brcm2708: update against latest rpi-3.10.y branch
[openwrt/svn-archive/archive.git] / target / linux / brcm2708 / patches-3.10 / 0002-Add-dwc_otg-driver.patch
1 From ee24f1f0affd88d3e101a7e66c5ebfd8e582b868 Mon Sep 17 00:00:00 2001
2 From: popcornmix <popcornmix@gmail.com>
3 Date: Wed, 1 May 2013 19:46:17 +0100
4 Subject: [PATCH 002/174] Add dwc_otg driver
5
6 Signed-off-by: popcornmix <popcornmix@gmail.com>
7 ---
8 drivers/usb/Makefile | 1 +
9 drivers/usb/core/generic.c | 1 +
10 drivers/usb/core/message.c | 79 +
11 drivers/usb/core/otg_whitelist.h | 172 +-
12 drivers/usb/gadget/file_storage.c | 3676 ++++++++++
13 drivers/usb/host/Kconfig | 13 +
14 drivers/usb/host/Makefile | 2 +
15 drivers/usb/host/dwc_common_port/Makefile | 58 +
16 drivers/usb/host/dwc_common_port/Makefile.fbsd | 17 +
17 drivers/usb/host/dwc_common_port/Makefile.linux | 49 +
18 drivers/usb/host/dwc_common_port/changes.txt | 174 +
19 drivers/usb/host/dwc_common_port/doc/doxygen.cfg | 270 +
20 drivers/usb/host/dwc_common_port/dwc_cc.c | 532 ++
21 drivers/usb/host/dwc_common_port/dwc_cc.h | 225 +
22 drivers/usb/host/dwc_common_port/dwc_common_fbsd.c | 1308 ++++
23 .../usb/host/dwc_common_port/dwc_common_linux.c | 1421 ++++
24 drivers/usb/host/dwc_common_port/dwc_common_nbsd.c | 1275 ++++
25 drivers/usb/host/dwc_common_port/dwc_crypto.c | 308 +
26 drivers/usb/host/dwc_common_port/dwc_crypto.h | 111 +
27 drivers/usb/host/dwc_common_port/dwc_dh.c | 291 +
28 drivers/usb/host/dwc_common_port/dwc_dh.h | 106 +
29 drivers/usb/host/dwc_common_port/dwc_list.h | 594 ++
30 drivers/usb/host/dwc_common_port/dwc_mem.c | 245 +
31 drivers/usb/host/dwc_common_port/dwc_modpow.c | 636 ++
32 drivers/usb/host/dwc_common_port/dwc_modpow.h | 34 +
33 drivers/usb/host/dwc_common_port/dwc_notifier.c | 319 +
34 drivers/usb/host/dwc_common_port/dwc_notifier.h | 122 +
35 drivers/usb/host/dwc_common_port/dwc_os.h | 1260 ++++
36 drivers/usb/host/dwc_common_port/usb.h | 946 +++
37 drivers/usb/host/dwc_otg/Makefile | 80 +
38 drivers/usb/host/dwc_otg/doc/doxygen.cfg | 224 +
39 drivers/usb/host/dwc_otg/dummy_audio.c | 1575 +++++
40 drivers/usb/host/dwc_otg/dwc_cfi_common.h | 142 +
41 drivers/usb/host/dwc_otg/dwc_otg_adp.c | 854 +++
42 drivers/usb/host/dwc_otg/dwc_otg_adp.h | 80 +
43 drivers/usb/host/dwc_otg/dwc_otg_attr.c | 1210 ++++
44 drivers/usb/host/dwc_otg/dwc_otg_attr.h | 89 +
45 drivers/usb/host/dwc_otg/dwc_otg_cfi.c | 1876 +++++
46 drivers/usb/host/dwc_otg/dwc_otg_cfi.h | 320 +
47 drivers/usb/host/dwc_otg/dwc_otg_cil.c | 7151 ++++++++++++++++++++
48 drivers/usb/host/dwc_otg/dwc_otg_cil.h | 1464 ++++
49 drivers/usb/host/dwc_otg/dwc_otg_cil_intr.c | 1563 +++++
50 drivers/usb/host/dwc_otg/dwc_otg_core_if.h | 705 ++
51 drivers/usb/host/dwc_otg/dwc_otg_dbg.h | 116 +
52 drivers/usb/host/dwc_otg/dwc_otg_driver.c | 1700 +++++
53 drivers/usb/host/dwc_otg/dwc_otg_driver.h | 86 +
54 drivers/usb/host/dwc_otg/dwc_otg_hcd.c | 3473 ++++++++++
55 drivers/usb/host/dwc_otg/dwc_otg_hcd.h | 824 +++
56 drivers/usb/host/dwc_otg/dwc_otg_hcd_ddma.c | 1133 ++++
57 drivers/usb/host/dwc_otg/dwc_otg_hcd_if.h | 412 ++
58 drivers/usb/host/dwc_otg/dwc_otg_hcd_intr.c | 2106 ++++++
59 drivers/usb/host/dwc_otg/dwc_otg_hcd_linux.c | 893 +++
60 drivers/usb/host/dwc_otg/dwc_otg_hcd_queue.c | 922 +++
61 drivers/usb/host/dwc_otg/dwc_otg_os_dep.h | 185 +
62 drivers/usb/host/dwc_otg/dwc_otg_pcd.c | 2708 ++++++++
63 drivers/usb/host/dwc_otg/dwc_otg_pcd.h | 266 +
64 drivers/usb/host/dwc_otg/dwc_otg_pcd_if.h | 360 +
65 drivers/usb/host/dwc_otg/dwc_otg_pcd_intr.c | 5147 ++++++++++++++
66 drivers/usb/host/dwc_otg/dwc_otg_pcd_linux.c | 1358 ++++
67 drivers/usb/host/dwc_otg/dwc_otg_regs.h | 2550 +++++++
68 drivers/usb/host/dwc_otg/test/Makefile | 16 +
69 drivers/usb/host/dwc_otg/test/dwc_otg_test.pm | 337 +
70 drivers/usb/host/dwc_otg/test/test_mod_param.pl | 133 +
71 drivers/usb/host/dwc_otg/test/test_sysfs.pl | 193 +
72 64 files changed, 56447 insertions(+), 49 deletions(-)
73 create mode 100644 drivers/usb/gadget/file_storage.c
74 create mode 100644 drivers/usb/host/dwc_common_port/Makefile
75 create mode 100644 drivers/usb/host/dwc_common_port/Makefile.fbsd
76 create mode 100644 drivers/usb/host/dwc_common_port/Makefile.linux
77 create mode 100644 drivers/usb/host/dwc_common_port/changes.txt
78 create mode 100644 drivers/usb/host/dwc_common_port/doc/doxygen.cfg
79 create mode 100644 drivers/usb/host/dwc_common_port/dwc_cc.c
80 create mode 100644 drivers/usb/host/dwc_common_port/dwc_cc.h
81 create mode 100644 drivers/usb/host/dwc_common_port/dwc_common_fbsd.c
82 create mode 100644 drivers/usb/host/dwc_common_port/dwc_common_linux.c
83 create mode 100644 drivers/usb/host/dwc_common_port/dwc_common_nbsd.c
84 create mode 100644 drivers/usb/host/dwc_common_port/dwc_crypto.c
85 create mode 100644 drivers/usb/host/dwc_common_port/dwc_crypto.h
86 create mode 100644 drivers/usb/host/dwc_common_port/dwc_dh.c
87 create mode 100644 drivers/usb/host/dwc_common_port/dwc_dh.h
88 create mode 100644 drivers/usb/host/dwc_common_port/dwc_list.h
89 create mode 100644 drivers/usb/host/dwc_common_port/dwc_mem.c
90 create mode 100644 drivers/usb/host/dwc_common_port/dwc_modpow.c
91 create mode 100644 drivers/usb/host/dwc_common_port/dwc_modpow.h
92 create mode 100644 drivers/usb/host/dwc_common_port/dwc_notifier.c
93 create mode 100644 drivers/usb/host/dwc_common_port/dwc_notifier.h
94 create mode 100644 drivers/usb/host/dwc_common_port/dwc_os.h
95 create mode 100644 drivers/usb/host/dwc_common_port/usb.h
96 create mode 100644 drivers/usb/host/dwc_otg/Makefile
97 create mode 100644 drivers/usb/host/dwc_otg/doc/doxygen.cfg
98 create mode 100644 drivers/usb/host/dwc_otg/dummy_audio.c
99 create mode 100644 drivers/usb/host/dwc_otg/dwc_cfi_common.h
100 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_adp.c
101 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_adp.h
102 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_attr.c
103 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_attr.h
104 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_cfi.c
105 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_cfi.h
106 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_cil.c
107 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_cil.h
108 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_cil_intr.c
109 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_core_if.h
110 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_dbg.h
111 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_driver.c
112 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_driver.h
113 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_hcd.c
114 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_hcd.h
115 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_hcd_ddma.c
116 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_hcd_if.h
117 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_hcd_intr.c
118 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_hcd_linux.c
119 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_hcd_queue.c
120 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_os_dep.h
121 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_pcd.c
122 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_pcd.h
123 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_pcd_if.h
124 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_pcd_intr.c
125 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_pcd_linux.c
126 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_regs.h
127 create mode 100644 drivers/usb/host/dwc_otg/test/Makefile
128 create mode 100644 drivers/usb/host/dwc_otg/test/dwc_otg_test.pm
129 create mode 100644 drivers/usb/host/dwc_otg/test/test_mod_param.pl
130 create mode 100644 drivers/usb/host/dwc_otg/test/test_sysfs.pl
131
132 --- a/drivers/usb/Makefile
133 +++ b/drivers/usb/Makefile
134 @@ -23,6 +23,7 @@ obj-$(CONFIG_USB_U132_HCD) += host/
135 obj-$(CONFIG_USB_R8A66597_HCD) += host/
136 obj-$(CONFIG_USB_HWA_HCD) += host/
137 obj-$(CONFIG_USB_ISP1760_HCD) += host/
138 +obj-$(CONFIG_USB_DWCOTG) += host/
139 obj-$(CONFIG_USB_IMX21_HCD) += host/
140 obj-$(CONFIG_USB_FSL_MPH_DR_OF) += host/
141
142 --- a/drivers/usb/core/generic.c
143 +++ b/drivers/usb/core/generic.c
144 @@ -152,6 +152,7 @@ int usb_choose_configuration(struct usb_
145 dev_warn(&udev->dev,
146 "no configuration chosen from %d choice%s\n",
147 num_configs, plural(num_configs));
148 + dev_warn(&udev->dev, "No support over %dmA\n", udev->bus_mA);
149 }
150 return i;
151 }
152 --- a/drivers/usb/core/message.c
153 +++ b/drivers/usb/core/message.c
154 @@ -1875,6 +1875,85 @@ free_interfaces:
155 if (cp->string == NULL &&
156 !(dev->quirks & USB_QUIRK_CONFIG_INTF_STRINGS))
157 cp->string = usb_cache_string(dev, cp->desc.iConfiguration);
158 +/* Uncomment this define to enable the HS Electrical Test support */
159 +#define DWC_HS_ELECT_TST 1
160 +#ifdef DWC_HS_ELECT_TST
161 + /* Here we implement the HS Electrical Test support. The
162 + * tester uses a vendor ID of 0x1A0A to indicate we should
163 + * run a special test sequence. The product ID tells us
164 + * which sequence to run. We invoke the test sequence by
165 + * sending a non-standard SetFeature command to our root
166 + * hub port. Our dwc_otg_hcd_hub_control() routine will
167 + * recognize the command and perform the desired test
168 + * sequence.
169 + */
170 + if (dev->descriptor.idVendor == 0x1A0A) {
171 + /* HSOTG Electrical Test */
172 + dev_warn(&dev->dev, "VID from HSOTG Electrical Test Fixture\n");
173 +
174 + if (dev->bus && dev->bus->root_hub) {
175 + struct usb_device *hdev = dev->bus->root_hub;
176 + dev_warn(&dev->dev, "Got PID 0x%x\n", dev->descriptor.idProduct);
177 +
178 + switch (dev->descriptor.idProduct) {
179 + case 0x0101: /* TEST_SE0_NAK */
180 + dev_warn(&dev->dev, "TEST_SE0_NAK\n");
181 + usb_control_msg(hdev, usb_sndctrlpipe(hdev, 0),
182 + USB_REQ_SET_FEATURE, USB_RT_PORT,
183 + USB_PORT_FEAT_TEST, 0x300, NULL, 0, HZ);
184 + break;
185 +
186 + case 0x0102: /* TEST_J */
187 + dev_warn(&dev->dev, "TEST_J\n");
188 + usb_control_msg(hdev, usb_sndctrlpipe(hdev, 0),
189 + USB_REQ_SET_FEATURE, USB_RT_PORT,
190 + USB_PORT_FEAT_TEST, 0x100, NULL, 0, HZ);
191 + break;
192 +
193 + case 0x0103: /* TEST_K */
194 + dev_warn(&dev->dev, "TEST_K\n");
195 + usb_control_msg(hdev, usb_sndctrlpipe(hdev, 0),
196 + USB_REQ_SET_FEATURE, USB_RT_PORT,
197 + USB_PORT_FEAT_TEST, 0x200, NULL, 0, HZ);
198 + break;
199 +
200 + case 0x0104: /* TEST_PACKET */
201 + dev_warn(&dev->dev, "TEST_PACKET\n");
202 + usb_control_msg(hdev, usb_sndctrlpipe(hdev, 0),
203 + USB_REQ_SET_FEATURE, USB_RT_PORT,
204 + USB_PORT_FEAT_TEST, 0x400, NULL, 0, HZ);
205 + break;
206 +
207 + case 0x0105: /* TEST_FORCE_ENABLE */
208 + dev_warn(&dev->dev, "TEST_FORCE_ENABLE\n");
209 + usb_control_msg(hdev, usb_sndctrlpipe(hdev, 0),
210 + USB_REQ_SET_FEATURE, USB_RT_PORT,
211 + USB_PORT_FEAT_TEST, 0x500, NULL, 0, HZ);
212 + break;
213 +
214 + case 0x0106: /* HS_HOST_PORT_SUSPEND_RESUME */
215 + dev_warn(&dev->dev, "HS_HOST_PORT_SUSPEND_RESUME\n");
216 + usb_control_msg(hdev, usb_sndctrlpipe(hdev, 0),
217 + USB_REQ_SET_FEATURE, USB_RT_PORT,
218 + USB_PORT_FEAT_TEST, 0x600, NULL, 0, 40 * HZ);
219 + break;
220 +
221 + case 0x0107: /* SINGLE_STEP_GET_DEVICE_DESCRIPTOR setup */
222 + dev_warn(&dev->dev, "SINGLE_STEP_GET_DEVICE_DESCRIPTOR setup\n");
223 + usb_control_msg(hdev, usb_sndctrlpipe(hdev, 0),
224 + USB_REQ_SET_FEATURE, USB_RT_PORT,
225 + USB_PORT_FEAT_TEST, 0x700, NULL, 0, 40 * HZ);
226 + break;
227 +
228 + case 0x0108: /* SINGLE_STEP_GET_DEVICE_DESCRIPTOR execute */
229 + dev_warn(&dev->dev, "SINGLE_STEP_GET_DEVICE_DESCRIPTOR execute\n");
230 + usb_control_msg(hdev, usb_sndctrlpipe(hdev, 0),
231 + USB_REQ_SET_FEATURE, USB_RT_PORT,
232 + USB_PORT_FEAT_TEST, 0x800, NULL, 0, 40 * HZ);
233 + }
234 + }
235 + }
236 +#endif /* DWC_HS_ELECT_TST */
237
238 /* Now that the interfaces are installed, re-enable LPM. */
239 usb_unlocked_enable_lpm(dev);
240 --- a/drivers/usb/core/otg_whitelist.h
241 +++ b/drivers/usb/core/otg_whitelist.h
242 @@ -19,33 +19,82 @@
243 static struct usb_device_id whitelist_table [] = {
244
245 /* hubs are optional in OTG, but very handy ... */
246 +#define CERT_WITHOUT_HUBS
247 +#if defined(CERT_WITHOUT_HUBS)
248 +{ USB_DEVICE( 0x0000, 0x0000 ), }, /* Root HUB Only*/
249 +#else
250 { USB_DEVICE_INFO(USB_CLASS_HUB, 0, 0), },
251 { USB_DEVICE_INFO(USB_CLASS_HUB, 0, 1), },
252 +{ USB_DEVICE_INFO(USB_CLASS_HUB, 0, 2), },
253 +#endif
254
255 #ifdef CONFIG_USB_PRINTER /* ignoring nonstatic linkage! */
256 /* FIXME actually, printers are NOT supposed to use device classes;
257 * they're supposed to use interface classes...
