projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blob
? search:


681b7b018969d4dc13eeac3665ad62cbbaa49ca5
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / drivers / usb / gadget / f_mass_storage.c
1 /*
2 * f_mass_storage.c -- Mass Storage USB Composite Function
3 *
4 * Copyright (C) 2003-2008 Alan Stern
5 * Copyright (C) 2009 Samsung Electronics
6 * Author: Michal Nazarewicz <mina86@mina86.com>
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions, and the following disclaimer,
14 * without modification.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. The names of the above-listed copyright holders may not be used
19 * to endorse or promote products derived from this software without
20 * specific prior written permission.
21 *
22 * ALTERNATIVELY, this software may be distributed under the terms of the
23 * GNU General Public License ("GPL") as published by the Free Software
24 * Foundation, either version 2 of that License or (at your option) any
25 * later version.
26 *
27 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
28 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
29 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
30 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
31 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
32 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
33 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
34 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
35 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
36 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
37 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
38 */
39
40 /*
41 * The Mass Storage Function acts as a USB Mass Storage device,
42 * appearing to the host as a disk drive or as a CD-ROM drive. In
43 * addition to providing an example of a genuinely useful composite
44 * function for a USB device, it also illustrates a technique of
45 * double-buffering for increased throughput.
46 *
47 * For more information about MSF and in particular its module
48 * parameters and sysfs interface read the
49 * <Documentation/usb/mass-storage.txt> file.
50 */
51
52 /*
53 * MSF is configured by specifying a fsg_config structure. It has the
54 * following fields:
55 *
56 * nluns Number of LUNs function have (anywhere from 1
57 * to FSG_MAX_LUNS which is 8).
58 * luns An array of LUN configuration values. This
59 * should be filled for each LUN that
60 * function will include (ie. for "nluns"
61 * LUNs). Each element of the array has
62 * the following fields:
63 * ->filename The path to the backing file for the LUN.
64 * Required if LUN is not marked as
65 * removable.
66 * ->ro Flag specifying access to the LUN shall be
67 * read-only. This is implied if CD-ROM
68 * emulation is enabled as well as when
69 * it was impossible to open "filename"
70 * in R/W mode.
71 * ->removable Flag specifying that LUN shall be indicated as
72 * being removable.
73 * ->cdrom Flag specifying that LUN shall be reported as
74 * being a CD-ROM.
75 * ->nofua Flag specifying that FUA flag in SCSI WRITE(10,12)
76 * commands for this LUN shall be ignored.
77 *
78 * vendor_name
79 * product_name
80 * release Information used as a reply to INQUIRY
81 * request. To use default set to NULL,
82 * NULL, 0xffff respectively. The first
83 * field should be 8 and the second 16
84 * characters or less.
85 *
86 * can_stall Set to permit function to halt bulk endpoints.
87 * Disabled on some USB devices known not
88 * to work correctly. You should set it
89 * to true.
90 *
91 * If "removable" is not set for a LUN then a backing file must be
92 * specified. If it is set, then NULL filename means the LUN's medium
93 * is not loaded (an empty string as "filename" in the fsg_config
94 * structure causes error). The CD-ROM emulation includes a single
95 * data track and no audio tracks; hence there need be only one
96 * backing file per LUN.
97 *
98 * This function is heavily based on "File-backed Storage Gadget" by
99 * Alan Stern which in turn is heavily based on "Gadget Zero" by David
100 * Brownell. The driver's SCSI command interface was based on the
101 * "Information technology - Small Computer System Interface - 2"
102 * document from X3T9.2 Project 375D, Revision 10L, 7-SEP-93,
103 * available at <http://www.t10.org/ftp/t10/drafts/s2/s2-r10l.pdf>.
104 * The single exception is opcode 0x23 (READ FORMAT CAPACITIES), which
105 * was based on the "Universal Serial Bus Mass Storage Class UFI
106 * Command Specification" document, Revision 1.0, December 14, 1998,
107 * available at
108 * <http://www.usb.org/developers/devclass_docs/usbmass-ufi10.pdf>.
109 */
110
111 /*
112 * Driver Design
113 *
114 * The MSF is fairly straightforward. There is a main kernel
115 * thread that handles most of the work. Interrupt routines field
116 * callbacks from the controller driver: bulk- and interrupt-request
117 * completion notifications, endpoint-0 events, and disconnect events.
118 * Completion events are passed to the main thread by wakeup calls. Many
119 * ep0 requests are handled at interrupt time, but SetInterface,
120 * SetConfiguration, and device reset requests are forwarded to the
121 * thread in the form of "exceptions" using SIGUSR1 signals (since they
122 * should interrupt any ongoing file I/O operations).
123 *
124 * The thread's main routine implements the standard command/data/status
125 * parts of a SCSI interaction. It and its subroutines are full of tests
126 * for pending signals/exceptions -- all this polling is necessary since
127 * the kernel has no setjmp/longjmp equivalents. (Maybe this is an
128 * indication that the driver really wants to be running in userspace.)
129 * An important point is that so long as the thread is alive it keeps an
130 * open reference to the backing file. This will prevent unmounting
131 * the backing file's underlying filesystem and could cause problems
132 * during system shutdown, for example. To prevent such problems, the
133 * thread catches INT, TERM, and KILL signals and converts them into
134 * an EXIT exception.
135 *
136 * In normal operation the main thread is started during the gadget's
137 * fsg_bind() callback and stopped during fsg_unbind(). But it can
138 * also exit when it receives a signal, and there's no point leaving
139 * the gadget running when the thread is dead. As of this moment, MSF
140 * provides no way to deregister the gadget when thread dies -- maybe
141 * a callback functions is needed.
142 *
143 * To provide maximum throughput, the driver uses a circular pipeline of
144 * buffer heads (struct fsg_buffhd). In principle the pipeline can be
145 * arbitrarily long; in practice the benefits don't justify having more
146 * than 2 stages (i.e., double buffering). But it helps to think of the
147 * pipeline as being a long one. Each buffer head contains a bulk-in and
148 * a bulk-out request pointer (since the buffer can be used for both
149 * output and input -- directions always are given from the host's
150 * point of view) as well as a pointer to the buffer and various state
151 * variables.
152 *
153 * Use of the pipeline follows a simple protocol. There is a variable
154 * (fsg->next_buffhd_to_fill) that points to the next buffer head to use.
155 * At any time that buffer head may still be in use from an earlier
156 * request, so each buffer head has a state variable indicating whether
157 * it is EMPTY, FULL, or BUSY. Typical use involves waiting for the
158 * buffer head to be EMPTY, filling the buffer either by file I/O or by
159 * USB I/O (during which the buffer head is BUSY), and marking the buffer
160 * head FULL when the I/O is complete. Then the buffer will be emptied
161 * (again possibly by USB I/O, during which it is marked BUSY) and
162 * finally marked EMPTY again (possibly by a completion routine).
163 *
164 * A module parameter tells the driver to avoid stalling the bulk
165 * endpoints wherever the transport specification allows. This is
166 * necessary for some UDCs like the SuperH, which cannot reliably clear a
167 * halt on a bulk endpoint. However, under certain circumstances the
168 * Bulk-only specification requires a stall. In such cases the driver
169 * will halt the endpoint and set a flag indicating that it should clear
170 * the halt in software during the next device reset. Hopefully this
171 * will permit everything to work correctly. Furthermore, although the
172 * specification allows the bulk-out endpoint to halt when the host sends
173 * too much data, implementing this would cause an unavoidable race.
174 * The driver will always use the "no-stall" approach for OUT transfers.
175 *
176 * One subtle point concerns sending status-stage responses for ep0
177 * requests. Some of these requests, such as device reset, can involve
178 * interrupting an ongoing file I/O operation, which might take an
179 * arbitrarily long time. During that delay the host might give up on
180 * the original ep0 request and issue a new one. When that happens the
181 * driver should not notify the host about completion of the original
182 * request, as the host will no longer be waiting for it. So the driver
183 * assigns to each ep0 request a unique tag, and it keeps track of the
184 * tag value of the request associated with a long-running exception
185 * (device-reset, interface-change, or configuration-change). When the
186 * exception handler is finished, the status-stage response is submitted
187 * only if the current ep0 request tag is equal to the exception request
188 * tag. Thus only the most recently received ep0 request will get a
189 * status-stage response.
190 *
191 * Warning: This driver source file is too long. It ought to be split up
192 * into a header file plus about 3 separate .c files, to handle the details
193 * of the Gadget, USB Mass Storage, and SCSI protocols.
194 */
195
196
197 /* #define VERBOSE_DEBUG */
198 /* #define DUMP_MSGS */
199
200 #include <linux/blkdev.h>
201 #include <linux/completion.h>
202 #include <linux/dcache.h>
203 #include <linux/delay.h>
204 #include <linux/device.h>
205 #include <linux/fcntl.h>
206 #include <linux/file.h>
207 #include <linux/fs.h>
208 #include <linux/kref.h>
209 #include <linux/kthread.h>
210 #include <linux/limits.h>
211 #include <linux/rwsem.h>
212 #include <linux/slab.h>
213 #include <linux/spinlock.h>
214 #include <linux/string.h>
215 #include <linux/freezer.h>
216
217 #include <linux/usb/ch9.h>
218 #include <linux/usb/gadget.h>
219 #include <linux/usb/composite.h>
220
221 #include "gadget_chips.h"
222
223
224 /*------------------------------------------------------------------------*/
225
226 #define FSG_DRIVER_DESC "Mass Storage Function"
227 #define FSG_DRIVER_VERSION "2009/09/11"
228
229 static const char fsg_string_interface[] = "Mass Storage";
230
231 #include "storage_common.c"
232
233
234 /*-------------------------------------------------------------------------*/
235
236 struct fsg_dev;
237 struct fsg_common;
238
239 /* FSF callback functions */
240 struct fsg_operations {
241 /*
242 * Callback function to call when thread exits. If no
243 * callback is set or it returns value lower then zero MSF
244 * will force eject all LUNs it operates on (including those
245 * marked as non-removable or with prevent_medium_removal flag
246 * set).
247 */
248 int (*thread_exits)(struct fsg_common *common);
249 };
250
251 /* Data shared by all the FSG instances. */
252 struct fsg_common {
253 struct usb_gadget *gadget;
254 struct usb_composite_dev *cdev;
255 struct fsg_dev *fsg, *new_fsg;
256 wait_queue_head_t fsg_wait;
257
258 /* filesem protects: backing files in use */
259 struct rw_semaphore filesem;
260
261 /* lock protects: state, all the req_busy's */
262 spinlock_t lock;
263
264 struct usb_ep *ep0; /* Copy of gadget->ep0 */
265 struct usb_request *ep0req; /* Copy of cdev->req */
266 unsigned int ep0_req_tag;
267
268 struct fsg_buffhd *next_buffhd_to_fill;
269 struct fsg_buffhd *next_buffhd_to_drain;
270 struct fsg_buffhd *buffhds;
271
272 int cmnd_size;
273 u8 cmnd[MAX_COMMAND_SIZE];
274
275 unsigned int nluns;
276 unsigned int lun;
277 struct fsg_lun *luns;
278 struct fsg_lun *curlun;
279
280 unsigned int bulk_out_maxpacket;
281 enum fsg_state state; /* For exception handling */
282 unsigned int exception_req_tag;
283
284 enum data_direction data_dir;
285 u32 data_size;
286 u32 data_size_from_cmnd;
287 u32 tag;
288 u32 residue;
289 u32 usb_amount_left;
290
291 unsigned int can_stall:1;
292 unsigned int free_storage_on_release:1;
293 unsigned int phase_error:1;
294 unsigned int short_packet_received:1;
295 unsigned int bad_lun_okay:1;
296 unsigned int running:1;
297
298 int thread_wakeup_needed;
299 struct completion thread_notifier;
300 struct task_struct *thread_task;
301
302 /* Callback functions. */
303 const struct fsg_operations *ops;
304 /* Gadget's private data. */
305 void *private_data;
306
307 /*
308 * Vendor (8 chars), product (16 chars), release (4
309 * hexadecimal digits) and NUL byte
310 */
311 char inquiry_string[8 + 16 + 4 + 1];
312
313 struct kref ref;
314
315 #ifdef CONFIG_MTK_BICR_SUPPORT
316 int bicr;
317 #endif
318 void (*android_callback)(unsigned char);
319 };
320
321 struct fsg_config {
322 unsigned nluns;
323 struct fsg_lun_config {
324 const char *filename;
325 char ro;
326 char removable;
327 char cdrom;
328 char nofua;
329 } luns[FSG_MAX_LUNS];
330
331 /* Callback functions. */
332 const struct fsg_operations *ops;
333 /* Gadget's private data. */
334 void *private_data;
335
336 const char *vendor_name; /* 8 characters or less */
337 const char *product_name; /* 16 characters or less */
338
339 char can_stall;
340 };
341
342 struct fsg_dev {
343 struct usb_function function;
344 struct usb_gadget *gadget; /* Copy of cdev->gadget */
345 struct fsg_common *common;
346
347 u16 interface_number;
348
349 unsigned int bulk_in_enabled:1;
350 unsigned int bulk_out_enabled:1;
351
352 unsigned long atomic_bitflags;
353 #define IGNORE_BULK_OUT 0
354
355 struct usb_ep *bulk_in;
356 struct usb_ep *bulk_out;
357 };
358
359 static inline int __fsg_is_set(struct fsg_common *common,
360 const char *func, unsigned line)
361 {
362 if (common->fsg)
363 return 1;
364 ERROR(common, "common->fsg is NULL in %s at %u\n", func, line);
365 WARN_ON(1);
366 return 0;
367 }
368
369 #define fsg_is_set(common) likely(__fsg_is_set(common, __func__, __LINE__))
370
371 static inline struct fsg_dev *fsg_from_func(struct usb_function *f)
372 {
373 return container_of(f, struct fsg_dev, function);
374 }
375
376 typedef void (*fsg_routine_t)(struct fsg_dev *);
377
378 static int exception_in_progress(struct fsg_common *common)
379 {
380 return common->state > FSG_STATE_IDLE;
381 }
382
383 /* Make bulk-out requests be divisible by the maxpacket size */
384 static void set_bulk_out_req_length(struct fsg_common *common,
385 struct fsg_buffhd *bh, unsigned int length)
386 {
387 unsigned int rem;
388
389 bh->bulk_out_intended_length = length;
390 rem = length % common->bulk_out_maxpacket;
391 if (rem > 0)
392 length += common->bulk_out_maxpacket - rem;
393 bh->outreq->length = length;
394 bh->outreq->short_not_ok = 1;
395 }
396
397
398 /*-------------------------------------------------------------------------*/
399
400 static int fsg_set_halt(struct fsg_dev *fsg, struct usb_ep *ep)
401 {
402 const char *name;
403
404 if (ep == fsg->bulk_in)
405 name = "bulk-in";
406 else if (ep == fsg->bulk_out)
407 name = "bulk-out";
408 else
409 name = ep->name;
410 DBG(fsg, "%s set halt\n", name);
411 return usb_ep_set_halt(ep);
412 }
413
414
415 /*-------------------------------------------------------------------------*/
416
417 /* These routines may be called in process context or in_irq */
418
419 /* Caller must hold fsg->lock */
420 static void wakeup_thread(struct fsg_common *common)
421 {
422 smp_wmb(); /* ensure the write of bh->state is complete */
423 /* Tell the main thread that something has happened */
424 common->thread_wakeup_needed = 1;
425 if (common->thread_task)
426 wake_up_process(common->thread_task);
427 }
428
429 static void raise_exception(struct fsg_common *common, enum fsg_state new_state)
430 {
431 unsigned long flags;
432
433 /*
434 * Do nothing if a higher-priority exception is already in progress.
