1 /*
2 * Gadget Function Driver for MTP
3 *
4 * Copyright (C) 2010 Google, Inc.
5 * Author: Mike Lockwood <lockwood@android.com>
6 *
7 * This software is licensed under the terms of the GNU General Public
8 * License version 2, as published by the Free Software Foundation, and
9 * may be copied, distributed, and modified under those terms.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 */
17
18 /* #define DEBUG */
19 /* #define VERBOSE_DEBUG */
20
21 #include <linux/module.h>
22 #include <linux/init.h>
23 #include <linux/poll.h>
24 #include <linux/delay.h>
25 #include <linux/wait.h>
26 #include <linux/err.h>
27 #include <linux/interrupt.h>
28
29 #include <linux/types.h>
30 #include <linux/file.h>
31 #include <linux/device.h>
32 #include <linux/miscdevice.h>
33
34 #include <linux/usb.h>
35 #include <linux/usb_usual.h>
36 #include <linux/usb/ch9.h>
37 #include <linux/usb/f_mtp.h>
38 #include <linux/configfs.h>
39 #include <linux/usb/composite.h>
40
41 #include "configfs.h"
42
43 #define MTP_BULK_BUFFER_SIZE 16384
44 #define INTR_BUFFER_SIZE 28
45 #define MAX_INST_NAME_LEN 40
46 #define MTP_MAX_FILE_SIZE 0xFFFFFFFFL
47
48 /* String IDs */
49 #define INTERFACE_STRING_INDEX 0
50
51 /* values for mtp_dev.state */
52 #define STATE_OFFLINE 0 /* initial state, disconnected */
53 #define STATE_READY 1 /* ready for userspace calls */
54 #define STATE_BUSY 2 /* processing userspace calls */
55 #define STATE_CANCELED 3 /* transaction canceled by host */
56 #define STATE_ERROR 4 /* error from completion routine */
57
58 /* number of tx and rx requests to allocate */
59 #define TX_REQ_MAX 4
60 #define RX_REQ_MAX 2
61 #define INTR_REQ_MAX 5
62
63 /* ID for Microsoft MTP OS String */
64 #define MTP_OS_STRING_ID 0xEE
65
66 /* MTP class reqeusts */
67 #define MTP_REQ_CANCEL 0x64
68 #define MTP_REQ_GET_EXT_EVENT_DATA 0x65
69 #define MTP_REQ_RESET 0x66
70 #define MTP_REQ_GET_DEVICE_STATUS 0x67
71
72 /* constants for device status */
73 #define MTP_RESPONSE_OK 0x2001
74 #define MTP_RESPONSE_DEVICE_BUSY 0x2019
75 #define DRIVER_NAME "mtp"
76
77 static const char mtp_shortname[] = DRIVER_NAME "_usb";
78
79 struct mtp_dev {
80 struct usb_function function;
81 struct usb_composite_dev *cdev;
82 spinlock_t lock;
83
84 struct usb_ep *ep_in;
85 struct usb_ep *ep_out;
86 struct usb_ep *ep_intr;
87
88 int state;
89
90 /* synchronize access to our device file */
91 atomic_t open_excl;
92 /* to enforce only one ioctl at a time */
93 atomic_t ioctl_excl;
94
95 struct list_head tx_idle;
96 struct list_head intr_idle;
97
98 wait_queue_head_t read_wq;
99 wait_queue_head_t write_wq;
100 wait_queue_head_t intr_wq;
101 struct usb_request *rx_req[RX_REQ_MAX];
102 int rx_done;
103
104 /* for processing MTP_SEND_FILE, MTP_RECEIVE_FILE and
105 * MTP_SEND_FILE_WITH_HEADER ioctls on a work queue
106 */
107 struct workqueue_struct *wq;
108 struct work_struct send_file_work;
109 struct work_struct receive_file_work;
110 struct file *xfer_file;
111 loff_t xfer_file_offset;
112 int64_t xfer_file_length;
113 unsigned xfer_send_header;
114 uint16_t xfer_command;
115 uint32_t xfer_transaction_id;
116 int xfer_result;
117 };
118
119 static struct usb_interface_descriptor mtp_interface_desc = {
120 .bLength = USB_DT_INTERFACE_SIZE,
121 .bDescriptorType = USB_DT_INTERFACE,
122 .bInterfaceNumber = 0,
123 .bNumEndpoints = 3,
124 .bInterfaceClass = USB_CLASS_VENDOR_SPEC,
125 .bInterfaceSubClass = USB_SUBCLASS_VENDOR_SPEC,
126 .bInterfaceProtocol = 0,
127 };
128
129 static struct usb_interface_descriptor ptp_interface_desc = {
130 .bLength = USB_DT_INTERFACE_SIZE,
131 .bDescriptorType = USB_DT_INTERFACE,
132 .bInterfaceNumber = 0,
133 .bNumEndpoints = 3,
134 .bInterfaceClass = USB_CLASS_STILL_IMAGE,
135 .bInterfaceSubClass = 1,
136 .bInterfaceProtocol = 1,
137 };
138
139 static struct usb_endpoint_descriptor mtp_ss_in_desc = {
140 .bLength = USB_DT_ENDPOINT_SIZE,
141 .bDescriptorType = USB_DT_ENDPOINT,
142 .bEndpointAddress = USB_DIR_IN,
143 .bmAttributes = USB_ENDPOINT_XFER_BULK,
144 .wMaxPacketSize = __constant_cpu_to_le16(1024),
145 };
146
147 static struct usb_ss_ep_comp_descriptor mtp_ss_in_comp_desc = {
148 .bLength = sizeof(mtp_ss_in_comp_desc),
149 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
150 /* .bMaxBurst = DYNAMIC, */
151 };
152
153 static struct usb_endpoint_descriptor mtp_ss_out_desc = {
154 .bLength = USB_DT_ENDPOINT_SIZE,
155 .bDescriptorType = USB_DT_ENDPOINT,
156 .bEndpointAddress = USB_DIR_OUT,
157 .bmAttributes = USB_ENDPOINT_XFER_BULK,
158 .wMaxPacketSize = __constant_cpu_to_le16(1024),
159 };
160
161 static struct usb_ss_ep_comp_descriptor mtp_ss_out_comp_desc = {
162 .bLength = sizeof(mtp_ss_out_comp_desc),
163 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
164 /* .bMaxBurst = DYNAMIC, */
165 };
166
167 static struct usb_endpoint_descriptor mtp_highspeed_in_desc = {
168 .bLength = USB_DT_ENDPOINT_SIZE,
169 .bDescriptorType = USB_DT_ENDPOINT,
170 .bEndpointAddress = USB_DIR_IN,
171 .bmAttributes = USB_ENDPOINT_XFER_BULK,
172 .wMaxPacketSize = __constant_cpu_to_le16(512),
173 };
174
175 static struct usb_endpoint_descriptor mtp_highspeed_out_desc = {
176 .bLength = USB_DT_ENDPOINT_SIZE,
177 .bDescriptorType = USB_DT_ENDPOINT,
178 .bEndpointAddress = USB_DIR_OUT,
179 .bmAttributes = USB_ENDPOINT_XFER_BULK,
180 .wMaxPacketSize = __constant_cpu_to_le16(512),
181 };
182
183 static struct usb_endpoint_descriptor mtp_fullspeed_in_desc = {
184 .bLength = USB_DT_ENDPOINT_SIZE,
185 .bDescriptorType = USB_DT_ENDPOINT,
186 .bEndpointAddress = USB_DIR_IN,
187 .bmAttributes = USB_ENDPOINT_XFER_BULK,
188 };
189
190 static struct usb_endpoint_descriptor mtp_fullspeed_out_desc = {