258 */
259 -{ USB_DEVICE_INFO(7, 1, 1) },
260 -{ USB_DEVICE_INFO(7, 1, 2) },
261 -{ USB_DEVICE_INFO(7, 1, 3) },
262 +//{ USB_DEVICE_INFO(7, 1, 1) },
263 +//{ USB_DEVICE_INFO(7, 1, 2) },
264 +//{ USB_DEVICE_INFO(7, 1, 3) },
265 #endif
266
267 #ifdef CONFIG_USB_NET_CDCETHER
268 /* Linux-USB CDC Ethernet gadget */
269 -{ USB_DEVICE(0x0525, 0xa4a1), },
270 +//{ USB_DEVICE(0x0525, 0xa4a1), },
271 /* Linux-USB CDC Ethernet + RNDIS gadget */
272 -{ USB_DEVICE(0x0525, 0xa4a2), },
273 +//{ USB_DEVICE(0x0525, 0xa4a2), },
274 #endif
275
276 #if defined(CONFIG_USB_TEST) || defined(CONFIG_USB_TEST_MODULE)
277 /* gadget zero, for testing */
278 -{ USB_DEVICE(0x0525, 0xa4a0), },
279 +//{ USB_DEVICE(0x0525, 0xa4a0), },
280 #endif
281 +
282 +/* OPT Tester */
283 +{ USB_DEVICE( 0x1a0a, 0x0101 ), }, /* TEST_SE0_NAK */
284 +{ USB_DEVICE( 0x1a0a, 0x0102 ), }, /* Test_J */
285 +{ USB_DEVICE( 0x1a0a, 0x0103 ), }, /* Test_K */
286 +{ USB_DEVICE( 0x1a0a, 0x0104 ), }, /* Test_PACKET */
287 +{ USB_DEVICE( 0x1a0a, 0x0105 ), }, /* Test_FORCE_ENABLE */
288 +{ USB_DEVICE( 0x1a0a, 0x0106 ), }, /* HS_PORT_SUSPEND_RESUME */
289 +{ USB_DEVICE( 0x1a0a, 0x0107 ), }, /* SINGLE_STEP_GET_DESCRIPTOR setup */
290 +{ USB_DEVICE( 0x1a0a, 0x0108 ), }, /* SINGLE_STEP_GET_DESCRIPTOR execute */
291 +
292 +/* Sony cameras */
293 +{ USB_DEVICE_VER(0x054c,0x0010,0x0410, 0x0500), },
294 +
295 +/* Memory Devices */
296 +//{ USB_DEVICE( 0x0781, 0x5150 ), }, /* SanDisk */
297 +//{ USB_DEVICE( 0x05DC, 0x0080 ), }, /* Lexar */
298 +//{ USB_DEVICE( 0x4146, 0x9281 ), }, /* IOMEGA */
299 +//{ USB_DEVICE( 0x067b, 0x2507 ), }, /* Hammer 20GB External HD */
300 +{ USB_DEVICE( 0x0EA0, 0x2168 ), }, /* Ours Technology Inc. (BUFFALO ClipDrive)*/
301 +//{ USB_DEVICE( 0x0457, 0x0150 ), }, /* Silicon Integrated Systems Corp. */
302 +
303 +/* HP Printers */
304 +//{ USB_DEVICE( 0x03F0, 0x1102 ), }, /* HP Photosmart 245 */
305 +//{ USB_DEVICE( 0x03F0, 0x1302 ), }, /* HP Photosmart 370 Series */
306 +
307 +/* Speakers */
308 +//{ USB_DEVICE( 0x0499, 0x3002 ), }, /* YAMAHA YST-MS35D USB Speakers */
309 +//{ USB_DEVICE( 0x0672, 0x1041 ), }, /* Labtec USB Headset */
310
311 { } /* Terminating entry */
312 };
313
314 +static inline void report_errors(struct usb_device *dev)
315 +{
316 + /* OTG MESSAGE: report errors here, customize to match your product */
317 + dev_info(&dev->dev, "device Vendor:%04x Product:%04x is not supported\n",
318 + le16_to_cpu(dev->descriptor.idVendor),
319 + le16_to_cpu(dev->descriptor.idProduct));
320 + if (USB_CLASS_HUB == dev->descriptor.bDeviceClass){
321 + dev_printk(KERN_CRIT, &dev->dev, "Unsupported Hub Topology\n");
322 + } else {
323 + dev_printk(KERN_CRIT, &dev->dev, "Attached Device is not Supported\n");
324 + }
325 +}
326 +
327 +
328 static int is_targeted(struct usb_device *dev)
329 {
330 struct usb_device_id *id = whitelist_table;
331 @@ -55,58 +104,83 @@ static int is_targeted(struct usb_device
332 return 1;
333
334 /* HNP test device is _never_ targeted (see OTG spec 6.6.6) */
335 - if ((le16_to_cpu(dev->descriptor.idVendor) == 0x1a0a &&
336 - le16_to_cpu(dev->descriptor.idProduct) == 0xbadd))
337 - return 0;
338 + if (dev->descriptor.idVendor == 0x1a0a &&
339 + dev->descriptor.idProduct == 0xbadd) {
340 + return 0;
341 + } else if (!enable_whitelist) {
342 + return 1;
343 + } else {
344
345 - /* NOTE: can't use usb_match_id() since interface caches
346 - * aren't set up yet. this is cut/paste from that code.
347 - */
348 - for (id = whitelist_table; id->match_flags; id++) {
349 - if ((id->match_flags & USB_DEVICE_ID_MATCH_VENDOR) &&
350 - id->idVendor != le16_to_cpu(dev->descriptor.idVendor))
351 - continue;
352 -
353 - if ((id->match_flags & USB_DEVICE_ID_MATCH_PRODUCT) &&
354 - id->idProduct != le16_to_cpu(dev->descriptor.idProduct))
355 - continue;
356 -
357 - /* No need to test id->bcdDevice_lo != 0, since 0 is never
358 - greater than any unsigned number. */
359 - if ((id->match_flags & USB_DEVICE_ID_MATCH_DEV_LO) &&
360 - (id->bcdDevice_lo > le16_to_cpu(dev->descriptor.bcdDevice)))
361 - continue;
362 -
363 - if ((id->match_flags & USB_DEVICE_ID_MATCH_DEV_HI) &&
364 - (id->bcdDevice_hi < le16_to_cpu(dev->descriptor.bcdDevice)))
365 - continue;
366 -
367 - if ((id->match_flags & USB_DEVICE_ID_MATCH_DEV_CLASS) &&
368 - (id->bDeviceClass != dev->descriptor.bDeviceClass))
369 - continue;
370 -
371 - if ((id->match_flags & USB_DEVICE_ID_MATCH_DEV_SUBCLASS) &&
372 - (id->bDeviceSubClass != dev->descriptor.bDeviceSubClass))
373 - continue;
374 -
375 - if ((id->match_flags & USB_DEVICE_ID_MATCH_DEV_PROTOCOL) &&
376 - (id->bDeviceProtocol != dev->descriptor.bDeviceProtocol))
377 - continue;
378 +#ifdef DEBUG
379 + dev_dbg(&dev->dev, "device V:%04x P:%04x DC:%04x SC:%04x PR:%04x \n",
380 + dev->descriptor.idVendor,
381 + dev->descriptor.idProduct,
382 + dev->descriptor.bDeviceClass,
383 + dev->descriptor.bDeviceSubClass,
384 + dev->descriptor.bDeviceProtocol);
385 +#endif
386
387 return 1;
388 + /* NOTE: can't use usb_match_id() since interface caches
389 + * aren't set up yet. this is cut/paste from that code.
390 + */
391 + for (id = whitelist_table; id->match_flags; id++) {
392 +#ifdef DEBUG
393 + dev_dbg(&dev->dev,
394 + "ID: V:%04x P:%04x DC:%04x SC:%04x PR:%04x \n",
395 + id->idVendor,
396 + id->idProduct,
397 + id->bDeviceClass,
398 + id->bDeviceSubClass,
399 + id->bDeviceProtocol);
400 +#endif
401 +
402 + if ((id->match_flags & USB_DEVICE_ID_MATCH_VENDOR) &&
403 + id->idVendor != le16_to_cpu(dev->descriptor.idVendor))
404 + continue;
405 +
406 + if ((id->match_flags & USB_DEVICE_ID_MATCH_PRODUCT) &&
407 + id->idProduct != le16_to_cpu(dev->descriptor.idProduct))
408 + continue;
409 +
410 + /* No need to test id->bcdDevice_lo != 0, since 0 is never
411 + greater than any unsigned number. */
412 + if ((id->match_flags & USB_DEVICE_ID_MATCH_DEV_LO) &&
413 + (id->bcdDevice_lo > le16_to_cpu(dev->descriptor.bcdDevice)))
414 + continue;
415 +
416 + if ((id->match_flags & USB_DEVICE_ID_MATCH_DEV_HI) &&
417 + (id->bcdDevice_hi < le16_to_cpu(dev->descriptor.bcdDevice)))
418 + continue;
419 +
420 + if ((id->match_flags & USB_DEVICE_ID_MATCH_DEV_CLASS) &&
421 + (id->bDeviceClass != dev->descriptor.bDeviceClass))
422 + continue;
423 +
424 + if ((id->match_flags & USB_DEVICE_ID_MATCH_DEV_SUBCLASS) &&
425 + (id->bDeviceSubClass != dev->descriptor.bDeviceSubClass))
426 + continue;
427 +
428 + if ((id->match_flags & USB_DEVICE_ID_MATCH_DEV_PROTOCOL) &&
429 + (id->bDeviceProtocol != dev->descriptor.bDeviceProtocol))
430 + continue;
431 +
432 + return 1;
433 + }
434 }
435
436 /* add other match criteria here ... */
437
438 -
439 - /* OTG MESSAGE: report errors here, customize to match your product */
440 - dev_err(&dev->dev, "device v%04x p%04x is not supported\n",
441 - le16_to_cpu(dev->descriptor.idVendor),
442 - le16_to_cpu(dev->descriptor.idProduct));
443 #ifdef CONFIG_USB_OTG_WHITELIST
444 + report_errors(dev);
445 return 0;
446 #else
447 - return 1;
448 + if (enable_whitelist) {
449 + report_errors(dev);
450 + return 0;
451 + } else {
452 + return 1;
453 + }
454 #endif
455 }
456
457 --- /dev/null
458 +++ b/drivers/usb/gadget/file_storage.c
459 @@ -0,0 +1,3676 @@
460 +/*
461 + * file_storage.c -- File-backed USB Storage Gadget, for USB development
462 + *
463 + * Copyright (C) 2003-2008 Alan Stern
464 + * All rights reserved.
465 + *
466 + * Redistribution and use in source and binary forms, with or without
467 + * modification, are permitted provided that the following conditions
468 + * are met:
469 + * 1. Redistributions of source code must retain the above copyright
470 + * notice, this list of conditions, and the following disclaimer,
471 + * without modification.
472 + * 2. Redistributions in binary form must reproduce the above copyright
473 + * notice, this list of conditions and the following disclaimer in the
474 + * documentation and/or other materials provided with the distribution.
475 + * 3. The names of the above-listed copyright holders may not be used
476 + * to endorse or promote products derived from this software without
477 + * specific prior written permission.
478 + *
479 + * ALTERNATIVELY, this software may be distributed under the terms of the
480 + * GNU General Public License ("GPL") as published by the Free Software
481 + * Foundation, either version 2 of that License or (at your option) any
482 + * later version.
483 + *
484 + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
485 + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
486 + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
487 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
488 + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
489 + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
490 + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
491 + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
492 + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
493 + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
494 + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
495 + */
496 +
497 +
498 +/*
499 + * The File-backed Storage Gadget acts as a USB Mass Storage device,
500 + * appearing to the host as a disk drive or as a CD-ROM drive. In addition
501 + * to providing an example of a genuinely useful gadget driver for a USB
502 + * device, it also illustrates a technique of double-buffering for increased
503 + * throughput. Last but not least, it gives an easy way to probe the
504 + * behavior of the Mass Storage drivers in a USB host.
505 + *
506 + * Backing storage is provided by a regular file or a block device, specified
507 + * by the "file" module parameter. Access can be limited to read-only by
508 + * setting the optional "ro" module parameter. (For CD-ROM emulation,
509 + * access is always read-only.) The gadget will indicate that it has
510 + * removable media if the optional "removable" module parameter is set.
511 + *
512 + * The gadget supports the Control-Bulk (CB), Control-Bulk-Interrupt (CBI),
513 + * and Bulk-Only (also known as Bulk-Bulk-Bulk or BBB) transports, selected
514 + * by the optional "transport" module parameter. It also supports the
515 + * following protocols: RBC (0x01), ATAPI or SFF-8020i (0x02), QIC-157 (0c03),
516 + * UFI (0x04), SFF-8070i (0x05), and transparent SCSI (0x06), selected by
517 + * the optional "protocol" module parameter. In addition, the default
518 + * Vendor ID, Product ID, release number and serial number can be overridden.
519 + *
520 + * There is support for multiple logical units (LUNs), each of which has
521 + * its own backing file. The number of LUNs can be set using the optional
522 + * "luns" module parameter (anywhere from 1 to 8), and the corresponding
523 + * files are specified using comma-separated lists for "file" and "ro".
524 + * The default number of LUNs is taken from the number of "file" elements;
525 + * it is 1 if "file" is not given. If "removable" is not set then a backing
526 + * file must be specified for each LUN. If it is set, then an unspecified
527 + * or empty backing filename means the LUN's medium is not loaded. Ideally
528 + * each LUN would be settable independently as a disk drive or a CD-ROM
529 + * drive, but currently all LUNs have to be the same type. The CD-ROM
530 + * emulation includes a single data track and no audio tracks; hence there
531 + * need be only one backing file per LUN.
532 + *
533 + * Requirements are modest; only a bulk-in and a bulk-out endpoint are
534 + * needed (an interrupt-out endpoint is also needed for CBI). The memory
535 + * requirement amounts to two 16K buffers, size configurable by a parameter.
536 + * Support is included for both full-speed and high-speed operation.
537 + *
538 + * Note that the driver is slightly non-portable in that it assumes a
539 + * single memory/DMA buffer will be useable for bulk-in, bulk-out, and
540 + * interrupt-in endpoints. With most device controllers this isn't an
541 + * issue, but there may be some with hardware restrictions that prevent
542 + * a buffer from being used by more than one endpoint.
543 + *
544 + * Module options:
545 + *
546 + * file=filename[,filename...]
547 + * Required if "removable" is not set, names of
548 + * the files or block devices used for
549 + * backing storage
550 + * serial=HHHH... Required serial number (string of hex chars)
551 + * ro=b[,b...] Default false, booleans for read-only access
552 + * removable Default false, boolean for removable media
553 + * luns=N Default N = number of filenames, number of
554 + * LUNs to support
555 + * nofua=b[,b...] Default false, booleans for ignore FUA flag
556 + * in SCSI WRITE(10,12) commands
557 + * stall Default determined according to the type of
558 + * USB device controller (usually true),
559 + * boolean to permit the driver to halt
560 + * bulk endpoints
561 + * cdrom Default false, boolean for whether to emulate
562 + * a CD-ROM drive
563 + * transport=XXX Default BBB, transport name (CB, CBI, or BBB)
564 + * protocol=YYY Default SCSI, protocol name (RBC, 8020 or
565 + * ATAPI, QIC, UFI, 8070, or SCSI;
566 + * also 1 - 6)
567 + * vendor=0xVVVV Default 0x0525 (NetChip), USB Vendor ID
568 + * product=0xPPPP Default 0xa4a5 (FSG), USB Product ID
569 + * release=0xRRRR Override the USB release number (bcdDevice)
570 + * buflen=N Default N=16384, buffer size used (will be
571 + * rounded down to a multiple of
572 + * PAGE_CACHE_SIZE)
573 + *
574 + * If CONFIG_USB_FILE_STORAGE_TEST is not set, only the "file", "serial", "ro",
575 + * "removable", "luns", "nofua", "stall", and "cdrom" options are available;
576 + * default values are used for everything else.
577 + *
578 + * The pathnames of the backing files and the ro settings are available in
579 + * the attribute files "file", "nofua", and "ro" in the lun<n> subdirectory of
580 + * the gadget's sysfs directory. If the "removable" option is set, writing to
581 + * these files will simulate ejecting/loading the medium (writing an empty
582 + * line means eject) and adjusting a write-enable tab. Changes to the ro
583 + * setting are not allowed when the medium is loaded or if CD-ROM emulation
584 + * is being used.
585 + *
586 + * This gadget driver is heavily based on "Gadget Zero" by David Brownell.
587 + * The driver's SCSI command interface was based on the "Information
588 + * technology - Small Computer System Interface - 2" document from
589 + * X3T9.2 Project 375D, Revision 10L, 7-SEP-93, available at
590 + * <http://www.t10.org/ftp/t10/drafts/s2/s2-r10l.pdf>. The single exception
591 + * is opcode 0x23 (READ FORMAT CAPACITIES), which was based on the
592 + * "Universal Serial Bus Mass Storage Class UFI Command Specification"
593 + * document, Revision 1.0, December 14, 1998, available at
594 + * <http://www.usb.org/developers/devclass_docs/usbmass-ufi10.pdf>.