435 * If a lower-or-equal priority exception is in progress, preempt it
436 * and notify the main thread by sending it a signal.
437 */
438 spin_lock_irqsave(&common->lock, flags);
439 if (common->state <= new_state) {
440 common->exception_req_tag = common->ep0_req_tag;
441 common->state = new_state;
442 if (common->thread_task)
443 send_sig_info(SIGUSR1, SEND_SIG_FORCED,
444 common->thread_task);
445 }
446 spin_unlock_irqrestore(&common->lock, flags);
447 }
448
449
450 /*-------------------------------------------------------------------------*/
451
452 static int ep0_queue(struct fsg_common *common)
453 {
454 int rc;
455
456 rc = usb_ep_queue(common->ep0, common->ep0req, GFP_ATOMIC);
457 common->ep0->driver_data = common;
458 if (rc != 0 && rc != -ESHUTDOWN) {
459 /* We can't do much more than wait for a reset */
460 WARNING(common, "error in submission: %s --> %d\n",
461 common->ep0->name, rc);
462 }
463 return rc;
464 }
465
466
467 /*-------------------------------------------------------------------------*/
468
469 /* Completion handlers. These always run in_irq. */
470
471 static void bulk_in_complete(struct usb_ep *ep, struct usb_request *req)
472 {
473 struct fsg_common *common = ep->driver_data;
474 struct fsg_buffhd *bh = req->context;
475
476 if (req->status || req->actual != req->length)
477 DBG(common, "%s --> %d, %u/%u\n", __func__,
478 req->status, req->actual, req->length);
479 if (req->status == -ECONNRESET) /* Request was cancelled */
480 usb_ep_fifo_flush(ep);
481
482 /* Hold the lock while we update the request and buffer states */
483 smp_wmb();
484 spin_lock(&common->lock);
485 bh->inreq_busy = 0;
486 bh->state = BUF_STATE_EMPTY;
487 wakeup_thread(common);
488 spin_unlock(&common->lock);
489 }
490
491 static void bulk_out_complete(struct usb_ep *ep, struct usb_request *req)
492 {
493 struct fsg_common *common = ep->driver_data;
494 struct fsg_buffhd *bh = req->context;
495
496 dump_msg(common, "bulk-out", req->buf, req->actual);
497 if (req->status || req->actual != bh->bulk_out_intended_length)
498 DBG(common, "%s --> %d, %u/%u\n", __func__,
499 req->status, req->actual, bh->bulk_out_intended_length);
500 if (req->status == -ECONNRESET) /* Request was cancelled */
501 usb_ep_fifo_flush(ep);
502
503 /* Hold the lock while we update the request and buffer states */
504 smp_wmb();
505 spin_lock(&common->lock);
506 bh->outreq_busy = 0;
507 bh->state = BUF_STATE_FULL;
508 wakeup_thread(common);
509 spin_unlock(&common->lock);
510 }
511
512 static int fsg_setup(struct usb_function *f,
513 const struct usb_ctrlrequest *ctrl)
514 {
515 struct fsg_dev *fsg = fsg_from_func(f);
516 struct usb_request *req = fsg->common->ep0req;
517 u16 w_index = le16_to_cpu(ctrl->wIndex);
518 u16 w_value = le16_to_cpu(ctrl->wValue);
519 u16 w_length = le16_to_cpu(ctrl->wLength);
520
521 if (!fsg_is_set(fsg->common))
522 return -EOPNOTSUPP;
523
524 ++fsg->common->ep0_req_tag; /* Record arrival of a new request */
525 req->context = NULL;
526 req->length = 0;
527 dump_msg(fsg, "ep0-setup", (u8 *) ctrl, sizeof(*ctrl));
528
529 switch (ctrl->bRequest) {
530
531 case US_BULK_RESET_REQUEST:
532 if (ctrl->bRequestType !=
533 (USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE))
534 break;
535 if (w_index != fsg->interface_number || w_value != 0 ||
536 w_length != 0)
537 return -EDOM;
538
539 /*
540 * Raise an exception to stop the current operation
541 * and reinitialize our state.
542 */
543 DBG(fsg, "bulk reset request\n");
544 raise_exception(fsg->common, FSG_STATE_RESET);
545 return DELAYED_STATUS;
546
547 case US_BULK_GET_MAX_LUN:
548 if (ctrl->bRequestType !=
549 (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE))
550 break;
551 if (w_index != fsg->interface_number || w_value != 0 ||
552 w_length != 1)
553 return -EDOM;
554 VDBG(fsg, "get max LUN\n");
555
556 #ifdef CONFIG_MTK_BICR_SUPPORT
557 if(fsg->common->bicr) {
558 /*When enable bicr, only share ONE LUN.*/
559 *(u8 *)req->buf = 0;
560 } else {
561 *(u8 *)req->buf = fsg->common->nluns - 1;
562 }
563 #else
564 *(u8 *)req->buf = fsg->common->nluns - 1;
565 #endif
566
567 INFO(fsg, "get max LUN = %d\n",*(u8 *)req->buf);
568 /* Respond with data/status */
569 req->length = min((u16)1, w_length);
570 return ep0_queue(fsg->common);
571 }
572
573 VDBG(fsg,
574 "unknown class-specific control req %02x.%02x v%04x i%04x l%u\n",
575 ctrl->bRequestType, ctrl->bRequest,
576 le16_to_cpu(ctrl->wValue), w_index, w_length);
577 return -EOPNOTSUPP;
578 }
579
580
581 /*-------------------------------------------------------------------------*/
582
583 /* All the following routines run in process context */
584
585 /* Use this for bulk or interrupt transfers, not ep0 */
586 static void start_transfer(struct fsg_dev *fsg, struct usb_ep *ep,
587 struct usb_request *req, int *pbusy,
588 enum fsg_buffer_state *state)
589 {
590 int rc;
591
592 if (ep == fsg->bulk_in)
593 dump_msg(fsg, "bulk-in", req->buf, req->length);
594
595 spin_lock_irq(&fsg->common->lock);
596 *pbusy = 1;
597 *state = BUF_STATE_BUSY;
598 spin_unlock_irq(&fsg->common->lock);
599 rc = usb_ep_queue(ep, req, GFP_KERNEL);
600 if (rc != 0) {
601 *pbusy = 0;
602 *state = BUF_STATE_EMPTY;
603
604 /* We can't do much more than wait for a reset */
605
606 /*
607 * Note: currently the net2280 driver fails zero-length
608 * submissions if DMA is enabled.
609 */
610 if (rc != -ESHUTDOWN &&
611 !(rc == -EOPNOTSUPP && req->length == 0))
612 WARNING(fsg, "error in submission: %s --> %d\n",
613 ep->name, rc);
614 }
615 }
616
617 static bool start_in_transfer(struct fsg_common *common, struct fsg_buffhd *bh)
618 {
619 if (!fsg_is_set(common))
620 return false;
621 start_transfer(common->fsg, common->fsg->bulk_in,
622 bh->inreq, &bh->inreq_busy, &bh->state);
623 return true;
624 }
625
626 static bool start_out_transfer(struct fsg_common *common, struct fsg_buffhd *bh)
627 {
628 if (!fsg_is_set(common))
629 return false;
630 start_transfer(common->fsg, common->fsg->bulk_out,
631 bh->outreq, &bh->outreq_busy, &bh->state);
632 return true;
633 }
634
635 static int sleep_thread(struct fsg_common *common, bool can_freeze)
636 {
637 int rc = 0;
638
639 /* Wait until a signal arrives or we are woken up */
640 for (;;) {
641 if (can_freeze)
642 try_to_freeze();
643 set_current_state(TASK_INTERRUPTIBLE);
644 if (signal_pending(current)) {
645 rc = -EINTR;
646 break;
647 }
648 if (common->thread_wakeup_needed)
649 break;
650 schedule();
651 }
652 __set_current_state(TASK_RUNNING);
653 common->thread_wakeup_needed = 0;
654 smp_rmb(); /* ensure the latest bh->state is visible */
655 return rc;
656 }
657
658
659 /*-------------------------------------------------------------------------*/
660
661 static int do_read(struct fsg_common *common)
662 {
663 struct fsg_lun *curlun = common->curlun;
664 u32 lba;
665 struct fsg_buffhd *bh;
666 int rc;
667 u32 amount_left;
668 loff_t file_offset, file_offset_tmp;
669 unsigned int amount;
670 ssize_t nread;
671
672 /*
673 * Get the starting Logical Block Address and check that it's
674 * not too big.
675 */
676 if (common->cmnd[0] == READ_6)
677 lba = get_unaligned_be24(&common->cmnd[1]);
678 else {
679 lba = get_unaligned_be32(&common->cmnd[2]);
680
681 /*
682 * We allow DPO (Disable Page Out = don't save data in the
683 * cache) and FUA (Force Unit Access = don't read from the
684 * cache), but we don't implement them.
685 */
686 if ((common->cmnd[1] & ~0x18) != 0) {
687 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
688 return -EINVAL;
689 }
690 }
691 if (lba >= curlun->num_sectors) {
692 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
693 return -EINVAL;
694 }
695 file_offset = ((loff_t) lba) << curlun->blkbits;
696
697 /* Carry out the file reads */
698 amount_left = common->data_size_from_cmnd;
699 if (unlikely(amount_left == 0))
700 return -EIO; /* No default reply */
701
702 for (;;) {
703 /*
704 * Figure out how much we need to read:
705 * Try to read the remaining amount.
706 * But don't read more than the buffer size.
707 * And don't try to read past the end of the file.
708 */
709 amount = min(amount_left, FSG_BUFLEN);
710 amount = min((loff_t)amount,
711 curlun->file_length - file_offset);
712
713 /* Wait for the next buffer to become available */
714 bh = common->next_buffhd_to_fill;
715 while (bh->state != BUF_STATE_EMPTY) {
716 rc = sleep_thread(common, false);
717 if (rc)
718 return rc;
719 }
720
721 /*
722 * If we were asked to read past the end of file,
723 * end with an empty buffer.
724 */
725 if (amount == 0) {
726 curlun->sense_data =
727 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
728 curlun->sense_data_info =
729 file_offset >> curlun->blkbits;
730 curlun->info_valid = 1;
731 bh->inreq->length = 0;
732 bh->state = BUF_STATE_FULL;
733 break;
734 }
735
736 /* Perform the read */
737 file_offset_tmp = file_offset;
738 nread = vfs_read(curlun->filp,
739 (char __user *)bh->buf,
740 amount, &file_offset_tmp);
741 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount,
742 (unsigned long long)file_offset, (int)nread);
743 if (signal_pending(current))
744 return -EINTR;
745
746 if (nread < 0) {
747 LDBG(curlun, "error in file read: %d\n", (int)nread);
748 nread = 0;
749 } else if (nread < amount) {
750 LDBG(curlun, "partial file read: %d/%u\n",
751 (int)nread, amount);
752 nread = round_down(nread, curlun->blksize);
753 }
754 file_offset += nread;
755 amount_left -= nread;
756 common->residue -= nread;
757
758 /*
759 * Except at the end of the transfer, nread will be
760 * equal to the buffer size, which is divisible by the
761 * bulk-in maxpacket size.
762 */
763 bh->inreq->length = nread;
764 bh->state = BUF_STATE_FULL;
765
766 /* If an error occurred, report it and its position */
767 if (nread < amount) {
768 curlun->sense_data = SS_UNRECOVERED_READ_ERROR;
769 curlun->sense_data_info =
770 file_offset >> curlun->blkbits;
771 curlun->info_valid = 1;
772 break;
773 }
774
775 if (amount_left == 0)
776 break; /* No more left to read */
777
778 /* Send this buffer and go read some more */
779 bh->inreq->zero = 0;
780 if (!start_in_transfer(common, bh))
781 /* Don't know what to do if common->fsg is NULL */
782 return -EIO;
783 common->next_buffhd_to_fill = bh->next;
784 }
785
786 return -EIO; /* No default reply */
787 }
788
789
790 /*-------------------------------------------------------------------------*/
791
792 static int do_write(struct fsg_common *common)
793 {
794 struct fsg_lun *curlun = common->curlun;
795 u32 lba;
796 struct fsg_buffhd *bh;
797 int get_some_more;
798 u32 amount_left_to_req, amount_left_to_write;
799 loff_t usb_offset, file_offset, file_offset_tmp;
800 unsigned int amount;
801 ssize_t nwritten;
802 int rc;
803
804 if (curlun->ro) {
805 curlun->sense_data = SS_WRITE_PROTECTED;
806 return -EINVAL;
807 }
808 spin_lock(&curlun->filp->f_lock);
809 curlun->filp->f_flags &= ~O_SYNC; /* Default is not to wait */
810 spin_unlock(&curlun->filp->f_lock);
811
812 /*
813 * Get the starting Logical Block Address and check that it's
814 * not too big
815 */
816 if (common->cmnd[0] == WRITE_6)
817 lba = get_unaligned_be24(&common->cmnd[1]);
818 else {
819 lba = get_unaligned_be32(&common->cmnd[2]);
820
821 /*
822 * We allow DPO (Disable Page Out = don't save data in the
823 * cache) and FUA (Force Unit Access = write directly to the
824 * medium). We don't implement DPO; we implement FUA by
825 * performing synchronous output.
