1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * f_fs.c -- user mode file system API for USB composite function controllers
4 *
5 * Copyright (C) 2010 Samsung Electronics
6 * Author: Michal Nazarewicz <mina86@mina86.com>
7 *
8 * Based on inode.c (GadgetFS) which was:
9 * Copyright (C) 2003-2004 David Brownell
10 * Copyright (C) 2003 Agilent Technologies
11 */
12
13 /* #define DEBUG */
14 /* #define VERBOSE_DEBUG */
15
16 #include <linux/export.h>
17 #include <linux/hid.h>
18 #include <linux/miscdevice.h>
19 #include <linux/usb/functionfs.h>
20 #include <linux/kfifo.h>
21 #include <linux/module.h>
22 #include <linux/poll.h>
23 #include <linux/eventfd.h>
24 #include <linux/dma-mapping.h>
25 #include <linux/usb/cdc.h>
26 #include <linux/interrupt.h>
27 #include "u_generic.h"
28 #include "u_f.h"
29 #include "u_os_desc.h"
30 #include "configfs.h"
31
32 #define FUNCTIONFS_MAGIC 0xa647361 /* Chosen by a honest dice roll ;) */
33
34 /* Reference counter handling */
35 static void ffs_data_get(struct ffs_data *ffs);
36 static void ffs_data_put(struct ffs_data *ffs);
37 /* Creates new ffs_data object. */
38 static struct ffs_data *__must_check ffs_data_new(const char *dev_name)
39 __attribute__((malloc));
40
41 /* Called with ffs->mutex held; take over ownership of data. */
42 static int __must_check
43 __ffs_data_got_descs(struct ffs_data *ffs, char *data, size_t len);
44 static int __must_check
45 __ffs_data_got_strings(struct ffs_data *ffs, char *data, size_t len);
46
47 /* The function structure ***************************************************/
48
49 struct ffs_ep;
50
51 struct ffs_function {
52 struct usb_configuration *conf;
53 struct usb_gadget *gadget;
54 struct ffs_data *ffs;
55
56 struct ffs_ep *eps;
57 u8 eps_revmap[16];
58 short *interfaces_nums;
59
60 struct usb_function function;
61 };
ffs_func_from_usb(struct usb_function * f)62 static struct ffs_function *ffs_func_from_usb(struct usb_function *f)
63 {
64 return container_of(f, struct ffs_function, function);
65 }
ffs_setup_state_clear_cancelled(struct ffs_data * ffs)66 static inline enum ffs_setup_state ffs_setup_state_clear_cancelled(struct ffs_data *ffs)
67 {
68 return (enum ffs_setup_state)
69 cmpxchg(&ffs->setup_state, FFS_SETUP_CANCELLED, FFS_NO_SETUP);
70 }
71 static void ffs_func_eps_disable(struct ffs_function *func);
72 static int __must_check ffs_func_eps_enable(struct ffs_function *func);
73
74 static int ffs_func_bind(struct usb_configuration *,
75 struct usb_function *);
76 static int ffs_func_set_alt(struct usb_function *, unsigned, unsigned);
77 static void ffs_func_disable(struct usb_function *);
78 static int ffs_func_setup(struct usb_function *,
79 const struct usb_ctrlrequest *);
80 static bool ffs_func_req_match(struct usb_function *,
81 const struct usb_ctrlrequest *,
82 bool config0);
83 static void ffs_func_suspend(struct usb_function *);
84 static void ffs_func_resume(struct usb_function *);
85
86 static int ffs_func_revmap_ep(struct ffs_function *func, u8 num);
87 static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf);
88
89 /* The endpoints structures *************************************************/
90 struct ffs_ep {
91 struct usb_ep *ep; /* P: ffs->eps_lock */
92 struct usb_request *req; /* P: epfile->mutex */
93
94 /* [0]: full speed, [1]: high speed, [2]: super speed */
95 struct usb_endpoint_descriptor *descs[3];
96
97 u8 num;
98
99 int status; /* P: epfile->mutex */
100 };
101
102 struct ffs_epfile {
103 /* Protects ep->ep and ep->req. */
104 struct mutex mutex;
105 struct list_head memory_list;
106 struct ffs_data *ffs;
107 struct ffs_ep *ep; /* P: ffs->eps_lock */
108 /*
109 * Buffer for holding data from partial reads which may happen since
110 * we’re rounding user read requests to a multiple of a max packet size.
111 *
112 * The pointer is initialised with NULL value and may be set by
113 * __ffs_epfile_read_data function to point to a temporary buffer.
114 *
115 * In normal operation, calls to __ffs_epfile_read_buffered will consume
116 * data from said buffer and eventually free it. Importantly, while the
117 * function is using the buffer, it sets the pointer to NULL. This is
118 * all right since __ffs_epfile_read_data and __ffs_epfile_read_buffered
119 * can never run concurrently (they are synchronised by epfile->mutex)
120 * so the latter will not assign a new value to the pointer.
121 *
122 * Meanwhile ffs_func_eps_disable frees the buffer (if the pointer is
123 * valid) and sets the pointer to READ_BUFFER_DROP value. This special
124 * value is crux of the synchronisation between ffs_func_eps_disable and
125 * __ffs_epfile_read_data.
126 *
127 * Once __ffs_epfile_read_data is about to finish it will try to set the
128 * pointer back to its old value (as described above), but seeing as the
129 * pointer is not-NULL (namely READ_BUFFER_DROP) it will instead free
130 * the buffer.
131 *
132 * == State transitions ==
133 *
134 * • ptr == NULL: (initial state)
135 * ◦ __ffs_epfile_read_buffer_free: go to ptr == DROP
136 * ◦ __ffs_epfile_read_buffered: nop
137 * ◦ __ffs_epfile_read_data allocates temp buffer: go to ptr == buf
138 * ◦ reading finishes: n/a, not in ‘and reading’ state
139 * • ptr == DROP:
140 * ◦ __ffs_epfile_read_buffer_free: nop
141 * ◦ __ffs_epfile_read_buffered: go to ptr == NULL
142 * ◦ __ffs_epfile_read_data allocates temp buffer: free buf, nop
143 * ◦ reading finishes: n/a, not in ‘and reading’ state
144 * • ptr == buf:
145 * ◦ __ffs_epfile_read_buffer_free: free buf, go to ptr == DROP
146 * ◦ __ffs_epfile_read_buffered: go to ptr == NULL and reading
147 * ◦ __ffs_epfile_read_data: n/a, __ffs_epfile_read_buffered
148 * is always called first
149 * ◦ reading finishes: n/a, not in ‘and reading’ state
150 * • ptr == NULL and reading:
151 * ◦ __ffs_epfile_read_buffer_free: go to ptr == DROP and reading
152 * ◦ __ffs_epfile_read_buffered: n/a, mutex is held
153 * ◦ __ffs_epfile_read_data: n/a, mutex is held
154 * ◦ reading finishes and …
155 * … all data read: free buf, go to ptr == NULL
156 * … otherwise: go to ptr == buf and reading
157 * • ptr == DROP and reading:
158 * ◦ __ffs_epfile_read_buffer_free: nop
159 * ◦ __ffs_epfile_read_buffered: n/a, mutex is held
160 * ◦ __ffs_epfile_read_data: n/a, mutex is held
161 * ◦ reading finishes: free buf, go to ptr == DROP
162 */
163 struct ffs_buffer *read_buffer;
164 #define READ_BUFFER_DROP ((struct ffs_buffer *)ERR_PTR(-ESHUTDOWN))
165
166 char name[MAX_NAMELEN];
167 dev_t devno;
168 struct cdev cdev;
169 struct device *device;
170
171 unsigned char in; /* P: ffs->eps_lock */
172 unsigned char isoc; /* P: ffs->eps_lock */
173
174 struct kfifo reqEventFifo;
175 wait_queue_head_t wait_que;
176
177 unsigned char _pad;
178 };
179
180 struct ffs_buffer {
181 size_t length;
182 char *data;
183 char storage[];
184 };
185
186 /* ffs_io_data structure ***************************************************/
187
188 struct ffs_io_data {
189 uint32_t aio;
190 uint32_t read;
191 uint32_t len;
192 uint32_t timeout;
193 uint64_t buf;
194 uint32_t actual;
195 int status;
196 struct tasklet_struct task;
197 struct usb_ep *ep;
198 struct usb_request *req;
199 struct ffs_epfile *epfile;
200 struct ffs_data *ffs;
201 };
202
203 struct ffs_desc_helper {
204 struct ffs_data *ffs;
205 unsigned interfaces_count;
206 unsigned eps_count;
207 };
208
209 static int __must_check ffs_epfiles_create(struct ffs_data *ffs);
210 static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count);
211
212 /* Devices management *******************************************************/
213
214 DEFINE_MUTEX(ffs_lock_adapter);
215 EXPORT_SYMBOL_GPL(ffs_lock_adapter);
216
217 static struct ffs_dev *_ffs_find_dev(const char *name);
218 static struct ffs_dev *_ffs_alloc_dev(void);
219 static void _ffs_free_dev(struct ffs_dev *dev);
220 static void *ffs_acquire_dev(const char *dev_name);
221 static void ffs_release_dev(struct ffs_data *ffs_data);
222 static int ffs_ready(struct ffs_data *ffs);
223 static void ffs_closed(struct ffs_data *ffs);
224
225 /* Misc helper functions ****************************************************/
226
227 static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
228 __attribute__((warn_unused_result, nonnull));
229 static char *ffs_prepare_buffer(const char __user *buf, size_t len)
230 __attribute__((warn_unused_result, nonnull));
231
232 struct class *ffs_class;
233
ffs_devnode(const struct device * dev,umode_t * mode)234 static char *ffs_devnode(const struct device *dev, umode_t *mode)
235 {
236 if (mode)
237 *mode = 0666;
238 return kasprintf(GFP_KERNEL, "functionfs/%s", dev_name(dev));
239 }
240
241 /* Control file aka ep0 *****************************************************/
generic_find_ep0_memory_area(struct ffs_data * ffs,uint64_t buf,uint32_t len)242 static struct ffs_memory *generic_find_ep0_memory_area(struct ffs_data *ffs, uint64_t buf, uint32_t len)
243 {
244 struct ffs_memory *ffsm = NULL;
245 struct ffs_memory *iter = NULL;
246 uint64_t buf_start = buf;
247 unsigned long flags;
248
249 spin_lock_irqsave(&ffs->mem_lock, flags);
250 list_for_each_entry(iter, &ffs->memory_list, memlist) {
251 if (buf_start >= iter->vm_start &&
252 buf_start < iter->vm_start + iter->size) {
253 if (len <= iter->vm_start + iter->size - buf_start) {
254 ffsm = iter;
255 break;
256 }
257 }
258 }
259 spin_unlock_irqrestore(&ffs->mem_lock, flags);
260 return ffsm;
261 }
262
ffs_ep0_complete(struct usb_ep * ep,struct usb_request * req)263 static void ffs_ep0_complete(struct usb_ep *ep, struct usb_request *req)
264 {
265 struct ffs_data *ffs = req->context;
266
267 complete(&ffs->ep0req_completion);
268
269 ffs->setup_state = FFS_NO_SETUP;
270 }
271
ffs_ep0_async_io_complete(struct usb_ep * _ep,struct usb_request * req)272 static void ffs_ep0_async_io_complete(struct usb_ep *_ep, struct usb_request *req)
273 {
274 struct ffs_io_data *io_data = req->context;
275 struct ffs_data *ffs = io_data->ffs;
276 ENTER();
277
278 io_data->status = io_data->req->status;
279 io_data->actual = io_data->req->actual;
280 kfifo_in(&ffs->reqEventFifo, &io_data->buf, sizeof(struct UsbFnReqEvent));
281 wake_up_all(&ffs->wait_que);
282
283 list_del(&req->list);
284 usb_ep_free_request(io_data->ep, io_data->req);
285 kfree(io_data);
286
287 }
288
__ffs_ep0_queue_wait(struct ffs_data * ffs,char * data,size_t len)289 static int __ffs_ep0_queue_wait(struct ffs_data *ffs, char *data, size_t len)
290 __releases(&ffs->ev.waitq.lock)
291 {
292 struct usb_request *req = ffs->ep0req;
293 int ret;
294
295 req->zero = len < le16_to_cpu(ffs->ev.setup.wLength);
296
297 spin_unlock_irq(&ffs->ev.waitq.lock);
298
299 req->buf = data;
300 req->length = len;
301
302 /*
303 * UDC layer requires to provide a buffer even for ZLP, but should
304 * not use it at all. Let's provide some poisoned pointer to catch
305 * possible bug in the driver.
306 */
307 if (req->buf == NULL)
308 req->buf = (void *)0xDEADBABE;
309
310 reinit_completion(&ffs->ep0req_completion);
311
312 ret = usb_ep_queue(ffs->gadget->ep0, req, GFP_ATOMIC);
313 if (unlikely(ret < 0))
314 return ret;
315
316 ret = wait_for_completion_interruptible(&ffs->ep0req_completion);
317 if (unlikely(ret)) {
318 usb_ep_dequeue(ffs->gadget->ep0, req);
319 return -EINTR;
320 }
321
322 ffs->setup_state = FFS_NO_SETUP;
323 return req->status ? req->status : req->actual;
324 }
325
__ffs_ep0_stall(struct ffs_data * ffs)326 static int __ffs_ep0_stall(struct ffs_data *ffs)
327 {
328 if (ffs->ev.can_stall) {
329 pr_vdebug("ep0 stall\n");
330 usb_ep_set_halt(ffs->gadget->ep0);
331 ffs->setup_state = FFS_NO_SETUP;
332 return -EL2HLT;
333 } else {
334 pr_debug("bogus ep0 stall!\n");
335 return -ESRCH;
336 }
337 }
338
ffs_ep0_write(struct file * file,const char __user * buf,size_t len,loff_t * ptr)339 static ssize_t ffs_ep0_write(struct file *file, const char __user *buf, size_t len, loff_t *ptr)
340 {
341 struct ffs_data *ffs = file->private_data;
342 ssize_t ret;
343 char *data = NULL;
344
345 ENTER();
346
347 /* Fast check if setup was canceled */
348 if (ffs_setup_state_clear_cancelled(ffs) == FFS_SETUP_CANCELLED)
349 return -EIDRM;
350
351 /* Acquire mutex */
352 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
353 if (unlikely(ret < 0))
354 return ret;
355
356 /* Check state */
357 switch (ffs->state) {
358 case FFS_READ_DESCRIPTORS:
359 case FFS_READ_STRINGS:
360 /* Copy data */
361 if (unlikely(len < 16)) {
362 ret = -EINVAL;
363 break;
364 }
365
366 data = ffs_prepare_buffer(buf, len);
367 if (IS_ERR(data)) {
368 ret = PTR_ERR(data);
369 break;
370 }
371
372 /* Handle data */
373 if (ffs->state == FFS_READ_DESCRIPTORS) {
374 pr_info("read descriptors\n");
375 ret = __ffs_data_got_descs(ffs, data, len);
376 if (unlikely(ret < 0))
377 break;
378
379 ffs->state = FFS_READ_STRINGS;
380 ret = len;
381 } else {
382 pr_info("read strings\n");
383 ret = __ffs_data_got_strings(ffs, data, len);
384 if (unlikely(ret < 0))
385 break;
386
387 ret = ffs_epfiles_create(ffs);
388 if (unlikely(ret)) {
389 ffs->state = FFS_CLOSING;
390 break;
391 }
392
393 ffs->state = FFS_ACTIVE;
394 mutex_unlock(&ffs->mutex);
395
396 ret = ffs_ready(ffs);
397 if (unlikely(ret < 0)) {
398 ffs->state = FFS_CLOSING;
399 return ret;
400 }
401
402 return len;
403 }
404 break;
405
406 case FFS_ACTIVE:
407 data = NULL;
408 /*
409 * We're called from user space, we can use _irq
410 * rather then _irqsave
411 */
412 spin_lock_irq(&ffs->ev.waitq.lock);
413 switch (ffs_setup_state_clear_cancelled(ffs)) {
414 case FFS_SETUP_CANCELLED:
415 ret = -EIDRM;
416 goto done_spin;
417
418 case FFS_NO_SETUP:
419 ret = -ESRCH;
420 goto done_spin;
421
422 case FFS_SETUP_PENDING:
423 break;
424 }
425
426 /* FFS_SETUP_PENDING */
427 if (!(ffs->ev.setup.bRequestType & USB_DIR_IN)) {
428 spin_unlock_irq(&ffs->ev.waitq.lock);
429 ret = __ffs_ep0_stall(ffs);
430 break;
431 }
432
433 /* FFS_SETUP_PENDING and not stall */
434 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
435
436 spin_unlock_irq(&ffs->ev.waitq.lock);
437
438 data = ffs_prepare_buffer(buf, len);
439 if (IS_ERR(data)) {
440 ret = PTR_ERR(data);
441 break;
442 }
443
444 spin_lock_irq(&ffs->ev.waitq.lock);
445
446 /*
447 * We are guaranteed to be still in FFS_ACTIVE state
448 * but the state of setup could have changed from
449 * FFS_SETUP_PENDING to FFS_SETUP_CANCELLED so we need
450 * to check for that. If that happened we copied data
451 * from user space in vain but it's unlikely.
452 *
453 * For sure we are not in FFS_NO_SETUP since this is
454 * the only place FFS_SETUP_PENDING -> FFS_NO_SETUP
455 * transition can be performed and it's protected by
456 * mutex.
457 */
458 if (ffs_setup_state_clear_cancelled(ffs) ==
459 FFS_SETUP_CANCELLED) {
460 ret = -EIDRM;
461 done_spin:
462 spin_unlock_irq(&ffs->ev.waitq.lock);
463 } else {
464 /* unlocks spinlock */
465 ret = __ffs_ep0_queue_wait(ffs, data, len);
466 }
467 kfree(data);
468 break;
469
470 default:
471 ret = -EBADFD;
472 break;
473 }
474
475 mutex_unlock(&ffs->mutex);
476 return ret;
477 }
478
479 /* Called with ffs->ev.waitq.lock and ffs->mutex held, both released on exit. */
__ffs_ep0_read_events(struct ffs_data * ffs,char __user * buf,size_t n)480 static ssize_t __ffs_ep0_read_events(struct ffs_data *ffs, char __user *buf, size_t n)
481 __releases(&ffs->ev.waitq.lock)
482 {
483 /*
484 * n cannot be bigger than ffs->ev.count, which cannot be bigger than
485 * size of ffs->ev.types array (which is four) so that's how much space
486 * we reserve.