595 + */
596 +
597 +
598 +/*
599 + * Driver Design
600 + *
601 + * The FSG driver is fairly straightforward. There is a main kernel
602 + * thread that handles most of the work. Interrupt routines field
603 + * callbacks from the controller driver: bulk- and interrupt-request
604 + * completion notifications, endpoint-0 events, and disconnect events.
605 + * Completion events are passed to the main thread by wakeup calls. Many
606 + * ep0 requests are handled at interrupt time, but SetInterface,
607 + * SetConfiguration, and device reset requests are forwarded to the
608 + * thread in the form of "exceptions" using SIGUSR1 signals (since they
609 + * should interrupt any ongoing file I/O operations).
610 + *
611 + * The thread's main routine implements the standard command/data/status
612 + * parts of a SCSI interaction. It and its subroutines are full of tests
613 + * for pending signals/exceptions -- all this polling is necessary since
614 + * the kernel has no setjmp/longjmp equivalents. (Maybe this is an
615 + * indication that the driver really wants to be running in userspace.)
616 + * An important point is that so long as the thread is alive it keeps an
617 + * open reference to the backing file. This will prevent unmounting
618 + * the backing file's underlying filesystem and could cause problems
619 + * during system shutdown, for example. To prevent such problems, the
620 + * thread catches INT, TERM, and KILL signals and converts them into
621 + * an EXIT exception.
622 + *
623 + * In normal operation the main thread is started during the gadget's
624 + * fsg_bind() callback and stopped during fsg_unbind(). But it can also
625 + * exit when it receives a signal, and there's no point leaving the
626 + * gadget running when the thread is dead. So just before the thread
627 + * exits, it deregisters the gadget driver. This makes things a little
628 + * tricky: The driver is deregistered at two places, and the exiting
629 + * thread can indirectly call fsg_unbind() which in turn can tell the
630 + * thread to exit. The first problem is resolved through the use of the
631 + * REGISTERED atomic bitflag; the driver will only be deregistered once.
632 + * The second problem is resolved by having fsg_unbind() check
633 + * fsg->state; it won't try to stop the thread if the state is already
634 + * FSG_STATE_TERMINATED.
635 + *
636 + * To provide maximum throughput, the driver uses a circular pipeline of
637 + * buffer heads (struct fsg_buffhd). In principle the pipeline can be
638 + * arbitrarily long; in practice the benefits don't justify having more
639 + * than 2 stages (i.e., double buffering). But it helps to think of the
640 + * pipeline as being a long one. Each buffer head contains a bulk-in and
641 + * a bulk-out request pointer (since the buffer can be used for both
642 + * output and input -- directions always are given from the host's
643 + * point of view) as well as a pointer to the buffer and various state
644 + * variables.
645 + *
646 + * Use of the pipeline follows a simple protocol. There is a variable
647 + * (fsg->next_buffhd_to_fill) that points to the next buffer head to use.
648 + * At any time that buffer head may still be in use from an earlier
649 + * request, so each buffer head has a state variable indicating whether
650 + * it is EMPTY, FULL, or BUSY. Typical use involves waiting for the
651 + * buffer head to be EMPTY, filling the buffer either by file I/O or by
652 + * USB I/O (during which the buffer head is BUSY), and marking the buffer
653 + * head FULL when the I/O is complete. Then the buffer will be emptied
654 + * (again possibly by USB I/O, during which it is marked BUSY) and
655 + * finally marked EMPTY again (possibly by a completion routine).
656 + *
657 + * A module parameter tells the driver to avoid stalling the bulk
658 + * endpoints wherever the transport specification allows. This is
659 + * necessary for some UDCs like the SuperH, which cannot reliably clear a
660 + * halt on a bulk endpoint. However, under certain circumstances the
661 + * Bulk-only specification requires a stall. In such cases the driver
662 + * will halt the endpoint and set a flag indicating that it should clear
663 + * the halt in software during the next device reset. Hopefully this
664 + * will permit everything to work correctly. Furthermore, although the
665 + * specification allows the bulk-out endpoint to halt when the host sends
666 + * too much data, implementing this would cause an unavoidable race.
667 + * The driver will always use the "no-stall" approach for OUT transfers.
668 + *
669 + * One subtle point concerns sending status-stage responses for ep0
670 + * requests. Some of these requests, such as device reset, can involve
671 + * interrupting an ongoing file I/O operation, which might take an
672 + * arbitrarily long time. During that delay the host might give up on
673 + * the original ep0 request and issue a new one. When that happens the
674 + * driver should not notify the host about completion of the original
675 + * request, as the host will no longer be waiting for it. So the driver
676 + * assigns to each ep0 request a unique tag, and it keeps track of the
677 + * tag value of the request associated with a long-running exception
678 + * (device-reset, interface-change, or configuration-change). When the
679 + * exception handler is finished, the status-stage response is submitted
680 + * only if the current ep0 request tag is equal to the exception request
681 + * tag. Thus only the most recently received ep0 request will get a
682 + * status-stage response.
683 + *
684 + * Warning: This driver source file is too long. It ought to be split up
685 + * into a header file plus about 3 separate .c files, to handle the details
686 + * of the Gadget, USB Mass Storage, and SCSI protocols.
687 + */
688 +
689 +
690 +/* #define VERBOSE_DEBUG */
691 +/* #define DUMP_MSGS */
692 +
693 +
694 +#include <linux/blkdev.h>
695 +#include <linux/completion.h>
696 +#include <linux/dcache.h>
697 +#include <linux/delay.h>
698 +#include <linux/device.h>
699 +#include <linux/fcntl.h>
700 +#include <linux/file.h>
701 +#include <linux/fs.h>
702 +#include <linux/kref.h>
703 +#include <linux/kthread.h>
704 +#include <linux/limits.h>
705 +#include <linux/module.h>
706 +#include <linux/rwsem.h>
707 +#include <linux/slab.h>
708 +#include <linux/spinlock.h>
709 +#include <linux/string.h>
710 +#include <linux/freezer.h>
711 +#include <linux/utsname.h>
712 +
713 +#include <linux/usb/ch9.h>
714 +#include <linux/usb/gadget.h>
715 +
716 +#include "gadget_chips.h"
717 +
718 +
719 +
720 +/*
721 + * Kbuild is not very cooperative with respect to linking separately
722 + * compiled library objects into one module. So for now we won't use
723 + * separate compilation ... ensuring init/exit sections work to shrink
724 + * the runtime footprint, and giving us at least some parts of what
725 + * a "gcc --combine ... part1.c part2.c part3.c ... " build would.
726 + */
727 +#include "usbstring.c"
728 +#include "config.c"
729 +#include "epautoconf.c"
730 +
731 +/*-------------------------------------------------------------------------*/
732 +
733 +#define DRIVER_DESC "File-backed Storage Gadget"
734 +#define DRIVER_NAME "g_file_storage"
735 +#define DRIVER_VERSION "1 September 2010"
736 +
737 +static char fsg_string_manufacturer[64];
738 +static const char fsg_string_product[] = DRIVER_DESC;
739 +static const char fsg_string_config[] = "Self-powered";
740 +static const char fsg_string_interface[] = "Mass Storage";
741 +
742 +
743 +#include "storage_common.c"
744 +
745 +
746 +MODULE_DESCRIPTION(DRIVER_DESC);
747 +MODULE_AUTHOR("Alan Stern");
748 +MODULE_LICENSE("Dual BSD/GPL");
749 +
750 +/*
751 + * This driver assumes self-powered hardware and has no way for users to
752 + * trigger remote wakeup. It uses autoconfiguration to select endpoints
753 + * and endpoint addresses.
754 + */
755 +
756 +
757 +/*-------------------------------------------------------------------------*/
758 +
759 +
760 +/* Encapsulate the module parameter settings */
761 +
762 +static struct {
763 + char *file[FSG_MAX_LUNS];
764 + char *serial;
765 + bool ro[FSG_MAX_LUNS];
766 + bool nofua[FSG_MAX_LUNS];
767 + unsigned int num_filenames;
768 + unsigned int num_ros;
769 + unsigned int num_nofuas;
770 + unsigned int nluns;
771 +
772 + bool removable;
773 + bool can_stall;
774 + bool cdrom;
775 +
776 + char *transport_parm;
777 + char *protocol_parm;
778 + unsigned short vendor;
779 + unsigned short product;
780 + unsigned short release;
781 + unsigned int buflen;
782 +
783 + int transport_type;
784 + char *transport_name;
785 + int protocol_type;
786 + char *protocol_name;
787 +
788 +} mod_data = { // Default values
789 + .transport_parm = "BBB",
790 + .protocol_parm = "SCSI",
791 + .removable = 0,
792 + .can_stall = 1,
793 + .cdrom = 0,
794 + .vendor = FSG_VENDOR_ID,
795 + .product = FSG_PRODUCT_ID,
796 + .release = 0xffff, // Use controller chip type
797 + .buflen = 16384,
798 + };
799 +
800 +
801 +module_param_array_named(file, mod_data.file, charp, &mod_data.num_filenames,
802 + S_IRUGO);
803 +MODULE_PARM_DESC(file, "names of backing files or devices");
804 +
805 +module_param_named(serial, mod_data.serial, charp, S_IRUGO);
806 +MODULE_PARM_DESC(serial, "USB serial number");
807 +
808 +module_param_array_named(ro, mod_data.ro, bool, &mod_data.num_ros, S_IRUGO);
809 +MODULE_PARM_DESC(ro, "true to force read-only");
810 +
811 +module_param_array_named(nofua, mod_data.nofua, bool, &mod_data.num_nofuas,
812 + S_IRUGO);
813 +MODULE_PARM_DESC(nofua, "true to ignore SCSI WRITE(10,12) FUA bit");
814 +
815 +module_param_named(luns, mod_data.nluns, uint, S_IRUGO);
816 +MODULE_PARM_DESC(luns, "number of LUNs");
817 +
818 +module_param_named(removable, mod_data.removable, bool, S_IRUGO);
819 +MODULE_PARM_DESC(removable, "true to simulate removable media");
820 +
821 +module_param_named(stall, mod_data.can_stall, bool, S_IRUGO);
822 +MODULE_PARM_DESC(stall, "false to prevent bulk stalls");
823 +
824 +module_param_named(cdrom, mod_data.cdrom, bool, S_IRUGO);
825 +MODULE_PARM_DESC(cdrom, "true to emulate cdrom instead of disk");
826 +
827 +/* In the non-TEST version, only the module parameters listed above
828 + * are available. */
829 +#ifdef CONFIG_USB_FILE_STORAGE_TEST
830 +
831 +module_param_named(transport, mod_data.transport_parm, charp, S_IRUGO);
832 +MODULE_PARM_DESC(transport, "type of transport (BBB, CBI, or CB)");
833 +
834 +module_param_named(protocol, mod_data.protocol_parm, charp, S_IRUGO);
835 +MODULE_PARM_DESC(protocol, "type of protocol (RBC, 8020, QIC, UFI, "
836 + "8070, or SCSI)");
837 +
838 +module_param_named(vendor, mod_data.vendor, ushort, S_IRUGO);
839 +MODULE_PARM_DESC(vendor, "USB Vendor ID");
840 +
841 +module_param_named(product, mod_data.product, ushort, S_IRUGO);
842 +MODULE_PARM_DESC(product, "USB Product ID");
843 +
844 +module_param_named(release, mod_data.release, ushort, S_IRUGO);
845 +MODULE_PARM_DESC(release, "USB release number");
846 +
847 +module_param_named(buflen, mod_data.buflen, uint, S_IRUGO);
848 +MODULE_PARM_DESC(buflen, "I/O buffer size");
849 +
850 +#endif /* CONFIG_USB_FILE_STORAGE_TEST */
851 +
852 +
853 +/*
854 + * These definitions will permit the compiler to avoid generating code for
855 + * parts of the driver that aren't used in the non-TEST version. Even gcc
856 + * can recognize when a test of a constant expression yields a dead code
857 + * path.
858 + */
859 +
860 +#ifdef CONFIG_USB_FILE_STORAGE_TEST
861 +
862 +#define transport_is_bbb() (mod_data.transport_type == USB_PR_BULK)
863 +#define transport_is_cbi() (mod_data.transport_type == USB_PR_CBI)
864 +#define protocol_is_scsi() (mod_data.protocol_type == USB_SC_SCSI)
865 +
866 +#else
867 +
868 +#define transport_is_bbb() 1
869 +#define transport_is_cbi() 0
870 +#define protocol_is_scsi() 1
871 +
872 +#endif /* CONFIG_USB_FILE_STORAGE_TEST */
873 +
874 +
875 +/*-------------------------------------------------------------------------*/
876 +
877 +
878 +struct fsg_dev {
879 + /* lock protects: state, all the req_busy's, and cbbuf_cmnd */
880 + spinlock_t lock;
881 + struct usb_gadget *gadget;
882 +
883 + /* filesem protects: backing files in use */
884 + struct rw_semaphore filesem;
885 +
886 + /* reference counting: wait until all LUNs are released */
887 + struct kref ref;
888 +
889 + struct usb_ep *ep0; // Handy copy of gadget->ep0
890 + struct usb_request *ep0req; // For control responses
891 + unsigned int ep0_req_tag;
892 + const char *ep0req_name;
893 +
894 + struct usb_request *intreq; // For interrupt responses
895 + int intreq_busy;
896 + struct fsg_buffhd *intr_buffhd;
897 +
898 + unsigned int bulk_out_maxpacket;
899 + enum fsg_state state; // For exception handling
900 + unsigned int exception_req_tag;
901 +
902 + u8 config, new_config;
903 +
904 + unsigned int running : 1;
905 + unsigned int bulk_in_enabled : 1;
906 + unsigned int bulk_out_enabled : 1;
907 + unsigned int intr_in_enabled : 1;
908 + unsigned int phase_error : 1;
909 + unsigned int short_packet_received : 1;
910 + unsigned int bad_lun_okay : 1;
911 +
912 + unsigned long atomic_bitflags;
913 +#define REGISTERED 0
914 +#define IGNORE_BULK_OUT 1
915 +#define SUSPENDED 2
916 +
917 + struct usb_ep *bulk_in;
918 + struct usb_ep *bulk_out;
919 + struct usb_ep *intr_in;
920 +
921 + struct fsg_buffhd *next_buffhd_to_fill;
922 + struct fsg_buffhd *next_buffhd_to_drain;
923 +
924 + int thread_wakeup_needed;
925 + struct completion thread_notifier;
926 + struct task_struct *thread_task;
927 +
928 + int cmnd_size;
929 + u8 cmnd[MAX_COMMAND_SIZE];
930 + enum data_direction data_dir;
931 + u32 data_size;
932 + u32 data_size_from_cmnd;
933 + u32 tag;
934 + unsigned int lun;
935 + u32 residue;
936 + u32 usb_amount_left;
937 +
938 + /* The CB protocol offers no way for a host to know when a command
939 + * has completed. As a result the next command may arrive early,
940 + * and we will still have to handle it. For that reason we need
941 + * a buffer to store new commands when using CB (or CBI, which
942 + * does not oblige a host to wait for command completion either). */
943 + int cbbuf_cmnd_size;
944 + u8 cbbuf_cmnd[MAX_COMMAND_SIZE];
945 +
946 + unsigned int nluns;
947 + struct fsg_lun *luns;
948 + struct fsg_lun *curlun;
949 + /* Must be the last entry */
950 + struct fsg_buffhd buffhds[];
951 +};
952 +
953 +typedef void (*fsg_routine_t)(struct fsg_dev *);
954 +
955 +static int exception_in_progress(struct fsg_dev *fsg)
956 +{
957 + return (fsg->state > FSG_STATE_IDLE);
958 +}
959 +
960 +/* Make bulk-out requests be divisible by the maxpacket size */
961 +static void set_bulk_out_req_length(struct fsg_dev *fsg,
962 + struct fsg_buffhd *bh, unsigned int length)
963 +{
964 + unsigned int rem;
965 +
966 + bh->bulk_out_intended_length = length;
967 + rem = length % fsg->bulk_out_maxpacket;
968 + if (rem > 0)
969 + length += fsg->bulk_out_maxpacket - rem;
970 + bh->outreq->length = length;
971 +}
972 +
973 +static struct fsg_dev *the_fsg;
974 +static struct usb_gadget_driver fsg_driver;
975 +
976 +
977 +/*-------------------------------------------------------------------------*/
978 +
979 +static int fsg_set_halt(struct fsg_dev *fsg, struct usb_ep *ep)
980 +{
981 + const char *name;
982 +
983 + if (ep == fsg->bulk_in)
984 + name = "bulk-in";
985 + else if (ep == fsg->bulk_out)
986 + name = "bulk-out";
987 + else
988 + name = ep->name;
989 + DBG(fsg, "%s set halt\n", name);
990 + return usb_ep_set_halt(ep);
991 +}
992 +
993 +
994 +/*-------------------------------------------------------------------------*/
995 +
996 +/*
997 + * DESCRIPTORS ... most are static, but strings and (full) configuration
998 + * descriptors are built on demand. Also the (static) config and interface
999 + * descriptors are adjusted during fsg_bind().
