2 * f_mass_storage.c -- Mass Storage USB Composite Function
4 * Copyright (C) 2003-2008 Alan Stern
5 * Copyright (C) 2009 Samsung Electronics
6 * Author: Michal Nazarewicz <mina86@mina86.com>
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions, and the following disclaimer,
14 * without modification.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. The names of the above-listed copyright holders may not be used
19 * to endorse or promote products derived from this software without
20 * specific prior written permission.
22 * ALTERNATIVELY, this software may be distributed under the terms of the
23 * GNU General Public License ("GPL") as published by the Free Software
24 * Foundation, either version 2 of that License or (at your option) any
27 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
28 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
29 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
30 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
31 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
32 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
33 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
34 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
35 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
36 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
37 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
41 * The Mass Storage Function acts as a USB Mass Storage device,
42 * appearing to the host as a disk drive or as a CD-ROM drive. In
43 * addition to providing an example of a genuinely useful composite
44 * function for a USB device, it also illustrates a technique of
45 * double-buffering for increased throughput.
47 * For more information about MSF and in particular its module
48 * parameters and sysfs interface read the
49 * <Documentation/usb/mass-storage.txt> file.
53 * MSF is configured by specifying a fsg_config structure. It has the
56 * nluns Number of LUNs function have (anywhere from 1
57 * to FSG_MAX_LUNS which is 8).
58 * luns An array of LUN configuration values. This
59 * should be filled for each LUN that
60 * function will include (ie. for "nluns"
61 * LUNs). Each element of the array has
62 * the following fields:
63 * ->filename The path to the backing file for the LUN.
64 * Required if LUN is not marked as
66 * ->ro Flag specifying access to the LUN shall be
67 * read-only. This is implied if CD-ROM
68 * emulation is enabled as well as when
69 * it was impossible to open "filename"
71 * ->removable Flag specifying that LUN shall be indicated as
73 * ->cdrom Flag specifying that LUN shall be reported as
75 * ->nofua Flag specifying that FUA flag in SCSI WRITE(10,12)
76 * commands for this LUN shall be ignored.
80 * release Information used as a reply to INQUIRY
81 * request. To use default set to NULL,
82 * NULL, 0xffff respectively. The first
83 * field should be 8 and the second 16
86 * can_stall Set to permit function to halt bulk endpoints.
87 * Disabled on some USB devices known not
88 * to work correctly. You should set it
91 * If "removable" is not set for a LUN then a backing file must be
92 * specified. If it is set, then NULL filename means the LUN's medium
93 * is not loaded (an empty string as "filename" in the fsg_config
94 * structure causes error). The CD-ROM emulation includes a single
95 * data track and no audio tracks; hence there need be only one
96 * backing file per LUN.
98 * This function is heavily based on "File-backed Storage Gadget" by
99 * Alan Stern which in turn is heavily based on "Gadget Zero" by David
100 * Brownell. The driver's SCSI command interface was based on the
101 * "Information technology - Small Computer System Interface - 2"
102 * document from X3T9.2 Project 375D, Revision 10L, 7-SEP-93,
103 * available at <http://www.t10.org/ftp/t10/drafts/s2/s2-r10l.pdf>.
104 * The single exception is opcode 0x23 (READ FORMAT CAPACITIES), which
105 * was based on the "Universal Serial Bus Mass Storage Class UFI
106 * Command Specification" document, Revision 1.0, December 14, 1998,
108 * <http://www.usb.org/developers/devclass_docs/usbmass-ufi10.pdf>.
114 * The MSF is fairly straightforward. There is a main kernel
115 * thread that handles most of the work. Interrupt routines field
116 * callbacks from the controller driver: bulk- and interrupt-request
117 * completion notifications, endpoint-0 events, and disconnect events.
118 * Completion events are passed to the main thread by wakeup calls. Many
119 * ep0 requests are handled at interrupt time, but SetInterface,
120 * SetConfiguration, and device reset requests are forwarded to the
121 * thread in the form of "exceptions" using SIGUSR1 signals (since they
122 * should interrupt any ongoing file I/O operations).
124 * The thread's main routine implements the standard command/data/status
125 * parts of a SCSI interaction. It and its subroutines are full of tests
126 * for pending signals/exceptions -- all this polling is necessary since
127 * the kernel has no setjmp/longjmp equivalents. (Maybe this is an
128 * indication that the driver really wants to be running in userspace.)
129 * An important point is that so long as the thread is alive it keeps an
130 * open reference to the backing file. This will prevent unmounting
131 * the backing file's underlying filesystem and could cause problems
132 * during system shutdown, for example. To prevent such problems, the
133 * thread catches INT, TERM, and KILL signals and converts them into
136 * In normal operation the main thread is started during the gadget's
137 * fsg_bind() callback and stopped during fsg_unbind(). But it can
138 * also exit when it receives a signal, and there's no point leaving
139 * the gadget running when the thread is dead. As of this moment, MSF
140 * provides no way to deregister the gadget when thread dies -- maybe
141 * a callback functions is needed.
143 * To provide maximum throughput, the driver uses a circular pipeline of
144 * buffer heads (struct fsg_buffhd). In principle the pipeline can be
145 * arbitrarily long; in practice the benefits don't justify having more
146 * than 2 stages (i.e., double buffering). But it helps to think of the
147 * pipeline as being a long one. Each buffer head contains a bulk-in and
148 * a bulk-out request pointer (since the buffer can be used for both
149 * output and input -- directions always are given from the host's
150 * point of view) as well as a pointer to the buffer and various state
153 * Use of the pipeline follows a simple protocol. There is a variable
154 * (fsg->next_buffhd_to_fill) that points to the next buffer head to use.
155 * At any time that buffer head may still be in use from an earlier
156 * request, so each buffer head has a state variable indicating whether
157 * it is EMPTY, FULL, or BUSY. Typical use involves waiting for the
158 * buffer head to be EMPTY, filling the buffer either by file I/O or by
159 * USB I/O (during which the buffer head is BUSY), and marking the buffer
160 * head FULL when the I/O is complete. Then the buffer will be emptied
161 * (again possibly by USB I/O, during which it is marked BUSY) and
162 * finally marked EMPTY again (possibly by a completion routine).
164 * A module parameter tells the driver to avoid stalling the bulk
165 * endpoints wherever the transport specification allows. This is
166 * necessary for some UDCs like the SuperH, which cannot reliably clear a
167 * halt on a bulk endpoint. However, under certain circumstances the
168 * Bulk-only specification requires a stall. In such cases the driver
169 * will halt the endpoint and set a flag indicating that it should clear
170 * the halt in software during the next device reset. Hopefully this
171 * will permit everything to work correctly. Furthermore, although the
172 * specification allows the bulk-out endpoint to halt when the host sends
173 * too much data, implementing this would cause an unavoidable race.
174 * The driver will always use the "no-stall" approach for OUT transfers.
176 * One subtle point concerns sending status-stage responses for ep0
177 * requests. Some of these requests, such as device reset, can involve
178 * interrupting an ongoing file I/O operation, which might take an
179 * arbitrarily long time. During that delay the host might give up on
180 * the original ep0 request and issue a new one. When that happens the
181 * driver should not notify the host about completion of the original
182 * request, as the host will no longer be waiting for it. So the driver
183 * assigns to each ep0 request a unique tag, and it keeps track of the
184 * tag value of the request associated with a long-running exception
185 * (device-reset, interface-change, or configuration-change). When the
186 * exception handler is finished, the status-stage response is submitted
187 * only if the current ep0 request tag is equal to the exception request
188 * tag. Thus only the most recently received ep0 request will get a
189 * status-stage response.
191 * Warning: This driver source file is too long. It ought to be split up
192 * into a header file plus about 3 separate .c files, to handle the details
193 * of the Gadget, USB Mass Storage, and SCSI protocols.
197 /* #define VERBOSE_DEBUG */
198 /* #define DUMP_MSGS */
200 #include <linux/blkdev.h>
201 #include <linux/completion.h>
202 #include <linux/dcache.h>
203 #include <linux/delay.h>
204 #include <linux/device.h>
205 #include <linux/fcntl.h>
206 #include <linux/file.h>
207 #include <linux/fs.h>
208 #include <linux/kref.h>
209 #include <linux/kthread.h>
210 #include <linux/limits.h>
211 #include <linux/rwsem.h>
212 #include <linux/slab.h>
213 #include <linux/spinlock.h>
214 #include <linux/string.h>
215 #include <linux/freezer.h>
217 #include <linux/usb/ch9.h>
218 #include <linux/usb/gadget.h>
219 #include <linux/usb/composite.h>
221 #include "gadget_chips.h"
224 /*------------------------------------------------------------------------*/
226 #define FSG_DRIVER_DESC "Mass Storage Function"
227 #define FSG_DRIVER_VERSION "2009/09/11"
229 static const char fsg_string_interface
[] = "Mass Storage";
231 #include "storage_common.c"
234 /*-------------------------------------------------------------------------*/
239 /* FSF callback functions */
240 struct fsg_operations
{
242 * Callback function to call when thread exits. If no
243 * callback is set or it returns value lower then zero MSF
244 * will force eject all LUNs it operates on (including those
245 * marked as non-removable or with prevent_medium_removal flag
248 int (*thread_exits
)(struct fsg_common
*common
);
251 /* Data shared by all the FSG instances. */
253 struct usb_gadget
*gadget
;
254 struct usb_composite_dev
*cdev
;
255 struct fsg_dev
*fsg
, *new_fsg
;
256 wait_queue_head_t fsg_wait
;
258 /* filesem protects: backing files in use */
259 struct rw_semaphore filesem
;
261 /* lock protects: state, all the req_busy's */
264 struct usb_ep
*ep0
; /* Copy of gadget->ep0 */
265 struct usb_request
*ep0req
; /* Copy of cdev->req */
266 unsigned int ep0_req_tag
;
268 struct fsg_buffhd
*next_buffhd_to_fill
;
269 struct fsg_buffhd
*next_buffhd_to_drain
;
270 struct fsg_buffhd
*buffhds
;
273 u8 cmnd
[MAX_COMMAND_SIZE
];
277 struct fsg_lun
*luns
;
278 struct fsg_lun
*curlun
;
280 unsigned int bulk_out_maxpacket
;
281 enum fsg_state state
; /* For exception handling */
282 unsigned int exception_req_tag
;
284 enum data_direction data_dir
;
286 u32 data_size_from_cmnd
;
291 unsigned int can_stall
:1;
292 unsigned int free_storage_on_release
:1;
293 unsigned int phase_error
:1;
294 unsigned int short_packet_received
:1;
295 unsigned int bad_lun_okay
:1;
296 unsigned int running
:1;
298 int thread_wakeup_needed
;
299 struct completion thread_notifier
;
300 struct task_struct
*thread_task
;
302 /* Callback functions. */
303 const struct fsg_operations
*ops
;
304 /* Gadget's private data. */
308 * Vendor (8 chars), product (16 chars), release (4
309 * hexadecimal digits) and NUL byte
311 char inquiry_string
[8 + 16 + 4 + 1];
315 #ifdef CONFIG_MTK_BICR_SUPPORT
318 void (*android_callback
)(unsigned char);
323 struct fsg_lun_config
{
324 const char *filename
;
329 } luns
[FSG_MAX_LUNS
];
331 /* Callback functions. */
332 const struct fsg_operations
*ops
;
333 /* Gadget's private data. */
336 const char *vendor_name
; /* 8 characters or less */
337 const char *product_name
; /* 16 characters or less */
343 struct usb_function function
;
344 struct usb_gadget
*gadget
; /* Copy of cdev->gadget */
345 struct fsg_common
*common
;
347 u16 interface_number
;
349 unsigned int bulk_in_enabled
:1;
350 unsigned int bulk_out_enabled
:1;
352 unsigned long atomic_bitflags
;
353 #define IGNORE_BULK_OUT 0
355 struct usb_ep
*bulk_in
;
356 struct usb_ep
*bulk_out
;
359 static inline int __fsg_is_set(struct fsg_common
*common
,
360 const char *func
, unsigned line
)
364 ERROR(common
, "common->fsg is NULL in %s at %u\n", func
, line
);
369 #define fsg_is_set(common) likely(__fsg_is_set(common, __func__, __LINE__))
371 static inline struct fsg_dev
*fsg_from_func(struct usb_function
*f
)
373 return container_of(f
, struct fsg_dev
, function
);
376 typedef void (*fsg_routine_t
)(struct fsg_dev
*);
378 static int exception_in_progress(struct fsg_common
*common
)
380 return common
->state
> FSG_STATE_IDLE
;
383 /* Make bulk-out requests be divisible by the maxpacket size */
384 static void set_bulk_out_req_length(struct fsg_common
*common
,
385 struct fsg_buffhd
*bh
, unsigned int length
)
389 bh
->bulk_out_intended_length
= length
;
390 rem
= length
% common
->bulk_out_maxpacket
;
392 length
+= common
->bulk_out_maxpacket
- rem
;
393 bh
->outreq
->length
= length
;
394 bh
->outreq
->short_not_ok
= 1;
398 /*-------------------------------------------------------------------------*/
400 static int fsg_set_halt(struct fsg_dev
*fsg
, struct usb_ep
*ep
)
404 if (ep
== fsg
->bulk_in
)
406 else if (ep
== fsg
->bulk_out
)
410 DBG(fsg
, "%s set halt\n", name
);
411 return usb_ep_set_halt(ep
);
415 /*-------------------------------------------------------------------------*/
417 /* These routines may be called in process context or in_irq */
419 /* Caller must hold fsg->lock */
420 static void wakeup_thread(struct fsg_common
*common
)
422 smp_wmb(); /* ensure the write of bh->state is complete */
423 /* Tell the main thread that something has happened */
424 common
->thread_wakeup_needed
= 1;
425 if (common
->thread_task
)
426 wake_up_process(common
->thread_task
);
429 static void raise_exception(struct fsg_common
*common
, enum fsg_state new_state
)
434 * Do nothing if a higher-priority exception is already in progress.