487 */
488 struct usb_functionfs_event events[ARRAY_SIZE(ffs->ev.types)];
489 const size_t size = n * sizeof *events;
490 unsigned i = 0;
491
492 memset(events, 0, size);
493
494 do {
495 events[i].type = ffs->ev.types[i];
496 if (events[i].type == FUNCTIONFS_SETUP) {
497 events[i].u.setup = ffs->ev.setup;
498 ffs->setup_state = FFS_SETUP_PENDING;
499 }
500 } while (++i < n);
501
502 ffs->ev.count -= n;
503 if (ffs->ev.count)
504 memmove(ffs->ev.types, ffs->ev.types + n, ffs->ev.count * sizeof *ffs->ev.types);
505
506 spin_unlock_irq(&ffs->ev.waitq.lock);
507 mutex_unlock(&ffs->mutex);
508
509 return unlikely(copy_to_user(buf, events, size)) ? -EFAULT : size;
510 }
511
ffs_ep0_read(struct file * file,char __user * buf,size_t len,loff_t * ptr)512 static ssize_t ffs_ep0_read(struct file *file, char __user *buf, size_t len, loff_t *ptr)
513 {
514 struct ffs_data *ffs = file->private_data;
515 char *data = NULL;
516 size_t n;
517 int ret;
518
519 ENTER();
520
521 /* Fast check if setup was canceled */
522 if (ffs_setup_state_clear_cancelled(ffs) == FFS_SETUP_CANCELLED)
523 return -EIDRM;
524
525 /* Acquire mutex */
526 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
527 if (unlikely(ret < 0))
528 return ret;
529
530 /* Check state */
531 if (ffs->state != FFS_ACTIVE) {
532 ret = -EBADFD;
533 goto done_mutex;
534 }
535
536 /*
537 * We're called from user space, we can use _irq rather then
538 * _irqsave
539 */
540 spin_lock_irq(&ffs->ev.waitq.lock);
541
542 switch (ffs_setup_state_clear_cancelled(ffs)) {
543 case FFS_SETUP_CANCELLED:
544 ret = -EIDRM;
545 break;
546
547 case FFS_NO_SETUP:
548 n = len / sizeof(struct usb_functionfs_event);
549 if (unlikely(!n)) {
550 ret = -EINVAL;
551 break;
552 }
553
554 if ((file->f_flags & O_NONBLOCK) && !ffs->ev.count) {
555 ret = -EAGAIN;
556 break;
557 }
558
559 if (wait_event_interruptible_exclusive_locked_irq(ffs->ev.waitq,
560 ffs->ev.count)) {
561 ret = -EINTR;
562 break;
563 }
564
565 /* unlocks spinlock */
566 return __ffs_ep0_read_events(ffs, buf,
567 min(n, (size_t)ffs->ev.count));
568
569 case FFS_SETUP_PENDING:
570 if (ffs->ev.setup.bRequestType & USB_DIR_IN) {
571 spin_unlock_irq(&ffs->ev.waitq.lock);
572 ret = __ffs_ep0_stall(ffs);
573 goto done_mutex;
574 }
575
576 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
577
578 spin_unlock_irq(&ffs->ev.waitq.lock);
579
580 if (likely(len)) {
581 data = kmalloc(len, GFP_KERNEL);
582 if (unlikely(!data)) {
583 ret = -ENOMEM;
584 goto done_mutex;
585 }
586 }
587
588 spin_lock_irq(&ffs->ev.waitq.lock);
589
590 /* See ffs_ep0_write() */
591 if (ffs_setup_state_clear_cancelled(ffs) ==
592 FFS_SETUP_CANCELLED) {
593 ret = -EIDRM;
594 break;
595 }
596
597 /* unlocks spinlock */
598 ret = __ffs_ep0_queue_wait(ffs, data, len);
599 if (likely(ret > 0) && unlikely(copy_to_user(buf, data, len)))
600 ret = -EFAULT;
601 goto done_mutex;
602
603 default:
604 ret = -EBADFD;
605 break;
606 }
607
608 spin_unlock_irq(&ffs->ev.waitq.lock);
609 done_mutex:
610 mutex_unlock(&ffs->mutex);
611 kfree(data);
612 return ret;
613 }
614
ffs_ep0_open(struct inode * inode,struct file * file)615 static int ffs_ep0_open(struct inode *inode, struct file *file)
616 {
617 struct ffs_data *ffs = container_of(inode->i_cdev, struct ffs_data, cdev);
618 ENTER();
619
620 if (unlikely(ffs->state == FFS_CLOSING))
621 return -EBUSY;
622
623 file->private_data = ffs;
624 return 0;
625 }
626
ffs_ep0_release(struct inode * inode,struct file * file)627 static int ffs_ep0_release(struct inode *inode, struct file *file)
628 {
629 ENTER();
630 return 0;
631 }
632
ffs_ep0_iorw(struct file * file,struct ffs_io_data * io_data)633 static ssize_t ffs_ep0_iorw(struct file *file, struct ffs_io_data *io_data)
634 {
635 struct ffs_data *ffs = file->private_data;
636 struct usb_request *req = NULL;
637 ssize_t ret, data_len = io_data->len;
638 bool interrupted = false;
639 struct ffs_memory *ffsm = NULL;
640
641 /* Are we still active? */
642 if (WARN_ON(ffs->state != FFS_ACTIVE))
643 return -ENODEV;
644 ffsm = generic_find_ep0_memory_area(ffs, io_data->buf, data_len);
645 if (ffsm == NULL)
646 {
647 return -ENODEV;
648 }
649 if (!io_data->aio) {
650 reinit_completion(&ffs->ep0req_completion);
651
652 req = ffs->ep0req;
653 req->buf = (void *)(ffsm->mem + io_data->buf - ffsm->vm_start);
654 req->length = data_len;
655 req->complete = ffs_ep0_complete;
656
657 ret = usb_ep_queue(ffs->gadget->ep0, req, GFP_ATOMIC);
658 if (unlikely(ret < 0))
659 goto error;
660
661 if (io_data->timeout > 0) {
662 ret = wait_for_completion_interruptible_timeout(&ffs->ep0req_completion, io_data->timeout);
663 if (ret < 0) {
664 /*
665 * To avoid race condition with ffs_epfile_io_complete,
666 * dequeue the request first then check
667 * status. usb_ep_dequeue API should guarantee no race
668 * condition with req->complete callback.
669 */
670 usb_ep_dequeue(ffs->gadget->ep0, req);
671 wait_for_completion(&ffs->ep0req_completion);
672 interrupted = req->status < 0;
673 } else if (ret == 0) {
674 ret = -EBUSY;
675 usb_ep_dequeue(ffs->gadget->ep0, req);
676 wait_for_completion(&ffs->ep0req_completion);
677 goto error;
678 }
679 } else {
680 ret = wait_for_completion_interruptible(&ffs->ep0req_completion);
681 if (ret < 0) {
682 usb_ep_dequeue(ffs->gadget->ep0, req);
683 wait_for_completion(&ffs->ep0req_completion);
684 interrupted = req->status < 0;
685 }
686 }
687
688 if (interrupted) {
689 ret = -EINTR;
690 } else {
691 ret = req->actual;
692 }
693 goto error;
694 }
695 else if (!(req = usb_ep_alloc_request(ffs->gadget->ep0, GFP_ATOMIC))) {
696 ret = -ENOMEM;
697 }
698 else {
699 req->buf = (void *)(ffsm->mem + io_data->buf - ffsm->vm_start);
700 req->length = data_len;
701
702 io_data->ep = ffs->gadget->ep0;
703 io_data->req = req;
704 io_data->ffs = ffs;
705
706 req->context = io_data;
707 req->complete = ffs_ep0_async_io_complete;
708 list_add(&req->list, &ffs->ep0req->list);
709 ret = usb_ep_queue(ffs->gadget->ep0, req, GFP_ATOMIC);
710 if (unlikely(ret)) {
711 usb_ep_free_request(ffs->gadget->ep0, req);
712 goto error;
713 }
714
715 ret = -EIOCBQUEUED;
716 }
717
718 error:
719 return ret;
720 }
721
ffs_ep0_ioctl(struct file * file,unsigned code,unsigned long value)722 static long ffs_ep0_ioctl(struct file *file, unsigned code, unsigned long value)
723 {
724 struct ffs_data *ffs = file->private_data;
725 long ret = 0;
726 unsigned int copied = 0;
727 struct ffs_memory *ffsm = NULL;
728 struct generic_memory mem;
729
730 ENTER();
731
732 switch (code) {
733 case FUNCTIONFS_ENDPOINT_QUEUE_INIT:
734 ret = kfifo_alloc(&ffs->reqEventFifo, MAX_REQUEST * sizeof(struct UsbFnReqEvent), GFP_KERNEL);
735 break;
736 case FUNCTIONFS_ENDPOINT_QUEUE_DEL:
737 kfifo_free(&ffs->reqEventFifo);
738 break;
739 case FUNCTIONFS_ENDPOINT_RELEASE_BUF:
740 if (copy_from_user(&mem, (void __user *)value, sizeof(mem)))
741 {
742 pr_info("copy from user failed\n");
743 return -EFAULT;
744 }
745 ffsm = generic_find_ep0_memory_area(ffs, mem.buf, mem.size);
746 if (ffsm == NULL)
747 {
748 return -EFAULT;
749 }
750 list_del(&ffsm->memlist);
751 kfree((void *)ffsm->mem);
752 kfree(ffsm);
753 break;
754 case FUNCTIONFS_ENDPOINT_READ:
755 case FUNCTIONFS_ENDPOINT_WRITE:
756 {
757 struct IoData myIoData;
758 struct ffs_io_data io_data, *p = &io_data;
759 ret = copy_from_user(&myIoData, (void __user *)value, sizeof(struct IoData));
760 if (unlikely(ret)) {
761 return -EFAULT;
762 }
763 if (myIoData.aio) {
764 p = kmalloc(sizeof(io_data), GFP_KERNEL);
765 if (unlikely(!p))
766 return -ENOMEM;
767 } else {
768 memset(p, 0, sizeof(*p));
769 }
770 memcpy(p, &myIoData, sizeof(struct IoData));
771
772 ret = ffs_ep0_iorw(file, p);
773 if (ret == -EIOCBQUEUED) {
774 return 0;
775 }
776 if (p->aio)
777 kfree(p);
778 return ret;
779 }
780 case FUNCTIONFS_ENDPOINT_RW_CANCEL:
781 {
782 struct usb_request *req;
783 struct IoData myIoData;
784 ret = copy_from_user(&myIoData, (void __user *)value, sizeof(struct IoData));
785 if (unlikely(ret)) {
786 return -EFAULT;
787 }
788 ffsm = generic_find_ep0_memory_area(ffs, myIoData.buf, myIoData.len);
789 if (ffsm == NULL)
790 {
791 return -EFAULT;
792 }
793 list_for_each_entry(req, &ffs->ep0req->list, list) {
794 if (req->buf == (void *)(ffsm->mem + myIoData.buf - ffsm->vm_start)) {
795 usb_ep_dequeue(ffs->gadget->ep0, req);
796 return 0;
797 }
798 }
799 return -EFAULT;
800 }
801 case FUNCTIONFS_ENDPOINT_GET_REQ_STATUS:
802 {
803 struct usb_request *req;
804 struct IoData myIoData;
805 ret = copy_from_user(&myIoData, (void __user *)value, sizeof(struct IoData));
806 if (unlikely(ret)) {
807 return -EFAULT;
808 }
809 ffsm = generic_find_ep0_memory_area(ffs, myIoData.buf, myIoData.len);
810 if (ffsm == NULL)
811 {
812 return -EFAULT;
813 }
814 list_for_each_entry(req, &ffs->ep0req->list, list) {
815 if (req->buf == (void *)(ffsm->mem + myIoData.buf - ffsm->vm_start)) {
816 return req->status;
817 }
818 }
819 return -EFAULT;
820 }
821 case FUNCTIONFS_ENDPOINT_GET_EP0_EVENT:
822 if (!kfifo_is_empty(&ffs->reqEventFifo)) {
823 ret = kfifo_to_user(&ffs->reqEventFifo, (void __user *)value,
824 sizeof(struct UsbFnReqEvent), &copied) == 0 ? copied : -1;
825 if (ret > 0) {
826 ffs->setup_state = FFS_NO_SETUP;
827 return ret;
828 }
829 }
830
831 return -EFAULT;
832 }
833
834 return ret;
835 }
836
837 #ifdef CONFIG_COMPAT
ffs_ep0_compat_ioctl(struct file * file,unsigned code,unsigned long value)838 static long ffs_ep0_compat_ioctl(struct file *file, unsigned code,
839 unsigned long value)
840 {
841 return ffs_ep0_ioctl(file, code, value);
842 }
843 #endif
844
ffs_ep0_poll(struct file * file,poll_table * wait)845 static __poll_t ffs_ep0_poll(struct file *file, poll_table *wait)
846 {
847 struct ffs_data *ffs = file->private_data;
848 __poll_t mask = EPOLLWRNORM;
849 int ret;
850
851 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
852 if (unlikely(ret < 0))
853 return mask;
854
855 switch (ffs->state) {
856 case FFS_READ_DESCRIPTORS:
857 case FFS_READ_STRINGS:
858 mask |= EPOLLOUT;
859 break;
860
861 case FFS_ACTIVE:
862 switch (ffs->setup_state) {
863 case FFS_NO_SETUP:
864 poll_wait(file, &ffs->ev.waitq, wait);
865 if (ffs->ev.count)
866 mask |= EPOLLIN;
867 break;
868
869 case FFS_SETUP_PENDING:
870 case FFS_SETUP_CANCELLED:
871 poll_wait(file, &ffs->wait_que, wait);
872 if (!kfifo_is_empty(&ffs->reqEventFifo))
873 {
874 mask |= EPOLLOUT;
875 }
876 break;
877 }
878 case FFS_CLOSING:
879 break;
880 case FFS_DEACTIVATED:
881 break;
882 }
883
884 mutex_unlock(&ffs->mutex);
885
886 return mask;
887 }
888
ffs_ep0_mmap(struct file * file,struct vm_area_struct * vma)889 static int ffs_ep0_mmap(struct file *file, struct vm_area_struct *vma)
890 {
891 struct ffs_data *ffs = file->private_data;
892 size_t size = vma->vm_end - vma->vm_start;
893 unsigned long flags;
894 struct ffs_memory *ffsm = NULL;
895 void *virt_mem = NULL;
896
897 if (ffs == NULL) {
898 pr_info("Invalid private parameter!\n");
899 return -EINVAL;
900 }
901 virt_mem = kmalloc(size, GFP_KERNEL);
902 if (virt_mem == NULL)
903 {
904 pr_info("%s alloc memory failed!\n", __FUNCTION__);
905 return -ENOMEM;
906 }
907 ffsm = kmalloc(sizeof(struct ffs_memory), GFP_KERNEL);
908 if (ffsm == NULL)
909 {
910 pr_info("%s alloc memory failed!\n", __FUNCTION__);
911 goto error_free_mem;
912 }
913 if (remap_pfn_range(vma, vma->vm_start, virt_to_phys(virt_mem)>>PAGE_SHIFT,
914 vma->vm_end - vma->vm_start, vma->vm_page_prot)) {
915 goto error_free_ffsm;
916 }
917 ffsm->mem = (uint64_t)virt_mem;
918 ffsm->size = size;
919 ffsm->vm_start = vma->vm_start;
920 INIT_LIST_HEAD(&ffsm->memlist);
921 spin_lock_irqsave(&ffs->mem_lock, flags);
922 list_add_tail(&ffsm->memlist, &ffs->memory_list);
923 spin_unlock_irqrestore(&ffs->mem_lock, flags);
924 return 0;
925 error_free_ffsm:
926 kfree(ffsm);
927 error_free_mem:
928 kfree(virt_mem);
929 return -1;
930 }
931
932 static const struct file_operations ffs_ep0_operations = {
933 .owner = THIS_MODULE,
934 .llseek = no_llseek,
935 .open = ffs_ep0_open,
936 .write = ffs_ep0_write,
937 .read = ffs_ep0_read,
938 .release = ffs_ep0_release,
939 .unlocked_ioctl = ffs_ep0_ioctl,
940 #ifdef CONFIG_COMPAT
941 .compat_ioctl = ffs_ep0_compat_ioctl,
942 #endif
943 .poll = ffs_ep0_poll,
944 .mmap = ffs_ep0_mmap,
945 };
946
947 /* "Normal" endpoints operations ********************************************/
generic_find_memory_area(struct ffs_epfile * epfile,uint64_t buf,uint32_t len)948 static struct ffs_memory *generic_find_memory_area(struct ffs_epfile *epfile, uint64_t buf, uint32_t len)
949 {
950 struct ffs_memory *ffsm = NULL, *iter = NULL;
951 uint64_t buf_start = buf;
952
953 list_for_each_entry(iter, &epfile->memory_list, memlist) {
954 if (buf_start >= iter->vm_start &&
955 buf_start < iter->vm_start + iter->size) {
956 if (len <= iter->vm_start + iter->size - buf_start) {
957 ffsm = iter;
958 break;
959 }
960 }
961 }
962 return ffsm;
963 }
964
ffs_epfile_io_complete(struct usb_ep * _ep,struct usb_request * req)965 static void ffs_epfile_io_complete(struct usb_ep *_ep, struct usb_request *req)
966 {
967 ENTER();
968 if (likely(req->context)) {
969 struct ffs_ep *ep = _ep->driver_data;
970 ep->status = req->status ? req->status : req->actual;
971 complete(req->context);
972 }
973 }
974
epfile_task_proc(unsigned long context)975 static void epfile_task_proc(unsigned long context)
976 {
977 struct ffs_io_data *io_data = (struct ffs_io_data *)context;
978 struct ffs_epfile *epfile = io_data->epfile;
979 unsigned long flags;
980
981 spin_lock_irqsave(&epfile->ffs->eps_lock, flags);
982 io_data->status = io_data->req->status;
983 io_data->actual = io_data->req->actual;
984 kfifo_in(&epfile->reqEventFifo, &io_data->buf, sizeof(struct UsbFnReqEvent));
985 list_del(&io_data->req->list);
986 usb_ep_free_request(io_data->ep, io_data->req);
987 kfree(io_data);
988 spin_unlock_irqrestore(&epfile->ffs->eps_lock, flags);
989 wake_up_all(&epfile->wait_que);
990 }
991
ffs_epfile_async_io_complete(struct usb_ep * _ep,struct usb_request * req)992 static void ffs_epfile_async_io_complete(struct usb_ep *_ep, struct usb_request *req)
993 {
994 struct ffs_io_data *io_data = req->context;
995
996 tasklet_init(&io_data->task, epfile_task_proc, (uintptr_t)io_data);
997 tasklet_schedule(&io_data->task);
998
999 }
1000
ffs_epfile_open(struct inode * inode,struct file * file)1001 static int ffs_epfile_open(struct inode *inode, struct file *file)
1002 {
1003 struct ffs_epfile *epfile = container_of(inode->i_cdev, struct ffs_epfile, cdev);
1004 ENTER();
1005 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
1006 return -ENODEV;
1007
1008 file->private_data = epfile;
1009 return 0;
1010 }
1011
ffs_epfile_release(struct inode * inode,struct file * file)1012 static int ffs_epfile_release(struct inode *inode, struct file *file)
1013 {
1014 ENTER();
1015 return 0;
1016 }
1017
ffs_epfile_mmap(struct file * file,struct vm_area_struct * vma)1018 static int ffs_epfile_mmap(struct file *file, struct vm_area_struct *vma)
1019 {
1020 struct ffs_epfile *epfile = file->private_data;
1021 size_t size = vma->vm_end - vma->vm_start;
1022 struct ffs_memory *ffsm = NULL;
1023 unsigned long flags;
1024 void *virt_mem = NULL;
1025
1026 if (epfile == NULL)
1027 {
1028 pr_info("Invalid private parameter!\n");
1029 return -EINVAL;
1030 }
1031 virt_mem = kmalloc(size, GFP_KERNEL);
1032 if (virt_mem == NULL)
1033 {
1034 pr_info("%s alloc memory failed!\n", __FUNCTION__);
1035 return -ENOMEM;
1036 }
1037 ffsm = kmalloc(sizeof(struct ffs_memory), GFP_KERNEL);
1038 if (ffsm == NULL)
1039 {
1040 pr_info("%s alloc memory failed!\n", __FUNCTION__);
1041 goto error_free_mem;
1042 }
1043 if (remap_pfn_range(vma, vma->vm_start, virt_to_phys(virt_mem)>>PAGE_SHIFT,
1044 vma->vm_end - vma->vm_start, vma->vm_page_prot))
1045 {
1046 goto error_free_ffsm;
1047 }
1048 ffsm->mem = (uint64_t)virt_mem;
1049 ffsm->size = size;
1050 ffsm->vm_start = vma->vm_start;
1051 INIT_LIST_HEAD(&ffsm->memlist);
1052 spin_lock_irqsave(&epfile->ffs->eps_lock, flags);
1053 list_add_tail(&ffsm->memlist, &epfile->memory_list);
1054 spin_unlock_irqrestore(&epfile->ffs->eps_lock, flags);
1055
1056 return 0;
1057 error_free_ffsm:
1058 kfree(ffsm);
1059 error_free_mem:
1060 kfree(virt_mem);
1061
1062 return -1;
1063 }
1064
ffs_epfile_iorw(struct file * file,struct ffs_io_data * io_data)1065 static ssize_t ffs_epfile_iorw(struct file *file, struct ffs_io_data *io_data)
1066 {
1067 struct ffs_epfile *epfile = file->private_data;
1068 struct usb_request *req = NULL;
1069 struct ffs_ep *ep = NULL;
1070 struct ffs_memory *ffsm = NULL;
1071 ssize_t ret, data_len = -EINVAL;
1072 int halt;
1073
1074 /* Are we still active? */
1075 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
1076 return -ENODEV;
1077
1078 /* Wait for endpoint to be enabled */
1079 ep = epfile->ep;
1080 if (!ep) {
1081 if (file->f_flags & O_NONBLOCK)
1082 return -EAGAIN;
1083
1084 ret = wait_event_interruptible(
1085 epfile->ffs->wait, (ep = epfile->ep));
1086 if (ret)
1087 return -EINTR;
1088 }
1089
1090 /* Do we halt? */
1091 halt = (!io_data->read == !epfile->in);
1092 if (halt && epfile->isoc)
1093 return -EINVAL;
1094
1095 /* We will be using request and read_buffer */
1096 ret = ffs_mutex_lock(&epfile->mutex, file->f_flags & O_NONBLOCK);
1097 if (unlikely(ret))
1098 goto error;
1099
1100 /* Allocate & copy */
1101 if (!halt) {
1102 struct usb_gadget *gadget;
1103 /*
1104 * if we _do_ wait above, the epfile->ffs->gadget might be NULL
1105 * before the waiting completes, so do not assign to 'gadget'
1106 * earlier
1107 */
1108 gadget = epfile->ffs->gadget;
1109
1110 spin_lock_irq(&epfile->ffs->eps_lock);
1111 /* In the meantime, endpoint got disabled or changed. */
1112 if (epfile->ep != ep) {
1113 ret = -ESHUTDOWN;
1114 goto error_lock;
1115 }
1116 data_len = io_data->len;
1117 /*
1118 * Controller may require buffer size to be aligned to
1119 * maxpacketsize of an out endpoint.