1000 + */
1001 +
1002 +/* There is only one configuration. */
1003 +#define CONFIG_VALUE 1
1004 +
1005 +static struct usb_device_descriptor
1006 +device_desc = {
1007 + .bLength = sizeof device_desc,
1008 + .bDescriptorType = USB_DT_DEVICE,
1009 +
1010 + .bcdUSB = cpu_to_le16(0x0200),
1011 + .bDeviceClass = USB_CLASS_PER_INTERFACE,
1012 +
1013 + /* The next three values can be overridden by module parameters */
1014 + .idVendor = cpu_to_le16(FSG_VENDOR_ID),
1015 + .idProduct = cpu_to_le16(FSG_PRODUCT_ID),
1016 + .bcdDevice = cpu_to_le16(0xffff),
1017 +
1018 + .iManufacturer = FSG_STRING_MANUFACTURER,
1019 + .iProduct = FSG_STRING_PRODUCT,
1020 + .iSerialNumber = FSG_STRING_SERIAL,
1021 + .bNumConfigurations = 1,
1022 +};
1023 +
1024 +static struct usb_config_descriptor
1025 +config_desc = {
1026 + .bLength = sizeof config_desc,
1027 + .bDescriptorType = USB_DT_CONFIG,
1028 +
1029 + /* wTotalLength computed by usb_gadget_config_buf() */
1030 + .bNumInterfaces = 1,
1031 + .bConfigurationValue = CONFIG_VALUE,
1032 + .iConfiguration = FSG_STRING_CONFIG,
1033 + .bmAttributes = USB_CONFIG_ATT_ONE | USB_CONFIG_ATT_SELFPOWER,
1034 + .bMaxPower = CONFIG_USB_GADGET_VBUS_DRAW / 2,
1035 +};
1036 +
1037 +
1038 +static struct usb_qualifier_descriptor
1039 +dev_qualifier = {
1040 + .bLength = sizeof dev_qualifier,
1041 + .bDescriptorType = USB_DT_DEVICE_QUALIFIER,
1042 +
1043 + .bcdUSB = cpu_to_le16(0x0200),
1044 + .bDeviceClass = USB_CLASS_PER_INTERFACE,
1045 +
1046 + .bNumConfigurations = 1,
1047 +};
1048 +
1049 +static int populate_bos(struct fsg_dev *fsg, u8 *buf)
1050 +{
1051 + memcpy(buf, &fsg_bos_desc, USB_DT_BOS_SIZE);
1052 + buf += USB_DT_BOS_SIZE;
1053 +
1054 + memcpy(buf, &fsg_ext_cap_desc, USB_DT_USB_EXT_CAP_SIZE);
1055 + buf += USB_DT_USB_EXT_CAP_SIZE;
1056 +
1057 + memcpy(buf, &fsg_ss_cap_desc, USB_DT_USB_SS_CAP_SIZE);
1058 +
1059 + return USB_DT_BOS_SIZE + USB_DT_USB_SS_CAP_SIZE
1060 + + USB_DT_USB_EXT_CAP_SIZE;
1061 +}
1062 +
1063 +/*
1064 + * Config descriptors must agree with the code that sets configurations
1065 + * and with code managing interfaces and their altsettings. They must
1066 + * also handle different speeds and other-speed requests.
1067 + */
1068 +static int populate_config_buf(struct usb_gadget *gadget,
1069 + u8 *buf, u8 type, unsigned index)
1070 +{
1071 + enum usb_device_speed speed = gadget->speed;
1072 + int len;
1073 + const struct usb_descriptor_header **function;
1074 +
1075 + if (index > 0)
1076 + return -EINVAL;
1077 +
1078 + if (gadget_is_dualspeed(gadget) && type == USB_DT_OTHER_SPEED_CONFIG)
1079 + speed = (USB_SPEED_FULL + USB_SPEED_HIGH) - speed;
1080 + function = gadget_is_dualspeed(gadget) && speed == USB_SPEED_HIGH
1081 + ? (const struct usb_descriptor_header **)fsg_hs_function
1082 + : (const struct usb_descriptor_header **)fsg_fs_function;
1083 +
1084 + /* for now, don't advertise srp-only devices */
1085 + if (!gadget_is_otg(gadget))
1086 + function++;
1087 +
1088 + len = usb_gadget_config_buf(&config_desc, buf, EP0_BUFSIZE, function);
1089 + ((struct usb_config_descriptor *) buf)->bDescriptorType = type;
1090 + return len;
1091 +}
1092 +
1093 +
1094 +/*-------------------------------------------------------------------------*/
1095 +
1096 +/* These routines may be called in process context or in_irq */
1097 +
1098 +/* Caller must hold fsg->lock */
1099 +static void wakeup_thread(struct fsg_dev *fsg)
1100 +{
1101 + /* Tell the main thread that something has happened */
1102 + fsg->thread_wakeup_needed = 1;
1103 + if (fsg->thread_task)
1104 + wake_up_process(fsg->thread_task);
1105 +}
1106 +
1107 +
1108 +static void raise_exception(struct fsg_dev *fsg, enum fsg_state new_state)
1109 +{
1110 + unsigned long flags;
1111 +
1112 + /* Do nothing if a higher-priority exception is already in progress.
1113 + * If a lower-or-equal priority exception is in progress, preempt it
1114 + * and notify the main thread by sending it a signal. */
1115 + spin_lock_irqsave(&fsg->lock, flags);
1116 + if (fsg->state <= new_state) {
1117 + fsg->exception_req_tag = fsg->ep0_req_tag;
1118 + fsg->state = new_state;
1119 + if (fsg->thread_task)
1120 + send_sig_info(SIGUSR1, SEND_SIG_FORCED,
1121 + fsg->thread_task);
1122 + }
1123 + spin_unlock_irqrestore(&fsg->lock, flags);
1124 +}
1125 +
1126 +
1127 +/*-------------------------------------------------------------------------*/
1128 +
1129 +/* The disconnect callback and ep0 routines. These always run in_irq,
1130 + * except that ep0_queue() is called in the main thread to acknowledge
1131 + * completion of various requests: set config, set interface, and
1132 + * Bulk-only device reset. */
1133 +
1134 +static void fsg_disconnect(struct usb_gadget *gadget)
1135 +{
1136 + struct fsg_dev *fsg = get_gadget_data(gadget);
1137 +
1138 + DBG(fsg, "disconnect or port reset\n");
1139 + raise_exception(fsg, FSG_STATE_DISCONNECT);
1140 +}
1141 +
1142 +
1143 +static int ep0_queue(struct fsg_dev *fsg)
1144 +{
1145 + int rc;
1146 +
1147 + rc = usb_ep_queue(fsg->ep0, fsg->ep0req, GFP_ATOMIC);
1148 + if (rc != 0 && rc != -ESHUTDOWN) {
1149 +
1150 + /* We can't do much more than wait for a reset */
1151 + WARNING(fsg, "error in submission: %s --> %d\n",
1152 + fsg->ep0->name, rc);
1153 + }
1154 + return rc;
1155 +}
1156 +
1157 +static void ep0_complete(struct usb_ep *ep, struct usb_request *req)
1158 +{
1159 + struct fsg_dev *fsg = ep->driver_data;
1160 +
1161 + if (req->actual > 0)
1162 + dump_msg(fsg, fsg->ep0req_name, req->buf, req->actual);
1163 + if (req->status || req->actual != req->length)
1164 + DBG(fsg, "%s --> %d, %u/%u\n", __func__,
1165 + req->status, req->actual, req->length);
1166 + if (req->status == -ECONNRESET) // Request was cancelled
1167 + usb_ep_fifo_flush(ep);
1168 +
1169 + if (req->status == 0 && req->context)
1170 + ((fsg_routine_t) (req->context))(fsg);
1171 +}
1172 +
1173 +
1174 +/*-------------------------------------------------------------------------*/
1175 +
1176 +/* Bulk and interrupt endpoint completion handlers.
1177 + * These always run in_irq. */
1178 +
1179 +static void bulk_in_complete(struct usb_ep *ep, struct usb_request *req)
1180 +{
1181 + struct fsg_dev *fsg = ep->driver_data;
1182 + struct fsg_buffhd *bh = req->context;
1183 +
1184 + if (req->status || req->actual != req->length)
1185 + DBG(fsg, "%s --> %d, %u/%u\n", __func__,
1186 + req->status, req->actual, req->length);
1187 + if (req->status == -ECONNRESET) // Request was cancelled
1188 + usb_ep_fifo_flush(ep);
1189 +
1190 + /* Hold the lock while we update the request and buffer states */
1191 + smp_wmb();
1192 + spin_lock(&fsg->lock);
1193 + bh->inreq_busy = 0;
1194 + bh->state = BUF_STATE_EMPTY;
1195 + wakeup_thread(fsg);
1196 + spin_unlock(&fsg->lock);
1197 +}
1198 +
1199 +static void bulk_out_complete(struct usb_ep *ep, struct usb_request *req)
1200 +{
1201 + struct fsg_dev *fsg = ep->driver_data;
1202 + struct fsg_buffhd *bh = req->context;
1203 +
1204 + dump_msg(fsg, "bulk-out", req->buf, req->actual);
1205 + if (req->status || req->actual != bh->bulk_out_intended_length)
1206 + DBG(fsg, "%s --> %d, %u/%u\n", __func__,
1207 + req->status, req->actual,
1208 + bh->bulk_out_intended_length);
1209 + if (req->status == -ECONNRESET) // Request was cancelled
1210 + usb_ep_fifo_flush(ep);
1211 +
1212 + /* Hold the lock while we update the request and buffer states */
1213 + smp_wmb();
1214 + spin_lock(&fsg->lock);
1215 + bh->outreq_busy = 0;
1216 + bh->state = BUF_STATE_FULL;
1217 + wakeup_thread(fsg);
1218 + spin_unlock(&fsg->lock);
1219 +}
1220 +
1221 +
1222 +#ifdef CONFIG_USB_FILE_STORAGE_TEST
1223 +static void intr_in_complete(struct usb_ep *ep, struct usb_request *req)
1224 +{
1225 + struct fsg_dev *fsg = ep->driver_data;
1226 + struct fsg_buffhd *bh = req->context;
1227 +
1228 + if (req->status || req->actual != req->length)
1229 + DBG(fsg, "%s --> %d, %u/%u\n", __func__,
1230 + req->status, req->actual, req->length);
1231 + if (req->status == -ECONNRESET) // Request was cancelled
1232 + usb_ep_fifo_flush(ep);
1233 +
1234 + /* Hold the lock while we update the request and buffer states */
1235 + smp_wmb();
1236 + spin_lock(&fsg->lock);
1237 + fsg->intreq_busy = 0;
1238 + bh->state = BUF_STATE_EMPTY;
1239 + wakeup_thread(fsg);
1240 + spin_unlock(&fsg->lock);
1241 +}
1242 +
1243 +#else
1244 +static void intr_in_complete(struct usb_ep *ep, struct usb_request *req)
1245 +{}
1246 +#endif /* CONFIG_USB_FILE_STORAGE_TEST */
1247 +
1248 +
1249 +/*-------------------------------------------------------------------------*/
1250 +
1251 +/* Ep0 class-specific handlers. These always run in_irq. */
1252 +
1253 +#ifdef CONFIG_USB_FILE_STORAGE_TEST
1254 +static void received_cbi_adsc(struct fsg_dev *fsg, struct fsg_buffhd *bh)
1255 +{
1256 + struct usb_request *req = fsg->ep0req;
1257 + static u8 cbi_reset_cmnd[6] = {
1258 + SEND_DIAGNOSTIC, 4, 0xff, 0xff, 0xff, 0xff};
1259 +
1260 + /* Error in command transfer? */
1261 + if (req->status || req->length != req->actual ||
1262 + req->actual < 6 || req->actual > MAX_COMMAND_SIZE) {
1263 +
1264 + /* Not all controllers allow a protocol stall after
1265 + * receiving control-out data, but we'll try anyway. */
1266 + fsg_set_halt(fsg, fsg->ep0);
1267 + return; // Wait for reset
1268 + }
1269 +
1270 + /* Is it the special reset command? */
1271 + if (req->actual >= sizeof cbi_reset_cmnd &&
1272 + memcmp(req->buf, cbi_reset_cmnd,
1273 + sizeof cbi_reset_cmnd) == 0) {
1274 +
1275 + /* Raise an exception to stop the current operation
1276 + * and reinitialize our state. */
1277 + DBG(fsg, "cbi reset request\n");
1278 + raise_exception(fsg, FSG_STATE_RESET);
1279 + return;
1280 + }
1281 +
1282 + VDBG(fsg, "CB[I] accept device-specific command\n");
1283 + spin_lock(&fsg->lock);
1284 +
1285 + /* Save the command for later */
1286 + if (fsg->cbbuf_cmnd_size)
1287 + WARNING(fsg, "CB[I] overwriting previous command\n");
1288 + fsg->cbbuf_cmnd_size = req->actual;
1289 + memcpy(fsg->cbbuf_cmnd, req->buf, fsg->cbbuf_cmnd_size);
1290 +
1291 + wakeup_thread(fsg);
1292 + spin_unlock(&fsg->lock);
1293 +}
1294 +
1295 +#else
1296 +static void received_cbi_adsc(struct fsg_dev *fsg, struct fsg_buffhd *bh)
1297 +{}
1298 +#endif /* CONFIG_USB_FILE_STORAGE_TEST */
1299 +
1300 +
1301 +static int class_setup_req(struct fsg_dev *fsg,
1302 + const struct usb_ctrlrequest *ctrl)
1303 +{
1304 + struct usb_request *req = fsg->ep0req;
1305 + int value = -EOPNOTSUPP;
1306 + u16 w_index = le16_to_cpu(ctrl->wIndex);
1307 + u16 w_value = le16_to_cpu(ctrl->wValue);
1308 + u16 w_length = le16_to_cpu(ctrl->wLength);
1309 +
1310 + if (!fsg->config)
1311 + return value;
1312 +
1313 + /* Handle Bulk-only class-specific requests */
1314 + if (transport_is_bbb()) {
1315 + switch (ctrl->bRequest) {
1316 +
1317 + case US_BULK_RESET_REQUEST:
1318 + if (ctrl->bRequestType != (USB_DIR_OUT |
1319 + USB_TYPE_CLASS | USB_RECIP_INTERFACE))
1320 + break;
1321 + if (w_index != 0 || w_value != 0 || w_length != 0) {
1322 + value = -EDOM;
1323 + break;
1324 + }
1325 +
1326 + /* Raise an exception to stop the current operation
1327 + * and reinitialize our state. */
1328 + DBG(fsg, "bulk reset request\n");
1329 + raise_exception(fsg, FSG_STATE_RESET);
1330 + value = DELAYED_STATUS;
1331 + break;
1332 +
1333 + case US_BULK_GET_MAX_LUN:
1334 + if (ctrl->bRequestType != (USB_DIR_IN |
1335 + USB_TYPE_CLASS | USB_RECIP_INTERFACE))
1336 + break;
1337 + if (w_index != 0 || w_value != 0 || w_length != 1) {
1338 + value = -EDOM;
1339 + break;
1340 + }
1341 + VDBG(fsg, "get max LUN\n");
1342 + *(u8 *) req->buf = fsg->nluns - 1;
1343 + value = 1;
1344 + break;
1345 + }
1346 + }
1347 +
1348 + /* Handle CBI class-specific requests */
1349 + else {
1350 + switch (ctrl->bRequest) {
1351 +
1352 + case USB_CBI_ADSC_REQUEST:
1353 + if (ctrl->bRequestType != (USB_DIR_OUT |
1354 + USB_TYPE_CLASS | USB_RECIP_INTERFACE))
1355 + break;
1356 + if (w_index != 0 || w_value != 0) {
1357 + value = -EDOM;
1358 + break;
1359 + }
1360 + if (w_length > MAX_COMMAND_SIZE) {
1361 + value = -EOVERFLOW;
1362 + break;
1363 + }
1364 + value = w_length;
1365 + fsg->ep0req->context = received_cbi_adsc;
1366 + break;
1367 + }
1368 + }
1369 +
1370 + if (value == -EOPNOTSUPP)
1371 + VDBG(fsg,
1372 + "unknown class-specific control req "
1373 + "%02x.%02x v%04x i%04x l%u\n",
1374 + ctrl->bRequestType, ctrl->bRequest,
1375 + le16_to_cpu(ctrl->wValue), w_index, w_length);
1376 + return value;
1377 +}
1378 +
1379 +
1380 +/*-------------------------------------------------------------------------*/
1381 +
1382 +/* Ep0 standard request handlers. These always run in_irq. */
1383 +
1384 +static int standard_setup_req(struct fsg_dev *fsg,
1385 + const struct usb_ctrlrequest *ctrl)
1386 +{
1387 + struct usb_request *req = fsg->ep0req;
1388 + int value = -EOPNOTSUPP;
1389 + u16 w_index = le16_to_cpu(ctrl->wIndex);