826 */
827 if (common->cmnd[1] & ~0x18) {
828 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
829 return -EINVAL;
830 }
831 if (!curlun->nofua && (common->cmnd[1] & 0x08)) { /* FUA */
832 spin_lock(&curlun->filp->f_lock);
833 curlun->filp->f_flags |= O_SYNC;
834 spin_unlock(&curlun->filp->f_lock);
835 }
836 }
837 if (lba >= curlun->num_sectors) {
838 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
839 return -EINVAL;
840 }
841
842 /* Carry out the file writes */
843 get_some_more = 1;
844 file_offset = usb_offset = ((loff_t) lba) << curlun->blkbits;
845 amount_left_to_req = common->data_size_from_cmnd;
846 amount_left_to_write = common->data_size_from_cmnd;
847
848 while (amount_left_to_write > 0) {
849
850 /* Queue a request for more data from the host */
851 bh = common->next_buffhd_to_fill;
852 if (bh->state == BUF_STATE_EMPTY && get_some_more) {
853
854 /*
855 * Figure out how much we want to get:
856 * Try to get the remaining amount,
857 * but not more than the buffer size.
858 */
859 amount = min(amount_left_to_req, FSG_BUFLEN);
860
861 /* Beyond the end of the backing file? */
862 if (usb_offset >= curlun->file_length) {
863 get_some_more = 0;
864 curlun->sense_data =
865 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
866 curlun->sense_data_info =
867 usb_offset >> curlun->blkbits;
868 curlun->info_valid = 1;
869 continue;
870 }
871
872 /* Get the next buffer */
873 usb_offset += amount;
874 common->usb_amount_left -= amount;
875 amount_left_to_req -= amount;
876 if (amount_left_to_req == 0)
877 get_some_more = 0;
878
879 /*
880 * Except at the end of the transfer, amount will be
881 * equal to the buffer size, which is divisible by
882 * the bulk-out maxpacket size.
883 */
884 set_bulk_out_req_length(common, bh, amount);
885 if (!start_out_transfer(common, bh))
886 /* Dunno what to do if common->fsg is NULL */
887 return -EIO;
888 common->next_buffhd_to_fill = bh->next;
889 continue;
890 }
891
892 /* Write the received data to the backing file */
893 bh = common->next_buffhd_to_drain;
894 if (bh->state == BUF_STATE_EMPTY && !get_some_more)
895 break; /* We stopped early */
896 if (bh->state == BUF_STATE_FULL) {
897 smp_rmb();
898 common->next_buffhd_to_drain = bh->next;
899 bh->state = BUF_STATE_EMPTY;
900
901 /* Did something go wrong with the transfer? */
902 if (bh->outreq->status != 0) {
903 curlun->sense_data = SS_COMMUNICATION_FAILURE;
904 curlun->sense_data_info =
905 file_offset >> curlun->blkbits;
906 curlun->info_valid = 1;
907 break;
908 }
909
910 amount = bh->outreq->actual;
911 if (curlun->file_length - file_offset < amount) {
912 LERROR(curlun,
913 "write %u @ %llu beyond end %llu\n",
914 amount, (unsigned long long)file_offset,
915 (unsigned long long)curlun->file_length);
916 amount = curlun->file_length - file_offset;
917 }
918
919 /* Don't accept excess data. The spec doesn't say
920 * what to do in this case. We'll ignore the error.
921 */
922 amount = min(amount, bh->bulk_out_intended_length);
923
924 /* Don't write a partial block */
925 amount = round_down(amount, curlun->blksize);
926 if (amount == 0)
927 goto empty_write;
928
929 /* Perform the write */
930 file_offset_tmp = file_offset;
931 nwritten = vfs_write(curlun->filp,
932 (char __user *)bh->buf,
933 amount, &file_offset_tmp);
934 VLDBG(curlun, "file write %u @ %llu -> %d\n", amount,
935 (unsigned long long)file_offset, (int)nwritten);
936 if (signal_pending(current))
937 return -EINTR; /* Interrupted! */
938
939 if (nwritten < 0) {
940 LDBG(curlun, "error in file write: %d\n",
941 (int)nwritten);
942 nwritten = 0;
943 } else if (nwritten < amount) {
944 LDBG(curlun, "partial file write: %d/%u\n",
945 (int)nwritten, amount);
946 nwritten = round_down(nwritten, curlun->blksize);
947 }
948 file_offset += nwritten;
949 amount_left_to_write -= nwritten;
950 common->residue -= nwritten;
951
952 /* If an error occurred, report it and its position */
953 if (nwritten < amount) {
954 curlun->sense_data = SS_WRITE_ERROR;
955 curlun->sense_data_info =
956 file_offset >> curlun->blkbits;
957 curlun->info_valid = 1;
958 break;
959 }
960
961 empty_write:
962 /* Did the host decide to stop early? */
963 if (bh->outreq->actual < bh->bulk_out_intended_length) {
964 common->short_packet_received = 1;
965 break;
966 }
967 continue;
968 }
969
970 /* Wait for something to happen */
971 rc = sleep_thread(common, false);
972 if (rc)
973 return rc;
974 }
975
976 return -EIO; /* No default reply */
977 }
978
979
980 /*-------------------------------------------------------------------------*/
981
982 static int do_synchronize_cache(struct fsg_common *common)
983 {
984 struct fsg_lun *curlun = common->curlun;
985 int rc;
986
987 /* We ignore the requested LBA and write out all file's
988 * dirty data buffers. */
989 rc = fsg_lun_fsync_sub(curlun);
990 if (rc)
991 curlun->sense_data = SS_WRITE_ERROR;
992 return 0;
993 }
994
995
996 /*-------------------------------------------------------------------------*/
997
998 static void invalidate_sub(struct fsg_lun *curlun)
999 {
1000 struct file *filp = curlun->filp;
1001 struct inode *inode = file_inode(filp);
1002 unsigned long rc;
1003
1004 rc = invalidate_mapping_pages(inode->i_mapping, 0, -1);
1005 VLDBG(curlun, "invalidate_mapping_pages -> %ld\n", rc);
1006 }
1007
1008 static int do_verify(struct fsg_common *common)
1009 {
1010 struct fsg_lun *curlun = common->curlun;
1011 u32 lba;
1012 u32 verification_length;
1013 struct fsg_buffhd *bh = common->next_buffhd_to_fill;
1014 loff_t file_offset, file_offset_tmp;
1015 u32 amount_left;
1016 unsigned int amount;
1017 ssize_t nread;
1018
1019 /*
1020 * Get the starting Logical Block Address and check that it's
1021 * not too big.
1022 */
1023 lba = get_unaligned_be32(&common->cmnd[2]);
1024 if (lba >= curlun->num_sectors) {
1025 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1026 return -EINVAL;
1027 }
1028
1029 /*
1030 * We allow DPO (Disable Page Out = don't save data in the
1031 * cache) but we don't implement it.
1032 */
1033 if (common->cmnd[1] & ~0x10) {
1034 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1035 return -EINVAL;
1036 }
1037
1038 verification_length = get_unaligned_be16(&common->cmnd[7]);
1039 if (unlikely(verification_length == 0))
1040 return -EIO; /* No default reply */
1041
1042 /* Prepare to carry out the file verify */
1043 amount_left = verification_length << curlun->blkbits;
1044 file_offset = ((loff_t) lba) << curlun->blkbits;
1045
1046 /* Write out all the dirty buffers before invalidating them */
1047 fsg_lun_fsync_sub(curlun);
1048 if (signal_pending(current))
1049 return -EINTR;
1050
1051 invalidate_sub(curlun);
1052 if (signal_pending(current))
1053 return -EINTR;
1054
1055 /* Just try to read the requested blocks */
1056 while (amount_left > 0) {
1057 /*
1058 * Figure out how much we need to read:
1059 * Try to read the remaining amount, but not more than
1060 * the buffer size.
1061 * And don't try to read past the end of the file.
1062 */
1063 amount = min(amount_left, FSG_BUFLEN);
1064 amount = min((loff_t)amount,
1065 curlun->file_length - file_offset);
1066 if (amount == 0) {
1067 curlun->sense_data =
1068 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1069 curlun->sense_data_info =
1070 file_offset >> curlun->blkbits;
1071 curlun->info_valid = 1;
1072 break;
1073 }
1074
1075 /* Perform the read */
1076 file_offset_tmp = file_offset;
1077 nread = vfs_read(curlun->filp,
1078 (char __user *) bh->buf,
1079 amount, &file_offset_tmp);
1080 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount,
1081 (unsigned long long) file_offset,
1082 (int) nread);
1083 if (signal_pending(current))
1084 return -EINTR;
1085
1086 if (nread < 0) {
1087 LDBG(curlun, "error in file verify: %d\n", (int)nread);
1088 nread = 0;
1089 } else if (nread < amount) {
1090 LDBG(curlun, "partial file verify: %d/%u\n",
1091 (int)nread, amount);
1092 nread = round_down(nread, curlun->blksize);
1093 }
1094 if (nread == 0) {
1095 curlun->sense_data = SS_UNRECOVERED_READ_ERROR;
1096 curlun->sense_data_info =
1097 file_offset >> curlun->blkbits;
1098 curlun->info_valid = 1;
1099 break;
1100 }
1101 file_offset += nread;
1102 amount_left -= nread;
1103 }
1104 return 0;
1105 }
1106
1107
1108 /*-------------------------------------------------------------------------*/
1109
1110 static int do_inquiry(struct fsg_common *common, struct fsg_buffhd *bh)
1111 {
1112 struct fsg_lun *curlun = common->curlun;
1113 u8 *buf = (u8 *) bh->buf;
1114
1115 if (!curlun) { /* Unsupported LUNs are okay */
1116 common->bad_lun_okay = 1;
1117 memset(buf, 0, 36);
1118 buf[0] = 0x7f; /* Unsupported, no device-type */
1119 buf[4] = 31; /* Additional length */
1120 return 36;
1121 }
1122
1123 buf[0] = curlun->cdrom ? TYPE_ROM : TYPE_DISK;
1124 buf[1] = curlun->removable ? 0x80 : 0;
1125 buf[2] = 2; /* ANSI SCSI level 2 */
1126 buf[3] = 2; /* SCSI-2 INQUIRY data format */
1127 buf[4] = 31; /* Additional length */
1128 buf[5] = 0; /* No special options */
1129 buf[6] = 0;
1130 buf[7] = 0;
1131 memcpy(buf + 8, common->inquiry_string, sizeof common->inquiry_string);
1132 return 36;
1133 }
1134
1135 static int do_request_sense(struct fsg_common *common, struct fsg_buffhd *bh)
1136 {
1137 struct fsg_lun *curlun = common->curlun;
1138 u8 *buf = (u8 *) bh->buf;
1139 u32 sd, sdinfo;
1140 int valid;
1141
1142 /*
1143 * From the SCSI-2 spec., section 7.9 (Unit attention condition):
1144 *
1145 * If a REQUEST SENSE command is received from an initiator
1146 * with a pending unit attention condition (before the target
1147 * generates the contingent allegiance condition), then the
1148 * target shall either:
1149 * a) report any pending sense data and preserve the unit
1150 * attention condition on the logical unit, or,
1151 * b) report the unit attention condition, may discard any
1152 * pending sense data, and clear the unit attention
1153 * condition on the logical unit for that initiator.
1154 *
1155 * FSG normally uses option a); enable this code to use option b).
1156 */
1157 #if 0
1158 if (curlun && curlun->unit_attention_data != SS_NO_SENSE) {
1159 curlun->sense_data = curlun->unit_attention_data;
1160 curlun->unit_attention_data = SS_NO_SENSE;
1161 }
1162 #endif
1163
1164 if (!curlun) { /* Unsupported LUNs are okay */
1165 common->bad_lun_okay = 1;
1166 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
1167 sdinfo = 0;
1168 valid = 0;
1169 } else {
1170 sd = curlun->sense_data;
1171 sdinfo = curlun->sense_data_info;
1172 valid = curlun->info_valid << 7;
1173 curlun->sense_data = SS_NO_SENSE;
1174 curlun->sense_data_info = 0;
1175 curlun->info_valid = 0;
1176 }
1177
1178 memset(buf, 0, 18);
1179 buf[0] = valid | 0x70; /* Valid, current error */
1180 buf[2] = SK(sd);
1181 put_unaligned_be32(sdinfo, &buf[3]); /* Sense information */
1182 buf[7] = 18 - 8; /* Additional sense length */
1183 buf[12] = ASC(sd);
1184 buf[13] = ASCQ(sd);
1185 return 18;
1186 }
1187
1188 static int do_read_capacity(struct fsg_common *common, struct fsg_buffhd *bh)
1189 {
1190 struct fsg_lun *curlun = common->curlun;
1191 u32 lba = get_unaligned_be32(&common->cmnd[2]);
1192 int pmi = common->cmnd[8];
1193 u8 *buf = (u8 *)bh->buf;
1194
1195 /* Check the PMI and LBA fields */
1196 if (pmi > 1 || (pmi == 0 && lba != 0)) {
1197 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1198 return -EINVAL;
1199 }
1200
1201 put_unaligned_be32(curlun->num_sectors - 1, &buf[0]);
1202 /* Max logical block */
1203 put_unaligned_be32(curlun->blksize, &buf[4]);/* Block length */
1204 return 8;
1205 }
1206
1207 static int do_read_header(struct fsg_common *common, struct fsg_buffhd *bh)
1208 {
1209 struct fsg_lun *curlun = common->curlun;
1210 int msf = common->cmnd[1] & 0x02;
1211 u32 lba = get_unaligned_be32(&common->cmnd[2]);
1212 u8 *buf = (u8 *)bh->buf;
1213
1214 if (common->cmnd[1] & ~0x02) { /* Mask away MSF */
1215 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1216 return -EINVAL;
1217 }
1218 if (lba >= curlun->num_sectors) {
1219 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1220 return -EINVAL;
1221 }
1222
1223 memset(buf, 0, 8);
1224 buf[0] = 0x01; /* 2048 bytes of user data, rest is EC */
1225 store_cdrom_address(&buf[4], msf, lba);
1226 return 8;
1227 }
1228
1229 static int do_read_toc(struct fsg_common *common, struct fsg_buffhd *bh)
1230 {
1231 struct fsg_lun *curlun = common->curlun;
1232 int msf = common->cmnd[1] & 0x02;
1233 int start_track = common->cmnd[6];
1234 u8 *buf = (u8 *)bh->buf;
1235 u8 format;
1236 int ret;
1237
1238 if ((common->cmnd[1] & ~0x02) != 0 || /* Mask away MSF */
1239 start_track > 1) {
1240 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1241 return -EINVAL;
1242 }
1243
1244 format = common->cmnd[2] & 0xf;
1245 /*
1246 * Check if CDB is old style SFF-8020i
1247 * i.e. format is in 2 MSBs of byte 9
1248 * Mac OS-X host sends us this.
