]> Git Repo - linux.git/blame - drivers/usb/gadget/function/f_fs.c
projects / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
[linux.git] / drivers / usb / gadget / function / f_fs.c
CommitLineData
5fd54ace 1// SPDX-License-Identifier: GPL-2.0+
ddf8abd2 2/*
5ab54cf7 3 * f_fs.c -- user mode file system API for USB composite function controllers
ddf8abd2
MN		 4 *
5 * Copyright (C) 2010 Samsung Electronics
54b8360f 6 * Author: Michal Nazarewicz <[email protected]>
ddf8abd2 7 *
5ab54cf7 8 * Based on inode.c (GadgetFS) which was:
ddf8abd2
MN		 9 * Copyright (C) 2003-2004 David Brownell
10 * Copyright (C) 2003 Agilent Technologies
ddf8abd2
MN		 11 */
12
13
14/* #define DEBUG */
15/* #define VERBOSE_DEBUG */
16
17#include <linux/blkdev.h>
b0608690 18#include <linux/pagemap.h>
f940fcd8 19#include <linux/export.h>
560f1187 20#include <linux/hid.h>
5920cda6 21#include <linux/module.h>
174cd4b1 22#include <linux/sched/signal.h>
e2e40f2c 23#include <linux/uio.h>
ddf8abd2 24#include <asm/unaligned.h>
ddf8abd2
MN		 25
26#include <linux/usb/composite.h>
27#include <linux/usb/functionfs.h>
28
2e4c7553
RB		 29#include <linux/aio.h>
30#include <linux/mmu_context.h>
23de91e9 31#include <linux/poll.h>
5e33f6fd 32#include <linux/eventfd.h>
23de91e9 33
e72c39c0 34#include "u_fs.h"
74d48466 35#include "u_f.h"
f0175ab5 36#include "u_os_desc.h"
b658499f 37#include "configfs.h"
ddf8abd2
MN		 38
39#define FUNCTIONFS_MAGIC 0xa647361 /* Chosen by a honest dice roll ;) */
40
ddf8abd2
MN		 41/* Reference counter handling */
42static void ffs_data_get(struct ffs_data *ffs);
43static void ffs_data_put(struct ffs_data *ffs);
44/* Creates new ffs_data object. */
addfc582
JK		 45static struct ffs_data *__must_check ffs_data_new(const char *dev_name)
46 __attribute__((malloc));
ddf8abd2
MN		 47
48/* Opened counter handling. */
49static void ffs_data_opened(struct ffs_data *ffs);
50static void ffs_data_closed(struct ffs_data *ffs);
51
5ab54cf7 52/* Called with ffs->mutex held; take over ownership of data. */
ddf8abd2
MN		 53static int __must_check
54__ffs_data_got_descs(struct ffs_data *ffs, char *data, size_t len);
55static int __must_check
56__ffs_data_got_strings(struct ffs_data *ffs, char *data, size_t len);
57
58
59/* The function structure ***************************************************/
60
61struct ffs_ep;
62
63struct ffs_function {
64 struct usb_configuration *conf;
65 struct usb_gadget *gadget;
66 struct ffs_data *ffs;
67
68 struct ffs_ep *eps;
69 u8 eps_revmap[16];
70 short *interfaces_nums;
71
72 struct usb_function function;
73};
74
75
76static struct ffs_function *ffs_func_from_usb(struct usb_function *f)
77{
78 return container_of(f, struct ffs_function, function);
79}
80
ddf8abd2 81
a7ecf054
MN		 82static inline enum ffs_setup_state
83ffs_setup_state_clear_cancelled(struct ffs_data *ffs)
84{
85 return (enum ffs_setup_state)
86 cmpxchg(&ffs->setup_state, FFS_SETUP_CANCELLED, FFS_NO_SETUP);
87}
88
89
ddf8abd2
MN		 90static void ffs_func_eps_disable(struct ffs_function *func);
91static int __must_check ffs_func_eps_enable(struct ffs_function *func);
92
ddf8abd2
MN		 93static int ffs_func_bind(struct usb_configuration *,
94 struct usb_function *);
ddf8abd2
MN		 95static int ffs_func_set_alt(struct usb_function *, unsigned, unsigned);
96static void ffs_func_disable(struct usb_function *);
97static int ffs_func_setup(struct usb_function *,
98 const struct usb_ctrlrequest *);
54dfce6d 99static bool ffs_func_req_match(struct usb_function *,
1a00b457
FH		 100 const struct usb_ctrlrequest *,
101 bool config0);
ddf8abd2
MN		 102static void ffs_func_suspend(struct usb_function *);
103static void ffs_func_resume(struct usb_function *);
104
105
106static int ffs_func_revmap_ep(struct ffs_function *func, u8 num);
107static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf);
108
109
ddf8abd2
MN		 110/* The endpoints structures *************************************************/
111
112struct ffs_ep {
113 struct usb_ep *ep; /* P: ffs->eps_lock */
114 struct usb_request *req; /* P: epfile->mutex */
115
8d4e897b
MG		 116 /* [0]: full speed, [1]: high speed, [2]: super speed */
117 struct usb_endpoint_descriptor *descs[3];
ddf8abd2
MN		 118
119 u8 num;
120
121 int status; /* P: epfile->mutex */
122};
123
124struct ffs_epfile {
125 /* Protects ep->ep and ep->req. */
126 struct mutex mutex;
ddf8abd2
MN		 127
128 struct ffs_data *ffs;
129 struct ffs_ep *ep; /* P: ffs->eps_lock */
130
131 struct dentry *dentry;
132
9353afbb
MN		 133 /*
134 * Buffer for holding data from partial reads which may happen since
135 * we’re rounding user read requests to a multiple of a max packet size.
a9e6f83c
MN		 136 *
137 * The pointer is initialised with NULL value and may be set by
138 * __ffs_epfile_read_data function to point to a temporary buffer.
139 *
140 * In normal operation, calls to __ffs_epfile_read_buffered will consume
141 * data from said buffer and eventually free it. Importantly, while the
142 * function is using the buffer, it sets the pointer to NULL. This is
143 * all right since __ffs_epfile_read_data and __ffs_epfile_read_buffered
144 * can never run concurrently (they are synchronised by epfile->mutex)
145 * so the latter will not assign a new value to the pointer.
146 *
147 * Meanwhile ffs_func_eps_disable frees the buffer (if the pointer is
148 * valid) and sets the pointer to READ_BUFFER_DROP value. This special
149 * value is crux of the synchronisation between ffs_func_eps_disable and
150 * __ffs_epfile_read_data.
151 *
152 * Once __ffs_epfile_read_data is about to finish it will try to set the
153 * pointer back to its old value (as described above), but seeing as the
154 * pointer is not-NULL (namely READ_BUFFER_DROP) it will instead free
155 * the buffer.
156 *
157 * == State transitions ==
158 *
159 * • ptr == NULL: (initial state)
160 * ◦ __ffs_epfile_read_buffer_free: go to ptr == DROP
161 * ◦ __ffs_epfile_read_buffered: nop
162 * ◦ __ffs_epfile_read_data allocates temp buffer: go to ptr == buf
163 * ◦ reading finishes: n/a, not in ‘and reading’ state
164 * • ptr == DROP:
165 * ◦ __ffs_epfile_read_buffer_free: nop
166 * ◦ __ffs_epfile_read_buffered: go to ptr == NULL
167 * ◦ __ffs_epfile_read_data allocates temp buffer: free buf, nop
168 * ◦ reading finishes: n/a, not in ‘and reading’ state
169 * • ptr == buf:
170 * ◦ __ffs_epfile_read_buffer_free: free buf, go to ptr == DROP
171 * ◦ __ffs_epfile_read_buffered: go to ptr == NULL and reading
172 * ◦ __ffs_epfile_read_data: n/a, __ffs_epfile_read_buffered
173 * is always called first
174 * ◦ reading finishes: n/a, not in ‘and reading’ state
175 * • ptr == NULL and reading:
176 * ◦ __ffs_epfile_read_buffer_free: go to ptr == DROP and reading
177 * ◦ __ffs_epfile_read_buffered: n/a, mutex is held
178 * ◦ __ffs_epfile_read_data: n/a, mutex is held
179 * ◦ reading finishes and …
180 * … all data read: free buf, go to ptr == NULL
181 * … otherwise: go to ptr == buf and reading
182 * • ptr == DROP and reading:
183 * ◦ __ffs_epfile_read_buffer_free: nop
184 * ◦ __ffs_epfile_read_buffered: n/a, mutex is held
185 * ◦ __ffs_epfile_read_data: n/a, mutex is held
186 * ◦ reading finishes: free buf, go to ptr == DROP
9353afbb 187 */
a9e6f83c
MN		 188 struct ffs_buffer *read_buffer;
189#define READ_BUFFER_DROP ((struct ffs_buffer *)ERR_PTR(-ESHUTDOWN))
9353afbb 190
ddf8abd2
MN		 191 char name[5];
192
193 unsigned char in; /* P: ffs->eps_lock */
194 unsigned char isoc; /* P: ffs->eps_lock */
195
196 unsigned char _pad;
197};
198
9353afbb
MN		 199struct ffs_buffer {
200 size_t length;
201 char *data;
202 char storage[];
203};
204
2e4c7553
RB		 205/* ffs_io_data structure ***************************************************/
206
207struct ffs_io_data {
208 bool aio;
209 bool read;
210
211 struct kiocb *kiocb;
c993c39b
AV		 212 struct iov_iter data;
213 const void *to_free;
214 char *buf;
2e4c7553
RB		 215
216 struct mm_struct *mm;
217 struct work_struct work;
218
219 struct usb_ep *ep;
220 struct usb_request *req;
5e33f6fd
RB		 221
222 struct ffs_data *ffs;
2e4c7553
RB		 223};
224
6d5c1c77
RB		 225struct ffs_desc_helper {
226 struct ffs_data *ffs;
227 unsigned interfaces_count;
228 unsigned eps_count;
229};
230
ddf8abd2
MN		 231static int __must_check ffs_epfiles_create(struct ffs_data *ffs);
232static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count);
233
1bb27cac 234static struct dentry *
ddf8abd2 235ffs_sb_create_file(struct super_block *sb, const char *name, void *data,
1bb27cac 236 const struct file_operations *fops);
ddf8abd2 237
4b187fce
AP		 238/* Devices management *******************************************************/
239
240DEFINE_MUTEX(ffs_lock);
0700faaf 241EXPORT_SYMBOL_GPL(ffs_lock);
4b187fce 242
da13a773
AP		 243static struct ffs_dev *_ffs_find_dev(const char *name);
244static struct ffs_dev *_ffs_alloc_dev(void);
da13a773 245static void _ffs_free_dev(struct ffs_dev *dev);
4b187fce
AP		 246static void *ffs_acquire_dev(const char *dev_name);
247static void ffs_release_dev(struct ffs_data *ffs_data);
248static int ffs_ready(struct ffs_data *ffs);
249static void ffs_closed(struct ffs_data *ffs);
ddf8abd2
MN		 250
251/* Misc helper functions ****************************************************/
252
253static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
254 __attribute__((warn_unused_result, nonnull));
260ef311 255static char *ffs_prepare_buffer(const char __user *buf, size_t len)
ddf8abd2
MN		 256 __attribute__((warn_unused_result, nonnull));
257
258
259/* Control file aka ep0 *****************************************************/
260
261static void ffs_ep0_complete(struct usb_ep *ep, struct usb_request *req)
262{
263 struct ffs_data *ffs = req->context;
264
5bdcde90 265 complete(&ffs->ep0req_completion);
ddf8abd2
MN		 266}
267
ddf8abd2 268static int __ffs_ep0_queue_wait(struct ffs_data *ffs, char *data, size_t len)
c40619bb 269 __releases(&ffs->ev.waitq.lock)
ddf8abd2
MN		 270{
271 struct usb_request *req = ffs->ep0req;
272 int ret;
273
274 req->zero = len < le16_to_cpu(ffs->ev.setup.wLength);
275
276 spin_unlock_irq(&ffs->ev.waitq.lock);
277
278 req->buf = data;
279 req->length = len;
280
ce1fd358
MS		 281 /*
282 * UDC layer requires to provide a buffer even for ZLP, but should
283 * not use it at all. Let's provide some poisoned pointer to catch
284 * possible bug in the driver.
285 */
286 if (req->buf == NULL)
287 req->buf = (void *)0xDEADBABE;
288
16735d02 289 reinit_completion(&ffs->ep0req_completion);
ddf8abd2
MN		 290
291 ret = usb_ep_queue(ffs->gadget->ep0, req, GFP_ATOMIC);
292 if (unlikely(ret < 0))
293 return ret;
294
295 ret = wait_for_completion_interruptible(&ffs->ep0req_completion);
296 if (unlikely(ret)) {
297 usb_ep_dequeue(ffs->gadget->ep0, req);
298 return -EINTR;
299 }
300
301 ffs->setup_state = FFS_NO_SETUP;
0a7b1f8a 302 return req->status ? req->status : req->actual;
ddf8abd2
MN		 303}
304
305static int __ffs_ep0_stall(struct ffs_data *ffs)
306{
307 if (ffs->ev.can_stall) {
aa02f172 308 pr_vdebug("ep0 stall\n");
ddf8abd2
MN		 309 usb_ep_set_halt(ffs->gadget->ep0);
310 ffs->setup_state = FFS_NO_SETUP;
311 return -EL2HLT;
312 } else {
aa02f172 313 pr_debug("bogus ep0 stall!\n");
ddf8abd2
MN		 314 return -ESRCH;
315 }
316}
317
ddf8abd2
MN		 318static ssize_t ffs_ep0_write(struct file *file, const char __user *buf,
319 size_t len, loff_t *ptr)
320{
321 struct ffs_data *ffs = file->private_data;
322 ssize_t ret;
323 char *data;
324
325 ENTER();
326
327 /* Fast check if setup was canceled */
a7ecf054 328 if (ffs_setup_state_clear_cancelled(ffs) == FFS_SETUP_CANCELLED)
ddf8abd2
MN		 329 return -EIDRM;
330
331 /* Acquire mutex */
332 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
333 if (unlikely(ret < 0))
334 return ret;
335
ddf8abd2
MN		 336 /* Check state */
337 switch (ffs->state) {
338 case FFS_READ_DESCRIPTORS:
339 case FFS_READ_STRINGS:
340 /* Copy data */
341 if (unlikely(len < 16)) {
342 ret = -EINVAL;
343 break;
344 }
345
346 data = ffs_prepare_buffer(buf, len);
537baabb 347 if (IS_ERR(data)) {
ddf8abd2
MN		 348 ret = PTR_ERR(data);
349 break;
350 }
351
352 /* Handle data */
353 if (ffs->state == FFS_READ_DESCRIPTORS) {
aa02f172 354 pr_info("read descriptors\n");
ddf8abd2
MN		 355 ret = __ffs_data_got_descs(ffs, data, len);
356 if (unlikely(ret < 0))
357 break;
358
359 ffs->state = FFS_READ_STRINGS;
360 ret = len;
361 } else {
aa02f172 362 pr_info("read strings\n");
ddf8abd2
MN		 363 ret = __ffs_data_got_strings(ffs, data, len);
364 if (unlikely(ret < 0))
365 break;
366
367 ret = ffs_epfiles_create(ffs);
368 if (unlikely(ret)) {
369 ffs->state = FFS_CLOSING;
370 break;
371 }
372
373 ffs->state = FFS_ACTIVE;
374 mutex_unlock(&ffs->mutex);
375
4b187fce 376 ret = ffs_ready(ffs);
ddf8abd2
MN		 377 if (unlikely(ret < 0)) {
378 ffs->state = FFS_CLOSING;
379 return ret;
380 }
381
ddf8abd2
MN		 382 return len;
383 }
384 break;
385
ddf8abd2
MN		 386 case FFS_ACTIVE:
387 data = NULL;
5ab54cf7
MN		 388 /*
389 * We're called from user space, we can use _irq
390 * rather then _irqsave
391 */
ddf8abd2 392 spin_lock_irq(&ffs->ev.waitq.lock);
a7ecf054 393 switch (ffs_setup_state_clear_cancelled(ffs)) {
e46318a0 394 case FFS_SETUP_CANCELLED:
ddf8abd2
MN		 395 ret = -EIDRM;
396 goto done_spin;
397
398 case FFS_NO_SETUP:
399 ret = -ESRCH;
400 goto done_spin;
401
402 case FFS_SETUP_PENDING:
403 break;
404 }
405
406 /* FFS_SETUP_PENDING */
407 if (!(ffs->ev.setup.bRequestType & USB_DIR_IN)) {
408 spin_unlock_irq(&ffs->ev.waitq.lock);
409 ret = __ffs_ep0_stall(ffs);
410 break;
411 }
412
413 /* FFS_SETUP_PENDING and not stall */
414 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
415
416 spin_unlock_irq(&ffs->ev.waitq.lock);
417
418 data = ffs_prepare_buffer(buf, len);
537baabb 419 if (IS_ERR(data)) {
ddf8abd2
MN		 420 ret = PTR_ERR(data);
421 break;
422 }
423
424 spin_lock_irq(&ffs->ev.waitq.lock);
425
5ab54cf7
MN		 426 /*
427 * We are guaranteed to be still in FFS_ACTIVE state
ddf8abd2 428 * but the state of setup could have changed from
e46318a0 429 * FFS_SETUP_PENDING to FFS_SETUP_CANCELLED so we need
ddf8abd2 430 * to check for that. If that happened we copied data
5ab54cf7
MN		 431 * from user space in vain but it's unlikely.
432 *
433 * For sure we are not in FFS_NO_SETUP since this is
ddf8abd2
MN		 434 * the only place FFS_SETUP_PENDING -> FFS_NO_SETUP
435 * transition can be performed and it's protected by
5ab54cf7
MN		 436 * mutex.
437 */
a7ecf054
MN		 438 if (ffs_setup_state_clear_cancelled(ffs) ==
439 FFS_SETUP_CANCELLED) {
ddf8abd2
MN		 440 ret = -EIDRM;
441done_spin:
442 spin_unlock_irq(&ffs->ev.waitq.lock);
443 } else {
444 /* unlocks spinlock */
445 ret = __ffs_ep0_queue_wait(ffs, data, len);
446 }
447 kfree(data);
448 break;
449
ddf8abd2
MN		 450 default:
451 ret = -EBADFD;
452 break;
453 }
454
ddf8abd2
MN		 455 mutex_unlock(&ffs->mutex);
456 return ret;
457}
458
67913bbd 459/* Called with ffs->ev.waitq.lock and ffs->mutex held, both released on exit. */
ddf8abd2
MN		 460static ssize_t __ffs_ep0_read_events(struct ffs_data *ffs, char __user *buf,
461 size_t n)
c40619bb 462 __releases(&ffs->ev.waitq.lock)
ddf8abd2 463{
5ab54cf7 464 /*
67913bbd
MN		 465 * n cannot be bigger than ffs->ev.count, which cannot be bigger than
466 * size of ffs->ev.types array (which is four) so that's how much space
467 * we reserve.