1390 + u16 w_value = le16_to_cpu(ctrl->wValue);
1391 +
1392 + /* Usually this just stores reply data in the pre-allocated ep0 buffer,
1393 + * but config change events will also reconfigure hardware. */
1394 + switch (ctrl->bRequest) {
1395 +
1396 + case USB_REQ_GET_DESCRIPTOR:
1397 + if (ctrl->bRequestType != (USB_DIR_IN | USB_TYPE_STANDARD |
1398 + USB_RECIP_DEVICE))
1399 + break;
1400 + switch (w_value >> 8) {
1401 +
1402 + case USB_DT_DEVICE:
1403 + VDBG(fsg, "get device descriptor\n");
1404 + device_desc.bMaxPacketSize0 = fsg->ep0->maxpacket;
1405 + value = sizeof device_desc;
1406 + memcpy(req->buf, &device_desc, value);
1407 + break;
1408 + case USB_DT_DEVICE_QUALIFIER:
1409 + VDBG(fsg, "get device qualifier\n");
1410 + if (!gadget_is_dualspeed(fsg->gadget) ||
1411 + fsg->gadget->speed == USB_SPEED_SUPER)
1412 + break;
1413 + /*
1414 + * Assume ep0 uses the same maxpacket value for both
1415 + * speeds
1416 + */
1417 + dev_qualifier.bMaxPacketSize0 = fsg->ep0->maxpacket;
1418 + value = sizeof dev_qualifier;
1419 + memcpy(req->buf, &dev_qualifier, value);
1420 + break;
1421 +
1422 + case USB_DT_OTHER_SPEED_CONFIG:
1423 + VDBG(fsg, "get other-speed config descriptor\n");
1424 + if (!gadget_is_dualspeed(fsg->gadget) ||
1425 + fsg->gadget->speed == USB_SPEED_SUPER)
1426 + break;
1427 + goto get_config;
1428 + case USB_DT_CONFIG:
1429 + VDBG(fsg, "get configuration descriptor\n");
1430 +get_config:
1431 + value = populate_config_buf(fsg->gadget,
1432 + req->buf,
1433 + w_value >> 8,
1434 + w_value & 0xff);
1435 + break;
1436 +
1437 + case USB_DT_STRING:
1438 + VDBG(fsg, "get string descriptor\n");
1439 +
1440 + /* wIndex == language code */
1441 + value = usb_gadget_get_string(&fsg_stringtab,
1442 + w_value & 0xff, req->buf);
1443 + break;
1444 +
1445 + case USB_DT_BOS:
1446 + VDBG(fsg, "get bos descriptor\n");
1447 +
1448 + if (gadget_is_superspeed(fsg->gadget))
1449 + value = populate_bos(fsg, req->buf);
1450 + break;
1451 + }
1452 +
1453 + break;
1454 +
1455 + /* One config, two speeds */
1456 + case USB_REQ_SET_CONFIGURATION:
1457 + if (ctrl->bRequestType != (USB_DIR_OUT | USB_TYPE_STANDARD |
1458 + USB_RECIP_DEVICE))
1459 + break;
1460 + VDBG(fsg, "set configuration\n");
1461 + if (w_value == CONFIG_VALUE || w_value == 0) {
1462 + fsg->new_config = w_value;
1463 +
1464 + /* Raise an exception to wipe out previous transaction
1465 + * state (queued bufs, etc) and set the new config. */
1466 + raise_exception(fsg, FSG_STATE_CONFIG_CHANGE);
1467 + value = DELAYED_STATUS;
1468 + }
1469 + break;
1470 + case USB_REQ_GET_CONFIGURATION:
1471 + if (ctrl->bRequestType != (USB_DIR_IN | USB_TYPE_STANDARD |
1472 + USB_RECIP_DEVICE))
1473 + break;
1474 + VDBG(fsg, "get configuration\n");
1475 + *(u8 *) req->buf = fsg->config;
1476 + value = 1;
1477 + break;
1478 +
1479 + case USB_REQ_SET_INTERFACE:
1480 + if (ctrl->bRequestType != (USB_DIR_OUT| USB_TYPE_STANDARD |
1481 + USB_RECIP_INTERFACE))
1482 + break;
1483 + if (fsg->config && w_index == 0) {
1484 +
1485 + /* Raise an exception to wipe out previous transaction
1486 + * state (queued bufs, etc) and install the new
1487 + * interface altsetting. */
1488 + raise_exception(fsg, FSG_STATE_INTERFACE_CHANGE);
1489 + value = DELAYED_STATUS;
1490 + }
1491 + break;
1492 + case USB_REQ_GET_INTERFACE:
1493 + if (ctrl->bRequestType != (USB_DIR_IN | USB_TYPE_STANDARD |
1494 + USB_RECIP_INTERFACE))
1495 + break;
1496 + if (!fsg->config)
1497 + break;
1498 + if (w_index != 0) {
1499 + value = -EDOM;
1500 + break;
1501 + }
1502 + VDBG(fsg, "get interface\n");
1503 + *(u8 *) req->buf = 0;
1504 + value = 1;
1505 + break;
1506 +
1507 + default:
1508 + VDBG(fsg,
1509 + "unknown control req %02x.%02x v%04x i%04x l%u\n",
1510 + ctrl->bRequestType, ctrl->bRequest,
1511 + w_value, w_index, le16_to_cpu(ctrl->wLength));
1512 + }
1513 +
1514 + return value;
1515 +}
1516 +
1517 +
1518 +static int fsg_setup(struct usb_gadget *gadget,
1519 + const struct usb_ctrlrequest *ctrl)
1520 +{
1521 + struct fsg_dev *fsg = get_gadget_data(gadget);
1522 + int rc;
1523 + int w_length = le16_to_cpu(ctrl->wLength);
1524 +
1525 + ++fsg->ep0_req_tag; // Record arrival of a new request
1526 + fsg->ep0req->context = NULL;
1527 + fsg->ep0req->length = 0;
1528 + dump_msg(fsg, "ep0-setup", (u8 *) ctrl, sizeof(*ctrl));
1529 +
1530 + if ((ctrl->bRequestType & USB_TYPE_MASK) == USB_TYPE_CLASS)
1531 + rc = class_setup_req(fsg, ctrl);
1532 + else
1533 + rc = standard_setup_req(fsg, ctrl);
1534 +
1535 + /* Respond with data/status or defer until later? */
1536 + if (rc >= 0 && rc != DELAYED_STATUS) {
1537 + rc = min(rc, w_length);
1538 + fsg->ep0req->length = rc;
1539 + fsg->ep0req->zero = rc < w_length;
1540 + fsg->ep0req_name = (ctrl->bRequestType & USB_DIR_IN ?
1541 + "ep0-in" : "ep0-out");
1542 + rc = ep0_queue(fsg);
1543 + }
1544 +
1545 + /* Device either stalls (rc < 0) or reports success */
1546 + return rc;
1547 +}
1548 +
1549 +
1550 +/*-------------------------------------------------------------------------*/
1551 +
1552 +/* All the following routines run in process context */
1553 +
1554 +
1555 +/* Use this for bulk or interrupt transfers, not ep0 */
1556 +static void start_transfer(struct fsg_dev *fsg, struct usb_ep *ep,
1557 + struct usb_request *req, int *pbusy,
1558 + enum fsg_buffer_state *state)
1559 +{
1560 + int rc;
1561 +
1562 + if (ep == fsg->bulk_in)
1563 + dump_msg(fsg, "bulk-in", req->buf, req->length);
1564 + else if (ep == fsg->intr_in)
1565 + dump_msg(fsg, "intr-in", req->buf, req->length);
1566 +
1567 + spin_lock_irq(&fsg->lock);
1568 + *pbusy = 1;
1569 + *state = BUF_STATE_BUSY;
1570 + spin_unlock_irq(&fsg->lock);
1571 + rc = usb_ep_queue(ep, req, GFP_KERNEL);
1572 + if (rc != 0) {
1573 + *pbusy = 0;
1574 + *state = BUF_STATE_EMPTY;
1575 +
1576 + /* We can't do much more than wait for a reset */
1577 +
1578 + /* Note: currently the net2280 driver fails zero-length
1579 + * submissions if DMA is enabled. */
1580 + if (rc != -ESHUTDOWN && !(rc == -EOPNOTSUPP &&
1581 + req->length == 0))
1582 + WARNING(fsg, "error in submission: %s --> %d\n",
1583 + ep->name, rc);
1584 + }
1585 +}
1586 +
1587 +
1588 +static int sleep_thread(struct fsg_dev *fsg)
1589 +{
1590 + int rc = 0;
1591 +
1592 + /* Wait until a signal arrives or we are woken up */
1593 + for (;;) {
1594 + try_to_freeze();
1595 + set_current_state(TASK_INTERRUPTIBLE);
1596 + if (signal_pending(current)) {
1597 + rc = -EINTR;
1598 + break;
1599 + }
1600 + if (fsg->thread_wakeup_needed)
1601 + break;
1602 + schedule();
1603 + }
1604 + __set_current_state(TASK_RUNNING);
1605 + fsg->thread_wakeup_needed = 0;
1606 + return rc;
1607 +}
1608 +
1609 +
1610 +/*-------------------------------------------------------------------------*/
1611 +
1612 +static int do_read(struct fsg_dev *fsg)
1613 +{
1614 + struct fsg_lun *curlun = fsg->curlun;
1615 + u32 lba;
1616 + struct fsg_buffhd *bh;
1617 + int rc;
1618 + u32 amount_left;
1619 + loff_t file_offset, file_offset_tmp;
1620 + unsigned int amount;
1621 + ssize_t nread;
1622 +
1623 + /* Get the starting Logical Block Address and check that it's
1624 + * not too big */
1625 + if (fsg->cmnd[0] == READ_6)
1626 + lba = get_unaligned_be24(&fsg->cmnd[1]);
1627 + else {
1628 + lba = get_unaligned_be32(&fsg->cmnd[2]);
1629 +
1630 + /* We allow DPO (Disable Page Out = don't save data in the
1631 + * cache) and FUA (Force Unit Access = don't read from the
1632 + * cache), but we don't implement them. */
1633 + if ((fsg->cmnd[1] & ~0x18) != 0) {
1634 + curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1635 + return -EINVAL;
1636 + }
1637 + }
1638 + if (lba >= curlun->num_sectors) {
1639 + curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1640 + return -EINVAL;
1641 + }
1642 + file_offset = ((loff_t) lba) << curlun->blkbits;
1643 +
1644 + /* Carry out the file reads */
1645 + amount_left = fsg->data_size_from_cmnd;
1646 + if (unlikely(amount_left == 0))
1647 + return -EIO; // No default reply
1648 +
1649 + for (;;) {
1650 +
1651 + /* Figure out how much we need to read:
1652 + * Try to read the remaining amount.
1653 + * But don't read more than the buffer size.
1654 + * And don't try to read past the end of the file.
1655 + */
1656 + amount = min((unsigned int) amount_left, mod_data.buflen);
1657 + amount = min((loff_t) amount,
1658 + curlun->file_length - file_offset);
1659 +
1660 + /* Wait for the next buffer to become available */
1661 + bh = fsg->next_buffhd_to_fill;
1662 + while (bh->state != BUF_STATE_EMPTY) {
1663 + rc = sleep_thread(fsg);
1664 + if (rc)
1665 + return rc;
1666 + }
1667 +
1668 + /* If we were asked to read past the end of file,
1669 + * end with an empty buffer. */
1670 + if (amount == 0) {
1671 + curlun->sense_data =
1672 + SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1673 + curlun->sense_data_info = file_offset >> curlun->blkbits;
1674 + curlun->info_valid = 1;
1675 + bh->inreq->length = 0;
1676 + bh->state = BUF_STATE_FULL;
1677 + break;
1678 + }
1679 +
1680 + /* Perform the read */
1681 + file_offset_tmp = file_offset;
1682 + nread = vfs_read(curlun->filp,
1683 + (char __user *) bh->buf,
1684 + amount, &file_offset_tmp);
1685 + VLDBG(curlun, "file read %u @ %llu -> %d\n", amount,
1686 + (unsigned long long) file_offset,
1687 + (int) nread);
1688 + if (signal_pending(current))
1689 + return -EINTR;
1690 +
1691 + if (nread < 0) {
1692 + LDBG(curlun, "error in file read: %d\n",
1693 + (int) nread);
1694 + nread = 0;
1695 + } else if (nread < amount) {
1696 + LDBG(curlun, "partial file read: %d/%u\n",
1697 + (int) nread, amount);
1698 + nread = round_down(nread, curlun->blksize);
1699 + }
1700 + file_offset += nread;
1701 + amount_left -= nread;
1702 + fsg->residue -= nread;
1703 +
1704 + /* Except at the end of the transfer, nread will be
1705 + * equal to the buffer size, which is divisible by the
1706 + * bulk-in maxpacket size.
1707 + */
1708 + bh->inreq->length = nread;
1709 + bh->state = BUF_STATE_FULL;
1710 +
1711 + /* If an error occurred, report it and its position */
1712 + if (nread < amount) {
1713 + curlun->sense_data = SS_UNRECOVERED_READ_ERROR;
1714 + curlun->sense_data_info = file_offset >> curlun->blkbits;
1715 + curlun->info_valid = 1;
1716 + break;
1717 + }
1718 +
1719 + if (amount_left == 0)
1720 + break; // No more left to read
1721 +
1722 + /* Send this buffer and go read some more */
1723 + bh->inreq->zero = 0;
1724 + start_transfer(fsg, fsg->bulk_in, bh->inreq,
1725 + &bh->inreq_busy, &bh->state);
1726 + fsg->next_buffhd_to_fill = bh->next;
1727 + }
1728 +
1729 + return -EIO; // No default reply
1730 +}
1731 +
1732 +
1733 +/*-------------------------------------------------------------------------*/
1734 +
1735 +static int do_write(struct fsg_dev *fsg)
1736 +{
1737 + struct fsg_lun *curlun = fsg->curlun;
1738 + u32 lba;
1739 + struct fsg_buffhd *bh;
1740 + int get_some_more;
1741 + u32 amount_left_to_req, amount_left_to_write;
1742 + loff_t usb_offset, file_offset, file_offset_tmp;
1743 + unsigned int amount;
1744 + ssize_t nwritten;
1745 + int rc;
1746 +
1747 + if (curlun->ro) {
1748 + curlun->sense_data = SS_WRITE_PROTECTED;
1749 + return -EINVAL;
1750 + }
1751 + spin_lock(&curlun->filp->f_lock);
1752 + curlun->filp->f_flags &= ~O_SYNC; // Default is not to wait
1753 + spin_unlock(&curlun->filp->f_lock);
1754 +
1755 + /* Get the starting Logical Block Address and check that it's
1756 + * not too big */
1757 + if (fsg->cmnd[0] == WRITE_6)
1758 + lba = get_unaligned_be24(&fsg->cmnd[1]);
1759 + else {
1760 + lba = get_unaligned_be32(&fsg->cmnd[2]);
1761 +
1762 + /* We allow DPO (Disable Page Out = don't save data in the
1763 + * cache) and FUA (Force Unit Access = write directly to the
1764 + * medium). We don't implement DPO; we implement FUA by
1765 + * performing synchronous output. */
1766 + if ((fsg->cmnd[1] & ~0x18) != 0) {
1767 + curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1768 + return -EINVAL;
1769 + }
1770 + /* FUA */
1771 + if (!curlun->nofua && (fsg->cmnd[1] & 0x08)) {
1772 + spin_lock(&curlun->filp->f_lock);
1773 + curlun->filp->f_flags |= O_DSYNC;
1774 + spin_unlock(&curlun->filp->f_lock);
1775 + }
1776 + }
1777 + if (lba >= curlun->num_sectors) {
1778 + curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1779 + return -EINVAL;
1780 + }
1781 +
1782 + /* Carry out the file writes */
1783 + get_some_more = 1;
1784 + file_offset = usb_offset = ((loff_t) lba) << curlun->blkbits;
1785 + amount_left_to_req = amount_left_to_write = fsg->data_size_from_cmnd;
1786 +
1787 + while (amount_left_to_write > 0) {
1788 +
1789 + /* Queue a request for more data from the host */
1790 + bh = fsg->next_buffhd_to_fill;
1791 + if (bh->state == BUF_STATE_EMPTY && get_some_more) {
1792 +
1793 + /* Figure out how much we want to get:
1794 + * Try to get the remaining amount,
1795 + * but not more than the buffer size.