1249 */
1250
1251 if (format == 0)
1252 format = (common->cmnd[9] >> 6) & 0x3;
1253
1254 ret = fsg_get_toc(curlun, msf, format, buf);
1255 if (ret < 0) {
1256 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1257 }
1258
1259 return ret;
1260
1261 #ifdef NEVER
1262 memset(buf, 0, 20);
1263 buf[1] = (20-2); /* TOC data length */
1264 buf[2] = 1; /* First track number */
1265 buf[3] = 1; /* Last track number */
1266 buf[5] = 0x16; /* Data track, copying allowed */
1267 buf[6] = 0x01; /* Only track is number 1 */
1268 store_cdrom_address(&buf[8], msf, 0);
1269
1270 buf[13] = 0x16; /* Lead-out track is data */
1271 buf[14] = 0xAA; /* Lead-out track number */
1272 store_cdrom_address(&buf[16], msf, curlun->num_sectors);
1273 return 20;
1274 #endif /* NEVER */
1275 }
1276
1277 static int do_mode_sense(struct fsg_common *common, struct fsg_buffhd *bh)
1278 {
1279 struct fsg_lun *curlun = common->curlun;
1280 int mscmnd = common->cmnd[0];
1281 u8 *buf = (u8 *) bh->buf;
1282 u8 *buf0 = buf;
1283 int pc, page_code;
1284 int changeable_values, all_pages;
1285 int valid_page = 0;
1286 int len, limit;
1287
1288 if ((common->cmnd[1] & ~0x08) != 0) { /* Mask away DBD */
1289 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1290 return -EINVAL;
1291 }
1292 pc = common->cmnd[2] >> 6;
1293 page_code = common->cmnd[2] & 0x3f;
1294 if (pc == 3) {
1295 curlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED;
1296 return -EINVAL;
1297 }
1298 changeable_values = (pc == 1);
1299 all_pages = (page_code == 0x3f);
1300
1301 /*
1302 * Write the mode parameter header. Fixed values are: default
1303 * medium type, no cache control (DPOFUA), and no block descriptors.
1304 * The only variable value is the WriteProtect bit. We will fill in
1305 * the mode data length later.
1306 */
1307 memset(buf, 0, 8);
1308 if (mscmnd == MODE_SENSE) {
1309 buf[2] = (curlun->ro ? 0x80 : 0x00); /* WP, DPOFUA */
1310 buf += 4;
1311 limit = 255;
1312 } else { /* MODE_SENSE_10 */
1313 buf[3] = (curlun->ro ? 0x80 : 0x00); /* WP, DPOFUA */
1314 buf += 8;
1315 limit = 65535; /* Should really be FSG_BUFLEN */
1316 }
1317
1318 /* No block descriptors */
1319
1320 /*
1321 * The mode pages, in numerical order. The only page we support
1322 * is the Caching page.
1323 */
1324 if (page_code == 0x08 || all_pages) {
1325 valid_page = 1;
1326 buf[0] = 0x08; /* Page code */
1327 buf[1] = 10; /* Page length */
1328 memset(buf+2, 0, 10); /* None of the fields are changeable */
1329
1330 if (!changeable_values) {
1331 buf[2] = 0x04; /* Write cache enable, */
1332 /* Read cache not disabled */
1333 /* No cache retention priorities */
1334 put_unaligned_be16(0xffff, &buf[4]);
1335 /* Don't disable prefetch */
1336 /* Minimum prefetch = 0 */
1337 put_unaligned_be16(0xffff, &buf[8]);
1338 /* Maximum prefetch */
1339 put_unaligned_be16(0xffff, &buf[10]);
1340 /* Maximum prefetch ceiling */
1341 }
1342 buf += 12;
1343 }
1344
1345 /*
1346 * Check that a valid page was requested and the mode data length
1347 * isn't too long.
1348 */
1349 len = buf - buf0;
1350 if (!valid_page || len > limit) {
1351 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1352 return -EINVAL;
1353 }
1354
1355 /* Store the mode data length */
1356 if (mscmnd == MODE_SENSE)
1357 buf0[0] = len - 1;
1358 else
1359 put_unaligned_be16(len - 2, buf0);
1360 return len;
1361 }
1362
1363 static int do_start_stop(struct fsg_common *common)
1364 {
1365 struct fsg_lun *curlun = common->curlun;
1366 int loej, start;
1367
1368 if (!curlun) {
1369 return -EINVAL;
1370 } else if (!curlun->removable) {
1371 curlun->sense_data = SS_INVALID_COMMAND;
1372 return -EINVAL;
1373 } else if ((common->cmnd[1] & ~0x01) != 0 || /* Mask away Immed */
1374 (common->cmnd[4] & ~0x03) != 0) { /* Mask LoEj, Start */
1375 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1376 return -EINVAL;
1377 }
1378
1379 loej = common->cmnd[4] & 0x02;
1380 start = common->cmnd[4] & 0x01;
1381
1382 /*
1383 * Our emulation doesn't support mounting; the medium is
1384 * available for use as soon as it is loaded.
1385 */
1386 if (start) {
1387 if (!fsg_lun_is_open(curlun)) {
1388 curlun->sense_data = SS_MEDIUM_NOT_PRESENT;
1389 return -EINVAL;
1390 }
1391 return 0;
1392 }
1393
1394 /* Are we allowed to unload the media? */
1395 if (curlun->prevent_medium_removal) {
1396 LDBG(curlun, "unload attempt prevented\n");
1397 curlun->sense_data = SS_MEDIUM_REMOVAL_PREVENTED;
1398 return -EINVAL;
1399 }
1400
1401 if (!loej)
1402 return 0;
1403
1404 up_read(&common->filesem);
1405 down_write(&common->filesem);
1406 fsg_lun_close(curlun);
1407 up_write(&common->filesem);
1408 down_read(&common->filesem);
1409
1410 return 0;
1411 }
1412
1413 static int do_prevent_allow(struct fsg_common *common)
1414 {
1415 struct fsg_lun *curlun = common->curlun;
1416 int prevent;
1417
1418 if (!common->curlun) {
1419 return -EINVAL;
1420 } else if (!common->curlun->removable) {
1421 common->curlun->sense_data = SS_INVALID_COMMAND;
1422 return -EINVAL;
1423 }
1424
1425 prevent = common->cmnd[4] & 0x01;
1426 if ((common->cmnd[4] & ~0x01) != 0) { /* Mask away Prevent */
1427 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1428 return -EINVAL;
1429 }
1430
1431 if (!curlun->nofua && curlun->prevent_medium_removal && !prevent)
1432 fsg_lun_fsync_sub(curlun);
1433 curlun->prevent_medium_removal = prevent;
1434 return 0;
1435 }
1436
1437 static int do_read_format_capacities(struct fsg_common *common,
1438 struct fsg_buffhd *bh)
1439 {
1440 struct fsg_lun *curlun = common->curlun;
1441 u8 *buf = (u8 *) bh->buf;
1442
1443 buf[0] = buf[1] = buf[2] = 0;
1444 buf[3] = 8; /* Only the Current/Maximum Capacity Descriptor */
1445 buf += 4;
1446
1447 put_unaligned_be32(curlun->num_sectors, &buf[0]);
1448 /* Number of blocks */
1449 put_unaligned_be32(curlun->blksize, &buf[4]);/* Block length */
1450 buf[4] = 0x02; /* Current capacity */
1451 return 12;
1452 }
1453
1454 static int do_mode_select(struct fsg_common *common, struct fsg_buffhd *bh)
1455 {
1456 struct fsg_lun *curlun = common->curlun;
1457
1458 /* We don't support MODE SELECT */
1459 if (curlun)
1460 curlun->sense_data = SS_INVALID_COMMAND;
1461 return -EINVAL;
1462 }
1463
1464
1465 /*-------------------------------------------------------------------------*/
1466
1467 static int halt_bulk_in_endpoint(struct fsg_dev *fsg)
1468 {
1469 int rc;
1470
1471 rc = fsg_set_halt(fsg, fsg->bulk_in);
1472 if (rc == -EAGAIN)
1473 VDBG(fsg, "delayed bulk-in endpoint halt\n");
1474 while (rc != 0) {
1475 if (rc != -EAGAIN) {
1476 WARNING(fsg, "usb_ep_set_halt -> %d\n", rc);
1477 rc = 0;
1478 break;
1479 }
1480
1481 /* Wait for a short time and then try again */
1482 if (msleep_interruptible(100) != 0)
1483 return -EINTR;
1484 rc = usb_ep_set_halt(fsg->bulk_in);
1485 }
1486 return rc;
1487 }
1488
1489 static int wedge_bulk_in_endpoint(struct fsg_dev *fsg)
1490 {
1491 int rc;
1492
1493 DBG(fsg, "bulk-in set wedge\n");
1494 rc = usb_ep_set_wedge(fsg->bulk_in);
1495 if (rc == -EAGAIN)
1496 VDBG(fsg, "delayed bulk-in endpoint wedge\n");
1497 while (rc != 0) {
1498 if (rc != -EAGAIN) {
1499 WARNING(fsg, "usb_ep_set_wedge -> %d\n", rc);
1500 rc = 0;
1501 break;
1502 }
1503
1504 /* Wait for a short time and then try again */
1505 if (msleep_interruptible(100) != 0)
1506 return -EINTR;
1507 rc = usb_ep_set_wedge(fsg->bulk_in);
1508 }
1509 return rc;
1510 }
1511
1512 static int throw_away_data(struct fsg_common *common)
1513 {
1514 struct fsg_buffhd *bh;
1515 u32 amount;
1516 int rc;
1517
1518 for (bh = common->next_buffhd_to_drain;
1519 bh->state != BUF_STATE_EMPTY || common->usb_amount_left > 0;
1520 bh = common->next_buffhd_to_drain) {
1521
1522 /* Throw away the data in a filled buffer */
1523 if (bh->state == BUF_STATE_FULL) {
1524 smp_rmb();
1525 bh->state = BUF_STATE_EMPTY;
1526 common->next_buffhd_to_drain = bh->next;
1527
1528 /* A short packet or an error ends everything */
1529 if (bh->outreq->actual < bh->bulk_out_intended_length ||
1530 bh->outreq->status != 0) {
1531 raise_exception(common,
1532 FSG_STATE_ABORT_BULK_OUT);
1533 return -EINTR;
1534 }
1535 continue;
1536 }
1537
1538 /* Try to submit another request if we need one */
1539 bh = common->next_buffhd_to_fill;
1540 if (bh->state == BUF_STATE_EMPTY
1541 && common->usb_amount_left > 0) {
1542 amount = min(common->usb_amount_left, FSG_BUFLEN);
1543
1544 /*
1545 * Except at the end of the transfer, amount will be
1546 * equal to the buffer size, which is divisible by
1547 * the bulk-out maxpacket size.
1548 */
1549 set_bulk_out_req_length(common, bh, amount);
1550 if (!start_out_transfer(common, bh))
1551 /* Dunno what to do if common->fsg is NULL */
1552 return -EIO;
1553 common->next_buffhd_to_fill = bh->next;
1554 common->usb_amount_left -= amount;
1555 continue;
1556 }
1557
1558 /* Otherwise wait for something to happen */
1559 rc = sleep_thread(common, true);
1560 if (rc)
1561 return rc;
1562 }
1563 return 0;
1564 }
1565
1566 static int finish_reply(struct fsg_common *common)
1567 {
1568 struct fsg_buffhd *bh = common->next_buffhd_to_fill;
1569 int rc = 0;
1570
1571 switch (common->data_dir) {
1572 case DATA_DIR_NONE:
1573 break; /* Nothing to send */
1574
1575 /*
1576 * If we don't know whether the host wants to read or write,
1577 * this must be CB or CBI with an unknown command. We mustn't
1578 * try to send or receive any data. So stall both bulk pipes
1579 * if we can and wait for a reset.
1580 */
1581 case DATA_DIR_UNKNOWN:
1582 if (!common->can_stall) {
1583 /* Nothing */
1584 } else if (fsg_is_set(common)) {
1585 fsg_set_halt(common->fsg, common->fsg->bulk_out);
1586 rc = halt_bulk_in_endpoint(common->fsg);
1587 } else {
1588 /* Don't know what to do if common->fsg is NULL */
1589 rc = -EIO;
1590 }
1591 break;
1592
1593 /* All but the last buffer of data must have already been sent */
1594 case DATA_DIR_TO_HOST:
1595 if (common->data_size == 0) {
1596 /* Nothing to send */
1597
1598 /* Don't know what to do if common->fsg is NULL */
1599 } else if (!fsg_is_set(common)) {
1600 rc = -EIO;
1601
1602 /* If there's no residue, simply send the last buffer */
1603 } else if (common->residue == 0) {
1604 bh->inreq->zero = 0;
1605 if (!start_in_transfer(common, bh))
1606 return -EIO;
1607 common->next_buffhd_to_fill = bh->next;
1608
1609 /*
1610 * For Bulk-only, mark the end of the data with a short
1611 * packet. If we are allowed to stall, halt the bulk-in
1612 * endpoint. (Note: This violates the Bulk-Only Transport
1613 * specification, which requires us to pad the data if we
1614 * don't halt the endpoint. Presumably nobody will mind.)
1615 */
1616 } else {
1617 bh->inreq->zero = 1;
1618 if (!start_in_transfer(common, bh))
1619 rc = -EIO;
1620 common->next_buffhd_to_fill = bh->next;
1621 if (common->can_stall)
1622 rc = halt_bulk_in_endpoint(common->fsg);
1623 }
1624 break;
1625
1626 /*
1627 * We have processed all we want from the data the host has sent.
1628 * There may still be outstanding bulk-out requests.