5ab54cf7 468 */
67913bbd
MN		 469 struct usb_functionfs_event events[ARRAY_SIZE(ffs->ev.types)];
470 const size_t size = n * sizeof *events;
ddf8abd2
MN		 471 unsigned i = 0;
472
67913bbd 473 memset(events, 0, size);
ddf8abd2
MN		 474
475 do {
476 events[i].type = ffs->ev.types[i];
477 if (events[i].type == FUNCTIONFS_SETUP) {
478 events[i].u.setup = ffs->ev.setup;
479 ffs->setup_state = FFS_SETUP_PENDING;
480 }
481 } while (++i < n);
482
67913bbd
MN		 483 ffs->ev.count -= n;
484 if (ffs->ev.count)
ddf8abd2
MN		 485 memmove(ffs->ev.types, ffs->ev.types + n,
486 ffs->ev.count * sizeof *ffs->ev.types);
ddf8abd2
MN		 487
488 spin_unlock_irq(&ffs->ev.waitq.lock);
489 mutex_unlock(&ffs->mutex);
490
7fe9a937 491 return unlikely(copy_to_user(buf, events, size)) ? -EFAULT : size;
ddf8abd2
MN		 492}
493
ddf8abd2
MN		 494static ssize_t ffs_ep0_read(struct file *file, char __user *buf,
495 size_t len, loff_t *ptr)
496{
497 struct ffs_data *ffs = file->private_data;
498 char *data = NULL;
499 size_t n;
500 int ret;
501
502 ENTER();
503
504 /* Fast check if setup was canceled */
a7ecf054 505 if (ffs_setup_state_clear_cancelled(ffs) == FFS_SETUP_CANCELLED)
ddf8abd2
MN		 506 return -EIDRM;
507
508 /* Acquire mutex */
509 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
510 if (unlikely(ret < 0))
511 return ret;
512
ddf8abd2
MN		 513 /* Check state */
514 if (ffs->state != FFS_ACTIVE) {
515 ret = -EBADFD;
516 goto done_mutex;
517 }
518
5ab54cf7
MN		 519 /*
520 * We're called from user space, we can use _irq rather then
521 * _irqsave
522 */
ddf8abd2
MN		 523 spin_lock_irq(&ffs->ev.waitq.lock);
524
a7ecf054 525 switch (ffs_setup_state_clear_cancelled(ffs)) {
e46318a0 526 case FFS_SETUP_CANCELLED:
ddf8abd2
MN		 527 ret = -EIDRM;
528 break;
529
530 case FFS_NO_SETUP:
531 n = len / sizeof(struct usb_functionfs_event);
532 if (unlikely(!n)) {
533 ret = -EINVAL;
534 break;
535 }
536
537 if ((file->f_flags & O_NONBLOCK) && !ffs->ev.count) {
538 ret = -EAGAIN;
539 break;
540 }
541
5ab54cf7
MN		 542 if (wait_event_interruptible_exclusive_locked_irq(ffs->ev.waitq,
543 ffs->ev.count)) {
ddf8abd2
MN		 544 ret = -EINTR;
545 break;
546 }
547
c40619bb 548 /* unlocks spinlock */
ddf8abd2
MN		 549 return __ffs_ep0_read_events(ffs, buf,
550 min(n, (size_t)ffs->ev.count));
551
ddf8abd2
MN		 552 case FFS_SETUP_PENDING:
553 if (ffs->ev.setup.bRequestType & USB_DIR_IN) {
554 spin_unlock_irq(&ffs->ev.waitq.lock);
555 ret = __ffs_ep0_stall(ffs);
556 goto done_mutex;
557 }
558
559 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
560
561 spin_unlock_irq(&ffs->ev.waitq.lock);
562
563 if (likely(len)) {
564 data = kmalloc(len, GFP_KERNEL);
565 if (unlikely(!data)) {
566 ret = -ENOMEM;
567 goto done_mutex;
568 }
569 }
570
571 spin_lock_irq(&ffs->ev.waitq.lock);
572
573 /* See ffs_ep0_write() */
a7ecf054
MN		 574 if (ffs_setup_state_clear_cancelled(ffs) ==
575 FFS_SETUP_CANCELLED) {
ddf8abd2
MN		 576 ret = -EIDRM;
577 break;
578 }
579
580 /* unlocks spinlock */
581 ret = __ffs_ep0_queue_wait(ffs, data, len);
7fe9a937 582 if (likely(ret > 0) && unlikely(copy_to_user(buf, data, len)))
ddf8abd2
MN		 583 ret = -EFAULT;
584 goto done_mutex;
585
586 default:
587 ret = -EBADFD;
588 break;
589 }
590
591 spin_unlock_irq(&ffs->ev.waitq.lock);
592done_mutex:
593 mutex_unlock(&ffs->mutex);
594 kfree(data);
595 return ret;
596}
597
ddf8abd2
MN		 598static int ffs_ep0_open(struct inode *inode, struct file *file)
599{
600 struct ffs_data *ffs = inode->i_private;
601
602 ENTER();
603
604 if (unlikely(ffs->state == FFS_CLOSING))
605 return -EBUSY;
606
607 file->private_data = ffs;
608 ffs_data_opened(ffs);
609
610 return 0;
611}
612
ddf8abd2
MN		 613static int ffs_ep0_release(struct inode *inode, struct file *file)
614{
615 struct ffs_data *ffs = file->private_data;
616
617 ENTER();
618
619 ffs_data_closed(ffs);
620
621 return 0;
622}
623
ddf8abd2
MN		 624static long ffs_ep0_ioctl(struct file *file, unsigned code, unsigned long value)
625{
626 struct ffs_data *ffs = file->private_data;
627 struct usb_gadget *gadget = ffs->gadget;
628 long ret;
629
630 ENTER();
631
632 if (code == FUNCTIONFS_INTERFACE_REVMAP) {
633 struct ffs_function *func = ffs->func;
634 ret = func ? ffs_func_revmap_intf(func, value) : -ENODEV;
92b0abf8 635 } else if (gadget && gadget->ops->ioctl) {
ddf8abd2 636 ret = gadget->ops->ioctl(gadget, code, value);
ddf8abd2
MN		 637 } else {
638 ret = -ENOTTY;
639 }
640
641 return ret;
642}
643
afc9a42b 644static __poll_t ffs_ep0_poll(struct file *file, poll_table *wait)
23de91e9
RB		 645{
646 struct ffs_data *ffs = file->private_data;
a9a08845 647 __poll_t mask = EPOLLWRNORM;
23de91e9
RB		 648 int ret;
649
650 poll_wait(file, &ffs->ev.waitq, wait);
651
652 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
653 if (unlikely(ret < 0))
654 return mask;
655
656 switch (ffs->state) {
657 case FFS_READ_DESCRIPTORS:
658 case FFS_READ_STRINGS:
a9a08845 659 mask |= EPOLLOUT;
23de91e9
RB		 660 break;
661
662 case FFS_ACTIVE:
663 switch (ffs->setup_state) {
664 case FFS_NO_SETUP:
665 if (ffs->ev.count)
a9a08845 666 mask |= EPOLLIN;
23de91e9
RB		 667 break;
668
669 case FFS_SETUP_PENDING:
670 case FFS_SETUP_CANCELLED:
a9a08845 671 mask |= (EPOLLIN | EPOLLOUT);
23de91e9
RB		 672 break;
673 }
674 case FFS_CLOSING:
675 break;
18d6b32f
RB		 676 case FFS_DEACTIVATED:
677 break;
23de91e9
RB		 678 }
679
680 mutex_unlock(&ffs->mutex);
681
682 return mask;
683}
684
ddf8abd2 685static const struct file_operations ffs_ep0_operations = {
ddf8abd2
MN		 686 .llseek = no_llseek,
687
688 .open = ffs_ep0_open,
689 .write = ffs_ep0_write,
690 .read = ffs_ep0_read,
691 .release = ffs_ep0_release,
692 .unlocked_ioctl = ffs_ep0_ioctl,
23de91e9 693 .poll = ffs_ep0_poll,
ddf8abd2
MN		 694};
695
696
697/* "Normal" endpoints operations ********************************************/
698
ddf8abd2
MN		 699static void ffs_epfile_io_complete(struct usb_ep *_ep, struct usb_request *req)
700{
701 ENTER();
702 if (likely(req->context)) {
703 struct ffs_ep *ep = _ep->driver_data;
704 ep->status = req->status ? req->status : req->actual;
705 complete(req->context);
706 }
707}
708
c662a31b
MN		 709static ssize_t ffs_copy_to_iter(void *data, int data_len, struct iov_iter *iter)
710{
711 ssize_t ret = copy_to_iter(data, data_len, iter);
712 if (likely(ret == data_len))
713 return ret;
714
715 if (unlikely(iov_iter_count(iter)))
716 return -EFAULT;
717
718 /*
719 * Dear user space developer!
720 *
721 * TL;DR: To stop getting below error message in your kernel log, change
722 * user space code using functionfs to align read buffers to a max
723 * packet size.
724 *
725 * Some UDCs (e.g. dwc3) require request sizes to be a multiple of a max
726 * packet size. When unaligned buffer is passed to functionfs, it
727 * internally uses a larger, aligned buffer so that such UDCs are happy.
728 *
729 * Unfortunately, this means that host may send more data than was
730 * requested in read(2) system call. f_fs doesn’t know what to do with
731 * that excess data so it simply drops it.
732 *
733 * Was the buffer aligned in the first place, no such problem would
734 * happen.
735 *
9353afbb
MN		 736 * Data may be dropped only in AIO reads. Synchronous reads are handled
737 * by splitting a request into multiple parts. This splitting may still
738 * be a problem though so it’s likely best to align the buffer
739 * regardless of it being AIO or not..
740 *
c662a31b
MN		 741 * This only affects OUT endpoints, i.e. reading data with a read(2),
742 * aio_read(2) etc. system calls. Writing data to an IN endpoint is not
743 * affected.
744 */
745 pr_err("functionfs read size %d > requested size %zd, dropping excess data. "
746 "Align read buffer size to max packet size to avoid the problem.\n",
747 data_len, ret);
748
749 return ret;
750}
751
2e4c7553
RB		 752static void ffs_user_copy_worker(struct work_struct *work)
753{
754 struct ffs_io_data *io_data = container_of(work, struct ffs_io_data,
755 work);
756 int ret = io_data->req->status ? io_data->req->status :
757 io_data->req->actual;
38740a5b 758 bool kiocb_has_eventfd = io_data->kiocb->ki_flags & IOCB_EVENTFD;
2e4c7553
RB		 759
760 if (io_data->read && ret > 0) {
4058ebf3
LPC		 761 mm_segment_t oldfs = get_fs();
762
763 set_fs(USER_DS);
2e4c7553 764 use_mm(io_data->mm);
c662a31b 765 ret = ffs_copy_to_iter(io_data->buf, ret, &io_data->data);
2e4c7553 766 unuse_mm(io_data->mm);
4058ebf3 767 set_fs(oldfs);
2e4c7553
RB		 768 }
769
04b2fa9f 770 io_data->kiocb->ki_complete(io_data->kiocb, ret, ret);
2e4c7553 771
38740a5b 772 if (io_data->ffs->ffs_eventfd && !kiocb_has_eventfd)
5e33f6fd
RB		 773 eventfd_signal(io_data->ffs->ffs_eventfd, 1);
774
2e4c7553
RB		 775 usb_ep_free_request(io_data->ep, io_data->req);
776
2e4c7553 777 if (io_data->read)
c993c39b 778 kfree(io_data->to_free);
2e4c7553
RB		 779 kfree(io_data->buf);
780 kfree(io_data);
781}
782
783static void ffs_epfile_async_io_complete(struct usb_ep *_ep,
784 struct usb_request *req)
785{
786 struct ffs_io_data *io_data = req->context;
addfc582 787 struct ffs_data *ffs = io_data->ffs;
2e4c7553
RB		 788
789 ENTER();
790
791 INIT_WORK(&io_data->work, ffs_user_copy_worker);
addfc582 792 queue_work(ffs->io_completion_wq, &io_data->work);
2e4c7553
RB		 793}
794
a9e6f83c
MN		 795static void __ffs_epfile_read_buffer_free(struct ffs_epfile *epfile)
796{
797 /*
798 * See comment in struct ffs_epfile for full read_buffer pointer
799 * synchronisation story.
800 */
801 struct ffs_buffer *buf = xchg(&epfile->read_buffer, READ_BUFFER_DROP);
802 if (buf && buf != READ_BUFFER_DROP)
803 kfree(buf);
804}
805
9353afbb
MN		 806/* Assumes epfile->mutex is held. */
807static ssize_t __ffs_epfile_read_buffered(struct ffs_epfile *epfile,
808 struct iov_iter *iter)
809{
a9e6f83c
MN		 810 /*
811 * Null out epfile->read_buffer so ffs_func_eps_disable does not free
812 * the buffer while we are using it. See comment in struct ffs_epfile
813 * for full read_buffer pointer synchronisation story.
814 */
815 struct ffs_buffer *buf = xchg(&epfile->read_buffer, NULL);
9353afbb 816 ssize_t ret;
a9e6f83c 817 if (!buf || buf == READ_BUFFER_DROP)
9353afbb
MN		 818 return 0;
819
820 ret = copy_to_iter(buf->data, buf->length, iter);
821 if (buf->length == ret) {
822 kfree(buf);
a9e6f83c
MN		 823 return ret;
824 }
825
826 if (unlikely(iov_iter_count(iter))) {
9353afbb
MN		 827 ret = -EFAULT;
828 } else {
829 buf->length -= ret;
830 buf->data += ret;
831 }
a9e6f83c
MN		 832
833 if (cmpxchg(&epfile->read_buffer, NULL, buf))
834 kfree(buf);
835
9353afbb
MN		 836 return ret;
837}
838
839/* Assumes epfile->mutex is held. */
840static ssize_t __ffs_epfile_read_data(struct ffs_epfile *epfile,
841 void *data, int data_len,
842 struct iov_iter *iter)
843{
844 struct ffs_buffer *buf;
845
846 ssize_t ret = copy_to_iter(data, data_len, iter);
847 if (likely(data_len == ret))
848 return ret;
849
850 if (unlikely(iov_iter_count(iter)))
851 return -EFAULT;
852
853 /* See ffs_copy_to_iter for more context. */
854 pr_warn("functionfs read size %d > requested size %zd, splitting request into multiple reads.",
855 data_len, ret);
856
857 data_len -= ret;
858 buf = kmalloc(sizeof(*buf) + data_len, GFP_KERNEL);
44963d64
DC		 859 if (!buf)
860 return -ENOMEM;
9353afbb
MN		 861 buf->length = data_len;
862 buf->data = buf->storage;
863 memcpy(buf->storage, data + ret, data_len);
a9e6f83c
MN		 864
865 /*
866 * At this point read_buffer is NULL or READ_BUFFER_DROP (if
867 * ffs_func_eps_disable has been called in the meanwhile). See comment
868 * in struct ffs_epfile for full read_buffer pointer synchronisation
869 * story.
870 */
871 if (unlikely(cmpxchg(&epfile->read_buffer, NULL, buf)))
872 kfree(buf);
9353afbb
MN		 873
874 return ret;
875}
876
2e4c7553 877static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
ddf8abd2
MN		 878{
879 struct ffs_epfile *epfile = file->private_data;
ae76e134 880 struct usb_request *req;
ddf8abd2
MN		 881 struct ffs_ep *ep;
882 char *data = NULL;
c0d31b3c 883 ssize_t ret, data_len = -EINVAL;
ddf8abd2
MN		 884 int halt;
885
7fa68034 886 /* Are we still active? */
b3591f67
MN		 887 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
888 return -ENODEV;
ddf8abd2 889
7fa68034
MN		 890 /* Wait for endpoint to be enabled */
891 ep = epfile->ep;
892 if (!ep) {
b3591f67
MN		 893 if (file->f_flags & O_NONBLOCK)
894 return -EAGAIN;
ddf8abd2 895
e16828cf
JZ		 896 ret = wait_event_interruptible(
897 epfile->ffs->wait, (ep = epfile->ep));
b3591f67
MN		 898 if (ret)
899 return -EINTR;
7fa68034 900 }
ddf8abd2 901
7fa68034 902 /* Do we halt? */
2e4c7553 903 halt = (!io_data->read == !epfile->in);
b3591f67
MN		 904 if (halt && epfile->isoc)
905 return -EINVAL;
ddf8abd2 906
9353afbb
MN		 907 /* We will be using request and read_buffer */
908 ret = ffs_mutex_lock(&epfile->mutex, file->f_flags & O_NONBLOCK);
909 if (unlikely(ret))
910 goto error;
911
7fa68034
MN		 912 /* Allocate & copy */
913 if (!halt) {
9353afbb
MN		 914 struct usb_gadget *gadget;
915
916 /*
917 * Do we have buffered data from previous partial read? Check
918 * that for synchronous case only because we do not have
919 * facility to ‘wake up’ a pending asynchronous read and push
920 * buffered data to it which we would need to make things behave
921 * consistently.
922 */
923 if (!io_data->aio && io_data->read) {
924 ret = __ffs_epfile_read_buffered(epfile, &io_data->data);
925 if (ret)
926 goto error_mutex;
927 }
928
f0f42204
AP		 929 /*
930 * if we _do_ wait above, the epfile->ffs->gadget might be NULL
ae76e134
MN		 931 * before the waiting completes, so do not assign to 'gadget'
932 * earlier
f0f42204 933 */
9353afbb 934 gadget = epfile->ffs->gadget;
f0f42204 935
97839ca4
CB		 936 spin_lock_irq(&epfile->ffs->eps_lock);
937 /* In the meantime, endpoint got disabled or changed. */
938 if (epfile->ep != ep) {
9353afbb
MN		 939 ret = -ESHUTDOWN;
940 goto error_lock;
97839ca4 941 }
c993c39b 942 data_len = iov_iter_count(&io_data->data);
219580e6
MN		 943 /*
944 * Controller may require buffer size to be aligned to
945 * maxpacketsize of an out endpoint.