191 .bLength = USB_DT_ENDPOINT_SIZE,
192 .bDescriptorType = USB_DT_ENDPOINT,
193 .bEndpointAddress = USB_DIR_OUT,
194 .bmAttributes = USB_ENDPOINT_XFER_BULK,
195 };
196
197 static struct usb_endpoint_descriptor mtp_intr_desc = {
198 .bLength = USB_DT_ENDPOINT_SIZE,
199 .bDescriptorType = USB_DT_ENDPOINT,
200 .bEndpointAddress = USB_DIR_IN,
201 .bmAttributes = USB_ENDPOINT_XFER_INT,
202 .wMaxPacketSize = __constant_cpu_to_le16(INTR_BUFFER_SIZE),
203 .bInterval = 6,
204 };
205
206 static struct usb_ss_ep_comp_descriptor mtp_intr_ss_comp_desc = {
207 .bLength = sizeof(mtp_intr_ss_comp_desc),
208 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
209 .wBytesPerInterval = cpu_to_le16(INTR_BUFFER_SIZE),
210 };
211
212 static struct usb_descriptor_header *fs_mtp_descs[] = {
213 (struct usb_descriptor_header *) &mtp_interface_desc,
214 (struct usb_descriptor_header *) &mtp_fullspeed_in_desc,
215 (struct usb_descriptor_header *) &mtp_fullspeed_out_desc,
216 (struct usb_descriptor_header *) &mtp_intr_desc,
217 NULL,
218 };
219
220 static struct usb_descriptor_header *hs_mtp_descs[] = {
221 (struct usb_descriptor_header *) &mtp_interface_desc,
222 (struct usb_descriptor_header *) &mtp_highspeed_in_desc,
223 (struct usb_descriptor_header *) &mtp_highspeed_out_desc,
224 (struct usb_descriptor_header *) &mtp_intr_desc,
225 NULL,
226 };
227
228 static struct usb_descriptor_header *ss_mtp_descs[] = {
229 (struct usb_descriptor_header *) &mtp_interface_desc,
230 (struct usb_descriptor_header *) &mtp_ss_in_desc,
231 (struct usb_descriptor_header *) &mtp_ss_in_comp_desc,
232 (struct usb_descriptor_header *) &mtp_ss_out_desc,
233 (struct usb_descriptor_header *) &mtp_ss_out_comp_desc,
234 (struct usb_descriptor_header *) &mtp_intr_desc,
235 (struct usb_descriptor_header *) &mtp_intr_ss_comp_desc,
236 NULL,
237 };
238
239 static struct usb_descriptor_header *fs_ptp_descs[] = {
240 (struct usb_descriptor_header *) &ptp_interface_desc,
241 (struct usb_descriptor_header *) &mtp_fullspeed_in_desc,
242 (struct usb_descriptor_header *) &mtp_fullspeed_out_desc,
243 (struct usb_descriptor_header *) &mtp_intr_desc,
244 NULL,
245 };
246
247 static struct usb_descriptor_header *hs_ptp_descs[] = {
248 (struct usb_descriptor_header *) &ptp_interface_desc,
249 (struct usb_descriptor_header *) &mtp_highspeed_in_desc,
250 (struct usb_descriptor_header *) &mtp_highspeed_out_desc,
251 (struct usb_descriptor_header *) &mtp_intr_desc,
252 NULL,
253 };
254
255 static struct usb_descriptor_header *ss_ptp_descs[] = {
256 (struct usb_descriptor_header *) &ptp_interface_desc,
257 (struct usb_descriptor_header *) &mtp_ss_in_desc,
258 (struct usb_descriptor_header *) &mtp_ss_in_comp_desc,
259 (struct usb_descriptor_header *) &mtp_ss_out_desc,
260 (struct usb_descriptor_header *) &mtp_ss_out_comp_desc,
261 (struct usb_descriptor_header *) &mtp_intr_desc,
262 (struct usb_descriptor_header *) &mtp_intr_ss_comp_desc,
263 NULL,
264 };
265
266 static struct usb_string mtp_string_defs[] = {
267 /* Naming interface "MTP" so libmtp will recognize us */
268 [INTERFACE_STRING_INDEX].s = "MTP",
269 { }, /* end of list */
270 };
271
272 static struct usb_gadget_strings mtp_string_table = {
273 .language = 0x0409, /* en-US */
274 .strings = mtp_string_defs,
275 };
276
277 static struct usb_gadget_strings *mtp_strings[] = {
278 &mtp_string_table,
279 NULL,
280 };
281
282 /* Microsoft MTP OS String */
283 static u8 mtp_os_string[] = {
284 18, /* sizeof(mtp_os_string) */
285 USB_DT_STRING,
286 /* Signature field: "MSFT100" */
287 'M', 0, 'S', 0, 'F', 0, 'T', 0, '1', 0, '0', 0, '0', 0,
288 /* vendor code */
289 1,
290 /* padding */
291 0
292 };
293
294 /* Microsoft Extended Configuration Descriptor Header Section */
295 struct mtp_ext_config_desc_header {
296 __le32 dwLength;
297 __u16 bcdVersion;
298 __le16 wIndex;
299 __u8 bCount;
300 __u8 reserved[7];
301 };
302
303 /* Microsoft Extended Configuration Descriptor Function Section */
304 struct mtp_ext_config_desc_function {
305 __u8 bFirstInterfaceNumber;
306 __u8 bInterfaceCount;
307 __u8 compatibleID[8];
308 __u8 subCompatibleID[8];
309 __u8 reserved[6];
310 };
311
312 /* MTP Extended Configuration Descriptor */
313 struct {
314 struct mtp_ext_config_desc_header header;
315 struct mtp_ext_config_desc_function function;
316 } mtp_ext_config_desc = {
317 .header = {
318 .dwLength = __constant_cpu_to_le32(sizeof(mtp_ext_config_desc)),
319 .bcdVersion = __constant_cpu_to_le16(0x0100),
320 .wIndex = __constant_cpu_to_le16(4),
321 .bCount = 1,
322 },
323 .function = {
324 .bFirstInterfaceNumber = 0,
325 .bInterfaceCount = 1,
326 .compatibleID = { 'M', 'T', 'P' },
327 },
328 };
329
330 struct mtp_device_status {
331 __le16 wLength;
332 __le16 wCode;
333 };
334
335 struct mtp_data_header {
336 /* length of packet, including this header */
337 __le32 length;
338 /* container type (2 for data packet) */
339 __le16 type;
340 /* MTP command code */
341 __le16 command;
342 /* MTP transaction ID */
343 __le32 transaction_id;
344 };
345
346 struct mtp_instance {
347 struct usb_function_instance func_inst;
348 const char *name;
349 struct mtp_dev *dev;
350 char mtp_ext_compat_id[16];
351 struct usb_os_desc mtp_os_desc;
352 };
353
354 /* temporary variable used between mtp_open() and mtp_gadget_bind() */
355 static struct mtp_dev *_mtp_dev;
356
func_to_mtp(struct usb_function * f)357 static inline struct mtp_dev *func_to_mtp(struct usb_function *f)
358 {
359 return container_of(f, struct mtp_dev, function);
360 }
361
mtp_request_new(struct usb_ep * ep,int buffer_size)362 static struct usb_request *mtp_request_new(struct usb_ep *ep, int buffer_size)
363 {