1629 */
1630 case DATA_DIR_FROM_HOST:
1631 if (common->residue == 0) {
1632 /* Nothing to receive */
1633
1634 /* Did the host stop sending unexpectedly early? */
1635 } else if (common->short_packet_received) {
1636 raise_exception(common, FSG_STATE_ABORT_BULK_OUT);
1637 rc = -EINTR;
1638
1639 /*
1640 * We haven't processed all the incoming data. Even though
1641 * we may be allowed to stall, doing so would cause a race.
1642 * The controller may already have ACK'ed all the remaining
1643 * bulk-out packets, in which case the host wouldn't see a
1644 * STALL. Not realizing the endpoint was halted, it wouldn't
1645 * clear the halt -- leading to problems later on.
1646 */
1647 #if 0
1648 } else if (common->can_stall) {
1649 if (fsg_is_set(common))
1650 fsg_set_halt(common->fsg,
1651 common->fsg->bulk_out);
1652 raise_exception(common, FSG_STATE_ABORT_BULK_OUT);
1653 rc = -EINTR;
1654 #endif
1655
1656 /*
1657 * We can't stall. Read in the excess data and throw it
1658 * all away.
1659 */
1660 } else {
1661 rc = throw_away_data(common);
1662 }
1663 break;
1664 }
1665 return rc;
1666 }
1667
1668 static int send_status(struct fsg_common *common)
1669 {
1670 struct fsg_lun *curlun = common->curlun;
1671 struct fsg_buffhd *bh;
1672 struct bulk_cs_wrap *csw;
1673 int rc;
1674 u8 status = US_BULK_STAT_OK;
1675 u32 sd, sdinfo = 0;
1676
1677 /* Wait for the next buffer to become available */
1678 bh = common->next_buffhd_to_fill;
1679 while (bh->state != BUF_STATE_EMPTY) {
1680 rc = sleep_thread(common, true);
1681 if (rc)
1682 return rc;
1683 }
1684
1685 if (curlun) {
1686 sd = curlun->sense_data;
1687 sdinfo = curlun->sense_data_info;
1688 } else if (common->bad_lun_okay)
1689 sd = SS_NO_SENSE;
1690 else
1691 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
1692
1693 if (common->phase_error) {
1694 ERROR(common, "sending phase-error status\n");
1695 status = US_BULK_STAT_PHASE;
1696 sd = SS_INVALID_COMMAND;
1697 } else if (sd != SS_NO_SENSE) {
1698 DBG(common, "sending command-failure status\n");
1699 status = US_BULK_STAT_FAIL;
1700 VDBG(common, " sense data: SK x%02x, ASC x%02x, ASCQ x%02x;"
1701 " info x%x\n",
1702 SK(sd), ASC(sd), ASCQ(sd), sdinfo);
1703 }
1704
1705 /* Store and send the Bulk-only CSW */
1706 csw = (void *)bh->buf;
1707
1708 csw->Signature = cpu_to_le32(US_BULK_CS_SIGN);
1709 csw->Tag = common->tag;
1710 csw->Residue = cpu_to_le32(common->residue);
1711 csw->Status = status;
1712
1713 bh->inreq->length = US_BULK_CS_WRAP_LEN;
1714 bh->inreq->zero = 0;
1715 if (!start_in_transfer(common, bh))
1716 /* Don't know what to do if common->fsg is NULL */
1717 return -EIO;
1718
1719 common->next_buffhd_to_fill = bh->next;
1720
1721 #ifdef CONFIG_MTK_ICUSB_SUPPORT
1722 #define ICUSB_FSYNC_MAGIC_TIME 2
1723 if (curlun->filp && curlun->isICUSB)
1724 {
1725 struct timeval tv_before, tv_after;
1726 do_gettimeofday(&tv_before);
1727 vfs_fsync(curlun->filp, 1);
1728 do_gettimeofday(&tv_after);
1729 if( (tv_after.tv_sec - tv_before.tv_sec) >= ICUSB_FSYNC_MAGIC_TIME){
1730 printk(KERN_WARNING "time spent more than %d sec, sec : %d, usec : %d\n", ICUSB_FSYNC_MAGIC_TIME, (unsigned int)(tv_after.tv_sec - tv_before.tv_sec), (unsigned int)(tv_after.tv_usec - tv_before.tv_usec));
1731 }
1732 }
1733 #endif
1734 return 0;
1735 }
1736
1737
1738 /*-------------------------------------------------------------------------*/
1739
1740 /*
1741 * Check whether the command is properly formed and whether its data size
1742 * and direction agree with the values we already have.
1743 */
1744 static int check_command(struct fsg_common *common, int cmnd_size,
1745 enum data_direction data_dir, unsigned int mask,
1746 int needs_medium, const char *name)
1747 {
1748 int i;
1749 unsigned int lun = common->cmnd[1] >> 5;
1750 static const char dirletter[4] = {'u', 'o', 'i', 'n'};
1751 char hdlen[20];
1752 struct fsg_lun *curlun;
1753
1754 hdlen[0] = 0;
1755 if (common->data_dir != DATA_DIR_UNKNOWN)
1756 sprintf(hdlen, ", H%c=%u", dirletter[(int) common->data_dir],
1757 common->data_size);
1758 VDBG(common, "SCSI command: %s; Dc=%d, D%c=%u; Hc=%d%s\n",
1759 name, cmnd_size, dirletter[(int) data_dir],
1760 common->data_size_from_cmnd, common->cmnd_size, hdlen);
1761
1762 /*
1763 * We can't reply at all until we know the correct data direction
1764 * and size.
1765 */
1766 if (common->data_size_from_cmnd == 0)
1767 data_dir = DATA_DIR_NONE;
1768 if (common->data_size < common->data_size_from_cmnd) {
1769 /*
1770 * Host data size < Device data size is a phase error.
1771 * Carry out the command, but only transfer as much as
1772 * we are allowed.
1773 */
1774 ERROR(common, "PHASE ERROR: data_size(%d) < data_size_from_cmnd(%d)\n",
1775 common->data_size, common->data_size_from_cmnd);
1776 common->data_size_from_cmnd = common->data_size;
1777 common->phase_error = 1;
1778 }
1779 common->residue = common->data_size;
1780 common->usb_amount_left = common->data_size;
1781
1782 /* Conflicting data directions is a phase error */
1783 if (common->data_dir != data_dir && common->data_size_from_cmnd > 0) {
1784 ERROR(common, "PHASE ERROR: conflict data dir(%d,%d),data_size_from_cmnd(%d)\n",
1785 common->data_dir, data_dir, common->data_size_from_cmnd);
1786 common->phase_error = 1;
1787 return -EINVAL;
1788 }
1789
1790 /* Verify the length of the command itself */
1791 if (cmnd_size != common->cmnd_size) {
1792
1793 /*
1794 * Special case workaround: There are plenty of buggy SCSI
1795 * implementations. Many have issues with cbw->Length
1796 * field passing a wrong command size. For those cases we
1797 * always try to work around the problem by using the length
1798 * sent by the host side provided it is at least as large
1799 * as the correct command length.
1800 * Examples of such cases would be MS-Windows, which issues
1801 * REQUEST SENSE with cbw->Length == 12 where it should
1802 * be 6, and xbox360 issuing INQUIRY, TEST UNIT READY and
1803 * REQUEST SENSE with cbw->Length == 10 where it should
1804 * be 6 as well.
1805 */
1806 if (cmnd_size <= common->cmnd_size) {
1807 DBG(common, "%s is buggy! Expected length %d "
1808 "but we got %d\n", name,
1809 cmnd_size, common->cmnd_size);
1810 cmnd_size = common->cmnd_size;
1811 } else {
1812 common->phase_error = 1;
1813 return -EINVAL;
1814 }
1815 }
1816
1817 /* Check that the LUN values are consistent */
1818 if (common->lun != lun)
1819 DBG(common, "using LUN %u from CBW, not LUN %u from CDB\n",
1820 common->lun, lun);
1821
1822 /* Check the LUN */
1823 curlun = common->curlun;
1824 if (curlun) {
1825 if (common->cmnd[0] != REQUEST_SENSE) {
1826 curlun->sense_data = SS_NO_SENSE;
1827 curlun->sense_data_info = 0;
1828 curlun->info_valid = 0;
1829 }
1830 } else {
1831 common->bad_lun_okay = 0;
1832
1833 /*
1834 * INQUIRY and REQUEST SENSE commands are explicitly allowed
1835 * to use unsupported LUNs; all others may not.
1836 */
1837 if (common->cmnd[0] != INQUIRY &&
1838 common->cmnd[0] != REQUEST_SENSE) {
1839 DBG(common, "unsupported LUN %u\n", common->lun);
1840 return -EINVAL;
1841 }
1842 }
1843
1844 /*
1845 * If a unit attention condition exists, only INQUIRY and
1846 * REQUEST SENSE commands are allowed; anything else must fail.
1847 */
1848 if (curlun && curlun->unit_attention_data != SS_NO_SENSE &&
1849 common->cmnd[0] != INQUIRY &&
1850 common->cmnd[0] != REQUEST_SENSE) {
1851 curlun->sense_data = curlun->unit_attention_data;
1852 curlun->unit_attention_data = SS_NO_SENSE;
1853 return -EINVAL;
1854 }
1855
1856 /* Check that only command bytes listed in the mask are non-zero */
1857 common->cmnd[1] &= 0x1f; /* Mask away the LUN */
1858 for (i = 1; i < cmnd_size; ++i) {
1859 if (common->cmnd[i] && !(mask & (1 << i))) {
1860 if (curlun)
1861 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1862 return -EINVAL;
1863 }
1864 }
1865
1866 /* If the medium isn't mounted and the command needs to access
1867 * it, return an error. */
1868 if (curlun && !fsg_lun_is_open(curlun) && needs_medium) {
1869 curlun->sense_data = SS_MEDIUM_NOT_PRESENT;
1870 return -EINVAL;
1871 }
1872
1873 return 0;
1874 }
1875
1876 /* wrapper of check_command for data size in blocks handling */
1877 static int check_command_size_in_blocks(struct fsg_common *common,
1878 int cmnd_size, enum data_direction data_dir,
1879 unsigned int mask, int needs_medium, const char *name)
1880 {
1881 if (common->curlun)
1882 common->data_size_from_cmnd <<= common->curlun->blkbits;
1883 return check_command(common, cmnd_size, data_dir,
1884 mask, needs_medium, name);
1885 }
1886
1887 static int do_scsi_command(struct fsg_common *common)
1888 {
1889 struct fsg_buffhd *bh;
1890 int rc;
1891 int reply = -EINVAL;
1892 int i;
1893 static char unknown[16];
1894
1895 dump_cdb(common);
1896
1897 /* Wait for the next buffer to become available for data or status */
1898 bh = common->next_buffhd_to_fill;
1899 common->next_buffhd_to_drain = bh;
1900 while (bh->state != BUF_STATE_EMPTY) {
1901 rc = sleep_thread(common, true);
1902 if (rc)
1903 return rc;
1904 }
1905 common->phase_error = 0;
1906 common->short_packet_received = 0;
1907
1908 down_read(&common->filesem); /* We're using the backing file */
1909 switch (common->cmnd[0]) {
1910
1911 case INQUIRY:
1912 common->data_size_from_cmnd = common->cmnd[4];
1913 reply = check_command(common, 6, DATA_DIR_TO_HOST,
1914 (1<<4), 0,
1915 "INQUIRY");
1916 if (reply == 0)
1917 reply = do_inquiry(common, bh);
1918 break;
1919
1920 case MODE_SELECT:
1921 common->data_size_from_cmnd = common->cmnd[4];
1922 reply = check_command(common, 6, DATA_DIR_FROM_HOST,
1923 (1<<1) | (1<<4), 0,
1924 "MODE SELECT(6)");
1925 if (reply == 0)
1926 reply = do_mode_select(common, bh);
1927 break;
1928
1929 case MODE_SELECT_10:
1930 common->data_size_from_cmnd =
1931 get_unaligned_be16(&common->cmnd[7]);
1932 reply = check_command(common, 10, DATA_DIR_FROM_HOST,
1933 (1<<1) | (3<<7), 0,
1934 "MODE SELECT(10)");
1935 if (reply == 0)
1936 reply = do_mode_select(common, bh);
1937 break;
1938
1939 case MODE_SENSE:
1940 common->data_size_from_cmnd = common->cmnd[4];
1941 reply = check_command(common, 6, DATA_DIR_TO_HOST,
1942 (1<<1) | (1<<2) | (1<<4), 0,
1943 "MODE SENSE(6)");
1944 if (reply == 0)
1945 reply = do_mode_sense(common, bh);
1946 break;
1947
1948 case MODE_SENSE_10:
1949 common->data_size_from_cmnd =
1950 get_unaligned_be16(&common->cmnd[7]);
1951 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1952 (1<<1) | (1<<2) | (3<<7), 0,
1953 "MODE SENSE(10)");
1954 if (reply == 0)
1955 reply = do_mode_sense(common, bh);
1956 break;
1957
1958 case ALLOW_MEDIUM_REMOVAL:
1959 common->data_size_from_cmnd = 0;
1960 reply = check_command(common, 6, DATA_DIR_NONE,
1961 (1<<4), 0,
1962 "PREVENT-ALLOW MEDIUM REMOVAL");
1963 if (reply == 0)
1964 reply = do_prevent_allow(common);
1965 break;
1966
1967 case READ_6:
1968 i = common->cmnd[4];
1969 common->data_size_from_cmnd = (i == 0) ? 256 : i;
1970 reply = check_command_size_in_blocks(common, 6,
1971 DATA_DIR_TO_HOST,
1972 (7<<1) | (1<<4), 1,
1973 "READ(6)");
1974 if (reply == 0)
1975 reply = do_read(common);
1976 break;
1977
1978 case READ_10:
1979 common->data_size_from_cmnd =
1980 get_unaligned_be16(&common->cmnd[7]);
1981 reply = check_command_size_in_blocks(common, 10,
1982 DATA_DIR_TO_HOST,
1983 (1<<1) | (0xf<<2) | (3<<7), 1,
1984 "READ(10)");
1985 if (reply == 0)
1986 reply = do_read(common);
1987 break;
1988
1989 case READ_12:
1990 common->data_size_from_cmnd =
1991 get_unaligned_be32(&common->cmnd[6]);
1992 reply = check_command_size_in_blocks(common, 12,
1993 DATA_DIR_TO_HOST,
1994 (1<<1) | (0xf<<2) | (0xf<<6), 1,
1995 "READ(12)");
1996 if (reply == 0)
1997 reply = do_read(common);
1998 break;
1999
2000 case READ_CAPACITY:
2001 common->data_size_from_cmnd = 8;
2002 reply = check_command(common, 10, DATA_DIR_TO_HOST,
2003 (0xf<<2) | (1<<8), 1,
2004 "READ CAPACITY");
2005 if (reply == 0)
2006 reply = do_read_capacity(common, bh);
2007 break;
2008
2009 case READ_HEADER:
2010 if (!common->curlun || !common->curlun->cdrom)
2011 goto unknown_cmnd;
2012 common->data_size_from_cmnd =
2013 get_unaligned_be16(&common->cmnd[7]);
2014 reply = check_command(common, 10, DATA_DIR_TO_HOST,
2015 (3<<7) | (0x1f<<1), 1,
2016 "READ HEADER");
2017 if (reply == 0)
2018 reply = do_read_header(common, bh);
2019 break;
2020
2021 case READ_TOC:
2022 if (!common->curlun || !common->curlun->cdrom)
2023 goto unknown_cmnd;
2024 common->data_size_from_cmnd =
2025 get_unaligned_be16(&common->cmnd[7]);
2026 reply = check_command(common, 10, DATA_DIR_TO_HOST,
2027 (0xf<<6) | (1<<1), 1,
2028 "READ TOC");
2029 if (reply == 0)
2030 reply = do_read_toc(common, bh);
2031 break;
2032
2033 case READ_FORMAT_CAPACITIES:
2034 common->data_size_from_cmnd =
2035 get_unaligned_be16(&common->cmnd[7]);
2036 reply = check_command(common, 10, DATA_DIR_TO_HOST,
2037 (3<<7), 1,
2038 "READ FORMAT CAPACITIES");
2039 if (reply == 0)
2040 reply = do_read_format_capacities(common, bh);
2041 break;
2042
2043 case REQUEST_SENSE:
2044 common->data_size_from_cmnd = common->cmnd[4];
2045 reply = check_command(common, 6, DATA_DIR_TO_HOST,
2046 (1<<4), 0,
2047 "REQUEST SENSE");
2048 if (reply == 0)
2049 reply = do_request_sense(common, bh);
2050 break;
2051
2052 case START_STOP:
2053 common->data_size_from_cmnd = 0;
2054 reply = check_command(common, 6, DATA_DIR_NONE,
2055 (1<<1) | (1<<4), 0,
2056 "START-STOP UNIT");
2057 if (reply == 0)
2058 reply = do_start_stop(common);
2059 break;
2060
2061 case SYNCHRONIZE_CACHE:
2062 common->data_size_from_cmnd = 0;
2063 reply = check_command(common, 10, DATA_DIR_NONE,
2064 (0xf<<2) | (3<<7), 1,
2065 "SYNCHRONIZE CACHE");
2066 if (reply == 0)
2067 reply = do_synchronize_cache(common);
2068 break;
2069
2070 case TEST_UNIT_READY:
2071 common->data_size_from_cmnd = 0;
2072 reply = check_command(common, 6, DATA_DIR_NONE,
2073 0, 1,
2074 "TEST UNIT READY");
2075 break;
2076
2077 /*
2078 * Although optional, this command is used by MS-Windows. We
2079 * support a minimal version: BytChk must be 0.
