return -EINVAL;
1743 }
1744 }
1745
1746 /* Check that the LUN values are consistent */
a41ae418 1747 if (fsg->common->lun != lun)
93bcf12e 1748 DBG(fsg, "using LUN %d from CBW, not LUN %d from CDB\n",
a41ae418 1749 fsg->common->lun, lun);
d5e2b67a
MN		 1750
1751 /* Check the LUN */
a41ae418 1752 if (fsg->common->lun >= 0 && fsg->common->lun < fsg->common->nluns) {
d26a6aa0
MN		 1753 curlun = &fsg->common->luns[fsg->common->lun];
1754 fsg->common->curlun = curlun;
a41ae418 1755 if (fsg->common->cmnd[0] != SC_REQUEST_SENSE) {
d5e2b67a
MN		 1756 curlun->sense_data = SS_NO_SENSE;
1757 curlun->sense_data_info = 0;
1758 curlun->info_valid = 0;
1759 }
1760 } else {
a41ae418 1761 fsg->common->curlun = curlun = NULL;
d5e2b67a
MN		 1762 fsg->bad_lun_okay = 0;
1763
1764 /* INQUIRY and REQUEST SENSE commands are explicitly allowed
1765 * to use unsupported LUNs; all others may not. */
a41ae418
MN		 1766 if (fsg->common->cmnd[0] != SC_INQUIRY &&
1767 fsg->common->cmnd[0] != SC_REQUEST_SENSE) {
1768 DBG(fsg, "unsupported LUN %d\n", fsg->common->lun);
d5e2b67a
MN		 1769 return -EINVAL;
1770 }
1771 }
1772
1773 /* If a unit attention condition exists, only INQUIRY and
1774 * REQUEST SENSE commands are allowed; anything else must fail. */
1775 if (curlun && curlun->unit_attention_data != SS_NO_SENSE &&
a41ae418
MN		 1776 fsg->common->cmnd[0] != SC_INQUIRY &&
1777 fsg->common->cmnd[0] != SC_REQUEST_SENSE) {
d5e2b67a
MN		 1778 curlun->sense_data = curlun->unit_attention_data;
1779 curlun->unit_attention_data = SS_NO_SENSE;
1780 return -EINVAL;
1781 }
1782
1783 /* Check that only command bytes listed in the mask are non-zero */
d26a6aa0 1784 fsg->common->cmnd[1] &= 0x1f; /* Mask away the LUN */
d5e2b67a 1785 for (i = 1; i < cmnd_size; ++i) {
a41ae418 1786 if (fsg->common->cmnd[i] && !(mask & (1 << i))) {
d5e2b67a
MN		 1787 if (curlun)
1788 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1789 return -EINVAL;
1790 }
1791 }
1792
1793 /* If the medium isn't mounted and the command needs to access
1794 * it, return an error. */
1795 if (curlun && !fsg_lun_is_open(curlun) && needs_medium) {
1796 curlun->sense_data = SS_MEDIUM_NOT_PRESENT;
1797 return -EINVAL;
1798 }
1799
1800 return 0;
1801}
1802
1803
1804static int do_scsi_command(struct fsg_dev *fsg)
1805{
1806 struct fsg_buffhd *bh;
1807 int rc;
1808 int reply = -EINVAL;
1809 int i;
1810 static char unknown[16];
1811
a41ae418 1812 dump_cdb(fsg->common);
d5e2b67a
MN		 1813
1814 /* Wait for the next buffer to become available for data or status */
d26a6aa0
MN		 1815 bh = fsg->common->next_buffhd_to_fill;
1816 fsg->common->next_buffhd_to_drain = bh;
d5e2b67a
MN		 1817 while (bh->state != BUF_STATE_EMPTY) {
1818 rc = sleep_thread(fsg);
1819 if (rc)
1820 return rc;
1821 }
1822 fsg->phase_error = 0;
1823 fsg->short_packet_received = 0;
1824
d26a6aa0
MN		 1825 /* We're using the backing file */
1826 down_read(&fsg->common->filesem);
a41ae418 1827 switch (fsg->common->cmnd[0]) {
d5e2b67a
MN		 1828
1829 case SC_INQUIRY:
a41ae418 1830 fsg->data_size_from_cmnd = fsg->common->cmnd[4];
d26a6aa0
MN		 1831 reply = check_command(fsg, 6, DATA_DIR_TO_HOST,
1832 (1<<4), 0,
1833 "INQUIRY");
1834 if (reply == 0)
d5e2b67a
MN		 1835 reply = do_inquiry(fsg, bh);
1836 break;
1837
1838 case SC_MODE_SELECT_6:
a41ae418 1839 fsg->data_size_from_cmnd = fsg->common->cmnd[4];
d26a6aa0
MN		 1840 reply = check_command(fsg, 6, DATA_DIR_FROM_HOST,
1841 (1<<1) | (1<<4), 0,
1842 "MODE SELECT(6)");
1843 if (reply == 0)
d5e2b67a
MN		 1844 reply = do_mode_select(fsg, bh);
1845 break;
1846
1847 case SC_MODE_SELECT_10:
d26a6aa0
MN		 1848 fsg->data_size_from_cmnd =
1849 get_unaligned_be16(&fsg->common->cmnd[7]);
1850 reply = check_command(fsg, 10, DATA_DIR_FROM_HOST,
1851 (1<<1) | (3<<7), 0,
1852 "MODE SELECT(10)");
1853 if (reply == 0)
d5e2b67a
MN		 1854 reply = do_mode_select(fsg, bh);
1855 break;
1856
1857 case SC_MODE_SENSE_6:
a41ae418 1858 fsg->data_size_from_cmnd = fsg->common->cmnd[4];
d26a6aa0
MN		 1859 reply = check_command(fsg, 6, DATA_DIR_TO_HOST,
1860 (1<<1) | (1<<2) | (1<<4), 0,
1861 "MODE SENSE(6)");
1862 if (reply == 0)
d5e2b67a
MN		 1863 reply = do_mode_sense(fsg, bh);
1864 break;
1865
1866 case SC_MODE_SENSE_10:
d26a6aa0
MN		 1867 fsg->data_size_from_cmnd =
1868 get_unaligned_be16(&fsg->common->cmnd[7]);
1869 reply = check_command(fsg, 10, DATA_DIR_TO_HOST,
1870 (1<<1) | (1<<2) | (3<<7), 0,
1871 "MODE SENSE(10)");
1872 if (reply == 0)
d5e2b67a
MN		 1873 reply = do_mode_sense(fsg, bh);
1874 break;
1875
1876 case SC_PREVENT_ALLOW_MEDIUM_REMOVAL:
1877 fsg->data_size_from_cmnd = 0;
d26a6aa0
MN		 1878 reply = check_command(fsg, 6, DATA_DIR_NONE,
1879 (1<<4), 0,
1880 "PREVENT-ALLOW MEDIUM REMOVAL");
1881 if (reply == 0)
d5e2b67a
MN		 1882 reply = do_prevent_allow(fsg);
1883 break;
1884