435 * If a lower-or-equal priority exception is in progress, preempt it
436 * and notify the main thread by sending it a signal.
438 spin_lock_irqsave(&common
->lock
, flags
);
439 if (common
->state
<= new_state
) {
440 common
->exception_req_tag
= common
->ep0_req_tag
;
441 common
->state
= new_state
;
442 if (common
->thread_task
)
443 send_sig_info(SIGUSR1
, SEND_SIG_FORCED
,
444 common
->thread_task
);
446 spin_unlock_irqrestore(&common
->lock
, flags
);
450 /*-------------------------------------------------------------------------*/
452 static int ep0_queue(struct fsg_common
*common
)
456 rc
= usb_ep_queue(common
->ep0
, common
->ep0req
, GFP_ATOMIC
);
457 common
->ep0
->driver_data
= common
;
458 if (rc
!= 0 && rc
!= -ESHUTDOWN
) {
459 /* We can't do much more than wait for a reset */
460 WARNING(common
, "error in submission: %s --> %d\n",
461 common
->ep0
->name
, rc
);
467 /*-------------------------------------------------------------------------*/
469 /* Completion handlers. These always run in_irq. */
471 static void bulk_in_complete(struct usb_ep
*ep
, struct usb_request
*req
)
473 struct fsg_common
*common
= ep
->driver_data
;
474 struct fsg_buffhd
*bh
= req
->context
;
476 if (req
->status
|| req
->actual
!= req
->length
)
477 DBG(common
, "%s --> %d, %u/%u\n", __func__
,
478 req
->status
, req
->actual
, req
->length
);
479 if (req
->status
== -ECONNRESET
) /* Request was cancelled */
480 usb_ep_fifo_flush(ep
);
482 /* Hold the lock while we update the request and buffer states */
484 spin_lock(&common
->lock
);
486 bh
->state
= BUF_STATE_EMPTY
;
487 wakeup_thread(common
);
488 spin_unlock(&common
->lock
);
491 static void bulk_out_complete(struct usb_ep
*ep
, struct usb_request
*req
)
493 struct fsg_common
*common
= ep
->driver_data
;
494 struct fsg_buffhd
*bh
= req
->context
;
496 dump_msg(common
, "bulk-out", req
->buf
, req
->actual
);
497 if (req
->status
|| req
->actual
!= bh
->bulk_out_intended_length
)
498 DBG(common
, "%s --> %d, %u/%u\n", __func__
,
499 req
->status
, req
->actual
, bh
->bulk_out_intended_length
);
500 if (req
->status
== -ECONNRESET
) /* Request was cancelled */
501 usb_ep_fifo_flush(ep
);
503 /* Hold the lock while we update the request and buffer states */
505 spin_lock(&common
->lock
);
507 bh
->state
= BUF_STATE_FULL
;
508 wakeup_thread(common
);
509 spin_unlock(&common
->lock
);
512 static int fsg_setup(struct usb_function
*f
,
513 const struct usb_ctrlrequest
*ctrl
)
515 struct fsg_dev
*fsg
= fsg_from_func(f
);
516 struct usb_request
*req
= fsg
->common
->ep0req
;
517 u16 w_index
= le16_to_cpu(ctrl
->wIndex
);
518 u16 w_value
= le16_to_cpu(ctrl
->wValue
);
519 u16 w_length
= le16_to_cpu(ctrl
->wLength
);
521 if (!fsg_is_set(fsg
->common
))
524 ++fsg
->common
->ep0_req_tag
; /* Record arrival of a new request */
527 dump_msg(fsg
, "ep0-setup", (u8
*) ctrl
, sizeof(*ctrl
));
529 switch (ctrl
->bRequest
) {
531 case US_BULK_RESET_REQUEST
:
532 if (ctrl
->bRequestType
!=
533 (USB_DIR_OUT
| USB_TYPE_CLASS
| USB_RECIP_INTERFACE
))
535 if (w_index
!= fsg
->interface_number
|| w_value
!= 0 ||
540 * Raise an exception to stop the current operation
541 * and reinitialize our state.
543 DBG(fsg
, "bulk reset request\n");
544 raise_exception(fsg
->common
, FSG_STATE_RESET
);
545 return DELAYED_STATUS
;
547 case US_BULK_GET_MAX_LUN
:
548 if (ctrl
->bRequestType
!=
549 (USB_DIR_IN
| USB_TYPE_CLASS
| USB_RECIP_INTERFACE
))
551 if (w_index
!= fsg
->interface_number
|| w_value
!= 0 ||
554 VDBG(fsg
, "get max LUN\n");
556 #ifdef CONFIG_MTK_BICR_SUPPORT
557 if(fsg
->common
->bicr
) {
558 /*When enable bicr, only share ONE LUN.*/
561 *(u8
*)req
->buf
= fsg
->common
->nluns
- 1;
564 *(u8
*)req
->buf
= fsg
->common
->nluns
- 1;
567 INFO(fsg
, "get max LUN = %d\n",*(u8
*)req
->buf
);
568 /* Respond with data/status */
569 req
->length
= min((u16
)1, w_length
);
570 return ep0_queue(fsg
->common
);
574 "unknown class-specific control req %02x.%02x v%04x i%04x l%u\n",
575 ctrl
->bRequestType
, ctrl
->bRequest
,
576 le16_to_cpu(ctrl
->wValue
), w_index
, w_length
);
581 /*-------------------------------------------------------------------------*/
583 /* All the following routines run in process context */
585 /* Use this for bulk or interrupt transfers, not ep0 */
586 static void start_transfer(struct fsg_dev
*fsg
, struct usb_ep
*ep
,
587 struct usb_request
*req
, int *pbusy
,
588 enum fsg_buffer_state
*state
)
592 if (ep
== fsg
->bulk_in
)
593 dump_msg(fsg
, "bulk-in", req
->buf
, req
->length
);
595 spin_lock_irq(&fsg
->common
->lock
);
597 *state
= BUF_STATE_BUSY
;
598 spin_unlock_irq(&fsg
->common
->lock
);
599 rc
= usb_ep_queue(ep
, req
, GFP_KERNEL
);
602 *state
= BUF_STATE_EMPTY
;
604 /* We can't do much more than wait for a reset */
607 * Note: currently the net2280 driver fails zero-length
608 * submissions if DMA is enabled.
610 if (rc
!= -ESHUTDOWN
&&
611 !(rc
== -EOPNOTSUPP
&& req
->length
== 0))
612 WARNING(fsg
, "error in submission: %s --> %d\n",
617 static bool start_in_transfer(struct fsg_common
*common
, struct fsg_buffhd
*bh
)
619 if (!fsg_is_set(common
))
621 start_transfer(common
->fsg
, common
->fsg
->bulk_in
,
622 bh
->inreq
, &bh
->inreq_busy
, &bh
->state
);
626 static bool start_out_transfer(struct fsg_common
*common
, struct fsg_buffhd
*bh
)
628 if (!fsg_is_set(common
))
630 start_transfer(common
->fsg
, common
->fsg
->bulk_out
,
631 bh
->outreq
, &bh
->outreq_busy
, &bh
->state
);
635 static int sleep_thread(struct fsg_common
*common
, bool can_freeze
)
639 /* Wait until a signal arrives or we are woken up */
643 set_current_state(TASK_INTERRUPTIBLE
);
644 if (signal_pending(current
)) {
648 if (common
->thread_wakeup_needed
)
652 __set_current_state(TASK_RUNNING
);
653 common
->thread_wakeup_needed
= 0;
654 smp_rmb(); /* ensure the latest bh->state is visible */
659 /*-------------------------------------------------------------------------*/
661 static int do_read(struct fsg_common
*common
)
663 struct fsg_lun
*curlun
= common
->curlun
;
665 struct fsg_buffhd
*bh
;
668 loff_t file_offset
, file_offset_tmp
;
673 * Get the starting Logical Block Address and check that it's
676 if (common
->cmnd
[0] == READ_6
)
677 lba
= get_unaligned_be24(&common
->cmnd
[1]);
679 lba
= get_unaligned_be32(&common
->cmnd
[2]);
682 * We allow DPO (Disable Page Out = don't save data in the
683 * cache) and FUA (Force Unit Access = don't read from the
684 * cache), but we don't implement them.
686 if ((common
->cmnd
[1] & ~0x18) != 0) {
687 curlun
->sense_data
= SS_INVALID_FIELD_IN_CDB
;
691 if (lba
>= curlun
->num_sectors
) {
692 curlun
->sense_data
= SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE
;
695 file_offset
= ((loff_t
) lba
) << curlun
->blkbits
;
697 /* Carry out the file reads */
698 amount_left
= common
->data_size_from_cmnd
;
699 if (unlikely(amount_left
== 0))
700 return -EIO
; /* No default reply */
704 * Figure out how much we need to read:
705 * Try to read the remaining amount.
706 * But don't read more than the buffer size.
707 * And don't try to read past the end of the file.
709 amount
= min(amount_left
, FSG_BUFLEN
);
710 amount
= min((loff_t
)amount
,
711 curlun
->file_length
- file_offset
);
713 /* Wait for the next buffer to become available */
714 bh
= common
->next_buffhd_to_fill
;
715 while (bh
->state
!= BUF_STATE_EMPTY
) {
716 rc
= sleep_thread(common
, false);
722 * If we were asked to read past the end of file,
723 * end with an empty buffer.
727 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE
;
728 curlun
->sense_data_info
=
729 file_offset
>> curlun
->blkbits
;
730 curlun
->info_valid
= 1;
731 bh
->inreq
->length
= 0;
732 bh
->state
= BUF_STATE_FULL
;
736 /* Perform the read */
737 file_offset_tmp
= file_offset
;
738 nread
= vfs_read(curlun
->filp
,
739 (char __user
*)bh
->buf
,
740 amount
, &file_offset_tmp
);
741 VLDBG(curlun
, "file read %u @ %llu -> %d\n", amount
,
742 (unsigned long long)file_offset
, (int)nread
);
743 if (signal_pending(current
))
747 LDBG(curlun
, "error in file read: %d\n", (int)nread
);
749 } else if (nread
< amount
) {
750 LDBG(curlun
, "partial file read: %d/%u\n",
752 nread
= round_down(nread
, curlun
->blksize
);
754 file_offset
+= nread
;
755 amount_left
-= nread
;
756 common
->residue
-= nread
;
759 * Except at the end of the transfer, nread will be
760 * equal to the buffer size, which is divisible by the
761 * bulk-in maxpacket size.
763 bh
->inreq
->length
= nread
;
764 bh
->state
= BUF_STATE_FULL
;
766 /* If an error occurred, report it and its position */
767 if (nread
< amount
) {
768 curlun
->sense_data
= SS_UNRECOVERED_READ_ERROR
;
769 curlun
->sense_data_info
=
770 file_offset
>> curlun
->blkbits
;
771 curlun
->info_valid
= 1;
775 if (amount_left
== 0)
776 break; /* No more left to read */
778 /* Send this buffer and go read some more */
780 if (!start_in_transfer(common
, bh
))
781 /* Don't know what to do if common->fsg is NULL */
783 common
->next_buffhd_to_fill
= bh
->next
;
786 return -EIO
; /* No default reply */
790 /*-------------------------------------------------------------------------*/
792 static int do_write(struct fsg_common
*common
)
794 struct fsg_lun
*curlun
= common
->curlun
;
796 struct fsg_buffhd
*bh
;
798 u32 amount_left_to_req
, amount_left_to_write
;
799 loff_t usb_offset
, file_offset
, file_offset_tmp
;
805 curlun
->sense_data
= SS_WRITE_PROTECTED
;
808 spin_lock(&curlun
->filp
->f_lock
);
809 curlun
->filp
->f_flags
&= ~O_SYNC
; /* Default is not to wait */
810 spin_unlock(&curlun
->filp
->f_lock
);
813 * Get the starting Logical Block Address and check that it's
816 if (common
->cmnd
[0] == WRITE_6
)
817 lba
= get_unaligned_be24(&common
->cmnd
[1]);
819 lba
= get_unaligned_be32(&common
->cmnd
[2]);
822 * We allow DPO (Disable Page Out = don't save data in the
823 * cache) and FUA (Force Unit Access = write directly to the
824 * medium). We don't implement DPO; we implement FUA by
825 * performing synchronous output.