1796 + */
1797 + amount = min(amount_left_to_req, mod_data.buflen);
1798 +
1799 + /* Beyond the end of the backing file? */
1800 + if (usb_offset >= curlun->file_length) {
1801 + get_some_more = 0;
1802 + curlun->sense_data =
1803 + SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1804 + curlun->sense_data_info = usb_offset >> curlun->blkbits;
1805 + curlun->info_valid = 1;
1806 + continue;
1807 + }
1808 +
1809 + /* Get the next buffer */
1810 + usb_offset += amount;
1811 + fsg->usb_amount_left -= amount;
1812 + amount_left_to_req -= amount;
1813 + if (amount_left_to_req == 0)
1814 + get_some_more = 0;
1815 +
1816 + /* Except at the end of the transfer, amount will be
1817 + * equal to the buffer size, which is divisible by
1818 + * the bulk-out maxpacket size.
1819 + */
1820 + set_bulk_out_req_length(fsg, bh, amount);
1821 + start_transfer(fsg, fsg->bulk_out, bh->outreq,
1822 + &bh->outreq_busy, &bh->state);
1823 + fsg->next_buffhd_to_fill = bh->next;
1824 + continue;
1825 + }
1826 +
1827 + /* Write the received data to the backing file */
1828 + bh = fsg->next_buffhd_to_drain;
1829 + if (bh->state == BUF_STATE_EMPTY && !get_some_more)
1830 + break; // We stopped early
1831 + if (bh->state == BUF_STATE_FULL) {
1832 + smp_rmb();
1833 + fsg->next_buffhd_to_drain = bh->next;
1834 + bh->state = BUF_STATE_EMPTY;
1835 +
1836 + /* Did something go wrong with the transfer? */
1837 + if (bh->outreq->status != 0) {
1838 + curlun->sense_data = SS_COMMUNICATION_FAILURE;
1839 + curlun->sense_data_info = file_offset >> curlun->blkbits;
1840 + curlun->info_valid = 1;
1841 + break;
1842 + }
1843 +
1844 + amount = bh->outreq->actual;
1845 + if (curlun->file_length - file_offset < amount) {
1846 + LERROR(curlun,
1847 + "write %u @ %llu beyond end %llu\n",
1848 + amount, (unsigned long long) file_offset,
1849 + (unsigned long long) curlun->file_length);
1850 + amount = curlun->file_length - file_offset;
1851 + }
1852 +
1853 + /* Don't accept excess data. The spec doesn't say
1854 + * what to do in this case. We'll ignore the error.
1855 + */
1856 + amount = min(amount, bh->bulk_out_intended_length);
1857 +
1858 + /* Don't write a partial block */
1859 + amount = round_down(amount, curlun->blksize);
1860 + if (amount == 0)
1861 + goto empty_write;
1862 +
1863 + /* Perform the write */
1864 + file_offset_tmp = file_offset;
1865 + nwritten = vfs_write(curlun->filp,
1866 + (char __user *) bh->buf,
1867 + amount, &file_offset_tmp);
1868 + VLDBG(curlun, "file write %u @ %llu -> %d\n", amount,
1869 + (unsigned long long) file_offset,
1870 + (int) nwritten);
1871 + if (signal_pending(current))
1872 + return -EINTR; // Interrupted!
1873 +
1874 + if (nwritten < 0) {
1875 + LDBG(curlun, "error in file write: %d\n",
1876 + (int) nwritten);
1877 + nwritten = 0;
1878 + } else if (nwritten < amount) {
1879 + LDBG(curlun, "partial file write: %d/%u\n",
1880 + (int) nwritten, amount);
1881 + nwritten = round_down(nwritten, curlun->blksize);
1882 + }
1883 + file_offset += nwritten;
1884 + amount_left_to_write -= nwritten;
1885 + fsg->residue -= nwritten;
1886 +
1887 + /* If an error occurred, report it and its position */
1888 + if (nwritten < amount) {
1889 + curlun->sense_data = SS_WRITE_ERROR;
1890 + curlun->sense_data_info = file_offset >> curlun->blkbits;
1891 + curlun->info_valid = 1;
1892 + break;
1893 + }
1894 +
1895 + empty_write:
1896 + /* Did the host decide to stop early? */
1897 + if (bh->outreq->actual < bh->bulk_out_intended_length) {
1898 + fsg->short_packet_received = 1;
1899 + break;
1900 + }
1901 + continue;
1902 + }
1903 +
1904 + /* Wait for something to happen */
1905 + rc = sleep_thread(fsg);
1906 + if (rc)
1907 + return rc;
1908 + }
1909 +
1910 + return -EIO; // No default reply
1911 +}
1912 +
1913 +
1914 +/*-------------------------------------------------------------------------*/
1915 +
1916 +static int do_synchronize_cache(struct fsg_dev *fsg)
1917 +{
1918 + struct fsg_lun *curlun = fsg->curlun;
1919 + int rc;
1920 +
1921 + /* We ignore the requested LBA and write out all file's
1922 + * dirty data buffers. */
1923 + rc = fsg_lun_fsync_sub(curlun);
1924 + if (rc)
1925 + curlun->sense_data = SS_WRITE_ERROR;
1926 + return 0;
1927 +}
1928 +
1929 +
1930 +/*-------------------------------------------------------------------------*/
1931 +
1932 +static void invalidate_sub(struct fsg_lun *curlun)
1933 +{
1934 + struct file *filp = curlun->filp;
1935 + struct inode *inode = filp->f_path.dentry->d_inode;
1936 + unsigned long rc;
1937 +
1938 + rc = invalidate_mapping_pages(inode->i_mapping, 0, -1);
1939 + VLDBG(curlun, "invalidate_mapping_pages -> %ld\n", rc);
1940 +}
1941 +
1942 +static int do_verify(struct fsg_dev *fsg)
1943 +{
1944 + struct fsg_lun *curlun = fsg->curlun;
1945 + u32 lba;
1946 + u32 verification_length;
1947 + struct fsg_buffhd *bh = fsg->next_buffhd_to_fill;
1948 + loff_t file_offset, file_offset_tmp;
1949 + u32 amount_left;
1950 + unsigned int amount;
1951 + ssize_t nread;
1952 +
1953 + /* Get the starting Logical Block Address and check that it's
1954 + * not too big */
1955 + lba = get_unaligned_be32(&fsg->cmnd[2]);
1956 + if (lba >= curlun->num_sectors) {
1957 + curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1958 + return -EINVAL;
1959 + }
1960 +
1961 + /* We allow DPO (Disable Page Out = don't save data in the
1962 + * cache) but we don't implement it. */
1963 + if ((fsg->cmnd[1] & ~0x10) != 0) {
1964 + curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1965 + return -EINVAL;
1966 + }
1967 +
1968 + verification_length = get_unaligned_be16(&fsg->cmnd[7]);
1969 + if (unlikely(verification_length == 0))
1970 + return -EIO; // No default reply
1971 +
1972 + /* Prepare to carry out the file verify */
1973 + amount_left = verification_length << curlun->blkbits;
1974 + file_offset = ((loff_t) lba) << curlun->blkbits;
1975 +
1976 + /* Write out all the dirty buffers before invalidating them */
1977 + fsg_lun_fsync_sub(curlun);
1978 + if (signal_pending(current))
1979 + return -EINTR;
1980 +
1981 + invalidate_sub(curlun);
1982 + if (signal_pending(current))
1983 + return -EINTR;
1984 +
1985 + /* Just try to read the requested blocks */
1986 + while (amount_left > 0) {
1987 +
1988 + /* Figure out how much we need to read:
1989 + * Try to read the remaining amount, but not more than
1990 + * the buffer size.
1991 + * And don't try to read past the end of the file.
1992 + */
1993 + amount = min((unsigned int) amount_left, mod_data.buflen);
1994 + amount = min((loff_t) amount,
1995 + curlun->file_length - file_offset);
1996 + if (amount == 0) {
1997 + curlun->sense_data =
1998 + SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1999 + curlun->sense_data_info = file_offset >> curlun->blkbits;
2000 + curlun->info_valid = 1;
2001 + break;
2002 + }
2003 +
2004 + /* Perform the read */
2005 + file_offset_tmp = file_offset;
2006 + nread = vfs_read(curlun->filp,
2007 + (char __user *) bh->buf,
2008 + amount, &file_offset_tmp);
2009 + VLDBG(curlun, "file read %u @ %llu -> %d\n", amount,
2010 + (unsigned long long) file_offset,
2011 + (int) nread);
2012 + if (signal_pending(current))
2013 + return -EINTR;
2014 +
2015 + if (nread < 0) {
2016 + LDBG(curlun, "error in file verify: %d\n",
2017 + (int) nread);
2018 + nread = 0;
2019 + } else if (nread < amount) {
2020 + LDBG(curlun, "partial file verify: %d/%u\n",
2021 + (int) nread, amount);
2022 + nread = round_down(nread, curlun->blksize);
2023 + }
2024 + if (nread == 0) {
2025 + curlun->sense_data = SS_UNRECOVERED_READ_ERROR;
2026 + curlun->sense_data_info = file_offset >> curlun->blkbits;
2027 + curlun->info_valid = 1;
2028 + break;
2029 + }
2030 + file_offset += nread;
2031 + amount_left -= nread;
2032 + }
2033 + return 0;
2034 +}
2035 +
2036 +
2037 +/*-------------------------------------------------------------------------*/
2038 +
2039 +static int do_inquiry(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2040 +{
2041 + u8 *buf = (u8 *) bh->buf;
2042 +
2043 + static char vendor_id[] = "Linux ";
2044 + static char product_disk_id[] = "File-Stor Gadget";
2045 + static char product_cdrom_id[] = "File-CD Gadget ";
2046 +
2047 + if (!fsg->curlun) { // Unsupported LUNs are okay
2048 + fsg->bad_lun_okay = 1;
2049 + memset(buf, 0, 36);
2050 + buf[0] = 0x7f; // Unsupported, no device-type
2051 + buf[4] = 31; // Additional length
2052 + return 36;
2053 + }
2054 +
2055 + memset(buf, 0, 8);
2056 + buf[0] = (mod_data.cdrom ? TYPE_ROM : TYPE_DISK);
2057 + if (mod_data.removable)
2058 + buf[1] = 0x80;
2059 + buf[2] = 2; // ANSI SCSI level 2
2060 + buf[3] = 2; // SCSI-2 INQUIRY data format
2061 + buf[4] = 31; // Additional length
2062 + // No special options
2063 + sprintf(buf + 8, "%-8s%-16s%04x", vendor_id,
2064 + (mod_data.cdrom ? product_cdrom_id :
2065 + product_disk_id),
2066 + mod_data.release);
2067 + return 36;
2068 +}
2069 +
2070 +
2071 +static int do_request_sense(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2072 +{
2073 + struct fsg_lun *curlun = fsg->curlun;
2074 + u8 *buf = (u8 *) bh->buf;
2075 + u32 sd, sdinfo;
2076 + int valid;
2077 +
2078 + /*
2079 + * From the SCSI-2 spec., section 7.9 (Unit attention condition):
2080 + *
2081 + * If a REQUEST SENSE command is received from an initiator
2082 + * with a pending unit attention condition (before the target
2083 + * generates the contingent allegiance condition), then the
2084 + * target shall either:
2085 + * a) report any pending sense data and preserve the unit
2086 + * attention condition on the logical unit, or,
2087 + * b) report the unit attention condition, may discard any
2088 + * pending sense data, and clear the unit attention
2089 + * condition on the logical unit for that initiator.
2090 + *
2091 + * FSG normally uses option a); enable this code to use option b).
2092 + */
2093 +#if 0
2094 + if (curlun && curlun->unit_attention_data != SS_NO_SENSE) {
2095 + curlun->sense_data = curlun->unit_attention_data;
2096 + curlun->unit_attention_data = SS_NO_SENSE;
2097 + }
2098 +#endif
2099 +
2100 + if (!curlun) { // Unsupported LUNs are okay
2101 + fsg->bad_lun_okay = 1;
2102 + sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
2103 + sdinfo = 0;
2104 + valid = 0;
2105 + } else {
2106 + sd = curlun->sense_data;
2107 + sdinfo = curlun->sense_data_info;
2108 + valid = curlun->info_valid << 7;
2109 + curlun->sense_data = SS_NO_SENSE;
2110 + curlun->sense_data_info = 0;
2111 + curlun->info_valid = 0;
2112 + }
2113 +
2114 + memset(buf, 0, 18);
2115 + buf[0] = valid | 0x70; // Valid, current error
2116 + buf[2] = SK(sd);
2117 + put_unaligned_be32(sdinfo, &buf[3]); /* Sense information */
2118 + buf[7] = 18 - 8; // Additional sense length
2119 + buf[12] = ASC(sd);
2120 + buf[13] = ASCQ(sd);
2121 + return 18;
2122 +}
2123 +
2124 +
2125 +static int do_read_capacity(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2126 +{
2127 + struct fsg_lun *curlun = fsg->curlun;
2128 + u32 lba = get_unaligned_be32(&fsg->cmnd[2]);
2129 + int pmi = fsg->cmnd[8];
2130 + u8 *buf = (u8 *) bh->buf;
2131 +
2132 + /* Check the PMI and LBA fields */
2133 + if (pmi > 1 || (pmi == 0 && lba != 0)) {
2134 + curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
2135 + return -EINVAL;
2136 + }
2137 +
2138 + put_unaligned_be32(curlun->num_sectors - 1, &buf[0]);
2139 + /* Max logical block */
2140 + put_unaligned_be32(curlun->blksize, &buf[4]); /* Block length */
2141 + return 8;
2142 +}
2143 +
2144 +
2145 +static int do_read_header(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2146 +{
2147 + struct fsg_lun *curlun = fsg->curlun;
2148 + int msf = fsg->cmnd[1] & 0x02;
2149 + u32 lba = get_unaligned_be32(&fsg->cmnd[2]);
2150 + u8 *buf = (u8 *) bh->buf;
2151 +
2152 + if ((fsg->cmnd[1] & ~0x02) != 0) { /* Mask away MSF */
2153 + curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
2154 + return -EINVAL;
2155 + }
2156 + if (lba >= curlun->num_sectors) {
2157 + curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
2158 + return -EINVAL;
2159 + }
2160 +
2161 + memset(buf, 0, 8);
2162 + buf[0] = 0x01; /* 2048 bytes of user data, rest is EC */
2163 + store_cdrom_address(&buf[4], msf, lba);
2164 + return 8;
2165 +}
2166 +
2167 +
2168 +static int do_read_toc(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2169 +{
2170 + struct fsg_lun *curlun = fsg->curlun;
2171 + int msf = fsg->cmnd[1] & 0x02;
2172 + int start_track = fsg->cmnd[6];
2173 + u8 *buf = (u8 *) bh->buf;
2174 +
2175 + if ((fsg->cmnd[1] & ~0x02) != 0 || /* Mask away MSF */
2176 + start_track > 1) {
2177 + curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
2178 + return -EINVAL;
2179 + }
2180 +
2181 + memset(buf, 0, 20);
2182 + buf[1] = (20-2); /* TOC data length */
2183 + buf[2] = 1; /* First track number */
2184 + buf[3] = 1; /* Last track number */
2185 + buf[5] = 0x16; /* Data track, copying allowed */
2186 + buf[6] = 0x01; /* Only track is number 1 */
2187 + store_cdrom_address(&buf[8], msf, 0);
2188 +
2189 + buf[13] = 0x16; /* Lead-out track is data */
2190 + buf[14] = 0xAA; /* Lead-out track number */
2191 + store_cdrom_address(&buf[16], msf, curlun->num_sectors);
2192 + return 20;
2193 +}
2194 +
2195 +
2196 +static int do_mode_sense(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2197 +{
2198 + struct fsg_lun *curlun = fsg->curlun;
2199 + int mscmnd = fsg->cmnd[0];
2200 + u8 *buf = (u8 *) bh->buf;
2201 + u8 *buf0 = buf;
2202 + int pc, page_code;
2203 + int changeable_values, all_pages;
2204 + int valid_page = 0;
2205 + int len, limit;
2206 +
2207 + if ((fsg->cmnd[1] & ~0x08) != 0) { // Mask away DBD
2208 + curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
2209 + return -EINVAL;
2210 + }
2211 + pc = fsg->cmnd[2] >> 6;
2212 + page_code = fsg->cmnd[2] & 0x3f;
2213 + if (pc == 3) {
2214 + curlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED;
2215 + return -EINVAL;
2216 + }
2217 + changeable_values = (pc == 1);
2218 + all_pages = (page_code == 0x3f);
2219 +
2220 + /* Write the mode parameter header. Fixed values are: default
2221 + * medium type, no cache control (DPOFUA), and no block descriptors.
