1 /*
2 * Gadget Function Driver for MTP
3 *
4 * Copyright (C) 2010 Google, Inc.
5 * Author: Mike Lockwood <lockwood@android.com>
6 *
7 * This software is licensed under the terms of the GNU General Public
8 * License version 2, as published by the Free Software Foundation, and
9 * may be copied, distributed, and modified under those terms.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 */
17
18 /* #define DEBUG */
19 /* #define VERBOSE_DEBUG */
20
21 #include <linux/module.h>
22 #include <linux/init.h>
23 #include <linux/poll.h>
24 #include <linux/delay.h>
25 #include <linux/wait.h>
26 #include <linux/err.h>
27 #include <linux/interrupt.h>
28
29 #include <linux/types.h>
30 #include <linux/file.h>
31 #include <linux/device.h>
32 #include <linux/miscdevice.h>
33
34 #include <linux/usb.h>
35 #include <linux/usb_usual.h>
36 #include <linux/usb/ch9.h>
37 #include <linux/usb/f_mtp.h>
38 #include <linux/configfs.h>
39 #include <linux/usb/composite.h>
40
41 #include "configfs.h"
42
43 #define MTP_BULK_BUFFER_SIZE 16384
44 #define INTR_BUFFER_SIZE 28
45 #define MAX_INST_NAME_LEN 40
46
47 /* String IDs */
48 #define INTERFACE_STRING_INDEX 0
49
50 /* values for mtp_dev.state */
51 #define STATE_OFFLINE 0 /* initial state, disconnected */
52 #define STATE_READY 1 /* ready for userspace calls */
53 #define STATE_BUSY 2 /* processing userspace calls */
54 #define STATE_CANCELED 3 /* transaction canceled by host */
55 #define STATE_ERROR 4 /* error from completion routine */
56
57 /* number of tx and rx requests to allocate */
58 #define TX_REQ_MAX 4
59 #define RX_REQ_MAX 2
60 #define INTR_REQ_MAX 5
61
62 /* ID for Microsoft MTP OS String */
63 #define MTP_OS_STRING_ID 0xEE
64
65 /* MTP class reqeusts */
66 #define MTP_REQ_CANCEL 0x64
67 #define MTP_REQ_GET_EXT_EVENT_DATA 0x65
68 #define MTP_REQ_RESET 0x66
69 #define MTP_REQ_GET_DEVICE_STATUS 0x67
70
71 /* constants for device status */
72 #define MTP_RESPONSE_OK 0x2001
73 #define MTP_RESPONSE_DEVICE_BUSY 0x2019
74 #define DRIVER_NAME "mtp"
75
76 static const char mtp_shortname[] = DRIVER_NAME "_usb";
77
78 struct mtp_dev {
79 struct usb_function function;
80 struct usb_composite_dev *cdev;
81 spinlock_t lock;
82
83 struct usb_ep *ep_in;
84 struct usb_ep *ep_out;
85 struct usb_ep *ep_intr;
86
87 int state;
88
89 /* synchronize access to our device file */
90 atomic_t open_excl;
91 /* to enforce only one ioctl at a time */
92 atomic_t ioctl_excl;
93
94 struct list_head tx_idle;
95 struct list_head intr_idle;
96
97 wait_queue_head_t read_wq;
98 wait_queue_head_t write_wq;
99 wait_queue_head_t intr_wq;
100 struct usb_request *rx_req[RX_REQ_MAX];
101 int rx_done;
102
103 /* for processing MTP_SEND_FILE, MTP_RECEIVE_FILE and
104 * MTP_SEND_FILE_WITH_HEADER ioctls on a work queue
105 */
106 struct workqueue_struct *wq;
107 struct work_struct send_file_work;
108 struct work_struct receive_file_work;
109 struct file *xfer_file;
110 loff_t xfer_file_offset;
111 int64_t xfer_file_length;
112 unsigned xfer_send_header;
113 uint16_t xfer_command;
114 uint32_t xfer_transaction_id;
115 int xfer_result;
116 };
117
118 static struct usb_interface_descriptor mtp_interface_desc = {
119 .bLength = USB_DT_INTERFACE_SIZE,
120 .bDescriptorType = USB_DT_INTERFACE,
121 .bInterfaceNumber = 0,
122 .bNumEndpoints = 3,
123 .bInterfaceClass = USB_CLASS_VENDOR_SPEC,
124 .bInterfaceSubClass = USB_SUBCLASS_VENDOR_SPEC,
125 .bInterfaceProtocol = 0,
126 };
127
128 static struct usb_interface_descriptor ptp_interface_desc = {
129 .bLength = USB_DT_INTERFACE_SIZE,
130 .bDescriptorType = USB_DT_INTERFACE,
131 .bInterfaceNumber = 0,
132 .bNumEndpoints = 3,
133 .bInterfaceClass = USB_CLASS_STILL_IMAGE,
134 .bInterfaceSubClass = 1,
135 .bInterfaceProtocol = 1,
136 };
137
138 static struct usb_endpoint_descriptor mtp_ss_in_desc = {
139 .bLength = USB_DT_ENDPOINT_SIZE,
140 .bDescriptorType = USB_DT_ENDPOINT,
141 .bEndpointAddress = USB_DIR_IN,
142 .bmAttributes = USB_ENDPOINT_XFER_BULK,
143 .wMaxPacketSize = __constant_cpu_to_le16(1024),
144 };
145
146 static struct usb_ss_ep_comp_descriptor mtp_ss_in_comp_desc = {
147 .bLength = sizeof(mtp_ss_in_comp_desc),
148 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
149 /* .bMaxBurst = DYNAMIC, */
150 };
151
152 static struct usb_endpoint_descriptor mtp_ss_out_desc = {
153 .bLength = USB_DT_ENDPOINT_SIZE,
154 .bDescriptorType = USB_DT_ENDPOINT,
155 .bEndpointAddress = USB_DIR_OUT,
156 .bmAttributes = USB_ENDPOINT_XFER_BULK,
157 .wMaxPacketSize = __constant_cpu_to_le16(1024),
158 };
159
160 static struct usb_ss_ep_comp_descriptor mtp_ss_out_comp_desc = {
161 .bLength = sizeof(mtp_ss_out_comp_desc),
162 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
163 /* .bMaxBurst = DYNAMIC, */
164 };
165
166 static struct usb_endpoint_descriptor mtp_highspeed_in_desc = {
167 .bLength = USB_DT_ENDPOINT_SIZE,
168 .bDescriptorType = USB_DT_ENDPOINT,
169 .bEndpointAddress = USB_DIR_IN,
170 .bmAttributes = USB_ENDPOINT_XFER_BULK,
171 .wMaxPacketSize = __constant_cpu_to_le16(512),
172 };
173
174 static struct usb_endpoint_descriptor mtp_highspeed_out_desc = {
175 .bLength = USB_DT_ENDPOINT_SIZE,
176 .bDescriptorType = USB_DT_ENDPOINT,
177 .bEndpointAddress = USB_DIR_OUT,
178 .bmAttributes = USB_ENDPOINT_XFER_BULK,
179 .wMaxPacketSize = __constant_cpu_to_le16(512),
180 };
181
182 static struct usb_endpoint_descriptor mtp_fullspeed_in_desc = {
183 .bLength = USB_DT_ENDPOINT_SIZE,
184 .bDescriptorType = USB_DT_ENDPOINT,
185 .bEndpointAddress = USB_DIR_IN,
186 .bmAttributes = USB_ENDPOINT_XFER_BULK,
187 };
188
189 static struct usb_endpoint_descriptor mtp_fullspeed_out_desc = {
190 .bLength = USB_DT_ENDPOINT_SIZE,
191 .bDescriptorType = USB_DT_ENDPOINT,
192 .bEndpointAddress = USB_DIR_OUT,
193 .bmAttributes = USB_ENDPOINT_XFER_BULK,
194 };
195
196 static struct usb_endpoint_descriptor mtp_intr_desc = {
197 .bLength = USB_DT_ENDPOINT_SIZE,
198 .bDescriptorType = USB_DT_ENDPOINT,
199 .bEndpointAddress = USB_DIR_IN,
200 .bmAttributes = USB_ENDPOINT_XFER_INT,
201 .wMaxPacketSize = __constant_cpu_to_le16(INTR_BUFFER_SIZE),
202 .bInterval = 6,
203 };
204
205 static struct usb_ss_ep_comp_descriptor mtp_intr_ss_comp_desc = {
206 .bLength = sizeof(mtp_intr_ss_comp_desc),
207 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
208 .wBytesPerInterval = cpu_to_le16(INTR_BUFFER_SIZE),
209 };
210
211 static struct usb_descriptor_header *fs_mtp_descs[] = {
212 (struct usb_descriptor_header *) &mtp_interface_desc,