946 */
c993c39b
AV		 947 if (io_data->read)
948 data_len = usb_ep_align_maybe(gadget, ep->ep, data_len);
97839ca4 949 spin_unlock_irq(&epfile->ffs->eps_lock);
219580e6
MN		 950
951 data = kmalloc(data_len, GFP_KERNEL);
9353afbb
MN		 952 if (unlikely(!data)) {
953 ret = -ENOMEM;
954 goto error_mutex;
955 }
956 if (!io_data->read &&
cbbd26b8 957 !copy_from_iter_full(data, data_len, &io_data->data)) {
9353afbb
MN		 958 ret = -EFAULT;
959 goto error_mutex;
7fa68034
MN		 960 }
961 }
ddf8abd2 962
7fa68034 963 spin_lock_irq(&epfile->ffs->eps_lock);
ddf8abd2 964
7fa68034
MN		 965 if (epfile->ep != ep) {
966 /* In the meantime, endpoint got disabled or changed. */
967 ret = -ESHUTDOWN;
7fa68034 968 } else if (halt) {
cdff9f8e
JZ		 969 ret = usb_ep_set_halt(ep->ep);
970 if (!ret)
971 ret = -EBADMSG;
ae76e134 972 } else if (unlikely(data_len == -EINVAL)) {
c0d31b3c
DC		 973 /*
974 * Sanity Check: even though data_len can't be used
975 * uninitialized at the time I write this comment, some
976 * compilers complain about this situation.
977 * In order to keep the code clean from warnings, data_len is
978 * being initialized to -EINVAL during its declaration, which
979 * means we can't rely on compiler anymore to warn no future
980 * changes won't result in data_len being used uninitialized.
981 * For such reason, we're adding this redundant sanity check
982 * here.
983 */
ae76e134
MN		 984 WARN(1, "%s: data_len == -EINVAL\n", __func__);
985 ret = -EINVAL;
986 } else if (!io_data->aio) {
987 DECLARE_COMPLETION_ONSTACK(done);
ef150884 988 bool interrupted = false;
ddf8abd2 989
ae76e134
MN		 990 req = ep->req;
991 req->buf = data;
992 req->length = data_len;
ddf8abd2 993
ae76e134
MN		 994 req->context = &done;
995 req->complete = ffs_epfile_io_complete;
2e4c7553 996
ae76e134
MN		 997 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
998 if (unlikely(ret < 0))
999 goto error_lock;
2e4c7553 1000
ae76e134 1001 spin_unlock_irq(&epfile->ffs->eps_lock);
2e4c7553 1002
ae76e134 1003 if (unlikely(wait_for_completion_interruptible(&done))) {
ef150884
CD		 1004 /*
1005 * To avoid race condition with ffs_epfile_io_complete,
1006 * dequeue the request first then check
1007 * status. usb_ep_dequeue API should guarantee no race
1008 * condition with req->complete callback.
1009 */
ae76e134 1010 usb_ep_dequeue(ep->ep, req);
ef150884 1011 interrupted = ep->status < 0;
ae76e134 1012 }
2e4c7553 1013
c662a31b
MN		 1014 if (interrupted)
1015 ret = -EINTR;
1016 else if (io_data->read && ep->status > 0)
9353afbb
MN		 1017 ret = __ffs_epfile_read_data(epfile, data, ep->status,
1018 &io_data->data);
c662a31b
MN		 1019 else
1020 ret = ep->status;
ae76e134 1021 goto error_mutex;
30bf90cc 1022 } else if (!(req = usb_ep_alloc_request(ep->ep, GFP_ATOMIC))) {
ae76e134
MN		 1023 ret = -ENOMEM;
1024 } else {
1025 req->buf = data;
1026 req->length = data_len;
2e4c7553 1027
ae76e134
MN		 1028 io_data->buf = data;
1029 io_data->ep = ep->ep;
1030 io_data->req = req;
1031 io_data->ffs = epfile->ffs;
2e4c7553 1032
ae76e134
MN		 1033 req->context = io_data;
1034 req->complete = ffs_epfile_async_io_complete;
2e4c7553 1035
ae76e134
MN		 1036 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
1037 if (unlikely(ret)) {
1038 usb_ep_free_request(ep->ep, req);
1039 goto error_lock;
ddf8abd2 1040 }
ddf8abd2 1041
ae76e134
MN		 1042 ret = -EIOCBQUEUED;
1043 /*
1044 * Do not kfree the buffer in this function. It will be freed
1045 * by ffs_user_copy_worker.
1046 */
1047 data = NULL;
1048 }
48968f8d
RB		 1049
1050error_lock:
1051 spin_unlock_irq(&epfile->ffs->eps_lock);
ae76e134 1052error_mutex:
48968f8d 1053 mutex_unlock(&epfile->mutex);
ddf8abd2
MN		 1054error:
1055 kfree(data);
1056 return ret;
1057}
1058
ddf8abd2
MN		 1059static int
1060ffs_epfile_open(struct inode *inode, struct file *file)
1061{
1062 struct ffs_epfile *epfile = inode->i_private;
1063
1064 ENTER();
1065
1066 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
1067 return -ENODEV;
1068
1069 file->private_data = epfile;
1070 ffs_data_opened(epfile->ffs);
1071
1072 return 0;
1073}
1074
2e4c7553
RB		 1075static int ffs_aio_cancel(struct kiocb *kiocb)
1076{
1077 struct ffs_io_data *io_data = kiocb->private;
a9c85903 1078 struct ffs_epfile *epfile = kiocb->ki_filp->private_data;
2e4c7553
RB		 1079 int value;
1080
1081 ENTER();
1082
a9c85903
SJ		 1083 spin_lock_irq(&epfile->ffs->eps_lock);
1084
1085 if (likely(io_data && io_data->ep && io_data->req))
1086 value = usb_ep_dequeue(io_data->ep, io_data->req);
1087 else
2e4c7553 1088 value = -EINVAL;
a9c85903
SJ		 1089
1090 spin_unlock_irq(&epfile->ffs->eps_lock);
2e4c7553
RB		 1091
1092 return value;
1093}
1094
70e60d91 1095static ssize_t ffs_epfile_write_iter(struct kiocb *kiocb, struct iov_iter *from)
2e4c7553 1096{
70e60d91 1097 struct ffs_io_data io_data, *p = &io_data;
de2080d4 1098 ssize_t res;
2e4c7553
RB		 1099
1100 ENTER();
1101
70e60d91
AV		 1102 if (!is_sync_kiocb(kiocb)) {
1103 p = kmalloc(sizeof(io_data), GFP_KERNEL);
1104 if (unlikely(!p))
1105 return -ENOMEM;
1106 p->aio = true;
1107 } else {
1108 p->aio = false;
1109 }
2e4c7553 1110
70e60d91
AV		 1111 p->read = false;
1112 p->kiocb = kiocb;
1113 p->data = *from;
1114 p->mm = current->mm;
2e4c7553 1115
70e60d91 1116 kiocb->private = p;
2e4c7553 1117
4088acf1
RMS		 1118 if (p->aio)
1119 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel);
2e4c7553 1120
70e60d91
AV		 1121 res = ffs_epfile_io(kiocb->ki_filp, p);
1122 if (res == -EIOCBQUEUED)
1123 return res;
1124 if (p->aio)
1125 kfree(p);
1126 else
1127 *from = p->data;
de2080d4 1128 return res;
2e4c7553
RB		 1129}
1130
70e60d91 1131static ssize_t ffs_epfile_read_iter(struct kiocb *kiocb, struct iov_iter *to)
2e4c7553 1132{
70e60d91 1133 struct ffs_io_data io_data, *p = &io_data;
de2080d4 1134 ssize_t res;
2e4c7553
RB		 1135
1136 ENTER();
1137
70e60d91
AV		 1138 if (!is_sync_kiocb(kiocb)) {
1139 p = kmalloc(sizeof(io_data), GFP_KERNEL);
1140 if (unlikely(!p))
1141 return -ENOMEM;
1142 p->aio = true;
1143 } else {
1144 p->aio = false;
2e4c7553
RB		 1145 }
1146
70e60d91
AV		 1147 p->read = true;
1148 p->kiocb = kiocb;
1149 if (p->aio) {
1150 p->to_free = dup_iter(&p->data, to, GFP_KERNEL);
1151 if (!p->to_free) {
1152 kfree(p);
1153 return -ENOMEM;
1154 }
1155 } else {
1156 p->data = *to;
1157 p->to_free = NULL;
1158 }
1159 p->mm = current->mm;
2e4c7553 1160
70e60d91 1161 kiocb->private = p;
2e4c7553 1162
4088acf1
RMS		 1163 if (p->aio)
1164 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel);
2e4c7553 1165
70e60d91
AV		 1166 res = ffs_epfile_io(kiocb->ki_filp, p);
1167 if (res == -EIOCBQUEUED)
1168 return res;
1169
1170 if (p->aio) {
1171 kfree(p->to_free);
1172 kfree(p);
1173 } else {
1174 *to = p->data;
de2080d4
AV		 1175 }
1176 return res;
2e4c7553
RB		 1177}
1178
ddf8abd2
MN		 1179static int
1180ffs_epfile_release(struct inode *inode, struct file *file)
1181{
1182 struct ffs_epfile *epfile = inode->i_private;
1183
1184 ENTER();
1185
a9e6f83c 1186 __ffs_epfile_read_buffer_free(epfile);
ddf8abd2
MN		 1187 ffs_data_closed(epfile->ffs);
1188
1189 return 0;
1190}
1191
ddf8abd2
MN		 1192static long ffs_epfile_ioctl(struct file *file, unsigned code,
1193 unsigned long value)
1194{
1195 struct ffs_epfile *epfile = file->private_data;
222155de 1196 struct ffs_ep *ep;
ddf8abd2
MN		 1197 int ret;
1198
1199 ENTER();
1200
1201 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
1202 return -ENODEV;
1203
222155de
JZ		 1204 /* Wait for endpoint to be enabled */
1205 ep = epfile->ep;
1206 if (!ep) {
1207 if (file->f_flags & O_NONBLOCK)
1208 return -EAGAIN;
1209
e16828cf
JZ		 1210 ret = wait_event_interruptible(
1211 epfile->ffs->wait, (ep = epfile->ep));
222155de
JZ		 1212 if (ret)
1213 return -EINTR;
1214 }
1215
ddf8abd2 1216 spin_lock_irq(&epfile->ffs->eps_lock);
222155de
JZ		 1217
1218 /* In the meantime, endpoint got disabled or changed. */
1219 if (epfile->ep != ep) {
1220 spin_unlock_irq(&epfile->ffs->eps_lock);
1221 return -ESHUTDOWN;
1222 }
1223
1224 switch (code) {
1225 case FUNCTIONFS_FIFO_STATUS:
1226 ret = usb_ep_fifo_status(epfile->ep->ep);
1227 break;
1228 case FUNCTIONFS_FIFO_FLUSH:
1229 usb_ep_fifo_flush(epfile->ep->ep);
1230 ret = 0;
1231 break;
1232 case FUNCTIONFS_CLEAR_HALT:
1233 ret = usb_ep_clear_halt(epfile->ep->ep);
1234 break;
1235 case FUNCTIONFS_ENDPOINT_REVMAP:
1236 ret = epfile->ep->num;
1237 break;
1238 case FUNCTIONFS_ENDPOINT_DESC:
1239 {
1240 int desc_idx;
1241 struct usb_endpoint_descriptor *desc;
1242
1243 switch (epfile->ffs->gadget->speed) {
1244 case USB_SPEED_SUPER:
1245 desc_idx = 2;
ddf8abd2 1246 break;
222155de
JZ		 1247 case USB_SPEED_HIGH:
1248 desc_idx = 1;
ddf8abd2
MN		 1249 break;
1250 default:
222155de 1251 desc_idx = 0;
ddf8abd2 1252 }
222155de
JZ		 1253 desc = epfile->ep->descs[desc_idx];
1254
1255 spin_unlock_irq(&epfile->ffs->eps_lock);
c40619bb 1256 ret = copy_to_user((void __user *)value, desc, desc->bLength);
222155de
JZ		 1257 if (ret)
1258 ret = -EFAULT;
1259 return ret;
1260 }
1261 default:
1262 ret = -ENOTTY;
ddf8abd2
MN		 1263 }
1264 spin_unlock_irq(&epfile->ffs->eps_lock);
1265
1266 return ret;
1267}
1268
6819e323
JZ		 1269#ifdef CONFIG_COMPAT
1270static long ffs_epfile_compat_ioctl(struct file *file, unsigned code,
1271 unsigned long value)
1272{
1273 return ffs_epfile_ioctl(file, code, value);
1274}
1275#endif
1276
ddf8abd2 1277static const struct file_operations ffs_epfile_operations = {
ddf8abd2
MN		 1278 .llseek = no_llseek,
1279
1280 .open = ffs_epfile_open,
70e60d91
AV		 1281 .write_iter = ffs_epfile_write_iter,
1282 .read_iter = ffs_epfile_read_iter,
ddf8abd2
MN		 1283 .release = ffs_epfile_release,
1284 .unlocked_ioctl = ffs_epfile_ioctl,
6819e323
JZ		 1285#ifdef CONFIG_COMPAT
1286 .compat_ioctl = ffs_epfile_compat_ioctl,
1287#endif
ddf8abd2
MN		 1288};
1289
1290
ddf8abd2
MN		 1291/* File system and super block operations ***********************************/
1292
1293/*
5ab54cf7 1294 * Mounting the file system creates a controller file, used first for
ddf8abd2
MN		 1295 * function configuration then later for event monitoring.
1296 */
1297
ddf8abd2
MN		 1298static struct inode *__must_check
1299ffs_sb_make_inode(struct super_block *sb, void *data,
1300 const struct file_operations *fops,
1301 const struct inode_operations *iops,
1302 struct ffs_file_perms *perms)
1303{
1304 struct inode *inode;
1305
1306 ENTER();
1307
1308 inode = new_inode(sb);
1309
1310 if (likely(inode)) {
95582b00 1311 struct timespec64 ts = current_time(inode);
ddf8abd2 1312
12ba8d1e 1313 inode->i_ino = get_next_ino();
ddf8abd2
MN		 1314 inode->i_mode = perms->mode;
1315 inode->i_uid = perms->uid;
1316 inode->i_gid = perms->gid;
078cd827
DD		 1317 inode->i_atime = ts;
1318 inode->i_mtime = ts;
1319 inode->i_ctime = ts;
ddf8abd2
MN		 1320 inode->i_private = data;
1321 if (fops)
1322 inode->i_fop = fops;
1323 if (iops)
1324 inode->i_op = iops;
1325 }
1326
1327 return inode;
1328}
1329
ddf8abd2 1330/* Create "regular" file */
1bb27cac 1331static struct dentry *ffs_sb_create_file(struct super_block *sb,
ddf8abd2 1332 const char *name, void *data,
1bb27cac 1333 const struct file_operations *fops)
ddf8abd2
MN		 1334{
1335 struct ffs_data *ffs = sb->s_fs_info;
1336 struct dentry *dentry;
1337 struct inode *inode;
1338
1339 ENTER();
1340
1341 dentry = d_alloc_name(sb->s_root, name);
1342 if (unlikely(!dentry))
1343 return NULL;
1344
1345 inode = ffs_sb_make_inode(sb, data, fops, NULL, &ffs->file_perms);
1346 if (unlikely(!inode)) {
1347 dput(dentry);
1348 return NULL;
1349 }
1350
1351 d_add(dentry, inode);
1bb27cac 1352 return dentry;
ddf8abd2
MN		 1353}
1354
ddf8abd2 1355/* Super block */
ddf8abd2
MN		 1356static const struct super_operations ffs_sb_operations = {
1357 .statfs = simple_statfs,
1358 .drop_inode = generic_delete_inode,
1359};
1360
1361struct ffs_sb_fill_data {
1362 struct ffs_file_perms perms;
1363 umode_t root_mode;
1364 const char *dev_name;
18d6b32f 1365 bool no_disconnect;
2606b28a 1366 struct ffs_data *ffs_data;
ddf8abd2
MN		 1367};
1368
1369static int ffs_sb_fill(struct super_block *sb, void *_data, int silent)
1370{
1371 struct ffs_sb_fill_data *data = _data;
1372 struct inode *inode;
2606b28a 1373 struct ffs_data *ffs = data->ffs_data;
ddf8abd2
MN		 1374
1375 ENTER();
1376
ddf8abd2 1377 ffs->sb = sb;
2606b28a 1378 data->ffs_data = NULL;
ddf8abd2 1379 sb->s_fs_info = ffs;
09cbfeaf
KS		 1380 sb->s_blocksize = PAGE_SIZE;
1381 sb->s_blocksize_bits = PAGE_SHIFT;
ddf8abd2
MN		 1382 sb->s_magic = FUNCTIONFS_MAGIC;
1383 sb->s_op = &ffs_sb_operations;
1384 sb->s_time_gran = 1;
1385
1386 /* Root inode */
1387 data->perms.mode = data->root_mode;
1388 inode = ffs_sb_make_inode(sb, NULL,
1389 &simple_dir_operations,
1390 &simple_dir_inode_operations,
1391 &data->perms);
48fde701
AV		 1392 sb->s_root = d_make_root(inode);
1393 if (unlikely(!sb->s_root))
2606b28a 1394 return -ENOMEM;
ddf8abd2
MN		 1395
1396 /* EP0 file */
1397 if (unlikely(!ffs_sb_create_file(sb, "ep0", ffs,
1bb27cac 1398 &ffs_ep0_operations)))
2606b28a 1399 return -ENOMEM;
ddf8abd2
MN		 1400
1401 return 0;
ddf8abd2
MN		 1402}
1403
ddf8abd2
MN		 1404static int ffs_fs_parse_opts(struct ffs_sb_fill_data *data, char *opts)
1405{
1406 ENTER();
1407
1408 if (!opts || !*opts)
1409 return 0;
1410
1411 for (;;) {
ddf8abd2 1412 unsigned long value;
afd2e186 1413 char *eq, *comma;
ddf8abd2
MN		 1414
1415 /* Option limit */
1416 comma = strchr(opts, ',');
1417 if (comma)
1418 *comma = 0;
1419
1420 /* Value limit */
1421 eq = strchr(opts, '=');
1422 if (unlikely(!eq)) {
aa02f172 1423 pr_err("'=' missing in %s\n", opts);
ddf8abd2
MN		 1424 return -EINVAL;