2080 */
2081 case VERIFY:
2082 common->data_size_from_cmnd = 0;
2083 reply = check_command(common, 10, DATA_DIR_NONE,
2084 (1<<1) | (0xf<<2) | (3<<7), 1,
2085 "VERIFY");
2086 if (reply == 0)
2087 reply = do_verify(common);
2088 break;
2089
2090 case WRITE_6:
2091 i = common->cmnd[4];
2092 common->data_size_from_cmnd = (i == 0) ? 256 : i;
2093 reply = check_command_size_in_blocks(common, 6,
2094 DATA_DIR_FROM_HOST,
2095 (7<<1) | (1<<4), 1,
2096 "WRITE(6)");
2097 if (reply == 0)
2098 reply = do_write(common);
2099 break;
2100
2101 case WRITE_10:
2102 common->data_size_from_cmnd =
2103 get_unaligned_be16(&common->cmnd[7]);
2104 reply = check_command_size_in_blocks(common, 10,
2105 DATA_DIR_FROM_HOST,
2106 (1<<1) | (0xf<<2) | (3<<7), 1,
2107 "WRITE(10)");
2108 if (reply == 0)
2109 reply = do_write(common);
2110 break;
2111
2112 case WRITE_12:
2113 common->data_size_from_cmnd =
2114 get_unaligned_be32(&common->cmnd[6]);
2115 reply = check_command_size_in_blocks(common, 12,
2116 DATA_DIR_FROM_HOST,
2117 (1<<1) | (0xf<<2) | (0xf<<6), 1,
2118 "WRITE(12)");
2119 if (reply == 0)
2120 reply = do_write(common);
2121 break;
2122
2123 case REZERO_UNIT:
2124 printk("Get REZERO_UNIT command = %x\r\n", common->cmnd[1]);
2125 if (common->cmnd[1] == 0xB)
2126 common->android_callback(1);
2127 else if (common->cmnd[1] == 0xD)
2128 common->android_callback(2);
2129 break;
2130
2131 /*
2132 * Some mandatory commands that we recognize but don't implement.
2133 * They don't mean much in this setting. It's left as an exercise
2134 * for anyone interested to implement RESERVE and RELEASE in terms
2135 * of Posix locks.
2136 */
2137 case FORMAT_UNIT:
2138 case RELEASE:
2139 case RESERVE:
2140 case SEND_DIAGNOSTIC:
2141 /* Fall through */
2142
2143 default:
2144 unknown_cmnd:
2145 common->data_size_from_cmnd = 0;
2146 sprintf(unknown, "Unknown x%02x", common->cmnd[0]);
2147 reply = check_command(common, common->cmnd_size,
2148 DATA_DIR_UNKNOWN, ~0, 0, unknown);
2149 if (reply == 0) {
2150 common->curlun->sense_data = SS_INVALID_COMMAND;
2151 reply = -EINVAL;
2152 }
2153 break;
2154 }
2155 up_read(&common->filesem);
2156
2157 if (reply == -EINTR || signal_pending(current))
2158 return -EINTR;
2159
2160 /* Set up the single reply buffer for finish_reply() */
2161 if (reply == -EINVAL)
2162 reply = 0; /* Error reply length */
2163 if (reply >= 0 && common->data_dir == DATA_DIR_TO_HOST) {
2164 reply = min((u32)reply, common->data_size_from_cmnd);
2165 bh->inreq->length = reply;
2166 bh->state = BUF_STATE_FULL;
2167 common->residue -= reply;
2168 } /* Otherwise it's already set */
2169
2170 return 0;
2171 }
2172
2173
2174 /*-------------------------------------------------------------------------*/
2175
2176 static int received_cbw(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2177 {
2178 struct usb_request *req = bh->outreq;
2179 struct bulk_cb_wrap *cbw = req->buf;
2180 struct fsg_common *common = fsg->common;
2181
2182 /* Was this a real packet? Should it be ignored? */
2183 if (req->status || test_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags))
2184 return -EINVAL;
2185
2186 /* Is the CBW valid? */
2187 if (req->actual != US_BULK_CB_WRAP_LEN ||
2188 cbw->Signature != cpu_to_le32(
2189 US_BULK_CB_SIGN)) {
2190 DBG(fsg, "invalid CBW: len %u sig 0x%x\n",
2191 req->actual,
2192 le32_to_cpu(cbw->Signature));
2193
2194 /*
2195 * The Bulk-only spec says we MUST stall the IN endpoint
2196 * (6.6.1), so it's unavoidable. It also says we must
2197 * retain this state until the next reset, but there's
2198 * no way to tell the controller driver it should ignore
2199 * Clear-Feature(HALT) requests.
2200 *
2201 * We aren't required to halt the OUT endpoint; instead
2202 * we can simply accept and discard any data received
2203 * until the next reset.
2204 */
2205 wedge_bulk_in_endpoint(fsg);
2206 set_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags);
2207 return -EINVAL;
2208 }
2209
2210 /* Is the CBW meaningful? */
2211 if (cbw->Lun >= FSG_MAX_LUNS || cbw->Flags & ~US_BULK_FLAG_IN ||
2212 cbw->Length <= 0 || cbw->Length > MAX_COMMAND_SIZE) {
2213 DBG(fsg, "non-meaningful CBW: lun = %u, flags = 0x%x, "
2214 "cmdlen %u\n",
2215 cbw->Lun, cbw->Flags, cbw->Length);
2216
2217 /*
2218 * We can do anything we want here, so let's stall the
2219 * bulk pipes if we are allowed to.
2220 */
2221 if (common->can_stall) {
2222 fsg_set_halt(fsg, fsg->bulk_out);
2223 halt_bulk_in_endpoint(fsg);
2224 }
2225 return -EINVAL;
2226 }
2227
2228 /* Save the command for later */
2229 common->cmnd_size = cbw->Length;
2230 memcpy(common->cmnd, cbw->CDB, common->cmnd_size);
2231 if (cbw->Flags & US_BULK_FLAG_IN)
2232 common->data_dir = DATA_DIR_TO_HOST;
2233 else
2234 common->data_dir = DATA_DIR_FROM_HOST;
2235 common->data_size = le32_to_cpu(cbw->DataTransferLength);
2236 if (common->data_size == 0)
2237 common->data_dir = DATA_DIR_NONE;
2238 common->lun = cbw->Lun;
2239 if (common->lun < common->nluns)
2240 common->curlun = &common->luns[common->lun];
2241 else
2242 common->curlun = NULL;
2243 common->tag = cbw->Tag;
2244 return 0;
2245 }
2246
2247 static int get_next_command(struct fsg_common *common)
2248 {
2249 struct fsg_buffhd *bh;
2250 int rc = 0;
2251
2252 /* Wait for the next buffer to become available */
2253 bh = common->next_buffhd_to_fill;
2254 while (bh->state != BUF_STATE_EMPTY) {
2255 rc = sleep_thread(common, true);
2256 if (rc)
2257 return rc;
2258 }
2259
2260 /* Queue a request to read a Bulk-only CBW */
2261 set_bulk_out_req_length(common, bh, US_BULK_CB_WRAP_LEN);
2262 if (!start_out_transfer(common, bh))
2263 /* Don't know what to do if common->fsg is NULL */
2264 return -EIO;
2265
2266 /*
2267 * We will drain the buffer in software, which means we
2268 * can reuse it for the next filling. No need to advance
2269 * next_buffhd_to_fill.
2270 */
2271
2272 /* Wait for the CBW to arrive */
2273 while (bh->state != BUF_STATE_FULL) {
2274 rc = sleep_thread(common, true);
2275 if (rc)
2276 return rc;
2277 }
2278 smp_rmb();
2279 rc = fsg_is_set(common) ? received_cbw(common->fsg, bh) : -EIO;
2280 bh->state = BUF_STATE_EMPTY;
2281
2282 return rc;
2283 }
2284
2285
2286 /*-------------------------------------------------------------------------*/
2287
2288 static int alloc_request(struct fsg_common *common, struct usb_ep *ep,
2289 struct usb_request **preq)
2290 {
2291 *preq = usb_ep_alloc_request(ep, GFP_ATOMIC);
2292 if (*preq)
2293 return 0;
2294 ERROR(common, "can't allocate request for %s\n", ep->name);
2295 return -ENOMEM;
2296 }
2297
2298 /* Reset interface setting and re-init endpoint state (toggle etc). */
2299 static int do_set_interface(struct fsg_common *common, struct fsg_dev *new_fsg)
2300 {
2301 struct fsg_dev *fsg;
2302 int i, rc = 0;
2303
2304 if (common->running)
2305 DBG(common, "reset interface\n");
2306
2307 reset:
2308 /* Deallocate the requests */
2309 if (common->fsg) {
2310 fsg = common->fsg;
2311
2312 for (i = 0; i < fsg_num_buffers; ++i) {
2313 struct fsg_buffhd *bh = &common->buffhds[i];
2314
2315 if (bh->inreq) {
2316 usb_ep_free_request(fsg->bulk_in, bh->inreq);
2317 bh->inreq = NULL;
2318 }
2319 if (bh->outreq) {
2320 usb_ep_free_request(fsg->bulk_out, bh->outreq);
2321 bh->outreq = NULL;
2322 }
2323 }
2324
2325 /* Disable the endpoints */
2326 if (fsg->bulk_in_enabled) {
2327 usb_ep_disable(fsg->bulk_in);
2328 fsg->bulk_in_enabled = 0;
2329 }
2330 if (fsg->bulk_out_enabled) {
2331 usb_ep_disable(fsg->bulk_out);
2332 fsg->bulk_out_enabled = 0;
2333 }
2334
2335 common->fsg = NULL;
2336 wake_up(&common->fsg_wait);
2337 }
2338
2339 common->running = 0;
2340 if (!new_fsg || rc)
2341 return rc;
2342
2343 common->fsg = new_fsg;
2344 fsg = common->fsg;
2345
2346 /* Enable the endpoints */
2347 rc = config_ep_by_speed(common->gadget, &(fsg->function), fsg->bulk_in);
2348 if (rc)
2349 goto reset;
2350 rc = usb_ep_enable(fsg->bulk_in);
2351 if (rc)
2352 goto reset;
2353 fsg->bulk_in->driver_data = common;
2354 fsg->bulk_in_enabled = 1;
2355
2356 rc = config_ep_by_speed(common->gadget, &(fsg->function),
2357 fsg->bulk_out);
2358 if (rc)
2359 goto reset;
2360 rc = usb_ep_enable(fsg->bulk_out);
2361 if (rc)
2362 goto reset;
2363 fsg->bulk_out->driver_data = common;
2364 fsg->bulk_out_enabled = 1;
2365 common->bulk_out_maxpacket = usb_endpoint_maxp(fsg->bulk_out->desc);
2366 clear_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags);
2367
2368 /* Allocate the requests */
2369 for (i = 0; i < fsg_num_buffers; ++i) {
2370 struct fsg_buffhd *bh = &common->buffhds[i];
2371
2372 rc = alloc_request(common, fsg->bulk_in, &bh->inreq);
2373 if (rc)
2374 goto reset;
2375 rc = alloc_request(common, fsg->bulk_out, &bh->outreq);
2376 if (rc)
2377 goto reset;
2378 bh->inreq->buf = bh->outreq->buf = bh->buf;
2379 bh->inreq->context = bh->outreq->context = bh;
2380 bh->inreq->complete = bulk_in_complete;
2381 bh->outreq->complete = bulk_out_complete;
2382 }
2383
2384 common->running = 1;
2385 for (i = 0; i < common->nluns; ++i)
2386 common->luns[i].unit_attention_data = SS_RESET_OCCURRED;
2387 return rc;
2388 }
2389
2390
2391 /****************************** ALT CONFIGS ******************************/
2392
2393 static int fsg_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
2394 {
2395 struct fsg_dev *fsg = fsg_from_func(f);
2396 fsg->common->new_fsg = fsg;
2397 raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE);
2398 return USB_GADGET_DELAYED_STATUS;
2399 }
2400
2401 static void fsg_disable(struct usb_function *f)
2402 {
2403 struct fsg_dev *fsg = fsg_from_func(f);
2404 fsg->common->new_fsg = NULL;
2405 raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE);
2406 }
2407
2408
2409 /*-------------------------------------------------------------------------*/
2410
2411 static void handle_exception(struct fsg_common *common)
2412 {
2413 siginfo_t info;
2414 int i;
2415 struct fsg_buffhd *bh;
2416 enum fsg_state old_state;
2417 struct fsg_lun *curlun;
2418 unsigned int exception_req_tag;
2419
2420 /*
2421 * Clear the existing signals. Anything but SIGUSR1 is converted
2422 * into a high-priority EXIT exception.