827 if (common
->cmnd
[1] & ~0x18) {
828 curlun
->sense_data
= SS_INVALID_FIELD_IN_CDB
;
831 if (!curlun
->nofua
&& (common
->cmnd
[1] & 0x08)) { /* FUA */
832 spin_lock(&curlun
->filp
->f_lock
);
833 curlun
->filp
->f_flags
|= O_SYNC
;
834 spin_unlock(&curlun
->filp
->f_lock
);
837 if (lba
>= curlun
->num_sectors
) {
838 curlun
->sense_data
= SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE
;
842 /* Carry out the file writes */
844 file_offset
= usb_offset
= ((loff_t
) lba
) << curlun
->blkbits
;
845 amount_left_to_req
= common
->data_size_from_cmnd
;
846 amount_left_to_write
= common
->data_size_from_cmnd
;
848 while (amount_left_to_write
> 0) {
850 /* Queue a request for more data from the host */
851 bh
= common
->next_buffhd_to_fill
;
852 if (bh
->state
== BUF_STATE_EMPTY
&& get_some_more
) {
855 * Figure out how much we want to get:
856 * Try to get the remaining amount,
857 * but not more than the buffer size.
859 amount
= min(amount_left_to_req
, FSG_BUFLEN
);
861 /* Beyond the end of the backing file? */
862 if (usb_offset
>= curlun
->file_length
) {
865 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE
;
866 curlun
->sense_data_info
=
867 usb_offset
>> curlun
->blkbits
;
868 curlun
->info_valid
= 1;
872 /* Get the next buffer */
873 usb_offset
+= amount
;
874 common
->usb_amount_left
-= amount
;
875 amount_left_to_req
-= amount
;
876 if (amount_left_to_req
== 0)
880 * Except at the end of the transfer, amount will be
881 * equal to the buffer size, which is divisible by
882 * the bulk-out maxpacket size.
884 set_bulk_out_req_length(common
, bh
, amount
);
885 if (!start_out_transfer(common
, bh
))
886 /* Dunno what to do if common->fsg is NULL */
888 common
->next_buffhd_to_fill
= bh
->next
;
892 /* Write the received data to the backing file */
893 bh
= common
->next_buffhd_to_drain
;
894 if (bh
->state
== BUF_STATE_EMPTY
&& !get_some_more
)
895 break; /* We stopped early */
896 if (bh
->state
== BUF_STATE_FULL
) {
898 common
->next_buffhd_to_drain
= bh
->next
;
899 bh
->state
= BUF_STATE_EMPTY
;
901 /* Did something go wrong with the transfer? */
902 if (bh
->outreq
->status
!= 0) {
903 curlun
->sense_data
= SS_COMMUNICATION_FAILURE
;
904 curlun
->sense_data_info
=
905 file_offset
>> curlun
->blkbits
;
906 curlun
->info_valid
= 1;
910 amount
= bh
->outreq
->actual
;
911 if (curlun
->file_length
- file_offset
< amount
) {
913 "write %u @ %llu beyond end %llu\n",
914 amount
, (unsigned long long)file_offset
,
915 (unsigned long long)curlun
->file_length
);
916 amount
= curlun
->file_length
- file_offset
;
919 /* Don't accept excess data. The spec doesn't say
920 * what to do in this case. We'll ignore the error.
922 amount
= min(amount
, bh
->bulk_out_intended_length
);
924 /* Don't write a partial block */
925 amount
= round_down(amount
, curlun
->blksize
);
929 /* Perform the write */
930 file_offset_tmp
= file_offset
;
931 nwritten
= vfs_write(curlun
->filp
,
932 (char __user
*)bh
->buf
,
933 amount
, &file_offset_tmp
);
934 VLDBG(curlun
, "file write %u @ %llu -> %d\n", amount
,
935 (unsigned long long)file_offset
, (int)nwritten
);
936 if (signal_pending(current
))
937 return -EINTR
; /* Interrupted! */
940 LDBG(curlun
, "error in file write: %d\n",
943 } else if (nwritten
< amount
) {
944 LDBG(curlun
, "partial file write: %d/%u\n",
945 (int)nwritten
, amount
);
946 nwritten
= round_down(nwritten
, curlun
->blksize
);
948 file_offset
+= nwritten
;
949 amount_left_to_write
-= nwritten
;
950 common
->residue
-= nwritten
;
952 /* If an error occurred, report it and its position */
953 if (nwritten
< amount
) {
954 curlun
->sense_data
= SS_WRITE_ERROR
;
955 curlun
->sense_data_info
=
956 file_offset
>> curlun
->blkbits
;
957 curlun
->info_valid
= 1;
962 /* Did the host decide to stop early? */
963 if (bh
->outreq
->actual
< bh
->bulk_out_intended_length
) {
964 common
->short_packet_received
= 1;
970 /* Wait for something to happen */
971 rc
= sleep_thread(common
, false);
976 return -EIO
; /* No default reply */
980 /*-------------------------------------------------------------------------*/
982 static int do_synchronize_cache(struct fsg_common
*common
)
984 struct fsg_lun
*curlun
= common
->curlun
;
987 /* We ignore the requested LBA and write out all file's
988 * dirty data buffers. */
989 rc
= fsg_lun_fsync_sub(curlun
);
991 curlun
->sense_data
= SS_WRITE_ERROR
;
996 /*-------------------------------------------------------------------------*/
998 static void invalidate_sub(struct fsg_lun
*curlun
)
1000 struct file
*filp
= curlun
->filp
;
1001 struct inode
*inode
= file_inode(filp
);
1004 rc
= invalidate_mapping_pages(inode
->i_mapping
, 0, -1);
1005 VLDBG(curlun
, "invalidate_mapping_pages -> %ld\n", rc
);
1008 static int do_verify(struct fsg_common
*common
)
1010 struct fsg_lun
*curlun
= common
->curlun
;
1012 u32 verification_length
;
1013 struct fsg_buffhd
*bh
= common
->next_buffhd_to_fill
;
1014 loff_t file_offset
, file_offset_tmp
;
1016 unsigned int amount
;
1020 * Get the starting Logical Block Address and check that it's
1023 lba
= get_unaligned_be32(&common
->cmnd
[2]);
1024 if (lba
>= curlun
->num_sectors
) {
1025 curlun
->sense_data
= SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE
;
1030 * We allow DPO (Disable Page Out = don't save data in the
1031 * cache) but we don't implement it.
1033 if (common
->cmnd
[1] & ~0x10) {
1034 curlun
->sense_data
= SS_INVALID_FIELD_IN_CDB
;
1038 verification_length
= get_unaligned_be16(&common
->cmnd
[7]);
1039 if (unlikely(verification_length
== 0))
1040 return -EIO
; /* No default reply */
1042 /* Prepare to carry out the file verify */
1043 amount_left
= verification_length
<< curlun
->blkbits
;
1044 file_offset
= ((loff_t
) lba
) << curlun
->blkbits
;
1046 /* Write out all the dirty buffers before invalidating them */
1047 fsg_lun_fsync_sub(curlun
);
1048 if (signal_pending(current
))
1051 invalidate_sub(curlun
);
1052 if (signal_pending(current
))
1055 /* Just try to read the requested blocks */
1056 while (amount_left
> 0) {
1058 * Figure out how much we need to read:
1059 * Try to read the remaining amount, but not more than
1061 * And don't try to read past the end of the file.
1063 amount
= min(amount_left
, FSG_BUFLEN
);
1064 amount
= min((loff_t
)amount
,
1065 curlun
->file_length
- file_offset
);
1067 curlun
->sense_data
=
1068 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE
;
1069 curlun
->sense_data_info
=
1070 file_offset
>> curlun
->blkbits
;
1071 curlun
->info_valid
= 1;
1075 /* Perform the read */
1076 file_offset_tmp
= file_offset
;
1077 nread
= vfs_read(curlun
->filp
,
1078 (char __user
*) bh
->buf
,
1079 amount
, &file_offset_tmp
);
1080 VLDBG(curlun
, "file read %u @ %llu -> %d\n", amount
,
1081 (unsigned long long) file_offset
,
1083 if (signal_pending(current
))
1087 LDBG(curlun
, "error in file verify: %d\n", (int)nread
);
1089 } else if (nread
< amount
) {
1090 LDBG(curlun
, "partial file verify: %d/%u\n",
1091 (int)nread
, amount
);
1092 nread
= round_down(nread
, curlun
->blksize
);
1095 curlun
->sense_data
= SS_UNRECOVERED_READ_ERROR
;
1096 curlun
->sense_data_info
=
1097 file_offset
>> curlun
->blkbits
;
1098 curlun
->info_valid
= 1;
1101 file_offset
+= nread
;
1102 amount_left
-= nread
;
1108 /*-------------------------------------------------------------------------*/
1110 static int do_inquiry(struct fsg_common
*common
, struct fsg_buffhd
*bh
)
1112 struct fsg_lun
*curlun
= common
->curlun
;
1113 u8
*buf
= (u8
*) bh
->buf
;
1115 if (!curlun
) { /* Unsupported LUNs are okay */
1116 common
->bad_lun_okay
= 1;
1118 buf
[0] = 0x7f; /* Unsupported, no device-type */
1119 buf
[4] = 31; /* Additional length */
1123 buf
[0] = curlun
->cdrom
? TYPE_ROM
: TYPE_DISK
;
1124 buf
[1] = curlun
->removable
? 0x80 : 0;
1125 buf
[2] = 2; /* ANSI SCSI level 2 */
1126 buf
[3] = 2; /* SCSI-2 INQUIRY data format */
1127 buf
[4] = 31; /* Additional length */
1128 buf
[5] = 0; /* No special options */
1131 memcpy(buf
+ 8, common
->inquiry_string
, sizeof common
->inquiry_string
);
1135 static int do_request_sense(struct fsg_common
*common
, struct fsg_buffhd
*bh
)
1137 struct fsg_lun
*curlun
= common
->curlun
;
1138 u8
*buf
= (u8
*) bh
->buf
;
1143 * From the SCSI-2 spec., section 7.9 (Unit attention condition):
1145 * If a REQUEST SENSE command is received from an initiator
1146 * with a pending unit attention condition (before the target
1147 * generates the contingent allegiance condition), then the
1148 * target shall either:
1149 * a) report any pending sense data and preserve the unit
1150 * attention condition on the logical unit, or,
1151 * b) report the unit attention condition, may discard any
1152 * pending sense data, and clear the unit attention
1153 * condition on the logical unit for that initiator.
1155 * FSG normally uses option a); enable this code to use option b).