1120 */
1121 if (io_data->read)
1122 data_len = usb_ep_align_maybe(gadget, ep->ep, data_len);
1123 spin_unlock_irq(&epfile->ffs->eps_lock);
1124 }
1125
1126 spin_lock_irq(&epfile->ffs->eps_lock);
1127 ffsm = generic_find_memory_area(epfile, io_data->buf, io_data->len);
1128 if (ffsm == NULL)
1129 {
1130 return -EFAULT;
1131 }
1132 if (epfile->ep != ep) {
1133 /* In the meantime, endpoint got disabled or changed. */
1134 ret = -ESHUTDOWN;
1135 }
1136 else if (halt) {
1137 ret = usb_ep_set_halt(ep->ep);
1138 if (!ret)
1139 ret = -EBADMSG;
1140 }
1141 else if (!io_data->aio) {
1142 DECLARE_COMPLETION_ONSTACK(done);
1143 bool interrupted = false;
1144
1145 req = ep->req;
1146 req->buf = (void *)(ffsm->mem + io_data->buf - ffsm->vm_start);
1147 req->length = data_len;
1148
1149 req->context = &done;
1150 req->complete = ffs_epfile_io_complete;
1151
1152 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
1153 if (unlikely(ret < 0))
1154 goto error_lock;
1155
1156 spin_unlock_irq(&epfile->ffs->eps_lock);
1157 if (io_data->timeout > 0) {
1158 ret = wait_for_completion_interruptible_timeout(&done, io_data->timeout);
1159 if (ret < 0) {
1160 /*
1161 * To avoid race condition with ffs_epfile_io_complete,
1162 * dequeue the request first then check
1163 * status. usb_ep_dequeue API should guarantee no race
1164 * condition with req->complete callback.
1165 */
1166 usb_ep_dequeue(ep->ep, req);
1167 wait_for_completion(&done);
1168 interrupted = ep->status < 0;
1169 } else if (ret == 0) {
1170 ret = -EBUSY;
1171 usb_ep_dequeue(ep->ep, req);
1172 wait_for_completion(&done);
1173 goto error_mutex;
1174 }
1175 } else {
1176 ret = wait_for_completion_interruptible(&done);
1177 if (ret < 0) {
1178 usb_ep_dequeue(ep->ep, req);
1179 wait_for_completion(&done);
1180 interrupted = ep->status < 0;
1181 }
1182 }
1183
1184 if (interrupted) {
1185 ret = -EINTR;
1186 } else {
1187 ret = req->actual;
1188 }
1189 goto error_mutex;
1190 }
1191 else if (!(req = usb_ep_alloc_request(ep->ep, GFP_ATOMIC))) {
1192 ret = -ENOMEM;
1193 }
1194 else {
1195 req->buf = (void *)(ffsm->mem + io_data->buf - ffsm->vm_start);
1196 req->length = data_len;
1197
1198 io_data->ep = ep->ep;
1199 io_data->req = req;
1200 io_data->epfile = epfile;
1201
1202 req->context = io_data;
1203 req->complete = ffs_epfile_async_io_complete;
1204 list_add(&req->list, &ep->req->list);
1205 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
1206 if (unlikely(ret)) {
1207 usb_ep_free_request(ep->ep, req);
1208 goto error_lock;
1209 }
1210
1211 ret = -EIOCBQUEUED;
1212 }
1213
1214 error_lock:
1215 spin_unlock_irq(&epfile->ffs->eps_lock);
1216 error_mutex:
1217 mutex_unlock(&epfile->mutex);
1218 error:
1219 return ret;
1220 }
1221
ffs_epfile_ioctl(struct file * file,unsigned code,unsigned long value)1222 static long ffs_epfile_ioctl(struct file *file, unsigned code, unsigned long value)
1223 {
1224 struct ffs_epfile *epfile = file->private_data;
1225 struct ffs_ep *ep = epfile->ep;
1226 int ret = 0;
1227 struct generic_memory mem;
1228 struct ffs_memory *ffsm = NULL;
1229
1230 ENTER();
1231
1232 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
1233 return -ENODEV;
1234
1235 spin_lock_irq(&epfile->ffs->eps_lock);
1236
1237 switch (code) {
1238 case FUNCTIONFS_ENDPOINT_QUEUE_INIT:
1239 ret = kfifo_alloc(&epfile->reqEventFifo, MAX_REQUEST * sizeof(struct UsbFnReqEvent), GFP_KERNEL);
1240 break;
1241 case FUNCTIONFS_ENDPOINT_QUEUE_DEL:
1242 kfifo_free(&epfile->reqEventFifo);
1243 break;
1244 case FUNCTIONFS_ENDPOINT_RELEASE_BUF:
1245 if (copy_from_user(&mem, (void __user *)value, sizeof(mem)))
1246 {
1247 pr_info("copy from user failed\n");
1248 return -EFAULT;
1249 }
1250 ffsm = generic_find_memory_area(epfile, mem.buf, mem.size);
1251 if (ffsm == NULL)
1252 {
1253 return -EFAULT;
1254 }
1255 list_del(&ffsm->memlist);
1256 kfree((void *)ffsm->mem);
1257 kfree(ffsm);
1258 break;
1259 case FUNCTIONFS_ENDPOINT_READ:
1260 case FUNCTIONFS_ENDPOINT_WRITE:
1261 {
1262 struct IoData myIoData;
1263 struct ffs_io_data io_data, *p = &io_data;
1264 ret = copy_from_user(&myIoData, (void __user *)value, sizeof(struct IoData));
1265 if (unlikely(ret)) {
1266 spin_unlock_irq(&epfile->ffs->eps_lock);
1267 return -EFAULT;
1268 }
1269 if (myIoData.aio) {
1270 p = kmalloc(sizeof(io_data), GFP_KERNEL);
1271 if (unlikely(!p)) {
1272 spin_unlock_irq(&epfile->ffs->eps_lock);
1273 return -ENOMEM;
1274 }
1275 } else {
1276 memset(p, 0, sizeof(*p));
1277 }
1278 memcpy(p, &myIoData, sizeof(struct IoData));
1279
1280 spin_unlock_irq(&epfile->ffs->eps_lock);
1281 ret = ffs_epfile_iorw(file, p);
1282 if (ret == -EIOCBQUEUED) {
1283 return 0;
1284 }
1285 if (p->aio)
1286 kfree(p);
1287 return ret;
1288 }
1289 case FUNCTIONFS_ENDPOINT_RW_CANCEL:
1290 {
1291 struct usb_request *req;
1292 struct IoData myIoData;
1293 if (!ep) {
1294 spin_unlock_irq(&epfile->ffs->eps_lock);
1295 return -EFAULT;
1296 }
1297 ret = copy_from_user(&myIoData, (void __user *)value, sizeof(struct IoData));
1298 if (unlikely(ret)) {
1299 spin_unlock_irq(&epfile->ffs->eps_lock);
1300 return -EFAULT;
1301 }
1302 ffsm = generic_find_memory_area(epfile, myIoData.buf, myIoData.len);
1303 if (ffsm == NULL)
1304 {
1305 return -EFAULT;
1306 }
1307 list_for_each_entry(req, &epfile->ep->req->list, list) {
1308 if (req->buf == (void *)(ffsm->mem + myIoData.buf - ffsm->vm_start)) {
1309 usb_ep_dequeue(epfile->ep->ep, req);
1310 spin_unlock_irq(&epfile->ffs->eps_lock);
1311 return 0;
1312 }
1313 }
1314 if (epfile->ep->req->buf == (void *)(ffsm->mem + myIoData.buf - ffsm->vm_start)) {
1315 usb_ep_dequeue(epfile->ep->ep, epfile->ep->req);
1316 spin_unlock_irq(&epfile->ffs->eps_lock);
1317 return 0;
1318 }
1319 spin_unlock_irq(&epfile->ffs->eps_lock);
1320 return -EFAULT;
1321 }
1322 case FUNCTIONFS_ENDPOINT_GET_REQ_STATUS:
1323 {
1324 struct usb_request *req;
1325 struct IoData myIoData;
1326 if (!ep) {
1327 spin_unlock_irq(&epfile->ffs->eps_lock);
1328 return -EFAULT;
1329 }
1330 ret = copy_from_user(&myIoData,(void __user *)value, sizeof(struct IoData));
1331 if (unlikely(ret)) {
1332 spin_unlock_irq(&epfile->ffs->eps_lock);
1333 return -EFAULT;
1334 }
1335 ffsm = generic_find_memory_area(epfile, myIoData.buf, myIoData.len);
1336 if (ffsm == NULL)
1337 {
1338 return -EFAULT;
1339 }
1340 list_for_each_entry(req, &epfile->ep->req->list, list) {
1341 if (req->buf == (void *)(ffsm->mem + myIoData.buf - ffsm->vm_start)) {
1342 spin_unlock_irq(&epfile->ffs->eps_lock);
1343 return req->status;
1344 }
1345 }
1346 spin_unlock_irq(&epfile->ffs->eps_lock);
1347 return -EFAULT;
1348 }
1349 case FUNCTIONFS_FIFO_STATUS:
1350 ret = usb_ep_fifo_status(epfile->ep->ep);
1351 break;
1352 case FUNCTIONFS_FIFO_FLUSH:
1353 usb_ep_fifo_flush(epfile->ep->ep);
1354 ret = 0;
1355 break;
1356 case FUNCTIONFS_CLEAR_HALT:
1357 ret = usb_ep_clear_halt(epfile->ep->ep);
1358 break;
1359 case FUNCTIONFS_ENDPOINT_REVMAP:
1360 ret = epfile->ep->num;
1361 break;
1362 case FUNCTIONFS_ENDPOINT_DESC:
1363 {
1364 int desc_idx;
1365 int i;
1366 struct usb_endpoint_descriptor *desc;
1367
1368 switch (epfile->ffs->speed) {
1369 case USB_SPEED_SUPER:
1370 desc_idx = 2;
1371 break;
1372 case USB_SPEED_HIGH:
1373 desc_idx = 1;
1374 break;
1375 default:
1376 desc_idx = 1;
1377 }
1378 for (i = 0; i < epfile->ffs->eps_count; i++) {
1379 if (epfile->ffs->epfiles + i == epfile)
1380 break;
1381 }
1382 ep = epfile->ffs->eps + i;
1383 desc = ep->descs[desc_idx];
1384 spin_unlock_irq(&epfile->ffs->eps_lock);
1385 ret = copy_to_user((void __user *)value, desc, desc->bLength);
1386 if (ret)
1387 ret = -EFAULT;
1388 return ret;
1389 }
1390 default:
1391 ret = -ENOTTY;
1392 }
1393 spin_unlock_irq(&epfile->ffs->eps_lock);
1394
1395 return ret;
1396 }
1397
ffs_epfile_read(struct file * file,char __user * buf,size_t count,loff_t * f_pos)1398 static ssize_t ffs_epfile_read(struct file *file, char __user *buf, size_t count, loff_t *f_pos)
1399 {
1400 int status = 0;
1401 unsigned int copied = 0;
1402 unsigned long flags;
1403 struct ffs_epfile *epfile = file->private_data;
1404 ENTER();
1405 if (kfifo_is_empty(&epfile->reqEventFifo)) {
1406 return 0;
1407 }
1408 spin_lock_irqsave(&epfile->ffs->eps_lock, flags);
1409 status = kfifo_to_user(&epfile->reqEventFifo, buf, count, &copied) == 0 ? copied : -1;
1410 spin_unlock_irqrestore(&epfile->ffs->eps_lock, flags);
1411
1412 return status;
1413 }
1414
ffs_epfile_write(struct file * file,const char __user * buf,size_t count,loff_t * f_pos)1415 static ssize_t ffs_epfile_write(struct file *file, const char __user *buf, size_t count, loff_t *f_pos)
1416 {
1417 return count;
1418 }
1419
ffs_epfile_poll(struct file * file,struct poll_table_struct * wait)1420 static unsigned int ffs_epfile_poll(struct file *file, struct poll_table_struct * wait)
1421 {
1422 unsigned int mask = 0;
1423 struct ffs_epfile *epfile = file->private_data;
1424 ENTER();
1425 poll_wait(file, &epfile->wait_que, wait);
1426 if (!kfifo_is_empty(&epfile->reqEventFifo)) {
1427 mask |= POLLIN;
1428 }
1429 return mask;
1430 }
1431
1432 #ifdef CONFIG_COMPAT
ffs_epfile_compat_ioctl(struct file * file,unsigned code,unsigned long value)1433 static long ffs_epfile_compat_ioctl(struct file *file, unsigned code,
1434 unsigned long value)
1435 {
1436 return ffs_epfile_ioctl(file, code, value);
1437 }
1438 #endif
1439
1440 static const struct file_operations ffs_epfile_operations = {
1441 .owner = THIS_MODULE,
1442 .llseek = no_llseek,
1443 .mmap = ffs_epfile_mmap,
1444 .read = ffs_epfile_read,
1445 .write = ffs_epfile_write,
1446 .poll = ffs_epfile_poll,
1447 .open = ffs_epfile_open,
1448 .release = ffs_epfile_release,
1449 .unlocked_ioctl = ffs_epfile_ioctl,
1450 #ifdef CONFIG_COMPAT
1451 .compat_ioctl = ffs_epfile_compat_ioctl,
1452 #endif
1453 };
1454
1455 /* ffs_data and ffs_function construction and destruction code **************/
1456 static void ffs_data_clear(struct ffs_data *ffs);
1457 static void ffs_data_reset(struct ffs_data *ffs);
1458 static dev_t g_dev;
1459 #define MAX_EP_DEV 10
usbfn_ioctl(struct file * file,unsigned int cmd,unsigned long value)1460 static long usbfn_ioctl(struct file *file, unsigned int cmd, unsigned long value)
1461 {
1462 long ret;
1463 ENTER();
1464 switch(cmd)
1465 {
1466 case FUNCTIONFS_NEWFN:
1467 {
1468 struct ffs_dev *ffs_dev;
1469 struct ffs_data *ffs;
1470 struct FuncNew newfn;
1471 char nameEp0[MAX_NAMELEN];
1472 ret = copy_from_user(&newfn, (void __user *)value, sizeof(struct FuncNew ));
1473 if (unlikely(ret)) {
1474 return -EFAULT;
1475 }
1476 ffs = ffs_data_new(newfn.name);
1477 if (unlikely(!ffs)) {
1478 return (-ENOMEM);
1479 }
1480
1481 if (newfn.nameLen > MAX_NAMELEN) {
1482 return -EPERM;
1483 }
1484 memcpy(ffs->dev_name, newfn.name, newfn.nameLen);
1485
1486 if (unlikely(!ffs->dev_name)) {
1487 ffs_data_put(ffs);
1488 return (-ENOMEM);
1489 }
1490
1491 if (sprintf(nameEp0, "%s.ep%u", ffs->dev_name, 0) < 0) {
1492 ffs_data_put(ffs);
1493 return -EFAULT;
1494 }
1495 ffs_dev = ffs_acquire_dev(newfn.name);