1885 case SC_READ_6:
a41ae418 1886 i = fsg->common->cmnd[4];
d5e2b67a 1887 fsg->data_size_from_cmnd = (i == 0 ? 256 : i) << 9;
d26a6aa0
MN		 1888 reply = check_command(fsg, 6, DATA_DIR_TO_HOST,
1889 (7<<1) | (1<<4), 1,
1890 "READ(6)");
1891 if (reply == 0)
d5e2b67a
MN		 1892 reply = do_read(fsg);
1893 break;
1894
1895 case SC_READ_10:
1896 fsg->data_size_from_cmnd =
a41ae418 1897 get_unaligned_be16(&fsg->common->cmnd[7]) << 9;
d26a6aa0
MN		 1898 reply = check_command(fsg, 10, DATA_DIR_TO_HOST,
1899 (1<<1) | (0xf<<2) | (3<<7), 1,
1900 "READ(10)");
1901 if (reply == 0)
d5e2b67a
MN		 1902 reply = do_read(fsg);
1903 break;
1904
1905 case SC_READ_12:
1906 fsg->data_size_from_cmnd =
a41ae418 1907 get_unaligned_be32(&fsg->common->cmnd[6]) << 9;
d26a6aa0
MN		 1908 reply = check_command(fsg, 12, DATA_DIR_TO_HOST,
1909 (1<<1) | (0xf<<2) | (0xf<<6), 1,
1910 "READ(12)");
1911 if (reply == 0)
d5e2b67a
MN		 1912 reply = do_read(fsg);
1913 break;
1914
1915 case SC_READ_CAPACITY:
1916 fsg->data_size_from_cmnd = 8;
d26a6aa0
MN		 1917 reply = check_command(fsg, 10, DATA_DIR_TO_HOST,
1918 (0xf<<2) | (1<<8), 1,
1919 "READ CAPACITY");
1920 if (reply == 0)
d5e2b67a
MN		 1921 reply = do_read_capacity(fsg, bh);
1922 break;
1923
1924 case SC_READ_HEADER:
481e4929 1925 if (!fsg->common->curlun || !fsg->common->curlun->cdrom)
d5e2b67a 1926 goto unknown_cmnd;
d26a6aa0
MN		 1927 fsg->data_size_from_cmnd =
1928 get_unaligned_be16(&fsg->common->cmnd[7]);
1929 reply = check_command(fsg, 10, DATA_DIR_TO_HOST,
1930 (3<<7) | (0x1f<<1), 1,
1931 "READ HEADER");
1932 if (reply == 0)
d5e2b67a
MN		 1933 reply = do_read_header(fsg, bh);
1934 break;
1935
1936 case SC_READ_TOC:
481e4929 1937 if (!fsg->common->curlun || !fsg->common->curlun->cdrom)
d5e2b67a 1938 goto unknown_cmnd;
d26a6aa0
MN		 1939 fsg->data_size_from_cmnd =
1940 get_unaligned_be16(&fsg->common->cmnd[7]);
1941 reply = check_command(fsg, 10, DATA_DIR_TO_HOST,
1942 (7<<6) | (1<<1), 1,
1943 "READ TOC");
1944 if (reply == 0)
d5e2b67a
MN		 1945 reply = do_read_toc(fsg, bh);
1946 break;
1947
1948 case SC_READ_FORMAT_CAPACITIES:
d26a6aa0
MN		 1949 fsg->data_size_from_cmnd =
1950 get_unaligned_be16(&fsg->common->cmnd[7]);
1951 reply = check_command(fsg, 10, DATA_DIR_TO_HOST,
1952 (3<<7), 1,
1953 "READ FORMAT CAPACITIES");
1954 if (reply == 0)
d5e2b67a
MN		 1955 reply = do_read_format_capacities(fsg, bh);
1956 break;
1957
1958 case SC_REQUEST_SENSE:
a41ae418 1959 fsg->data_size_from_cmnd = fsg->common->cmnd[4];
d26a6aa0
MN		 1960 reply = check_command(fsg, 6, DATA_DIR_TO_HOST,
1961 (1<<4), 0,
1962 "REQUEST SENSE");
1963 if (reply == 0)
d5e2b67a
MN		 1964 reply = do_request_sense(fsg, bh);
1965 break;
1966
1967 case SC_START_STOP_UNIT:
1968 fsg->data_size_from_cmnd = 0;
d26a6aa0
MN		 1969 reply = check_command(fsg, 6, DATA_DIR_NONE,
1970 (1<<1) | (1<<4), 0,
1971 "START-STOP UNIT");
1972 if (reply == 0)
d5e2b67a
MN		 1973 reply = do_start_stop(fsg);
1974 break;
1975
1976 case SC_SYNCHRONIZE_CACHE:
1977 fsg->data_size_from_cmnd = 0;
d26a6aa0
MN		 1978 reply = check_command(fsg, 10, DATA_DIR_NONE,
1979 (0xf<<2) | (3<<7), 1,
1980 "SYNCHRONIZE CACHE");
1981 if (reply == 0)
d5e2b67a
MN		 1982 reply = do_synchronize_cache(fsg);
1983 break;
1984
1985 case SC_TEST_UNIT_READY:
1986 fsg->data_size_from_cmnd = 0;
1987 reply = check_command(fsg, 6, DATA_DIR_NONE,
1988 0, 1,
1989 "TEST UNIT READY");
1990 break;
1991
1992 /* Although optional, this command is used by MS-Windows. We
1993 * support a minimal version: BytChk must be 0. */
1994 case SC_VERIFY:
1995 fsg->data_size_from_cmnd = 0;
d26a6aa0
MN		 1996 reply = check_command(fsg, 10, DATA_DIR_NONE,
1997 (1<<1) | (0xf<<2) | (3<<7), 1,
1998 "VERIFY");
1999 if (reply == 0)
d5e2b67a
MN		 2000 reply = do_verify(fsg);
2001 break;
2002
2003 case SC_WRITE_6:
a41ae418 2004 i = fsg->common->cmnd[4];
d5e2b67a 2005 fsg->data_size_from_cmnd = (i == 0 ? 256 : i) << 9;
d26a6aa0
MN		 2006 reply = check_command(fsg, 6, DATA_DIR_FROM_HOST,
2007 (7<<1) | (1<<4), 1,
2008 "WRITE(6)");
2009 if (reply == 0)
d5e2b67a
MN		 2010 reply = do_write(fsg);
2011 break;
2012
2013 case SC_WRITE_10:
2014 fsg->data_size_from_cmnd =
a41ae418 2015 get_unaligned_be16(&fsg->common->cmnd[7]) << 9;
d26a6aa0
MN		 2016 reply = check_command(fsg, 10, DATA_DIR_FROM_HOST,
2017 (1<<1) | (0xf<<2) | (3<<7), 1,
2018 "WRITE(10)");
2019 if (reply == 0)
d5e2b67a
MN		 2020 reply = do_write(fsg);
2021 break;
2022
2023 case SC_WRITE_12:
2024 fsg->data_size_from_cmnd =
a41ae418 2025 get_unaligned_be32(&fsg->common->cmnd[6]) << 9;
d26a6aa0
MN		 2026 reply = check_command(fsg, 12, DATA_DIR_FROM_HOST,
2027 (1<<1) | (0xf<<2) | (0xf<<6), 1,
2028 "WRITE(12)");
2029 if (reply == 0)
d5e2b67a
MN		 2030 reply = do_write(fsg);
2031 break;
2032
2033 /* Some mandatory commands that we recognize but don't implement.