1158 if (curlun
&& curlun
->unit_attention_data
!= SS_NO_SENSE
) {
1159 curlun
->sense_data
= curlun
->unit_attention_data
;
1160 curlun
->unit_attention_data
= SS_NO_SENSE
;
1164 if (!curlun
) { /* Unsupported LUNs are okay */
1165 common
->bad_lun_okay
= 1;
1166 sd
= SS_LOGICAL_UNIT_NOT_SUPPORTED
;
1170 sd
= curlun
->sense_data
;
1171 sdinfo
= curlun
->sense_data_info
;
1172 valid
= curlun
->info_valid
<< 7;
1173 curlun
->sense_data
= SS_NO_SENSE
;
1174 curlun
->sense_data_info
= 0;
1175 curlun
->info_valid
= 0;
1179 buf
[0] = valid
| 0x70; /* Valid, current error */
1181 put_unaligned_be32(sdinfo
, &buf
[3]); /* Sense information */
1182 buf
[7] = 18 - 8; /* Additional sense length */
1188 static int do_read_capacity(struct fsg_common
*common
, struct fsg_buffhd
*bh
)
1190 struct fsg_lun
*curlun
= common
->curlun
;
1191 u32 lba
= get_unaligned_be32(&common
->cmnd
[2]);
1192 int pmi
= common
->cmnd
[8];
1193 u8
*buf
= (u8
*)bh
->buf
;
1195 /* Check the PMI and LBA fields */
1196 if (pmi
> 1 || (pmi
== 0 && lba
!= 0)) {
1197 curlun
->sense_data
= SS_INVALID_FIELD_IN_CDB
;
1201 put_unaligned_be32(curlun
->num_sectors
- 1, &buf
[0]);
1202 /* Max logical block */
1203 put_unaligned_be32(curlun
->blksize
, &buf
[4]);/* Block length */
1207 static int do_read_header(struct fsg_common
*common
, struct fsg_buffhd
*bh
)
1209 struct fsg_lun
*curlun
= common
->curlun
;
1210 int msf
= common
->cmnd
[1] & 0x02;
1211 u32 lba
= get_unaligned_be32(&common
->cmnd
[2]);
1212 u8
*buf
= (u8
*)bh
->buf
;
1214 if (common
->cmnd
[1] & ~0x02) { /* Mask away MSF */
1215 curlun
->sense_data
= SS_INVALID_FIELD_IN_CDB
;
1218 if (lba
>= curlun
->num_sectors
) {
1219 curlun
->sense_data
= SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE
;
1224 buf
[0] = 0x01; /* 2048 bytes of user data, rest is EC */
1225 store_cdrom_address(&buf
[4], msf
, lba
);
1229 static int do_read_toc(struct fsg_common
*common
, struct fsg_buffhd
*bh
)
1231 struct fsg_lun
*curlun
= common
->curlun
;
1232 int msf
= common
->cmnd
[1] & 0x02;
1233 int start_track
= common
->cmnd
[6];
1234 u8
*buf
= (u8
*)bh
->buf
;
1238 if ((common
->cmnd
[1] & ~0x02) != 0 || /* Mask away MSF */
1240 curlun
->sense_data
= SS_INVALID_FIELD_IN_CDB
;
1244 format
= common
->cmnd
[2] & 0xf;
1246 * Check if CDB is old style SFF-8020i
1247 * i.e. format is in 2 MSBs of byte 9
1248 * Mac OS-X host sends us this.
1252 format
= (common
->cmnd
[9] >> 6) & 0x3;
1254 ret
= fsg_get_toc(curlun
, msf
, format
, buf
);
1256 curlun
->sense_data
= SS_INVALID_FIELD_IN_CDB
;
1263 buf
[1] = (20-2); /* TOC data length */
1264 buf
[2] = 1; /* First track number */
1265 buf
[3] = 1; /* Last track number */
1266 buf
[5] = 0x16; /* Data track, copying allowed */
1267 buf
[6] = 0x01; /* Only track is number 1 */
1268 store_cdrom_address(&buf
[8], msf
, 0);
1270 buf
[13] = 0x16; /* Lead-out track is data */
1271 buf
[14] = 0xAA; /* Lead-out track number */
1272 store_cdrom_address(&buf
[16], msf
, curlun
->num_sectors
);
1277 static int do_mode_sense(struct fsg_common
*common
, struct fsg_buffhd
*bh
)
1279 struct fsg_lun
*curlun
= common
->curlun
;
1280 int mscmnd
= common
->cmnd
[0];
1281 u8
*buf
= (u8
*) bh
->buf
;
1284 int changeable_values
, all_pages
;
1288 if ((common
->cmnd
[1] & ~0x08) != 0) { /* Mask away DBD */
1289 curlun
->sense_data
= SS_INVALID_FIELD_IN_CDB
;
1292 pc
= common
->cmnd
[2] >> 6;
1293 page_code
= common
->cmnd
[2] & 0x3f;
1295 curlun
->sense_data
= SS_SAVING_PARAMETERS_NOT_SUPPORTED
;
1298 changeable_values
= (pc
== 1);
1299 all_pages
= (page_code
== 0x3f);
1302 * Write the mode parameter header. Fixed values are: default
1303 * medium type, no cache control (DPOFUA), and no block descriptors.
1304 * The only variable value is the WriteProtect bit. We will fill in
1305 * the mode data length later.
1308 if (mscmnd
== MODE_SENSE
) {
1309 buf
[2] = (curlun
->ro
? 0x80 : 0x00); /* WP, DPOFUA */
1312 } else { /* MODE_SENSE_10 */
1313 buf
[3] = (curlun
->ro
? 0x80 : 0x00); /* WP, DPOFUA */
1315 limit
= 65535; /* Should really be FSG_BUFLEN */
1318 /* No block descriptors */
1321 * The mode pages, in numerical order. The only page we support
1322 * is the Caching page.
1324 if (page_code
== 0x08 || all_pages
) {
1326 buf
[0] = 0x08; /* Page code */
1327 buf
[1] = 10; /* Page length */
1328 memset(buf
+2, 0, 10); /* None of the fields are changeable */
1330 if (!changeable_values
) {
1331 buf
[2] = 0x04; /* Write cache enable, */
1332 /* Read cache not disabled */
1333 /* No cache retention priorities */
1334 put_unaligned_be16(0xffff, &buf
[4]);
1335 /* Don't disable prefetch */
1336 /* Minimum prefetch = 0 */
1337 put_unaligned_be16(0xffff, &buf
[8]);
1338 /* Maximum prefetch */
1339 put_unaligned_be16(0xffff, &buf
[10]);
1340 /* Maximum prefetch ceiling */
1346 * Check that a valid page was requested and the mode data length
1350 if (!valid_page
|| len
> limit
) {
1351 curlun
->sense_data
= SS_INVALID_FIELD_IN_CDB
;
1355 /* Store the mode data length */
1356 if (mscmnd
== MODE_SENSE
)
1359 put_unaligned_be16(len
- 2, buf0
);
1363 static int do_start_stop(struct fsg_common
*common
)
1365 struct fsg_lun
*curlun
= common
->curlun
;
1370 } else if (!curlun
->removable
) {
1371 curlun
->sense_data
= SS_INVALID_COMMAND
;
1373 } else if ((common
->cmnd
[1] & ~0x01) != 0 || /* Mask away Immed */
1374 (common
->cmnd
[4] & ~0x03) != 0) { /* Mask LoEj, Start */
1375 curlun
->sense_data
= SS_INVALID_FIELD_IN_CDB
;
1379 loej
= common
->cmnd
[4] & 0x02;
1380 start
= common
->cmnd
[4] & 0x01;
1383 * Our emulation doesn't support mounting; the medium is
1384 * available for use as soon as it is loaded.
1387 if (!fsg_lun_is_open(curlun
)) {
1388 curlun
->sense_data
= SS_MEDIUM_NOT_PRESENT
;
1394 /* Are we allowed to unload the media? */
1395 if (curlun
->prevent_medium_removal
) {
1396 LDBG(curlun
, "unload attempt prevented\n");
1397 curlun
->sense_data
= SS_MEDIUM_REMOVAL_PREVENTED
;
1404 up_read(&common
->filesem
);
1405 down_write(&common
->filesem
);
1406 fsg_lun_close(curlun
);
1407 up_write(&common
->filesem
);
1408 down_read(&common
->filesem
);
1413 static int do_prevent_allow(struct fsg_common
*common
)
1415 struct fsg_lun
*curlun
= common
->curlun
;
1418 if (!common
->curlun
) {
1420 } else if (!common
->curlun
->removable
) {
1421 common
->curlun
->sense_data
= SS_INVALID_COMMAND
;
1425 prevent
= common
->cmnd
[4] & 0x01;
1426 if ((common
->cmnd
[4] & ~0x01) != 0) { /* Mask away Prevent */
1427 curlun
->sense_data
= SS_INVALID_FIELD_IN_CDB
;
1431 if (!curlun
->nofua
&& curlun
->prevent_medium_removal
&& !prevent
)
1432 fsg_lun_fsync_sub(curlun
);
1433 curlun
->prevent_medium_removal
= prevent
;
1437 static int do_read_format_capacities(struct fsg_common
*common
,
1438 struct fsg_buffhd
*bh
)
1440 struct fsg_lun
*curlun
= common
->curlun
;
1441 u8
*buf
= (u8
*) bh
->buf
;
1443 buf
[0] = buf
[1] = buf
[2] = 0;
1444 buf
[3] = 8; /* Only the Current/Maximum Capacity Descriptor */
1447 put_unaligned_be32(curlun
->num_sectors
, &buf
[0]);
1448 /* Number of blocks */
1449 put_unaligned_be32(curlun
->blksize
, &buf
[4]);/* Block length */
1450 buf
[4] = 0x02; /* Current capacity */
1454 static int do_mode_select(struct fsg_common
*common
, struct fsg_buffhd
*bh
)
1456 struct fsg_lun
*curlun
= common
->curlun
;
1458 /* We don't support MODE SELECT */
1460 curlun
->sense_data
= SS_INVALID_COMMAND
;
1465 /*-------------------------------------------------------------------------*/
1467 static int halt_bulk_in_endpoint(struct fsg_dev
*fsg
)
1471 rc
= fsg_set_halt(fsg
, fsg
->bulk_in
);
1473 VDBG(fsg
, "delayed bulk-in endpoint halt\n");
1475 if (rc
!= -EAGAIN
) {
1476 WARNING(fsg
, "usb_ep_set_halt -> %d\n", rc
);
1481 /* Wait for a short time and then try again */
1482 if (msleep_interruptible(100) != 0)
1484 rc
= usb_ep_set_halt(fsg
->bulk_in
);
1489 static int wedge_bulk_in_endpoint(struct fsg_dev
*fsg
)
1493 DBG(fsg
, "bulk-in set wedge\n");
1494 rc
= usb_ep_set_wedge(fsg
->bulk_in
);
1496 VDBG(fsg
, "delayed bulk-in endpoint wedge\n");
1498 if (rc
!= -EAGAIN
) {
1499 WARNING(fsg
, "usb_ep_set_wedge -> %d\n", rc
);
1504 /* Wait for a short time and then try again */
1505 if (msleep_interruptible(100) != 0)
1507 rc
= usb_ep_set_wedge(fsg
->bulk_in
);
1512 static int throw_away_data(struct fsg_common
*common
)
1514 struct fsg_buffhd
*bh
;
1518 for (bh
= common
->next_buffhd_to_drain
;
1519 bh
->state
!= BUF_STATE_EMPTY
|| common
->usb_amount_left
> 0;
1520 bh
= common
->next_buffhd_to_drain
) {
1522 /* Throw away the data in a filled buffer */
1523 if (bh
->state
== BUF_STATE_FULL
) {
1525 bh
->state
= BUF_STATE_EMPTY
;
1526 common
->next_buffhd_to_drain
= bh
->next
;
1528 /* A short packet or an error ends everything */
1529 if (bh
->outreq
->actual
< bh
->bulk_out_intended_length
||
1530 bh
->outreq
->status
!= 0) {
1531 raise_exception(common
,
1532 FSG_STATE_ABORT_BULK_OUT
);
1538 /* Try to submit another request if we need one */
1539 bh
= common
->next_buffhd_to_fill
;
1540 if (bh
->state
== BUF_STATE_EMPTY
1541 && common
->usb_amount_left
> 0) {
1542 amount
= min(common
->usb_amount_left
, FSG_BUFLEN
);
1545 * Except at the end of the transfer, amount will be
1546 * equal to the buffer size, which is divisible by
1547 * the bulk-out maxpacket size.
1549 set_bulk_out_req_length(common
, bh
, amount
);
1550 if (!start_out_transfer(common
, bh
))
1551 /* Dunno what to do if common->fsg is NULL */
1553 common
->next_buffhd_to_fill
= bh
->next
;
1554 common
->usb_amount_left
-= amount
;
1558 /* Otherwise wait for something to happen */
1559 rc
= sleep_thread(common
, true);
1566 static int finish_reply(struct fsg_common
*common
)
1568 struct fsg_buffhd
*bh
= common
->next_buffhd_to_fill
;
1571 switch (common
->data_dir
) {
1573 break; /* Nothing to send */
1576 * If we don't know whether the host wants to read or write,
1577 * this must be CB or CBI with an unknown command. We mustn't
1578 * try to send or receive any data. So stall both bulk pipes
1579 * if we can and wait for a reset.
1581 case DATA_DIR_UNKNOWN
:
1582 if (!common
->can_stall
) {
1584 } else if (fsg_is_set(common
)) {
1585 fsg_set_halt(common
->fsg
, common
->fsg
->bulk_out
);
1586 rc
= halt_bulk_in_endpoint(common
->fsg
);
1588 /* Don't know what to do if common->fsg is NULL */
1593 /* All but the last buffer of data must have already been sent */
1594 case DATA_DIR_TO_HOST
:
1595 if (common
->data_size
== 0) {
1596 /* Nothing to send */
1598 /* Don't know what to do if common->fsg is NULL */
1599 } else if (!fsg_is_set(common
)) {
1602 /* If there's no residue, simply send the last buffer */
1603 } else if (common
->residue
== 0) {
1604 bh
->inreq
->zero
= 0;
1605 if (!start_in_transfer(common
, bh
))
1607 common
->next_buffhd_to_fill
= bh
->next
;
1610 * For Bulk-only, mark the end of the data with a short
1611 * packet. If we are allowed to stall, halt the bulk-in
1612 * endpoint. (Note: This violates the Bulk-Only Transport
1613 * specification, which requires us to pad the data if we
1614 * don't halt the endpoint. Presumably nobody will mind.)