1496 if (IS_ERR(ffs_dev)) {
1497 ffs_data_put(ffs);
1498 return (-ENODEV);
1499 }
1500 ffs->private_data = ffs_dev;
1501
1502 ret = alloc_chrdev_region(&g_dev, 0, MAX_EP_DEV, nameEp0);
1503 if (ret < 0) {
1504 ffs_release_dev(ffs);
1505 ffs_data_put(ffs);
1506 return -EBUSY;
1507 }
1508 cdev_init(&ffs->cdev, &ffs_ep0_operations);
1509 ffs->devno = MKDEV(MAJOR(g_dev), 0);
1510 ret = cdev_add(&ffs->cdev, ffs->devno, 1);
1511 if (ret) {
1512 ffs_release_dev(ffs);
1513 ffs_data_put(ffs);
1514 return -EBUSY;
1515 }
1516
1517 ffs->fn_device = device_create(ffs_class, NULL, ffs->devno, NULL, nameEp0);
1518 if (IS_ERR(ffs->fn_device)) {
1519 cdev_del(&ffs->cdev);
1520 ffs_release_dev(ffs);
1521 ffs_data_put(ffs);
1522 return -EBUSY;
1523 }
1524 return 0;
1525 }
1526 case FUNCTIONFS_DELFN:
1527 {
1528 struct FuncNew newfn;
1529 struct ffs_data *ffs;
1530 struct ffs_dev *ffs_dev;
1531 ret = copy_from_user(&newfn, (void __user *)value, sizeof(struct FuncNew ));
1532 if (unlikely(ret)) {
1533 return -EFAULT;
1534 }
1535
1536 ffs_dev = _ffs_find_dev(newfn.name);
1537 if (IS_ERR(ffs_dev)) {
1538 return -EFAULT;
1539 }
1540 ffs = ffs_dev->ffs_data;
1541 device_destroy(ffs_class, ffs->devno);
1542 cdev_del(&ffs->cdev);
1543 unregister_chrdev_region(g_dev, MAX_EP_DEV);
1544 ffs_release_dev(ffs);
1545 ffs_data_clear(ffs);
1546 destroy_workqueue(ffs->io_completion_wq);
1547 kfree(ffs);
1548 return 0;
1549 }
1550 default:
1551 ret = -ENOTTY;
1552 }
1553
1554 return ret;
1555 }
1556
usbfn_open(struct inode * inode,struct file * file)1557 static int usbfn_open(struct inode *inode, struct file *file)
1558 {
1559 return 0;
1560 }
1561
usbfn_release(struct inode * inode,struct file * file)1562 static int usbfn_release(struct inode *inode, struct file *file)
1563 {
1564 return 0;
1565 }
1566
1567 static struct file_operations usbfn_fops = {
1568 .owner = THIS_MODULE,
1569 .unlocked_ioctl = usbfn_ioctl,
1570 .open = usbfn_open,
1571 .release = usbfn_release,
1572 #ifdef CONFIG_COMPAT
1573 .compat_ioctl = usbfn_ioctl,
1574 #endif
1575 };
1576
1577 static struct miscdevice usbfn_misc = {
1578 .minor = MISC_DYNAMIC_MINOR,
1579 .name = "usbfn",
1580 .fops = &usbfn_fops,
1581 };
1582
1583 /* Driver's main init/cleanup functions *************************************/
functionfs_init(void)1584 static int functionfs_init(void)
1585 {
1586 int ret;
1587
1588 ENTER();
1589 ret = misc_register(&usbfn_misc);
1590 if (likely(!ret))
1591 pr_info("file system registered\n");
1592 else
1593 pr_err("failed registering file system (%d)\n", ret);
1594
1595 //ffs_class = class_create(THIS_MODULE, "functionfs");
1596 ffs_class = class_create("functionfs");
1597 if (IS_ERR(ffs_class))
1598 return PTR_ERR(ffs_class);
1599
1600 ffs_class->devnode = ffs_devnode;
1601
1602 return ret;
1603 }
1604
functionfs_cleanup(void)1605 static void functionfs_cleanup(void)
1606 {
1607 ENTER();
1608 class_destroy(ffs_class);
1609 misc_deregister(&usbfn_misc);
1610 }
1611
ffs_data_get(struct ffs_data * ffs)1612 static void ffs_data_get(struct ffs_data *ffs)
1613 {
1614 ENTER();
1615 refcount_inc(&ffs->ref);
1616 }
1617
ffs_data_put(struct ffs_data * ffs)1618 static void ffs_data_put(struct ffs_data *ffs)
1619 {
1620 ENTER();
1621 if (unlikely(refcount_dec_and_test(&ffs->ref))) {
1622 pr_info("%s(): freeing\n", __func__);
1623 ffs_data_clear(ffs);
1624 BUG_ON(waitqueue_active(&ffs->ev.waitq) ||
1625 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5,0,0)
1626 swait_active(&ffs->ep0req_completion.wait) ||
1627 #else
1628 waitqueue_active(&ffs->ep0req_completion.wait) ||
1629 #endif
1630 waitqueue_active(&ffs->wait) ||
1631 waitqueue_active(&ffs->wait_que));
1632 destroy_workqueue(ffs->io_completion_wq);
1633 kfree(ffs);
1634 }
1635 }
1636
ffs_data_new(const char * dev_name)1637 static struct ffs_data *ffs_data_new(const char *dev_name)
1638 {
1639 struct ffs_data *ffs = kzalloc(sizeof *ffs, GFP_KERNEL);
1640 if (unlikely(!ffs))
1641 return NULL;
1642
1643 ENTER();
1644
1645 ffs->io_completion_wq = alloc_ordered_workqueue("%s", 0, dev_name);
1646 if (!ffs->io_completion_wq) {
1647 kfree(ffs);
1648 return NULL;
1649 }
1650
1651 refcount_set(&ffs->ref, 1);
1652 atomic_set(&ffs->opened, 0);
1653 ffs->state = FFS_READ_DESCRIPTORS;
1654 mutex_init(&ffs->mutex);
1655 spin_lock_init(&ffs->eps_lock);
1656 spin_lock_init(&ffs->mem_lock);
1657 init_waitqueue_head(&ffs->ev.waitq);
1658 init_waitqueue_head(&ffs->wait);
1659 init_waitqueue_head(&ffs->wait_que);
1660 init_completion(&ffs->ep0req_completion);
1661 INIT_LIST_HEAD(&ffs->memory_list);
1662 ffs->ev.can_stall = 1;
1663
1664 return ffs;
1665 }
1666
ffs_data_clear(struct ffs_data * ffs)1667 static void ffs_data_clear(struct ffs_data *ffs)
1668 {
1669 ENTER();
1670
1671 ffs_closed(ffs);
1672
1673 BUG_ON(ffs->gadget);
1674
1675 if (ffs->epfiles)
1676 ffs_epfiles_destroy(ffs->epfiles, ffs->eps_count);
1677
1678 if (ffs->ffs_eventfd)
1679 eventfd_ctx_put(ffs->ffs_eventfd);
1680
1681 kfree(ffs->raw_descs_data);
1682 kfree(ffs->raw_strings);
1683 kfree(ffs->stringtabs);
1684 }
1685
ffs_data_reset(struct ffs_data * ffs)1686 static void ffs_data_reset(struct ffs_data *ffs)
1687 {
1688 ENTER();
1689
1690 ffs_data_clear(ffs);
1691
1692 ffs->epfiles = NULL;
1693 ffs->raw_descs_data = NULL;
1694 ffs->raw_descs = NULL;
1695 ffs->raw_strings = NULL;
1696 ffs->stringtabs = NULL;
1697
1698 ffs->raw_descs_length = 0;
1699 ffs->fs_descs_count = 0;
1700 ffs->hs_descs_count = 0;
1701 ffs->ss_descs_count = 0;
1702
1703 ffs->strings_count = 0;
1704 ffs->interfaces_count = 0;
1705 ffs->eps_count = 0;
1706
1707 ffs->ev.count = 0;
1708
1709 ffs->state = FFS_READ_DESCRIPTORS;
1710 ffs->setup_state = FFS_NO_SETUP;
1711 ffs->flags = 0;
1712 }
1713
functionfs_bind(struct ffs_data * ffs,struct usb_composite_dev * cdev)1714 static int functionfs_bind(struct ffs_data *ffs, struct usb_composite_dev *cdev)
1715 {
1716 struct usb_gadget_strings **lang;
1717 int first_id;
1718
1719 ENTER();
1720
1721 if (WARN_ON(ffs->state != FFS_ACTIVE
1722 || test_and_set_bit(FFS_FL_BOUND, &ffs->flags)))
1723 return -EBADFD;
1724
1725 first_id = usb_string_ids_n(cdev, ffs->strings_count);
1726 if (unlikely(first_id < 0))
1727 return first_id;
1728
1729 ffs->ep0req = usb_ep_alloc_request(cdev->gadget->ep0, GFP_KERNEL);
1730 if (unlikely(!ffs->ep0req))
1731 return -ENOMEM;
1732 ffs->ep0req->complete = ffs_ep0_complete;
1733 ffs->ep0req->context = ffs;
1734 INIT_LIST_HEAD(&ffs->ep0req->list);
1735
1736 lang = ffs->stringtabs;
1737 if (lang) {
1738 for (; *lang; ++lang) {
1739 struct usb_string *str = (*lang)->strings;
1740 int id = first_id;
1741 for (; str->s; ++id, ++str)
1742 str->id = id;
1743 }
1744 }
1745
1746 ffs->gadget = cdev->gadget;
1747 ffs->speed = cdev->gadget->speed;
1748 ffs_data_get(ffs);
1749 return 0;
1750 }
1751
functionfs_unbind(struct ffs_data * ffs)1752 static void functionfs_unbind(struct ffs_data *ffs)
1753 {
1754 ENTER();
1755
1756 if (!WARN_ON(!ffs->gadget)) {
1757 usb_ep_free_request(ffs->gadget->ep0, ffs->ep0req);
1758 ffs->ep0req = NULL;
1759 ffs->gadget = NULL;
1760 clear_bit(FFS_FL_BOUND, &ffs->flags);
1761 ffs_data_put(ffs);
1762 }
1763 }
1764
ffs_epfiles_create(struct ffs_data * ffs)1765 static int ffs_epfiles_create(struct ffs_data *ffs)
1766 {
1767 struct ffs_epfile *epfile = NULL, *epfiles = NULL;
1768 unsigned int i, count ,ret;
1769
1770 ENTER();
1771
1772 count = ffs->eps_count;
1773 epfiles = kcalloc(count, sizeof(*epfiles), GFP_KERNEL);
1774 if (!epfiles)
1775 return -ENOMEM;
1776
1777 epfile = epfiles;
1778 for (i = 1; i <= count; ++i, ++epfile) {
1779 epfile->ffs = ffs;
1780 mutex_init(&epfile->mutex);
1781 INIT_LIST_HEAD(&epfile->memory_list);
1782 init_waitqueue_head(&epfile->wait_que);
1783 if (ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR) {
1784 if (sprintf(epfile->name, "%s.ep%02x", ffs->dev_name, ffs->eps_addrmap[i]) < 0) {
1785 return -EFAULT;
1786 }
1787 } else {
1788 if (sprintf(epfile->name, "%s.ep%u", ffs->dev_name, i) < 0) {
1789 return -EFAULT;
1790 }
1791 }
1792
1793 cdev_init(&epfile->cdev, &ffs_epfile_operations);
1794 epfile->devno=MKDEV(MAJOR(ffs->devno), i);
1795 ret = cdev_add(&epfile->cdev, epfile->devno, 1);
1796 if (ret)
1797 {
1798 ffs_epfiles_destroy(epfiles, i - 1);
1799 return -EBUSY;
1800 }
1801
1802 epfile->device = device_create(ffs_class, NULL, epfile->devno, NULL, epfile->name);
1803 if (IS_ERR(epfile->device))
1804 {
1805 cdev_del(&epfile->cdev);
1806 ffs_epfiles_destroy(epfiles, i - 1);
1807 return -EBUSY;
1808 }
1809 }
1810
1811 ffs->epfiles = epfiles;
1812 return 0;
1813 }
1814
ffs_epfiles_destroy(struct ffs_epfile * epfiles,unsigned count)1815 static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count)
1816 {
1817 struct ffs_epfile *epfile = epfiles;
1818
1819 ENTER();
1820
1821 for (; count; --count, ++epfile) {
1822 BUG_ON(mutex_is_locked(&epfile->mutex));
1823 device_destroy(ffs_class, epfile->devno);
1824 cdev_del(&epfile->cdev);
1825 }
1826
1827 kfree(epfiles);
1828 }
1829
ffs_func_eps_disable(struct ffs_function * func)1830 static void ffs_func_eps_disable(struct ffs_function *func)
1831 {
1832 struct ffs_ep *ep = func->eps;
1833 struct ffs_epfile *epfile = func->ffs->epfiles;
1834 unsigned count = func->ffs->eps_count;
1835 unsigned long flags;
1836
1837 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1838 while (count--) {
1839 /* pending requests get nuked */
1840 if (likely(ep->ep))
1841 usb_ep_disable(ep->ep);
1842 ++ep;
1843
1844 if (epfile) {
1845 epfile->ep = NULL;
1846 ++epfile;
1847 }
1848 }
1849 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1850 }
1851
ffs_func_eps_enable(struct ffs_function * func)1852 static int ffs_func_eps_enable(struct ffs_function *func)
1853 {
1854 struct ffs_data *ffs = func->ffs;
1855 struct ffs_ep *ep = func->eps;
1856 struct ffs_epfile *epfile = ffs->epfiles;
1857 unsigned count = ffs->eps_count;
1858 unsigned long flags;
1859 int ret = 0;
1860
1861 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1862 while(count--) {
1863 ep->ep->driver_data = ep;
1864
1865 ret = config_ep_by_speed(func->gadget, &func->function, ep->ep);
1866 if (ret) {
1867 pr_err("%s: config_ep_by_speed(%s) returned %d\n",
1868 __func__, ep->ep->name, ret);
1869 break;
1870 }
1871
1872 ret = usb_ep_enable(ep->ep);
1873 if (likely(!ret)) {
1874 epfile->ep = ep;
1875 epfile->in = usb_endpoint_dir_in(ep->ep->desc);
1876 epfile->isoc = usb_endpoint_xfer_isoc(ep->ep->desc);
1877 } else {
1878 break;
1879 }
1880
1881 ++ep;
1882 ++epfile;
1883 }
1884
1885 wake_up_interruptible(&ffs->wait);
1886 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1887
1888 return ret;
1889 }
1890
1891 /* Parsing and building descriptors and strings *****************************/
1892
1893 /*
1894 * This validates if data pointed by data is a valid USB descriptor as
1895 * well as record how many interfaces, endpoints and strings are
1896 * required by given configuration. Returns address after the
1897 * descriptor or NULL if data is invalid.