2034 * They don't mean much in this setting. It's left as an exercise
2035 * for anyone interested to implement RESERVE and RELEASE in terms
2036 * of Posix locks. */
2037 case SC_FORMAT_UNIT:
2038 case SC_RELEASE:
2039 case SC_RESERVE:
2040 case SC_SEND_DIAGNOSTIC:
d26a6aa0 2041 /* Fall through */
d5e2b67a
MN		 2042
2043 default:
d26a6aa0 2044unknown_cmnd:
d5e2b67a 2045 fsg->data_size_from_cmnd = 0;
a41ae418 2046 sprintf(unknown, "Unknown x%02x", fsg->common->cmnd[0]);
d26a6aa0
MN		 2047 reply = check_command(fsg, fsg->common->cmnd_size,
2048 DATA_DIR_UNKNOWN, 0xff, 0, unknown);
2049 if (reply == 0) {
a41ae418 2050 fsg->common->curlun->sense_data = SS_INVALID_COMMAND;
d5e2b67a
MN		 2051 reply = -EINVAL;
2052 }
2053 break;
2054 }
a41ae418 2055 up_read(&fsg->common->filesem);
d5e2b67a
MN		 2056
2057 if (reply == -EINTR || signal_pending(current))
2058 return -EINTR;
2059
2060 /* Set up the single reply buffer for finish_reply() */
2061 if (reply == -EINVAL)
d26a6aa0 2062 reply = 0; /* Error reply length */
d5e2b67a
MN		 2063 if (reply >= 0 && fsg->data_dir == DATA_DIR_TO_HOST) {
2064 reply = min((u32) reply, fsg->data_size_from_cmnd);
2065 bh->inreq->length = reply;
2066 bh->state = BUF_STATE_FULL;
2067 fsg->residue -= reply;
d26a6aa0 2068 } /* Otherwise it's already set */
d5e2b67a
MN		 2069
2070 return 0;
2071}
2072
2073
2074/*-------------------------------------------------------------------------*/
2075
2076static int received_cbw(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2077{
2078 struct usb_request *req = bh->outreq;
2079 struct fsg_bulk_cb_wrap *cbw = req->buf;
2080
2081 /* Was this a real packet? Should it be ignored? */
2082 if (req->status || test_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags))
2083 return -EINVAL;
2084
2085 /* Is the CBW valid? */
2086 if (req->actual != USB_BULK_CB_WRAP_LEN ||
2087 cbw->Signature != cpu_to_le32(
2088 USB_BULK_CB_SIG)) {
2089 DBG(fsg, "invalid CBW: len %u sig 0x%x\n",
2090 req->actual,
2091 le32_to_cpu(cbw->Signature));
2092
2093 /* The Bulk-only spec says we MUST stall the IN endpoint
2094 * (6.6.1), so it's unavoidable. It also says we must
2095 * retain this state until the next reset, but there's
2096 * no way to tell the controller driver it should ignore
2097 * Clear-Feature(HALT) requests.
2098 *
2099 * We aren't required to halt the OUT endpoint; instead
2100 * we can simply accept and discard any data received
2101 * until the next reset. */
2102 wedge_bulk_in_endpoint(fsg);
2103 set_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags);
2104 return -EINVAL;
2105 }
2106
2107 /* Is the CBW meaningful? */
2108 if (cbw->Lun >= FSG_MAX_LUNS || cbw->Flags & ~USB_BULK_IN_FLAG ||
2109 cbw->Length <= 0 || cbw->Length > MAX_COMMAND_SIZE) {
2110 DBG(fsg, "non-meaningful CBW: lun = %u, flags = 0x%x, "
2111 "cmdlen %u\n",
2112 cbw->Lun, cbw->Flags, cbw->Length);
2113
2114 /* We can do anything we want here, so let's stall the
2115 * bulk pipes if we are allowed to. */
481e4929 2116 if (fsg->can_stall) {
d5e2b67a
MN		 2117 fsg_set_halt(fsg, fsg->bulk_out);
2118 halt_bulk_in_endpoint(fsg);
2119 }
2120 return -EINVAL;
2121 }
2122
2123 /* Save the command for later */
a41ae418
MN		 2124 fsg->common->cmnd_size = cbw->Length;
2125 memcpy(fsg->common->cmnd, cbw->CDB, fsg->common->cmnd_size);
d5e2b67a
MN		 2126 if (cbw->Flags & USB_BULK_IN_FLAG)
2127 fsg->data_dir = DATA_DIR_TO_HOST;
2128 else
2129 fsg->data_dir = DATA_DIR_FROM_HOST;
2130 fsg->data_size = le32_to_cpu(cbw->DataTransferLength);
2131 if (fsg->data_size == 0)
2132 fsg->data_dir = DATA_DIR_NONE;
a41ae418 2133 fsg->common->lun = cbw->Lun;
d5e2b67a
MN		 2134 fsg->tag = cbw->Tag;
2135 return 0;
2136}
2137
2138
2139static int get_next_command(struct fsg_dev *fsg)
2140{
2141 struct fsg_buffhd *bh;
2142 int rc = 0;
2143
93bcf12e 2144 /* Wait for the next buffer to become available */
a41ae418 2145 bh = fsg->common->next_buffhd_to_fill;
93bcf12e
MN		 2146 while (bh->state != BUF_STATE_EMPTY) {
2147 rc = sleep_thread(fsg);
2148 if (rc)
2149 return rc;
2150 }
d5e2b67a 2151
93bcf12e
MN		 2152 /* Queue a request to read a Bulk-only CBW */
2153 set_bulk_out_req_length(fsg, bh, USB_BULK_CB_WRAP_LEN);
2154 bh->outreq->short_not_ok = 1;
2155 start_transfer(fsg, fsg->bulk_out, bh->outreq,
2156 &bh->outreq_busy, &bh->state);
d5e2b67a 2157
93bcf12e
MN		 2158 /* We will drain the buffer in software, which means we
2159 * can reuse it for the next filling. No need to advance
2160 * next_buffhd_to_fill. */
d5e2b67a 2161
93bcf12e
MN		 2162 /* Wait for the CBW to arrive */
2163 while (bh->state != BUF_STATE_FULL) {
2164 rc = sleep_thread(fsg);
2165 if (rc)
2166 return rc;
d5e2b67a 2167 }
93bcf12e
MN		 2168 smp_rmb();
2169 rc = received_cbw(fsg, bh);
2170 bh->state = BUF_STATE_EMPTY;
2171
d5e2b67a
MN		 2172 return rc;
2173}
2174
2175
2176/*-------------------------------------------------------------------------*/
2177
2178static int enable_endpoint(struct fsg_dev *fsg, struct usb_ep *ep,
2179 const struct usb_endpoint_descriptor *d)
2180{
2181 int rc;
2182
2183 ep->driver_data = fsg;
2184 rc = usb_ep_enable(ep, d);
2185 if (rc)
2186 ERROR(fsg, "can't enable %s, result %d\n", ep->name, rc);
2187 return rc;
2188}
2189
2190static int alloc_request(struct fsg_dev *fsg, struct usb_ep *ep,
2191 struct usb_request **preq)
2192{
2193 *preq = usb_ep_alloc_request(ep, GFP_ATOMIC);
2194 if (*preq)
2195 return 0;
2196 ERROR(fsg, "can't allocate request for %s\n", ep->name);
2197 return -ENOMEM;
2198}
2199
2200/*
2201 * Reset interface setting and re-init endpoint state (toggle etc).