1617 bh
->inreq
->zero
= 1;
1618 if (!start_in_transfer(common
, bh
))
1620 common
->next_buffhd_to_fill
= bh
->next
;
1621 if (common
->can_stall
)
1622 rc
= halt_bulk_in_endpoint(common
->fsg
);
1627 * We have processed all we want from the data the host has sent.
1628 * There may still be outstanding bulk-out requests.
1630 case DATA_DIR_FROM_HOST
:
1631 if (common
->residue
== 0) {
1632 /* Nothing to receive */
1634 /* Did the host stop sending unexpectedly early? */
1635 } else if (common
->short_packet_received
) {
1636 raise_exception(common
, FSG_STATE_ABORT_BULK_OUT
);
1640 * We haven't processed all the incoming data. Even though
1641 * we may be allowed to stall, doing so would cause a race.
1642 * The controller may already have ACK'ed all the remaining
1643 * bulk-out packets, in which case the host wouldn't see a
1644 * STALL. Not realizing the endpoint was halted, it wouldn't
1645 * clear the halt -- leading to problems later on.
1648 } else if (common
->can_stall
) {
1649 if (fsg_is_set(common
))
1650 fsg_set_halt(common
->fsg
,
1651 common
->fsg
->bulk_out
);
1652 raise_exception(common
, FSG_STATE_ABORT_BULK_OUT
);
1657 * We can't stall. Read in the excess data and throw it
1661 rc
= throw_away_data(common
);
1668 static int send_status(struct fsg_common
*common
)
1670 struct fsg_lun
*curlun
= common
->curlun
;
1671 struct fsg_buffhd
*bh
;
1672 struct bulk_cs_wrap
*csw
;
1674 u8 status
= US_BULK_STAT_OK
;
1677 /* Wait for the next buffer to become available */
1678 bh
= common
->next_buffhd_to_fill
;
1679 while (bh
->state
!= BUF_STATE_EMPTY
) {
1680 rc
= sleep_thread(common
, true);
1686 sd
= curlun
->sense_data
;
1687 sdinfo
= curlun
->sense_data_info
;
1688 } else if (common
->bad_lun_okay
)
1691 sd
= SS_LOGICAL_UNIT_NOT_SUPPORTED
;
1693 if (common
->phase_error
) {
1694 ERROR(common
, "sending phase-error status\n");
1695 status
= US_BULK_STAT_PHASE
;
1696 sd
= SS_INVALID_COMMAND
;
1697 } else if (sd
!= SS_NO_SENSE
) {
1698 DBG(common
, "sending command-failure status\n");
1699 status
= US_BULK_STAT_FAIL
;
1700 VDBG(common
, " sense data: SK x%02x, ASC x%02x, ASCQ x%02x;"
1702 SK(sd
), ASC(sd
), ASCQ(sd
), sdinfo
);
1705 /* Store and send the Bulk-only CSW */
1706 csw
= (void *)bh
->buf
;
1708 csw
->Signature
= cpu_to_le32(US_BULK_CS_SIGN
);
1709 csw
->Tag
= common
->tag
;
1710 csw
->Residue
= cpu_to_le32(common
->residue
);
1711 csw
->Status
= status
;
1713 bh
->inreq
->length
= US_BULK_CS_WRAP_LEN
;
1714 bh
->inreq
->zero
= 0;
1715 if (!start_in_transfer(common
, bh
))
1716 /* Don't know what to do if common->fsg is NULL */
1719 common
->next_buffhd_to_fill
= bh
->next
;
1721 #ifdef CONFIG_MTK_ICUSB_SUPPORT
1722 #define ICUSB_FSYNC_MAGIC_TIME 2
1723 if (curlun
->filp
&& curlun
->isICUSB
)
1725 struct timeval tv_before
, tv_after
;
1726 do_gettimeofday(&tv_before
);
1727 vfs_fsync(curlun
->filp
, 1);
1728 do_gettimeofday(&tv_after
);
1729 if( (tv_after
.tv_sec
- tv_before
.tv_sec
) >= ICUSB_FSYNC_MAGIC_TIME
){
1730 printk(KERN_WARNING
"time spent more than %d sec, sec : %d, usec : %d\n", ICUSB_FSYNC_MAGIC_TIME
, (unsigned int)(tv_after
.tv_sec
- tv_before
.tv_sec
), (unsigned int)(tv_after
.tv_usec
- tv_before
.tv_usec
));
1738 /*-------------------------------------------------------------------------*/
1741 * Check whether the command is properly formed and whether its data size
1742 * and direction agree with the values we already have.
1744 static int check_command(struct fsg_common
*common
, int cmnd_size
,
1745 enum data_direction data_dir
, unsigned int mask
,
1746 int needs_medium
, const char *name
)
1749 unsigned int lun
= common
->cmnd
[1] >> 5;
1750 static const char dirletter
[4] = {'u', 'o', 'i', 'n'};
1752 struct fsg_lun
*curlun
;
1755 if (common
->data_dir
!= DATA_DIR_UNKNOWN
)
1756 sprintf(hdlen
, ", H%c=%u", dirletter
[(int) common
->data_dir
],
1758 VDBG(common
, "SCSI command: %s; Dc=%d, D%c=%u; Hc=%d%s\n",
1759 name
, cmnd_size
, dirletter
[(int) data_dir
],
1760 common
->data_size_from_cmnd
, common
->cmnd_size
, hdlen
);
1763 * We can't reply at all until we know the correct data direction
1766 if (common
->data_size_from_cmnd
== 0)
1767 data_dir
= DATA_DIR_NONE
;
1768 if (common
->data_size
< common
->data_size_from_cmnd
) {
1770 * Host data size < Device data size is a phase error.
1771 * Carry out the command, but only transfer as much as
1774 ERROR(common
, "PHASE ERROR: data_size(%d) < data_size_from_cmnd(%d)\n",
1775 common
->data_size
, common
->data_size_from_cmnd
);
1776 common
->data_size_from_cmnd
= common
->data_size
;
1777 common
->phase_error
= 1;
1779 common
->residue
= common
->data_size
;
1780 common
->usb_amount_left
= common
->data_size
;
1782 /* Conflicting data directions is a phase error */
1783 if (common
->data_dir
!= data_dir
&& common
->data_size_from_cmnd
> 0) {
1784 ERROR(common
, "PHASE ERROR: conflict data dir(%d,%d),data_size_from_cmnd(%d)\n",
1785 common
->data_dir
, data_dir
, common
->data_size_from_cmnd
);
1786 common
->phase_error
= 1;
1790 /* Verify the length of the command itself */
1791 if (cmnd_size
!= common
->cmnd_size
) {
1794 * Special case workaround: There are plenty of buggy SCSI
1795 * implementations. Many have issues with cbw->Length
1796 * field passing a wrong command size. For those cases we
1797 * always try to work around the problem by using the length
1798 * sent by the host side provided it is at least as large
1799 * as the correct command length.
1800 * Examples of such cases would be MS-Windows, which issues
1801 * REQUEST SENSE with cbw->Length == 12 where it should
1802 * be 6, and xbox360 issuing INQUIRY, TEST UNIT READY and
1803 * REQUEST SENSE with cbw->Length == 10 where it should
1806 if (cmnd_size
<= common
->cmnd_size
) {
1807 DBG(common
, "%s is buggy! Expected length %d "
1808 "but we got %d\n", name
,
1809 cmnd_size
, common
->cmnd_size
);
1810 cmnd_size
= common
->cmnd_size
;
1812 common
->phase_error
= 1;
1817 /* Check that the LUN values are consistent */
1818 if (common
->lun
!= lun
)
1819 DBG(common
, "using LUN %u from CBW, not LUN %u from CDB\n",
1823 curlun
= common
->curlun
;
1825 if (common
->cmnd
[0] != REQUEST_SENSE
) {
1826 curlun
->sense_data
= SS_NO_SENSE
;
1827 curlun
->sense_data_info
= 0;
1828 curlun
->info_valid
= 0;
1831 common
->bad_lun_okay
= 0;
1834 * INQUIRY and REQUEST SENSE commands are explicitly allowed
1835 * to use unsupported LUNs; all others may not.
1837 if (common
->cmnd
[0] != INQUIRY
&&
1838 common
->cmnd
[0] != REQUEST_SENSE
) {
1839 DBG(common
, "unsupported LUN %u\n", common
->lun
);
1845 * If a unit attention condition exists, only INQUIRY and
1846 * REQUEST SENSE commands are allowed; anything else must fail.
1848 if (curlun
&& curlun
->unit_attention_data
!= SS_NO_SENSE
&&
1849 common
->cmnd
[0] != INQUIRY
&&
1850 common
->cmnd
[0] != REQUEST_SENSE
) {
1851 curlun
->sense_data
= curlun
->unit_attention_data
;
1852 curlun
->unit_attention_data
= SS_NO_SENSE
;
1856 /* Check that only command bytes listed in the mask are non-zero */
1857 common
->cmnd
[1] &= 0x1f; /* Mask away the LUN */
1858 for (i
= 1; i
< cmnd_size
; ++i
) {
1859 if (common
->cmnd
[i
] && !(mask
& (1 << i
))) {
1861 curlun
->sense_data
= SS_INVALID_FIELD_IN_CDB
;
1866 /* If the medium isn't mounted and the command needs to access
1867 * it, return an error. */
1868 if (curlun
&& !fsg_lun_is_open(curlun
) && needs_medium
) {
1869 curlun
->sense_data
= SS_MEDIUM_NOT_PRESENT
;
1876 /* wrapper of check_command for data size in blocks handling */
1877 static int check_command_size_in_blocks(struct fsg_common
*common
,
1878 int cmnd_size
, enum data_direction data_dir
,
1879 unsigned int mask
, int needs_medium
, const char *name
)
1882 common
->data_size_from_cmnd
<<= common
->curlun
->blkbits
;
1883 return check_command(common
, cmnd_size
, data_dir
,
1884 mask
, needs_medium
, name
);
1887 static int do_scsi_command(struct fsg_common
*common
)
1889 struct fsg_buffhd
*bh
;
1891 int reply
= -EINVAL
;
1893 static char unknown
[16];
1897 /* Wait for the next buffer to become available for data or status */
1898 bh
= common
->next_buffhd_to_fill
;
1899 common
->next_buffhd_to_drain
= bh
;
1900 while (bh
->state
!= BUF_STATE_EMPTY
) {
1901 rc
= sleep_thread(common
, true);
1905 common
->phase_error
= 0;
1906 common
->short_packet_received
= 0;
1908 down_read(&common
->filesem
); /* We're using the backing file */
1909 switch (common
->cmnd
[0]) {
1912 common
->data_size_from_cmnd
= common
->cmnd
[4];
1913 reply
= check_command(common
, 6, DATA_DIR_TO_HOST
,
1917 reply
= do_inquiry(common
, bh
);
1921 common
->data_size_from_cmnd
= common
->cmnd
[4];
1922 reply
= check_command(common
, 6, DATA_DIR_FROM_HOST
,
1926 reply
= do_mode_select(common
, bh
);
1929 case MODE_SELECT_10
:
1930 common
->data_size_from_cmnd
=
1931 get_unaligned_be16(&common
->cmnd
[7]);
1932 reply
= check_command(common
, 10, DATA_DIR_FROM_HOST
,
1936 reply
= do_mode_select(common
, bh
);
1940 common
->data_size_from_cmnd
= common
->cmnd
[4];
1941 reply
= check_command(common
, 6, DATA_DIR_TO_HOST
,
1942 (1<<1) | (1<<2) | (1<<4), 0,
1945 reply
= do_mode_sense(common
, bh
);
1949 common
->data_size_from_cmnd
=
1950 get_unaligned_be16(&common
->cmnd
[7]);
1951 reply
= check_command(common
, 10, DATA_DIR_TO_HOST
,
1952 (1<<1) | (1<<2) | (3<<7), 0,
1955 reply
= do_mode_sense(common
, bh
);
1958 case ALLOW_MEDIUM_REMOVAL
:
1959 common
->data_size_from_cmnd
= 0;
1960 reply
= check_command(common
, 6, DATA_DIR_NONE
,
1962 "PREVENT-ALLOW MEDIUM REMOVAL");
1964 reply
= do_prevent_allow(common
);
1968 i
= common
->cmnd
[4];
1969 common
->data_size_from_cmnd
= (i
== 0) ? 256 : i
;
1970 reply
= check_command_size_in_blocks(common
, 6,
1975 reply
= do_read(common
);
1979 common
->data_size_from_cmnd
=
1980 get_unaligned_be16(&common
->cmnd
[7]);
1981 reply
= check_command_size_in_blocks(common
, 10,
1983 (1<<1) | (0xf<<2) | (3<<7), 1,
1986 reply
= do_read(common
);
1990 common
->data_size_from_cmnd
=
1991 get_unaligned_be32(&common
->cmnd
[6]);
1992 reply
= check_command_size_in_blocks(common
, 12,
1994 (1<<1) | (0xf<<2) | (0xf<<6), 1,
1997 reply
= do_read(common
);
2001 common
->data_size_from_cmnd
= 8;
2002 reply
= check_command(common
, 10, DATA_DIR_TO_HOST
,
2003 (0xf<<2) | (1<<8), 1,
2006 reply
= do_read_capacity(common
, bh
);
2010 if (!common
->curlun
|| !common
->curlun
->cdrom
)
2012 common
->data_size_from_cmnd
=
2013 get_unaligned_be16(&common
->cmnd
[7]);
2014 reply
= check_command(common
, 10, DATA_DIR_TO_HOST
,
2015 (3<<7) | (0x1f<<1), 1,
2018 reply
= do_read_header(common
, bh
);
2022 if (!common
->curlun
|| !common
->curlun
->cdrom
)
2024 common
->data_size_from_cmnd
=
2025 get_unaligned_be16(&common
->cmnd
[7]);
2026 reply
= check_command(common
, 10, DATA_DIR_TO_HOST
,
2027 (0xf<<6) | (1<<1), 1,
2030 reply
= do_read_toc(common
, bh
);
2033 case READ_FORMAT_CAPACITIES
:
2034 common
->data_size_from_cmnd
=
2035 get_unaligned_be16(&common
->cmnd
[7]);
2036 reply
= check_command(common
, 10, DATA_DIR_TO_HOST
,
2038 "READ FORMAT CAPACITIES");
2040 reply
= do_read_format_capacities(common
, bh
);
2044 common
->data_size_from_cmnd
= common
->cmnd
[4];
2045 reply
= check_command(common
, 6, DATA_DIR_TO_HOST
,
2049 reply
= do_request_sense(common
, bh
);
2053 common
->data_size_from_cmnd
= 0;
2054 reply
= check_command(common
, 6, DATA_DIR_NONE
,
2058 reply
= do_start_stop(common
);
2061 case SYNCHRONIZE_CACHE
:
2062 common
->data_size_from_cmnd
= 0;
2063 reply
= check_command(common
, 10, DATA_DIR_NONE
,
2064 (0xf<<2) | (3<<7), 1,
2065 "SYNCHRONIZE CACHE");
2067 reply
= do_synchronize_cache(common
);
2070 case TEST_UNIT_READY
:
2071 common
->data_size_from_cmnd
= 0;
2072 reply
= check_command(common
, 6, DATA_DIR_NONE
,
2078 * Although optional, this command is used by MS-Windows. We
2079 * support a minimal version: BytChk must be 0.