1425 }
1426 *eq = 0;
1427
1428 /* Parse value */
afd2e186 1429 if (kstrtoul(eq + 1, 0, &value)) {
aa02f172 1430 pr_err("%s: invalid value: %s\n", opts, eq + 1);
ddf8abd2
MN		 1431 return -EINVAL;
1432 }
1433
1434 /* Interpret option */
1435 switch (eq - opts) {
18d6b32f
RB		 1436 case 13:
1437 if (!memcmp(opts, "no_disconnect", 13))
1438 data->no_disconnect = !!value;
1439 else
1440 goto invalid;
1441 break;
ddf8abd2
MN		 1442 case 5:
1443 if (!memcmp(opts, "rmode", 5))
1444 data->root_mode = (value & 0555) | S_IFDIR;
1445 else if (!memcmp(opts, "fmode", 5))
1446 data->perms.mode = (value & 0666) | S_IFREG;
1447 else
1448 goto invalid;
1449 break;
1450
1451 case 4:
1452 if (!memcmp(opts, "mode", 4)) {
1453 data->root_mode = (value & 0555) | S_IFDIR;
1454 data->perms.mode = (value & 0666) | S_IFREG;
1455 } else {
1456 goto invalid;
1457 }
1458 break;
1459
1460 case 3:
b9b73f7c
EB		 1461 if (!memcmp(opts, "uid", 3)) {
1462 data->perms.uid = make_kuid(current_user_ns(), value);
1463 if (!uid_valid(data->perms.uid)) {
1464 pr_err("%s: unmapped value: %lu\n", opts, value);
1465 return -EINVAL;
1466 }
b8100750 1467 } else if (!memcmp(opts, "gid", 3)) {
b9b73f7c
EB		 1468 data->perms.gid = make_kgid(current_user_ns(), value);
1469 if (!gid_valid(data->perms.gid)) {
1470 pr_err("%s: unmapped value: %lu\n", opts, value);
1471 return -EINVAL;
1472 }
b8100750 1473 } else {
ddf8abd2 1474 goto invalid;
b8100750 1475 }
ddf8abd2
MN		 1476 break;
1477
1478 default:
1479invalid:
aa02f172 1480 pr_err("%s: invalid option\n", opts);
ddf8abd2
MN		 1481 return -EINVAL;
1482 }
1483
1484 /* Next iteration */
1485 if (!comma)
1486 break;
1487 opts = comma + 1;
1488 }
1489
1490 return 0;
1491}
1492
ddf8abd2
MN		 1493/* "mount -t functionfs dev_name /dev/function" ends up here */
1494
fc14f2fe
AV		 1495static struct dentry *
1496ffs_fs_mount(struct file_system_type *t, int flags,
1497 const char *dev_name, void *opts)
ddf8abd2
MN		 1498{
1499 struct ffs_sb_fill_data data = {
1500 .perms = {
1501 .mode = S_IFREG | 0600,
b9b73f7c
EB		 1502 .uid = GLOBAL_ROOT_UID,
1503 .gid = GLOBAL_ROOT_GID,
ddf8abd2
MN		 1504 },
1505 .root_mode = S_IFDIR | 0500,
18d6b32f 1506 .no_disconnect = false,
ddf8abd2 1507 };
581791f5 1508 struct dentry *rv;
ddf8abd2 1509 int ret;
581791f5 1510 void *ffs_dev;
2606b28a 1511 struct ffs_data *ffs;
ddf8abd2
MN		 1512
1513 ENTER();
1514
ddf8abd2
MN		 1515 ret = ffs_fs_parse_opts(&data, opts);
1516 if (unlikely(ret < 0))
fc14f2fe 1517 return ERR_PTR(ret);
ddf8abd2 1518
addfc582 1519 ffs = ffs_data_new(dev_name);
2606b28a
AV		 1520 if (unlikely(!ffs))
1521 return ERR_PTR(-ENOMEM);
1522 ffs->file_perms = data.perms;
18d6b32f 1523 ffs->no_disconnect = data.no_disconnect;
2606b28a
AV		 1524
1525 ffs->dev_name = kstrdup(dev_name, GFP_KERNEL);
1526 if (unlikely(!ffs->dev_name)) {
1527 ffs_data_put(ffs);
1528 return ERR_PTR(-ENOMEM);
1529 }
1530
4b187fce 1531 ffs_dev = ffs_acquire_dev(dev_name);
2606b28a
AV		 1532 if (IS_ERR(ffs_dev)) {
1533 ffs_data_put(ffs);
1534 return ERR_CAST(ffs_dev);
1535 }
1536 ffs->private_data = ffs_dev;
1537 data.ffs_data = ffs;
581791f5 1538
581791f5 1539 rv = mount_nodev(t, flags, &data, ffs_sb_fill);
2606b28a 1540 if (IS_ERR(rv) && data.ffs_data) {
4b187fce 1541 ffs_release_dev(data.ffs_data);
2606b28a
AV		 1542 ffs_data_put(data.ffs_data);
1543 }
581791f5 1544 return rv;
ddf8abd2
MN		 1545}
1546
1547static void
1548ffs_fs_kill_sb(struct super_block *sb)
1549{
ddf8abd2
MN		 1550 ENTER();
1551
1552 kill_litter_super(sb);
581791f5 1553 if (sb->s_fs_info) {
4b187fce 1554 ffs_release_dev(sb->s_fs_info);
18d6b32f 1555 ffs_data_closed(sb->s_fs_info);
581791f5 1556 }
ddf8abd2
MN		 1557}
1558
1559static struct file_system_type ffs_fs_type = {
1560 .owner = THIS_MODULE,
1561 .name = "functionfs",
fc14f2fe 1562 .mount = ffs_fs_mount,
ddf8abd2
MN		 1563 .kill_sb = ffs_fs_kill_sb,
1564};
7f78e035 1565MODULE_ALIAS_FS("functionfs");
ddf8abd2
MN		 1566
1567
ddf8abd2
MN		 1568/* Driver's main init/cleanup functions *************************************/
1569
ddf8abd2
MN		 1570static int functionfs_init(void)
1571{
1572 int ret;
1573
1574 ENTER();
1575
1576 ret = register_filesystem(&ffs_fs_type);
1577 if (likely(!ret))
aa02f172 1578 pr_info("file system registered\n");
ddf8abd2 1579 else
aa02f172 1580 pr_err("failed registering file system (%d)\n", ret);
ddf8abd2
MN		 1581
1582 return ret;
1583}
1584
1585static void functionfs_cleanup(void)
1586{
1587 ENTER();
1588
aa02f172 1589 pr_info("unloading\n");
ddf8abd2
MN		 1590 unregister_filesystem(&ffs_fs_type);
1591}
1592
1593
ddf8abd2
MN		 1594/* ffs_data and ffs_function construction and destruction code **************/
1595
1596static void ffs_data_clear(struct ffs_data *ffs);
1597static void ffs_data_reset(struct ffs_data *ffs);
1598
ddf8abd2
MN		 1599static void ffs_data_get(struct ffs_data *ffs)
1600{
1601 ENTER();
1602
43938613 1603 refcount_inc(&ffs->ref);
ddf8abd2
MN		 1604}
1605
1606static void ffs_data_opened(struct ffs_data *ffs)
1607{
1608 ENTER();
1609
43938613 1610 refcount_inc(&ffs->ref);
18d6b32f
RB		 1611 if (atomic_add_return(1, &ffs->opened) == 1 &&
1612 ffs->state == FFS_DEACTIVATED) {
1613 ffs->state = FFS_CLOSING;
1614 ffs_data_reset(ffs);
1615 }
ddf8abd2
MN		 1616}
1617
1618static void ffs_data_put(struct ffs_data *ffs)
1619{
1620 ENTER();
1621
43938613 1622 if (unlikely(refcount_dec_and_test(&ffs->ref))) {
aa02f172 1623 pr_info("%s(): freeing\n", __func__);
ddf8abd2 1624 ffs_data_clear(ffs);
647d5580 1625 BUG_ON(waitqueue_active(&ffs->ev.waitq) ||
e16828cf
JZ		 1626 waitqueue_active(&ffs->ep0req_completion.wait) ||
1627 waitqueue_active(&ffs->wait));
addfc582 1628 destroy_workqueue(ffs->io_completion_wq);
581791f5 1629 kfree(ffs->dev_name);
ddf8abd2
MN		 1630 kfree(ffs);
1631 }
1632}
1633
ddf8abd2
MN		 1634static void ffs_data_closed(struct ffs_data *ffs)
1635{
1636 ENTER();
1637
1638 if (atomic_dec_and_test(&ffs->opened)) {
18d6b32f
RB		 1639 if (ffs->no_disconnect) {
1640 ffs->state = FFS_DEACTIVATED;
1641 if (ffs->epfiles) {
1642 ffs_epfiles_destroy(ffs->epfiles,
1643 ffs->eps_count);
1644 ffs->epfiles = NULL;
1645 }
1646 if (ffs->setup_state == FFS_SETUP_PENDING)
1647 __ffs_ep0_stall(ffs);
1648 } else {
1649 ffs->state = FFS_CLOSING;
1650 ffs_data_reset(ffs);
1651 }
1652 }
1653 if (atomic_read(&ffs->opened) < 0) {
ddf8abd2
MN		 1654 ffs->state = FFS_CLOSING;
1655 ffs_data_reset(ffs);
1656 }
1657
1658 ffs_data_put(ffs);
1659}
1660
addfc582 1661static struct ffs_data *ffs_data_new(const char *dev_name)
ddf8abd2
MN		 1662{
1663 struct ffs_data *ffs = kzalloc(sizeof *ffs, GFP_KERNEL);
1664 if (unlikely(!ffs))
f8800d47 1665 return NULL;
ddf8abd2
MN		 1666
1667 ENTER();
1668
addfc582
JK		 1669 ffs->io_completion_wq = alloc_ordered_workqueue("%s", 0, dev_name);
1670 if (!ffs->io_completion_wq) {
1671 kfree(ffs);
1672 return NULL;
1673 }
1674
43938613 1675 refcount_set(&ffs->ref, 1);
ddf8abd2
MN		 1676 atomic_set(&ffs->opened, 0);
1677 ffs->state = FFS_READ_DESCRIPTORS;
1678 mutex_init(&ffs->mutex);
1679 spin_lock_init(&ffs->eps_lock);
1680 init_waitqueue_head(&ffs->ev.waitq);
e16828cf 1681 init_waitqueue_head(&ffs->wait);
ddf8abd2
MN		 1682 init_completion(&ffs->ep0req_completion);
1683
1684 /* XXX REVISIT need to update it in some places, or do we? */
1685 ffs->ev.can_stall = 1;
1686
1687 return ffs;
1688}
1689
ddf8abd2
MN		 1690static void ffs_data_clear(struct ffs_data *ffs)
1691{
1692 ENTER();
1693
49a79d8b 1694 ffs_closed(ffs);
ddf8abd2
MN		 1695
1696 BUG_ON(ffs->gadget);
1697
1698 if (ffs->epfiles)
1699 ffs_epfiles_destroy(ffs->epfiles, ffs->eps_count);
1700
5e33f6fd
RB		 1701 if (ffs->ffs_eventfd)
1702 eventfd_ctx_put(ffs->ffs_eventfd);
1703
ac8dde11 1704 kfree(ffs->raw_descs_data);
ddf8abd2
MN		 1705 kfree(ffs->raw_strings);
1706 kfree(ffs->stringtabs);
1707}
1708
ddf8abd2
MN		 1709static void ffs_data_reset(struct ffs_data *ffs)
1710{
1711 ENTER();
1712
1713 ffs_data_clear(ffs);
1714
1715 ffs->epfiles = NULL;
ac8dde11 1716 ffs->raw_descs_data = NULL;
ddf8abd2
MN		 1717 ffs->raw_descs = NULL;
1718 ffs->raw_strings = NULL;
1719 ffs->stringtabs = NULL;
1720
1721 ffs->raw_descs_length = 0;
ddf8abd2
MN		 1722 ffs->fs_descs_count = 0;
1723 ffs->hs_descs_count = 0;
8d4e897b 1724 ffs->ss_descs_count = 0;
ddf8abd2
MN		 1725
1726 ffs->strings_count = 0;
1727 ffs->interfaces_count = 0;
1728 ffs->eps_count = 0;
1729
1730 ffs->ev.count = 0;
1731
1732 ffs->state = FFS_READ_DESCRIPTORS;
1733 ffs->setup_state = FFS_NO_SETUP;
1734 ffs->flags = 0;
1735}
1736
1737
1738static int functionfs_bind(struct ffs_data *ffs, struct usb_composite_dev *cdev)
1739{
fd7c9a00
MN		 1740 struct usb_gadget_strings **lang;
1741 int first_id;
ddf8abd2
MN		 1742
1743 ENTER();
1744
1745 if (WARN_ON(ffs->state != FFS_ACTIVE
1746 || test_and_set_bit(FFS_FL_BOUND, &ffs->flags)))
1747 return -EBADFD;
1748
fd7c9a00
MN		 1749 first_id = usb_string_ids_n(cdev, ffs->strings_count);
1750 if (unlikely(first_id < 0))
1751 return first_id;
ddf8abd2
MN		 1752
1753 ffs->ep0req = usb_ep_alloc_request(cdev->gadget->ep0, GFP_KERNEL);
1754 if (unlikely(!ffs->ep0req))
1755 return -ENOMEM;
1756 ffs->ep0req->complete = ffs_ep0_complete;
1757 ffs->ep0req->context = ffs;
1758
fd7c9a00 1759 lang = ffs->stringtabs;
f0688c8b
MN		 1760 if (lang) {
1761 for (; *lang; ++lang) {
1762 struct usb_string *str = (*lang)->strings;
1763 int id = first_id;
1764 for (; str->s; ++id, ++str)
1765 str->id = id;
1766 }
ddf8abd2
MN		 1767 }
1768
1769 ffs->gadget = cdev->gadget;
fd7c9a00 1770 ffs_data_get(ffs);
ddf8abd2
MN		 1771 return 0;
1772}
1773
ddf8abd2
MN		 1774static void functionfs_unbind(struct ffs_data *ffs)
1775{
1776 ENTER();
1777
1778 if (!WARN_ON(!ffs->gadget)) {
1779 usb_ep_free_request(ffs->gadget->ep0, ffs->ep0req);
1780 ffs->ep0req = NULL;
1781 ffs->gadget = NULL;
e2190a97 1782 clear_bit(FFS_FL_BOUND, &ffs->flags);
df498995 1783 ffs_data_put(ffs);
ddf8abd2
MN		 1784 }
1785}
1786
ddf8abd2
MN		 1787static int ffs_epfiles_create(struct ffs_data *ffs)
1788{
1789 struct ffs_epfile *epfile, *epfiles;
1790 unsigned i, count;
1791
1792 ENTER();
1793
1794 count = ffs->eps_count;
9823a525 1795 epfiles = kcalloc(count, sizeof(*epfiles), GFP_KERNEL);
ddf8abd2
MN		 1796 if (!epfiles)
1797 return -ENOMEM;
1798
1799 epfile = epfiles;
1800 for (i = 1; i <= count; ++i, ++epfile) {
1801 epfile->ffs = ffs;
1802 mutex_init(&epfile->mutex);
1b0bf88f 1803 if (ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
acba23fe 1804 sprintf(epfile->name, "ep%02x", ffs->eps_addrmap[i]);
1b0bf88f 1805 else
acba23fe
MS		 1806 sprintf(epfile->name, "ep%u", i);
1807 epfile->dentry = ffs_sb_create_file(ffs->sb, epfile->name,
1bb27cac
AV		 1808 epfile,
1809 &ffs_epfile_operations);
1810 if (unlikely(!epfile->dentry)) {
ddf8abd2
MN		 1811 ffs_epfiles_destroy(epfiles, i - 1);
1812 return -ENOMEM;
1813 }
1814 }
1815
1816 ffs->epfiles = epfiles;
1817 return 0;
1818}
1819
ddf8abd2
MN		 1820static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count)
1821{
1822 struct ffs_epfile *epfile = epfiles;
1823
1824 ENTER();
1825
1826 for (; count; --count, ++epfile) {
e16828cf 1827 BUG_ON(mutex_is_locked(&epfile->mutex));
ddf8abd2
MN		 1828 if (epfile->dentry) {
1829 d_delete(epfile->dentry);
1830 dput(epfile->dentry);
1831 epfile->dentry = NULL;
1832 }
1833 }
1834
1835 kfree(epfiles);
1836}
1837
ddf8abd2
MN		 1838static void ffs_func_eps_disable(struct ffs_function *func)
1839{
1840 struct ffs_ep *ep = func->eps;
1841 struct ffs_epfile *epfile = func->ffs->epfiles;
1842 unsigned count = func->ffs->eps_count;
1843 unsigned long flags;
1844
a9e6f83c 1845 spin_lock_irqsave(&func->ffs->eps_lock, flags);
08f37148 1846 while (count--) {
ddf8abd2
MN		 1847 /* pending requests get nuked */
1848 if (likely(ep->ep))
1849 usb_ep_disable(ep->ep);
ddf8abd2 1850 ++ep;
18d6b32f
RB		 1851
1852 if (epfile) {
a9e6f83c
MN		 1853 epfile->ep = NULL;
1854 __ffs_epfile_read_buffer_free(epfile);
18d6b32f
RB		 1855 ++epfile;
1856 }
08f37148 1857 }
a9e6f83c 1858 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
ddf8abd2
MN		 1859}
1860
1861static int ffs_func_eps_enable(struct ffs_function *func)
1862{
1863 struct ffs_data *ffs = func->ffs;
1864 struct ffs_ep *ep = func->eps;
1865 struct ffs_epfile *epfile = ffs->epfiles;
1866 unsigned count = ffs->eps_count;
1867 unsigned long flags;
1868 int ret = 0;
1869
1870 spin_lock_irqsave(&func->ffs->eps_lock, flags);
08f37148 1871 while(count--) {
ddf8abd2 1872 ep->ep->driver_data = ep;
2bfa0719 1873
675272d0
JP		 1874 ret = config_ep_by_speed(func->gadget, &func->function, ep->ep);
1875 if (ret) {
1876 pr_err("%s: config_ep_by_speed(%s) returned %d\n",
1877 __func__, ep->ep->name, ret);
1878 break;
b7f73850 1879 }
2bfa0719 1880
72c973dd 1881 ret = usb_ep_enable(ep->ep);
ddf8abd2
MN		 1882 if (likely(!ret)) {
1883 epfile->ep = ep;
675272d0
JP		 1884 epfile->in = usb_endpoint_dir_in(ep->ep->desc);
1885 epfile->isoc = usb_endpoint_xfer_isoc(ep->ep->desc);
ddf8abd2
MN		 1886 } else {
1887 break;
1888 }
1889
ddf8abd2
MN		 1890 ++ep;
1891 ++epfile;
08f37148 1892 }
e16828cf
JZ		 1893
1894 wake_up_interruptible(&ffs->wait);
ddf8abd2
MN		 1895 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1896
1897 return ret;
1898}
1899
1900
1901/* Parsing and building descriptors and strings *****************************/
1902
5ab54cf7
MN		 1903/*
1904 * This validates if data pointed by data is a valid USB descriptor as
ddf8abd2 1905 * well as record how many interfaces, endpoints and strings are
5ab54cf7
MN		 1906 * required by given configuration. Returns address after the
1907 * descriptor or NULL if data is invalid.