2202 * Call with altsetting < 0 to disable the interface. The only other
2203 * available altsetting is 0, which enables the interface.
2204 */
2205static int do_set_interface(struct fsg_dev *fsg, int altsetting)
2206{
2207 int rc = 0;
2208 int i;
2209 const struct usb_endpoint_descriptor *d;
2210
2211 if (fsg->running)
2212 DBG(fsg, "reset interface\n");
2213
2214reset:
2215 /* Deallocate the requests */
2216 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
a41ae418 2217 struct fsg_buffhd *bh = &fsg->common->buffhds[i];
d5e2b67a
MN		 2218
2219 if (bh->inreq) {
2220 usb_ep_free_request(fsg->bulk_in, bh->inreq);
2221 bh->inreq = NULL;
2222 }
2223 if (bh->outreq) {
2224 usb_ep_free_request(fsg->bulk_out, bh->outreq);
2225 bh->outreq = NULL;
2226 }
2227 }
d5e2b67a
MN		 2228
2229 /* Disable the endpoints */
2230 if (fsg->bulk_in_enabled) {
2231 usb_ep_disable(fsg->bulk_in);
2232 fsg->bulk_in_enabled = 0;
2233 }
2234 if (fsg->bulk_out_enabled) {
2235 usb_ep_disable(fsg->bulk_out);
2236 fsg->bulk_out_enabled = 0;
2237 }
d5e2b67a
MN		 2238
2239 fsg->running = 0;
2240 if (altsetting < 0 || rc != 0)
2241 return rc;
2242
2243 DBG(fsg, "set interface %d\n", altsetting);
2244
2245 /* Enable the endpoints */
2246 d = fsg_ep_desc(fsg->gadget,
2247 &fsg_fs_bulk_in_desc, &fsg_hs_bulk_in_desc);
d26a6aa0
MN		 2248 rc = enable_endpoint(fsg, fsg->bulk_in, d);
2249 if (rc != 0)
d5e2b67a
MN		 2250 goto reset;
2251 fsg->bulk_in_enabled = 1;
2252
2253 d = fsg_ep_desc(fsg->gadget,
2254 &fsg_fs_bulk_out_desc, &fsg_hs_bulk_out_desc);
d26a6aa0
MN		 2255 rc = enable_endpoint(fsg, fsg->bulk_out, d);
2256 if (rc != 0)
d5e2b67a
MN		 2257 goto reset;
2258 fsg->bulk_out_enabled = 1;
2259 fsg->bulk_out_maxpacket = le16_to_cpu(d->wMaxPacketSize);
2260 clear_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags);
2261
d5e2b67a
MN		 2262 /* Allocate the requests */
2263 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
a41ae418 2264 struct fsg_buffhd *bh = &fsg->common->buffhds[i];
d5e2b67a 2265
d26a6aa0
MN		 2266 rc = alloc_request(fsg, fsg->bulk_in, &bh->inreq);
2267 if (rc != 0)
d5e2b67a 2268 goto reset;
d26a6aa0
MN		 2269 rc = alloc_request(fsg, fsg->bulk_out, &bh->outreq);
2270 if (rc != 0)
d5e2b67a
MN		 2271 goto reset;
2272 bh->inreq->buf = bh->outreq->buf = bh->buf;
2273 bh->inreq->context = bh->outreq->context = bh;
2274 bh->inreq->complete = bulk_in_complete;
2275 bh->outreq->complete = bulk_out_complete;
2276 }
d5e2b67a
MN		 2277
2278 fsg->running = 1;
a41ae418
MN		 2279 for (i = 0; i < fsg->common->nluns; ++i)
2280 fsg->common->luns[i].unit_attention_data = SS_RESET_OCCURRED;
d5e2b67a
MN		 2281 return rc;
2282}
2283
2284
2285/*
2286 * Change our operational configuration. This code must agree with the code
2287 * that returns config descriptors, and with interface altsetting code.
2288 *
2289 * It's also responsible for power management interactions. Some
2290 * configurations might not work with our current power sources.
2291 * For now we just assume the gadget is always self-powered.
2292 */
2293static int do_set_config(struct fsg_dev *fsg, u8 new_config)
2294{
2295 int rc = 0;
2296
2297 /* Disable the single interface */
2298 if (fsg->config != 0) {
2299 DBG(fsg, "reset config\n");
2300 fsg->config = 0;
2301 rc = do_set_interface(fsg, -1);
2302 }
2303
2304 /* Enable the interface */
2305 if (new_config != 0) {
2306 fsg->config = new_config;
d23b0f08
MN		 2307 rc = do_set_interface(fsg, 0);
2308 if (rc != 0)
2309 fsg->config = 0; /* Reset on errors */
d5e2b67a
MN		 2310 }
2311 return rc;
2312}
2313
2314
d23b0f08
MN		 2315/****************************** ALT CONFIGS ******************************/
2316
2317
2318static int fsg_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
2319{
2320 struct fsg_dev *fsg = fsg_from_func(f);
2321 fsg->new_config = 1;
2322 raise_exception(fsg, FSG_STATE_CONFIG_CHANGE);
2323 return 0;
2324}
2325
2326static void fsg_disable(struct usb_function *f)
2327{
2328 struct fsg_dev *fsg = fsg_from_func(f);
2329 fsg->new_config = 0;
2330 raise_exception(fsg, FSG_STATE_CONFIG_CHANGE);
2331}
2332
2333
d5e2b67a
MN		 2334/*-------------------------------------------------------------------------*/
2335
2336static void handle_exception(struct fsg_dev *fsg)
2337{
2338 siginfo_t info;
2339 int sig;
2340 int i;
d5e2b67a
MN		 2341 struct fsg_buffhd *bh;
2342 enum fsg_state old_state;
2343 u8 new_config;
2344 struct fsg_lun *curlun;
2345 unsigned int exception_req_tag;
2346 int rc;
2347
2348 /* Clear the existing signals. Anything but SIGUSR1 is converted
2349 * into a high-priority EXIT exception. */
2350 for (;;) {
2351 sig = dequeue_signal_lock(current, &current->blocked, &info);
2352 if (!sig)
2353 break;
2354 if (sig != SIGUSR1) {
2355 if (fsg->state < FSG_STATE_EXIT)
2356 DBG(fsg, "Main thread exiting on signal\n");
2357 raise_exception(fsg, FSG_STATE_EXIT);
2358 }
2359 }
2360
2361 /* Cancel all the pending transfers */
d5e2b67a 2362 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
a41ae418 2363 bh = &fsg->common->buffhds[i];
d5e2b67a
MN		 2364 if (bh->inreq_busy)
2365 usb_ep_dequeue(fsg->bulk_in, bh->inreq);
2366 if (bh->outreq_busy)
2367 usb_ep_dequeue(fsg->bulk_out, bh->outreq);
2368 }
2369
2370 /* Wait until everything is idle */
2371 for (;;) {
a41ae418 2372 int num_active = 0;