364 struct usb_request *req = usb_ep_alloc_request(ep, GFP_KERNEL);
365
366 if (!req)
367 return NULL;
368
369 /* now allocate buffers for the requests */
370 req->buf = kmalloc(buffer_size, GFP_KERNEL);
371 if (!req->buf) {
372 usb_ep_free_request(ep, req);
373 return NULL;
374 }
375
376 return req;
377 }
378
mtp_request_free(struct usb_request * req,struct usb_ep * ep)379 static void mtp_request_free(struct usb_request *req, struct usb_ep *ep)
380 {
381 if (req) {
382 kfree(req->buf);
383 usb_ep_free_request(ep, req);
384 }
385 }
386
mtp_lock(atomic_t * excl)387 static inline int mtp_lock(atomic_t *excl)
388 {
389 if (atomic_inc_return(excl) == 1) {
390 return 0;
391 } else {
392 atomic_dec(excl);
393 return -1;
394 }
395 }
396
mtp_unlock(atomic_t * excl)397 static inline void mtp_unlock(atomic_t *excl)
398 {
399 atomic_dec(excl);
400 }
401
402 /* add a request to the tail of a list */
mtp_req_put(struct mtp_dev * dev,struct list_head * head,struct usb_request * req)403 static void mtp_req_put(struct mtp_dev *dev, struct list_head *head,
404 struct usb_request *req)
405 {
406 unsigned long flags;
407
408 spin_lock_irqsave(&dev->lock, flags);
409 list_add_tail(&req->list, head);
410 spin_unlock_irqrestore(&dev->lock, flags);
411 }
412
413 /* remove a request from the head of a list */
414 static struct usb_request
mtp_req_get(struct mtp_dev * dev,struct list_head * head)415 *mtp_req_get(struct mtp_dev *dev, struct list_head *head)
416 {
417 unsigned long flags;
418 struct usb_request *req;
419
420 spin_lock_irqsave(&dev->lock, flags);
421 if (list_empty(head)) {
422 req = 0;
423 } else {
424 req = list_first_entry(head, struct usb_request, list);
425 list_del(&req->list);
426 }
427 spin_unlock_irqrestore(&dev->lock, flags);
428 return req;
429 }
430
mtp_complete_in(struct usb_ep * ep,struct usb_request * req)431 static void mtp_complete_in(struct usb_ep *ep, struct usb_request *req)
432 {
433 struct mtp_dev *dev = _mtp_dev;
434
435 if (req->status != 0)
436 dev->state = STATE_ERROR;
437
438 mtp_req_put(dev, &dev->tx_idle, req);
439
440 wake_up(&dev->write_wq);
441 }
442
mtp_complete_out(struct usb_ep * ep,struct usb_request * req)443 static void mtp_complete_out(struct usb_ep *ep, struct usb_request *req)
444 {
445 struct mtp_dev *dev = _mtp_dev;
446
447 dev->rx_done = 1;
448 if (req->status != 0)
449 dev->state = STATE_ERROR;
450
451 wake_up(&dev->read_wq);
452 }
453
mtp_complete_intr(struct usb_ep * ep,struct usb_request * req)454 static void mtp_complete_intr(struct usb_ep *ep, struct usb_request *req)
455 {
456 struct mtp_dev *dev = _mtp_dev;
457
458 if (req->status != 0)
459 dev->state = STATE_ERROR;
460
461 mtp_req_put(dev, &dev->intr_idle, req);
462
463 wake_up(&dev->intr_wq);
464 }
465
mtp_create_bulk_endpoints(struct mtp_dev * dev,struct usb_endpoint_descriptor * in_desc,struct usb_endpoint_descriptor * out_desc,struct usb_endpoint_descriptor * intr_desc)466 static int mtp_create_bulk_endpoints(struct mtp_dev *dev,
467 struct usb_endpoint_descriptor *in_desc,
468 struct usb_endpoint_descriptor *out_desc,
469 struct usb_endpoint_descriptor *intr_desc)
470 {
471 struct usb_composite_dev *cdev = dev->cdev;
472 struct usb_request *req;
473 struct usb_ep *ep;
474 int i;
475
476 DBG(cdev, "create_bulk_endpoints dev: %p\n", dev);
477
478 ep = usb_ep_autoconfig(cdev->gadget, in_desc);
479 if (!ep) {
480 DBG(cdev, "usb_ep_autoconfig for ep_in failed\n");
481 return -ENODEV;
482 }
483 DBG(cdev, "usb_ep_autoconfig for ep_in got %s\n", ep->name);
484 ep->driver_data = dev; /* claim the endpoint */
485 dev->ep_in = ep;
486
487 ep = usb_ep_autoconfig(cdev->gadget, out_desc);
488 if (!ep) {
489 DBG(cdev, "usb_ep_autoconfig for ep_out failed\n");
490 return -ENODEV;
491 }
492 DBG(cdev, "usb_ep_autoconfig for mtp ep_out got %s\n", ep->name);
493 ep->driver_data = dev; /* claim the endpoint */
494 dev->ep_out = ep;
495
496 ep = usb_ep_autoconfig(cdev->gadget, intr_desc);
497 if (!ep) {
498 DBG(cdev, "usb_ep_autoconfig for ep_intr failed\n");
499 return -ENODEV;
500 }
501 DBG(cdev, "usb_ep_autoconfig for mtp ep_intr got %s\n", ep->name);
502 ep->driver_data = dev; /* claim the endpoint */
503 dev->ep_intr = ep;
504
505 /* now allocate requests for our endpoints */
506 for (i = 0; i < TX_REQ_MAX; i++) {
507 req = mtp_request_new(dev->ep_in, MTP_BULK_BUFFER_SIZE);
508 if (!req)
509 goto fail;
510 req->complete = mtp_complete_in;
511 mtp_req_put(dev, &dev->tx_idle, req);
512 }
513 for (i = 0; i < RX_REQ_MAX; i++) {
514 req = mtp_request_new(dev->ep_out, MTP_BULK_BUFFER_SIZE);
515 if (!req)
516 goto fail;
517 req->complete = mtp_complete_out;
518 dev->rx_req[i] = req;
519 }
520 for (i = 0; i < INTR_REQ_MAX; i++) {
521 req = mtp_request_new(dev->ep_intr, INTR_BUFFER_SIZE);
522 if (!req)
523 goto fail;
524 req->complete = mtp_complete_intr;
525 mtp_req_put(dev, &dev->intr_idle, req);
526 }
527
528 return 0;
529
530 fail:
531 pr_err("mtp_bind() could not allocate requests\n");
532 return -1;
533 }
534
mtp_read(struct file * fp,char __user * buf,size_t count,loff_t * pos)535 static ssize_t mtp_read(struct file *fp, char __user *buf,
536 size_t count, loff_t *pos)
537 {
538 struct mtp_dev *dev = fp->private_data;
539 struct usb_composite_dev *cdev = dev->cdev;
540 struct usb_request *req;
541 ssize_t r = count;
542 unsigned xfer;
543 int ret = 0;
544 size_t len = 0;
545
546 DBG(cdev, "mtp_read(%zu)\n", count);
547
548 /* we will block until we're online */
549 DBG(cdev, "mtp_read: waiting for online state\n");
550 ret = wait_event_interruptible(dev->read_wq,
551 dev->state != STATE_OFFLINE);
552 if (ret < 0) {
553 r = ret;
554 goto done;
555 }
556 spin_lock_irq(&dev->lock);