2423 */
2424 for (;;) {
2425 int sig =
2426 dequeue_signal_lock(current, &current->blocked, &info);
2427 if (!sig)
2428 break;
2429 if (sig != SIGUSR1) {
2430 if (common->state < FSG_STATE_EXIT)
2431 DBG(common, "Main thread exiting on signal\n");
2432 raise_exception(common, FSG_STATE_EXIT);
2433 }
2434 }
2435
2436 /* Cancel all the pending transfers */
2437 if (likely(common->fsg)) {
2438 for (i = 0; i < fsg_num_buffers; ++i) {
2439 bh = &common->buffhds[i];
2440 if (bh->inreq_busy)
2441 usb_ep_dequeue(common->fsg->bulk_in, bh->inreq);
2442 if (bh->outreq_busy)
2443 usb_ep_dequeue(common->fsg->bulk_out,
2444 bh->outreq);
2445 }
2446
2447 /* Wait until everything is idle */
2448 for (;;) {
2449 int num_active = 0;
2450 for (i = 0; i < fsg_num_buffers; ++i) {
2451 bh = &common->buffhds[i];
2452 num_active += bh->inreq_busy + bh->outreq_busy;
2453 }
2454 if (num_active == 0)
2455 break;
2456 if (sleep_thread(common, true))
2457 return;
2458 }
2459
2460 /* Clear out the controller's fifos */
2461 if (common->fsg->bulk_in_enabled)
2462 usb_ep_fifo_flush(common->fsg->bulk_in);
2463 if (common->fsg->bulk_out_enabled)
2464 usb_ep_fifo_flush(common->fsg->bulk_out);
2465 }
2466
2467 /*
2468 * Reset the I/O buffer states and pointers, the SCSI
2469 * state, and the exception. Then invoke the handler.
2470 */
2471 spin_lock_irq(&common->lock);
2472
2473 for (i = 0; i < fsg_num_buffers; ++i) {
2474 bh = &common->buffhds[i];
2475 bh->state = BUF_STATE_EMPTY;
2476 }
2477 common->next_buffhd_to_fill = &common->buffhds[0];
2478 common->next_buffhd_to_drain = &common->buffhds[0];
2479 exception_req_tag = common->exception_req_tag;
2480 old_state = common->state;
2481
2482 if (old_state == FSG_STATE_ABORT_BULK_OUT)
2483 common->state = FSG_STATE_STATUS_PHASE;
2484 else {
2485 for (i = 0; i < common->nluns; ++i) {
2486 curlun = &common->luns[i];
2487 curlun->prevent_medium_removal = 0;
2488 curlun->sense_data = SS_NO_SENSE;
2489 curlun->unit_attention_data = SS_NO_SENSE;
2490 curlun->sense_data_info = 0;
2491 curlun->info_valid = 0;
2492 }
2493 common->state = FSG_STATE_IDLE;
2494 }
2495 spin_unlock_irq(&common->lock);
2496
2497 /* Carry out any extra actions required for the exception */
2498 switch (old_state) {
2499 case FSG_STATE_ABORT_BULK_OUT:
2500 send_status(common);
2501 spin_lock_irq(&common->lock);
2502 if (common->state == FSG_STATE_STATUS_PHASE)
2503 common->state = FSG_STATE_IDLE;
2504 spin_unlock_irq(&common->lock);
2505 break;
2506
2507 case FSG_STATE_RESET:
2508 /*
2509 * In case we were forced against our will to halt a
2510 * bulk endpoint, clear the halt now. (The SuperH UDC
2511 * requires this.)
2512 */
2513 if (!fsg_is_set(common))
2514 break;
2515 if (test_and_clear_bit(IGNORE_BULK_OUT,
2516 &common->fsg->atomic_bitflags))
2517 usb_ep_clear_halt(common->fsg->bulk_in);
2518
2519 if (common->ep0_req_tag == exception_req_tag)
2520 ep0_queue(common); /* Complete the status stage */
2521
2522 /*
2523 * Technically this should go here, but it would only be
2524 * a waste of time. Ditto for the INTERFACE_CHANGE and
2525 * CONFIG_CHANGE cases.
2526 */
2527 /* for (i = 0; i < common->nluns; ++i) */
2528 /* common->luns[i].unit_attention_data = */
2529 /* SS_RESET_OCCURRED; */
2530 break;
2531
2532 case FSG_STATE_CONFIG_CHANGE:
2533 do_set_interface(common, common->new_fsg);
2534 if (common->new_fsg)
2535 usb_composite_setup_continue(common->cdev);
2536 break;
2537
2538 case FSG_STATE_EXIT:
2539 case FSG_STATE_TERMINATED:
2540 do_set_interface(common, NULL); /* Free resources */
2541 spin_lock_irq(&common->lock);
2542 common->state = FSG_STATE_TERMINATED; /* Stop the thread */
2543 spin_unlock_irq(&common->lock);
2544 break;
2545
2546 case FSG_STATE_INTERFACE_CHANGE:
2547 case FSG_STATE_DISCONNECT:
2548 case FSG_STATE_COMMAND_PHASE:
2549 case FSG_STATE_DATA_PHASE:
2550 case FSG_STATE_STATUS_PHASE:
2551 case FSG_STATE_IDLE:
2552 break;
2553 }
2554 }
2555
2556
2557 /*-------------------------------------------------------------------------*/
2558
2559 static int fsg_main_thread(void *common_)
2560 {
2561 struct fsg_common *common = common_;
2562
2563 /*
2564 * Allow the thread to be killed by a signal, but set the signal mask
2565 * to block everything but INT, TERM, KILL, and USR1.
2566 */
2567 allow_signal(SIGINT);
2568 allow_signal(SIGTERM);
2569 allow_signal(SIGKILL);
2570 allow_signal(SIGUSR1);
2571
2572 /* Allow the thread to be frozen */
2573 set_freezable();
2574
2575 /*
2576 * Arrange for userspace references to be interpreted as kernel
2577 * pointers. That way we can pass a kernel pointer to a routine
2578 * that expects a __user pointer and it will work okay.
2579 */
2580 set_fs(get_ds());
2581
2582 /* The main loop */
2583 while (common->state != FSG_STATE_TERMINATED) {
2584 if (exception_in_progress(common) || signal_pending(current)) {
2585 handle_exception(common);
2586 continue;
2587 }
2588
2589 if (!common->running) {
2590 sleep_thread(common, true);
2591 continue;
2592 }
2593
2594 if (get_next_command(common))
2595 continue;
2596
2597 spin_lock_irq(&common->lock);
2598 if (!exception_in_progress(common))
2599 common->state = FSG_STATE_DATA_PHASE;
2600 spin_unlock_irq(&common->lock);
2601
2602 if (do_scsi_command(common) || finish_reply(common))
2603 continue;
2604
2605 spin_lock_irq(&common->lock);
2606 if (!exception_in_progress(common))
2607 common->state = FSG_STATE_STATUS_PHASE;
2608 spin_unlock_irq(&common->lock);
2609
2610 if (send_status(common))
2611 continue;
2612
2613 spin_lock_irq(&common->lock);
2614 if (!exception_in_progress(common))
2615 common->state = FSG_STATE_IDLE;
2616 spin_unlock_irq(&common->lock);
2617 }
2618
2619 spin_lock_irq(&common->lock);
2620 common->thread_task = NULL;
2621 spin_unlock_irq(&common->lock);
2622
2623 if (!common->ops || !common->ops->thread_exits
2624 || common->ops->thread_exits(common) < 0) {
2625 struct fsg_lun *curlun = common->luns;
2626 unsigned i = common->nluns;
2627
2628 down_write(&common->filesem);
2629 for (; i--; ++curlun) {
2630 if (!fsg_lun_is_open(curlun))
2631 continue;
2632
2633 fsg_lun_close(curlun);
2634 curlun->unit_attention_data = SS_MEDIUM_NOT_PRESENT;
2635 }
2636 up_write(&common->filesem);
2637 }
2638
2639 /* Let fsg_unbind() know the thread has exited */
2640 complete_and_exit(&common->thread_notifier, 0);
2641 }
2642
2643
2644 /*************************** DEVICE ATTRIBUTES ***************************/
2645
2646 static DEVICE_ATTR(ro, 0644, fsg_show_ro, fsg_store_ro);
2647 static DEVICE_ATTR(nofua, 0644, fsg_show_nofua, fsg_store_nofua);
2648 static DEVICE_ATTR(file, 0644, fsg_show_file, fsg_store_file);
2649
2650 static struct device_attribute dev_attr_ro_cdrom =
2651 __ATTR(ro, 0444, fsg_show_ro, NULL);
2652 static struct device_attribute dev_attr_file_nonremovable =
2653 __ATTR(file, 0444, fsg_show_file, NULL);
2654
2655
2656 /****************************** FSG COMMON ******************************/
2657
2658 static void fsg_common_release(struct kref *ref);
2659
2660 static void fsg_lun_release(struct device *dev)
2661 {
2662 /* Nothing needs to be done */
2663 }
2664
2665 static inline void fsg_common_get(struct fsg_common *common)
2666 {
2667 kref_get(&common->ref);
2668 }
2669
2670 static inline void fsg_common_put(struct fsg_common *common)
2671 {
2672 kref_put(&common->ref, fsg_common_release);
2673 }
2674
2675 static struct fsg_common *fsg_common_init(struct fsg_common *common,
2676 struct usb_composite_dev *cdev,
2677 struct fsg_config *cfg)
2678 {
2679 struct usb_gadget *gadget = cdev->gadget;
2680 struct fsg_buffhd *bh;
2681 struct fsg_lun *curlun;
2682 struct fsg_lun_config *lcfg;
2683 int nluns, i, rc;
2684 char *pathbuf;
2685
2686 rc = fsg_num_buffers_validate();
2687 if (rc != 0)
2688 return ERR_PTR(rc);
2689
2690 /* Find out how many LUNs there should be */
2691 nluns = cfg->nluns;
2692 if (nluns < 1 || nluns > FSG_MAX_LUNS) {
2693 dev_err(&gadget->dev, "invalid number of LUNs: %u\n", nluns);
2694 return ERR_PTR(-EINVAL);
2695 }
2696
2697 /* Allocate? */
2698 if (!common) {
2699 common = kzalloc(sizeof *common, GFP_KERNEL);
2700 if (!common)
2701 return ERR_PTR(-ENOMEM);
2702 common->free_storage_on_release = 1;
2703 } else {
2704 memset(common, 0, sizeof *common);
2705 common->free_storage_on_release = 0;
2706 }
2707
2708 common->buffhds = kcalloc(fsg_num_buffers,
2709 sizeof *(common->buffhds), GFP_KERNEL);
2710 if (!common->buffhds) {
2711 if (common->free_storage_on_release)
2712 kfree(common);
2713 return ERR_PTR(-ENOMEM);
2714 }
2715
2716 common->ops = cfg->ops;
2717 common->private_data = cfg->private_data;
2718
2719 common->gadget = gadget;
2720 common->ep0 = gadget->ep0;
2721 common->ep0req = cdev->req;
2722 common->cdev = cdev;
2723 #ifdef CONFIG_MTK_BICR_SUPPORT
2724 common->bicr = 0;
2725 #endif
2726 /* Maybe allocate device-global string IDs, and patch descriptors */
2727 if (fsg_strings[FSG_STRING_INTERFACE].id == 0) {
2728 rc = usb_string_id(cdev);
2729 if (unlikely(rc < 0))
2730 goto error_release;
2731 fsg_strings[FSG_STRING_INTERFACE].id = rc;
2732 fsg_intf_desc.iInterface = rc;
2733 }
2734
2735 /*
2736 * Create the LUNs, open their backing files, and register the
2737 * LUN devices in sysfs.