213 (struct usb_descriptor_header *) &mtp_fullspeed_in_desc,
214 (struct usb_descriptor_header *) &mtp_fullspeed_out_desc,
215 (struct usb_descriptor_header *) &mtp_intr_desc,
216 NULL,
217 };
218
219 static struct usb_descriptor_header *hs_mtp_descs[] = {
220 (struct usb_descriptor_header *) &mtp_interface_desc,
221 (struct usb_descriptor_header *) &mtp_highspeed_in_desc,
222 (struct usb_descriptor_header *) &mtp_highspeed_out_desc,
223 (struct usb_descriptor_header *) &mtp_intr_desc,
224 NULL,
225 };
226
227 static struct usb_descriptor_header *ss_mtp_descs[] = {
228 (struct usb_descriptor_header *) &mtp_interface_desc,
229 (struct usb_descriptor_header *) &mtp_ss_in_desc,
230 (struct usb_descriptor_header *) &mtp_ss_in_comp_desc,
231 (struct usb_descriptor_header *) &mtp_ss_out_desc,
232 (struct usb_descriptor_header *) &mtp_ss_out_comp_desc,
233 (struct usb_descriptor_header *) &mtp_intr_desc,
234 (struct usb_descriptor_header *) &mtp_intr_ss_comp_desc,
235 NULL,
236 };
237
238 static struct usb_descriptor_header *fs_ptp_descs[] = {
239 (struct usb_descriptor_header *) &ptp_interface_desc,
240 (struct usb_descriptor_header *) &mtp_fullspeed_in_desc,
241 (struct usb_descriptor_header *) &mtp_fullspeed_out_desc,
242 (struct usb_descriptor_header *) &mtp_intr_desc,
243 NULL,
244 };
245
246 static struct usb_descriptor_header *hs_ptp_descs[] = {
247 (struct usb_descriptor_header *) &ptp_interface_desc,
248 (struct usb_descriptor_header *) &mtp_highspeed_in_desc,
249 (struct usb_descriptor_header *) &mtp_highspeed_out_desc,
250 (struct usb_descriptor_header *) &mtp_intr_desc,
251 NULL,
252 };
253
254 static struct usb_descriptor_header *ss_ptp_descs[] = {
255 (struct usb_descriptor_header *) &ptp_interface_desc,
256 (struct usb_descriptor_header *) &mtp_ss_in_desc,
257 (struct usb_descriptor_header *) &mtp_ss_in_comp_desc,
258 (struct usb_descriptor_header *) &mtp_ss_out_desc,
259 (struct usb_descriptor_header *) &mtp_ss_out_comp_desc,
260 (struct usb_descriptor_header *) &mtp_intr_desc,
261 (struct usb_descriptor_header *) &mtp_intr_ss_comp_desc,
262 NULL,
263 };
264
265 static struct usb_string mtp_string_defs[] = {
266 /* Naming interface "MTP" so libmtp will recognize us */
267 [INTERFACE_STRING_INDEX].s = "MTP",
268 { }, /* end of list */
269 };
270
271 static struct usb_gadget_strings mtp_string_table = {
272 .language = 0x0409, /* en-US */
273 .strings = mtp_string_defs,
274 };
275
276 static struct usb_gadget_strings *mtp_strings[] = {
277 &mtp_string_table,
278 NULL,
279 };
280
281 /* Microsoft MTP OS String */
282 static u8 mtp_os_string[] = {
283 18, /* sizeof(mtp_os_string) */
284 USB_DT_STRING,
285 /* Signature field: "MSFT100" */
286 'M', 0, 'S', 0, 'F', 0, 'T', 0, '1', 0, '0', 0, '0', 0,
287 /* vendor code */
288 1,
289 /* padding */
290 0
291 };
292
293 /* Microsoft Extended Configuration Descriptor Header Section */
294 struct mtp_ext_config_desc_header {
295 __le32 dwLength;
296 __u16 bcdVersion;
297 __le16 wIndex;
298 __u8 bCount;
299 __u8 reserved[7];
300 };
301
302 /* Microsoft Extended Configuration Descriptor Function Section */
303 struct mtp_ext_config_desc_function {
304 __u8 bFirstInterfaceNumber;
305 __u8 bInterfaceCount;
306 __u8 compatibleID[8];
307 __u8 subCompatibleID[8];
308 __u8 reserved[6];
309 };
310
311 /* MTP Extended Configuration Descriptor */
312 struct mtp_ext_config_desc {
313 struct mtp_ext_config_desc_header header;
314 struct mtp_ext_config_desc_function function;
315 };
316
317 static struct mtp_ext_config_desc mtp_ext_config_desc = {
318 .header = {
319 .dwLength = __constant_cpu_to_le32(sizeof(mtp_ext_config_desc)),
320 .bcdVersion = __constant_cpu_to_le16(0x0100),
321 .wIndex = __constant_cpu_to_le16(4),
322 .bCount = 1,
323 },
324 .function = {
325 .bFirstInterfaceNumber = 0,
326 .bInterfaceCount = 1,
327 .compatibleID = { 'M', 'T', 'P' },
328 },
329 };
330
331 struct mtp_device_status {
332 __le16 wLength;
333 __le16 wCode;
334 };
335
336 struct mtp_data_header {
337 /* length of packet, including this header */
338 __le32 length;
339 /* container type (2 for data packet) */
340 __le16 type;
341 /* MTP command code */
342 __le16 command;
343 /* MTP transaction ID */
344 __le32 transaction_id;
345 };
346
347 struct mtp_instance {
348 struct usb_function_instance func_inst;
349 const char *name;
350 struct mtp_dev *dev;
351 char mtp_ext_compat_id[16];
352 struct usb_os_desc mtp_os_desc;
353 };
354
355 /* temporary variable used between mtp_open() and mtp_gadget_bind() */
356 static struct mtp_dev *_mtp_dev;
357
func_to_mtp(struct usb_function * f)358 static inline struct mtp_dev *func_to_mtp(struct usb_function *f)
359 {
360 return container_of(f, struct mtp_dev, function);
361 }
362
mtp_request_new(struct usb_ep * ep,int buffer_size)363 static struct usb_request *mtp_request_new(struct usb_ep *ep, int buffer_size)
364 {
365 struct usb_request *req = usb_ep_alloc_request(ep, GFP_KERNEL);
366 if (!req)
367 return NULL;
368
369 /* now allocate buffers for the requests */
370 req->buf = kmalloc(buffer_size, GFP_KERNEL);
371 if (!req->buf) {
372 usb_ep_free_request(ep, req);
373 return NULL;
374 }
375
376 return req;
377 }
378
mtp_request_free(struct usb_request * req,struct usb_ep * ep)379 static void mtp_request_free(struct usb_request *req, struct usb_ep *ep)
380 {
381 if (req) {
382 kfree(req->buf);
383 usb_ep_free_request(ep, req);
384 }
385 }
386
mtp_lock(atomic_t * excl)387 static inline int mtp_lock(atomic_t *excl)
388 {
389 if (atomic_inc_return(excl) == 1) {
390 return 0;
391 } else {
392 atomic_dec(excl);
393 return -1;
394 }
395 }
396
mtp_unlock(atomic_t * excl)397 static inline void mtp_unlock(atomic_t *excl)
398 {
399 atomic_dec(excl);
400 }
401
402 /* add a request to the tail of a list */
mtp_req_put(struct mtp_dev * dev,struct list_head * head,struct usb_request * req)403 static void mtp_req_put(struct mtp_dev *dev, struct list_head *head,
404 struct usb_request *req)
405 {
406 unsigned long flags;
407
408 spin_lock_irqsave(&dev->lock, flags);
409 list_add_tail(&req->list, head);
410 spin_unlock_irqrestore(&dev->lock, flags);
411 }
412
413 /* remove a request from the head of a list */
414 static struct usb_request
mtp_req_get(struct mtp_dev * dev,struct list_head * head)415 *mtp_req_get(struct mtp_dev *dev, struct list_head *head)
416 {
417 unsigned long flags;
418 struct usb_request *req;
419
420 spin_lock_irqsave(&dev->lock, flags);