1898 */
1899 enum ffs_entity_type {
1900 FFS_DESCRIPTOR, FFS_INTERFACE, FFS_STRING, FFS_ENDPOINT
1901 };
1902
1903 enum ffs_os_desc_type {
1904 FFS_OS_DESC, FFS_OS_DESC_EXT_COMPAT, FFS_OS_DESC_EXT_PROP
1905 };
1906
1907 typedef int (*ffs_entity_callback)(enum ffs_entity_type entity, u8 *valuep,
1908 struct usb_descriptor_header *desc,
1909 void *priv);
1910
1911 typedef int (*ffs_os_desc_callback)(enum ffs_os_desc_type entity,
1912 struct usb_os_desc_header *h, void *data,
1913 unsigned len, void *priv);
1914
ffs_do_single_desc(char * data,unsigned len,ffs_entity_callback entity,void * priv)1915 static int __must_check ffs_do_single_desc(char *data, unsigned len,
1916 ffs_entity_callback entity,
1917 void *priv)
1918 {
1919 struct usb_descriptor_header *_ds = (void *)data;
1920 u8 length;
1921 int ret;
1922
1923 ENTER();
1924
1925 /* At least two bytes are required: length and type */
1926 if (len < 2) {
1927 pr_vdebug("descriptor too short\n");
1928 return -EINVAL;
1929 }
1930
1931 /* If we have at least as many bytes as the descriptor takes? */
1932 length = _ds->bLength;
1933 if (len < length) {
1934 pr_vdebug("descriptor longer then available data\n");
1935 return -EINVAL;
1936 }
1937
1938 #define __entity_check_INTERFACE(val) 1
1939 #define __entity_check_STRING(val) (val)
1940 #define __entity_check_ENDPOINT(val) ((val) & USB_ENDPOINT_NUMBER_MASK)
1941 #define __entity(type, val) do { \
1942 pr_vdebug("entity " #type "(%02x)\n", (val)); \
1943 if (unlikely(!__entity_check_ ##type(val))) { \
1944 pr_vdebug("invalid entity's value\n"); \
1945 return -EINVAL; \
1946 } \
1947 ret = entity(FFS_ ##type, &val, _ds, priv); \
1948 if (unlikely(ret < 0)) { \
1949 pr_debug("entity " #type "(%02x); ret = %d\n", \
1950 (val), ret); \
1951 return ret; \
1952 } \
1953 } while (0)
1954
1955 /* Parse descriptor depending on type. */
1956 switch (_ds->bDescriptorType) {
1957 case USB_DT_DEVICE:
1958 case USB_DT_CONFIG:
1959 case USB_DT_STRING:
1960 case USB_DT_DEVICE_QUALIFIER:
1961 /* function can't have any of those */
1962 pr_vdebug("descriptor reserved for gadget: %d\n",
1963 _ds->bDescriptorType);
1964 return -EINVAL;
1965
1966 case USB_DT_INTERFACE: {
1967 struct usb_interface_descriptor *ds = (void *)_ds;
1968 pr_vdebug("interface descriptor\n");
1969 if (length != sizeof *ds)
1970 goto inv_length;
1971
1972 __entity(INTERFACE, ds->bInterfaceNumber);
1973 if (ds->iInterface)
1974 __entity(STRING, ds->iInterface);
1975 }
1976 break;
1977
1978 case USB_DT_ENDPOINT: {
1979 struct usb_endpoint_descriptor *ds = (void *)_ds;
1980 pr_vdebug("endpoint descriptor\n");
1981 if (length != USB_DT_ENDPOINT_SIZE &&
1982 length != USB_DT_ENDPOINT_AUDIO_SIZE)
1983 goto inv_length;
1984 __entity(ENDPOINT, ds->bEndpointAddress);
1985 }
1986 break;
1987
1988 case HID_DT_HID:
1989 pr_vdebug("hid descriptor\n");
1990 if (length != sizeof(struct hid_descriptor))
1991 goto inv_length;
1992 break;
1993
1994 case USB_DT_OTG:
1995 if (length != sizeof(struct usb_otg_descriptor))
1996 goto inv_length;
1997 break;
1998
1999 case USB_DT_INTERFACE_ASSOCIATION: {
2000 struct usb_interface_assoc_descriptor *ds = (void *)_ds;
2001 pr_vdebug("interface association descriptor\n");
2002 if (length != sizeof *ds)
2003 goto inv_length;
2004 if (ds->iFunction)
2005 __entity(STRING, ds->iFunction);
2006 }
2007 break;
2008
2009 case USB_DT_SS_ENDPOINT_COMP:
2010 pr_vdebug("EP SS companion descriptor\n");
2011 if (length != sizeof(struct usb_ss_ep_comp_descriptor))
2012 goto inv_length;
2013 break;
2014
2015 case USB_DT_OTHER_SPEED_CONFIG:
2016 case USB_DT_INTERFACE_POWER:
2017 case USB_DT_DEBUG:
2018 case USB_DT_SECURITY:
2019 case USB_DT_CS_RADIO_CONTROL:
2020 pr_vdebug("unimplemented descriptor: %d\n", _ds->bDescriptorType);
2021 break;
2022 default:
2023 /* We should never be here */
2024 pr_vdebug("unknown descriptor: %d\n", _ds->bDescriptorType);
2025 break;
2026 inv_length:
2027 pr_vdebug("invalid length: %d (descriptor %d)\n",
2028 _ds->bLength, _ds->bDescriptorType);
2029 return -EINVAL;
2030 }
2031
2032 #undef __entity
2033 #undef __entity_check_DESCRIPTOR
2034 #undef __entity_check_INTERFACE
2035 #undef __entity_check_STRING
2036 #undef __entity_check_ENDPOINT
2037
2038 return length;
2039 }
2040
ffs_do_descs(unsigned count,char * data,unsigned len,ffs_entity_callback entity,void * priv)2041 static int __must_check ffs_do_descs(unsigned count, char *data, unsigned len,
2042 ffs_entity_callback entity, void *priv)
2043 {
2044 const unsigned _len = len;
2045 uintptr_t num = 0;
2046
2047 ENTER();
2048
2049 for (;;) {
2050 int ret;
2051
2052 if (num == count)
2053 data = NULL;
2054
2055 /* Record "descriptor" entity */
2056 ret = entity(FFS_DESCRIPTOR, (u8 *)num, (void *)data, priv);
2057 if (unlikely(ret < 0)) {
2058 pr_debug("entity DESCRIPTOR(%02lx); ret = %d\n",
2059 num, ret);
2060 return ret;
2061 }
2062
2063 if (!data)
2064 return _len - len;
2065
2066 ret = ffs_do_single_desc(data, len, entity, priv);
2067 if (unlikely(ret < 0)) {
2068 pr_debug("%s returns %d\n", __func__, ret);
2069 return ret;
2070 }
2071
2072 len -= ret;
2073 data += ret;
2074 ++num;
2075 }
2076 }
2077
__ffs_data_do_entity(enum ffs_entity_type type,u8 * valuep,struct usb_descriptor_header * desc,void * priv)2078 static int __ffs_data_do_entity(enum ffs_entity_type type,
2079 u8 *valuep, struct usb_descriptor_header *desc,
2080 void *priv)
2081 {
2082 struct ffs_desc_helper *helper = priv;
2083 struct usb_endpoint_descriptor *d = NULL;
2084
2085 ENTER();
2086
2087 switch (type) {
2088 case FFS_DESCRIPTOR:
2089 break;
2090
2091 case FFS_INTERFACE:
2092 /*
2093 * Interfaces are indexed from zero so if we
2094 * encountered interface "n" then there are at least
2095 * "n+1" interfaces.
2096 */
2097 if (*valuep >= helper->interfaces_count)
2098 helper->interfaces_count = *valuep + 1;
2099 break;
2100
2101 case FFS_STRING:
2102 /*
2103 * Strings are indexed from 1 (0 is reserved
2104 * for languages list)
2105 */
2106 if (*valuep > helper->ffs->strings_count)
2107 helper->ffs->strings_count = *valuep;
2108 break;
2109
2110 case FFS_ENDPOINT:
2111 d = (void *)desc;
2112 helper->eps_count++;
2113 if (helper->eps_count >= FFS_MAX_EPS_COUNT)
2114 return -EINVAL;
2115 /* Check if descriptors for any speed were already parsed */
2116 if (!helper->ffs->eps_count && !helper->ffs->interfaces_count)
2117 helper->ffs->eps_addrmap[helper->eps_count] =
2118 d->bEndpointAddress;
2119 else if (helper->ffs->eps_addrmap[helper->eps_count] !=
2120 d->bEndpointAddress)
2121 return -EINVAL;
2122 break;
2123 }
2124
2125 return 0;
2126 }
2127
__ffs_do_os_desc_header(enum ffs_os_desc_type * next_type,struct usb_os_desc_header * desc)2128 static int __ffs_do_os_desc_header(enum ffs_os_desc_type *next_type,
2129 struct usb_os_desc_header *desc)
2130 {
2131 u16 bcd_version = le16_to_cpu(desc->bcdVersion);
2132 u16 w_index = le16_to_cpu(desc->wIndex);
2133
2134 if (bcd_version != 1) {
2135 pr_vdebug("unsupported os descriptors version: %d",
2136 bcd_version);
2137 return -EINVAL;
2138 }
2139 switch (w_index) {
2140 case 0x4:
2141 *next_type = FFS_OS_DESC_EXT_COMPAT;
2142 break;
2143 case 0x5:
2144 *next_type = FFS_OS_DESC_EXT_PROP;
2145 break;
2146 default:
2147 pr_vdebug("unsupported os descriptor type: %d", w_index);
2148 return -EINVAL;
2149 }
2150
2151 return sizeof(*desc);
2152 }
2153
2154 /*
2155 * Process all extended compatibility/extended property descriptors
2156 * of a feature descriptor
2157 */
ffs_do_single_os_desc(char * data,unsigned len,enum ffs_os_desc_type type,u16 feature_count,ffs_os_desc_callback entity,void * priv,struct usb_os_desc_header * h)2158 static int __must_check ffs_do_single_os_desc(char *data, unsigned len,
2159 enum ffs_os_desc_type type,
2160 u16 feature_count,
2161 ffs_os_desc_callback entity,
2162 void *priv,
2163 struct usb_os_desc_header *h)
2164 {
2165 int ret;
2166 const unsigned _len = len;
2167
2168 ENTER();
2169
2170 /* loop over all ext compat/ext prop descriptors */
2171 while (feature_count--) {
2172 ret = entity(type, h, data, len, priv);
2173 if (unlikely(ret < 0)) {
2174 pr_debug("bad OS descriptor, type: %d\n", type);
2175 return ret;
2176 }
2177 data += ret;
2178 len -= ret;
2179 }
2180 return _len - len;
2181 }
2182
2183 /* Process a number of complete Feature Descriptors (Ext Compat or Ext Prop) */
ffs_do_os_descs(unsigned count,char * data,unsigned len,ffs_os_desc_callback entity,void * priv)2184 static int __must_check ffs_do_os_descs(unsigned count,
2185 char *data, unsigned len,
2186 ffs_os_desc_callback entity, void *priv)
2187 {
2188 const unsigned _len = len;
2189 unsigned long num = 0;
2190
2191 ENTER();
2192
2193 for (num = 0; num < count; ++num) {
2194 int ret;
2195 enum ffs_os_desc_type type;
2196 u16 feature_count;
2197 struct usb_os_desc_header *desc = (void *)data;
2198
2199 if (len < sizeof(*desc))
2200 return -EINVAL;
2201
2202 /*
2203 * Record "descriptor" entity.
2204 * Process dwLength, bcdVersion, wIndex, get b/wCount.
2205 * Move the data pointer to the beginning of extended
2206 * compatibilities proper or extended properties proper
2207 * portions of the data
2208 */
2209 if (le32_to_cpu(desc->dwLength) > len)
2210 return -EINVAL;
2211
2212 ret = __ffs_do_os_desc_header(&type, desc);
2213 if (unlikely(ret < 0)) {
2214 pr_debug("entity OS_DESCRIPTOR(%02lx); ret = %d\n",
2215 num, ret);
2216 return ret;
2217 }
2218 /*
2219 * 16-bit hex "?? 00" Little Endian looks like 8-bit hex "??"
2220 */
2221 feature_count = le16_to_cpu(desc->wCount);
2222 if (type == FFS_OS_DESC_EXT_COMPAT &&
2223 (feature_count > 255 || desc->Reserved))
2224 return -EINVAL;
2225 len -= ret;
2226 data += ret;
2227
2228 /*
2229 * Process all function/property descriptors
2230 * of this Feature Descriptor
2231 */
2232 ret = ffs_do_single_os_desc(data, len, type,
2233 feature_count, entity, priv, desc);
2234 if (unlikely(ret < 0)) {
2235 pr_debug("%s returns %d\n", __func__, ret);
2236 return ret;
2237 }
2238
2239 len -= ret;
2240 data += ret;
2241 }
2242 return _len - len;
2243 }
2244
2245 /**
2246 * Validate contents of the buffer from userspace related to OS descriptors.
2247 */
__ffs_data_do_os_desc(enum ffs_os_desc_type type,struct usb_os_desc_header * h,void * data,unsigned len,void * priv)2248 static int __ffs_data_do_os_desc(enum ffs_os_desc_type type,
2249 struct usb_os_desc_header *h, void *data,
2250 unsigned len, void *priv)
2251 {
2252 struct ffs_data *ffs = priv;
2253 u8 length;
2254
2255 ENTER();
2256
2257 switch (type) {
2258 case FFS_OS_DESC_EXT_COMPAT: {
2259 struct usb_ext_compat_desc *d = data;
2260 int i;
2261
2262 if (len < sizeof(*d) ||
2263 d->bFirstInterfaceNumber >= ffs->interfaces_count)
2264 return -EINVAL;
2265 if (d->Reserved1 != 1) {
2266 /*
2267 * According to the spec, Reserved1 must be set to 1
2268 * but older kernels incorrectly rejected non-zero
2269 * values. We fix it here to avoid returning EINVAL
2270 * in response to values we used to accept.
2271 */
2272 pr_debug("usb_ext_compat_desc::Reserved1 forced to 1\n");
2273 d->Reserved1 = 1;
2274 }
2275 for (i = 0; i < ARRAY_SIZE(d->Reserved2); ++i)
2276 if (d->Reserved2[i])
2277 return -EINVAL;
2278
2279 length = sizeof(struct usb_ext_compat_desc);
2280 }
2281 break;
2282 case FFS_OS_DESC_EXT_PROP: {
2283 struct usb_ext_prop_desc *d = data;
2284 u32 type, pdl;
2285 u16 pnl;
2286
2287 if (len < sizeof(*d) || h->interface >= ffs->interfaces_count)
2288 return -EINVAL;
2289 length = le32_to_cpu(d->dwSize);
2290 if (len < length)
2291 return -EINVAL;
2292 type = le32_to_cpu(d->dwPropertyDataType);
2293 if (type < USB_EXT_PROP_UNICODE ||
2294 type > USB_EXT_PROP_UNICODE_MULTI) {
2295 pr_vdebug("unsupported os descriptor property type: %d",
2296 type);
2297 return -EINVAL;
2298 }
2299 pnl = le16_to_cpu(d->wPropertyNameLength);
2300 if (length < 14 + pnl) {
2301 pr_vdebug("invalid os descriptor length: %d pnl:%d (descriptor %d)\n",
2302 length, pnl, type);
2303 return -EINVAL;
2304 }
2305 pdl = le32_to_cpu(*(__le32 *)((u8 *)data + 10 + pnl));
2306 if (length != 14 + pnl + pdl) {
2307 pr_vdebug("invalid os descriptor length: %d pnl:%d pdl:%d (descriptor %d)\n",
2308 length, pnl, pdl, type);
2309 return -EINVAL;
2310 }
2311 ++ffs->ms_os_descs_ext_prop_count;
2312 /* property name reported to the host as "WCHAR"s */
2313 ffs->ms_os_descs_ext_prop_name_len += pnl * 2;
2314 ffs->ms_os_descs_ext_prop_data_len += pdl;
2315 }
2316 break;
2317 default:
2318 pr_vdebug("unknown descriptor: %d\n", type);
2319 return -EINVAL;
2320 }
2321 return length;
2322 }
2323
__ffs_data_got_descs(struct ffs_data * ffs,char * const _data,size_t len)2324 static int __ffs_data_got_descs(struct ffs_data *ffs,
2325 char *const _data, size_t len)
2326 {
2327 char *data = _data, *raw_descs = NULL;
2328 unsigned os_descs_count = 0, counts[3], flags;
2329 int ret = -EINVAL, i;
2330 struct ffs_desc_helper helper;
2331
2332 ENTER();
2333
2334 if (get_unaligned_le32(data + 4) != len)
2335 goto error;
2336
2337 switch (get_unaligned_le32(data)) {
2338 case FUNCTIONFS_DESCRIPTORS_MAGIC:
2339 flags = FUNCTIONFS_HAS_FS_DESC | FUNCTIONFS_HAS_HS_DESC;
2340 data += 8;
2341 len -= 8;
2342 break;
2343 case FUNCTIONFS_DESCRIPTORS_MAGIC_V2:
2344 flags = get_unaligned_le32(data + 8);
2345 ffs->user_flags = flags;
2346 if (flags & ~(FUNCTIONFS_HAS_FS_DESC |
2347 FUNCTIONFS_HAS_HS_DESC |
2348 FUNCTIONFS_HAS_SS_DESC |
2349 FUNCTIONFS_HAS_MS_OS_DESC |
2350 FUNCTIONFS_VIRTUAL_ADDR |
2351 FUNCTIONFS_EVENTFD |
2352 FUNCTIONFS_ALL_CTRL_RECIP |
2353 FUNCTIONFS_CONFIG0_SETUP)) {
2354 ret = -ENOSYS;
2355 goto error;
2356 }
2357 data += 12;
2358 len -= 12;
2359 break;
2360 default:
2361 goto error;
2362 }
2363
2364 if (flags & FUNCTIONFS_EVENTFD) {
2365 if (len < 4)
2366 goto error;
2367 ffs->ffs_eventfd =
2368 eventfd_ctx_fdget((int)get_unaligned_le32(data));
2369 if (IS_ERR(ffs->ffs_eventfd)) {
2370 ret = PTR_ERR(ffs->ffs_eventfd);
2371 ffs->ffs_eventfd = NULL;
2372 goto error;
2373 }
2374 data += 4;
2375 len -= 4;
2376 }
2377
2378 /* Read fs_count, hs_count and ss_count (if present) */
2379 for (i = 0; i < 3; ++i) {
2380 if (!(flags & (1 << i))) {
2381 counts[i] = 0;
2382 } else if (len < 4) {
2383 goto error;
2384 } else {
2385 counts[i] = get_unaligned_le32(data);
2386 data += 4;
2387 len -= 4;
2388 }
2389 }
2390 if (flags & (1 << i)) {
2391 if (len < 4) {
2392 goto error;
2393 }
2394 os_descs_count = get_unaligned_le32(data);
2395 data += 4;
2396 len -= 4;
2397 }
2398
2399 /* Read descriptors */
2400 raw_descs = data;
2401 helper.ffs = ffs;
2402 for (i = 0; i < 3; ++i) {
2403 if (!counts[i])
2404 continue;
2405 helper.interfaces_count = 0;
2406 helper.eps_count = 0;
2407 ret = ffs_do_descs(counts[i], data, len,
2408 __ffs_data_do_entity, &helper);
2409 if (ret < 0)
2410 goto error;
2411 if (!ffs->eps_count && !ffs->interfaces_count) {
2412 ffs->eps_count = helper.eps_count;
2413 ffs->interfaces_count = helper.interfaces_count;
2414 } else {
2415 if (ffs->eps_count != helper.eps_count) {
2416 ret = -EINVAL;
2417 goto error;
2418 }
2419 if (ffs->interfaces_count != helper.interfaces_count) {
2420 ret = -EINVAL;
2421 goto error;
2422 }
2423 }
2424 data += ret;
2425 len -= ret;
2426 }
2427 if (os_descs_count) {
2428 ret = ffs_do_os_descs(os_descs_count, data, len,
2429 __ffs_data_do_os_desc, ffs);
2430 if (ret < 0)
2431 goto error;
2432 data += ret;
2433 len -= ret;
2434 }
2435
2436 if (raw_descs == data || len) {
2437 ret = -EINVAL;
2438 goto error;
2439 }
2440
2441 ffs->raw_descs_data = _data;
2442 ffs->raw_descs = raw_descs;
2443 ffs->raw_descs_length = data - raw_descs;
2444 ffs->fs_descs_count = counts[0];
2445 ffs->hs_descs_count = counts[1];
2446 ffs->ss_descs_count = counts[2];
2447 ffs->ms_os_descs_count = os_descs_count;
2448
2449 return 0;
2450
2451 error:
2452 kfree(_data);
2453 return ret;
2454 }
2455
__ffs_data_got_strings(struct ffs_data * ffs,char * const _data,size_t len)2456 static int __ffs_data_got_strings(struct ffs_data *ffs,
2457 char *const _data, size_t len)
2458 {
2459 u32 str_count, needed_count, lang_count;
2460 struct usb_gadget_strings **stringtabs = NULL, *t = NULL;
2461 const char *data = _data;
2462 struct usb_string *s = NULL;
2463
2464 ENTER();
2465
2466 if (unlikely(len < 16 ||
2467 get_unaligned_le32(data) != FUNCTIONFS_STRINGS_MAGIC ||
2468 get_unaligned_le32(data + 4) != len))
2469 goto error;
2470 str_count = get_unaligned_le32(data + 8);
2471 lang_count = get_unaligned_le32(data + 12);
2472
2473 /* if one is zero the other must be zero */
2474 if (unlikely(!str_count != !lang_count))
2475 goto error;
2476
2477 /* Do we have at least as many strings as descriptors need? */
2478 needed_count = ffs->strings_count;
2479 if (unlikely(str_count < needed_count))
2480 goto error;
2481
2482 /*
2483 * If we don't need any strings just return and free all
2484 * memory.