2222 + * The only variable value is the WriteProtect bit. We will fill in
2223 + * the mode data length later. */
2224 + memset(buf, 0, 8);
2225 + if (mscmnd == MODE_SENSE) {
2226 + buf[2] = (curlun->ro ? 0x80 : 0x00); // WP, DPOFUA
2227 + buf += 4;
2228 + limit = 255;
2229 + } else { // MODE_SENSE_10
2230 + buf[3] = (curlun->ro ? 0x80 : 0x00); // WP, DPOFUA
2231 + buf += 8;
2232 + limit = 65535; // Should really be mod_data.buflen
2233 + }
2234 +
2235 + /* No block descriptors */
2236 +
2237 + /* The mode pages, in numerical order. The only page we support
2238 + * is the Caching page. */
2239 + if (page_code == 0x08 || all_pages) {
2240 + valid_page = 1;
2241 + buf[0] = 0x08; // Page code
2242 + buf[1] = 10; // Page length
2243 + memset(buf+2, 0, 10); // None of the fields are changeable
2244 +
2245 + if (!changeable_values) {
2246 + buf[2] = 0x04; // Write cache enable,
2247 + // Read cache not disabled
2248 + // No cache retention priorities
2249 + put_unaligned_be16(0xffff, &buf[4]);
2250 + /* Don't disable prefetch */
2251 + /* Minimum prefetch = 0 */
2252 + put_unaligned_be16(0xffff, &buf[8]);
2253 + /* Maximum prefetch */
2254 + put_unaligned_be16(0xffff, &buf[10]);
2255 + /* Maximum prefetch ceiling */
2256 + }
2257 + buf += 12;
2258 + }
2259 +
2260 + /* Check that a valid page was requested and the mode data length
2261 + * isn't too long. */
2262 + len = buf - buf0;
2263 + if (!valid_page || len > limit) {
2264 + curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
2265 + return -EINVAL;
2266 + }
2267 +
2268 + /* Store the mode data length */
2269 + if (mscmnd == MODE_SENSE)
2270 + buf0[0] = len - 1;
2271 + else
2272 + put_unaligned_be16(len - 2, buf0);
2273 + return len;
2274 +}
2275 +
2276 +
2277 +static int do_start_stop(struct fsg_dev *fsg)
2278 +{
2279 + struct fsg_lun *curlun = fsg->curlun;
2280 + int loej, start;
2281 +
2282 + if (!mod_data.removable) {
2283 + curlun->sense_data = SS_INVALID_COMMAND;
2284 + return -EINVAL;
2285 + }
2286 +
2287 + // int immed = fsg->cmnd[1] & 0x01;
2288 + loej = fsg->cmnd[4] & 0x02;
2289 + start = fsg->cmnd[4] & 0x01;
2290 +
2291 +#ifdef CONFIG_USB_FILE_STORAGE_TEST
2292 + if ((fsg->cmnd[1] & ~0x01) != 0 || // Mask away Immed
2293 + (fsg->cmnd[4] & ~0x03) != 0) { // Mask LoEj, Start
2294 + curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
2295 + return -EINVAL;
2296 + }
2297 +
2298 + if (!start) {
2299 +
2300 + /* Are we allowed to unload the media? */
2301 + if (curlun->prevent_medium_removal) {
2302 + LDBG(curlun, "unload attempt prevented\n");
2303 + curlun->sense_data = SS_MEDIUM_REMOVAL_PREVENTED;
2304 + return -EINVAL;
2305 + }
2306 + if (loej) { // Simulate an unload/eject
2307 + up_read(&fsg->filesem);
2308 + down_write(&fsg->filesem);
2309 + fsg_lun_close(curlun);
2310 + up_write(&fsg->filesem);
2311 + down_read(&fsg->filesem);
2312 + }
2313 + } else {
2314 +
2315 + /* Our emulation doesn't support mounting; the medium is
2316 + * available for use as soon as it is loaded. */
2317 + if (!fsg_lun_is_open(curlun)) {
2318 + curlun->sense_data = SS_MEDIUM_NOT_PRESENT;
2319 + return -EINVAL;
2320 + }
2321 + }
2322 +#endif
2323 + return 0;
2324 +}
2325 +
2326 +
2327 +static int do_prevent_allow(struct fsg_dev *fsg)
2328 +{
2329 + struct fsg_lun *curlun = fsg->curlun;
2330 + int prevent;
2331 +
2332 + if (!mod_data.removable) {
2333 + curlun->sense_data = SS_INVALID_COMMAND;
2334 + return -EINVAL;
2335 + }
2336 +
2337 + prevent = fsg->cmnd[4] & 0x01;
2338 + if ((fsg->cmnd[4] & ~0x01) != 0) { // Mask away Prevent
2339 + curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
2340 + return -EINVAL;
2341 + }
2342 +
2343 + if (curlun->prevent_medium_removal && !prevent)
2344 + fsg_lun_fsync_sub(curlun);
2345 + curlun->prevent_medium_removal = prevent;
2346 + return 0;
2347 +}
2348 +
2349 +
2350 +static int do_read_format_capacities(struct fsg_dev *fsg,
2351 + struct fsg_buffhd *bh)
2352 +{
2353 + struct fsg_lun *curlun = fsg->curlun;
2354 + u8 *buf = (u8 *) bh->buf;
2355 +
2356 + buf[0] = buf[1] = buf[2] = 0;
2357 + buf[3] = 8; // Only the Current/Maximum Capacity Descriptor
2358 + buf += 4;
2359 +
2360 + put_unaligned_be32(curlun->num_sectors, &buf[0]);
2361 + /* Number of blocks */
2362 + put_unaligned_be32(curlun->blksize, &buf[4]); /* Block length */
2363 + buf[4] = 0x02; /* Current capacity */
2364 + return 12;
2365 +}
2366 +
2367 +
2368 +static int do_mode_select(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2369 +{
2370 + struct fsg_lun *curlun = fsg->curlun;
2371 +
2372 + /* We don't support MODE SELECT */
2373 + curlun->sense_data = SS_INVALID_COMMAND;
2374 + return -EINVAL;
2375 +}
2376 +
2377 +
2378 +/*-------------------------------------------------------------------------*/
2379 +
2380 +static int halt_bulk_in_endpoint(struct fsg_dev *fsg)
2381 +{
2382 + int rc;
2383 +
2384 + rc = fsg_set_halt(fsg, fsg->bulk_in);
2385 + if (rc == -EAGAIN)
2386 + VDBG(fsg, "delayed bulk-in endpoint halt\n");
2387 + while (rc != 0) {
2388 + if (rc != -EAGAIN) {
2389 + WARNING(fsg, "usb_ep_set_halt -> %d\n", rc);
2390 + rc = 0;
2391 + break;
2392 + }
2393 +
2394 + /* Wait for a short time and then try again */
2395 + if (msleep_interruptible(100) != 0)
2396 + return -EINTR;
2397 + rc = usb_ep_set_halt(fsg->bulk_in);
2398 + }
2399 + return rc;
2400 +}
2401 +
2402 +static int wedge_bulk_in_endpoint(struct fsg_dev *fsg)
2403 +{
2404 + int rc;
2405 +
2406 + DBG(fsg, "bulk-in set wedge\n");
2407 + rc = usb_ep_set_wedge(fsg->bulk_in);
2408 + if (rc == -EAGAIN)
2409 + VDBG(fsg, "delayed bulk-in endpoint wedge\n");
2410 + while (rc != 0) {
2411 + if (rc != -EAGAIN) {
2412 + WARNING(fsg, "usb_ep_set_wedge -> %d\n", rc);
2413 + rc = 0;
2414 + break;
2415 + }
2416 +
2417 + /* Wait for a short time and then try again */
2418 + if (msleep_interruptible(100) != 0)
2419 + return -EINTR;
2420 + rc = usb_ep_set_wedge(fsg->bulk_in);
2421 + }
2422 + return rc;
2423 +}
2424 +
2425 +static int throw_away_data(struct fsg_dev *fsg)
2426 +{
2427 + struct fsg_buffhd *bh;
2428 + u32 amount;
2429 + int rc;
2430 +
2431 + while ((bh = fsg->next_buffhd_to_drain)->state != BUF_STATE_EMPTY ||
2432 + fsg->usb_amount_left > 0) {
2433 +
2434 + /* Throw away the data in a filled buffer */
2435 + if (bh->state == BUF_STATE_FULL) {
2436 + smp_rmb();
2437 + bh->state = BUF_STATE_EMPTY;
2438 + fsg->next_buffhd_to_drain = bh->next;
2439 +
2440 + /* A short packet or an error ends everything */
2441 + if (bh->outreq->actual < bh->bulk_out_intended_length ||
2442 + bh->outreq->status != 0) {
2443 + raise_exception(fsg, FSG_STATE_ABORT_BULK_OUT);
2444 + return -EINTR;
2445 + }
2446 + continue;
2447 + }
2448 +
2449 + /* Try to submit another request if we need one */
2450 + bh = fsg->next_buffhd_to_fill;
2451 + if (bh->state == BUF_STATE_EMPTY && fsg->usb_amount_left > 0) {
2452 + amount = min(fsg->usb_amount_left,
2453 + (u32) mod_data.buflen);
2454 +
2455 + /* Except at the end of the transfer, amount will be
2456 + * equal to the buffer size, which is divisible by
2457 + * the bulk-out maxpacket size.
2458 + */
2459 + set_bulk_out_req_length(fsg, bh, amount);
2460 + start_transfer(fsg, fsg->bulk_out, bh->outreq,
2461 + &bh->outreq_busy, &bh->state);
2462 + fsg->next_buffhd_to_fill = bh->next;
2463 + fsg->usb_amount_left -= amount;
2464 + continue;
2465 + }
2466 +
2467 + /* Otherwise wait for something to happen */
2468 + rc = sleep_thread(fsg);
2469 + if (rc)
2470 + return rc;
2471 + }
2472 + return 0;
2473 +}
2474 +
2475 +
2476 +static int finish_reply(struct fsg_dev *fsg)
2477 +{
2478 + struct fsg_buffhd *bh = fsg->next_buffhd_to_fill;
2479 + int rc = 0;
2480 +
2481 + switch (fsg->data_dir) {
2482 + case DATA_DIR_NONE:
2483 + break; // Nothing to send
2484 +
2485 + /* If we don't know whether the host wants to read or write,
2486 + * this must be CB or CBI with an unknown command. We mustn't
2487 + * try to send or receive any data. So stall both bulk pipes
2488 + * if we can and wait for a reset. */
2489 + case DATA_DIR_UNKNOWN:
2490 + if (mod_data.can_stall) {
2491 + fsg_set_halt(fsg, fsg->bulk_out);
2492 + rc = halt_bulk_in_endpoint(fsg);
2493 + }
2494 + break;
2495 +
2496 + /* All but the last buffer of data must have already been sent */
2497 + case DATA_DIR_TO_HOST:
2498 + if (fsg->data_size == 0)
2499 + ; // Nothing to send
2500 +
2501 + /* If there's no residue, simply send the last buffer */
2502 + else if (fsg->residue == 0) {
2503 + bh->inreq->zero = 0;
2504 + start_transfer(fsg, fsg->bulk_in, bh->inreq,
2505 + &bh->inreq_busy, &bh->state);
2506 + fsg->next_buffhd_to_fill = bh->next;
2507 + }
2508 +
2509 + /* There is a residue. For CB and CBI, simply mark the end
2510 + * of the data with a short packet. However, if we are
2511 + * allowed to stall, there was no data at all (residue ==
2512 + * data_size), and the command failed (invalid LUN or
2513 + * sense data is set), then halt the bulk-in endpoint
2514 + * instead. */
2515 + else if (!transport_is_bbb()) {
2516 + if (mod_data.can_stall &&
2517 + fsg->residue == fsg->data_size &&
2518 + (!fsg->curlun || fsg->curlun->sense_data != SS_NO_SENSE)) {
2519 + bh->state = BUF_STATE_EMPTY;
2520 + rc = halt_bulk_in_endpoint(fsg);
2521 + } else {
2522 + bh->inreq->zero = 1;
2523 + start_transfer(fsg, fsg->bulk_in, bh->inreq,
2524 + &bh->inreq_busy, &bh->state);
2525 + fsg->next_buffhd_to_fill = bh->next;
2526 + }
2527 + }
2528 +
2529 + /*
2530 + * For Bulk-only, mark the end of the data with a short
2531 + * packet. If we are allowed to stall, halt the bulk-in
2532 + * endpoint. (Note: This violates the Bulk-Only Transport
2533 + * specification, which requires us to pad the data if we
2534 + * don't halt the endpoint. Presumably nobody will mind.)
2535 + */
2536 + else {
2537 + bh->inreq->zero = 1;
2538 + start_transfer(fsg, fsg->bulk_in, bh->inreq,
2539 + &bh->inreq_busy, &bh->state);
2540 + fsg->next_buffhd_to_fill = bh->next;
2541 + if (mod_data.can_stall)
2542 + rc = halt_bulk_in_endpoint(fsg);
2543 + }
2544 + break;
2545 +
2546 + /* We have processed all we want from the data the host has sent.
2547 + * There may still be outstanding bulk-out requests. */
2548 + case DATA_DIR_FROM_HOST:
2549 + if (fsg->residue == 0)
2550 + ; // Nothing to receive
2551 +
2552 + /* Did the host stop sending unexpectedly early? */
2553 + else if (fsg->short_packet_received) {
2554 + raise_exception(fsg, FSG_STATE_ABORT_BULK_OUT);
2555 + rc = -EINTR;
2556 + }
2557 +
2558 + /* We haven't processed all the incoming data. Even though
2559 + * we may be allowed to stall, doing so would cause a race.
2560 + * The controller may already have ACK'ed all the remaining
2561 + * bulk-out packets, in which case the host wouldn't see a
2562 + * STALL. Not realizing the endpoint was halted, it wouldn't
2563 + * clear the halt -- leading to problems later on. */
2564 +#if 0
2565 + else if (mod_data.can_stall) {
2566 + fsg_set_halt(fsg, fsg->bulk_out);
2567 + raise_exception(fsg, FSG_STATE_ABORT_BULK_OUT);
2568 + rc = -EINTR;
2569 + }
2570 +#endif
2571 +
2572 + /* We can't stall. Read in the excess data and throw it
2573 + * all away. */
2574 + else
2575 + rc = throw_away_data(fsg);
2576 + break;
2577 + }
2578 + return rc;
2579 +}
2580 +
2581 +
2582 +static int send_status(struct fsg_dev *fsg)
2583 +{
2584 + struct fsg_lun *curlun = fsg->curlun;
2585 + struct fsg_buffhd *bh;
2586 + int rc;
2587 + u8 status = US_BULK_STAT_OK;
2588 + u32 sd, sdinfo = 0;
2589 +
2590 + /* Wait for the next buffer to become available */
2591 + bh = fsg->next_buffhd_to_fill;
2592 + while (bh->state != BUF_STATE_EMPTY) {
2593 + rc = sleep_thread(fsg);
2594 + if (rc)
2595 + return rc;
2596 + }
2597 +
2598 + if (curlun) {
2599 + sd = curlun->sense_data;
2600 + sdinfo = curlun->sense_data_info;
2601 + } else if (fsg->bad_lun_okay)
2602 + sd = SS_NO_SENSE;
2603 + else
2604 + sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
2605 +
2606 + if (fsg->phase_error) {
2607 + DBG(fsg, "sending phase-error status\n");
2608 + status = US_BULK_STAT_PHASE;
2609 + sd = SS_INVALID_COMMAND;
2610 + } else if (sd != SS_NO_SENSE) {
2611 + DBG(fsg, "sending command-failure status\n");
2612 + status = US_BULK_STAT_FAIL;
2613 + VDBG(fsg, " sense data: SK x%02x, ASC x%02x, ASCQ x%02x;"
2614 + " info x%x\n",
2615 + SK(sd), ASC(sd), ASCQ(sd), sdinfo);
2616 + }
2617 +
2618 + if (transport_is_bbb()) {
2619 + struct bulk_cs_wrap *csw = bh->buf;
2620 +
2621 + /* Store and send the Bulk-only CSW */
2622 + csw->Signature = cpu_to_le32(US_BULK_CS_SIGN);
2623 + csw->Tag = fsg->tag;
2624 + csw->Residue = cpu_to_le32(fsg->residue);
2625 + csw->Status = status;
2626 +
2627 + bh->inreq->length = US_BULK_CS_WRAP_LEN;
2628 + bh->inreq->zero = 0;
2629 + start_transfer(fsg, fsg->bulk_in, bh->inreq,
2630 + &bh->inreq_busy, &bh->state);
2631 +
2632 + } else if (mod_data.transport_type == USB_PR_CB) {
2633 +
2634 + /* Control-Bulk transport has no status phase! */
2635 + return 0;
2636 +
2637 + } else { // USB_PR_CBI
2638 + struct interrupt_data *buf = bh->buf;
2639 +
2640 + /* Store and send the Interrupt data. UFI sends the ASC
2641 + * and ASCQ bytes. Everything else sends a Type (which
2642 + * is always 0) and the status Value. */
2643 + if (mod_data.protocol_type == USB_SC_UFI) {
2644 + buf->bType = ASC(sd);
2645 + buf->bValue = ASCQ(sd);
2646 + } else {
2647 + buf->bType = 0;
2648 + buf->bValue = status;
2649 + }
2650 + fsg->intreq->length = CBI_INTERRUPT_DATA_LEN;
2651 +
2652 + fsg->intr_buffhd = bh; // Point to the right buffhd
2653 + fsg->intreq->buf = bh->inreq->buf;
2654 + fsg->intreq->context = bh;
2655 + start_transfer(fsg, fsg->intr_in, fsg->intreq,
2656 + &fsg->intreq_busy, &bh->state);
2657 + }
2658 +
2659 + fsg->next_buffhd_to_fill = bh->next;
2660 + return 0;
2661 +}
2662 +
2663 +
2664 +/*-------------------------------------------------------------------------*/
2665 +
2666 +/* Check whether the command is properly formed and whether its data size
2667 + * and direction agree with the values we already have. */
2668 +static int check_command(struct fsg_dev *fsg, int cmnd_size,
2669 + enum data_direction data_dir, unsigned int mask,
2670 + int needs_medium, const char *name)
2671 +{
2672 + int i;
2673 + int lun = fsg->cmnd[1] >> 5;
2674 + static const char dirletter[4] = {'u', 'o', 'i', 'n'};
2675 + char hdlen[20];
2676 + struct fsg_lun *curlun;
2677 +
2678 + /* Adjust the expected cmnd_size for protocol encapsulation padding.