421 if (list_empty(head)) {
422 req = 0;
423 } else {
424 req = list_first_entry(head, struct usb_request, list);
425 list_del(&req->list);
426 }
427 spin_unlock_irqrestore(&dev->lock, flags);
428 return req;
429 }
430
mtp_complete_in(struct usb_ep * ep,struct usb_request * req)431 static void mtp_complete_in(struct usb_ep *ep, struct usb_request *req)
432 {
433 struct mtp_dev *dev = _mtp_dev;
434
435 if (req->status != 0)
436 dev->state = STATE_ERROR;
437
438 mtp_req_put(dev, &dev->tx_idle, req);
439
440 wake_up(&dev->write_wq);
441 }
442
mtp_complete_out(struct usb_ep * ep,struct usb_request * req)443 static void mtp_complete_out(struct usb_ep *ep, struct usb_request *req)
444 {
445 struct mtp_dev *dev = _mtp_dev;
446
447 dev->rx_done = 1;
448 if (req->status != 0)
449 dev->state = STATE_ERROR;
450
451 wake_up(&dev->read_wq);
452 }
453
mtp_complete_intr(struct usb_ep * ep,struct usb_request * req)454 static void mtp_complete_intr(struct usb_ep *ep, struct usb_request *req)
455 {
456 struct mtp_dev *dev = _mtp_dev;
457
458 if (req->status != 0)
459 dev->state = STATE_ERROR;
460
461 mtp_req_put(dev, &dev->intr_idle, req);
462
463 wake_up(&dev->intr_wq);
464 }
465
mtp_create_bulk_endpoints(struct mtp_dev * dev,struct usb_endpoint_descriptor * in_desc,struct usb_endpoint_descriptor * out_desc,struct usb_endpoint_descriptor * intr_desc)466 static int mtp_create_bulk_endpoints(struct mtp_dev *dev,
467 struct usb_endpoint_descriptor *in_desc,
468 struct usb_endpoint_descriptor *out_desc,
469 struct usb_endpoint_descriptor *intr_desc)
470 {
471 struct usb_composite_dev *cdev = dev->cdev;
472 struct usb_request *req;
473 struct usb_ep *ep;
474 int i;
475
476 DBG(cdev, "create_bulk_endpoints dev: %p\n", dev);
477
478 ep = usb_ep_autoconfig(cdev->gadget, in_desc);
479 if (!ep) {
480 DBG(cdev, "usb_ep_autoconfig for ep_in failed\n");
481 return -ENODEV;
482 }
483 DBG(cdev, "usb_ep_autoconfig for ep_in got %s\n", ep->name);
484 ep->driver_data = dev; /* claim the endpoint */
485 dev->ep_in = ep;
486
487 ep = usb_ep_autoconfig(cdev->gadget, out_desc);
488 if (!ep) {
489 DBG(cdev, "usb_ep_autoconfig for ep_out failed\n");
490 return -ENODEV;
491 }
492 DBG(cdev, "usb_ep_autoconfig for mtp ep_out got %s\n", ep->name);
493 ep->driver_data = dev; /* claim the endpoint */
494 dev->ep_out = ep;
495
496 ep = usb_ep_autoconfig(cdev->gadget, intr_desc);
497 if (!ep) {
498 DBG(cdev, "usb_ep_autoconfig for ep_intr failed\n");
499 return -ENODEV;
500 }
501 DBG(cdev, "usb_ep_autoconfig for mtp ep_intr got %s\n", ep->name);
502 ep->driver_data = dev; /* claim the endpoint */
503 dev->ep_intr = ep;
504
505 /* now allocate requests for our endpoints */
506 for (i = 0; i < TX_REQ_MAX; i++) {
507 req = mtp_request_new(dev->ep_in, MTP_BULK_BUFFER_SIZE);
508 if (!req)
509 goto fail;
510 req->complete = mtp_complete_in;
511 mtp_req_put(dev, &dev->tx_idle, req);
512 }
513 for (i = 0; i < RX_REQ_MAX; i++) {
514 req = mtp_request_new(dev->ep_out, MTP_BULK_BUFFER_SIZE);
515 if (!req)
516 goto fail;
517 req->complete = mtp_complete_out;
518 dev->rx_req[i] = req;
519 }
520 for (i = 0; i < INTR_REQ_MAX; i++) {
521 req = mtp_request_new(dev->ep_intr, INTR_BUFFER_SIZE);
522 if (!req)
523 goto fail;
524 req->complete = mtp_complete_intr;
525 mtp_req_put(dev, &dev->intr_idle, req);
526 }
527
528 return 0;
529
530 fail:
531 pr_err("mtp_bind() could not allocate requests\n");
532 return -1;
533 }
534
mtp_read(struct file * fp,char __user * buf,size_t count,loff_t * pos)535 static ssize_t mtp_read(struct file *fp, char __user *buf,
536 size_t count, loff_t *pos)
537 {
538 struct mtp_dev *dev = fp->private_data;
539 struct usb_composite_dev *cdev = dev->cdev;
540 struct usb_request *req;
541 ssize_t r = count;
542 unsigned xfer;
543 int ret = 0;
544
545 DBG(cdev, "mtp_read(%zu)\n", count);
546
547 if (count > MTP_BULK_BUFFER_SIZE)
548 return -EINVAL;
549
550 /* we will block until we're online */
551 DBG(cdev, "mtp_read: waiting for online state\n");
552 ret = wait_event_interruptible(dev->read_wq,
553 dev->state != STATE_OFFLINE);
554 if (ret < 0) {
555 r = ret;
556 goto done;
557 }
558 spin_lock_irq(&dev->lock);
559 if (dev->state == STATE_CANCELED) {
560 /* report cancelation to userspace */
561 dev->state = STATE_READY;
562 spin_unlock_irq(&dev->lock);
563 return -ECANCELED;
564 }
565 dev->state = STATE_BUSY;
566 spin_unlock_irq(&dev->lock);
567
568 requeue_req:
569 /* queue a request */
570 req = dev->rx_req[0];
571 req->length = count;
572 dev->rx_done = 0;
573 ret = usb_ep_queue(dev->ep_out, req, GFP_KERNEL);
574 if (ret < 0) {
575 r = -EIO;
576 goto done;
577 } else {
578 DBG(cdev, "rx %p queue\n", req);
579 }
580
581 /* wait for a request to complete */
582 ret = wait_event_interruptible(dev->read_wq, dev->rx_done);
583 if (ret < 0) {
584 r = ret;
585 usb_ep_dequeue(dev->ep_out, req);
586 goto done;
587 }
588 if (dev->state == STATE_BUSY) {
589 /* If we got a 0-len packet, throw it back and try again. */
590 if (req->actual == 0)
591 goto requeue_req;
592
593 DBG(cdev, "rx %p %d\n", req, req->actual);
594 xfer = (req->actual < count) ? req->actual : count;
595 r = xfer;
596 if (copy_to_user(buf, req->buf, xfer))
597 r = -EFAULT;
598 } else
599 r = -EIO;
600
601 done:
602 spin_lock_irq(&dev->lock);
603 if (dev->state == STATE_CANCELED)
604 r = -ECANCELED;
605 else if (dev->state != STATE_OFFLINE)
606 dev->state = STATE_READY;
607 spin_unlock_irq(&dev->lock);
608
609 DBG(cdev, "mtp_read returning %zd\n", r);
610 return r;
611 }
612
mtp_write(struct file * fp,const char __user * buf,size_t count,loff_t * pos)613 static ssize_t mtp_write(struct file *fp, const char __user *buf,
614 size_t count, loff_t *pos)
615 {
616 struct mtp_dev *dev = fp->private_data;
617 struct usb_composite_dev *cdev = dev->cdev;
618 struct usb_request *req = 0;
619 ssize_t r = count;
620 unsigned xfer;
621 int sendZLP = 0;
622 int ret;
623
624 DBG(cdev, "mtp_write(%zu)\n", count);
625
626 spin_lock_irq(&dev->lock);
627 if (dev->state == STATE_CANCELED) {
628 /* report cancelation to userspace */
629 dev->state = STATE_READY;
630 spin_unlock_irq(&dev->lock);
631 return -ECANCELED;
632 }
633 if (dev->state == STATE_OFFLINE) {
634 spin_unlock_irq(&dev->lock);
635 return -ENODEV;
636 }
637 dev->state = STATE_BUSY;
638 spin_unlock_irq(&dev->lock);
639
640 /* we need to send a zero length packet to signal the end of transfer
641 * if the transfer size is aligned to a packet boundary.