1908 */
ddf8abd2
MN		 1909
1910enum ffs_entity_type {
1911 FFS_DESCRIPTOR, FFS_INTERFACE, FFS_STRING, FFS_ENDPOINT
1912};
1913
f0175ab5
AP		 1914enum ffs_os_desc_type {
1915 FFS_OS_DESC, FFS_OS_DESC_EXT_COMPAT, FFS_OS_DESC_EXT_PROP
1916};
1917
ddf8abd2
MN		 1918typedef int (*ffs_entity_callback)(enum ffs_entity_type entity,
1919 u8 *valuep,
1920 struct usb_descriptor_header *desc,
1921 void *priv);
1922
f0175ab5
AP		 1923typedef int (*ffs_os_desc_callback)(enum ffs_os_desc_type entity,
1924 struct usb_os_desc_header *h, void *data,
1925 unsigned len, void *priv);
1926
f96cbd14
AP		 1927static int __must_check ffs_do_single_desc(char *data, unsigned len,
1928 ffs_entity_callback entity,
1929 void *priv)
ddf8abd2
MN		 1930{
1931 struct usb_descriptor_header *_ds = (void *)data;
1932 u8 length;
1933 int ret;
1934
1935 ENTER();
1936
1937 /* At least two bytes are required: length and type */
1938 if (len < 2) {
aa02f172 1939 pr_vdebug("descriptor too short\n");
ddf8abd2
MN		 1940 return -EINVAL;
1941 }
1942
1943 /* If we have at least as many bytes as the descriptor takes? */
1944 length = _ds->bLength;
1945 if (len < length) {
aa02f172 1946 pr_vdebug("descriptor longer then available data\n");
ddf8abd2
MN		 1947 return -EINVAL;
1948 }
1949
1950#define __entity_check_INTERFACE(val) 1
1951#define __entity_check_STRING(val) (val)
1952#define __entity_check_ENDPOINT(val) ((val) & USB_ENDPOINT_NUMBER_MASK)
1953#define __entity(type, val) do { \
aa02f172 1954 pr_vdebug("entity " #type "(%02x)\n", (val)); \
ddf8abd2 1955 if (unlikely(!__entity_check_ ##type(val))) { \
aa02f172 1956 pr_vdebug("invalid entity's value\n"); \
ddf8abd2
MN		 1957 return -EINVAL; \
1958 } \
1959 ret = entity(FFS_ ##type, &val, _ds, priv); \
1960 if (unlikely(ret < 0)) { \
aa02f172 1961 pr_debug("entity " #type "(%02x); ret = %d\n", \
d8df0b61 1962 (val), ret); \
ddf8abd2
MN		 1963 return ret; \
1964 } \
1965 } while (0)
1966
1967 /* Parse descriptor depending on type. */
1968 switch (_ds->bDescriptorType) {
1969 case USB_DT_DEVICE:
1970 case USB_DT_CONFIG:
1971 case USB_DT_STRING:
1972 case USB_DT_DEVICE_QUALIFIER:
1973 /* function can't have any of those */
aa02f172 1974 pr_vdebug("descriptor reserved for gadget: %d\n",
5ab54cf7 1975 _ds->bDescriptorType);
ddf8abd2
MN		 1976 return -EINVAL;
1977
1978 case USB_DT_INTERFACE: {
1979 struct usb_interface_descriptor *ds = (void *)_ds;
aa02f172 1980 pr_vdebug("interface descriptor\n");
ddf8abd2
MN		 1981 if (length != sizeof *ds)
1982 goto inv_length;
1983
1984 __entity(INTERFACE, ds->bInterfaceNumber);
1985 if (ds->iInterface)
1986 __entity(STRING, ds->iInterface);
1987 }
1988 break;
1989
1990 case USB_DT_ENDPOINT: {
1991 struct usb_endpoint_descriptor *ds = (void *)_ds;
aa02f172 1992 pr_vdebug("endpoint descriptor\n");
ddf8abd2
MN		 1993 if (length != USB_DT_ENDPOINT_SIZE &&
1994 length != USB_DT_ENDPOINT_AUDIO_SIZE)
1995 goto inv_length;
1996 __entity(ENDPOINT, ds->bEndpointAddress);
1997 }
1998 break;
1999
560f1187
KB		 2000 case HID_DT_HID:
2001 pr_vdebug("hid descriptor\n");
2002 if (length != sizeof(struct hid_descriptor))
2003 goto inv_length;
2004 break;
2005
ddf8abd2
MN		 2006 case USB_DT_OTG:
2007 if (length != sizeof(struct usb_otg_descriptor))
2008 goto inv_length;
2009 break;
2010
2011 case USB_DT_INTERFACE_ASSOCIATION: {
2012 struct usb_interface_assoc_descriptor *ds = (void *)_ds;
aa02f172 2013 pr_vdebug("interface association descriptor\n");
ddf8abd2
MN		 2014 if (length != sizeof *ds)
2015 goto inv_length;
2016 if (ds->iFunction)
2017 __entity(STRING, ds->iFunction);
2018 }
2019 break;
2020
8d4e897b
MG		 2021 case USB_DT_SS_ENDPOINT_COMP:
2022 pr_vdebug("EP SS companion descriptor\n");
2023 if (length != sizeof(struct usb_ss_ep_comp_descriptor))
2024 goto inv_length;
2025 break;
2026
ddf8abd2
MN		 2027 case USB_DT_OTHER_SPEED_CONFIG:
2028 case USB_DT_INTERFACE_POWER:
2029 case USB_DT_DEBUG:
2030 case USB_DT_SECURITY:
2031 case USB_DT_CS_RADIO_CONTROL:
2032 /* TODO */
aa02f172 2033 pr_vdebug("unimplemented descriptor: %d\n", _ds->bDescriptorType);
ddf8abd2
MN		 2034 return -EINVAL;
2035
2036 default:
2037 /* We should never be here */
aa02f172 2038 pr_vdebug("unknown descriptor: %d\n", _ds->bDescriptorType);
ddf8abd2
MN		 2039 return -EINVAL;
2040
5ab54cf7 2041inv_length:
aa02f172 2042 pr_vdebug("invalid length: %d (descriptor %d)\n",
d8df0b61 2043 _ds->bLength, _ds->bDescriptorType);
ddf8abd2
MN		 2044 return -EINVAL;
2045 }
2046
2047#undef __entity
2048#undef __entity_check_DESCRIPTOR
2049#undef __entity_check_INTERFACE
2050#undef __entity_check_STRING
2051#undef __entity_check_ENDPOINT
2052
2053 return length;
2054}
2055
ddf8abd2
MN		 2056static int __must_check ffs_do_descs(unsigned count, char *data, unsigned len,
2057 ffs_entity_callback entity, void *priv)
2058{
2059 const unsigned _len = len;
2060 unsigned long num = 0;
2061
2062 ENTER();
2063
2064 for (;;) {
2065 int ret;
2066
2067 if (num == count)
2068 data = NULL;
2069
5ab54cf7 2070 /* Record "descriptor" entity */
ddf8abd2
MN		 2071 ret = entity(FFS_DESCRIPTOR, (u8 *)num, (void *)data, priv);
2072 if (unlikely(ret < 0)) {
aa02f172 2073 pr_debug("entity DESCRIPTOR(%02lx); ret = %d\n",
d8df0b61 2074 num, ret);
ddf8abd2
MN		 2075 return ret;
2076 }
2077
2078 if (!data)
2079 return _len - len;
2080
f96cbd14 2081 ret = ffs_do_single_desc(data, len, entity, priv);
ddf8abd2 2082 if (unlikely(ret < 0)) {
aa02f172 2083 pr_debug("%s returns %d\n", __func__, ret);
ddf8abd2
MN		 2084 return ret;
2085 }
2086
2087 len -= ret;
2088 data += ret;
2089 ++num;
2090 }
2091}
2092
ddf8abd2
MN		 2093static int __ffs_data_do_entity(enum ffs_entity_type type,
2094 u8 *valuep, struct usb_descriptor_header *desc,
2095 void *priv)
2096{
6d5c1c77
RB		 2097 struct ffs_desc_helper *helper = priv;
2098 struct usb_endpoint_descriptor *d;
ddf8abd2
MN		 2099
2100 ENTER();
2101
2102 switch (type) {
2103 case FFS_DESCRIPTOR:
2104 break;
2105
2106 case FFS_INTERFACE:
5ab54cf7
MN		 2107 /*
2108 * Interfaces are indexed from zero so if we
ddf8abd2 2109 * encountered interface "n" then there are at least
5ab54cf7
MN		 2110 * "n+1" interfaces.
2111 */
6d5c1c77
RB		 2112 if (*valuep >= helper->interfaces_count)
2113 helper->interfaces_count = *valuep + 1;
ddf8abd2
MN		 2114 break;
2115
2116 case FFS_STRING:
5ab54cf7 2117 /*
96a420d2
VP		 2118 * Strings are indexed from 1 (0 is reserved
2119 * for languages list)
5ab54cf7 2120 */
6d5c1c77
RB		 2121 if (*valuep > helper->ffs->strings_count)
2122 helper->ffs->strings_count = *valuep;
ddf8abd2
MN		 2123 break;
2124
2125 case FFS_ENDPOINT:
6d5c1c77
RB		 2126 d = (void *)desc;
2127 helper->eps_count++;
41dc9ac1 2128 if (helper->eps_count >= FFS_MAX_EPS_COUNT)
6d5c1c77
RB		 2129 return -EINVAL;
2130 /* Check if descriptors for any speed were already parsed */
2131 if (!helper->ffs->eps_count && !helper->ffs->interfaces_count)
2132 helper->ffs->eps_addrmap[helper->eps_count] =
2133 d->bEndpointAddress;
2134 else if (helper->ffs->eps_addrmap[helper->eps_count] !=
2135 d->bEndpointAddress)
2136 return -EINVAL;
ddf8abd2
MN		 2137 break;
2138 }
2139
2140 return 0;
2141}
2142
f0175ab5
AP		 2143static int __ffs_do_os_desc_header(enum ffs_os_desc_type *next_type,
2144 struct usb_os_desc_header *desc)
2145{
2146 u16 bcd_version = le16_to_cpu(desc->bcdVersion);
2147 u16 w_index = le16_to_cpu(desc->wIndex);
2148
2149 if (bcd_version != 1) {
2150 pr_vdebug("unsupported os descriptors version: %d",
2151 bcd_version);
2152 return -EINVAL;
2153 }
2154 switch (w_index) {
2155 case 0x4:
2156 *next_type = FFS_OS_DESC_EXT_COMPAT;
2157 break;
2158 case 0x5:
2159 *next_type = FFS_OS_DESC_EXT_PROP;
2160 break;
2161 default:
2162 pr_vdebug("unsupported os descriptor type: %d", w_index);
2163 return -EINVAL;
2164 }
2165
2166 return sizeof(*desc);
2167}
2168
2169/*
2170 * Process all extended compatibility/extended property descriptors
2171 * of a feature descriptor
2172 */
2173static int __must_check ffs_do_single_os_desc(char *data, unsigned len,
2174 enum ffs_os_desc_type type,
2175 u16 feature_count,
2176 ffs_os_desc_callback entity,
2177 void *priv,
2178 struct usb_os_desc_header *h)
2179{
2180 int ret;
2181 const unsigned _len = len;
2182
2183 ENTER();
2184
2185 /* loop over all ext compat/ext prop descriptors */
2186 while (feature_count--) {
2187 ret = entity(type, h, data, len, priv);
2188 if (unlikely(ret < 0)) {
2189 pr_debug("bad OS descriptor, type: %d\n", type);
2190 return ret;
2191 }
2192 data += ret;
2193 len -= ret;
2194 }
2195 return _len - len;
2196}
2197
2198/* Process a number of complete Feature Descriptors (Ext Compat or Ext Prop) */
2199static int __must_check ffs_do_os_descs(unsigned count,
2200 char *data, unsigned len,
2201 ffs_os_desc_callback entity, void *priv)
2202{
2203 const unsigned _len = len;
2204 unsigned long num = 0;
2205
2206 ENTER();
2207
2208 for (num = 0; num < count; ++num) {
2209 int ret;
2210 enum ffs_os_desc_type type;
2211 u16 feature_count;
2212 struct usb_os_desc_header *desc = (void *)data;
2213
2214 if (len < sizeof(*desc))
2215 return -EINVAL;
2216
2217 /*
2218 * Record "descriptor" entity.
2219 * Process dwLength, bcdVersion, wIndex, get b/wCount.
2220 * Move the data pointer to the beginning of extended
2221 * compatibilities proper or extended properties proper
2222 * portions of the data
2223 */
2224 if (le32_to_cpu(desc->dwLength) > len)
2225 return -EINVAL;
2226
2227 ret = __ffs_do_os_desc_header(&type, desc);
2228 if (unlikely(ret < 0)) {
2229 pr_debug("entity OS_DESCRIPTOR(%02lx); ret = %d\n",
2230 num, ret);
2231 return ret;
2232 }
2233 /*
2234 * 16-bit hex "?? 00" Little Endian looks like 8-bit hex "??"
2235 */
2236 feature_count = le16_to_cpu(desc->wCount);
2237 if (type == FFS_OS_DESC_EXT_COMPAT &&
2238 (feature_count > 255 || desc->Reserved))
2239 return -EINVAL;
2240 len -= ret;
2241 data += ret;
2242
2243 /*
2244 * Process all function/property descriptors
2245 * of this Feature Descriptor
2246 */
2247 ret = ffs_do_single_os_desc(data, len, type,
2248 feature_count, entity, priv, desc);
2249 if (unlikely(ret < 0)) {
2250 pr_debug("%s returns %d\n", __func__, ret);
2251 return ret;
2252 }
2253
2254 len -= ret;
2255 data += ret;
2256 }
2257 return _len - len;
2258}
2259
2260/**
2261 * Validate contents of the buffer from userspace related to OS descriptors.
2262 */
2263static int __ffs_data_do_os_desc(enum ffs_os_desc_type type,
2264 struct usb_os_desc_header *h, void *data,
2265 unsigned len, void *priv)
2266{
2267 struct ffs_data *ffs = priv;
2268 u8 length;
2269
2270 ENTER();
2271
2272 switch (type) {
2273 case FFS_OS_DESC_EXT_COMPAT: {
2274 struct usb_ext_compat_desc *d = data;
2275 int i;
2276
2277 if (len < sizeof(*d) ||
a3acc696 2278 d->bFirstInterfaceNumber >= ffs->interfaces_count)
f0175ab5 2279 return -EINVAL;
a3acc696
JK		 2280 if (d->Reserved1 != 1) {
2281 /*
2282 * According to the spec, Reserved1 must be set to 1
2283 * but older kernels incorrectly rejected non-zero
2284 * values. We fix it here to avoid returning EINVAL
2285 * in response to values we used to accept.