2485 */
2486 if (!needed_count) {
2487 kfree(_data);
2488 return 0;
2489 }
2490
2491 /* Allocate everything in one chunk so there's less maintenance. */
2492 {
2493 unsigned i = 0;
2494 vla_group(d);
2495 vla_item(d, struct usb_gadget_strings *, stringtabs,
2496 lang_count + 1);
2497 vla_item(d, struct usb_gadget_strings, stringtab, lang_count);
2498 vla_item(d, struct usb_string, strings,
2499 lang_count*(needed_count+1));
2500
2501 char *vlabuf = kmalloc(vla_group_size(d), GFP_KERNEL);
2502
2503 if (unlikely(!vlabuf)) {
2504 kfree(_data);
2505 return -ENOMEM;
2506 }
2507
2508 /* Initialize the VLA pointers */
2509 stringtabs = vla_ptr(vlabuf, d, stringtabs);
2510 t = vla_ptr(vlabuf, d, stringtab);
2511 i = lang_count;
2512 do {
2513 *stringtabs++ = t++;
2514 } while (--i);
2515 *stringtabs = NULL;
2516
2517 /* stringtabs = vlabuf = d_stringtabs for later kfree */
2518 stringtabs = vla_ptr(vlabuf, d, stringtabs);
2519 t = vla_ptr(vlabuf, d, stringtab);
2520 s = vla_ptr(vlabuf, d, strings);
2521 }
2522
2523 /* For each language */
2524 data += 16;
2525 len -= 16;
2526
2527 do { /* lang_count > 0 so we can use do-while */
2528 unsigned needed = needed_count;
2529
2530 if (unlikely(len < 3))
2531 goto error_free;
2532 t->language = get_unaligned_le16(data);
2533 t->strings = s;
2534 ++t;
2535
2536 data += 2;
2537 len -= 2;
2538
2539 /* For each string */
2540 do { /* str_count > 0 so we can use do-while */
2541 size_t length = strnlen(data, len);
2542
2543 if (unlikely(length == len))
2544 goto error_free;
2545
2546 /*
2547 * User may provide more strings then we need,
2548 * if that's the case we simply ignore the
2549 * rest
2550 */
2551 if (likely(needed)) {
2552 /*
2553 * s->id will be set while adding
2554 * function to configuration so for
2555 * now just leave garbage here.
2556 */
2557 s->s = data;
2558 --needed;
2559 ++s;
2560 }
2561
2562 data += length + 1;
2563 len -= length + 1;
2564 } while (--str_count);
2565
2566 s->id = 0; /* terminator */
2567 s->s = NULL;
2568 ++s;
2569
2570 } while (--lang_count);
2571
2572 /* Some garbage left? */
2573 if (unlikely(len))
2574 goto error_free;
2575
2576 /* Done! */
2577 ffs->stringtabs = stringtabs;
2578 ffs->raw_strings = _data;
2579
2580 return 0;
2581
2582 error_free:
2583 kfree(stringtabs);
2584 error:
2585 kfree(_data);
2586 return -EINVAL;
2587 }
2588
2589 /* Events handling and management *******************************************/
__ffs_event_add(struct ffs_data * ffs,enum usb_functionfs_event_type type)2590 static void __ffs_event_add(struct ffs_data *ffs,
2591 enum usb_functionfs_event_type type)
2592 {
2593 enum usb_functionfs_event_type rem_type1, rem_type2 = type;
2594 int neg = 0;
2595
2596 /*
2597 * Abort any unhandled setup
2598 *
2599 * We do not need to worry about some cmpxchg() changing value
2600 * of ffs->setup_state without holding the lock because when
2601 * state is FFS_SETUP_PENDING cmpxchg() in several places in
2602 * the source does nothing.
2603 */
2604 if (ffs->setup_state == FFS_SETUP_PENDING)
2605 ffs->setup_state = FFS_SETUP_CANCELLED;
2606
2607 /*
2608 * Logic of this function guarantees that there are at most four pending
2609 * evens on ffs->ev.types queue. This is important because the queue
2610 * has space for four elements only and __ffs_ep0_read_events function
2611 * depends on that limit as well. If more event types are added, those
2612 * limits have to be revisited or guaranteed to still hold.
2613 */
2614 switch (type) {
2615 case FUNCTIONFS_RESUME:
2616 rem_type2 = FUNCTIONFS_SUSPEND;
2617 /* FALL THROUGH */
2618 case FUNCTIONFS_SUSPEND:
2619 case FUNCTIONFS_SETUP:
2620 rem_type1 = type;
2621 /* Discard all similar events */
2622 break;
2623
2624 case FUNCTIONFS_BIND:
2625 case FUNCTIONFS_UNBIND:
2626 case FUNCTIONFS_DISABLE:
2627 case FUNCTIONFS_ENABLE:
2628 /* Discard everything other then power management. */
2629 rem_type1 = FUNCTIONFS_SUSPEND;
2630 rem_type2 = FUNCTIONFS_RESUME;
2631 neg = 1;
2632 break;
2633
2634 default:
2635 WARN(1, "%d: unknown event, this should not happen\n", type);
2636 return;
2637 }
2638
2639 {
2640 u8 *ev = ffs->ev.types, *out = ev;
2641 unsigned n = ffs->ev.count;
2642 for (; n; --n, ++ev)
2643 if ((*ev == rem_type1 || *ev == rem_type2) == neg)
2644 *out++ = *ev;
2645 else
2646 pr_vdebug("purging event %d\n", *ev);
2647 ffs->ev.count = out - ffs->ev.types;
2648 }
2649
2650 pr_vdebug("adding event %d\n", type);
2651 ffs->ev.types[ffs->ev.count++] = type;
2652 wake_up_locked(&ffs->ev.waitq);
2653 if (ffs->ffs_eventfd)
2654 eventfd_signal(ffs->ffs_eventfd, 1);
2655 }
2656
ffs_event_add(struct ffs_data * ffs,enum usb_functionfs_event_type type)2657 static void ffs_event_add(struct ffs_data *ffs,
2658 enum usb_functionfs_event_type type)
2659 {
2660 unsigned long flags;
2661 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
2662 __ffs_event_add(ffs, type);
2663 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
2664 }
2665
2666 /* Bind/unbind USB function hooks *******************************************/
2667
ffs_ep_addr2idx(struct ffs_data * ffs,u8 endpoint_address)2668 static int ffs_ep_addr2idx(struct ffs_data *ffs, u8 endpoint_address)
2669 {
2670 int i;
2671
2672 for (i = 1; i < ARRAY_SIZE(ffs->eps_addrmap); ++i)
2673 if (ffs->eps_addrmap[i] == endpoint_address)
2674 return i;
2675 return -ENOENT;
2676 }
2677
__ffs_func_bind_do_descs(enum ffs_entity_type type,u8 * valuep,struct usb_descriptor_header * desc,void * priv)2678 static int __ffs_func_bind_do_descs(enum ffs_entity_type type, u8 *valuep,
2679 struct usb_descriptor_header *desc,
2680 void *priv)
2681 {
2682 struct usb_endpoint_descriptor *ds = (void *)desc;
2683 struct ffs_function *func = priv;
2684 struct ffs_ep *ffs_ep = NULL;
2685 unsigned ep_desc_id;
2686 int idx;
2687 static const char *speed_names[] = { "full", "high", "super" };
2688
2689 if (type != FFS_DESCRIPTOR)
2690 return 0;
2691
2692 /*
2693 * If ss_descriptors is not NULL, we are reading super speed
2694 * descriptors; if hs_descriptors is not NULL, we are reading high
2695 * speed descriptors; otherwise, we are reading full speed
2696 * descriptors.
2697 */
2698 if (func->function.ss_descriptors) {
2699 ep_desc_id = 2;
2700 func->function.ss_descriptors[(uintptr_t)valuep] = desc;
2701 } else if (func->function.hs_descriptors) {
2702 ep_desc_id = 1;
2703 func->function.hs_descriptors[(uintptr_t)valuep] = desc;
2704 } else {
2705 ep_desc_id = 0;
2706 func->function.fs_descriptors[(uintptr_t)valuep] = desc;
2707 }
2708
2709 if (!desc || desc->bDescriptorType != USB_DT_ENDPOINT)
2710 return 0;
2711
2712 idx = ffs_ep_addr2idx(func->ffs, ds->bEndpointAddress) - 1;
2713 if (idx < 0)
2714 return idx;
2715
2716 ffs_ep = func->eps + idx;
2717
2718 if (unlikely(ffs_ep->descs[ep_desc_id])) {
2719 pr_err("two %sspeed descriptors for EP %d\n",
2720 speed_names[ep_desc_id],
2721 ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
2722 return -EINVAL;
2723 }
2724 ffs_ep->descs[ep_desc_id] = ds;
2725
2726 ffs_dump_mem(": Original ep desc", ds, ds->bLength);
2727 if (ffs_ep->ep) {
2728 ds->bEndpointAddress = ffs_ep->descs[0]->bEndpointAddress;
2729 if (!ds->wMaxPacketSize)
2730 ds->wMaxPacketSize = ffs_ep->descs[0]->wMaxPacketSize;
2731 } else {
2732 struct usb_request *req = NULL;
2733 struct usb_ep *ep = NULL;
2734 u8 bEndpointAddress;
2735
2736 /*
2737 * We back up bEndpointAddress because autoconfig overwrites
2738 * it with physical endpoint address.
2739 */
2740 bEndpointAddress = ds->bEndpointAddress;
2741 pr_vdebug("autoconfig\n");
2742 ep = usb_ep_autoconfig(func->gadget, ds);
2743 if (unlikely(!ep))
2744 return -ENOTSUPP;
2745 ep->driver_data = func->eps + idx;
2746
2747 req = usb_ep_alloc_request(ep, GFP_KERNEL);
2748 if (unlikely(!req))
2749 return -ENOMEM;
2750
2751 ffs_ep->ep = ep;
2752 ffs_ep->req = req;
2753 INIT_LIST_HEAD(&ffs_ep->req->list);
2754 func->eps_revmap[ds->bEndpointAddress &
2755 USB_ENDPOINT_NUMBER_MASK] = idx + 1;
2756 /*
2757 * If we use virtual address mapping, we restore
2758 * original bEndpointAddress value.
2759 */
2760 if (func->ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
2761 ds->bEndpointAddress = bEndpointAddress;
2762 }
2763 ffs_dump_mem(": Rewritten ep desc", ds, ds->bLength);
2764
2765 return 0;
2766 }
2767
__ffs_func_bind_do_nums(enum ffs_entity_type type,u8 * valuep,struct usb_descriptor_header * desc,void * priv)2768 static int __ffs_func_bind_do_nums(enum ffs_entity_type type, u8 *valuep,
2769 struct usb_descriptor_header *desc,
2770 void *priv)
2771 {
2772 struct ffs_function *func = priv;
2773 unsigned idx;
2774 u8 newValue;
2775
2776 switch (type) {
2777 default:
2778 case FFS_DESCRIPTOR:
2779 /* Handled in previous pass by __ffs_func_bind_do_descs() */
2780 return 0;
2781
2782 case FFS_INTERFACE:
2783 idx = *valuep;
2784 if (func->interfaces_nums[idx] < 0) {
2785 int id = usb_interface_id(func->conf, &func->function);
2786 if (unlikely(id < 0))
2787 return id;
2788 func->interfaces_nums[idx] = id;
2789 }
2790 newValue = func->interfaces_nums[idx];
2791 break;
2792
2793 case FFS_STRING:
2794 /* String' IDs are allocated when fsf_data is bound to cdev */
2795 newValue = func->ffs->stringtabs[0]->strings[*valuep - 1].id;
2796 break;
2797
2798 case FFS_ENDPOINT:
2799 /*
2800 * USB_DT_ENDPOINT are handled in
2801 * __ffs_func_bind_do_descs().
2802 */
2803 if (desc->bDescriptorType == USB_DT_ENDPOINT)
2804 return 0;
2805
2806 idx = (*valuep & USB_ENDPOINT_NUMBER_MASK) - 1;
2807 if (unlikely(!func->eps[idx].ep))
2808 return -EINVAL;
2809
2810 {
2811 struct usb_endpoint_descriptor **descs;
2812 descs = func->eps[idx].descs;
2813 newValue = descs[descs[0] ? 0 : 1]->bEndpointAddress;
2814 }
2815 break;
2816 }
2817
2818 pr_vdebug("%02x -> %02x\n", *valuep, newValue);
2819 *valuep = newValue;
2820 return 0;
2821 }
2822
__ffs_func_bind_do_os_desc(enum ffs_os_desc_type type,struct usb_os_desc_header * h,void * data,unsigned len,void * priv)2823 static int __ffs_func_bind_do_os_desc(enum ffs_os_desc_type type,
2824 struct usb_os_desc_header *h, void *data,
2825 unsigned len, void *priv)
2826 {
2827 struct ffs_function *func = priv;
2828 u8 length = 0;
2829
2830 switch (type) {
2831 case FFS_OS_DESC_EXT_COMPAT: {
2832 struct usb_ext_compat_desc *desc = data;
2833 struct usb_os_desc_table *t;
2834
2835 t = &func->function.os_desc_table[desc->bFirstInterfaceNumber];
2836 t->if_id = func->interfaces_nums[desc->bFirstInterfaceNumber];
2837 memcpy(t->os_desc->ext_compat_id, &desc->CompatibleID,
2838 ARRAY_SIZE(desc->CompatibleID) + ARRAY_SIZE(desc->SubCompatibleID));
2839 length = sizeof(*desc);
2840 }
2841 break;
2842 case FFS_OS_DESC_EXT_PROP: {
2843 struct usb_ext_prop_desc *desc = data;
2844 struct usb_os_desc_table *t;
2845 struct usb_os_desc_ext_prop *ext_prop;
2846 char *ext_prop_name;
2847 char *ext_prop_data;
2848
2849 t = &func->function.os_desc_table[h->interface];
2850 t->if_id = func->interfaces_nums[h->interface];
2851
2852 ext_prop = func->ffs->ms_os_descs_ext_prop_avail;
2853 func->ffs->ms_os_descs_ext_prop_avail += sizeof(*ext_prop);
2854
2855 ext_prop->type = le32_to_cpu(desc->dwPropertyDataType);
2856 ext_prop->name_len = le16_to_cpu(desc->wPropertyNameLength);
2857 ext_prop->data_len = le32_to_cpu(*(__le32 *)
2858 usb_ext_prop_data_len_ptr(data, ext_prop->name_len));
2859 length = ext_prop->name_len + ext_prop->data_len + 14;
2860
2861 ext_prop_name = func->ffs->ms_os_descs_ext_prop_name_avail;
2862 func->ffs->ms_os_descs_ext_prop_name_avail +=
2863 ext_prop->name_len;
2864
2865 ext_prop_data = func->ffs->ms_os_descs_ext_prop_data_avail;
2866 func->ffs->ms_os_descs_ext_prop_data_avail +=
2867 ext_prop->data_len;
2868 memcpy(ext_prop_data, usb_ext_prop_data_ptr(data, ext_prop->name_len),
2869 ext_prop->data_len);
2870 /* unicode data reported to the host as "WCHAR"s */
2871 switch (ext_prop->type) {
2872 case USB_EXT_PROP_UNICODE:
2873 case USB_EXT_PROP_UNICODE_ENV:
2874 case USB_EXT_PROP_UNICODE_LINK:
2875 case USB_EXT_PROP_UNICODE_MULTI:
2876 ext_prop->data_len *= 2;
2877 break;
2878 }
2879 ext_prop->data = ext_prop_data;
2880
2881 memcpy(ext_prop_name, usb_ext_prop_name_ptr(data),
2882 ext_prop->name_len);
2883 /* property name reported to the host as "WCHAR"s */
2884 ext_prop->name_len *= 2;
2885 ext_prop->name = ext_prop_name;
2886
2887 t->os_desc->ext_prop_len +=
2888 ext_prop->name_len + ext_prop->data_len + 14;
2889 ++t->os_desc->ext_prop_count;
2890 list_add_tail(&ext_prop->entry, &t->os_desc->ext_prop);
2891 }
2892 break;
2893 default:
2894 pr_vdebug("unknown descriptor: %d\n", type);
2895 }
2896
2897 return length;
2898 }
2899
ffs_do_functionfs_bind(struct usb_function * f,struct usb_configuration * c)2900 static inline struct f_fs_opts *ffs_do_functionfs_bind(struct usb_function *f,
2901 struct usb_configuration *c)
2902 {
2903 struct ffs_function *func = ffs_func_from_usb(f);
2904 struct f_fs_opts *ffs_opts =
2905 container_of(f->fi, struct f_fs_opts, func_inst);
2906 int ret;
2907
2908 ENTER();
2909
2910 /*
2911 * Legacy gadget triggers binding in functionfs_ready_callback,
2912 * which already uses locking; taking the same lock here would
2913 * cause a deadlock.
2914 *
2915 * Configfs-enabled gadgets however do need ffs_dev_lock.