557 if (dev->ep_out->desc) {
558 len = usb_ep_align_maybe(cdev->gadget, dev->ep_out, count);
559 if (len > MTP_BULK_BUFFER_SIZE) {
560 spin_unlock_irq(&dev->lock);
561 return -EINVAL;
562 }
563 }
564
565 if (dev->state == STATE_CANCELED) {
566 /* report cancelation to userspace */
567 dev->state = STATE_READY;
568 spin_unlock_irq(&dev->lock);
569 return -ECANCELED;
570 }
571 dev->state = STATE_BUSY;
572 spin_unlock_irq(&dev->lock);
573
574 requeue_req:
575 /* queue a request */
576 req = dev->rx_req[0];
577 req->length = len;
578 dev->rx_done = 0;
579 ret = usb_ep_queue(dev->ep_out, req, GFP_KERNEL);
580 if (ret < 0) {
581 r = -EIO;
582 goto done;
583 } else {
584 DBG(cdev, "rx %p queue\n", req);
585 }
586
587 /* wait for a request to complete */
588 ret = wait_event_interruptible(dev->read_wq, dev->rx_done);
589 if (ret < 0) {
590 r = ret;
591 usb_ep_dequeue(dev->ep_out, req);
592 goto done;
593 }
594 if (dev->state == STATE_BUSY) {
595 /* If we got a 0-len packet, throw it back and try again. */
596 if (req->actual == 0)
597 goto requeue_req;
598
599 DBG(cdev, "rx %p %d\n", req, req->actual);
600 xfer = (req->actual < count) ? req->actual : count;
601 r = xfer;
602 if (copy_to_user(buf, req->buf, xfer))
603 r = -EFAULT;
604 } else
605 r = -EIO;
606
607 done:
608 spin_lock_irq(&dev->lock);
609 if (dev->state == STATE_CANCELED)
610 r = -ECANCELED;
611 else if (dev->state != STATE_OFFLINE)
612 dev->state = STATE_READY;
613 spin_unlock_irq(&dev->lock);
614
615 DBG(cdev, "mtp_read returning %zd\n", r);
616 return r;
617 }
618
mtp_write(struct file * fp,const char __user * buf,size_t count,loff_t * pos)619 static ssize_t mtp_write(struct file *fp, const char __user *buf,
620 size_t count, loff_t *pos)
621 {
622 struct mtp_dev *dev = fp->private_data;
623 struct usb_composite_dev *cdev = dev->cdev;
624 struct usb_request *req = 0;
625 ssize_t r = count;
626 unsigned xfer;
627 int sendZLP = 0;
628 int ret;
629
630 DBG(cdev, "mtp_write(%zu)\n", count);
631
632 spin_lock_irq(&dev->lock);
633 if (dev->state == STATE_CANCELED) {
634 /* report cancelation to userspace */
635 dev->state = STATE_READY;
636 spin_unlock_irq(&dev->lock);
637 return -ECANCELED;
638 }
639 if (dev->state == STATE_OFFLINE) {
640 spin_unlock_irq(&dev->lock);
641 return -ENODEV;
642 }
643 dev->state = STATE_BUSY;
644 spin_unlock_irq(&dev->lock);
645
646 /* we need to send a zero length packet to signal the end of transfer
647 * if the transfer size is aligned to a packet boundary.
648 */
649 if ((count & (dev->ep_in->maxpacket - 1)) == 0)
650 sendZLP = 1;
651
652 while (count > 0 || sendZLP) {
653 /* so we exit after sending ZLP */
654 if (count == 0)
655 sendZLP = 0;
656
657 if (dev->state != STATE_BUSY) {
658 DBG(cdev, "mtp_write dev->error\n");
659 r = -EIO;
660 break;
661 }
662
663 /* get an idle tx request to use */
664 req = 0;
665 ret = wait_event_interruptible(dev->write_wq,
666 ((req = mtp_req_get(dev, &dev->tx_idle))
667 || dev->state != STATE_BUSY));
668 if (!req) {
669 r = ret;
670 break;
671 }
672
673 if (count > MTP_BULK_BUFFER_SIZE)
674 xfer = MTP_BULK_BUFFER_SIZE;
675 else
676 xfer = count;
677 if (xfer && copy_from_user(req->buf, buf, xfer)) {
678 r = -EFAULT;
679 break;
680 }
681
682 req->length = xfer;
683 ret = usb_ep_queue(dev->ep_in, req, GFP_KERNEL);
684 if (ret < 0) {
685 DBG(cdev, "mtp_write: xfer error %d\n", ret);
686 r = -EIO;
687 break;
688 }
689
690 buf += xfer;
691 count -= xfer;
692
693 /* zero this so we don't try to free it on error exit */
694 req = 0;
695 }
696
697 if (req)
698 mtp_req_put(dev, &dev->tx_idle, req);
699
700 spin_lock_irq(&dev->lock);
701 if (dev->state == STATE_CANCELED)
702 r = -ECANCELED;
703 else if (dev->state != STATE_OFFLINE)
704 dev->state = STATE_READY;
705 spin_unlock_irq(&dev->lock);
706
707 DBG(cdev, "mtp_write returning %zd\n", r);
708 return r;
709 }
710
711 /* read from a local file and write to USB */
send_file_work(struct work_struct * data)712 static void send_file_work(struct work_struct *data)
713 {
714 struct mtp_dev *dev = container_of(data, struct mtp_dev,
715 send_file_work);
716 struct usb_composite_dev *cdev = dev->cdev;
717 struct usb_request *req = 0;
718 struct mtp_data_header *header;
719 struct file *filp;
720 loff_t offset;
721 int64_t count;
722 int xfer, ret, hdr_size;
723 int r = 0;
724 int sendZLP = 0;
725
726 /* read our parameters */
727 smp_rmb();
728 filp = dev->xfer_file;
729 offset = dev->xfer_file_offset;
730 count = dev->xfer_file_length;
731
732 DBG(cdev, "send_file_work(%lld %lld)\n", offset, count);
733
734 if (dev->xfer_send_header) {
735 hdr_size = sizeof(struct mtp_data_header);
736 count += hdr_size;
737 } else {
738 hdr_size = 0;
739 }
740
741 /* we need to send a zero length packet to signal the end of transfer
742 * if the transfer size is aligned to a packet boundary.
743 */
744 if ((count & (dev->ep_in->maxpacket - 1)) == 0)
745 sendZLP = 1;
746
747 while (count > 0 || sendZLP) {
748 /* so we exit after sending ZLP */
749 if (count == 0)
750 sendZLP = 0;
751
752 /* get an idle tx request to use */
753 req = 0;
754 ret = wait_event_interruptible(dev->write_wq,
755 (req = mtp_req_get(dev, &dev->tx_idle))
756 || dev->state != STATE_BUSY);
757 if (dev->state == STATE_CANCELED) {
758 r = -ECANCELED;
759 break;
760 }
761 if (!req) {
762 r = ret;
763 break;
764 }
765
766 if (count > MTP_BULK_BUFFER_SIZE)
767 xfer = MTP_BULK_BUFFER_SIZE;
768 else
769 xfer = count;
770
771 if (hdr_size) {
772 /* prepend MTP data header */
773 header = (struct mtp_data_header *)req->buf;
774 /*
775 * set file size with header according to
776 * MTP Specification v1.0
777 */
778 header->length = (count > MTP_MAX_FILE_SIZE) ?