d5e2b67a 2373 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
a41ae418 2374 bh = &fsg->common->buffhds[i];
d5e2b67a
MN		 2375 num_active += bh->inreq_busy + bh->outreq_busy;
2376 }
2377 if (num_active == 0)
2378 break;
2379 if (sleep_thread(fsg))
2380 return;
2381 }
2382
2383 /* Clear out the controller's fifos */
2384 if (fsg->bulk_in_enabled)
2385 usb_ep_fifo_flush(fsg->bulk_in);
2386 if (fsg->bulk_out_enabled)
2387 usb_ep_fifo_flush(fsg->bulk_out);
d5e2b67a
MN		 2388
2389 /* Reset the I/O buffer states and pointers, the SCSI
2390 * state, and the exception. Then invoke the handler. */
2391 spin_lock_irq(&fsg->lock);
2392
2393 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
a41ae418 2394 bh = &fsg->common->buffhds[i];
d5e2b67a
MN		 2395 bh->state = BUF_STATE_EMPTY;
2396 }
d26a6aa0
MN		 2397 fsg->common->next_buffhd_to_fill = &fsg->common->buffhds[0];
2398 fsg->common->next_buffhd_to_drain = &fsg->common->buffhds[0];
d5e2b67a
MN		 2399 exception_req_tag = fsg->exception_req_tag;
2400 new_config = fsg->new_config;
2401 old_state = fsg->state;
2402
2403 if (old_state == FSG_STATE_ABORT_BULK_OUT)
2404 fsg->state = FSG_STATE_STATUS_PHASE;
2405 else {
a41ae418
MN		 2406 for (i = 0; i < fsg->common->nluns; ++i) {
2407 curlun = &fsg->common->luns[i];
d5e2b67a 2408 curlun->prevent_medium_removal = 0;
d26a6aa0
MN		 2409 curlun->sense_data = SS_NO_SENSE;
2410 curlun->unit_attention_data = SS_NO_SENSE;
d5e2b67a
MN		 2411 curlun->sense_data_info = 0;
2412 curlun->info_valid = 0;
2413 }
2414 fsg->state = FSG_STATE_IDLE;
2415 }
2416 spin_unlock_irq(&fsg->lock);
2417
2418 /* Carry out any extra actions required for the exception */
2419 switch (old_state) {
d5e2b67a
MN		 2420 case FSG_STATE_ABORT_BULK_OUT:
2421 send_status(fsg);
2422 spin_lock_irq(&fsg->lock);
2423 if (fsg->state == FSG_STATE_STATUS_PHASE)
2424 fsg->state = FSG_STATE_IDLE;
2425 spin_unlock_irq(&fsg->lock);
2426 break;
2427
2428 case FSG_STATE_RESET:
2429 /* In case we were forced against our will to halt a
2430 * bulk endpoint, clear the halt now. (The SuperH UDC
2431 * requires this.) */
2432 if (test_and_clear_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags))
2433 usb_ep_clear_halt(fsg->bulk_in);
2434
93bcf12e 2435 if (fsg->ep0_req_tag == exception_req_tag)
d26a6aa0 2436 ep0_queue(fsg); /* Complete the status stage */
d5e2b67a
MN		 2437
2438 /* Technically this should go here, but it would only be
2439 * a waste of time. Ditto for the INTERFACE_CHANGE and
2440 * CONFIG_CHANGE cases. */
d26a6aa0
MN		 2441 /* for (i = 0; i < fsg->common->nluns; ++i) */
2442 /* fsg->common->luns[i].unit_attention_data = */
2443 /* SS_RESET_OCCURRED; */
d5e2b67a
MN		 2444 break;
2445
d5e2b67a
MN		 2446 case FSG_STATE_CONFIG_CHANGE:
2447 rc = do_set_config(fsg, new_config);
2448 if (fsg->ep0_req_tag != exception_req_tag)
2449 break;
d26a6aa0 2450 if (rc != 0) /* STALL on errors */
d5e2b67a 2451 fsg_set_halt(fsg, fsg->ep0);
d26a6aa0 2452 else /* Complete the status stage */
d5e2b67a
MN		 2453 ep0_queue(fsg);
2454 break;
2455
d5e2b67a
MN		 2456 case FSG_STATE_EXIT:
2457 case FSG_STATE_TERMINATED:
d26a6aa0 2458 do_set_config(fsg, 0); /* Free resources */
d5e2b67a 2459 spin_lock_irq(&fsg->lock);
d26a6aa0 2460 fsg->state = FSG_STATE_TERMINATED; /* Stop the thread */
d5e2b67a
MN		 2461 spin_unlock_irq(&fsg->lock);
2462 break;
d23b0f08
MN		 2463
2464 case FSG_STATE_INTERFACE_CHANGE:
2465 case FSG_STATE_DISCONNECT:
2466 case FSG_STATE_COMMAND_PHASE:
2467 case FSG_STATE_DATA_PHASE:
2468 case FSG_STATE_STATUS_PHASE:
2469 case FSG_STATE_IDLE:
2470 break;
d5e2b67a
MN		 2471 }
2472}
2473
2474
2475/*-------------------------------------------------------------------------*/
2476
2477static int fsg_main_thread(void *fsg_)
2478{
2479 struct fsg_dev *fsg = fsg_;
2480
2481 /* Allow the thread to be killed by a signal, but set the signal mask
2482 * to block everything but INT, TERM, KILL, and USR1. */
2483 allow_signal(SIGINT);
2484 allow_signal(SIGTERM);
2485 allow_signal(SIGKILL);
2486 allow_signal(SIGUSR1);
2487
2488 /* Allow the thread to be frozen */
2489 set_freezable();
2490
2491 /* Arrange for userspace references to be interpreted as kernel
2492 * pointers. That way we can pass a kernel pointer to a routine
2493 * that expects a __user pointer and it will work okay. */
2494 set_fs(get_ds());
2495
2496 /* The main loop */
2497 while (fsg->state != FSG_STATE_TERMINATED) {
2498 if (exception_in_progress(fsg) || signal_pending(current)) {
2499 handle_exception(fsg);
2500 continue;
2501 }
2502
2503 if (!fsg->running) {
2504 sleep_thread(fsg);
2505 continue;
2506 }
2507
2508 if (get_next_command(fsg))
2509 continue;
2510
2511 spin_lock_irq(&fsg->lock);
2512 if (!exception_in_progress(fsg))
2513 fsg->state = FSG_STATE_DATA_PHASE;
2514 spin_unlock_irq(&fsg->lock);
2515
2516 if (do_scsi_command(fsg) || finish_reply(fsg))
2517 continue;
2518
2519 spin_lock_irq(&fsg->lock);
2520 if (!exception_in_progress(fsg))
2521 fsg->state = FSG_STATE_STATUS_PHASE;
2522 spin_unlock_irq(&fsg->lock);
2523
2524 if (send_status(fsg))
2525 continue;
2526
2527 spin_lock_irq(&fsg->lock);
2528 if (!exception_in_progress(fsg))
2529 fsg->state = FSG_STATE_IDLE;
2530 spin_unlock_irq(&fsg->lock);
d23b0f08 2531 }
d5e2b67a
MN		 2532
2533 spin_lock_irq(&fsg->lock);
2534 fsg->thread_task = NULL;