2916 */
2917 if (!ffs_opts->no_configfs)
2918 ffs_dev_lock();
2919 ret = ffs_opts->dev->desc_ready ? 0 : -ENODEV;
2920 func->ffs = ffs_opts->dev->ffs_data;
2921 if (!ffs_opts->no_configfs)
2922 ffs_dev_unlock();
2923 if (ret)
2924 return ERR_PTR(ret);
2925
2926 func->conf = c;
2927 func->gadget = c->cdev->gadget;
2928
2929 /*
2930 * in drivers/usb/gadget/configfs.c:configfs_composite_bind()
2931 * configurations are bound in sequence with list_for_each_entry,
2932 * in each configuration its functions are bound in sequence
2933 * with list_for_each_entry, so we assume no race condition
2934 * with regard to ffs_opts->bound access
2935 */
2936 if (!ffs_opts->refcnt) {
2937 ret = functionfs_bind(func->ffs, c->cdev);
2938 if (ret)
2939 return ERR_PTR(ret);
2940 }
2941 ffs_opts->refcnt++;
2942 func->function.strings = func->ffs->stringtabs;
2943
2944 return ffs_opts;
2945 }
2946
_ffs_func_bind(struct usb_configuration * c,struct usb_function * f)2947 static int _ffs_func_bind(struct usb_configuration *c, struct usb_function *f)
2948 {
2949 struct ffs_function *func = ffs_func_from_usb(f);
2950 struct ffs_data *ffs = func->ffs;
2951
2952 const int full = !!func->ffs->fs_descs_count;
2953 const int high = !!func->ffs->hs_descs_count;
2954 const int super = !!func->ffs->ss_descs_count;
2955
2956 int fs_len, hs_len, ss_len, ret, i;
2957 struct ffs_ep *eps_ptr = NULL;
2958 struct usb_descriptor_header *des_head = NULL;
2959 struct usb_interface_descriptor *intf_ctl = NULL;
2960 struct usb_interface_descriptor *intf_data = NULL;
2961 /* Make it a single chunk, less management later on */
2962 vla_group(d);
2963 vla_item_with_sz(d, struct ffs_ep, eps, ffs->eps_count);
2964 vla_item_with_sz(d, struct usb_descriptor_header *, fs_descs,
2965 full ? ffs->fs_descs_count + 1 : 0);
2966 vla_item_with_sz(d, struct usb_descriptor_header *, hs_descs,
2967 high ? ffs->hs_descs_count + 1 : 0);
2968 vla_item_with_sz(d, struct usb_descriptor_header *, ss_descs,
2969 super ? ffs->ss_descs_count + 1 : 0);
2970 vla_item_with_sz(d, short, inums, ffs->interfaces_count);
2971 vla_item_with_sz(d, struct usb_os_desc_table, os_desc_table,
2972 c->cdev->use_os_string ? ffs->interfaces_count : 0);
2973 vla_item_with_sz(d, char[16], ext_compat,
2974 c->cdev->use_os_string ? ffs->interfaces_count : 0);
2975 vla_item_with_sz(d, struct usb_os_desc, os_desc,
2976 c->cdev->use_os_string ? ffs->interfaces_count : 0);
2977 vla_item_with_sz(d, struct usb_os_desc_ext_prop, ext_prop,
2978 ffs->ms_os_descs_ext_prop_count);
2979 vla_item_with_sz(d, char, ext_prop_name,
2980 ffs->ms_os_descs_ext_prop_name_len);
2981 vla_item_with_sz(d, char, ext_prop_data,
2982 ffs->ms_os_descs_ext_prop_data_len);
2983 vla_item_with_sz(d, char, raw_descs, ffs->raw_descs_length);
2984 char *vlabuf = NULL;
2985
2986 ENTER();
2987
2988 /* Has descriptors only for speeds gadget does not support */
2989 if (unlikely(!(full | high | super)))
2990 return -ENOTSUPP;
2991
2992 /* Allocate a single chunk, less management later on */
2993 vlabuf = kzalloc(vla_group_size(d), GFP_KERNEL);
2994 if (unlikely(!vlabuf))
2995 return -ENOMEM;
2996
2997 ffs->ms_os_descs_ext_prop_avail = vla_ptr(vlabuf, d, ext_prop);
2998 ffs->ms_os_descs_ext_prop_name_avail =
2999 vla_ptr(vlabuf, d, ext_prop_name);
3000 ffs->ms_os_descs_ext_prop_data_avail =
3001 vla_ptr(vlabuf, d, ext_prop_data);
3002
3003 /* Copy descriptors */
3004 memcpy(vla_ptr(vlabuf, d, raw_descs), ffs->raw_descs, ffs->raw_descs_length);
3005
3006 memset(vla_ptr(vlabuf, d, inums), 0xff, d_inums__sz);
3007
3008 eps_ptr = vla_ptr(vlabuf, d, eps);
3009 for (i = 0; i < ffs->eps_count; i++)
3010 eps_ptr[i].num = -1;
3011
3012 /* Save pointers
3013 * d_eps == vlabuf, func->eps used to kfree vlabuf later
3014 */
3015 func->eps = vla_ptr(vlabuf, d, eps);
3016 func->interfaces_nums = vla_ptr(vlabuf, d, inums);
3017
3018 /*
3019 * Go through all the endpoint descriptors and allocate
3020 * endpoints first, so that later we can rewrite the endpoint
3021 * numbers without worrying that it may be described later on.
3022 */
3023 if (likely(full)) {
3024 func->function.fs_descriptors = vla_ptr(vlabuf, d, fs_descs);
3025 fs_len = ffs_do_descs(ffs->fs_descs_count,
3026 vla_ptr(vlabuf, d, raw_descs),
3027 d_raw_descs__sz,
3028 __ffs_func_bind_do_descs, func);
3029 if (unlikely(fs_len < 0)) {
3030 ret = fs_len;
3031 goto error;
3032 }
3033 } else {
3034 fs_len = 0;
3035 }
3036 if (likely(high)) {
3037 func->function.hs_descriptors = vla_ptr(vlabuf, d, hs_descs);
3038 hs_len = ffs_do_descs(ffs->hs_descs_count,
3039 vla_ptr(vlabuf, d, raw_descs) + fs_len,
3040 d_raw_descs__sz - fs_len,
3041 __ffs_func_bind_do_descs, func);
3042 if (unlikely(hs_len < 0)) {
3043 ret = hs_len;
3044 goto error;
3045 }
3046 } else {
3047 hs_len = 0;
3048 }
3049 if (likely(super)) {
3050 func->function.ss_descriptors = vla_ptr(vlabuf, d, ss_descs);
3051 ss_len = ffs_do_descs(ffs->ss_descs_count,
3052 vla_ptr(vlabuf, d, raw_descs) + fs_len + hs_len,
3053 d_raw_descs__sz - fs_len - hs_len,
3054 __ffs_func_bind_do_descs, func);
3055 if (unlikely(ss_len < 0)) {
3056 ret = ss_len;
3057 goto error;
3058 }
3059 } else {
3060 ss_len = 0;
3061 }
3062 /*
3063 * Now handle interface numbers allocation and interface and
3064 * endpoint numbers rewriting. We can do that in one go
3065 * now.
3066 */
3067 ret = ffs_do_descs(ffs->fs_descs_count +
3068 (high ? ffs->hs_descs_count : 0) +
3069 (super ? ffs->ss_descs_count : 0),
3070 vla_ptr(vlabuf, d, raw_descs), d_raw_descs__sz,
3071 __ffs_func_bind_do_nums, func);
3072 if (unlikely(ret < 0))
3073 goto error;
3074
3075 func->function.os_desc_table = vla_ptr(vlabuf, d, os_desc_table);
3076 if (c->cdev->use_os_string) {
3077 for (i = 0; i < ffs->interfaces_count; ++i) {
3078 struct usb_os_desc *desc;
3079
3080 desc = func->function.os_desc_table[i].os_desc =
3081 vla_ptr(vlabuf, d, os_desc) +
3082 i * sizeof(struct usb_os_desc);
3083 desc->ext_compat_id =
3084 vla_ptr(vlabuf, d, ext_compat) + i * 16;
3085 INIT_LIST_HEAD(&desc->ext_prop);
3086 }
3087 ret = ffs_do_os_descs(ffs->ms_os_descs_count,
3088 vla_ptr(vlabuf, d, raw_descs) +
3089 fs_len + hs_len + ss_len,
3090 d_raw_descs__sz - fs_len - hs_len -
3091 ss_len,
3092 __ffs_func_bind_do_os_desc, func);
3093 if (unlikely(ret < 0))
3094 goto error;
3095 }
3096 func->function.os_desc_n =
3097 c->cdev->use_os_string ? ffs->interfaces_count : 0;
3098
3099 for (i = 0; i< func->ffs->fs_descs_count; i++) {
3100 des_head = func->function.fs_descriptors[i];
3101 if (des_head->bDescriptorType == USB_DT_INTERFACE) {
3102 struct usb_interface_descriptor *intf = (struct usb_interface_descriptor *)des_head;
3103 if (intf->bNumEndpoints > 0) {
3104 if (intf_ctl == NULL) {
3105 intf_ctl = intf;
3106 } else {
3107 intf_data = intf;
3108 break;
3109 }
3110 }
3111 }
3112 }
3113 for (i = 0; i< func->ffs->fs_descs_count; i++) {
3114 des_head = func->function.fs_descriptors[i];
3115 if (des_head->bDescriptorType == USB_DT_INTERFACE_ASSOCIATION) {
3116 struct usb_interface_assoc_descriptor *a_dec = (struct usb_interface_assoc_descriptor *)des_head;
3117 a_dec->bFirstInterface = intf_ctl->bInterfaceNumber;
3118 } else if (des_head->bDescriptorType == USB_DT_CS_INTERFACE) {
3119 struct usb_cdc_header_desc *cs_des = (struct usb_cdc_header_desc *)des_head;
3120 if (cs_des->bDescriptorSubType == USB_CDC_CALL_MANAGEMENT_TYPE) {
3121 struct usb_cdc_call_mgmt_descriptor *mgmt_des = (struct usb_cdc_call_mgmt_descriptor *)des_head;
3122 mgmt_des->bDataInterface = intf_data->bInterfaceNumber;
3123 } else if (cs_des->bDescriptorSubType == USB_CDC_UNION_TYPE) {
3124 struct usb_cdc_union_desc *union_des = (struct usb_cdc_union_desc *)des_head;
3125 union_des->bMasterInterface0 = intf_ctl->bInterfaceNumber;
3126 union_des->bSlaveInterface0 = intf_data->bInterfaceNumber;
3127 } else if (cs_des->bDescriptorSubType == USB_CDC_ETHERNET_TYPE) {
3128 struct usb_cdc_ether_desc *ether_des = (struct usb_cdc_ether_desc *)des_head;
3129 ether_des->iMACAddress = intf_ctl->iInterface + 1;
3130 }
3131 }
3132 }
3133 for (i = 0; i< func->ffs->hs_descs_count; i++) {
3134 des_head = func->function.hs_descriptors[i];
3135 if (des_head->bDescriptorType == USB_DT_INTERFACE_ASSOCIATION) {
3136 struct usb_interface_assoc_descriptor *a_dec = (struct usb_interface_assoc_descriptor *)des_head;
3137 a_dec->bFirstInterface = intf_ctl->bInterfaceNumber;
3138 } else if (des_head->bDescriptorType == USB_DT_CS_INTERFACE) {
3139 struct usb_cdc_header_desc *cs_des = (struct usb_cdc_header_desc *)des_head;
3140 if (cs_des->bDescriptorSubType == USB_CDC_CALL_MANAGEMENT_TYPE) {
3141 struct usb_cdc_call_mgmt_descriptor *mgmt_des = (struct usb_cdc_call_mgmt_descriptor *)des_head;
3142 mgmt_des->bDataInterface = intf_data->bInterfaceNumber;
3143 } else if (cs_des->bDescriptorSubType == USB_CDC_UNION_TYPE) {
3144 struct usb_cdc_union_desc *union_des = (struct usb_cdc_union_desc *)des_head;
3145 union_des->bMasterInterface0 = intf_ctl->bInterfaceNumber;
3146 union_des->bSlaveInterface0 = intf_data->bInterfaceNumber;
3147 } else if (cs_des->bDescriptorSubType == USB_CDC_ETHERNET_TYPE) {
3148 struct usb_cdc_ether_desc *ether_des = (struct usb_cdc_ether_desc *)des_head;
3149 ether_des->iMACAddress = intf_ctl->iInterface + 1;
3150 }
3151 }
3152 }
3153 for (i = 0; i< func->ffs->ss_descs_count; i++) {
3154 des_head = func->function.ss_descriptors[i];
3155 if (des_head->bDescriptorType == USB_DT_INTERFACE_ASSOCIATION) {
3156 struct usb_interface_assoc_descriptor *a_dec = (struct usb_interface_assoc_descriptor *)des_head;
3157 a_dec->bFirstInterface = intf_ctl->bInterfaceNumber;
3158 } else if (des_head->bDescriptorType == USB_DT_CS_INTERFACE) {
3159 struct usb_cdc_header_desc *cs_des = (struct usb_cdc_header_desc *)des_head;
3160 if (cs_des->bDescriptorSubType == USB_CDC_CALL_MANAGEMENT_TYPE) {
3161 struct usb_cdc_call_mgmt_descriptor *mgmt_des = (struct usb_cdc_call_mgmt_descriptor *)des_head;
3162 mgmt_des->bDataInterface = intf_data->bInterfaceNumber;
3163 } else if (cs_des->bDescriptorSubType == USB_CDC_UNION_TYPE) {
3164 struct usb_cdc_union_desc *union_des = (struct usb_cdc_union_desc *)des_head;
3165 union_des->bMasterInterface0 = intf_ctl->bInterfaceNumber;
3166 union_des->bSlaveInterface0 = intf_data->bInterfaceNumber;
3167 } else if (cs_des->bDescriptorSubType == USB_CDC_ETHERNET_TYPE) {
3168 struct usb_cdc_ether_desc *ether_des = (struct usb_cdc_ether_desc *)des_head;
3169 ether_des->iMACAddress = intf_ctl->iInterface + 1;
3170 }
3171 }
3172 }
3173 /* And we're done */
3174 ffs->eps = func->eps;
3175 ffs_event_add(ffs, FUNCTIONFS_BIND);
3176 return 0;
3177
3178 error:
3179 /* XXX Do we need to release all claimed endpoints here? */
3180 return ret;
3181 }
3182
ffs_func_bind(struct usb_configuration * c,struct usb_function * f)3183 static int ffs_func_bind(struct usb_configuration *c, struct usb_function *f)
3184 {
3185 struct f_fs_opts *ffs_opts = ffs_do_functionfs_bind(f, c);
3186 struct ffs_function *func = ffs_func_from_usb(f);
3187 int ret;
3188
3189 if (IS_ERR(ffs_opts))
3190 return PTR_ERR(ffs_opts);
3191
3192 ret = _ffs_func_bind(c, f);
3193 if (ret && !--ffs_opts->refcnt)
3194 functionfs_unbind(func->ffs);
3195
3196 return ret;
3197 }
3198
3199 /* Other USB function hooks *************************************************/
ffs_reset_work(struct work_struct * work)3200 static void ffs_reset_work(struct work_struct *work)
3201 {
3202 struct ffs_data *ffs = container_of(work,
3203 struct ffs_data, reset_work);
3204 ffs_data_reset(ffs);
3205 }
3206
ffs_func_set_alt(struct usb_function * f,unsigned interface,unsigned alt)3207 static int ffs_func_set_alt(struct usb_function *f,
3208 unsigned interface, unsigned alt)
3209 {
3210 struct ffs_function *func = ffs_func_from_usb(f);
3211 struct ffs_data *ffs = func->ffs;
3212 int ret = 0, intf;
3213
3214 if (alt != (unsigned)-1) {
3215 intf = ffs_func_revmap_intf(func, interface);
3216 if (unlikely(intf < 0))
3217 return intf;
3218 }
3219
3220 if (ffs->func)
3221 ffs_func_eps_disable(ffs->func);
3222
3223 if (ffs->state == FFS_DEACTIVATED) {
3224 ffs->state = FFS_CLOSING;
3225 INIT_WORK(&ffs->reset_work, ffs_reset_work);
3226 schedule_work(&ffs->reset_work);
3227 return -ENODEV;
3228 }
3229
3230 if (ffs->state != FFS_ACTIVE)
3231 return -ENODEV;
3232
3233 if (alt == (unsigned)-1) {
3234 ffs->func = NULL;
3235 ffs_event_add(ffs, FUNCTIONFS_DISABLE);
3236 return 0;
3237 }
3238
3239 ffs->func = func;
3240 ret = ffs_func_eps_enable(func);
3241 if (likely(ret >= 0))
3242 ffs_event_add(ffs, FUNCTIONFS_ENABLE);
3243 return ret;
3244 }
3245
ffs_func_disable(struct usb_function * f)3246 static void ffs_func_disable(struct usb_function *f)
3247 {
3248 ffs_func_set_alt(f, 0, (unsigned)-1);
3249 }
3250
ffs_func_setup(struct usb_function * f,const struct usb_ctrlrequest * creq)3251 static int ffs_func_setup(struct usb_function *f, const struct usb_ctrlrequest *creq)
3252 {
3253 struct ffs_function *func = ffs_func_from_usb(f);
3254 struct ffs_data *ffs = func->ffs;
3255 unsigned long flags;
3256 int ret;
3257
3258 ENTER();
3259
3260 pr_vdebug("creq->bRequestType = %02x\n", creq->bRequestType);
3261 pr_vdebug("creq->bRequest = %02x\n", creq->bRequest);
3262 pr_vdebug("creq->wValue = %04x\n", le16_to_cpu(creq->wValue));
3263 pr_vdebug("creq->wIndex = %04x\n", le16_to_cpu(creq->wIndex));
3264 pr_vdebug("creq->wLength = %04x\n", le16_to_cpu(creq->wLength));
3265
3266 /*
3267 * Most requests directed to interface go through here
3268 * (notable exceptions are set/get interface) so we need to
3269 * handle them. All other either handled by composite or
3270 * passed to usb_configuration->setup() (if one is set). No
3271 * matter, we will handle requests directed to endpoint here
3272 * as well (as it's straightforward). Other request recipient
3273 * types are only handled when the user flag FUNCTIONFS_ALL_CTRL_RECIP
3274 * is being used.