642 */
643 if ((count & (dev->ep_in->maxpacket - 1)) == 0)
644 sendZLP = 1;
645
646 while (count > 0 || sendZLP) {
647 /* so we exit after sending ZLP */
648 if (count == 0)
649 sendZLP = 0;
650
651 if (dev->state != STATE_BUSY) {
652 DBG(cdev, "mtp_write dev->error\n");
653 r = -EIO;
654 break;
655 }
656
657 /* get an idle tx request to use */
658 req = 0;
659 ret = wait_event_interruptible(dev->write_wq,
660 ((req = mtp_req_get(dev, &dev->tx_idle))
661 || dev->state != STATE_BUSY));
662 if (!req) {
663 r = ret;
664 break;
665 }
666
667 if (count > MTP_BULK_BUFFER_SIZE)
668 xfer = MTP_BULK_BUFFER_SIZE;
669 else
670 xfer = count;
671 if (xfer && copy_from_user(req->buf, buf, xfer)) {
672 r = -EFAULT;
673 break;
674 }
675
676 req->length = xfer;
677 ret = usb_ep_queue(dev->ep_in, req, GFP_KERNEL);
678 if (ret < 0) {
679 DBG(cdev, "mtp_write: xfer error %d\n", ret);
680 r = -EIO;
681 break;
682 }
683
684 buf += xfer;
685 count -= xfer;
686
687 /* zero this so we don't try to free it on error exit */
688 req = 0;
689 }
690
691 if (req)
692 mtp_req_put(dev, &dev->tx_idle, req);
693
694 spin_lock_irq(&dev->lock);
695 if (dev->state == STATE_CANCELED)
696 r = -ECANCELED;
697 else if (dev->state != STATE_OFFLINE)
698 dev->state = STATE_READY;
699 spin_unlock_irq(&dev->lock);
700
701 DBG(cdev, "mtp_write returning %zd\n", r);
702 return r;
703 }
704
705 /* read from a local file and write to USB */
send_file_work(struct work_struct * data)706 static void send_file_work(struct work_struct *data)
707 {
708 struct mtp_dev *dev = container_of(data, struct mtp_dev,
709 send_file_work);
710 struct usb_composite_dev *cdev = dev->cdev;
711 struct usb_request *req = 0;
712 struct mtp_data_header *header;
713 struct file *filp;
714 loff_t offset;
715 int64_t count;
716 int xfer, ret, hdr_size;
717 int r = 0;
718 int sendZLP = 0;
719
720 /* read our parameters */
721 smp_rmb();
722 filp = dev->xfer_file;
723 offset = dev->xfer_file_offset;
724 count = dev->xfer_file_length;
725
726 DBG(cdev, "send_file_work(%lld %lld)\n", offset, count);
727
728 if (dev->xfer_send_header) {
729 hdr_size = sizeof(struct mtp_data_header);
730 count += hdr_size;
731 } else {
732 hdr_size = 0;
733 }
734
735 /* we need to send a zero length packet to signal the end of transfer
736 * if the transfer size is aligned to a packet boundary.
737 */
738 if ((count & (dev->ep_in->maxpacket - 1)) == 0)
739 sendZLP = 1;
740
741 while (count > 0 || sendZLP) {
742 /* so we exit after sending ZLP */
743 if (count == 0)
744 sendZLP = 0;
745
746 /* get an idle tx request to use */
747 req = 0;
748 ret = wait_event_interruptible(dev->write_wq,
749 (req = mtp_req_get(dev, &dev->tx_idle))
750 || dev->state != STATE_BUSY);
751 if (dev->state == STATE_CANCELED) {
752 r = -ECANCELED;
753 break;
754 }
755 if (!req) {
756 r = ret;
757 break;
758 }
759
760 if (count > MTP_BULK_BUFFER_SIZE)
761 xfer = MTP_BULK_BUFFER_SIZE;
762 else
763 xfer = count;
764
765 if (hdr_size) {
766 /* prepend MTP data header */
767 header = (struct mtp_data_header *)req->buf;
768 header->length = __cpu_to_le32(count);
769 header->type = __cpu_to_le16(2); /* data packet */
770 header->command = __cpu_to_le16(dev->xfer_command);
771 header->transaction_id =
772 __cpu_to_le32(dev->xfer_transaction_id);
773 }
774
775 ret = vfs_read(filp, req->buf + hdr_size, xfer - hdr_size,
776 &offset);
777 if (ret < 0) {
778 r = ret;
779 break;
780 }
781 xfer = ret + hdr_size;
782 hdr_size = 0;
783
784 req->length = xfer;
785 ret = usb_ep_queue(dev->ep_in, req, GFP_KERNEL);
786 if (ret < 0) {
787 DBG(cdev, "send_file_work: xfer error %d\n", ret);
788 dev->state = STATE_ERROR;
789 r = -EIO;
790 break;
791 }
792
793 count -= xfer;
794
795 /* zero this so we don't try to free it on error exit */
796 req = 0;
797 }
798
799 if (req)
800 mtp_req_put(dev, &dev->tx_idle, req);
801
802 DBG(cdev, "send_file_work returning %d\n", r);
803 /* write the result */
804 dev->xfer_result = r;
805 smp_wmb();
806 }
807
808 /* read from USB and write to a local file */
receive_file_work(struct work_struct * data)809 static void receive_file_work(struct work_struct *data)
810 {
811 struct mtp_dev *dev = container_of(data, struct mtp_dev,
812 receive_file_work);
813 struct usb_composite_dev *cdev = dev->cdev;
814 struct usb_request *read_req = NULL, *write_req = NULL;
815 struct file *filp;
816 loff_t offset;
817 int64_t count;
818 int ret, cur_buf = 0;
819 int r = 0;
820
821 /* read our parameters */
822 smp_rmb();
823 filp = dev->xfer_file;
824 offset = dev->xfer_file_offset;
825 count = dev->xfer_file_length;
826
827 DBG(cdev, "receive_file_work(%lld)\n", count);
828
829 while (count > 0 || write_req) {
830 if (count > 0) {