2082 common
->data_size_from_cmnd
= 0;
2083 reply
= check_command(common
, 10, DATA_DIR_NONE
,
2084 (1<<1) | (0xf<<2) | (3<<7), 1,
2087 reply
= do_verify(common
);
2091 i
= common
->cmnd
[4];
2092 common
->data_size_from_cmnd
= (i
== 0) ? 256 : i
;
2093 reply
= check_command_size_in_blocks(common
, 6,
2098 reply
= do_write(common
);
2102 common
->data_size_from_cmnd
=
2103 get_unaligned_be16(&common
->cmnd
[7]);
2104 reply
= check_command_size_in_blocks(common
, 10,
2106 (1<<1) | (0xf<<2) | (3<<7), 1,
2109 reply
= do_write(common
);
2113 common
->data_size_from_cmnd
=
2114 get_unaligned_be32(&common
->cmnd
[6]);
2115 reply
= check_command_size_in_blocks(common
, 12,
2117 (1<<1) | (0xf<<2) | (0xf<<6), 1,
2120 reply
= do_write(common
);
2124 printk("Get REZERO_UNIT command = %x\r\n", common
->cmnd
[1]);
2125 if (common
->cmnd
[1] == 0xB)
2126 common
->android_callback(1);
2127 else if (common
->cmnd
[1] == 0xD)
2128 common
->android_callback(2);
2132 * Some mandatory commands that we recognize but don't implement.
2133 * They don't mean much in this setting. It's left as an exercise
2134 * for anyone interested to implement RESERVE and RELEASE in terms
2140 case SEND_DIAGNOSTIC
:
2145 common
->data_size_from_cmnd
= 0;
2146 sprintf(unknown
, "Unknown x%02x", common
->cmnd
[0]);
2147 reply
= check_command(common
, common
->cmnd_size
,
2148 DATA_DIR_UNKNOWN
, ~0, 0, unknown
);
2150 common
->curlun
->sense_data
= SS_INVALID_COMMAND
;
2155 up_read(&common
->filesem
);
2157 if (reply
== -EINTR
|| signal_pending(current
))
2160 /* Set up the single reply buffer for finish_reply() */
2161 if (reply
== -EINVAL
)
2162 reply
= 0; /* Error reply length */
2163 if (reply
>= 0 && common
->data_dir
== DATA_DIR_TO_HOST
) {
2164 reply
= min((u32
)reply
, common
->data_size_from_cmnd
);
2165 bh
->inreq
->length
= reply
;
2166 bh
->state
= BUF_STATE_FULL
;
2167 common
->residue
-= reply
;
2168 } /* Otherwise it's already set */
2174 /*-------------------------------------------------------------------------*/
2176 static int received_cbw(struct fsg_dev
*fsg
, struct fsg_buffhd
*bh
)
2178 struct usb_request
*req
= bh
->outreq
;
2179 struct bulk_cb_wrap
*cbw
= req
->buf
;
2180 struct fsg_common
*common
= fsg
->common
;
2182 /* Was this a real packet? Should it be ignored? */
2183 if (req
->status
|| test_bit(IGNORE_BULK_OUT
, &fsg
->atomic_bitflags
))
2186 /* Is the CBW valid? */
2187 if (req
->actual
!= US_BULK_CB_WRAP_LEN
||
2188 cbw
->Signature
!= cpu_to_le32(
2190 DBG(fsg
, "invalid CBW: len %u sig 0x%x\n",
2192 le32_to_cpu(cbw
->Signature
));
2195 * The Bulk-only spec says we MUST stall the IN endpoint
2196 * (6.6.1), so it's unavoidable. It also says we must
2197 * retain this state until the next reset, but there's
2198 * no way to tell the controller driver it should ignore
2199 * Clear-Feature(HALT) requests.
2201 * We aren't required to halt the OUT endpoint; instead
2202 * we can simply accept and discard any data received
2203 * until the next reset.
2205 wedge_bulk_in_endpoint(fsg
);
2206 set_bit(IGNORE_BULK_OUT
, &fsg
->atomic_bitflags
);
2210 /* Is the CBW meaningful? */
2211 if (cbw
->Lun
>= FSG_MAX_LUNS
|| cbw
->Flags
& ~US_BULK_FLAG_IN
||
2212 cbw
->Length
<= 0 || cbw
->Length
> MAX_COMMAND_SIZE
) {
2213 DBG(fsg
, "non-meaningful CBW: lun = %u, flags = 0x%x, "
2215 cbw
->Lun
, cbw
->Flags
, cbw
->Length
);
2218 * We can do anything we want here, so let's stall the
2219 * bulk pipes if we are allowed to.
2221 if (common
->can_stall
) {
2222 fsg_set_halt(fsg
, fsg
->bulk_out
);
2223 halt_bulk_in_endpoint(fsg
);
2228 /* Save the command for later */
2229 common
->cmnd_size
= cbw
->Length
;
2230 memcpy(common
->cmnd
, cbw
->CDB
, common
->cmnd_size
);
2231 if (cbw
->Flags
& US_BULK_FLAG_IN
)
2232 common
->data_dir
= DATA_DIR_TO_HOST
;
2234 common
->data_dir
= DATA_DIR_FROM_HOST
;
2235 common
->data_size
= le32_to_cpu(cbw
->DataTransferLength
);
2236 if (common
->data_size
== 0)
2237 common
->data_dir
= DATA_DIR_NONE
;
2238 common
->lun
= cbw
->Lun
;
2239 if (common
->lun
< common
->nluns
)
2240 common
->curlun
= &common
->luns
[common
->lun
];
2242 common
->curlun
= NULL
;
2243 common
->tag
= cbw
->Tag
;
2247 static int get_next_command(struct fsg_common
*common
)
2249 struct fsg_buffhd
*bh
;
2252 /* Wait for the next buffer to become available */
2253 bh
= common
->next_buffhd_to_fill
;
2254 while (bh
->state
!= BUF_STATE_EMPTY
) {
2255 rc
= sleep_thread(common
, true);
2260 /* Queue a request to read a Bulk-only CBW */
2261 set_bulk_out_req_length(common
, bh
, US_BULK_CB_WRAP_LEN
);
2262 if (!start_out_transfer(common
, bh
))
2263 /* Don't know what to do if common->fsg is NULL */
2267 * We will drain the buffer in software, which means we
2268 * can reuse it for the next filling. No need to advance
2269 * next_buffhd_to_fill.
2272 /* Wait for the CBW to arrive */
2273 while (bh
->state
!= BUF_STATE_FULL
) {
2274 rc
= sleep_thread(common
, true);
2279 rc
= fsg_is_set(common
) ? received_cbw(common
->fsg
, bh
) : -EIO
;
2280 bh
->state
= BUF_STATE_EMPTY
;
2286 /*-------------------------------------------------------------------------*/
2288 static int alloc_request(struct fsg_common
*common
, struct usb_ep
*ep
,
2289 struct usb_request
**preq
)
2291 *preq
= usb_ep_alloc_request(ep
, GFP_ATOMIC
);
2294 ERROR(common
, "can't allocate request for %s\n", ep
->name
);
2298 /* Reset interface setting and re-init endpoint state (toggle etc). */
2299 static int do_set_interface(struct fsg_common
*common
, struct fsg_dev
*new_fsg
)
2301 struct fsg_dev
*fsg
;
2304 if (common
->running
)
2305 DBG(common
, "reset interface\n");
2308 /* Deallocate the requests */
2312 for (i
= 0; i
< fsg_num_buffers
; ++i
) {
2313 struct fsg_buffhd
*bh
= &common
->buffhds
[i
];
2316 usb_ep_free_request(fsg
->bulk_in
, bh
->inreq
);
2320 usb_ep_free_request(fsg
->bulk_out
, bh
->outreq
);
2325 /* Disable the endpoints */
2326 if (fsg
->bulk_in_enabled
) {
2327 usb_ep_disable(fsg
->bulk_in
);
2328 fsg
->bulk_in_enabled
= 0;
2330 if (fsg
->bulk_out_enabled
) {
2331 usb_ep_disable(fsg
->bulk_out
);
2332 fsg
->bulk_out_enabled
= 0;
2336 wake_up(&common
->fsg_wait
);
2339 common
->running
= 0;
2343 common
->fsg
= new_fsg
;
2346 /* Enable the endpoints */
2347 rc
= config_ep_by_speed(common
->gadget
, &(fsg
->function
), fsg
->bulk_in
);
2350 rc
= usb_ep_enable(fsg
->bulk_in
);
2353 fsg
->bulk_in
->driver_data
= common
;
2354 fsg
->bulk_in_enabled
= 1;
2356 rc
= config_ep_by_speed(common
->gadget
, &(fsg
->function
),
2360 rc
= usb_ep_enable(fsg
->bulk_out
);
2363 fsg
->bulk_out
->driver_data
= common
;
2364 fsg
->bulk_out_enabled
= 1;
2365 common
->bulk_out_maxpacket
= usb_endpoint_maxp(fsg
->bulk_out
->desc
);
2366 clear_bit(IGNORE_BULK_OUT
, &fsg
->atomic_bitflags
);
2368 /* Allocate the requests */
2369 for (i
= 0; i
< fsg_num_buffers
; ++i
) {
2370 struct fsg_buffhd
*bh
= &common
->buffhds
[i
];
2372 rc
= alloc_request(common
, fsg
->bulk_in
, &bh
->inreq
);
2375 rc
= alloc_request(common
, fsg
->bulk_out
, &bh
->outreq
);
2378 bh
->inreq
->buf
= bh
->outreq
->buf
= bh
->buf
;
2379 bh
->inreq
->context
= bh
->outreq
->context
= bh
;
2380 bh
->inreq
->complete
= bulk_in_complete
;
2381 bh
->outreq
->complete
= bulk_out_complete
;
2384 common
->running
= 1;
2385 for (i
= 0; i
< common
->nluns
; ++i
)
2386 common
->luns
[i
].unit_attention_data
= SS_RESET_OCCURRED
;
2391 /****************************** ALT CONFIGS ******************************/
2393 static int fsg_set_alt(struct usb_function
*f
, unsigned intf
, unsigned alt
)
2395 struct fsg_dev
*fsg
= fsg_from_func(f
);
2396 fsg
->common
->new_fsg
= fsg
;
2397 raise_exception(fsg
->common
, FSG_STATE_CONFIG_CHANGE
);
2398 return USB_GADGET_DELAYED_STATUS
;
2401 static void fsg_disable(struct usb_function
*f
)
2403 struct fsg_dev
*fsg
= fsg_from_func(f
);
2404 fsg
->common
->new_fsg
= NULL
;
2405 raise_exception(fsg
->common
, FSG_STATE_CONFIG_CHANGE
);
2409 /*-------------------------------------------------------------------------*/
2411 static void handle_exception(struct fsg_common
*common
)
2415 struct fsg_buffhd
*bh
;
2416 enum fsg_state old_state
;
2417 struct fsg_lun
*curlun
;
2418 unsigned int exception_req_tag
;
2421 * Clear the existing signals. Anything but SIGUSR1 is converted
2422 * into a high-priority EXIT exception.