2286 */
2287 pr_debug("usb_ext_compat_desc::Reserved1 forced to 1\n");
2288 d->Reserved1 = 1;
2289 }
f0175ab5
AP		 2290 for (i = 0; i < ARRAY_SIZE(d->Reserved2); ++i)
2291 if (d->Reserved2[i])
2292 return -EINVAL;
2293
2294 length = sizeof(struct usb_ext_compat_desc);
2295 }
2296 break;
2297 case FFS_OS_DESC_EXT_PROP: {
2298 struct usb_ext_prop_desc *d = data;
2299 u32 type, pdl;
2300 u16 pnl;
2301
2302 if (len < sizeof(*d) || h->interface >= ffs->interfaces_count)
2303 return -EINVAL;
2304 length = le32_to_cpu(d->dwSize);
83e526f2
VP		 2305 if (len < length)
2306 return -EINVAL;
f0175ab5
AP		 2307 type = le32_to_cpu(d->dwPropertyDataType);
2308 if (type < USB_EXT_PROP_UNICODE ||
2309 type > USB_EXT_PROP_UNICODE_MULTI) {
2310 pr_vdebug("unsupported os descriptor property type: %d",
2311 type);
2312 return -EINVAL;
2313 }
2314 pnl = le16_to_cpu(d->wPropertyNameLength);
83e526f2
VP		 2315 if (length < 14 + pnl) {
2316 pr_vdebug("invalid os descriptor length: %d pnl:%d (descriptor %d)\n",
2317 length, pnl, type);
2318 return -EINVAL;
2319 }
c40619bb 2320 pdl = le32_to_cpu(*(__le32 *)((u8 *)data + 10 + pnl));
f0175ab5
AP		 2321 if (length != 14 + pnl + pdl) {
2322 pr_vdebug("invalid os descriptor length: %d pnl:%d pdl:%d (descriptor %d)\n",
2323 length, pnl, pdl, type);
2324 return -EINVAL;
2325 }
2326 ++ffs->ms_os_descs_ext_prop_count;
2327 /* property name reported to the host as "WCHAR"s */
2328 ffs->ms_os_descs_ext_prop_name_len += pnl * 2;
2329 ffs->ms_os_descs_ext_prop_data_len += pdl;
2330 }
2331 break;
2332 default:
2333 pr_vdebug("unknown descriptor: %d\n", type);
2334 return -EINVAL;
2335 }
2336 return length;
2337}
2338
ddf8abd2
MN		 2339static int __ffs_data_got_descs(struct ffs_data *ffs,
2340 char *const _data, size_t len)
2341{
ac8dde11 2342 char *data = _data, *raw_descs;
f0175ab5 2343 unsigned os_descs_count = 0, counts[3], flags;
ac8dde11 2344 int ret = -EINVAL, i;
6d5c1c77 2345 struct ffs_desc_helper helper;
ddf8abd2
MN		 2346
2347 ENTER();
2348
ac8dde11 2349 if (get_unaligned_le32(data + 4) != len)
ddf8abd2 2350 goto error;
ddf8abd2 2351
ac8dde11
MN		 2352 switch (get_unaligned_le32(data)) {
2353 case FUNCTIONFS_DESCRIPTORS_MAGIC:
2354 flags = FUNCTIONFS_HAS_FS_DESC | FUNCTIONFS_HAS_HS_DESC;
2355 data += 8;
2356 len -= 8;
2357 break;
2358 case FUNCTIONFS_DESCRIPTORS_MAGIC_V2:
2359 flags = get_unaligned_le32(data + 8);
1b0bf88f 2360 ffs->user_flags = flags;
ac8dde11
MN		 2361 if (flags & ~(FUNCTIONFS_HAS_FS_DESC |
2362 FUNCTIONFS_HAS_HS_DESC |
f0175ab5 2363 FUNCTIONFS_HAS_SS_DESC |
1b0bf88f 2364 FUNCTIONFS_HAS_MS_OS_DESC |
5e33f6fd 2365 FUNCTIONFS_VIRTUAL_ADDR |
54dfce6d 2366 FUNCTIONFS_EVENTFD |
4368c28a
FH		 2367 FUNCTIONFS_ALL_CTRL_RECIP |
2368 FUNCTIONFS_CONFIG0_SETUP)) {
ac8dde11 2369 ret = -ENOSYS;
ddf8abd2
MN		 2370 goto error;
2371 }
ac8dde11
MN		 2372 data += 12;
2373 len -= 12;
2374 break;
2375 default:
2376 goto error;
ddf8abd2 2377 }
ddf8abd2 2378
5e33f6fd
RB		 2379 if (flags & FUNCTIONFS_EVENTFD) {
2380 if (len < 4)
2381 goto error;
2382 ffs->ffs_eventfd =
2383 eventfd_ctx_fdget((int)get_unaligned_le32(data));
2384 if (IS_ERR(ffs->ffs_eventfd)) {
2385 ret = PTR_ERR(ffs->ffs_eventfd);
2386 ffs->ffs_eventfd = NULL;
2387 goto error;
2388 }
2389 data += 4;
2390 len -= 4;
2391 }
2392
ac8dde11
MN		 2393 /* Read fs_count, hs_count and ss_count (if present) */
2394 for (i = 0; i < 3; ++i) {
2395 if (!(flags & (1 << i))) {
2396 counts[i] = 0;
2397 } else if (len < 4) {
8d4e897b 2398 goto error;
ac8dde11
MN		 2399 } else {
2400 counts[i] = get_unaligned_le32(data);
2401 data += 4;
2402 len -= 4;
8d4e897b 2403 }
ddf8abd2 2404 }
f0175ab5 2405 if (flags & (1 << i)) {
83e526f2
VP		 2406 if (len < 4) {
2407 goto error;
2408 }
f0175ab5
AP		 2409 os_descs_count = get_unaligned_le32(data);
2410 data += 4;
2411 len -= 4;
2412 };
ddf8abd2 2413
ac8dde11
MN		 2414 /* Read descriptors */
2415 raw_descs = data;
6d5c1c77 2416 helper.ffs = ffs;
ac8dde11
MN		 2417 for (i = 0; i < 3; ++i) {
2418 if (!counts[i])
2419 continue;
6d5c1c77
RB		 2420 helper.interfaces_count = 0;
2421 helper.eps_count = 0;
ac8dde11 2422 ret = ffs_do_descs(counts[i], data, len,
6d5c1c77 2423 __ffs_data_do_entity, &helper);
ac8dde11 2424 if (ret < 0)
ddf8abd2 2425 goto error;
6d5c1c77
RB		 2426 if (!ffs->eps_count && !ffs->interfaces_count) {
2427 ffs->eps_count = helper.eps_count;
2428 ffs->interfaces_count = helper.interfaces_count;
2429 } else {
2430 if (ffs->eps_count != helper.eps_count) {
2431 ret = -EINVAL;
2432 goto error;
2433 }
2434 if (ffs->interfaces_count != helper.interfaces_count) {
2435 ret = -EINVAL;
2436 goto error;
2437 }
2438 }
ac8dde11
MN		 2439 data += ret;
2440 len -= ret;
ddf8abd2 2441 }
f0175ab5
AP		 2442 if (os_descs_count) {
2443 ret = ffs_do_os_descs(os_descs_count, data, len,
2444 __ffs_data_do_os_desc, ffs);
2445 if (ret < 0)
2446 goto error;
2447 data += ret;
2448 len -= ret;
2449 }
ddf8abd2 2450
ac8dde11
MN		 2451 if (raw_descs == data || len) {
2452 ret = -EINVAL;
2453 goto error;
2454 }
ddf8abd2 2455
ac8dde11
MN		 2456 ffs->raw_descs_data = _data;
2457 ffs->raw_descs = raw_descs;
2458 ffs->raw_descs_length = data - raw_descs;
2459 ffs->fs_descs_count = counts[0];
2460 ffs->hs_descs_count = counts[1];
2461 ffs->ss_descs_count = counts[2];
f0175ab5 2462 ffs->ms_os_descs_count = os_descs_count;
ddf8abd2
MN		 2463
2464 return 0;
2465
ddf8abd2
MN		 2466error:
2467 kfree(_data);
2468 return ret;
2469}
2470
ddf8abd2
MN		 2471static int __ffs_data_got_strings(struct ffs_data *ffs,
2472 char *const _data, size_t len)
2473{
2474 u32 str_count, needed_count, lang_count;
2475 struct usb_gadget_strings **stringtabs, *t;
ddf8abd2 2476 const char *data = _data;
872ce511 2477 struct usb_string *s;
ddf8abd2
MN		 2478
2479 ENTER();
2480
83e526f2
VP		 2481 if (unlikely(len < 16 ||
2482 get_unaligned_le32(data) != FUNCTIONFS_STRINGS_MAGIC ||
ddf8abd2
MN		 2483 get_unaligned_le32(data + 4) != len))
2484 goto error;
2485 str_count = get_unaligned_le32(data + 8);
2486 lang_count = get_unaligned_le32(data + 12);
2487
2488 /* if one is zero the other must be zero */
2489 if (unlikely(!str_count != !lang_count))
2490 goto error;
2491
2492 /* Do we have at least as many strings as descriptors need? */
2493 needed_count = ffs->strings_count;
2494 if (unlikely(str_count < needed_count))
2495 goto error;
2496
5ab54cf7
MN		 2497 /*
2498 * If we don't need any strings just return and free all
2499 * memory.
2500 */
ddf8abd2
MN		 2501 if (!needed_count) {
2502 kfree(_data);
2503 return 0;
2504 }
2505
5ab54cf7 2506 /* Allocate everything in one chunk so there's less maintenance. */
ddf8abd2 2507 {
ddf8abd2 2508 unsigned i = 0;
e6f3862f
AP		 2509 vla_group(d);
2510 vla_item(d, struct usb_gadget_strings *, stringtabs,
2511 lang_count + 1);
2512 vla_item(d, struct usb_gadget_strings, stringtab, lang_count);
2513 vla_item(d, struct usb_string, strings,
2514 lang_count*(needed_count+1));
ddf8abd2 2515
e6f3862f
AP		 2516 char *vlabuf = kmalloc(vla_group_size(d), GFP_KERNEL);
2517
2518 if (unlikely(!vlabuf)) {
ddf8abd2
MN		 2519 kfree(_data);
2520 return -ENOMEM;
2521 }
2522
e6f3862f
AP		 2523 /* Initialize the VLA pointers */
2524 stringtabs = vla_ptr(vlabuf, d, stringtabs);
2525 t = vla_ptr(vlabuf, d, stringtab);
ddf8abd2
MN		 2526 i = lang_count;
2527 do {
2528 *stringtabs++ = t++;
2529 } while (--i);
2530 *stringtabs = NULL;
2531
e6f3862f
AP		 2532 /* stringtabs = vlabuf = d_stringtabs for later kfree */
2533 stringtabs = vla_ptr(vlabuf, d, stringtabs);
2534 t = vla_ptr(vlabuf, d, stringtab);
2535 s = vla_ptr(vlabuf, d, strings);
ddf8abd2
MN		 2536 }
2537
2538 /* For each language */
2539 data += 16;
2540 len -= 16;
2541
2542 do { /* lang_count > 0 so we can use do-while */
2543 unsigned needed = needed_count;
2544
2545 if (unlikely(len < 3))
2546 goto error_free;
2547 t->language = get_unaligned_le16(data);
2548 t->strings = s;
2549 ++t;
2550
2551 data += 2;
2552 len -= 2;
2553
2554 /* For each string */
2555 do { /* str_count > 0 so we can use do-while */
2556 size_t length = strnlen(data, len);
2557
2558 if (unlikely(length == len))
2559 goto error_free;
2560
5ab54cf7
MN		 2561 /*
2562 * User may provide more strings then we need,
2563 * if that's the case we simply ignore the
2564 * rest
2565 */
ddf8abd2 2566 if (likely(needed)) {
5ab54cf7
MN		 2567 /*
2568 * s->id will be set while adding
ddf8abd2 2569 * function to configuration so for
5ab54cf7
MN		 2570 * now just leave garbage here.
2571 */
ddf8abd2
MN		 2572 s->s = data;
2573 --needed;
2574 ++s;
2575 }
2576
2577 data += length + 1;
2578 len -= length + 1;
2579 } while (--str_count);
2580
2581 s->id = 0; /* terminator */
2582 s->s = NULL;
2583 ++s;
2584
2585 } while (--lang_count);
2586
2587 /* Some garbage left? */
2588 if (unlikely(len))
2589 goto error_free;
2590
2591 /* Done! */
2592 ffs->stringtabs = stringtabs;
2593 ffs->raw_strings = _data;
2594
2595 return 0;
2596
2597error_free:
2598 kfree(stringtabs);
2599error:
2600 kfree(_data);
2601 return -EINVAL;
2602}
2603
2604
ddf8abd2
MN		 2605/* Events handling and management *******************************************/
2606
2607static void __ffs_event_add(struct ffs_data *ffs,
2608 enum usb_functionfs_event_type type)
2609{
2610 enum usb_functionfs_event_type rem_type1, rem_type2 = type;
2611 int neg = 0;
2612
5ab54cf7
MN		 2613 /*
2614 * Abort any unhandled setup
2615 *
2616 * We do not need to worry about some cmpxchg() changing value
ddf8abd2
MN		 2617 * of ffs->setup_state without holding the lock because when
2618 * state is FFS_SETUP_PENDING cmpxchg() in several places in
5ab54cf7
MN		 2619 * the source does nothing.
2620 */
ddf8abd2 2621 if (ffs->setup_state == FFS_SETUP_PENDING)
e46318a0 2622 ffs->setup_state = FFS_SETUP_CANCELLED;
ddf8abd2 2623
67913bbd
MN		 2624 /*
2625 * Logic of this function guarantees that there are at most four pending
2626 * evens on ffs->ev.types queue. This is important because the queue
2627 * has space for four elements only and __ffs_ep0_read_events function
2628 * depends on that limit as well. If more event types are added, those
2629 * limits have to be revisited or guaranteed to still hold.
2630 */
ddf8abd2
MN		 2631 switch (type) {
2632 case FUNCTIONFS_RESUME:
2633 rem_type2 = FUNCTIONFS_SUSPEND;
5ab54cf7 2634 /* FALL THROUGH */
ddf8abd2
MN		 2635 case FUNCTIONFS_SUSPEND:
2636 case FUNCTIONFS_SETUP:
2637 rem_type1 = type;
5ab54cf7 2638 /* Discard all similar events */
ddf8abd2
MN		 2639 break;
2640
2641 case FUNCTIONFS_BIND:
2642 case FUNCTIONFS_UNBIND:
2643 case FUNCTIONFS_DISABLE:
2644 case FUNCTIONFS_ENABLE:
5ab54cf7 2645 /* Discard everything other then power management. */
ddf8abd2
MN		 2646 rem_type1 = FUNCTIONFS_SUSPEND;
2647 rem_type2 = FUNCTIONFS_RESUME;
2648 neg = 1;
2649 break;
2650
2651 default:
fe00bcbf
MN		 2652 WARN(1, "%d: unknown event, this should not happen\n", type);
2653 return;
ddf8abd2
MN		 2654 }
2655
2656 {
2657 u8 *ev = ffs->ev.types, *out = ev;
2658 unsigned n = ffs->ev.count;
2659 for (; n; --n, ++ev)
2660 if ((*ev == rem_type1 || *ev == rem_type2) == neg)
2661 *out++ = *ev;
2662 else
aa02f172 2663 pr_vdebug("purging event %d\n", *ev);
ddf8abd2
MN		 2664 ffs->ev.count = out - ffs->ev.types;
2665 }
2666
aa02f172 2667 pr_vdebug("adding event %d\n", type);
ddf8abd2
MN		 2668 ffs->ev.types[ffs->ev.count++] = type;
2669 wake_up_locked(&ffs->ev.waitq);
5e33f6fd
RB		 2670 if (ffs->ffs_eventfd)
2671 eventfd_signal(ffs->ffs_eventfd, 1);
ddf8abd2
MN		 2672}
2673
2674static void ffs_event_add(struct ffs_data *ffs,
2675 enum usb_functionfs_event_type type)
2676{
2677 unsigned long flags;
2678 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
2679 __ffs_event_add(ffs, type);
2680 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
2681}
2682
ddf8abd2
MN		 2683/* Bind/unbind USB function hooks *******************************************/
2684
6d5c1c77
RB		 2685static int ffs_ep_addr2idx(struct ffs_data *ffs, u8 endpoint_address)
2686{
2687 int i;
2688
2689 for (i = 1; i < ARRAY_SIZE(ffs->eps_addrmap); ++i)
2690 if (ffs->eps_addrmap[i] == endpoint_address)
2691 return i;
2692 return -ENOENT;
2693}
2694
ddf8abd2
MN		 2695static int __ffs_func_bind_do_descs(enum ffs_entity_type type, u8 *valuep,
2696 struct usb_descriptor_header *desc,
2697 void *priv)
2698{
2699 struct usb_endpoint_descriptor *ds = (void *)desc;
2700 struct ffs_function *func = priv;
2701 struct ffs_ep *ffs_ep;
85b06f5e
DC		 2702 unsigned ep_desc_id;
2703 int idx;
8d4e897b 2704 static const char *speed_names[] = { "full", "high", "super" };
ddf8abd2
MN		 2705
2706 if (type != FFS_DESCRIPTOR)
2707 return 0;
2708
8d4e897b
MG		 2709 /*
2710 * If ss_descriptors is not NULL, we are reading super speed
2711 * descriptors; if hs_descriptors is not NULL, we are reading high
2712 * speed descriptors; otherwise, we are reading full speed
2713 * descriptors.
2714 */
2715 if (func->function.ss_descriptors) {
2716 ep_desc_id = 2;
2717 func->function.ss_descriptors[(long)valuep] = desc;
2718 } else if (func->function.hs_descriptors) {
2719 ep_desc_id = 1;
ddf8abd2 2720 func->function.hs_descriptors[(long)valuep] = desc;
8d4e897b
MG		 2721 } else {
2722 ep_desc_id = 0;
10287bae 2723 func->function.fs_descriptors[(long)valuep] = desc;
8d4e897b 2724 }
ddf8abd2
MN		 2725
2726 if (!desc || desc->bDescriptorType != USB_DT_ENDPOINT)
2727 return 0;
2728
6d5c1c77
RB		 2729 idx = ffs_ep_addr2idx(func->ffs, ds->bEndpointAddress) - 1;
2730 if (idx < 0)
2731 return idx;
2732
ddf8abd2
MN		 2733 ffs_ep = func->eps + idx;
2734
8d4e897b
MG		 2735 if (unlikely(ffs_ep->descs[ep_desc_id])) {
2736 pr_err("two %sspeed descriptors for EP %d\n",
2737 speed_names[ep_desc_id],
d8df0b61 2738 ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
ddf8abd2
MN		 2739 return -EINVAL;
2740 }
8d4e897b 2741 ffs_ep->descs[ep_desc_id] = ds;
ddf8abd2
MN		 2742
2743 ffs_dump_mem(": Original ep desc", ds, ds->bLength);
2744 if (ffs_ep->ep) {
2745 ds->bEndpointAddress = ffs_ep->descs[0]->bEndpointAddress;
2746 if (!ds->wMaxPacketSize)
2747 ds->wMaxPacketSize = ffs_ep->descs[0]->wMaxPacketSize;
2748 } else {
2749 struct usb_request *req;
2750 struct usb_ep *ep;
1b0bf88f 2751 u8 bEndpointAddress;
ddf8abd2 2752
1b0bf88f
RB		 2753 /*
2754 * We back up bEndpointAddress because autoconfig overwrites
2755 * it with physical endpoint address.
2756 */
2757 bEndpointAddress = ds->bEndpointAddress;
aa02f172 2758 pr_vdebug("autoconfig\n");
ddf8abd2
MN		 2759 ep = usb_ep_autoconfig(func->gadget, ds);
2760 if (unlikely(!ep))
2761 return -ENOTSUPP;
cc7e6056 2762 ep->driver_data = func->eps + idx;
ddf8abd2
MN		 2763
2764 req = usb_ep_alloc_request(ep, GFP_KERNEL);
2765 if (unlikely(!req))
2766 return -ENOMEM;
2767
2768 ffs_ep->ep = ep;
2769 ffs_ep->req = req;
2770 func->eps_revmap[ds->bEndpointAddress &
2771 USB_ENDPOINT_NUMBER_MASK] = idx + 1;
1b0bf88f
RB		 2772 /*
2773 * If we use virtual address mapping, we restore
2774 * original bEndpointAddress value.
2775 */
2776 if (func->ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
2777 ds->bEndpointAddress = bEndpointAddress;
ddf8abd2
MN		 2778 }
2779 ffs_dump_mem(": Rewritten ep desc", ds, ds->bLength);
2780
2781 return 0;
2782}
2783
ddf8abd2
MN		 2784static int __ffs_func_bind_do_nums(enum ffs_entity_type type, u8 *valuep,
2785 struct usb_descriptor_header *desc,
2786 void *priv)
2787{
2788 struct ffs_function *func = priv;
2789 unsigned idx;
2790 u8 newValue;
2791
2792 switch (type) {
2793 default:
2794 case FFS_DESCRIPTOR:
2795 /* Handled in previous pass by __ffs_func_bind_do_descs() */
2796 return 0;
2797
2798 case FFS_INTERFACE:
2799 idx = *valuep;
2800 if (func->interfaces_nums[idx] < 0) {
2801 int id = usb_interface_id(func->conf, &func->function);
2802 if (unlikely(id < 0))
2803 return id;
2804 func->interfaces_nums[idx] = id;
2805 }
2806 newValue = func->interfaces_nums[idx];
2807 break;
2808
2809 case FFS_STRING:
2810 /* String' IDs are allocated when fsf_data is bound to cdev */
2811 newValue = func->ffs->stringtabs[0]->strings[*valuep - 1].id;
2812 break;
2813
2814 case FFS_ENDPOINT:
5ab54cf7
MN		 2815 /*
2816 * USB_DT_ENDPOINT are handled in
2817 * __ffs_func_bind_do_descs().