831 /* queue a request */
832 read_req = dev->rx_req[cur_buf];
833 cur_buf = (cur_buf + 1) % RX_REQ_MAX;
834
835 read_req->length = (count > MTP_BULK_BUFFER_SIZE
836 ? MTP_BULK_BUFFER_SIZE : count);
837 dev->rx_done = 0;
838 ret = usb_ep_queue(dev->ep_out, read_req, GFP_KERNEL);
839 if (ret < 0) {
840 r = -EIO;
841 dev->state = STATE_ERROR;
842 break;
843 }
844 }
845
846 if (write_req) {
847 DBG(cdev, "rx %p %d\n", write_req, write_req->actual);
848 ret = vfs_write(filp, write_req->buf, write_req->actual,
849 &offset);
850 DBG(cdev, "vfs_write %d\n", ret);
851 if (ret != write_req->actual) {
852 r = -EIO;
853 dev->state = STATE_ERROR;
854 break;
855 }
856 write_req = NULL;
857 }
858
859 if (read_req) {
860 /* wait for our last read to complete */
861 ret = wait_event_interruptible(dev->read_wq,
862 dev->rx_done || dev->state != STATE_BUSY);
863 if (dev->state == STATE_CANCELED) {
864 r = -ECANCELED;
865 if (!dev->rx_done)
866 usb_ep_dequeue(dev->ep_out, read_req);
867 break;
868 }
869 /* if xfer_file_length is 0xFFFFFFFF, then we read until
870 * we get a zero length packet
871 */
872 if (count != 0xFFFFFFFF)
873 count -= read_req->actual;
874 if (read_req->actual < read_req->length) {
875 /*
876 * short packet is used to signal EOF for
877 * sizes > 4 gig
878 */
879 DBG(cdev, "got short packet\n");
880 count = 0;
881 }
882
883 write_req = read_req;
884 read_req = NULL;
885 }
886 }
887
888 DBG(cdev, "receive_file_work returning %d\n", r);
889 /* write the result */
890 dev->xfer_result = r;
891 smp_wmb();
892 }
893
mtp_send_event(struct mtp_dev * dev,struct mtp_event * event)894 static int mtp_send_event(struct mtp_dev *dev, struct mtp_event *event)
895 {
896 struct usb_request *req = NULL;
897 int ret;
898 int length = event->length;
899
900 DBG(dev->cdev, "mtp_send_event(%zu)\n", event->length);
901
902 if (length < 0 || length > INTR_BUFFER_SIZE)
903 return -EINVAL;
904 if (dev->state == STATE_OFFLINE)
905 return -ENODEV;
906
907 ret = wait_event_interruptible_timeout(dev->intr_wq,
908 (req = mtp_req_get(dev, &dev->intr_idle)),
909 msecs_to_jiffies(1000));
910 if (!req)
911 return -ETIME;
912
913 if (copy_from_user(req->buf, (void __user *)event->data, length)) {
914 mtp_req_put(dev, &dev->intr_idle, req);
915 return -EFAULT;
916 }
917 req->length = length;
918 ret = usb_ep_queue(dev->ep_intr, req, GFP_KERNEL);
919 if (ret)
920 mtp_req_put(dev, &dev->intr_idle, req);
921
922 return ret;
923 }
924
mtp_ioctl(struct file * fp,unsigned code,unsigned long value)925 static long mtp_ioctl(struct file *fp, unsigned code, unsigned long value)
926 {
927 struct mtp_dev *dev = fp->private_data;
928 struct file *filp = NULL;
929 int ret = -EINVAL;
930
931 if (mtp_lock(&dev->ioctl_excl))
932 return -EBUSY;
933
934 switch (code) {
935 case MTP_SEND_FILE:
936 case MTP_RECEIVE_FILE:
937 case MTP_SEND_FILE_WITH_HEADER:
938 {
939 struct mtp_file_range mfr;
940 struct work_struct *work;
941
942 spin_lock_irq(&dev->lock);
943 if (dev->state == STATE_CANCELED) {
944 /* report cancelation to userspace */
945 dev->state = STATE_READY;
946 spin_unlock_irq(&dev->lock);
947 ret = -ECANCELED;
948 goto out;
949 }
950 if (dev->state == STATE_OFFLINE) {
951 spin_unlock_irq(&dev->lock);
952 ret = -ENODEV;
953 goto out;
954 }
955 dev->state = STATE_BUSY;
956 spin_unlock_irq(&dev->lock);
957
958 if (copy_from_user(&mfr, (void __user *)value, sizeof(mfr))) {
959 ret = -EFAULT;
960 goto fail;
961 }
962 /* hold a reference to the file while we are working with it */
963 filp = fget(mfr.fd);
964 if (!filp) {
965 ret = -EBADF;
966 goto fail;
967 }
968
969 /* write the parameters */
970 dev->xfer_file = filp;
971 dev->xfer_file_offset = mfr.offset;
972 dev->xfer_file_length = mfr.length;
973 smp_wmb();
974
975 if (code == MTP_SEND_FILE_WITH_HEADER) {
976 work = &dev->send_file_work;
977 dev->xfer_send_header = 1;
978 dev->xfer_command = mfr.command;
979 dev->xfer_transaction_id = mfr.transaction_id;
980 } else if (code == MTP_SEND_FILE) {
981 work = &dev->send_file_work;
982 dev->xfer_send_header = 0;
983 } else {
984 work = &dev->receive_file_work;
985 }
986
987 /* We do the file transfer on a work queue so it will run
988 * in kernel context, which is necessary for vfs_read and
989 * vfs_write to use our buffers in the kernel address space.
990 */
991 queue_work(dev->wq, work);
992 /* wait for operation to complete */
993 flush_workqueue(dev->wq);
994 fput(filp);
995
996 /* read the result */
997 smp_rmb();
998 ret = dev->xfer_result;
999 break;
1000 }
1001 case MTP_SEND_EVENT:
1002 {
1003 struct mtp_event event;
1004 /* return here so we don't change dev->state below,
1005 * which would interfere with bulk transfer state.