2535 spin_unlock_irq(&fsg->lock);
2536
d23b0f08 2537 /* XXX */
d5e2b67a
MN		 2538 /* If we are exiting because of a signal, unregister the
2539 * gadget driver. */
d23b0f08
MN		 2540 /* if (test_and_clear_bit(REGISTERED, &fsg->atomic_bitflags)) */
2541 /* usb_gadget_unregister_driver(&fsg_driver); */
d5e2b67a
MN		 2542
2543 /* Let the unbind and cleanup routines know the thread has exited */
2544 complete_and_exit(&fsg->thread_notifier, 0);
2545}
2546
2547
9c610213 2548/*************************** DEVICE ATTRIBUTES ***************************/
d5e2b67a 2549
d23b0f08
MN		 2550/* Write permission is checked per LUN in store_*() functions. */
2551static DEVICE_ATTR(ro, 0644, fsg_show_ro, fsg_store_ro);
2552static DEVICE_ATTR(file, 0644, fsg_show_file, fsg_store_file);
d5e2b67a
MN		 2553
2554
9c610213
MN		 2555/****************************** FSG COMMON ******************************/
2556
2557static void fsg_common_release(struct kref *ref);
d5e2b67a 2558
9c610213 2559static void fsg_lun_release(struct device *dev)
d5e2b67a 2560{
9c610213 2561 /* Nothing needs to be done */
d5e2b67a
MN		 2562}
2563
9c610213 2564static inline void fsg_common_get(struct fsg_common *common)
d5e2b67a 2565{
9c610213 2566 kref_get(&common->ref);
d5e2b67a
MN		 2567}
2568
9c610213
MN		 2569static inline void fsg_common_put(struct fsg_common *common)
2570{
2571 kref_put(&common->ref, fsg_common_release);
2572}
2573
2574
2575static struct fsg_common *fsg_common_init(struct fsg_common *common,
481e4929
MN		 2576 struct usb_composite_dev *cdev,
2577 struct fsg_config *cfg)
9c610213 2578{
d23b0f08 2579 struct usb_gadget *gadget = cdev->gadget;
9c610213
MN		 2580 struct fsg_buffhd *bh;
2581 struct fsg_lun *curlun;
481e4929 2582 struct fsg_lun_config *lcfg;
9c610213 2583 int nluns, i, rc;
d23b0f08 2584 char *pathbuf;
9c610213
MN		 2585
2586 /* Find out how many LUNs there should be */
481e4929 2587 nluns = cfg->nluns;
9c610213
MN		 2588 if (nluns < 1 || nluns > FSG_MAX_LUNS) {
2589 dev_err(&gadget->dev, "invalid number of LUNs: %u\n", nluns);
2590 return ERR_PTR(-EINVAL);
2591 }
2592
2593 /* Allocate? */
2594 if (!common) {
2595 common = kzalloc(sizeof *common, GFP_KERNEL);
2596 if (!common)
2597 return ERR_PTR(-ENOMEM);
2598 common->free_storage_on_release = 1;
2599 } else {
2600 memset(common, 0, sizeof common);
2601 common->free_storage_on_release = 0;
2602 }
2603 common->gadget = gadget;
2604
2605 /* Create the LUNs, open their backing files, and register the
2606 * LUN devices in sysfs. */
2607 curlun = kzalloc(nluns * sizeof *curlun, GFP_KERNEL);
2608 if (!curlun) {
2609 kfree(common);
2610 return ERR_PTR(-ENOMEM);
2611 }
2612 common->luns = curlun;
2613
2614 init_rwsem(&common->filesem);
2615
481e4929
MN		 2616 for (i = 0, lcfg = cfg->luns; i < nluns; ++i, ++curlun, ++lcfg) {
2617 curlun->cdrom = !!lcfg->cdrom;
2618 curlun->ro = lcfg->cdrom || lcfg->ro;
2619 curlun->removable = lcfg->removable;
9c610213
MN		 2620 curlun->dev.release = fsg_lun_release;
2621 curlun->dev.parent = &gadget->dev;
d23b0f08 2622 /* curlun->dev.driver = &fsg_driver.driver; XXX */
9c610213 2623 dev_set_drvdata(&curlun->dev, &common->filesem);
e8b6f8c5
MN		 2624 dev_set_name(&curlun->dev,
2625 cfg->lun_name_format
2626 ? cfg->lun_name_format
2627 : "lun%d",
2628 i);
9c610213
MN		 2629
2630 rc = device_register(&curlun->dev);
2631 if (rc) {
2632 INFO(common, "failed to register LUN%d: %d\n", i, rc);
2633 common->nluns = i;
2634 goto error_release;
2635 }
2636
2637 rc = device_create_file(&curlun->dev, &dev_attr_ro);
2638 if (rc)
2639 goto error_luns;
2640 rc = device_create_file(&curlun->dev, &dev_attr_file);
2641 if (rc)
2642 goto error_luns;
2643
481e4929
MN		 2644 if (lcfg->filename) {
2645 rc = fsg_lun_open(curlun, lcfg->filename);
9c610213
MN		 2646 if (rc)
2647 goto error_luns;
481e4929 2648 } else if (!curlun->removable) {
9c610213
MN		 2649 ERROR(common, "no file given for LUN%d\n", i);
2650 rc = -EINVAL;
2651 goto error_luns;
2652 }
2653 }
2654 common->nluns = nluns;
2655
2656
2657 /* Data buffers cyclic list */
2658 /* Buffers in buffhds are static -- no need for additional
2659 * allocation. */
2660 bh = common->buffhds;
2661 i = FSG_NUM_BUFFERS - 1;
2662 do {
2663 bh->next = bh + 1;
2664 } while (++bh, --i);
2665 bh->next = common->buffhds;
2666
2667
481e4929
MN		 2668 /* Prepare inquiryString */
2669 if (cfg->release != 0xffff) {
2670 i = cfg->release;
2671 } else {
9c610213 2672 /* The sa1100 controller is not supported */
481e4929
MN		 2673 i = gadget_is_sa1100(gadget)
2674 ? -1
2675 : usb_gadget_controller_number(gadget);
2676 if (i >= 0) {
2677 i = 0x0300 + i;
2678 } else {
9c610213
MN		 2679 WARNING(common, "controller '%s' not recognized\n",
2680 gadget->name);
481e4929 2681 i = 0x0399;
9c610213
MN		 2682 }
2683 }
481e4929
MN		 2684#define OR(x, y) ((x) ? (x) : (y))
2685 snprintf(common->inquiry_string, sizeof common->inquiry_string,
2686 "%-8s%-16s%04x",
2687 OR(cfg->vendor_name, "Linux "),
2688 /* Assume product name dependent on the first LUN */
2689 OR(cfg->product_name, common->luns->cdrom
2690 ? "File-Stor Gadget"
2691 : "File-CD Gadget "),
2692 i);
9c610213
MN		 2693
2694
2695 /* Some peripheral controllers are known not to be able to
2696 * halt bulk endpoints correctly. If one of them is present,
2697 * disable stalls.