2818 */
ddf8abd2
MN		 2819 if (desc->bDescriptorType == USB_DT_ENDPOINT)
2820 return 0;
2821
2822 idx = (*valuep & USB_ENDPOINT_NUMBER_MASK) - 1;
2823 if (unlikely(!func->eps[idx].ep))
2824 return -EINVAL;
2825
2826 {
2827 struct usb_endpoint_descriptor **descs;
2828 descs = func->eps[idx].descs;
2829 newValue = descs[descs[0] ? 0 : 1]->bEndpointAddress;
2830 }
2831 break;
2832 }
2833
aa02f172 2834 pr_vdebug("%02x -> %02x\n", *valuep, newValue);
ddf8abd2
MN		 2835 *valuep = newValue;
2836 return 0;
2837}
2838
f0175ab5
AP		 2839static int __ffs_func_bind_do_os_desc(enum ffs_os_desc_type type,
2840 struct usb_os_desc_header *h, void *data,
2841 unsigned len, void *priv)
2842{
2843 struct ffs_function *func = priv;
2844 u8 length = 0;
2845
2846 switch (type) {
2847 case FFS_OS_DESC_EXT_COMPAT: {
2848 struct usb_ext_compat_desc *desc = data;
2849 struct usb_os_desc_table *t;
2850
2851 t = &func->function.os_desc_table[desc->bFirstInterfaceNumber];
2852 t->if_id = func->interfaces_nums[desc->bFirstInterfaceNumber];
2853 memcpy(t->os_desc->ext_compat_id, &desc->CompatibleID,
2854 ARRAY_SIZE(desc->CompatibleID) +
2855 ARRAY_SIZE(desc->SubCompatibleID));
2856 length = sizeof(*desc);
2857 }
2858 break;
2859 case FFS_OS_DESC_EXT_PROP: {
2860 struct usb_ext_prop_desc *desc = data;
2861 struct usb_os_desc_table *t;
2862 struct usb_os_desc_ext_prop *ext_prop;
2863 char *ext_prop_name;
2864 char *ext_prop_data;
2865
2866 t = &func->function.os_desc_table[h->interface];
2867 t->if_id = func->interfaces_nums[h->interface];
2868
2869 ext_prop = func->ffs->ms_os_descs_ext_prop_avail;
2870 func->ffs->ms_os_descs_ext_prop_avail += sizeof(*ext_prop);
2871
2872 ext_prop->type = le32_to_cpu(desc->dwPropertyDataType);
2873 ext_prop->name_len = le16_to_cpu(desc->wPropertyNameLength);
c40619bb 2874 ext_prop->data_len = le32_to_cpu(*(__le32 *)
f0175ab5
AP		 2875 usb_ext_prop_data_len_ptr(data, ext_prop->name_len));
2876 length = ext_prop->name_len + ext_prop->data_len + 14;
2877
2878 ext_prop_name = func->ffs->ms_os_descs_ext_prop_name_avail;
2879 func->ffs->ms_os_descs_ext_prop_name_avail +=
2880 ext_prop->name_len;
2881
2882 ext_prop_data = func->ffs->ms_os_descs_ext_prop_data_avail;
2883 func->ffs->ms_os_descs_ext_prop_data_avail +=
2884 ext_prop->data_len;
2885 memcpy(ext_prop_data,
2886 usb_ext_prop_data_ptr(data, ext_prop->name_len),
2887 ext_prop->data_len);
2888 /* unicode data reported to the host as "WCHAR"s */
2889 switch (ext_prop->type) {
2890 case USB_EXT_PROP_UNICODE:
2891 case USB_EXT_PROP_UNICODE_ENV:
2892 case USB_EXT_PROP_UNICODE_LINK:
2893 case USB_EXT_PROP_UNICODE_MULTI:
2894 ext_prop->data_len *= 2;
2895 break;
2896 }
2897 ext_prop->data = ext_prop_data;
2898
2899 memcpy(ext_prop_name, usb_ext_prop_name_ptr(data),
2900 ext_prop->name_len);
2901 /* property name reported to the host as "WCHAR"s */
2902 ext_prop->name_len *= 2;
2903 ext_prop->name = ext_prop_name;
2904
2905 t->os_desc->ext_prop_len +=
2906 ext_prop->name_len + ext_prop->data_len + 14;
2907 ++t->os_desc->ext_prop_count;
2908 list_add_tail(&ext_prop->entry, &t->os_desc->ext_prop);
2909 }
2910 break;
2911 default:
2912 pr_vdebug("unknown descriptor: %d\n", type);
2913 }
2914
2915 return length;
2916}
2917
5920cda6
AP		 2918static inline struct f_fs_opts *ffs_do_functionfs_bind(struct usb_function *f,
2919 struct usb_configuration *c)
2920{
2921 struct ffs_function *func = ffs_func_from_usb(f);
2922 struct f_fs_opts *ffs_opts =
2923 container_of(f->fi, struct f_fs_opts, func_inst);
2924 int ret;
2925
2926 ENTER();
2927
2928 /*
2929 * Legacy gadget triggers binding in functionfs_ready_callback,
2930 * which already uses locking; taking the same lock here would
2931 * cause a deadlock.
2932 *
2933 * Configfs-enabled gadgets however do need ffs_dev_lock.
2934 */
2935 if (!ffs_opts->no_configfs)
2936 ffs_dev_lock();
2937 ret = ffs_opts->dev->desc_ready ? 0 : -ENODEV;
2938 func->ffs = ffs_opts->dev->ffs_data;
2939 if (!ffs_opts->no_configfs)
2940 ffs_dev_unlock();
2941 if (ret)
2942 return ERR_PTR(ret);
2943
2944 func->conf = c;
2945 func->gadget = c->cdev->gadget;
2946
5920cda6
AP		 2947 /*
2948 * in drivers/usb/gadget/configfs.c:configfs_composite_bind()
2949 * configurations are bound in sequence with list_for_each_entry,
2950 * in each configuration its functions are bound in sequence
2951 * with list_for_each_entry, so we assume no race condition
2952 * with regard to ffs_opts->bound access
2953 */
2954 if (!ffs_opts->refcnt) {
2955 ret = functionfs_bind(func->ffs, c->cdev);
2956 if (ret)
2957 return ERR_PTR(ret);
2958 }
2959 ffs_opts->refcnt++;
2960 func->function.strings = func->ffs->stringtabs;
2961
2962 return ffs_opts;
2963}
5920cda6
AP		 2964
2965static int _ffs_func_bind(struct usb_configuration *c,
2966 struct usb_function *f)
ddf8abd2
MN		 2967{
2968 struct ffs_function *func = ffs_func_from_usb(f);
2969 struct ffs_data *ffs = func->ffs;
2970
2971 const int full = !!func->ffs->fs_descs_count;
6cf439e0
JP		 2972 const int high = !!func->ffs->hs_descs_count;
2973 const int super = !!func->ffs->ss_descs_count;
ddf8abd2 2974
f0175ab5 2975 int fs_len, hs_len, ss_len, ret, i;
0015f915 2976 struct ffs_ep *eps_ptr;
ddf8abd2
MN		 2977
2978 /* Make it a single chunk, less management later on */
e6f3862f
AP		 2979 vla_group(d);
2980 vla_item_with_sz(d, struct ffs_ep, eps, ffs->eps_count);
2981 vla_item_with_sz(d, struct usb_descriptor_header *, fs_descs,
2982 full ? ffs->fs_descs_count + 1 : 0);
2983 vla_item_with_sz(d, struct usb_descriptor_header *, hs_descs,
2984 high ? ffs->hs_descs_count + 1 : 0);
8d4e897b
MG		 2985 vla_item_with_sz(d, struct usb_descriptor_header *, ss_descs,
2986 super ? ffs->ss_descs_count + 1 : 0);
e6f3862f 2987 vla_item_with_sz(d, short, inums, ffs->interfaces_count);
f0175ab5
AP		 2988 vla_item_with_sz(d, struct usb_os_desc_table, os_desc_table,
2989 c->cdev->use_os_string ? ffs->interfaces_count : 0);
2990 vla_item_with_sz(d, char[16], ext_compat,
2991 c->cdev->use_os_string ? ffs->interfaces_count : 0);
2992 vla_item_with_sz(d, struct usb_os_desc, os_desc,
2993 c->cdev->use_os_string ? ffs->interfaces_count : 0);
2994 vla_item_with_sz(d, struct usb_os_desc_ext_prop, ext_prop,
2995 ffs->ms_os_descs_ext_prop_count);
2996 vla_item_with_sz(d, char, ext_prop_name,
2997 ffs->ms_os_descs_ext_prop_name_len);
2998 vla_item_with_sz(d, char, ext_prop_data,
2999 ffs->ms_os_descs_ext_prop_data_len);
ac8dde11 3000 vla_item_with_sz(d, char, raw_descs, ffs->raw_descs_length);
e6f3862f 3001 char *vlabuf;
ddf8abd2
MN		 3002
3003 ENTER();
3004
8d4e897b
MG		 3005 /* Has descriptors only for speeds gadget does not support */
3006 if (unlikely(!(full | high | super)))
ddf8abd2
MN		 3007 return -ENOTSUPP;
3008
e6f3862f 3009 /* Allocate a single chunk, less management later on */
f0175ab5 3010 vlabuf = kzalloc(vla_group_size(d), GFP_KERNEL);
e6f3862f 3011 if (unlikely(!vlabuf))
ddf8abd2
MN		 3012 return -ENOMEM;
3013
f0175ab5
AP		 3014 ffs->ms_os_descs_ext_prop_avail = vla_ptr(vlabuf, d, ext_prop);
3015 ffs->ms_os_descs_ext_prop_name_avail =
3016 vla_ptr(vlabuf, d, ext_prop_name);
3017 ffs->ms_os_descs_ext_prop_data_avail =
3018 vla_ptr(vlabuf, d, ext_prop_data);
3019
ac8dde11
MN		 3020 /* Copy descriptors */
3021 memcpy(vla_ptr(vlabuf, d, raw_descs), ffs->raw_descs,
3022 ffs->raw_descs_length);
8d4e897b 3023
e6f3862f 3024 memset(vla_ptr(vlabuf, d, inums), 0xff, d_inums__sz);
0015f915
DC		 3025 eps_ptr = vla_ptr(vlabuf, d, eps);
3026 for (i = 0; i < ffs->eps_count; i++)
3027 eps_ptr[i].num = -1;
ddf8abd2 3028
e6f3862f
AP		 3029 /* Save pointers
3030 * d_eps == vlabuf, func->eps used to kfree vlabuf later
3031 */
3032 func->eps = vla_ptr(vlabuf, d, eps);
3033 func->interfaces_nums = vla_ptr(vlabuf, d, inums);
ddf8abd2 3034
5ab54cf7
MN		 3035 /*
3036 * Go through all the endpoint descriptors and allocate
ddf8abd2 3037 * endpoints first, so that later we can rewrite the endpoint
5ab54cf7
MN		 3038 * numbers without worrying that it may be described later on.
3039 */
ddf8abd2 3040 if (likely(full)) {
e6f3862f 3041 func->function.fs_descriptors = vla_ptr(vlabuf, d, fs_descs);
8d4e897b
MG		 3042 fs_len = ffs_do_descs(ffs->fs_descs_count,
3043 vla_ptr(vlabuf, d, raw_descs),
3044 d_raw_descs__sz,
3045 __ffs_func_bind_do_descs, func);
3046 if (unlikely(fs_len < 0)) {
3047 ret = fs_len;
ddf8abd2 3048 goto error;
8d4e897b 3049 }
ddf8abd2 3050 } else {
8d4e897b 3051 fs_len = 0;
ddf8abd2
MN		 3052 }
3053
3054 if (likely(high)) {
e6f3862f 3055 func->function.hs_descriptors = vla_ptr(vlabuf, d, hs_descs);
8d4e897b
MG		 3056 hs_len = ffs_do_descs(ffs->hs_descs_count,
3057 vla_ptr(vlabuf, d, raw_descs) + fs_len,
3058 d_raw_descs__sz - fs_len,
3059 __ffs_func_bind_do_descs, func);
3060 if (unlikely(hs_len < 0)) {
3061 ret = hs_len;
3062 goto error;
3063 }
3064 } else {
3065 hs_len = 0;
3066 }
3067
3068 if (likely(super)) {
3069 func->function.ss_descriptors = vla_ptr(vlabuf, d, ss_descs);
f0175ab5 3070 ss_len = ffs_do_descs(ffs->ss_descs_count,
8d4e897b
MG		 3071 vla_ptr(vlabuf, d, raw_descs) + fs_len + hs_len,
3072 d_raw_descs__sz - fs_len - hs_len,
3073 __ffs_func_bind_do_descs, func);
f0175ab5
AP		 3074 if (unlikely(ss_len < 0)) {
3075 ret = ss_len;
8854894c 3076 goto error;
f0175ab5
AP		 3077 }
3078 } else {
3079 ss_len = 0;
ddf8abd2
MN		 3080 }
3081
5ab54cf7
MN		 3082 /*
3083 * Now handle interface numbers allocation and interface and
3084 * endpoint numbers rewriting. We can do that in one go
3085 * now.
3086 */
ddf8abd2 3087 ret = ffs_do_descs(ffs->fs_descs_count +
8d4e897b
MG		 3088 (high ? ffs->hs_descs_count : 0) +
3089 (super ? ffs->ss_descs_count : 0),
e6f3862f 3090 vla_ptr(vlabuf, d, raw_descs), d_raw_descs__sz,
ddf8abd2
MN		 3091 __ffs_func_bind_do_nums, func);
3092 if (unlikely(ret < 0))
3093 goto error;
3094
f0175ab5 3095 func->function.os_desc_table = vla_ptr(vlabuf, d, os_desc_table);
c6010c8b 3096 if (c->cdev->use_os_string) {
f0175ab5
AP		 3097 for (i = 0; i < ffs->interfaces_count; ++i) {
3098 struct usb_os_desc *desc;
3099
3100 desc = func->function.os_desc_table[i].os_desc =
3101 vla_ptr(vlabuf, d, os_desc) +
3102 i * sizeof(struct usb_os_desc);
3103 desc->ext_compat_id =
3104 vla_ptr(vlabuf, d, ext_compat) + i * 16;
3105 INIT_LIST_HEAD(&desc->ext_prop);
3106 }
c6010c8b
JL		 3107 ret = ffs_do_os_descs(ffs->ms_os_descs_count,
3108 vla_ptr(vlabuf, d, raw_descs) +
3109 fs_len + hs_len + ss_len,
3110 d_raw_descs__sz - fs_len - hs_len -
3111 ss_len,
3112 __ffs_func_bind_do_os_desc, func);
3113 if (unlikely(ret < 0))
3114 goto error;
3115 }
f0175ab5
AP		 3116 func->function.os_desc_n =
3117 c->cdev->use_os_string ? ffs->interfaces_count : 0;
3118
ddf8abd2
MN		 3119 /* And we're done */
3120 ffs_event_add(ffs, FUNCTIONFS_BIND);
3121 return 0;
3122
3123error:
3124 /* XXX Do we need to release all claimed endpoints here? */
3125 return ret;
3126}
3127
5920cda6
AP		 3128static int ffs_func_bind(struct usb_configuration *c,
3129 struct usb_function *f)
3130{
5920cda6 3131 struct f_fs_opts *ffs_opts = ffs_do_functionfs_bind(f, c);
55d81121
RB		 3132 struct ffs_function *func = ffs_func_from_usb(f);
3133 int ret;
5920cda6
AP		 3134
3135 if (IS_ERR(ffs_opts))
3136 return PTR_ERR(ffs_opts);
5920cda6 3137
55d81121
RB		 3138 ret = _ffs_func_bind(c, f);
3139 if (ret && !--ffs_opts->refcnt)
3140 functionfs_unbind(func->ffs);
3141
3142 return ret;
5920cda6
AP		 3143}
3144
ddf8abd2
MN		 3145
3146/* Other USB function hooks *************************************************/
3147
18d6b32f
RB		 3148static void ffs_reset_work(struct work_struct *work)
3149{
3150 struct ffs_data *ffs = container_of(work,
3151 struct ffs_data, reset_work);
3152 ffs_data_reset(ffs);
3153}
3154
ddf8abd2
MN		 3155static int ffs_func_set_alt(struct usb_function *f,
3156 unsigned interface, unsigned alt)
3157{
3158 struct ffs_function *func = ffs_func_from_usb(f);
3159 struct ffs_data *ffs = func->ffs;
3160 int ret = 0, intf;
3161
3162 if (alt != (unsigned)-1) {
3163 intf = ffs_func_revmap_intf(func, interface);
3164 if (unlikely(intf < 0))
3165 return intf;
3166 }
3167
3168 if (ffs->func)
3169 ffs_func_eps_disable(ffs->func);
3170
18d6b32f
RB		 3171 if (ffs->state == FFS_DEACTIVATED) {
3172 ffs->state = FFS_CLOSING;
3173 INIT_WORK(&ffs->reset_work, ffs_reset_work);
3174 schedule_work(&ffs->reset_work);
3175 return -ENODEV;
3176 }
3177
ddf8abd2
MN		 3178 if (ffs->state != FFS_ACTIVE)
3179 return -ENODEV;
3180
3181 if (alt == (unsigned)-1) {
3182 ffs->func = NULL;
3183 ffs_event_add(ffs, FUNCTIONFS_DISABLE);
3184 return 0;
3185 }
3186
3187 ffs->func = func;
3188 ret = ffs_func_eps_enable(func);
3189 if (likely(ret >= 0))
3190 ffs_event_add(ffs, FUNCTIONFS_ENABLE);
3191 return ret;
3192}
3193
3194static void ffs_func_disable(struct usb_function *f)
3195{
3196 ffs_func_set_alt(f, 0, (unsigned)-1);
3197}
3198
3199static int ffs_func_setup(struct usb_function *f,
3200 const struct usb_ctrlrequest *creq)
3201{
3202 struct ffs_function *func = ffs_func_from_usb(f);
3203 struct ffs_data *ffs = func->ffs;
3204 unsigned long flags;
3205 int ret;
3206
3207 ENTER();
3208
aa02f172
MN		 3209 pr_vdebug("creq->bRequestType = %02x\n", creq->bRequestType);
3210 pr_vdebug("creq->bRequest = %02x\n", creq->bRequest);
3211 pr_vdebug("creq->wValue = %04x\n", le16_to_cpu(creq->wValue));
3212 pr_vdebug("creq->wIndex = %04x\n", le16_to_cpu(creq->wIndex));
3213 pr_vdebug("creq->wLength = %04x\n", le16_to_cpu(creq->wLength));
ddf8abd2 3214
5ab54cf7
MN		 3215 /*
3216 * Most requests directed to interface go through here
ddf8abd2
MN		 3217 * (notable exceptions are set/get interface) so we need to
3218 * handle them. All other either handled by composite or
3219 * passed to usb_configuration->setup() (if one is set). No
3220 * matter, we will handle requests directed to endpoint here
54dfce6d
FH		 3221 * as well (as it's straightforward). Other request recipient
3222 * types are only handled when the user flag FUNCTIONFS_ALL_CTRL_RECIP
3223 * is being used.