1006 */
1007 if (copy_from_user(&event, (void __user *)value, sizeof(event)))
1008 ret = -EFAULT;
1009 else
1010 ret = mtp_send_event(dev, &event);
1011 goto out;
1012 }
1013 }
1014
1015 fail:
1016 spin_lock_irq(&dev->lock);
1017 if (dev->state == STATE_CANCELED)
1018 ret = -ECANCELED;
1019 else if (dev->state != STATE_OFFLINE)
1020 dev->state = STATE_READY;
1021 spin_unlock_irq(&dev->lock);
1022 out:
1023 mtp_unlock(&dev->ioctl_excl);
1024 DBG(dev->cdev, "ioctl returning %d\n", ret);
1025 return ret;
1026 }
1027
mtp_open(struct inode * ip,struct file * fp)1028 static int mtp_open(struct inode *ip, struct file *fp)
1029 {
1030 printk(KERN_INFO "mtp_open\n");
1031 if (mtp_lock(&_mtp_dev->open_excl))
1032 return -EBUSY;
1033
1034 /* clear any error condition */
1035 if (_mtp_dev->state != STATE_OFFLINE)
1036 _mtp_dev->state = STATE_READY;
1037
1038 fp->private_data = _mtp_dev;
1039 return 0;
1040 }
1041
mtp_release(struct inode * ip,struct file * fp)1042 static int mtp_release(struct inode *ip, struct file *fp)
1043 {
1044 printk(KERN_INFO "mtp_release\n");
1045
1046 mtp_unlock(&_mtp_dev->open_excl);
1047 return 0;
1048 }
1049
1050 /* file operations for /dev/mtp_usb */
1051 static const struct file_operations mtp_fops = {
1052 .owner = THIS_MODULE,
1053 .read = mtp_read,
1054 .write = mtp_write,
1055 .unlocked_ioctl = mtp_ioctl,
1056 .open = mtp_open,
1057 .release = mtp_release,
1058 };
1059
1060 static struct miscdevice mtp_device = {
1061 .minor = MISC_DYNAMIC_MINOR,
1062 .name = mtp_shortname,
1063 .fops = &mtp_fops,
1064 };
1065
mtp_ctrlrequest(struct usb_composite_dev * cdev,const struct usb_ctrlrequest * ctrl)1066 static int mtp_ctrlrequest(struct usb_composite_dev *cdev,
1067 const struct usb_ctrlrequest *ctrl)
1068 {
1069 struct mtp_dev *dev = _mtp_dev;
1070 int value = -EOPNOTSUPP;
1071 u16 w_index = le16_to_cpu(ctrl->wIndex);
1072 u16 w_value = le16_to_cpu(ctrl->wValue);
1073 u16 w_length = le16_to_cpu(ctrl->wLength);
1074 unsigned long flags;
1075
1076 VDBG(cdev, "mtp_ctrlrequest "
1077 "%02x.%02x v%04x i%04x l%u\n",
1078 ctrl->bRequestType, ctrl->bRequest,
1079 w_value, w_index, w_length);
1080
1081 /* Handle MTP OS string */
1082 if (ctrl->bRequestType ==
1083 (USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_DEVICE)
1084 && ctrl->bRequest == USB_REQ_GET_DESCRIPTOR
1085 && (w_value >> 8) == USB_DT_STRING
1086 && (w_value & 0xFF) == MTP_OS_STRING_ID) {
1087 value = (w_length < sizeof(mtp_os_string)
1088 ? w_length : sizeof(mtp_os_string));
1089 memcpy(cdev->req->buf, mtp_os_string, value);
1090 } else if ((ctrl->bRequestType & USB_TYPE_MASK) == USB_TYPE_VENDOR) {
1091 /* Handle MTP OS descriptor */
1092 DBG(cdev, "vendor request: %d index: %d value: %d length: %d\n",
1093 ctrl->bRequest, w_index, w_value, w_length);
1094
1095 if (ctrl->bRequest == 1
1096 && (ctrl->bRequestType & USB_DIR_IN)
1097 && (w_index == 4 || w_index == 5)) {
1098 value = (w_length < sizeof(mtp_ext_config_desc) ?
1099 w_length : sizeof(mtp_ext_config_desc));
1100 memcpy(cdev->req->buf, &mtp_ext_config_desc, value);
1101
1102 /* update compatibleID if PTP */
1103 if (dev->function.fs_descriptors == fs_ptp_descs) {
1104 struct mtp_ext_config_desc *d = cdev->req->buf;
1105
1106 d->function.compatibleID[0] = 'P';
1107 }
1108 }
1109 } else if ((ctrl->bRequestType & USB_TYPE_MASK) == USB_TYPE_CLASS) {
1110 DBG(cdev, "class request: %d index: %d value: %d length: %d\n",
1111 ctrl->bRequest, w_index, w_value, w_length);
1112
1113 if (ctrl->bRequest == MTP_REQ_CANCEL && w_index == 0
1114 && w_value == 0) {
1115 DBG(cdev, "MTP_REQ_CANCEL\n");
1116
1117 spin_lock_irqsave(&dev->lock, flags);
1118 if (dev->state == STATE_BUSY) {
1119 dev->state = STATE_CANCELED;
1120 wake_up(&dev->read_wq);
1121 wake_up(&dev->write_wq);
1122 }
1123 spin_unlock_irqrestore(&dev->lock, flags);
1124
1125 /* We need to queue a request to read the remaining
1126 * bytes, but we don't actually need to look at
1127 * the contents.
1128 */
1129 value = w_length;
1130 } else if (ctrl->bRequest == MTP_REQ_GET_DEVICE_STATUS
1131 && w_index == 0 && w_value == 0) {
1132 struct mtp_device_status *status = cdev->req->buf;
1133 status->wLength =
1134 __constant_cpu_to_le16(sizeof(*status));
1135
1136 DBG(cdev, "MTP_REQ_GET_DEVICE_STATUS\n");
1137 spin_lock_irqsave(&dev->lock, flags);
1138 /* device status is "busy" until we report
1139 * the cancelation to userspace
1140 */
1141 if (dev->state == STATE_CANCELED)
1142 status->wCode =
1143 __cpu_to_le16(MTP_RESPONSE_DEVICE_BUSY);
1144 else
1145 status->wCode =
1146 __cpu_to_le16(MTP_RESPONSE_OK);
1147 spin_unlock_irqrestore(&dev->lock, flags);
1148 value = sizeof(*status);
1149 }
1150 }
1151
1152 /* respond with data transfer or status phase? */
1153 if (value >= 0) {
1154 int rc;
1155 cdev->req->zero = value < w_length;
1156 cdev->req->length = value;
1157 rc = usb_ep_queue(cdev->gadget->ep0, cdev->req, GFP_ATOMIC);
1158 if (rc < 0)
1159 ERROR(cdev, "%s: response queue error\n", __func__);
1160 }
1161 return value;
1162 }
1163
1164 static int
mtp_function_bind(struct usb_configuration * c,struct usb_function * f)1165 mtp_function_bind(struct usb_configuration *c, struct usb_function *f)
1166 {
1167 struct usb_composite_dev *cdev = c->cdev;
1168 struct mtp_dev *dev = func_to_mtp(f);
1169 int id;
1170 int ret;
1171 struct mtp_instance *fi_mtp;
1172
1173 dev->cdev = cdev;
1174 DBG(cdev, "mtp_function_bind dev: %p\n", dev);
1175
1176 /* allocate interface ID(s) */
1177 id = usb_interface_id(c, f);
1178 if (id < 0)
1179 return id;
1180 mtp_interface_desc.bInterfaceNumber = id;
1181
1182 if (mtp_string_defs[INTERFACE_STRING_INDEX].id == 0) {
1183 ret = usb_string_id(c->cdev);
1184 if (ret < 0)
1185 return ret;
1186 mtp_string_defs[INTERFACE_STRING_INDEX].id = ret;
1187 mtp_interface_desc.iInterface = ret;
1188 }
1189
1190 fi_mtp = container_of(f->fi, struct mtp_instance, func_inst);
1191
1192 if (cdev->use_os_string) {
1193 f->os_desc_table = kzalloc(sizeof(*f->os_desc_table),
1194 GFP_KERNEL);
1195 if (!f->os_desc_table)
1196 return -ENOMEM;