779 MTP_MAX_FILE_SIZE : __cpu_to_le32(count);
780 header->type = __cpu_to_le16(2); /* data packet */
781 header->command = __cpu_to_le16(dev->xfer_command);
782 header->transaction_id =
783 __cpu_to_le32(dev->xfer_transaction_id);
784 }
785
786 ret = vfs_read(filp, req->buf + hdr_size, xfer - hdr_size,
787 &offset);
788 if (ret < 0) {
789 r = ret;
790 break;
791 }
792 xfer = ret + hdr_size;
793 hdr_size = 0;
794
795 req->length = xfer;
796 ret = usb_ep_queue(dev->ep_in, req, GFP_KERNEL);
797 if (ret < 0) {
798 DBG(cdev, "send_file_work: xfer error %d\n", ret);
799 dev->state = STATE_ERROR;
800 r = -EIO;
801 break;
802 }
803
804 count -= xfer;
805
806 /* zero this so we don't try to free it on error exit */
807 req = 0;
808 }
809
810 if (req)
811 mtp_req_put(dev, &dev->tx_idle, req);
812
813 DBG(cdev, "send_file_work returning %d\n", r);
814 /* write the result */
815 dev->xfer_result = r;
816 smp_wmb();
817 }
818
819 /* read from USB and write to a local file */
receive_file_work(struct work_struct * data)820 static void receive_file_work(struct work_struct *data)
821 {
822 struct mtp_dev *dev = container_of(data, struct mtp_dev,
823 receive_file_work);
824 struct usb_composite_dev *cdev = dev->cdev;
825 struct usb_request *read_req = NULL, *write_req = NULL;
826 struct file *filp;
827 loff_t offset;
828 int64_t count;
829 int ret, cur_buf = 0;
830 int r = 0;
831
832 /* read our parameters */
833 smp_rmb();
834 filp = dev->xfer_file;
835 offset = dev->xfer_file_offset;
836 count = dev->xfer_file_length;
837
838 DBG(cdev, "receive_file_work(%lld)\n", count);
839
840 while (count > 0 || write_req) {
841 if (count > 0) {
842 /* queue a request */
843 read_req = dev->rx_req[cur_buf];
844 cur_buf = (cur_buf + 1) % RX_REQ_MAX;
845
846 read_req->length = (count > MTP_BULK_BUFFER_SIZE
847 ? MTP_BULK_BUFFER_SIZE : count);
848 dev->rx_done = 0;
849 ret = usb_ep_queue(dev->ep_out, read_req, GFP_KERNEL);
850 if (ret < 0) {
851 r = -EIO;
852 dev->state = STATE_ERROR;
853 break;
854 }
855 }
856
857 if (write_req) {
858 DBG(cdev, "rx %p %d\n", write_req, write_req->actual);
859 ret = vfs_write(filp, write_req->buf, write_req->actual,
860 &offset);
861 DBG(cdev, "vfs_write %d\n", ret);
862 if (ret != write_req->actual) {
863 r = -EIO;
864 dev->state = STATE_ERROR;
865 break;
866 }
867 write_req = NULL;
868 }
869
870 if (read_req) {
871 /* wait for our last read to complete */
872 ret = wait_event_interruptible(dev->read_wq,
873 dev->rx_done || dev->state != STATE_BUSY);
874 if (dev->state == STATE_CANCELED) {
875 r = -ECANCELED;
876 if (!dev->rx_done)
877 usb_ep_dequeue(dev->ep_out, read_req);
878 break;
879 }
880 if (read_req->status) {
881 r = read_req->status;
882 break;
883 }
884 /* if xfer_file_length is 0xFFFFFFFF, then we read until
885 * we get a zero length packet
886 */
887 if (count != 0xFFFFFFFF)
888 count -= read_req->actual;
889 if (read_req->actual < read_req->length) {
890 /*
891 * short packet is used to signal EOF for
892 * sizes > 4 gig
893 */
894 DBG(cdev, "got short packet\n");
895 count = 0;
896 }
897
898 write_req = read_req;
899 read_req = NULL;
900 }
901 }
902
903 DBG(cdev, "receive_file_work returning %d\n", r);
904 /* write the result */
905 dev->xfer_result = r;
906 smp_wmb();
907 }
908
mtp_send_event(struct mtp_dev * dev,struct mtp_event * event)909 static int mtp_send_event(struct mtp_dev *dev, struct mtp_event *event)
910 {
911 struct usb_request *req = NULL;
912 int ret;
913 int length = event->length;
914
915 DBG(dev->cdev, "mtp_send_event(%zu)\n", event->length);
916
917 if (length < 0 || length > INTR_BUFFER_SIZE)
918 return -EINVAL;
919 if (dev->state == STATE_OFFLINE)
920 return -ENODEV;
921
922 ret = wait_event_interruptible_timeout(dev->intr_wq,
923 (req = mtp_req_get(dev, &dev->intr_idle)),
924 msecs_to_jiffies(1000));
925 if (!req)
926 return -ETIME;
927
928 if (copy_from_user(req->buf, (void __user *)event->data, length)) {
929 mtp_req_put(dev, &dev->intr_idle, req);
930 return -EFAULT;
931 }
932 req->length = length;
933 ret = usb_ep_queue(dev->ep_intr, req, GFP_KERNEL);
934 if (ret)
935 mtp_req_put(dev, &dev->intr_idle, req);
936
937 return ret;
938 }
939
mtp_ioctl(struct file * fp,unsigned code,unsigned long value)940 static long mtp_ioctl(struct file *fp, unsigned code, unsigned long value)
941 {
942 struct mtp_dev *dev = fp->private_data;
943 struct file *filp = NULL;
944 int ret = -EINVAL;
945
946 if (mtp_lock(&dev->ioctl_excl))
947 return -EBUSY;
948
949 switch (code) {
950 case MTP_SEND_FILE:
951 case MTP_RECEIVE_FILE:
952 case MTP_SEND_FILE_WITH_HEADER:
953 {
954 struct mtp_file_range mfr;
955 struct work_struct *work;
956
957 spin_lock_irq(&dev->lock);
958 if (dev->state == STATE_CANCELED) {
959 /* report cancelation to userspace */
960 dev->state = STATE_READY;
961 spin_unlock_irq(&dev->lock);
962 ret = -ECANCELED;
963 goto out;
964 }
965 if (dev->state == STATE_OFFLINE) {
966 spin_unlock_irq(&dev->lock);
967 ret = -ENODEV;
968 goto out;
969 }
970 dev->state = STATE_BUSY;
971 spin_unlock_irq(&dev->lock);
972
973 if (copy_from_user(&mfr, (void __user *)value, sizeof(mfr))) {
974 ret = -EFAULT;
975 goto fail;
976 }
977 /* hold a reference to the file while we are working with it */
978 filp = fget(mfr.fd);
979 if (!filp) {
980 ret = -EBADF;
981 goto fail;
982 }
983
984 /* write the parameters */
985 dev->xfer_file = filp;
986 dev->xfer_file_offset = mfr.offset;
987 dev->xfer_file_length = mfr.length;
988 smp_wmb();
989
990 if (code == MTP_SEND_FILE_WITH_HEADER) {
991 work = &dev->send_file_work;
992 dev->xfer_send_header = 1;
993 dev->xfer_command = mfr.command;
994 dev->xfer_transaction_id = mfr.transaction_id;
995 } else if (code == MTP_SEND_FILE) {
996 work = &dev->send_file_work;
997 dev->xfer_send_header = 0;
998 } else {
999 work = &dev->receive_file_work;
1000 }
1001
1002 /* We do the file transfer on a work queue so it will run
1003 * in kernel context, which is necessary for vfs_read and
1004 * vfs_write to use our buffers in the kernel address space.
1005 */
1006 queue_work(dev->wq, work);
1007 /* wait for operation to complete */
1008 flush_workqueue(dev->wq);
1009 fput(filp);
1010
1011 /* read the result */
1012 smp_rmb();
1013 ret = dev->xfer_result;
1014 break;
1015 }
1016 case MTP_SEND_EVENT:
1017 {
1018 struct mtp_event event;
1019 /* return here so we don't change dev->state below,
1020 * which would interfere with bulk transfer state.