2426 dequeue_signal_lock(current
, ¤t
->blocked
, &info
);
2429 if (sig
!= SIGUSR1
) {
2430 if (common
->state
< FSG_STATE_EXIT
)
2431 DBG(common
, "Main thread exiting on signal\n");
2432 raise_exception(common
, FSG_STATE_EXIT
);
2436 /* Cancel all the pending transfers */
2437 if (likely(common
->fsg
)) {
2438 for (i
= 0; i
< fsg_num_buffers
; ++i
) {
2439 bh
= &common
->buffhds
[i
];
2441 usb_ep_dequeue(common
->fsg
->bulk_in
, bh
->inreq
);
2442 if (bh
->outreq_busy
)
2443 usb_ep_dequeue(common
->fsg
->bulk_out
,
2447 /* Wait until everything is idle */
2450 for (i
= 0; i
< fsg_num_buffers
; ++i
) {
2451 bh
= &common
->buffhds
[i
];
2452 num_active
+= bh
->inreq_busy
+ bh
->outreq_busy
;
2454 if (num_active
== 0)
2456 if (sleep_thread(common
, true))
2460 /* Clear out the controller's fifos */
2461 if (common
->fsg
->bulk_in_enabled
)
2462 usb_ep_fifo_flush(common
->fsg
->bulk_in
);
2463 if (common
->fsg
->bulk_out_enabled
)
2464 usb_ep_fifo_flush(common
->fsg
->bulk_out
);
2468 * Reset the I/O buffer states and pointers, the SCSI
2469 * state, and the exception. Then invoke the handler.
2471 spin_lock_irq(&common
->lock
);
2473 for (i
= 0; i
< fsg_num_buffers
; ++i
) {
2474 bh
= &common
->buffhds
[i
];
2475 bh
->state
= BUF_STATE_EMPTY
;
2477 common
->next_buffhd_to_fill
= &common
->buffhds
[0];
2478 common
->next_buffhd_to_drain
= &common
->buffhds
[0];
2479 exception_req_tag
= common
->exception_req_tag
;
2480 old_state
= common
->state
;
2482 if (old_state
== FSG_STATE_ABORT_BULK_OUT
)
2483 common
->state
= FSG_STATE_STATUS_PHASE
;
2485 for (i
= 0; i
< common
->nluns
; ++i
) {
2486 curlun
= &common
->luns
[i
];
2487 curlun
->prevent_medium_removal
= 0;
2488 curlun
->sense_data
= SS_NO_SENSE
;
2489 curlun
->unit_attention_data
= SS_NO_SENSE
;
2490 curlun
->sense_data_info
= 0;
2491 curlun
->info_valid
= 0;
2493 common
->state
= FSG_STATE_IDLE
;
2495 spin_unlock_irq(&common
->lock
);
2497 /* Carry out any extra actions required for the exception */
2498 switch (old_state
) {
2499 case FSG_STATE_ABORT_BULK_OUT
:
2500 send_status(common
);
2501 spin_lock_irq(&common
->lock
);
2502 if (common
->state
== FSG_STATE_STATUS_PHASE
)
2503 common
->state
= FSG_STATE_IDLE
;
2504 spin_unlock_irq(&common
->lock
);
2507 case FSG_STATE_RESET
:
2509 * In case we were forced against our will to halt a
2510 * bulk endpoint, clear the halt now. (The SuperH UDC
2513 if (!fsg_is_set(common
))
2515 if (test_and_clear_bit(IGNORE_BULK_OUT
,
2516 &common
->fsg
->atomic_bitflags
))
2517 usb_ep_clear_halt(common
->fsg
->bulk_in
);
2519 if (common
->ep0_req_tag
== exception_req_tag
)
2520 ep0_queue(common
); /* Complete the status stage */
2523 * Technically this should go here, but it would only be
2524 * a waste of time. Ditto for the INTERFACE_CHANGE and
2525 * CONFIG_CHANGE cases.
2527 /* for (i = 0; i < common->nluns; ++i) */
2528 /* common->luns[i].unit_attention_data = */
2529 /* SS_RESET_OCCURRED; */
2532 case FSG_STATE_CONFIG_CHANGE
:
2533 do_set_interface(common
, common
->new_fsg
);
2534 if (common
->new_fsg
)
2535 usb_composite_setup_continue(common
->cdev
);
2538 case FSG_STATE_EXIT
:
2539 case FSG_STATE_TERMINATED
:
2540 do_set_interface(common
, NULL
); /* Free resources */
2541 spin_lock_irq(&common
->lock
);
2542 common
->state
= FSG_STATE_TERMINATED
; /* Stop the thread */
2543 spin_unlock_irq(&common
->lock
);
2546 case FSG_STATE_INTERFACE_CHANGE
:
2547 case FSG_STATE_DISCONNECT
:
2548 case FSG_STATE_COMMAND_PHASE
:
2549 case FSG_STATE_DATA_PHASE
:
2550 case FSG_STATE_STATUS_PHASE
:
2551 case FSG_STATE_IDLE
:
2557 /*-------------------------------------------------------------------------*/
2559 static int fsg_main_thread(void *common_
)
2561 struct fsg_common
*common
= common_
;
2564 * Allow the thread to be killed by a signal, but set the signal mask
2565 * to block everything but INT, TERM, KILL, and USR1.
2567 allow_signal(SIGINT
);
2568 allow_signal(SIGTERM
);
2569 allow_signal(SIGKILL
);
2570 allow_signal(SIGUSR1
);
2572 /* Allow the thread to be frozen */
2576 * Arrange for userspace references to be interpreted as kernel
2577 * pointers. That way we can pass a kernel pointer to a routine
2578 * that expects a __user pointer and it will work okay.
2583 while (common
->state
!= FSG_STATE_TERMINATED
) {
2584 if (exception_in_progress(common
) || signal_pending(current
)) {
2585 handle_exception(common
);
2589 if (!common
->running
) {
2590 sleep_thread(common
, true);
2594 if (get_next_command(common
))
2597 spin_lock_irq(&common
->lock
);
2598 if (!exception_in_progress(common
))
2599 common
->state
= FSG_STATE_DATA_PHASE
;
2600 spin_unlock_irq(&common
->lock
);
2602 if (do_scsi_command(common
) || finish_reply(common
))
2605 spin_lock_irq(&common
->lock
);
2606 if (!exception_in_progress(common
))
2607 common
->state
= FSG_STATE_STATUS_PHASE
;
2608 spin_unlock_irq(&common
->lock
);
2610 if (send_status(common
))
2613 spin_lock_irq(&common
->lock
);
2614 if (!exception_in_progress(common
))
2615 common
->state
= FSG_STATE_IDLE
;
2616 spin_unlock_irq(&common
->lock
);
2619 spin_lock_irq(&common
->lock
);
2620 common
->thread_task
= NULL
;
2621 spin_unlock_irq(&common
->lock
);
2623 if (!common
->ops
|| !common
->ops
->thread_exits
2624 || common
->ops
->thread_exits(common
) < 0) {
2625 struct fsg_lun
*curlun
= common
->luns
;
2626 unsigned i
= common
->nluns
;
2628 down_write(&common
->filesem
);
2629 for (; i
--; ++curlun
) {
2630 if (!fsg_lun_is_open(curlun
))
2633 fsg_lun_close(curlun
);
2634 curlun
->unit_attention_data
= SS_MEDIUM_NOT_PRESENT
;
2636 up_write(&common
->filesem
);
2639 /* Let fsg_unbind() know the thread has exited */
2640 complete_and_exit(&common
->thread_notifier
, 0);
2644 /*************************** DEVICE ATTRIBUTES ***************************/
2646 static DEVICE_ATTR(ro
, 0644, fsg_show_ro
, fsg_store_ro
);
2647 static DEVICE_ATTR(nofua
, 0644, fsg_show_nofua
, fsg_store_nofua
);
2648 static DEVICE_ATTR(file
, 0644, fsg_show_file
, fsg_store_file
);
2650 static struct device_attribute dev_attr_ro_cdrom
=
2651 __ATTR(ro
, 0444, fsg_show_ro
, NULL
);
2652 static struct device_attribute dev_attr_file_nonremovable
=
2653 __ATTR(file
, 0444, fsg_show_file
, NULL
);
2656 /****************************** FSG COMMON ******************************/
2658 static void fsg_common_release(struct kref
*ref
);
2660 static void fsg_lun_release(struct device
*dev
)
2662 /* Nothing needs to be done */
2665 static inline void fsg_common_get(struct fsg_common
*common
)
2667 kref_get(&common
->ref
);
2670 static inline void fsg_common_put(struct fsg_common
*common
)
2672 kref_put(&common
->ref
, fsg_common_release
);
2675 static struct fsg_common
*fsg_common_init(struct fsg_common
*common
,
2676 struct usb_composite_dev
*cdev
,
2677 struct fsg_config
*cfg
)
2679 struct usb_gadget
*gadget
= cdev
->gadget
;
2680 struct fsg_buffhd
*bh
;
2681 struct fsg_lun
*curlun
;
2682 struct fsg_lun_config
*lcfg
;
2686 rc
= fsg_num_buffers_validate();
2690 /* Find out how many LUNs there should be */
2692 if (nluns
< 1 || nluns
> FSG_MAX_LUNS
) {
2693 dev_err(&gadget
->dev
, "invalid number of LUNs: %u\n", nluns
);
2694 return ERR_PTR(-EINVAL
);
2699 common
= kzalloc(sizeof *common
, GFP_KERNEL
);
2701 return ERR_PTR(-ENOMEM
);
2702 common
->free_storage_on_release
= 1;
2704 memset(common
, 0, sizeof *common
);
2705 common
->free_storage_on_release
= 0;
2708 common
->buffhds
= kcalloc(fsg_num_buffers
,
2709 sizeof *(common
->buffhds
), GFP_KERNEL
);
2710 if (!common
->buffhds
) {
2711 if (common
->free_storage_on_release
)
2713 return ERR_PTR(-ENOMEM
);
2716 common
->ops
= cfg
->ops
;
2717 common
->private_data
= cfg
->private_data
;
2719 common
->gadget
= gadget
;
2720 common
->ep0
= gadget
->ep0
;
2721 common
->ep0req
= cdev
->req
;
2722 common
->cdev
= cdev
;
2723 #ifdef CONFIG_MTK_BICR_SUPPORT
2726 /* Maybe allocate device-global string IDs, and patch descriptors */
2727 if (fsg_strings
[FSG_STRING_INTERFACE
].id
== 0) {
2728 rc
= usb_string_id(cdev
);
2729 if (unlikely(rc
< 0))
2731 fsg_strings
[FSG_STRING_INTERFACE
].id
= rc
;
2732 fsg_intf_desc
.iInterface
= rc
;
2736 * Create the LUNs, open their backing files, and register the
2737 * LUN devices in sysfs.