1197 f->os_desc_n = 1;
1198 f->os_desc_table[0].os_desc = &fi_mtp->mtp_os_desc;
1199 }
1200
1201 /* allocate endpoints */
1202 ret = mtp_create_bulk_endpoints(dev, &mtp_fullspeed_in_desc,
1203 &mtp_fullspeed_out_desc, &mtp_intr_desc);
1204 if (ret)
1205 return ret;
1206
1207 /* support high speed hardware */
1208 if (gadget_is_dualspeed(c->cdev->gadget)) {
1209 mtp_highspeed_in_desc.bEndpointAddress =
1210 mtp_fullspeed_in_desc.bEndpointAddress;
1211 mtp_highspeed_out_desc.bEndpointAddress =
1212 mtp_fullspeed_out_desc.bEndpointAddress;
1213 }
1214 /* support super speed hardware */
1215 if (gadget_is_superspeed(c->cdev->gadget)) {
1216 unsigned max_burst;
1217
1218 /* Calculate bMaxBurst, we know packet size is 1024 */
1219 max_burst = min_t(unsigned, MTP_BULK_BUFFER_SIZE / 1024, 15);
1220 mtp_ss_in_desc.bEndpointAddress =
1221 mtp_fullspeed_in_desc.bEndpointAddress;
1222 mtp_ss_in_comp_desc.bMaxBurst = max_burst;
1223 mtp_ss_out_desc.bEndpointAddress =
1224 mtp_fullspeed_out_desc.bEndpointAddress;
1225 mtp_ss_out_comp_desc.bMaxBurst = max_burst;
1226 }
1227
1228 DBG(cdev, "%s speed %s: IN/%s, OUT/%s\n",
1229 gadget_is_superspeed(c->cdev->gadget) ? "super" :
1230 (gadget_is_dualspeed(c->cdev->gadget) ? "dual" : "full"),
1231 f->name, dev->ep_in->name, dev->ep_out->name);
1232 return 0;
1233 }
1234
1235 static void
mtp_function_unbind(struct usb_configuration * c,struct usb_function * f)1236 mtp_function_unbind(struct usb_configuration *c, struct usb_function *f)
1237 {
1238 struct mtp_dev *dev = func_to_mtp(f);
1239 struct usb_request *req;
1240 int i;
1241
1242 mtp_string_defs[INTERFACE_STRING_INDEX].id = 0;
1243 while ((req = mtp_req_get(dev, &dev->tx_idle)))
1244 mtp_request_free(req, dev->ep_in);
1245 for (i = 0; i < RX_REQ_MAX; i++)
1246 mtp_request_free(dev->rx_req[i], dev->ep_out);
1247 while ((req = mtp_req_get(dev, &dev->intr_idle)))
1248 mtp_request_free(req, dev->ep_intr);
1249 dev->state = STATE_OFFLINE;
1250 kfree(f->os_desc_table);
1251 f->os_desc_n = 0;
1252 }
1253
mtp_function_set_alt(struct usb_function * f,unsigned intf,unsigned alt)1254 static int mtp_function_set_alt(struct usb_function *f,
1255 unsigned intf, unsigned alt)
1256 {
1257 struct mtp_dev *dev = func_to_mtp(f);
1258 struct usb_composite_dev *cdev = f->config->cdev;
1259 int ret;
1260
1261 DBG(cdev, "mtp_function_set_alt intf: %d alt: %d\n", intf, alt);
1262
1263 ret = config_ep_by_speed(cdev->gadget, f, dev->ep_in);
1264 if (ret)
1265 return ret;
1266
1267 ret = usb_ep_enable(dev->ep_in);
1268 if (ret)
1269 return ret;
1270
1271 ret = config_ep_by_speed(cdev->gadget, f, dev->ep_out);
1272 if (ret)
1273 return ret;
1274
1275 ret = usb_ep_enable(dev->ep_out);
1276 if (ret) {
1277 usb_ep_disable(dev->ep_in);
1278 return ret;
1279 }
1280
1281 ret = config_ep_by_speed(cdev->gadget, f, dev->ep_intr);
1282 if (ret)
1283 return ret;
1284
1285 ret = usb_ep_enable(dev->ep_intr);
1286 if (ret) {
1287 usb_ep_disable(dev->ep_out);
1288 usb_ep_disable(dev->ep_in);
1289 return ret;
1290 }
1291 dev->state = STATE_READY;
1292
1293 /* readers may be blocked waiting for us to go online */
1294 wake_up(&dev->read_wq);
1295 return 0;
1296 }
1297
mtp_function_disable(struct usb_function * f)1298 static void mtp_function_disable(struct usb_function *f)
1299 {
1300 struct mtp_dev *dev = func_to_mtp(f);
1301 struct usb_composite_dev *cdev = dev->cdev;
1302
1303 DBG(cdev, "mtp_function_disable\n");
1304 dev->state = STATE_OFFLINE;
1305 usb_ep_disable(dev->ep_in);
1306 usb_ep_disable(dev->ep_out);
1307 usb_ep_disable(dev->ep_intr);
1308
1309 /* readers may be blocked waiting for us to go online */
1310 wake_up(&dev->read_wq);
1311
1312 VDBG(cdev, "%s disabled\n", dev->function.name);
1313 }
1314
mtp_bind_config(struct usb_configuration * c,bool ptp_config)1315 static __maybe_unused int mtp_bind_config(struct usb_configuration *c,
1316 bool ptp_config)
1317 {
1318 struct mtp_dev *dev = _mtp_dev;
1319 int ret = 0;
1320
1321 printk(KERN_INFO "mtp_bind_config\n");
1322
1323 /* allocate a string ID for our interface */
1324 if (mtp_string_defs[INTERFACE_STRING_INDEX].id == 0) {
1325 ret = usb_string_id(c->cdev);
1326 if (ret < 0)
1327 return ret;
1328 mtp_string_defs[INTERFACE_STRING_INDEX].id = ret;
1329 mtp_interface_desc.iInterface = ret;
1330 }
1331
1332 dev->cdev = c->cdev;
1333 dev->function.name = DRIVER_NAME;
1334 dev->function.strings = mtp_strings;
1335 if (ptp_config) {
1336 dev->function.fs_descriptors = fs_ptp_descs;
1337 dev->function.hs_descriptors = hs_ptp_descs;
1338 dev->function.ss_descriptors = ss_ptp_descs;
1339 } else {
1340 dev->function.fs_descriptors = fs_mtp_descs;
1341 dev->function.hs_descriptors = hs_mtp_descs;
1342 dev->function.ss_descriptors = ss_mtp_descs;
1343 }
1344 dev->function.bind = mtp_function_bind;
1345 dev->function.unbind = mtp_function_unbind;
1346 dev->function.set_alt = mtp_function_set_alt;
1347 dev->function.disable = mtp_function_disable;
1348
1349 return usb_add_function(c, &dev->function);
1350 }
1351
__mtp_setup(struct mtp_instance * fi_mtp)1352 static int __mtp_setup(struct mtp_instance *fi_mtp)
1353 {
1354 struct mtp_dev *dev;
1355 int ret;
1356
1357 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
1358
1359 if (fi_mtp != NULL)
1360 fi_mtp->dev = dev;
1361
1362 if (!dev)
1363 return -ENOMEM;
1364
1365 spin_lock_init(&dev->lock);
1366 init_waitqueue_head(&dev->read_wq);
1367 init_waitqueue_head(&dev->write_wq);
1368 init_waitqueue_head(&dev->intr_wq);
1369 atomic_set(&dev->open_excl, 0);
1370 atomic_set(&dev->ioctl_excl, 0);
1371 INIT_LIST_HEAD(&dev->tx_idle);
1372 INIT_LIST_HEAD(&dev->intr_idle);
1373
1374 dev->wq = create_singlethread_workqueue("f_mtp");
1375 if (!dev->wq) {
1376 ret = -ENOMEM;
1377 goto err1;
1378 }
1379 INIT_WORK(&dev->send_file_work, send_file_work);
1380 INIT_WORK(&dev->receive_file_work, receive_file_work);
1381
1382 _mtp_dev = dev;
1383
1384 ret = misc_register(&mtp_device);
1385 if (ret)
1386 goto err2;
1387
1388 return 0;
1389
1390 err2:
1391 destroy_workqueue(dev->wq);
1392 err1:
1393 _mtp_dev = NULL;