2698 */
481e4929
MN		 2699 common->can_stall = cfg->can_stall &&
2700 !(gadget_is_sh(fsg->gadget) || gadget_is_at91(fsg->gadget));
9c610213
MN		 2701
2702
e8b6f8c5 2703 common->thread_name = OR(cfg->thread_name, "file-storage");
9c610213 2704 kref_init(&common->ref);
e8b6f8c5
MN		 2705#undef OR
2706
d23b0f08
MN		 2707
2708 /* Information */
2709 INFO(common, FSG_DRIVER_DESC ", version: " FSG_DRIVER_VERSION "\n");
2710 INFO(common, "Number of LUNs=%d\n", common->nluns);
2711
2712 pathbuf = kmalloc(PATH_MAX, GFP_KERNEL);
2713 for (i = 0, nluns = common->nluns, curlun = common->luns;
2714 i < nluns;
2715 ++curlun, ++i) {
2716 char *p = "(no medium)";
2717 if (fsg_lun_is_open(curlun)) {
2718 p = "(error)";
2719 if (pathbuf) {
2720 p = d_path(&curlun->filp->f_path,
2721 pathbuf, PATH_MAX);
2722 if (IS_ERR(p))
2723 p = "(error)";
2724 }
2725 }
2726 LINFO(curlun, "LUN: %s%s%sfile: %s\n",
2727 curlun->removable ? "removable " : "",
2728 curlun->ro ? "read only " : "",
2729 curlun->cdrom ? "CD-ROM " : "",
2730 p);
2731 }
2732 kfree(pathbuf);
2733
9c610213
MN		 2734 return common;
2735
2736
2737error_luns:
2738 common->nluns = i + 1;
2739error_release:
d26a6aa0
MN		 2740 /* Call fsg_common_release() directly, ref might be not
2741 * initialised */
9c610213
MN		 2742 fsg_common_release(&common->ref);
2743 return ERR_PTR(rc);
2744}
2745
2746
2747static void fsg_common_release(struct kref *ref)
2748{
2749 struct fsg_common *common =
2750 container_of(ref, struct fsg_common, ref);
2751 unsigned i = common->nluns;
2752 struct fsg_lun *lun = common->luns;
2753
2754 /* Beware tempting for -> do-while optimization: when in error
2755 * recovery nluns may be zero. */
2756
2757 for (; i; --i, ++lun) {
2758 device_remove_file(&lun->dev, &dev_attr_ro);
2759 device_remove_file(&lun->dev, &dev_attr_file);
2760 fsg_lun_close(lun);
2761 device_unregister(&lun->dev);
2762 }
2763
2764 kfree(common->luns);
2765 if (common->free_storage_on_release)
2766 kfree(common);
2767}
2768
2769
2770/*-------------------------------------------------------------------------*/
2771
2772
d23b0f08 2773static void fsg_unbind(struct usb_configuration *c, struct usb_function *f)
d5e2b67a 2774{
d23b0f08 2775 struct fsg_dev *fsg = fsg_from_func(f);
d5e2b67a
MN		 2776
2777 DBG(fsg, "unbind\n");
2778 clear_bit(REGISTERED, &fsg->atomic_bitflags);
2779
d5e2b67a
MN		 2780 /* If the thread isn't already dead, tell it to exit now */
2781 if (fsg->state != FSG_STATE_TERMINATED) {
2782 raise_exception(fsg, FSG_STATE_EXIT);
2783 wait_for_completion(&fsg->thread_notifier);
2784
2785 /* The cleanup routine waits for this completion also */
2786 complete(&fsg->thread_notifier);
2787 }
2788
9c610213
MN		 2789 fsg_common_put(fsg->common);
2790 kfree(fsg);
d5e2b67a
MN		 2791}
2792
2793
d23b0f08 2794static int fsg_bind(struct usb_configuration *c, struct usb_function *f)
d5e2b67a 2795{
d23b0f08
MN		 2796 struct fsg_dev *fsg = fsg_from_func(f);
2797 struct usb_gadget *gadget = c->cdev->gadget;
d5e2b67a
MN		 2798 int rc;
2799 int i;
d5e2b67a 2800 struct usb_ep *ep;
d5e2b67a
MN		 2801
2802 fsg->gadget = gadget;
d5e2b67a 2803 fsg->ep0 = gadget->ep0;
d23b0f08 2804 fsg->ep0req = c->cdev->req;
d5e2b67a 2805
d23b0f08
MN		 2806 /* New interface */
2807 i = usb_interface_id(c, f);
2808 if (i < 0)
2809 return i;
2810 fsg_intf_desc.bInterfaceNumber = i;
2811 fsg->interface_number = i;
d5e2b67a 2812
d5e2b67a 2813 /* Find all the endpoints we will use */
d5e2b67a
MN		 2814 ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_in_desc);
2815 if (!ep)
2816 goto autoconf_fail;
d26a6aa0 2817 ep->driver_data = fsg; /* claim the endpoint */
d5e2b67a
MN		 2818 fsg->bulk_in = ep;
2819
2820 ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_out_desc);
2821 if (!ep)
2822 goto autoconf_fail;
d26a6aa0 2823 ep->driver_data = fsg; /* claim the endpoint */
d5e2b67a
MN		 2824 fsg->bulk_out = ep;
2825
d5e2b67a 2826 if (gadget_is_dualspeed(gadget)) {
d5e2b67a
MN		 2827 /* Assume endpoint addresses are the same for both speeds */
2828 fsg_hs_bulk_in_desc.bEndpointAddress =
2829 fsg_fs_bulk_in_desc.bEndpointAddress;
2830 fsg_hs_bulk_out_desc.bEndpointAddress =
2831 fsg_fs_bulk_out_desc.bEndpointAddress;
d23b0f08 2832 f->hs_descriptors = fsg_hs_function;
d5e2b67a
MN		 2833 }
2834
d5e2b67a 2835
d23b0f08
MN		 2836 /* maybe allocate device-global string IDs, and patch descriptors */
2837 if (fsg_strings[FSG_STRING_INTERFACE].id == 0) {
2838 i = usb_string_id(c->cdev);
2839 if (i < 0)
2840 return i;
2841 fsg_strings[FSG_STRING_INTERFACE].id = i;
2842 fsg_intf_desc.iInterface = i;
d5e2b67a
MN		 2843 }
2844
d23b0f08 2845
d5e2b67a 2846 fsg->thread_task = kthread_create(fsg_main_thread, fsg,
e8b6f8c5 2847 fsg->common->thread_name);
d5e2b67a
MN		 2848 if (IS_ERR(fsg->thread_task)) {
2849 rc = PTR_ERR(fsg->thread_task);
2850 goto out;
2851 }
2852
d5e2b67a
MN		 2853 DBG(fsg, "I/O thread pid: %d\n", task_pid_nr(fsg->thread_task));
2854
2855 set_bit(REGISTERED, &fsg->atomic_bitflags);
2856
2857 /* Tell the thread to start working */
2858 wake_up_process(fsg->thread_task);