2739 curlun
= kcalloc(nluns
, sizeof(*curlun
), GFP_KERNEL
);
2740 if (unlikely(!curlun
)) {
2744 common
->luns
= curlun
;
2746 init_rwsem(&common
->filesem
);
2748 for (i
= 0, lcfg
= cfg
->luns
; i
< nluns
; ++i
, ++curlun
, ++lcfg
) {
2749 curlun
->cdrom
= !!lcfg
->cdrom
;
2750 curlun
->ro
= lcfg
->cdrom
|| lcfg
->ro
;
2751 curlun
->initially_ro
= curlun
->ro
;
2752 curlun
->removable
= lcfg
->removable
;
2753 curlun
->nofua
= lcfg
->nofua
;
2754 curlun
->dev
.release
= fsg_lun_release
;
2755 curlun
->dev
.parent
= &gadget
->dev
;
2756 /* curlun->dev.driver = &fsg_driver.driver; XXX */
2757 dev_set_drvdata(&curlun
->dev
, &common
->filesem
);
2758 dev_set_name(&curlun
->dev
, "lun%d", i
);
2760 rc
= device_register(&curlun
->dev
);
2762 INFO(common
, "failed to register LUN%d: %d\n", i
, rc
);
2764 put_device(&curlun
->dev
);
2768 rc
= device_create_file(&curlun
->dev
,
2770 ? &dev_attr_ro_cdrom
2774 rc
= device_create_file(&curlun
->dev
,
2777 : &dev_attr_file_nonremovable
);
2780 rc
= device_create_file(&curlun
->dev
, &dev_attr_nofua
);
2784 if (lcfg
->filename
) {
2785 rc
= fsg_lun_open(curlun
, lcfg
->filename
);
2788 } else if (!curlun
->removable
) {
2789 ERROR(common
, "no file given for LUN%d\n", i
);
2794 common
->nluns
= nluns
;
2796 /* Data buffers cyclic list */
2797 bh
= common
->buffhds
;
2798 i
= fsg_num_buffers
;
2799 goto buffhds_first_it
;
2804 bh
->buf
= kmalloc(FSG_BUFLEN
, GFP_KERNEL
);
2805 if (unlikely(!bh
->buf
)) {
2810 bh
->next
= common
->buffhds
;
2812 /* Prepare inquiryString */
2813 i
= get_default_bcdDevice();
2814 snprintf(common
->inquiry_string
, sizeof common
->inquiry_string
,
2815 "%-8s%-16s%04x", cfg
->vendor_name
?: "Linux",
2816 /* Assume product name dependent on the first LUN */
2817 cfg
->product_name
?: (common
->luns
->cdrom
2818 ? "File-Stor Gadget"
2819 : "File-CD Gadget"),
2823 * Some peripheral controllers are known not to be able to
2824 * halt bulk endpoints correctly. If one of them is present,
2827 common
->can_stall
= cfg
->can_stall
&&
2828 !(gadget_is_at91(common
->gadget
));
2830 spin_lock_init(&common
->lock
);
2831 kref_init(&common
->ref
);
2833 /* Tell the thread to start working */
2834 common
->thread_task
=
2835 kthread_create(fsg_main_thread
, common
, "file-storage");
2836 if (IS_ERR(common
->thread_task
)) {
2837 rc
= PTR_ERR(common
->thread_task
);
2840 init_completion(&common
->thread_notifier
);
2841 init_waitqueue_head(&common
->fsg_wait
);
2844 INFO(common
, FSG_DRIVER_DESC
", version: " FSG_DRIVER_VERSION
"\n");
2845 INFO(common
, "Number of LUNs=%d\n", common
->nluns
);
2847 pathbuf
= kmalloc(PATH_MAX
, GFP_KERNEL
);
2848 for (i
= 0, nluns
= common
->nluns
, curlun
= common
->luns
;
2851 char *p
= "(no medium)";
2852 if (fsg_lun_is_open(curlun
)) {
2855 p
= d_path(&curlun
->filp
->f_path
,
2861 LINFO(curlun
, "LUN: %s%s%sfile: %s\n",
2862 curlun
->removable
? "removable " : "",
2863 curlun
->ro
? "read only " : "",
2864 curlun
->cdrom
? "CD-ROM " : "",
2869 DBG(common
, "I/O thread pid: %d\n", task_pid_nr(common
->thread_task
));
2871 wake_up_process(common
->thread_task
);
2876 common
->nluns
= i
+ 1;
2878 common
->state
= FSG_STATE_TERMINATED
; /* The thread is dead */
2879 /* Call fsg_common_release() directly, ref might be not initialised. */
2880 fsg_common_release(&common
->ref
);
2884 static void fsg_common_release(struct kref
*ref
)
2886 struct fsg_common
*common
= container_of(ref
, struct fsg_common
, ref
);
2888 /* If the thread isn't already dead, tell it to exit now */
2889 if (common
->state
!= FSG_STATE_TERMINATED
) {
2890 raise_exception(common
, FSG_STATE_EXIT
);
2891 wait_for_completion(&common
->thread_notifier
);
2894 if (likely(common
->luns
)) {
2895 struct fsg_lun
*lun
= common
->luns
;
2896 unsigned i
= common
->nluns
;
2898 /* In error recovery common->nluns may be zero. */
2899 for (; i
; --i
, ++lun
) {
2900 device_remove_file(&lun
->dev
, &dev_attr_nofua
);
2901 device_remove_file(&lun
->dev
,
2903 ? &dev_attr_ro_cdrom
2905 device_remove_file(&lun
->dev
,
2908 : &dev_attr_file_nonremovable
);
2910 device_unregister(&lun
->dev
);
2913 kfree(common
->luns
);
2917 struct fsg_buffhd
*bh
= common
->buffhds
;
2918 unsigned i
= fsg_num_buffers
;
2921 } while (++bh
, --i
);
2924 kfree(common
->buffhds
);
2925 if (common
->free_storage_on_release
)
2930 /*-------------------------------------------------------------------------*/
2932 static void fsg_unbind(struct usb_configuration
*c
, struct usb_function
*f
)
2934 struct fsg_dev
*fsg
= fsg_from_func(f
);
2935 struct fsg_common
*common
= fsg
->common
;
2937 DBG(fsg
, "unbind\n");
2938 if (fsg
->common
->fsg
== fsg
) {
2939 fsg
->common
->new_fsg
= NULL
;
2940 raise_exception(fsg
->common
, FSG_STATE_CONFIG_CHANGE
);
2941 /* FIXME: make interruptible or killable somehow? */
2942 wait_event(common
->fsg_wait
, common
->fsg
!= fsg
);
2945 fsg_common_put(common
);
2946 usb_free_all_descriptors(&fsg
->function
);
2950 static int fsg_bind(struct usb_configuration
*c
, struct usb_function
*f
)
2952 struct fsg_dev
*fsg
= fsg_from_func(f
);
2953 struct usb_gadget
*gadget
= c
->cdev
->gadget
;
2959 fsg
->gadget
= gadget
;
2962 i
= usb_interface_id(c
, f
);
2965 fsg_intf_desc
.bInterfaceNumber
= i
;
2966 fsg
->interface_number
= i
;
2968 /* Find all the endpoints we will use */
2969 ep
= usb_ep_autoconfig(gadget
, &fsg_fs_bulk_in_desc
);
2972 ep
->driver_data
= fsg
->common
; /* claim the endpoint */
2975 ep
= usb_ep_autoconfig(gadget
, &fsg_fs_bulk_out_desc
);
2978 ep
->driver_data
= fsg
->common
; /* claim the endpoint */
2981 /* Assume endpoint addresses are the same for both speeds */
2982 fsg_hs_bulk_in_desc
.bEndpointAddress
=
2983 fsg_fs_bulk_in_desc
.bEndpointAddress
;
2984 fsg_hs_bulk_out_desc
.bEndpointAddress
=
2985 fsg_fs_bulk_out_desc
.bEndpointAddress
;
2987 /* Calculate bMaxBurst, we know packet size is 1024 */
2988 max_burst
= min_t(unsigned, FSG_BUFLEN
/ 1024, 15);
2990 fsg_ss_bulk_in_desc
.bEndpointAddress
=
2991 fsg_fs_bulk_in_desc
.bEndpointAddress
;
2992 fsg_ss_bulk_in_comp_desc
.bMaxBurst
= max_burst
;
2994 fsg_ss_bulk_out_desc
.bEndpointAddress
=
2995 fsg_fs_bulk_out_desc
.bEndpointAddress
;
2996 fsg_ss_bulk_out_comp_desc
.bMaxBurst
= max_burst
;
2998 ret
= usb_assign_descriptors(f
, fsg_fs_function
, fsg_hs_function
,
3006 ERROR(fsg
, "unable to autoconfigure all endpoints\n");
3010 /****************************** ADD FUNCTION ******************************/
3012 static struct usb_gadget_strings
*fsg_strings_array
[] = {
3017 static int fsg_bind_config(struct usb_composite_dev
*cdev
,
3018 struct usb_configuration
*c
,
3019 struct fsg_common
*common
)
3021 struct fsg_dev
*fsg
;
3024 fsg
= kzalloc(sizeof *fsg
, GFP_KERNEL
);
3028 fsg
->function
.name
= FSG_DRIVER_DESC
;
3029 fsg
->function
.strings
= fsg_strings_array
;
3030 fsg
->function
.bind
= fsg_bind
;
3031 fsg
->function
.unbind
= fsg_unbind
;
3032 fsg
->function
.setup
= fsg_setup
;
3033 fsg
->function
.set_alt
= fsg_set_alt
;
3034 fsg
->function
.disable
= fsg_disable
;
3036 fsg
->common
= common
;
3038 * Our caller holds a reference to common structure so we
3039 * don't have to be worry about it being freed until we return
3040 * from this function. So instead of incrementing counter now
3041 * and decrement in error recovery we increment it only when
3042 * call to usb_add_function() was successful.
3045 rc
= usb_add_function(c
, &fsg
->function
);
3049 fsg_common_get(fsg
->common
);
3054 /************************* Module parameters *************************/
3056 struct fsg_module_parameters
{
3057 char *file
[FSG_MAX_LUNS
];
3058 bool ro
[FSG_MAX_LUNS
];
3059 bool removable
[FSG_MAX_LUNS
];
3060 bool cdrom
[FSG_MAX_LUNS
];
3061 bool nofua
[FSG_MAX_LUNS
];
3063 unsigned int file_count
, ro_count
, removable_count
, cdrom_count
;
3064 unsigned int nofua_count
;
3065 unsigned int luns
; /* nluns */
3066 bool stall
; /* can_stall */
3069 #define _FSG_MODULE_PARAM_ARRAY(prefix, params, name, type, desc) \
3070 module_param_array_named(prefix ## name, params.name, type, \
3071 &prefix ## params.name ## _count, \
3073 MODULE_PARM_DESC(prefix ## name, desc)
3075 #define _FSG_MODULE_PARAM(prefix, params, name, type, desc) \
3076 module_param_named(prefix ## name, params.name, type, \
3078 MODULE_PARM_DESC(prefix ## name, desc)
3080 #define FSG_MODULE_PARAMETERS(prefix, params) \
3081 _FSG_MODULE_PARAM_ARRAY(prefix, params, file, charp, \
3082 "names of backing files or devices"); \
3083 _FSG_MODULE_PARAM_ARRAY(prefix, params, ro, bool, \
3084 "true to force read-only"); \
3085 _FSG_MODULE_PARAM_ARRAY(prefix, params, removable, bool, \
3086 "true to simulate removable media"); \
3087 _FSG_MODULE_PARAM_ARRAY(prefix, params, cdrom, bool, \
3088 "true to simulate CD-ROM instead of disk"); \
3089 _FSG_MODULE_PARAM_ARRAY(prefix, params, nofua, bool, \
3090 "true to ignore SCSI WRITE(10,12) FUA bit"); \
3091 _FSG_MODULE_PARAM(prefix, params, luns, uint, \
3092 "number of LUNs"); \
3093 _FSG_MODULE_PARAM(prefix, params, stall, bool, \
3094 "false to prevent bulk stalls")
3097 fsg_config_from_params(struct fsg_config
*cfg
,
3098 const struct fsg_module_parameters
*params
)
3100 struct fsg_lun_config
*lun
;
3103 /* Configure LUNs */
3105 min(params
->luns
?: (params
->file_count
?: 1u),
3106 (unsigned)FSG_MAX_LUNS
);
3107 for (i
= 0, lun
= cfg
->luns
; i
< cfg
->nluns
; ++i
, ++lun
) {
3108 lun
->ro
= !!params
->ro
[i
];
3109 lun
->cdrom
= !!params
->cdrom
[i
];
3110 lun
->removable
= !!params
->removable
[i
];
3112 params
->file_count
> i
&& params
->file
[i
][0]
3117 /* Let MSF use defaults */
3118 cfg
->vendor_name
= 0;
3119 cfg
->product_name
= 0;
3122 cfg
->private_data
= NULL
;
3125 cfg
->can_stall
= params
->stall
;
3128 static inline struct fsg_common
*
3129 fsg_common_from_params(struct fsg_common
*common
,
3130 struct usb_composite_dev
*cdev
,
3131 const struct fsg_module_parameters
*params
)
3132 __attribute__((unused
));
3133 static inline struct fsg_common
*
3134 fsg_common_from_params(struct fsg_common
*common
,
3135 struct usb_composite_dev
*cdev
,
3136 const struct fsg_module_parameters
*params
)
3138 struct fsg_config cfg
;
3139 fsg_config_from_params(&cfg
, params
);
3140 return fsg_common_init(common
, cdev
, &cfg
);