2738 */
2739 curlun = kcalloc(nluns, sizeof(*curlun), GFP_KERNEL);
2740 if (unlikely(!curlun)) {
2741 rc = -ENOMEM;
2742 goto error_release;
2743 }
2744 common->luns = curlun;
2745
2746 init_rwsem(&common->filesem);
2747
2748 for (i = 0, lcfg = cfg->luns; i < nluns; ++i, ++curlun, ++lcfg) {
2749 curlun->cdrom = !!lcfg->cdrom;
2750 curlun->ro = lcfg->cdrom || lcfg->ro;
2751 curlun->initially_ro = curlun->ro;
2752 curlun->removable = lcfg->removable;
2753 curlun->nofua = lcfg->nofua;
2754 curlun->dev.release = fsg_lun_release;
2755 curlun->dev.parent = &gadget->dev;
2756 /* curlun->dev.driver = &fsg_driver.driver; XXX */
2757 dev_set_drvdata(&curlun->dev, &common->filesem);
2758 dev_set_name(&curlun->dev, "lun%d", i);
2759
2760 rc = device_register(&curlun->dev);
2761 if (rc) {
2762 INFO(common, "failed to register LUN%d: %d\n", i, rc);
2763 common->nluns = i;
2764 put_device(&curlun->dev);
2765 goto error_release;
2766 }
2767
2768 rc = device_create_file(&curlun->dev,
2769 curlun->cdrom
2770 ? &dev_attr_ro_cdrom
2771 : &dev_attr_ro);
2772 if (rc)
2773 goto error_luns;
2774 rc = device_create_file(&curlun->dev,
2775 curlun->removable
2776 ? &dev_attr_file
2777 : &dev_attr_file_nonremovable);
2778 if (rc)
2779 goto error_luns;
2780 rc = device_create_file(&curlun->dev, &dev_attr_nofua);
2781 if (rc)
2782 goto error_luns;
2783
2784 if (lcfg->filename) {
2785 rc = fsg_lun_open(curlun, lcfg->filename);
2786 if (rc)
2787 goto error_luns;
2788 } else if (!curlun->removable) {
2789 ERROR(common, "no file given for LUN%d\n", i);
2790 rc = -EINVAL;
2791 goto error_luns;
2792 }
2793 }
2794 common->nluns = nluns;
2795
2796 /* Data buffers cyclic list */
2797 bh = common->buffhds;
2798 i = fsg_num_buffers;
2799 goto buffhds_first_it;
2800 do {
2801 bh->next = bh + 1;
2802 ++bh;
2803 buffhds_first_it:
2804 bh->buf = kmalloc(FSG_BUFLEN, GFP_KERNEL);
2805 if (unlikely(!bh->buf)) {
2806 rc = -ENOMEM;
2807 goto error_release;
2808 }
2809 } while (--i);
2810 bh->next = common->buffhds;
2811
2812 /* Prepare inquiryString */
2813 i = get_default_bcdDevice();
2814 snprintf(common->inquiry_string, sizeof common->inquiry_string,
2815 "%-8s%-16s%04x", cfg->vendor_name ?: "Linux",
2816 /* Assume product name dependent on the first LUN */
2817 cfg->product_name ?: (common->luns->cdrom
2818 ? "File-Stor Gadget"
2819 : "File-CD Gadget"),
2820 i);
2821
2822 /*
2823 * Some peripheral controllers are known not to be able to
2824 * halt bulk endpoints correctly. If one of them is present,
2825 * disable stalls.
2826 */
2827 common->can_stall = cfg->can_stall &&
2828 !(gadget_is_at91(common->gadget));
2829
2830 spin_lock_init(&common->lock);
2831 kref_init(&common->ref);
2832
2833 /* Tell the thread to start working */
2834 common->thread_task =
2835 kthread_create(fsg_main_thread, common, "file-storage");
2836 if (IS_ERR(common->thread_task)) {
2837 rc = PTR_ERR(common->thread_task);
2838 goto error_release;
2839 }
2840 init_completion(&common->thread_notifier);
2841 init_waitqueue_head(&common->fsg_wait);
2842
2843 /* Information */
2844 INFO(common, FSG_DRIVER_DESC ", version: " FSG_DRIVER_VERSION "\n");
2845 INFO(common, "Number of LUNs=%d\n", common->nluns);
2846
2847 pathbuf = kmalloc(PATH_MAX, GFP_KERNEL);
2848 for (i = 0, nluns = common->nluns, curlun = common->luns;
2849 i < nluns;
2850 ++curlun, ++i) {
2851 char *p = "(no medium)";
2852 if (fsg_lun_is_open(curlun)) {
2853 p = "(error)";
2854 if (pathbuf) {
2855 p = d_path(&curlun->filp->f_path,
2856 pathbuf, PATH_MAX);
2857 if (IS_ERR(p))
2858 p = "(error)";
2859 }
2860 }
2861 LINFO(curlun, "LUN: %s%s%sfile: %s\n",
2862 curlun->removable ? "removable " : "",
2863 curlun->ro ? "read only " : "",
2864 curlun->cdrom ? "CD-ROM " : "",
2865 p);
2866 }
2867 kfree(pathbuf);
2868
2869 DBG(common, "I/O thread pid: %d\n", task_pid_nr(common->thread_task));
2870
2871 wake_up_process(common->thread_task);
2872
2873 return common;
2874
2875 error_luns:
2876 common->nluns = i + 1;
2877 error_release:
2878 common->state = FSG_STATE_TERMINATED; /* The thread is dead */
2879 /* Call fsg_common_release() directly, ref might be not initialised. */
2880 fsg_common_release(&common->ref);
2881 return ERR_PTR(rc);
2882 }
2883
2884 static void fsg_common_release(struct kref *ref)
2885 {
2886 struct fsg_common *common = container_of(ref, struct fsg_common, ref);
2887
2888 /* If the thread isn't already dead, tell it to exit now */
2889 if (common->state != FSG_STATE_TERMINATED) {
2890 raise_exception(common, FSG_STATE_EXIT);
2891 wait_for_completion(&common->thread_notifier);
2892 }
2893
2894 if (likely(common->luns)) {
2895 struct fsg_lun *lun = common->luns;
2896 unsigned i = common->nluns;
2897
2898 /* In error recovery common->nluns may be zero. */
2899 for (; i; --i, ++lun) {
2900 device_remove_file(&lun->dev, &dev_attr_nofua);
2901 device_remove_file(&lun->dev,
2902 lun->cdrom
2903 ? &dev_attr_ro_cdrom
2904 : &dev_attr_ro);
2905 device_remove_file(&lun->dev,
2906 lun->removable
2907 ? &dev_attr_file
2908 : &dev_attr_file_nonremovable);
2909 fsg_lun_close(lun);
2910 device_unregister(&lun->dev);
2911 }
2912
2913 kfree(common->luns);
2914 }
2915
2916 {
2917 struct fsg_buffhd *bh = common->buffhds;
2918 unsigned i = fsg_num_buffers;
2919 do {
2920 kfree(bh->buf);
2921 } while (++bh, --i);
2922 }
2923
2924 kfree(common->buffhds);
2925 if (common->free_storage_on_release)
2926 kfree(common);
2927 }
2928
2929
2930 /*-------------------------------------------------------------------------*/
2931
2932 static void fsg_unbind(struct usb_configuration *c, struct usb_function *f)
2933 {
2934 struct fsg_dev *fsg = fsg_from_func(f);
2935 struct fsg_common *common = fsg->common;
2936
2937 DBG(fsg, "unbind\n");
2938 if (fsg->common->fsg == fsg) {
2939 fsg->common->new_fsg = NULL;
2940 raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE);
2941 /* FIXME: make interruptible or killable somehow? */
2942 wait_event(common->fsg_wait, common->fsg != fsg);
2943 }
2944
2945 fsg_common_put(common);
2946 usb_free_all_descriptors(&fsg->function);
2947 kfree(fsg);
2948 }
2949
2950 static int fsg_bind(struct usb_configuration *c, struct usb_function *f)
2951 {
2952 struct fsg_dev *fsg = fsg_from_func(f);
2953 struct usb_gadget *gadget = c->cdev->gadget;
2954 int i;
2955 struct usb_ep *ep;
2956 unsigned max_burst;
2957 int ret;
2958
2959 fsg->gadget = gadget;
2960
2961 /* New interface */
2962 i = usb_interface_id(c, f);
2963 if (i < 0)
2964 return i;
2965 fsg_intf_desc.bInterfaceNumber = i;
2966 fsg->interface_number = i;
2967
2968 /* Find all the endpoints we will use */
2969 ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_in_desc);
2970 if (!ep)
2971 goto autoconf_fail;
2972 ep->driver_data = fsg->common; /* claim the endpoint */
2973 fsg->bulk_in = ep;
2974
2975 ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_out_desc);
2976 if (!ep)
2977 goto autoconf_fail;
2978 ep->driver_data = fsg->common; /* claim the endpoint */
2979 fsg->bulk_out = ep;
2980
2981 /* Assume endpoint addresses are the same for both speeds */
2982 fsg_hs_bulk_in_desc.bEndpointAddress =
2983 fsg_fs_bulk_in_desc.bEndpointAddress;
2984 fsg_hs_bulk_out_desc.bEndpointAddress =
2985 fsg_fs_bulk_out_desc.bEndpointAddress;
2986
2987 /* Calculate bMaxBurst, we know packet size is 1024 */
2988 max_burst = min_t(unsigned, FSG_BUFLEN / 1024, 15);
2989
2990 fsg_ss_bulk_in_desc.bEndpointAddress =
2991 fsg_fs_bulk_in_desc.bEndpointAddress;
2992 fsg_ss_bulk_in_comp_desc.bMaxBurst = max_burst;
2993
2994 fsg_ss_bulk_out_desc.bEndpointAddress =
2995 fsg_fs_bulk_out_desc.bEndpointAddress;
2996 fsg_ss_bulk_out_comp_desc.bMaxBurst = max_burst;
2997
2998 ret = usb_assign_descriptors(f, fsg_fs_function, fsg_hs_function,
2999 fsg_ss_function);
3000 if (ret)
3001 goto autoconf_fail;
3002
3003 return 0;
3004
3005 autoconf_fail:
3006 ERROR(fsg, "unable to autoconfigure all endpoints\n");
3007 return -ENOTSUPP;
3008 }
3009
3010 /****************************** ADD FUNCTION ******************************/
3011
3012 static struct usb_gadget_strings *fsg_strings_array[] = {
3013 &fsg_stringtab,
3014 NULL,
3015 };
3016
3017 static int fsg_bind_config(struct usb_composite_dev *cdev,
3018 struct usb_configuration *c,
3019 struct fsg_common *common)
3020 {
3021 struct fsg_dev *fsg;
3022 int rc;
3023
3024 fsg = kzalloc(sizeof *fsg, GFP_KERNEL);
3025 if (unlikely(!fsg))
3026 return -ENOMEM;
3027
3028 fsg->function.name = FSG_DRIVER_DESC;
3029 fsg->function.strings = fsg_strings_array;
3030 fsg->function.bind = fsg_bind;
3031 fsg->function.unbind = fsg_unbind;
3032 fsg->function.setup = fsg_setup;
3033 fsg->function.set_alt = fsg_set_alt;
3034 fsg->function.disable = fsg_disable;
3035
3036 fsg->common = common;
3037 /*
3038 * Our caller holds a reference to common structure so we
3039 * don't have to be worry about it being freed until we return
3040 * from this function. So instead of incrementing counter now
3041 * and decrement in error recovery we increment it only when
3042 * call to usb_add_function() was successful.
3043 */
3044
3045 rc = usb_add_function(c, &fsg->function);
3046 if (unlikely(rc))
3047 kfree(fsg);
3048 else
3049 fsg_common_get(fsg->common);
3050 return rc;
3051 }
3052
3053
3054 /************************* Module parameters *************************/
3055
3056 struct fsg_module_parameters {
3057 char *file[FSG_MAX_LUNS];
3058 bool ro[FSG_MAX_LUNS];
3059 bool removable[FSG_MAX_LUNS];
3060 bool cdrom[FSG_MAX_LUNS];
3061 bool nofua[FSG_MAX_LUNS];
3062
3063 unsigned int file_count, ro_count, removable_count, cdrom_count;
3064 unsigned int nofua_count;
3065 unsigned int luns; /* nluns */
3066 bool stall; /* can_stall */
3067 };
3068
3069 #define _FSG_MODULE_PARAM_ARRAY(prefix, params, name, type, desc) \
3070 module_param_array_named(prefix ## name, params.name, type, \
3071 &prefix ## params.name ## _count, \
3072 S_IRUGO); \
3073 MODULE_PARM_DESC(prefix ## name, desc)
3074
3075 #define _FSG_MODULE_PARAM(prefix, params, name, type, desc) \
3076 module_param_named(prefix ## name, params.name, type, \
3077 S_IRUGO); \
3078 MODULE_PARM_DESC(prefix ## name, desc)
3079
3080 #define FSG_MODULE_PARAMETERS(prefix, params) \
3081 _FSG_MODULE_PARAM_ARRAY(prefix, params, file, charp, \
3082 "names of backing files or devices"); \
3083 _FSG_MODULE_PARAM_ARRAY(prefix, params, ro, bool, \
3084 "true to force read-only"); \
3085 _FSG_MODULE_PARAM_ARRAY(prefix, params, removable, bool, \
3086 "true to simulate removable media"); \
3087 _FSG_MODULE_PARAM_ARRAY(prefix, params, cdrom, bool, \
3088 "true to simulate CD-ROM instead of disk"); \
3089 _FSG_MODULE_PARAM_ARRAY(prefix, params, nofua, bool, \
3090 "true to ignore SCSI WRITE(10,12) FUA bit"); \
3091 _FSG_MODULE_PARAM(prefix, params, luns, uint, \
3092 "number of LUNs"); \
3093 _FSG_MODULE_PARAM(prefix, params, stall, bool, \
3094 "false to prevent bulk stalls")
3095
3096 static void
3097 fsg_config_from_params(struct fsg_config *cfg,
3098 const struct fsg_module_parameters *params)
3099 {
3100 struct fsg_lun_config *lun;
3101 unsigned i;
3102
3103 /* Configure LUNs */
3104 cfg->nluns =
3105 min(params->luns ?: (params->file_count ?: 1u),
3106 (unsigned)FSG_MAX_LUNS);
3107 for (i = 0, lun = cfg->luns; i < cfg->nluns; ++i, ++lun) {
3108 lun->ro = !!params->ro[i];
3109 lun->cdrom = !!params->cdrom[i];
3110 lun->removable = !!params->removable[i];
3111 lun->filename =
3112 params->file_count > i && params->file[i][0]
3113 ? params->file[i]
3114 : 0;
3115 }
3116
3117 /* Let MSF use defaults */
3118 cfg->vendor_name = 0;
3119 cfg->product_name = 0;
3120
3121 cfg->ops = NULL;
3122 cfg->private_data = NULL;
3123
3124 /* Finalise */
3125 cfg->can_stall = params->stall;
3126 }
3127
3128 static inline struct fsg_common *
3129 fsg_common_from_params(struct fsg_common *common,
3130 struct usb_composite_dev *cdev,
3131 const struct fsg_module_parameters *params)
3132 __attribute__((unused));
3133 static inline struct fsg_common *
3134 fsg_common_from_params(struct fsg_common *common,
3135 struct usb_composite_dev *cdev,
3136 const struct fsg_module_parameters *params)
3137 {
3138 struct fsg_config cfg;
3139 fsg_config_from_params(&cfg, params);
3140 return fsg_common_init(common, cdev, &cfg);
3141 }
kernel source for telekom puls (alcatel/mediatek)