3275 */
3276 if (ffs->state != FFS_ACTIVE)
3277 return -ENODEV;
3278
3279 switch (creq->bRequestType & USB_RECIP_MASK) {
3280 case USB_RECIP_INTERFACE:
3281 ret = ffs_func_revmap_intf(func, le16_to_cpu(creq->wIndex));
3282 if (unlikely(ret < 0))
3283 return ret;
3284 break;
3285
3286 case USB_RECIP_ENDPOINT:
3287 ret = ffs_func_revmap_ep(func, le16_to_cpu(creq->wIndex));
3288 if (unlikely(ret < 0))
3289 return ret;
3290 if (func->ffs->user_flags & FUNCTIONFS_VIRTUAL_ADDR)
3291 ret = func->ffs->eps_addrmap[ret];
3292 break;
3293
3294 default:
3295 if (func->ffs->user_flags & FUNCTIONFS_ALL_CTRL_RECIP)
3296 ret = le16_to_cpu(creq->wIndex);
3297 else
3298 return -EOPNOTSUPP;
3299 }
3300
3301 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
3302 ffs->ev.setup = *creq;
3303 ffs->ev.setup.wIndex = cpu_to_le16(ret);
3304 __ffs_event_add(ffs, FUNCTIONFS_SETUP);
3305 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
3306
3307 return creq->wLength == 0 ? USB_GADGET_DELAYED_STATUS : 0;
3308 }
3309
ffs_func_req_match(struct usb_function * f,const struct usb_ctrlrequest * creq,bool config0)3310 static bool ffs_func_req_match(struct usb_function *f,
3311 const struct usb_ctrlrequest *creq,
3312 bool config0)
3313 {
3314 struct ffs_function *func = ffs_func_from_usb(f);
3315
3316 if (config0 && !(func->ffs->user_flags & FUNCTIONFS_CONFIG0_SETUP))
3317 return false;
3318
3319 switch (creq->bRequestType & USB_RECIP_MASK) {
3320 case USB_RECIP_INTERFACE:
3321 return (ffs_func_revmap_intf(func,
3322 le16_to_cpu(creq->wIndex)) >= 0);
3323 case USB_RECIP_ENDPOINT:
3324 return (ffs_func_revmap_ep(func,
3325 le16_to_cpu(creq->wIndex)) >= 0);
3326 default:
3327 return (bool) (func->ffs->user_flags &
3328 FUNCTIONFS_ALL_CTRL_RECIP);
3329 }
3330 }
3331
ffs_func_suspend(struct usb_function * f)3332 static void ffs_func_suspend(struct usb_function *f)
3333 {
3334 ENTER();
3335 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_SUSPEND);
3336 }
3337
ffs_func_resume(struct usb_function * f)3338 static void ffs_func_resume(struct usb_function *f)
3339 {
3340 ENTER();
3341 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_RESUME);
3342 }
3343
3344 /* Endpoint and interface numbers reverse mapping ***************************/
ffs_func_revmap_ep(struct ffs_function * func,u8 num)3345 static int ffs_func_revmap_ep(struct ffs_function *func, u8 num)
3346 {
3347 num = func->eps_revmap[num & USB_ENDPOINT_NUMBER_MASK];
3348 return num ? num : -EDOM;
3349 }
3350
ffs_func_revmap_intf(struct ffs_function * func,u8 intf)3351 static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf)
3352 {
3353 short *nums = func->interfaces_nums;
3354 unsigned count = func->ffs->interfaces_count;
3355
3356 for (; count; --count, ++nums) {
3357 if (*nums >= 0 && *nums == intf)
3358 return nums - func->interfaces_nums;
3359 }
3360
3361 return -EDOM;
3362 }
3363
3364 /* Devices management *******************************************************/
3365 static LIST_HEAD(ffs_devices);
3366
_ffs_do_find_dev(const char * name)3367 static struct ffs_dev *_ffs_do_find_dev(const char *name)
3368 {
3369 struct ffs_dev *dev = NULL;
3370
3371 if (!name)
3372 return NULL;
3373
3374 list_for_each_entry(dev, &ffs_devices, entry) {
3375 if (!dev->name)
3376 return NULL;
3377 if (strcmp(dev->name, name) == 0)
3378 return dev;
3379 }
3380
3381 return NULL;
3382 }
3383
3384 /*
3385 * ffs_lock must be taken by the caller of this function
3386 */
_ffs_get_single_dev(void)3387 static struct ffs_dev *_ffs_get_single_dev(void)
3388 {
3389 struct ffs_dev *dev = NULL;
3390
3391 if (list_is_singular(&ffs_devices)) {
3392 dev = list_first_entry(&ffs_devices, struct ffs_dev, entry);
3393 if (dev->single)
3394 return dev;
3395 }
3396
3397 return NULL;
3398 }
3399
3400 /*
3401 * ffs_lock must be taken by the caller of this function
3402 */
_ffs_find_dev(const char * name)3403 static struct ffs_dev *_ffs_find_dev(const char *name)
3404 {
3405 struct ffs_dev *dev;
3406
3407 dev = _ffs_get_single_dev();
3408 if (dev)
3409 return dev;
3410
3411 return _ffs_do_find_dev(name);
3412 }
3413
3414 /* Configfs support *********************************************************/
to_ffs_opts(struct config_item * item)3415 static inline struct f_fs_opts *to_ffs_opts(struct config_item *item)
3416 {
3417 return container_of(to_config_group(item), struct f_fs_opts,
3418 func_inst.group);
3419 }
3420
ffs_attr_release(struct config_item * item)3421 static void ffs_attr_release(struct config_item *item)
3422 {
3423 struct f_fs_opts *opts = to_ffs_opts(item);
3424
3425 usb_put_function_instance(&opts->func_inst);
3426 }
3427
3428 static struct configfs_item_operations ffs_item_ops = {
3429 .release = ffs_attr_release,
3430 };
3431
3432 static const struct config_item_type ffs_func_type = {
3433 .ct_item_ops = &ffs_item_ops,
3434 .ct_owner = THIS_MODULE,
3435 };
3436
3437 /* Function registration interface ******************************************/
ffs_free_inst(struct usb_function_instance * f)3438 static void ffs_free_inst(struct usb_function_instance *f)
3439 {
3440 struct f_fs_opts *opts;
3441
3442 opts = to_f_fs_opts(f);
3443 ffs_dev_lock();
3444 _ffs_free_dev(opts->dev);
3445 ffs_dev_unlock();
3446 kfree(opts);
3447 }
3448
ffs_set_inst_name(struct usb_function_instance * fi,const char * name)3449 static int ffs_set_inst_name(struct usb_function_instance *fi, const char *name)
3450 {
3451 char name_dev[MAX_NAMELEN] = {0};
3452 if (snprintf(name_dev, MAX_NAMELEN - 1, "%s.%s", FUNCTION_GENERIC, name) < 0) {
3453 return -EFAULT;
3454 }
3455 if (strlen(name_dev) >= sizeof_field(struct ffs_dev, name))
3456 return -ENAMETOOLONG;
3457 return ffs_name_dev_adapter(to_f_fs_opts(fi)->dev, name_dev);
3458 }
3459
ffs_alloc_inst(void)3460 static struct usb_function_instance *ffs_alloc_inst(void)
3461 {
3462 struct f_fs_opts *opts = NULL;
3463 struct ffs_dev *dev = NULL;
3464
3465 opts = kzalloc(sizeof(*opts), GFP_KERNEL);
3466 if (!opts)
3467 return ERR_PTR(-ENOMEM);
3468
3469 opts->func_inst.set_inst_name = ffs_set_inst_name;
3470 opts->func_inst.free_func_inst = ffs_free_inst;
3471 ffs_dev_lock();
3472 dev = _ffs_alloc_dev();
3473 ffs_dev_unlock();
3474 if (IS_ERR(dev)) {
3475 kfree(opts);
3476 return ERR_CAST(dev);
3477 }
3478 opts->dev = dev;
3479 dev->opts = opts;
3480
3481 config_group_init_type_name(&opts->func_inst.group, "",
3482 &ffs_func_type);
3483 return &opts->func_inst;
3484 }
3485
ffs_free(struct usb_function * f)3486 static void ffs_free(struct usb_function *f)
3487 {
3488 kfree(ffs_func_from_usb(f));
3489 }
3490
ffs_func_unbind(struct usb_configuration * c,struct usb_function * f)3491 static void ffs_func_unbind(struct usb_configuration *c,
3492 struct usb_function *f)
3493 {
3494 struct ffs_function *func = ffs_func_from_usb(f);
3495 struct ffs_data *ffs = func->ffs;
3496 struct f_fs_opts *opts =
3497 container_of(f->fi, struct f_fs_opts, func_inst);
3498 struct ffs_ep *ep = func->eps;
3499 unsigned count = ffs->eps_count;
3500 unsigned long flags;
3501
3502 ENTER();
3503 if (ffs->func == func) {
3504 ffs_func_eps_disable(func);
3505 ffs->func = NULL;
3506 }
3507
3508 if (!--opts->refcnt)
3509 functionfs_unbind(ffs);
3510
3511 /* cleanup after autoconfig */
3512 spin_lock_irqsave(&func->ffs->eps_lock, flags);
3513 while (count--) {
3514 if (ep->ep && ep->req)
3515 usb_ep_free_request(ep->ep, ep->req);
3516 ep->req = NULL;
3517 ++ep;
3518 }
3519 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
3520 kfree(func->eps);
3521 func->eps = NULL;
3522 /*
3523 * eps, descriptors and interfaces_nums are allocated in the
3524 * same chunk so only one free is required.
3525 */
3526 func->function.fs_descriptors = NULL;
3527 func->function.hs_descriptors = NULL;
3528 func->function.ss_descriptors = NULL;
3529 func->interfaces_nums = NULL;
3530
3531 ffs_event_add(ffs, FUNCTIONFS_UNBIND);
3532 }
3533
ffs_func_get_alt(struct usb_function * f,unsigned intf)3534 static int ffs_func_get_alt(struct usb_function *f, unsigned intf)
3535 {
3536 if (intf == 0)
3537 return 0;
3538 return 1;
3539 }
3540
ffs_alloc(struct usb_function_instance * fi)3541 static struct usb_function *ffs_alloc(struct usb_function_instance *fi)
3542 {
3543 struct ffs_function *func = NULL;
3544
3545 ENTER();
3546
3547 func = kzalloc(sizeof(*func), GFP_KERNEL);
3548 if (unlikely(!func))
3549 return ERR_PTR(-ENOMEM);
3550
3551 func->function.name = "FunctionFS Adapter";
3552
3553 func->function.bind = ffs_func_bind;
3554 func->function.unbind = ffs_func_unbind;
3555 func->function.set_alt = ffs_func_set_alt;
3556 func->function.get_alt = ffs_func_get_alt;
3557 func->function.disable = ffs_func_disable;
3558 func->function.setup = ffs_func_setup;
3559 func->function.req_match = ffs_func_req_match;
3560 func->function.suspend = ffs_func_suspend;
3561 func->function.resume = ffs_func_resume;
3562 func->function.free_func = ffs_free;
3563
3564 return &func->function;
3565 }
3566
3567 /*
3568 * ffs_lock must be taken by the caller of this function
3569 */
_ffs_alloc_dev(void)3570 static struct ffs_dev *_ffs_alloc_dev(void)
3571 {
3572 struct ffs_dev *dev = NULL;
3573 int ret;
3574
3575 if (_ffs_get_single_dev())
3576 return ERR_PTR(-EBUSY);
3577
3578 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3579 if (!dev)
3580 return ERR_PTR(-ENOMEM);
3581
3582 if (list_empty(&ffs_devices)) {
3583 ret = functionfs_init();
3584 if (ret) {
3585 kfree(dev);
3586 return ERR_PTR(ret);
3587 }
3588 }
3589
3590 list_add(&dev->entry, &ffs_devices);
3591
3592 return dev;
3593 }
3594
ffs_name_dev_adapter(struct ffs_dev * dev,const char * name)3595 int ffs_name_dev_adapter(struct ffs_dev *dev, const char *name)
3596 {
3597 struct ffs_dev *existing = NULL;
3598 int ret = 0;
3599
3600 ffs_dev_lock();
3601
3602 existing = _ffs_do_find_dev(name);
3603 if (!existing)
3604 strlcpy(dev->name, name, ARRAY_SIZE(dev->name));
3605 else if (existing != dev)
3606 ret = -EBUSY;
3607
3608 ffs_dev_unlock();
3609
3610 return ret;
3611 }
3612 EXPORT_SYMBOL_GPL(ffs_name_dev_adapter);
3613
ffs_single_dev_adapter(struct ffs_dev * dev)3614 int ffs_single_dev_adapter(struct ffs_dev *dev)
3615 {
3616 int ret;
3617
3618 ret = 0;
3619 ffs_dev_lock();
3620
3621 if (!list_is_singular(&ffs_devices))
3622 ret = -EBUSY;
3623 else
3624 dev->single = true;
3625
3626 ffs_dev_unlock();
3627 return ret;
3628 }
3629 EXPORT_SYMBOL_GPL(ffs_single_dev_adapter);
3630 /*
3631 * ffs_lock must be taken by the caller of this function
3632 */
_ffs_free_dev(struct ffs_dev * dev)3633 static void _ffs_free_dev(struct ffs_dev *dev)
3634 {
3635 list_del(&dev->entry);
3636
3637 /* Clear the private_data pointer to stop incorrect dev access */
3638 if (dev->ffs_data)
3639 dev->ffs_data->private_data = NULL;
3640
3641 kfree(dev);
3642 if (list_empty(&ffs_devices))
3643 functionfs_cleanup();
3644 }
3645
ffs_acquire_dev(const char * dev_name)3646 static void *ffs_acquire_dev(const char *dev_name)
3647 {
3648 struct ffs_dev *ffs_dev = NULL;
3649
3650 ENTER();
3651 ffs_dev_lock();
3652
3653 ffs_dev = _ffs_find_dev(dev_name);
3654 if (!ffs_dev)
3655 ffs_dev = ERR_PTR(-ENOENT);
3656 else if (ffs_dev->mounted)
3657 ffs_dev = ERR_PTR(-EBUSY);
3658 else if (ffs_dev->ffs_acquire_dev_callback &&
3659 ffs_dev->ffs_acquire_dev_callback(ffs_dev))
3660 ffs_dev = ERR_PTR(-ENOENT);
3661 else
3662 ffs_dev->mounted = true;
3663
3664 ffs_dev_unlock();
3665 return ffs_dev;
3666 }
3667
ffs_release_dev(struct ffs_data * ffs_data)3668 static void ffs_release_dev(struct ffs_data *ffs_data)
3669 {
3670 struct ffs_dev *ffs_dev = NULL;
3671
3672 ENTER();
3673 ffs_dev_lock();
3674
3675 ffs_dev = ffs_data->private_data;
3676 if (ffs_dev) {
3677 ffs_dev->mounted = false;
3678
3679 if (ffs_dev->ffs_release_dev_callback)
3680 ffs_dev->ffs_release_dev_callback(ffs_dev);
3681 }
3682
3683 ffs_dev_unlock();
3684 }
3685
ffs_ready(struct ffs_data * ffs)3686 static int ffs_ready(struct ffs_data *ffs)
3687 {
3688 struct ffs_dev *ffs_obj = NULL;
3689 int ret = 0;
3690
3691 ENTER();
3692 ffs_dev_lock();
3693
3694 ffs_obj = ffs->private_data;
3695 if (!ffs_obj) {
3696 ret = -EINVAL;
3697 goto done;
3698 }
3699 if (WARN_ON(ffs_obj->desc_ready)) {
3700 ret = -EBUSY;
3701 goto done;
3702 }
3703
3704 ffs_obj->desc_ready = true;
3705 ffs_obj->ffs_data = ffs;
3706
3707 if (ffs_obj->ffs_ready_callback) {
3708 ret = ffs_obj->ffs_ready_callback(ffs);
3709 if (ret)
3710 goto done;
3711 }
3712
3713 set_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags);
3714 done:
3715 ffs_dev_unlock();
3716 return ret;
3717 }
3718
ffs_closed(struct ffs_data * ffs)3719 static void ffs_closed(struct ffs_data *ffs)
3720 {
3721 struct ffs_dev *ffs_obj = NULL;
3722 struct f_fs_opts *opts = NULL;
3723 struct config_item *ci = NULL;
3724
3725 ENTER();
3726 ffs_dev_lock();
3727
3728 ffs_obj = ffs->private_data;
3729 if (!ffs_obj)
3730 goto done;
3731
3732 ffs_obj->desc_ready = false;
3733 ffs_obj->ffs_data = NULL;
3734
3735 if (test_and_clear_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags) &&
3736 ffs_obj->ffs_closed_callback)
3737 ffs_obj->ffs_closed_callback(ffs);
3738
3739 if (ffs_obj->opts)
3740 opts = ffs_obj->opts;
3741 else
3742 goto done;
3743
3744 if (opts->no_configfs || !opts->func_inst.group.cg_item.ci_parent
3745 || !kref_read(&opts->func_inst.group.cg_item.ci_kref))
3746 goto done;
3747
3748 ci = opts->func_inst.group.cg_item.ci_parent->ci_parent;
3749 ffs_dev_unlock();
3750
3751 if (test_bit(FFS_FL_BOUND, &ffs->flags))
3752 unregister_gadget_item(ci);
3753 return;
3754 done:
3755 ffs_dev_unlock();
3756 }
3757
3758 /* Misc helper functions ****************************************************/
ffs_mutex_lock(struct mutex * mutex,unsigned nonblock)3759 static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
3760 {
3761 return nonblock
3762 ? likely(mutex_trylock(mutex)) ? 0 : -EAGAIN
3763 : mutex_lock_interruptible(mutex);
3764 }
3765
ffs_prepare_buffer(const char __user * buf,size_t len)3766 static char *ffs_prepare_buffer(const char __user *buf, size_t len)
3767 {
3768 char *data = NULL;
3769
3770 if (unlikely(!len))
3771 return NULL;
3772
3773 data = kmalloc(len, GFP_KERNEL);
3774 if (unlikely(!data))
3775 return ERR_PTR(-ENOMEM);
3776
3777 if (unlikely(copy_from_user(data, buf, len))) {
3778 kfree(data);
3779 return ERR_PTR(-EFAULT);
3780 }
3781
3782 pr_vdebug("Buffer from user space:\n");
3783 ffs_dump_mem("", data, len);
3784
3785 return data;
3786 }
3787
3788 DECLARE_USB_FUNCTION_INIT(f_generic, ffs_alloc_inst, ffs_alloc);
3789 MODULE_LICENSE("GPL");
3790