1394 kfree(dev);
1395 printk(KERN_ERR "mtp gadget driver failed to initialize\n");
1396 return ret;
1397 }
1398
mtp_setup(void)1399 static __maybe_unused int mtp_setup(void)
1400 {
1401 return __mtp_setup(NULL);
1402 }
1403
mtp_setup_configfs(struct mtp_instance * fi_mtp)1404 static int mtp_setup_configfs(struct mtp_instance *fi_mtp)
1405 {
1406 return __mtp_setup(fi_mtp);
1407 }
1408
1409
mtp_cleanup(void)1410 static void mtp_cleanup(void)
1411 {
1412 struct mtp_dev *dev = _mtp_dev;
1413
1414 if (!dev)
1415 return;
1416
1417 misc_deregister(&mtp_device);
1418 destroy_workqueue(dev->wq);
1419 _mtp_dev = NULL;
1420 kfree(dev);
1421 }
1422
to_mtp_instance(struct config_item * item)1423 static struct mtp_instance *to_mtp_instance(struct config_item *item)
1424 {
1425 return container_of(to_config_group(item), struct mtp_instance,
1426 func_inst.group);
1427 }
1428
mtp_attr_release(struct config_item * item)1429 static void mtp_attr_release(struct config_item *item)
1430 {
1431 struct mtp_instance *fi_mtp = to_mtp_instance(item);
1432 usb_put_function_instance(&fi_mtp->func_inst);
1433 }
1434
1435 static struct configfs_item_operations mtp_item_ops = {
1436 .release = mtp_attr_release,
1437 };
1438
1439 static struct config_item_type mtp_func_type = {
1440 .ct_item_ops = &mtp_item_ops,
1441 .ct_owner = THIS_MODULE,
1442 };
1443
1444
to_fi_mtp(struct usb_function_instance * fi)1445 static struct mtp_instance *to_fi_mtp(struct usb_function_instance *fi)
1446 {
1447 return container_of(fi, struct mtp_instance, func_inst);
1448 }
1449
mtp_set_inst_name(struct usb_function_instance * fi,const char * name)1450 static int mtp_set_inst_name(struct usb_function_instance *fi, const char *name)
1451 {
1452 struct mtp_instance *fi_mtp;
1453 char *ptr;
1454 int name_len;
1455
1456 name_len = strlen(name) + 1;
1457 if (name_len > MAX_INST_NAME_LEN)
1458 return -ENAMETOOLONG;
1459
1460 ptr = kstrndup(name, name_len, GFP_KERNEL);
1461 if (!ptr)
1462 return -ENOMEM;
1463
1464 fi_mtp = to_fi_mtp(fi);
1465 fi_mtp->name = ptr;
1466
1467 return 0;
1468 }
1469
mtp_free_inst(struct usb_function_instance * fi)1470 static void mtp_free_inst(struct usb_function_instance *fi)
1471 {
1472 struct mtp_instance *fi_mtp;
1473
1474 fi_mtp = to_fi_mtp(fi);
1475 kfree(fi_mtp->name);
1476 mtp_cleanup();
1477 kfree(fi_mtp->mtp_os_desc.group.default_groups);
1478 kfree(fi_mtp);
1479 }
1480
alloc_inst_mtp_ptp(bool mtp_config)1481 struct usb_function_instance *alloc_inst_mtp_ptp(bool mtp_config)
1482 {
1483 struct mtp_instance *fi_mtp;
1484 int ret = 0;
1485 struct usb_os_desc *descs[1];
1486 char *names[1];
1487
1488 fi_mtp = kzalloc(sizeof(*fi_mtp), GFP_KERNEL);
1489 if (!fi_mtp)
1490 return ERR_PTR(-ENOMEM);
1491 fi_mtp->func_inst.set_inst_name = mtp_set_inst_name;
1492 fi_mtp->func_inst.free_func_inst = mtp_free_inst;
1493
1494 fi_mtp->mtp_os_desc.ext_compat_id = fi_mtp->mtp_ext_compat_id;
1495 INIT_LIST_HEAD(&fi_mtp->mtp_os_desc.ext_prop);
1496 descs[0] = &fi_mtp->mtp_os_desc;
1497 names[0] = "MTP";
1498 usb_os_desc_prepare_interf_dir(&fi_mtp->func_inst.group, 1,
1499 descs, names, THIS_MODULE);
1500
1501 if (mtp_config) {
1502 ret = mtp_setup_configfs(fi_mtp);
1503 if (ret) {
1504 kfree(fi_mtp);
1505 pr_err("Error setting MTP\n");
1506 return ERR_PTR(ret);
1507 }
1508 } else
1509 fi_mtp->dev = _mtp_dev;
1510
1511 config_group_init_type_name(&fi_mtp->func_inst.group,
1512 "", &mtp_func_type);
1513
1514 return &fi_mtp->func_inst;
1515 }
1516 EXPORT_SYMBOL_GPL(alloc_inst_mtp_ptp);
1517
mtp_alloc_inst(void)1518 static struct usb_function_instance *mtp_alloc_inst(void)
1519 {
1520 return alloc_inst_mtp_ptp(true);
1521 }
1522
mtp_ctrlreq_configfs(struct usb_function * f,const struct usb_ctrlrequest * ctrl)1523 static int mtp_ctrlreq_configfs(struct usb_function *f,
1524 const struct usb_ctrlrequest *ctrl)
1525 {
1526 return mtp_ctrlrequest(f->config->cdev, ctrl);
1527 }
1528
mtp_free(struct usb_function * f)1529 static void mtp_free(struct usb_function *f)
1530 {
1531 /*NO-OP: no function specific resource allocation in mtp_alloc*/
1532 }
1533
function_alloc_mtp_ptp(struct usb_function_instance * fi,bool mtp_config)1534 struct usb_function *function_alloc_mtp_ptp(struct usb_function_instance *fi,
1535 bool mtp_config)
1536 {
1537 struct mtp_instance *fi_mtp = to_fi_mtp(fi);
1538 struct mtp_dev *dev;
1539
1540 /*
1541 * PTP piggybacks on MTP function so make sure we have
1542 * created MTP function before we associate this PTP
1543 * function with a gadget configuration.
1544 */
1545 if (fi_mtp->dev == NULL) {
1546 pr_err("Error: Create MTP function before linking"
1547 " PTP function with a gadget configuration\n");
1548 pr_err("\t1: Delete existing PTP function if any\n");
1549 pr_err("\t2: Create MTP function\n");
1550 pr_err("\t3: Create and symlink PTP function"
1551 " with a gadget configuration\n");
1552 return ERR_PTR(-EINVAL); /* Invalid Configuration */
1553 }
1554
1555 dev = fi_mtp->dev;
1556 dev->function.name = DRIVER_NAME;
1557 dev->function.strings = mtp_strings;
1558 if (mtp_config) {
1559 dev->function.fs_descriptors = fs_mtp_descs;
1560 dev->function.hs_descriptors = hs_mtp_descs;
1561 dev->function.ss_descriptors = ss_mtp_descs;
1562 } else {
1563 dev->function.fs_descriptors = fs_ptp_descs;
1564 dev->function.hs_descriptors = hs_ptp_descs;
1565 dev->function.ss_descriptors = ss_ptp_descs;
1566 }
1567 dev->function.bind = mtp_function_bind;
1568 dev->function.unbind = mtp_function_unbind;
1569 dev->function.set_alt = mtp_function_set_alt;
1570 dev->function.disable = mtp_function_disable;
1571 dev->function.setup = mtp_ctrlreq_configfs;
1572 dev->function.free_func = mtp_free;
1573
1574 return &dev->function;
1575 }
1576 EXPORT_SYMBOL_GPL(function_alloc_mtp_ptp);
1577
mtp_alloc(struct usb_function_instance * fi)1578 static struct usb_function *mtp_alloc(struct usb_function_instance *fi)
1579 {
1580 return function_alloc_mtp_ptp(fi, true);
1581 }
1582
1583 DECLARE_USB_FUNCTION_INIT(mtp, mtp_alloc_inst, mtp_alloc);
1584 MODULE_LICENSE("GPL");
1585