5ab54cf7 3224 */
ddf8abd2
MN		 3225 if (ffs->state != FFS_ACTIVE)
3226 return -ENODEV;
3227
3228 switch (creq->bRequestType & USB_RECIP_MASK) {
3229 case USB_RECIP_INTERFACE:
3230 ret = ffs_func_revmap_intf(func, le16_to_cpu(creq->wIndex));
3231 if (unlikely(ret < 0))
3232 return ret;
3233 break;
3234
3235 case USB_RECIP_ENDPOINT:
3236 ret = ffs_func_revmap_ep(func, le16_to_cpu(creq->wIndex));
3237 if (unlikely(ret < 0))
3238 return ret;
1b0bf88f
RB		 3239 if (func->ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
3240 ret = func->ffs->eps_addrmap[ret];
ddf8abd2
MN		 3241 break;
3242
3243 default:
54dfce6d
FH		 3244 if (func->ffs->user_flags & FUNCTIONFS_ALL_CTRL_RECIP)
3245 ret = le16_to_cpu(creq->wIndex);
3246 else
3247 return -EOPNOTSUPP;
ddf8abd2
MN		 3248 }
3249
3250 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
3251 ffs->ev.setup = *creq;
3252 ffs->ev.setup.wIndex = cpu_to_le16(ret);
3253 __ffs_event_add(ffs, FUNCTIONFS_SETUP);
3254 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
3255
4d644abf 3256 return creq->wLength == 0 ? USB_GADGET_DELAYED_STATUS : 0;
ddf8abd2
MN		 3257}
3258
54dfce6d 3259static bool ffs_func_req_match(struct usb_function *f,
1a00b457
FH		 3260 const struct usb_ctrlrequest *creq,
3261 bool config0)
54dfce6d
FH		 3262{
3263 struct ffs_function *func = ffs_func_from_usb(f);
3264
4368c28a 3265 if (config0 && !(func->ffs->user_flags & FUNCTIONFS_CONFIG0_SETUP))
1a00b457
FH		 3266 return false;
3267
54dfce6d
FH		 3268 switch (creq->bRequestType & USB_RECIP_MASK) {
3269 case USB_RECIP_INTERFACE:
05e78c69
FH		 3270 return (ffs_func_revmap_intf(func,
3271 le16_to_cpu(creq->wIndex)) >= 0);
54dfce6d 3272 case USB_RECIP_ENDPOINT:
05e78c69
FH		 3273 return (ffs_func_revmap_ep(func,
3274 le16_to_cpu(creq->wIndex)) >= 0);
54dfce6d
FH		 3275 default:
3276 return (bool) (func->ffs->user_flags &
3277 FUNCTIONFS_ALL_CTRL_RECIP);
3278 }
3279}
3280
ddf8abd2
MN		 3281static void ffs_func_suspend(struct usb_function *f)
3282{
3283 ENTER();
3284 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_SUSPEND);
3285}
3286
3287static void ffs_func_resume(struct usb_function *f)
3288{
3289 ENTER();
3290 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_RESUME);
3291}
3292
3293
5ab54cf7 3294/* Endpoint and interface numbers reverse mapping ***************************/
ddf8abd2
MN		 3295
3296static int ffs_func_revmap_ep(struct ffs_function *func, u8 num)
3297{
3298 num = func->eps_revmap[num & USB_ENDPOINT_NUMBER_MASK];
3299 return num ? num : -EDOM;
3300}
3301
3302static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf)
3303{
3304 short *nums = func->interfaces_nums;
3305 unsigned count = func->ffs->interfaces_count;
3306
3307 for (; count; --count, ++nums) {
3308 if (*nums >= 0 && *nums == intf)
3309 return nums - func->interfaces_nums;
3310 }
3311
3312 return -EDOM;
3313}
3314
3315
4b187fce
AP		 3316/* Devices management *******************************************************/
3317
3318static LIST_HEAD(ffs_devices);
3319
da13a773 3320static struct ffs_dev *_ffs_do_find_dev(const char *name)
4b187fce
AP		 3321{
3322 struct ffs_dev *dev;
3323
ea920bb4
MN		 3324 if (!name)
3325 return NULL;
3326
4b187fce 3327 list_for_each_entry(dev, &ffs_devices, entry) {
4b187fce
AP		 3328 if (strcmp(dev->name, name) == 0)
3329 return dev;
3330 }
b658499f 3331
4b187fce
AP		 3332 return NULL;
3333}
3334
3335/*
3336 * ffs_lock must be taken by the caller of this function
3337 */
da13a773 3338static struct ffs_dev *_ffs_get_single_dev(void)
4b187fce
AP		 3339{
3340 struct ffs_dev *dev;
3341
3342 if (list_is_singular(&ffs_devices)) {
3343 dev = list_first_entry(&ffs_devices, struct ffs_dev, entry);
3344 if (dev->single)
3345 return dev;
3346 }
3347
3348 return NULL;
3349}
3350
3351/*
3352 * ffs_lock must be taken by the caller of this function
3353 */
da13a773 3354static struct ffs_dev *_ffs_find_dev(const char *name)
4b187fce
AP		 3355{
3356 struct ffs_dev *dev;
3357
da13a773 3358 dev = _ffs_get_single_dev();
4b187fce
AP		 3359 if (dev)
3360 return dev;
3361
da13a773 3362 return _ffs_do_find_dev(name);
4b187fce
AP		 3363}
3364
b658499f
AP		 3365/* Configfs support *********************************************************/
3366
3367static inline struct f_fs_opts *to_ffs_opts(struct config_item *item)
3368{
3369 return container_of(to_config_group(item), struct f_fs_opts,
3370 func_inst.group);
3371}
3372
3373static void ffs_attr_release(struct config_item *item)
3374{
3375 struct f_fs_opts *opts = to_ffs_opts(item);
3376
3377 usb_put_function_instance(&opts->func_inst);
3378}
3379
3380static struct configfs_item_operations ffs_item_ops = {
3381 .release = ffs_attr_release,
3382};
3383
97363902 3384static const struct config_item_type ffs_func_type = {
b658499f
AP		 3385 .ct_item_ops = &ffs_item_ops,
3386 .ct_owner = THIS_MODULE,
3387};
3388
3389
5920cda6
AP		 3390/* Function registration interface ******************************************/
3391
5920cda6
AP		 3392static void ffs_free_inst(struct usb_function_instance *f)
3393{
3394 struct f_fs_opts *opts;
3395
3396 opts = to_f_fs_opts(f);
3397 ffs_dev_lock();
da13a773 3398 _ffs_free_dev(opts->dev);
5920cda6
AP		 3399 ffs_dev_unlock();
3400 kfree(opts);
3401}
3402
b658499f
AP		 3403static int ffs_set_inst_name(struct usb_function_instance *fi, const char *name)
3404{
ea920bb4 3405 if (strlen(name) >= FIELD_SIZEOF(struct ffs_dev, name))
b658499f 3406 return -ENAMETOOLONG;
ea920bb4 3407 return ffs_name_dev(to_f_fs_opts(fi)->dev, name);
b658499f
AP		 3408}
3409
5920cda6
AP		 3410static struct usb_function_instance *ffs_alloc_inst(void)
3411{
3412 struct f_fs_opts *opts;
3413 struct ffs_dev *dev;
3414
3415 opts = kzalloc(sizeof(*opts), GFP_KERNEL);
3416 if (!opts)
3417 return ERR_PTR(-ENOMEM);
3418
b658499f 3419 opts->func_inst.set_inst_name = ffs_set_inst_name;
5920cda6
AP		 3420 opts->func_inst.free_func_inst = ffs_free_inst;
3421 ffs_dev_lock();
da13a773 3422 dev = _ffs_alloc_dev();
5920cda6
AP		 3423 ffs_dev_unlock();
3424 if (IS_ERR(dev)) {
3425 kfree(opts);
3426 return ERR_CAST(dev);
3427 }
3428 opts->dev = dev;
b658499f 3429 dev->opts = opts;
5920cda6 3430
b658499f
AP		 3431 config_group_init_type_name(&opts->func_inst.group, "",
3432 &ffs_func_type);
5920cda6
AP		 3433 return &opts->func_inst;
3434}
3435
3436static void ffs_free(struct usb_function *f)
3437{
3438 kfree(ffs_func_from_usb(f));
3439}
3440
3441static void ffs_func_unbind(struct usb_configuration *c,
3442 struct usb_function *f)
3443{
3444 struct ffs_function *func = ffs_func_from_usb(f);
3445 struct ffs_data *ffs = func->ffs;
3446 struct f_fs_opts *opts =
3447 container_of(f->fi, struct f_fs_opts, func_inst);
3448 struct ffs_ep *ep = func->eps;
3449 unsigned count = ffs->eps_count;
3450 unsigned long flags;
3451
3452 ENTER();
3453 if (ffs->func == func) {
3454 ffs_func_eps_disable(func);
3455 ffs->func = NULL;
3456 }
3457
3458 if (!--opts->refcnt)
3459 functionfs_unbind(ffs);
3460
3461 /* cleanup after autoconfig */
3462 spin_lock_irqsave(&func->ffs->eps_lock, flags);
08f37148 3463 while (count--) {
5920cda6
AP		 3464 if (ep->ep && ep->req)
3465 usb_ep_free_request(ep->ep, ep->req);
3466 ep->req = NULL;
3467 ++ep;
08f37148 3468 }
5920cda6
AP		 3469 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
3470 kfree(func->eps);
3471 func->eps = NULL;
3472 /*
3473 * eps, descriptors and interfaces_nums are allocated in the
3474 * same chunk so only one free is required.
3475 */
3476 func->function.fs_descriptors = NULL;
3477 func->function.hs_descriptors = NULL;
8d4e897b 3478 func->function.ss_descriptors = NULL;
5920cda6
AP		 3479 func->interfaces_nums = NULL;
3480
3481 ffs_event_add(ffs, FUNCTIONFS_UNBIND);
3482}
3483
3484static struct usb_function *ffs_alloc(struct usb_function_instance *fi)
3485{
3486 struct ffs_function *func;
3487
3488 ENTER();
3489
3490 func = kzalloc(sizeof(*func), GFP_KERNEL);
3491 if (unlikely(!func))
3492 return ERR_PTR(-ENOMEM);
3493
3494 func->function.name = "Function FS Gadget";
3495
3496 func->function.bind = ffs_func_bind;
3497 func->function.unbind = ffs_func_unbind;
3498 func->function.set_alt = ffs_func_set_alt;
3499 func->function.disable = ffs_func_disable;
3500 func->function.setup = ffs_func_setup;
54dfce6d 3501 func->function.req_match = ffs_func_req_match;
5920cda6
AP		 3502 func->function.suspend = ffs_func_suspend;
3503 func->function.resume = ffs_func_resume;
3504 func->function.free_func = ffs_free;
3505
3506 return &func->function;
3507}
3508
4b187fce
AP		 3509/*
3510 * ffs_lock must be taken by the caller of this function
3511 */
da13a773 3512static struct ffs_dev *_ffs_alloc_dev(void)
4b187fce
AP		 3513{
3514 struct ffs_dev *dev;
3515 int ret;
3516
da13a773 3517 if (_ffs_get_single_dev())
4b187fce
AP		 3518 return ERR_PTR(-EBUSY);
3519
3520 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3521 if (!dev)
3522 return ERR_PTR(-ENOMEM);
3523
3524 if (list_empty(&ffs_devices)) {
3525 ret = functionfs_init();
3526 if (ret) {
3527 kfree(dev);
3528 return ERR_PTR(ret);
3529 }
3530 }
3531
3532 list_add(&dev->entry, &ffs_devices);
3533
3534 return dev;
3535}
3536
ea920bb4 3537int ffs_name_dev(struct ffs_dev *dev, const char *name)
4b187fce
AP		 3538{
3539 struct ffs_dev *existing;
ea920bb4 3540 int ret = 0;
4b187fce 3541
ea920bb4 3542 ffs_dev_lock();
4b187fce 3543
ea920bb4
MN		 3544 existing = _ffs_do_find_dev(name);
3545 if (!existing)
3546 strlcpy(dev->name, name, ARRAY_SIZE(dev->name));
3547 else if (existing != dev)
3548 ret = -EBUSY;
4b187fce 3549
4b187fce
AP		 3550 ffs_dev_unlock();
3551
3552 return ret;
3553}
0700faaf 3554EXPORT_SYMBOL_GPL(ffs_name_dev);
4b187fce
AP		 3555
3556int ffs_single_dev(struct ffs_dev *dev)
3557{
3558 int ret;
3559
3560 ret = 0;
3561 ffs_dev_lock();
3562
3563 if (!list_is_singular(&ffs_devices))
3564 ret = -EBUSY;
3565 else
3566 dev->single = true;
3567
3568 ffs_dev_unlock();
3569 return ret;
3570}
0700faaf 3571EXPORT_SYMBOL_GPL(ffs_single_dev);
4b187fce
AP		 3572
3573/*
3574 * ffs_lock must be taken by the caller of this function
3575 */
da13a773 3576static void _ffs_free_dev(struct ffs_dev *dev)
4b187fce
AP		 3577{
3578 list_del(&dev->entry);
3262ad82
JB		 3579
3580 /* Clear the private_data pointer to stop incorrect dev access */
3581 if (dev->ffs_data)
3582 dev->ffs_data->private_data = NULL;
3583
4b187fce
AP		 3584 kfree(dev);
3585 if (list_empty(&ffs_devices))
3586 functionfs_cleanup();
3587}
3588
3589static void *ffs_acquire_dev(const char *dev_name)
3590{
3591 struct ffs_dev *ffs_dev;
3592
3593 ENTER();
3594 ffs_dev_lock();
3595
da13a773 3596 ffs_dev = _ffs_find_dev(dev_name);
4b187fce 3597 if (!ffs_dev)
d668b4f3 3598 ffs_dev = ERR_PTR(-ENOENT);
4b187fce
AP		 3599 else if (ffs_dev->mounted)
3600 ffs_dev = ERR_PTR(-EBUSY);
5920cda6
AP		 3601 else if (ffs_dev->ffs_acquire_dev_callback &&
3602 ffs_dev->ffs_acquire_dev_callback(ffs_dev))
d668b4f3 3603 ffs_dev = ERR_PTR(-ENOENT);
4b187fce
AP		 3604 else
3605 ffs_dev->mounted = true;
3606
3607 ffs_dev_unlock();
3608 return ffs_dev;
3609}
3610
3611static void ffs_release_dev(struct ffs_data *ffs_data)
3612{
3613 struct ffs_dev *ffs_dev;
3614
3615 ENTER();
3616 ffs_dev_lock();
3617
3618 ffs_dev = ffs_data->private_data;
ea365922 3619 if (ffs_dev) {
4b187fce 3620 ffs_dev->mounted = false;
ea365922
AP		 3621
3622 if (ffs_dev->ffs_release_dev_callback)
3623 ffs_dev->ffs_release_dev_callback(ffs_dev);
3624 }
4b187fce
AP		 3625
3626 ffs_dev_unlock();
3627}
3628
3629static int ffs_ready(struct ffs_data *ffs)
3630{
3631 struct ffs_dev *ffs_obj;
3632 int ret = 0;
3633
3634 ENTER();
3635 ffs_dev_lock();
3636
3637 ffs_obj = ffs->private_data;
3638 if (!ffs_obj) {
3639 ret = -EINVAL;
3640 goto done;
3641 }
3642 if (WARN_ON(ffs_obj->desc_ready)) {
3643 ret = -EBUSY;
3644 goto done;
3645 }
3646
3647 ffs_obj->desc_ready = true;
3648 ffs_obj->ffs_data = ffs;
3649
49a79d8b 3650 if (ffs_obj->ffs_ready_callback) {
4b187fce 3651 ret = ffs_obj->ffs_ready_callback(ffs);
49a79d8b
KO		 3652 if (ret)
3653 goto done;
3654 }
4b187fce 3655
49a79d8b 3656 set_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags);
4b187fce
AP		 3657done:
3658 ffs_dev_unlock();
3659 return ret;
3660}
3661
3662static void ffs_closed(struct ffs_data *ffs)
3663{
3664 struct ffs_dev *ffs_obj;
f14e9ad1 3665 struct f_fs_opts *opts;
b3ce3ce0 3666 struct config_item *ci;
4b187fce
AP		 3667
3668 ENTER();
3669 ffs_dev_lock();
3670
3671 ffs_obj = ffs->private_data;
3672 if (!ffs_obj)
3673 goto done;
3674
3675 ffs_obj->desc_ready = false;
cdafb6d8 3676 ffs_obj->ffs_data = NULL;
4b187fce 3677
49a79d8b
KO		 3678 if (test_and_clear_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags) &&
3679 ffs_obj->ffs_closed_callback)
4b187fce 3680 ffs_obj->ffs_closed_callback(ffs);
b658499f 3681
f14e9ad1
RMS		 3682 if (ffs_obj->opts)
3683 opts = ffs_obj->opts;
3684 else
3685 goto done;
3686
3687 if (opts->no_configfs || !opts->func_inst.group.cg_item.ci_parent
2c935bc5 3688 || !kref_read(&opts->func_inst.group.cg_item.ci_kref))
b658499f
AP		 3689 goto done;
3690
b3ce3ce0
BW		 3691 ci = opts->func_inst.group.cg_item.ci_parent->ci_parent;
3692 ffs_dev_unlock();
3693
ce5bf9a5
HK		 3694 if (test_bit(FFS_FL_BOUND, &ffs->flags))
3695 unregister_gadget_item(ci);
b3ce3ce0 3696 return;
4b187fce
AP		 3697done:
3698 ffs_dev_unlock();
3699}
3700
ddf8abd2
MN		 3701/* Misc helper functions ****************************************************/
3702
3703static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
3704{
3705 return nonblock
3706 ? likely(mutex_trylock(mutex)) ? 0 : -EAGAIN
3707 : mutex_lock_interruptible(mutex);
3708}
3709
260ef311 3710static char *ffs_prepare_buffer(const char __user *buf, size_t len)
ddf8abd2
MN		 3711{
3712 char *data;
3713
3714 if (unlikely(!len))
3715 return NULL;
3716
3717 data = kmalloc(len, GFP_KERNEL);
3718 if (unlikely(!data))
3719 return ERR_PTR(-ENOMEM);
3720
7fe9a937 3721 if (unlikely(copy_from_user(data, buf, len))) {
ddf8abd2
MN		 3722 kfree(data);
3723 return ERR_PTR(-EFAULT);
3724 }
3725
aa02f172 3726 pr_vdebug("Buffer from user space:\n");
ddf8abd2
MN		 3727 ffs_dump_mem("", data, len);
3728
3729 return data;
3730}
5920cda6 3731
5920cda6
AP		 3732DECLARE_USB_FUNCTION_INIT(ffs, ffs_alloc_inst, ffs_alloc);
3733MODULE_LICENSE("GPL");
3734MODULE_AUTHOR("Michal Nazarewicz");
Empty description
This page took 1.229569 seconds and 4 git commands to generate.