1021 */
1022 if (copy_from_user(&event, (void __user *)value, sizeof(event)))
1023 ret = -EFAULT;
1024 else
1025 ret = mtp_send_event(dev, &event);
1026 goto out;
1027 }
1028 }
1029
1030 fail:
1031 spin_lock_irq(&dev->lock);
1032 if (dev->state == STATE_CANCELED)
1033 ret = -ECANCELED;
1034 else if (dev->state != STATE_OFFLINE)
1035 dev->state = STATE_READY;
1036 spin_unlock_irq(&dev->lock);
1037 out:
1038 mtp_unlock(&dev->ioctl_excl);
1039 DBG(dev->cdev, "ioctl returning %d\n", ret);
1040 return ret;
1041 }
1042
mtp_open(struct inode * ip,struct file * fp)1043 static int mtp_open(struct inode *ip, struct file *fp)
1044 {
1045 printk(KERN_INFO "mtp_open\n");
1046 if (mtp_lock(&_mtp_dev->open_excl))
1047 return -EBUSY;
1048
1049 /* clear any error condition */
1050 if (_mtp_dev->state != STATE_OFFLINE)
1051 _mtp_dev->state = STATE_READY;
1052
1053 fp->private_data = _mtp_dev;
1054 return 0;
1055 }
1056
mtp_release(struct inode * ip,struct file * fp)1057 static int mtp_release(struct inode *ip, struct file *fp)
1058 {
1059 printk(KERN_INFO "mtp_release\n");
1060
1061 mtp_unlock(&_mtp_dev->open_excl);
1062 return 0;
1063 }
1064
1065 /* file operations for /dev/mtp_usb */
1066 static const struct file_operations mtp_fops = {
1067 .owner = THIS_MODULE,
1068 .read = mtp_read,
1069 .write = mtp_write,
1070 .unlocked_ioctl = mtp_ioctl,
1071 .open = mtp_open,
1072 .release = mtp_release,
1073 };
1074
1075 static struct miscdevice mtp_device = {
1076 .minor = MISC_DYNAMIC_MINOR,
1077 .name = mtp_shortname,
1078 .fops = &mtp_fops,
1079 };
1080
mtp_ctrlrequest(struct usb_composite_dev * cdev,const struct usb_ctrlrequest * ctrl)1081 static int mtp_ctrlrequest(struct usb_composite_dev *cdev,
1082 const struct usb_ctrlrequest *ctrl)
1083 {
1084 struct mtp_dev *dev = _mtp_dev;
1085 int value = -EOPNOTSUPP;
1086 u16 w_index = le16_to_cpu(ctrl->wIndex);
1087 u16 w_value = le16_to_cpu(ctrl->wValue);
1088 u16 w_length = le16_to_cpu(ctrl->wLength);
1089 unsigned long flags;
1090
1091 VDBG(cdev, "mtp_ctrlrequest "
1092 "%02x.%02x v%04x i%04x l%u\n",
1093 ctrl->bRequestType, ctrl->bRequest,
1094 w_value, w_index, w_length);
1095
1096 /* Handle MTP OS string */
1097 if (ctrl->bRequestType ==
1098 (USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_DEVICE)
1099 && ctrl->bRequest == USB_REQ_GET_DESCRIPTOR
1100 && (w_value >> 8) == USB_DT_STRING
1101 && (w_value & 0xFF) == MTP_OS_STRING_ID) {
1102 value = (w_length < sizeof(mtp_os_string)
1103 ? w_length : sizeof(mtp_os_string));
1104 memcpy(cdev->req->buf, mtp_os_string, value);
1105 } else if ((ctrl->bRequestType & USB_TYPE_MASK) == USB_TYPE_VENDOR) {
1106 /* Handle MTP OS descriptor */
1107 DBG(cdev, "vendor request: %d index: %d value: %d length: %d\n",
1108 ctrl->bRequest, w_index, w_value, w_length);
1109
1110 if (ctrl->bRequest == 1
1111 && (ctrl->bRequestType & USB_DIR_IN)
1112 && (w_index == 4 || w_index == 5)) {
1113 value = (w_length < sizeof(mtp_ext_config_desc) ?
1114 w_length : sizeof(mtp_ext_config_desc));
1115 memcpy(cdev->req->buf, &mtp_ext_config_desc, value);
1116 }
1117 } else if ((ctrl->bRequestType & USB_TYPE_MASK) == USB_TYPE_CLASS) {
1118 DBG(cdev, "class request: %d index: %d value: %d length: %d\n",
1119 ctrl->bRequest, w_index, w_value, w_length);
1120
1121 if (ctrl->bRequest == MTP_REQ_CANCEL && w_index == 0
1122 && w_value == 0) {
1123 DBG(cdev, "MTP_REQ_CANCEL\n");
1124
1125 spin_lock_irqsave(&dev->lock, flags);
1126 if (dev->state == STATE_BUSY) {
1127 dev->state = STATE_CANCELED;
1128 wake_up(&dev->read_wq);
1129 wake_up(&dev->write_wq);
1130 }
1131 spin_unlock_irqrestore(&dev->lock, flags);
1132
1133 /* We need to queue a request to read the remaining
1134 * bytes, but we don't actually need to look at
1135 * the contents.
1136 */
1137 value = w_length;
1138 } else if (ctrl->bRequest == MTP_REQ_GET_DEVICE_STATUS
1139 && w_index == 0 && w_value == 0) {
1140 struct mtp_device_status *status = cdev->req->buf;
1141
1142 status->wLength =
1143 __constant_cpu_to_le16(sizeof(*status));
1144
1145 DBG(cdev, "MTP_REQ_GET_DEVICE_STATUS\n");
1146 spin_lock_irqsave(&dev->lock, flags);
1147 /* device status is "busy" until we report
1148 * the cancelation to userspace
1149 */
1150 if (dev->state == STATE_CANCELED)
1151 status->wCode =
1152 __cpu_to_le16(MTP_RESPONSE_DEVICE_BUSY);
1153 else
1154 status->wCode =
1155 __cpu_to_le16(MTP_RESPONSE_OK);
1156 spin_unlock_irqrestore(&dev->lock, flags);
1157 value = sizeof(*status);
1158 }
1159 }
1160
1161 /* respond with data transfer or status phase? */
1162 if (value >= 0) {
1163 int rc;
1164
1165 cdev->req->zero = value < w_length;
1166 cdev->req->length = value;
1167 rc = usb_ep_queue(cdev->gadget->ep0, cdev->req, GFP_ATOMIC);
1168 if (rc < 0)
1169 ERROR(cdev, "%s: response queue error\n", __func__);
1170 }
1171 return value;
1172 }
1173
1174 static int
mtp_function_bind(struct usb_configuration * c,struct usb_function * f)1175 mtp_function_bind(struct usb_configuration *c, struct usb_function *f)
1176 {
1177 struct usb_composite_dev *cdev = c->cdev;
1178 struct mtp_dev *dev = func_to_mtp(f);
1179 int id;
1180 int ret;
1181 struct mtp_instance *fi_mtp;
1182
1183 dev->cdev = cdev;
1184 DBG(cdev, "mtp_function_bind dev: %p\n", dev);
1185
1186 /* allocate interface ID(s) */
1187 id = usb_interface_id(c, f);
1188 if (id < 0)
1189 return id;
1190 mtp_interface_desc.bInterfaceNumber = id;
1191
1192 if (mtp_string_defs[INTERFACE_STRING_INDEX].id == 0) {
1193 ret = usb_string_id(c->cdev);
1194 if (ret < 0)
1195 return ret;