2859 return 0;
2860
2861autoconf_fail:
2862 ERROR(fsg, "unable to autoconfigure all endpoints\n");
2863 rc = -ENOTSUPP;
2864
2865out:
d26a6aa0 2866 fsg->state = FSG_STATE_TERMINATED; /* The thread is dead */
d23b0f08 2867 fsg_unbind(c, f);
d5e2b67a
MN		 2868 complete(&fsg->thread_notifier);
2869 return rc;
2870}
2871
2872
d23b0f08 2873/****************************** ADD FUNCTION ******************************/
d5e2b67a 2874
d23b0f08
MN		 2875static struct usb_gadget_strings *fsg_strings_array[] = {
2876 &fsg_stringtab,
2877 NULL,
d5e2b67a
MN		 2878};
2879
d23b0f08
MN		 2880static int fsg_add(struct usb_composite_dev *cdev,
2881 struct usb_configuration *c,
2882 struct fsg_common *common)
d5e2b67a 2883{
d23b0f08
MN		 2884 struct fsg_dev *fsg;
2885 int rc;
2886
2887 fsg = kzalloc(sizeof *fsg, GFP_KERNEL);
2888 if (unlikely(!fsg))
2889 return -ENOMEM;
d5e2b67a 2890
d23b0f08
MN		 2891 spin_lock_init(&fsg->lock);
2892 init_completion(&fsg->thread_notifier);
d5e2b67a 2893
d23b0f08
MN		 2894 fsg->cdev = cdev;
2895 fsg->function.name = FSG_DRIVER_DESC;
2896 fsg->function.strings = fsg_strings_array;
2897 fsg->function.descriptors = fsg_fs_function;
2898 fsg->function.bind = fsg_bind;
2899 fsg->function.unbind = fsg_unbind;
2900 fsg->function.setup = fsg_setup;
2901 fsg->function.set_alt = fsg_set_alt;
2902 fsg->function.disable = fsg_disable;
2903
2904 fsg->common = common;
2905 /* Our caller holds a reference to common structure so we
2906 * don't have to be worry about it being freed until we return
2907 * from this function. So instead of incrementing counter now
2908 * and decrement in error recovery we increment it only when
2909 * call to usb_add_function() was successful. */
481e4929 2910 fsg->can_stall = common->can_stall;
d23b0f08
MN		 2911
2912 rc = usb_add_function(c, &fsg->function);
2913
2914 if (likely(rc == 0))
2915 fsg_common_get(fsg->common);
2916 else
2917 kfree(fsg);
2918
2919 return rc;
d5e2b67a 2920}
481e4929
MN		 2921
2922
2923
2924/************************* Module parameters *************************/
2925
2926
2927struct fsg_module_parameters {
2928 char *file[FSG_MAX_LUNS];
2929 int ro[FSG_MAX_LUNS];
2930 int removable[FSG_MAX_LUNS];
2931 int cdrom[FSG_MAX_LUNS];
2932
2933 unsigned int file_count, ro_count, removable_count, cdrom_count;
2934 unsigned int luns; /* nluns */
2935 int stall; /* can_stall */
2936};
2937
2938
2939#define _FSG_MODULE_PARAM_ARRAY(prefix, params, name, type, desc) \
2940 module_param_array_named(prefix ## name, params.name, type, \
2941 &prefix ## params.name ## _count, \
2942 S_IRUGO); \
2943 MODULE_PARM_DESC(prefix ## name, desc)
2944
2945#define _FSG_MODULE_PARAM(prefix, params, name, type, desc) \
2946 module_param_named(prefix ## name, params.name, type, \
2947 S_IRUGO); \
2948 MODULE_PARM_DESC(prefix ## name, desc)
2949
2950#define FSG_MODULE_PARAMETERS(prefix, params) \
2951 _FSG_MODULE_PARAM_ARRAY(prefix, params, file, charp, \
2952 "names of backing files or devices"); \
2953 _FSG_MODULE_PARAM_ARRAY(prefix, params, ro, bool, \
2954 "true to force read-only"); \
2955 _FSG_MODULE_PARAM_ARRAY(prefix, params, removable, bool, \
2956 "true to simulate removable media"); \
2957 _FSG_MODULE_PARAM_ARRAY(prefix, params, cdrom, bool, \
2958 "true to simulate CD-ROM instead of disk"); \
2959 _FSG_MODULE_PARAM(prefix, params, luns, uint, \
2960 "number of LUNs"); \
2961 _FSG_MODULE_PARAM(prefix, params, stall, bool, \
2962 "false to prevent bulk stalls")
2963
2964
2965static void
2966fsg_config_from_params(struct fsg_config *cfg,
2967 const struct fsg_module_parameters *params)
2968{
2969 struct fsg_lun_config *lun;
d26a6aa0 2970 unsigned i;
481e4929
MN		 2971
2972 /* Configure LUNs */
d26a6aa0
MN		 2973 cfg->nluns =
2974 min(params->luns ?: (params->file_count ?: 1u),
2975 (unsigned)FSG_MAX_LUNS);
2976 for (i = 0, lun = cfg->luns; i < cfg->nluns; ++i, ++lun) {
481e4929
MN		 2977 lun->ro = !!params->ro[i];
2978 lun->cdrom = !!params->cdrom[i];
d26a6aa0 2979 lun->removable = /* Removable by default */
481e4929
MN		 2980 params->removable_count <= i || params->removable[i];
2981 lun->filename =
2982 params->file_count > i && params->file[i][0]
2983 ? params->file[i]
2984 : 0;
2985 }
2986
d26a6aa0 2987 /* Let MSF use defaults */
e8b6f8c5
MN		 2988 cfg->lun_name_format = 0;
2989 cfg->thread_name = 0;
481e4929
MN		 2990 cfg->vendor_name = 0;
2991 cfg->product_name = 0;
2992 cfg->release = 0xffff;
2993
2994 /* Finalise */
2995 cfg->can_stall = params->stall;
2996}
2997
2998static inline struct fsg_common *
2999fsg_common_from_params(struct fsg_common *common,
3000 struct usb_composite_dev *cdev,
3001 const struct fsg_module_parameters *params)
3002 __attribute__((unused));
3003static inline struct fsg_common *
3004fsg_common_from_params(struct fsg_common *common,
3005 struct usb_composite_dev *cdev,
3006 const struct fsg_module_parameters *params)
3007{
3008 struct fsg_config cfg;
3009 fsg_config_from_params(&cfg, params);
3010 return fsg_common_init(common, cdev, &cfg);
3011}
3012
kernel source for telekom puls (alcatel/mediatek)