1196 mtp_string_defs[INTERFACE_STRING_INDEX].id = ret;
1197 mtp_interface_desc.iInterface = ret;
1198 }
1199
1200 fi_mtp = container_of(f->fi, struct mtp_instance, func_inst);
1201
1202 if (cdev->use_os_string) {
1203 f->os_desc_table = kzalloc(sizeof(*f->os_desc_table),
1204 GFP_KERNEL);
1205 if (!f->os_desc_table)
1206 return -ENOMEM;
1207 f->os_desc_n = 1;
1208 f->os_desc_table[0].os_desc = &fi_mtp->mtp_os_desc;
1209 }
1210
1211 /* allocate endpoints */
1212 ret = mtp_create_bulk_endpoints(dev, &mtp_fullspeed_in_desc,
1213 &mtp_fullspeed_out_desc, &mtp_intr_desc);
1214 if (ret)
1215 return ret;
1216
1217 /* support high speed hardware */
1218 if (gadget_is_dualspeed(c->cdev->gadget)) {
1219 mtp_highspeed_in_desc.bEndpointAddress =
1220 mtp_fullspeed_in_desc.bEndpointAddress;
1221 mtp_highspeed_out_desc.bEndpointAddress =
1222 mtp_fullspeed_out_desc.bEndpointAddress;
1223 }
1224 /* support super speed hardware */
1225 if (gadget_is_superspeed(c->cdev->gadget)) {
1226 unsigned max_burst;
1227
1228 /* Calculate bMaxBurst, we know packet size is 1024 */
1229 max_burst = min_t(unsigned, MTP_BULK_BUFFER_SIZE / 1024, 15);
1230 mtp_ss_in_desc.bEndpointAddress =
1231 mtp_fullspeed_in_desc.bEndpointAddress;
1232 mtp_ss_in_comp_desc.bMaxBurst = max_burst;
1233 mtp_ss_out_desc.bEndpointAddress =
1234 mtp_fullspeed_out_desc.bEndpointAddress;
1235 mtp_ss_out_comp_desc.bMaxBurst = max_burst;
1236 }
1237
1238 DBG(cdev, "%s speed %s: IN/%s, OUT/%s\n",
1239 gadget_is_superspeed(c->cdev->gadget) ? "super" :
1240 (gadget_is_dualspeed(c->cdev->gadget) ? "dual" : "full"),
1241 f->name, dev->ep_in->name, dev->ep_out->name);
1242 return 0;
1243 }
1244
1245 static void
mtp_function_unbind(struct usb_configuration * c,struct usb_function * f)1246 mtp_function_unbind(struct usb_configuration *c, struct usb_function *f)
1247 {
1248 struct mtp_dev *dev = func_to_mtp(f);
1249 struct usb_request *req;
1250 int i;
1251
1252 mtp_string_defs[INTERFACE_STRING_INDEX].id = 0;
1253 while ((req = mtp_req_get(dev, &dev->tx_idle)))
1254 mtp_request_free(req, dev->ep_in);
1255 for (i = 0; i < RX_REQ_MAX; i++)
1256 mtp_request_free(dev->rx_req[i], dev->ep_out);
1257 while ((req = mtp_req_get(dev, &dev->intr_idle)))
1258 mtp_request_free(req, dev->ep_intr);
1259 dev->state = STATE_OFFLINE;
1260 kfree(f->os_desc_table);
1261 f->os_desc_n = 0;
1262 }
1263
mtp_function_set_alt(struct usb_function * f,unsigned intf,unsigned alt)1264 static int mtp_function_set_alt(struct usb_function *f,
1265 unsigned intf, unsigned alt)
1266 {
1267 struct mtp_dev *dev = func_to_mtp(f);
1268 struct usb_composite_dev *cdev = f->config->cdev;
1269 int ret;
1270
1271 DBG(cdev, "mtp_function_set_alt intf: %d alt: %d\n", intf, alt);
1272
1273 ret = config_ep_by_speed(cdev->gadget, f, dev->ep_in);
1274 if (ret)
1275 return ret;
1276
1277 ret = usb_ep_enable(dev->ep_in);
1278 if (ret)
1279 return ret;
1280
1281 ret = config_ep_by_speed(cdev->gadget, f, dev->ep_out);
1282 if (ret)
1283 return ret;
1284
1285 ret = usb_ep_enable(dev->ep_out);
1286 if (ret) {
1287 usb_ep_disable(dev->ep_in);
1288 return ret;
1289 }
1290
1291 ret = config_ep_by_speed(cdev->gadget, f, dev->ep_intr);
1292 if (ret)
1293 return ret;
1294
1295 ret = usb_ep_enable(dev->ep_intr);
1296 if (ret) {
1297 usb_ep_disable(dev->ep_out);
1298 usb_ep_disable(dev->ep_in);
1299 return ret;
1300 }
1301 dev->state = STATE_READY;
1302
1303 /* readers may be blocked waiting for us to go online */
1304 wake_up(&dev->read_wq);
1305 return 0;
1306 }
1307
mtp_function_disable(struct usb_function * f)1308 static void mtp_function_disable(struct usb_function *f)
1309 {
1310 struct mtp_dev *dev = func_to_mtp(f);
1311 struct usb_composite_dev *cdev = dev->cdev;
1312
1313 DBG(cdev, "mtp_function_disable\n");
1314 dev->state = STATE_OFFLINE;
1315 usb_ep_disable(dev->ep_in);
1316 usb_ep_disable(dev->ep_out);
1317 usb_ep_disable(dev->ep_intr);
1318
1319 /* readers may be blocked waiting for us to go online */
1320 wake_up(&dev->read_wq);
1321
1322 VDBG(cdev, "%s disabled\n", dev->function.name);
1323 }
1324
__mtp_setup(struct mtp_instance * fi_mtp)1325 static int __mtp_setup(struct mtp_instance *fi_mtp)
1326 {
1327 struct mtp_dev *dev;
1328 int ret;
1329
1330 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
1331
1332 if (fi_mtp != NULL)
1333 fi_mtp->dev = dev;
1334
1335 if (!dev)
1336 return -ENOMEM;
1337
1338 spin_lock_init(&dev->lock);
1339 init_waitqueue_head(&dev->read_wq);
1340 init_waitqueue_head(&dev->write_wq);
1341 init_waitqueue_head(&dev->intr_wq);
1342 atomic_set(&dev->open_excl, 0);
1343 atomic_set(&dev->ioctl_excl, 0);
1344 INIT_LIST_HEAD(&dev->tx_idle);
1345 INIT_LIST_HEAD(&dev->intr_idle);
1346
1347 dev->wq = create_singlethread_workqueue("f_mtp");
1348 if (!dev->wq) {
1349 ret = -ENOMEM;
1350 goto err1;
1351 }
1352 INIT_WORK(&dev->send_file_work, send_file_work);
1353 INIT_WORK(&dev->receive_file_work, receive_file_work);
1354
1355 _mtp_dev = dev;
1356
1357 ret = misc_register(&mtp_device);
1358 if (ret)
1359 goto err2;
1360
1361 return 0;
1362
1363 err2:
1364 destroy_workqueue(dev->wq);
1365 err1:
1366 _mtp_dev = NULL;
1367 kfree(dev);
1368 printk(KERN_ERR "mtp gadget driver failed to initialize\n");
1369 return ret;
1370 }
1371
mtp_setup_configfs(struct mtp_instance * fi_mtp)1372 static int mtp_setup_configfs(struct mtp_instance *fi_mtp)
1373 {
1374 return __mtp_setup(fi_mtp);
1375 }
1376
1377
mtp_cleanup(void)1378 static void mtp_cleanup(void)
1379 {
1380 struct mtp_dev *dev = _mtp_dev;
1381
1382 if (!dev)
1383 return;
1384
1385 misc_deregister(&mtp_device);
1386 destroy_workqueue(dev->wq);
1387 _mtp_dev = NULL;
1388 kfree(dev);
1389 }
1390
to_mtp_instance(struct config_item * item)1391 static struct mtp_instance *to_mtp_instance(struct config_item *item)
1392 {
1393 return container_of(to_config_group(item), struct mtp_instance,
1394 func_inst.group);
1395 }
1396
mtp_attr_release(struct config_item * item)1397 static void mtp_attr_release(struct config_item *item)
1398 {
1399 struct mtp_instance *fi_mtp = to_mtp_instance(item);
1400
1401 usb_put_function_instance(&fi_mtp->func_inst);
1402 }
1403
1404 static struct configfs_item_operations mtp_item_ops = {
1405 .release = mtp_attr_release,
1406 };
1407
1408 static struct config_item_type mtp_func_type = {
1409 .ct_item_ops = &mtp_item_ops,
1410 .ct_owner = THIS_MODULE,
1411 };
1412
1413
to_fi_mtp(struct usb_function_instance * fi)1414 static struct mtp_instance *to_fi_mtp(struct usb_function_instance *fi)
1415 {
1416 return container_of(fi, struct mtp_instance, func_inst);
1417 }
1418
mtp_set_inst_name(struct usb_function_instance * fi,const char * name)1419 static int mtp_set_inst_name(struct usb_function_instance *fi, const char *name)
1420 {
1421 struct mtp_instance *fi_mtp;
1422 char *ptr;
1423 int name_len;
1424
1425 name_len = strlen(name) + 1;
1426 if (name_len > MAX_INST_NAME_LEN)
1427 return -ENAMETOOLONG;
1428
1429 ptr = kstrndup(name, name_len, GFP_KERNEL);
1430 if (!ptr)
1431 return -ENOMEM;
1432
1433 fi_mtp = to_fi_mtp(fi);
1434 fi_mtp->name = ptr;
1435
1436 return 0;
1437 }
1438
mtp_free_inst(struct usb_function_instance * fi)1439 static void mtp_free_inst(struct usb_function_instance *fi)
1440 {
1441 struct mtp_instance *fi_mtp;
1442
1443 fi_mtp = to_fi_mtp(fi);
1444 kfree(fi_mtp->name);
1445 mtp_cleanup();
1446 kfree(fi_mtp->mtp_os_desc.group.default_groups);
1447 kfree(fi_mtp);
1448 }
1449
alloc_inst_mtp_ptp(bool mtp_config)1450 struct usb_function_instance *alloc_inst_mtp_ptp(bool mtp_config)
1451 {
1452 struct mtp_instance *fi_mtp;
1453 int ret = 0;
1454 struct usb_os_desc *descs[1];
1455 char *names[1];
1456
1457 fi_mtp = kzalloc(sizeof(*fi_mtp), GFP_KERNEL);
1458 if (!fi_mtp)
1459 return ERR_PTR(-ENOMEM);
1460 fi_mtp->func_inst.set_inst_name = mtp_set_inst_name;
1461 fi_mtp->func_inst.free_func_inst = mtp_free_inst;
1462
1463 fi_mtp->mtp_os_desc.ext_compat_id = fi_mtp->mtp_ext_compat_id;
1464 INIT_LIST_HEAD(&fi_mtp->mtp_os_desc.ext_prop);
1465 descs[0] = &fi_mtp->mtp_os_desc;
1466 names[0] = "MTP";
1467 usb_os_desc_prepare_interf_dir(&fi_mtp->func_inst.group, 1,
1468 descs, names, THIS_MODULE);
1469
1470 if (mtp_config) {
1471 ret = mtp_setup_configfs(fi_mtp);
1472 if (ret) {
1473 kfree(fi_mtp);
1474 pr_err("Error setting MTP\n");
1475 return ERR_PTR(ret);
1476 }
1477 } else
1478 fi_mtp->dev = _mtp_dev;
1479
1480 config_group_init_type_name(&fi_mtp->func_inst.group,
1481 "", &mtp_func_type);
1482
1483 return &fi_mtp->func_inst;
1484 }
1485 EXPORT_SYMBOL_GPL(alloc_inst_mtp_ptp);
1486
mtp_alloc_inst(void)1487 static struct usb_function_instance *mtp_alloc_inst(void)
1488 {
1489 return alloc_inst_mtp_ptp(true);
1490 }
1491
mtp_ctrlreq_configfs(struct usb_function * f,const struct usb_ctrlrequest * ctrl)1492 static int mtp_ctrlreq_configfs(struct usb_function *f,
1493 const struct usb_ctrlrequest *ctrl)
1494 {
1495 return mtp_ctrlrequest(f->config->cdev, ctrl);
1496 }
1497
mtp_free(struct usb_function * f)1498 static void mtp_free(struct usb_function *f)
1499 {
1500 /*NO-OP: no function specific resource allocation in mtp_alloc*/
1501 }
1502
function_alloc_mtp_ptp(struct usb_function_instance * fi,bool mtp_config)1503 struct usb_function *function_alloc_mtp_ptp(struct usb_function_instance *fi,
1504 bool mtp_config)
1505 {
1506 struct mtp_instance *fi_mtp = to_fi_mtp(fi);
1507 struct mtp_dev *dev;
1508
1509 /*
1510 * PTP piggybacks on MTP function so make sure we have
1511 * created MTP function before we associate this PTP
1512 * function with a gadget configuration.
1513 */
1514 if (fi_mtp->dev == NULL) {
1515 pr_err("Error: Create MTP function before linking"
1516 " PTP function with a gadget configuration\n");
1517 pr_err("\t1: Delete existing PTP function if any\n");
1518 pr_err("\t2: Create MTP function\n");
1519 pr_err("\t3: Create and symlink PTP function"
1520 " with a gadget configuration\n");
1521 return ERR_PTR(-EINVAL); /* Invalid Configuration */
1522 }
1523
1524 dev = fi_mtp->dev;
1525 dev->function.name = DRIVER_NAME;
1526 dev->function.strings = mtp_strings;
1527 if (mtp_config) {
1528 dev->function.fs_descriptors = fs_mtp_descs;
1529 dev->function.hs_descriptors = hs_mtp_descs;
1530 dev->function.ss_descriptors = ss_mtp_descs;
1531 } else {
1532 dev->function.fs_descriptors = fs_ptp_descs;
1533 dev->function.hs_descriptors = hs_ptp_descs;
1534 dev->function.ss_descriptors = ss_ptp_descs;
1535 }
1536 dev->function.bind = mtp_function_bind;
1537 dev->function.unbind = mtp_function_unbind;
1538 dev->function.set_alt = mtp_function_set_alt;
1539 dev->function.disable = mtp_function_disable;
1540 dev->function.setup = mtp_ctrlreq_configfs;
1541 dev->function.free_func = mtp_free;
1542
1543 return &dev->function;
1544 }
1545 EXPORT_SYMBOL_GPL(function_alloc_mtp_ptp);
1546
mtp_alloc(struct usb_function_instance * fi)1547 static struct usb_function *mtp_alloc(struct usb_function_instance *fi)
1548 {
1549 return function_alloc_mtp_ptp(fi, true);
1550 }
1551
1552 DECLARE_USB_FUNCTION_INIT(mtp, mtp_alloc_inst, mtp_alloc);
1553 MODULE_LICENSE("GPL");
1554