2679 + * Transparent SCSI doesn't pad. */
2680 + if (protocol_is_scsi())
2681 + ;
2682 +
2683 + /* There's some disagreement as to whether RBC pads commands or not.
2684 + * We'll play it safe and accept either form. */
2685 + else if (mod_data.protocol_type == USB_SC_RBC) {
2686 + if (fsg->cmnd_size == 12)
2687 + cmnd_size = 12;
2688 +
2689 + /* All the other protocols pad to 12 bytes */
2690 + } else
2691 + cmnd_size = 12;
2692 +
2693 + hdlen[0] = 0;
2694 + if (fsg->data_dir != DATA_DIR_UNKNOWN)
2695 + sprintf(hdlen, ", H%c=%u", dirletter[(int) fsg->data_dir],
2696 + fsg->data_size);
2697 + VDBG(fsg, "SCSI command: %s; Dc=%d, D%c=%u; Hc=%d%s\n",
2698 + name, cmnd_size, dirletter[(int) data_dir],
2699 + fsg->data_size_from_cmnd, fsg->cmnd_size, hdlen);
2700 +
2701 + /* We can't reply at all until we know the correct data direction
2702 + * and size. */
2703 + if (fsg->data_size_from_cmnd == 0)
2704 + data_dir = DATA_DIR_NONE;
2705 + if (fsg->data_dir == DATA_DIR_UNKNOWN) { // CB or CBI
2706 + fsg->data_dir = data_dir;
2707 + fsg->data_size = fsg->data_size_from_cmnd;
2708 +
2709 + } else { // Bulk-only
2710 + if (fsg->data_size < fsg->data_size_from_cmnd) {
2711 +
2712 + /* Host data size < Device data size is a phase error.
2713 + * Carry out the command, but only transfer as much
2714 + * as we are allowed. */
2715 + fsg->data_size_from_cmnd = fsg->data_size;
2716 + fsg->phase_error = 1;
2717 + }
2718 + }
2719 + fsg->residue = fsg->usb_amount_left = fsg->data_size;
2720 +
2721 + /* Conflicting data directions is a phase error */
2722 + if (fsg->data_dir != data_dir && fsg->data_size_from_cmnd > 0) {
2723 + fsg->phase_error = 1;
2724 + return -EINVAL;
2725 + }
2726 +
2727 + /* Verify the length of the command itself */
2728 + if (cmnd_size != fsg->cmnd_size) {
2729 +
2730 + /* Special case workaround: There are plenty of buggy SCSI
2731 + * implementations. Many have issues with cbw->Length
2732 + * field passing a wrong command size. For those cases we
2733 + * always try to work around the problem by using the length
2734 + * sent by the host side provided it is at least as large
2735 + * as the correct command length.
2736 + * Examples of such cases would be MS-Windows, which issues
2737 + * REQUEST SENSE with cbw->Length == 12 where it should
2738 + * be 6, and xbox360 issuing INQUIRY, TEST UNIT READY and
2739 + * REQUEST SENSE with cbw->Length == 10 where it should
2740 + * be 6 as well.
2741 + */
2742 + if (cmnd_size <= fsg->cmnd_size) {
2743 + DBG(fsg, "%s is buggy! Expected length %d "
2744 + "but we got %d\n", name,
2745 + cmnd_size, fsg->cmnd_size);
2746 + cmnd_size = fsg->cmnd_size;
2747 + } else {
2748 + fsg->phase_error = 1;
2749 + return -EINVAL;
2750 + }
2751 + }
2752 +
2753 + /* Check that the LUN values are consistent */
2754 + if (transport_is_bbb()) {
2755 + if (fsg->lun != lun)
2756 + DBG(fsg, "using LUN %d from CBW, "
2757 + "not LUN %d from CDB\n",
2758 + fsg->lun, lun);
2759 + }
2760 +
2761 + /* Check the LUN */
2762 + curlun = fsg->curlun;
2763 + if (curlun) {
2764 + if (fsg->cmnd[0] != REQUEST_SENSE) {
2765 + curlun->sense_data = SS_NO_SENSE;
2766 + curlun->sense_data_info = 0;
2767 + curlun->info_valid = 0;
2768 + }
2769 + } else {
2770 + fsg->bad_lun_okay = 0;
2771 +
2772 + /* INQUIRY and REQUEST SENSE commands are explicitly allowed
2773 + * to use unsupported LUNs; all others may not. */
2774 + if (fsg->cmnd[0] != INQUIRY &&
2775 + fsg->cmnd[0] != REQUEST_SENSE) {
2776 + DBG(fsg, "unsupported LUN %d\n", fsg->lun);
2777 + return -EINVAL;
2778 + }
2779 + }
2780 +
2781 + /* If a unit attention condition exists, only INQUIRY and
2782 + * REQUEST SENSE commands are allowed; anything else must fail. */
2783 + if (curlun && curlun->unit_attention_data != SS_NO_SENSE &&
2784 + fsg->cmnd[0] != INQUIRY &&
2785 + fsg->cmnd[0] != REQUEST_SENSE) {
2786 + curlun->sense_data = curlun->unit_attention_data;
2787 + curlun->unit_attention_data = SS_NO_SENSE;
2788 + return -EINVAL;
2789 + }
2790 +
2791 + /* Check that only command bytes listed in the mask are non-zero */
2792 + fsg->cmnd[1] &= 0x1f; // Mask away the LUN
2793 + for (i = 1; i < cmnd_size; ++i) {
2794 + if (fsg->cmnd[i] && !(mask & (1 << i))) {
2795 + if (curlun)
2796 + curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
2797 + return -EINVAL;
2798 + }
2799 + }
2800 +
2801 + /* If the medium isn't mounted and the command needs to access
2802 + * it, return an error. */
2803 + if (curlun && !fsg_lun_is_open(curlun) && needs_medium) {
2804 + curlun->sense_data = SS_MEDIUM_NOT_PRESENT;
2805 + return -EINVAL;
2806 + }
2807 +
2808 + return 0;
2809 +}
2810 +
2811 +/* wrapper of check_command for data size in blocks handling */
2812 +static int check_command_size_in_blocks(struct fsg_dev *fsg, int cmnd_size,
2813 + enum data_direction data_dir, unsigned int mask,
2814 + int needs_medium, const char *name)
2815 +{
2816 + if (fsg->curlun)
2817 + fsg->data_size_from_cmnd <<= fsg->curlun->blkbits;
2818 + return check_command(fsg, cmnd_size, data_dir,
2819 + mask, needs_medium, name);
2820 +}
2821 +
2822 +static int do_scsi_command(struct fsg_dev *fsg)
2823 +{
2824 + struct fsg_buffhd *bh;
2825 + int rc;
2826 + int reply = -EINVAL;
2827 + int i;
2828 + static char unknown[16];
2829 +
2830 + dump_cdb(fsg);
2831 +
2832 + /* Wait for the next buffer to become available for data or status */
2833 + bh = fsg->next_buffhd_to_drain = fsg->next_buffhd_to_fill;
2834 + while (bh->state != BUF_STATE_EMPTY) {
2835 + rc = sleep_thread(fsg);
2836 + if (rc)
2837 + return rc;
2838 + }
2839 + fsg->phase_error = 0;
2840 + fsg->short_packet_received = 0;
2841 +
2842 + down_read(&fsg->filesem); // We're using the backing file
2843 + switch (fsg->cmnd[0]) {
2844 +
2845 + case INQUIRY:
2846 + fsg->data_size_from_cmnd = fsg->cmnd[4];
2847 + if ((reply = check_command(fsg, 6, DATA_DIR_TO_HOST,
2848 + (1<<4), 0,
2849 + "INQUIRY")) == 0)
2850 + reply = do_inquiry(fsg, bh);
2851 + break;
2852 +
2853 + case MODE_SELECT:
2854 + fsg->data_size_from_cmnd = fsg->cmnd[4];
2855 + if ((reply = check_command(fsg, 6, DATA_DIR_FROM_HOST,
2856 + (1<<1) | (1<<4), 0,
2857 + "MODE SELECT(6)")) == 0)
2858 + reply = do_mode_select(fsg, bh);
2859 + break;
2860 +
2861 + case MODE_SELECT_10:
2862 + fsg->data_size_from_cmnd = get_unaligned_be16(&fsg->cmnd[7]);
2863 + if ((reply = check_command(fsg, 10, DATA_DIR_FROM_HOST,
2864 + (1<<1) | (3<<7), 0,
2865 + "MODE SELECT(10)")) == 0)
2866 + reply = do_mode_select(fsg, bh);
2867 + break;
2868 +
2869 + case MODE_SENSE:
2870 + fsg->data_size_from_cmnd = fsg->cmnd[4];
2871 + if ((reply = check_command(fsg, 6, DATA_DIR_TO_HOST,
2872 + (1<<1) | (1<<2) | (1<<4), 0,
2873 + "MODE SENSE(6)")) == 0)
2874 + reply = do_mode_sense(fsg, bh);
2875 + break;
2876 +
2877 + case MODE_SENSE_10:
2878 + fsg->data_size_from_cmnd = get_unaligned_be16(&fsg->cmnd[7]);
2879 + if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST,
2880 + (1<<1) | (1<<2) | (3<<7), 0,
2881 + "MODE SENSE(10)")) == 0)
2882 + reply = do_mode_sense(fsg, bh);
2883 + break;
2884 +
2885 + case ALLOW_MEDIUM_REMOVAL:
2886 + fsg->data_size_from_cmnd = 0;
2887 + if ((reply = check_command(fsg, 6, DATA_DIR_NONE,
2888 + (1<<4), 0,
2889 + "PREVENT-ALLOW MEDIUM REMOVAL")) == 0)
2890 + reply = do_prevent_allow(fsg);
2891 + break;
2892 +
2893 + case READ_6:
2894 + i = fsg->cmnd[4];
2895 + fsg->data_size_from_cmnd = (i == 0) ? 256 : i;
2896 + if ((reply = check_command_size_in_blocks(fsg, 6,
2897 + DATA_DIR_TO_HOST,
2898 + (7<<1) | (1<<4), 1,
2899 + "READ(6)")) == 0)
2900 + reply = do_read(fsg);
2901 + break;
2902 +
2903 + case READ_10:
2904 + fsg->data_size_from_cmnd = get_unaligned_be16(&fsg->cmnd[7]);
2905 + if ((reply = check_command_size_in_blocks(fsg, 10,
2906 + DATA_DIR_TO_HOST,
2907 + (1<<1) | (0xf<<2) | (3<<7), 1,
2908 + "READ(10)")) == 0)
2909 + reply = do_read(fsg);
2910 + break;
2911 +
2912 + case READ_12:
2913 + fsg->data_size_from_cmnd = get_unaligned_be32(&fsg->cmnd[6]);
2914 + if ((reply = check_command_size_in_blocks(fsg, 12,
2915 + DATA_DIR_TO_HOST,
2916 + (1<<1) | (0xf<<2) | (0xf<<6), 1,
2917 + "READ(12)")) == 0)
2918 + reply = do_read(fsg);
2919 + break;
2920 +
2921 + case READ_CAPACITY:
2922 + fsg->data_size_from_cmnd = 8;
2923 + if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST,
2924 + (0xf<<2) | (1<<8), 1,
2925 + "READ CAPACITY")) == 0)
2926 + reply = do_read_capacity(fsg, bh);
2927 + break;
2928 +
2929 + case READ_HEADER:
2930 + if (!mod_data.cdrom)
2931 + goto unknown_cmnd;
2932 + fsg->data_size_from_cmnd = get_unaligned_be16(&fsg->cmnd[7]);
2933 + if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST,
2934 + (3<<7) | (0x1f<<1), 1,
2935 + "READ HEADER")) == 0)
2936 + reply = do_read_header(fsg, bh);
2937 + break;
2938 +
2939 + case READ_TOC:
2940 + if (!mod_data.cdrom)
2941 + goto unknown_cmnd;
2942 + fsg->data_size_from_cmnd = get_unaligned_be16(&fsg->cmnd[7]);
2943 + if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST,
2944 + (7<<6) | (1<<1), 1,
2945 + "READ TOC")) == 0)
2946 + reply = do_read_toc(fsg, bh);
2947 + break;
2948 +
2949 + case READ_FORMAT_CAPACITIES:
2950 + fsg->data_size_from_cmnd = get_unaligned_be16(&fsg->cmnd[7]);
2951 + if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST,
2952 + (3<<7), 1,
2953 + "READ FORMAT CAPACITIES")) == 0)
2954 + reply = do_read_format_capacities(fsg, bh);
2955 + break;
2956 +
2957 + case REQUEST_SENSE:
2958 + fsg->data_size_from_cmnd = fsg->cmnd[4];
2959 + if ((reply = check_command(fsg, 6, DATA_DIR_TO_HOST,
2960 + (1<<4), 0,
2961 + "REQUEST SENSE")) == 0)
2962 + reply = do_request_sense(fsg, bh);
2963 + break;
2964 +
2965 + case START_STOP:
2966 + fsg->data_size_from_cmnd = 0;
2967 + if ((reply = check_command(fsg, 6, DATA_DIR_NONE,
2968 + (1<<1) | (1<<4), 0,
2969 + "START-STOP UNIT")) == 0)
2970 + reply = do_start_stop(fsg);
2971 + break;
2972 +
2973 + case SYNCHRONIZE_CACHE:
2974 + fsg->data_size_from_cmnd = 0;
2975 + if ((reply = check_command(fsg, 10, DATA_DIR_NONE,
2976 + (0xf<<2) | (3<<7), 1,
2977 + "SYNCHRONIZE CACHE")) == 0)
2978 + reply = do_synchronize_cache(fsg);
2979 + break;
2980 +
2981 + case TEST_UNIT_READY:
2982 + fsg->data_size_from_cmnd = 0;
2983 + reply = check_command(fsg, 6, DATA_DIR_NONE,
2984 + 0, 1,
2985 + "TEST UNIT READY");
2986 + break;
2987 +
2988 + /* Although optional, this command is used by MS-Windows. We
2989 + * support a minimal version: BytChk must be 0. */
2990 + case VERIFY:
2991 + fsg->data_size_from_cmnd = 0;
2992 + if ((reply = check_command(fsg, 10, DATA_DIR_NONE,
2993 + (1<<1) | (0xf<<2) | (3<<7), 1,
2994 + "VERIFY")) == 0)
2995 + reply = do_verify(fsg);
2996 + break;
2997 +
2998 + case WRITE_6:
2999 + i = fsg->cmnd[4];
3000 + fsg->data_size_from_cmnd = (i == 0) ? 256 : i;
3001 + if ((reply = check_command_size_in_blocks(fsg, 6,
3002 + DATA_DIR_FROM_HOST,
3003 + (7<<1) | (1<<4), 1,
3004 + "WRITE(6)")) == 0)
3005 + reply = do_write(fsg);
3006 + break;
3007 +
3008 + case WRITE_10:
3009 + fsg->data_size_from_cmnd = get_unaligned_be16(&fsg->cmnd[7]);
3010 + if ((reply = check_command_size_in_blocks(fsg, 10,
3011 + DATA_DIR_FROM_HOST,
3012 + (1<<1) | (0xf<<2) | (3<<7), 1,
3013 + "WRITE(10)")) == 0)
3014 + reply = do_write(fsg);
3015 + break;
3016 +
3017 + case WRITE_12:
3018 + fsg->data_size_from_cmnd = get_unaligned_be32(&fsg->cmnd[6]);
3019 + if ((reply = check_command_size_in_blocks(fsg, 12,
3020 + DATA_DIR_FROM_HOST,
3021 + (1<<1) | (0xf<<2) | (0xf<<6), 1,
3022 + "WRITE(12)")) == 0)
3023 + reply = do_write(fsg);
3024 + break;
3025 +
3026 + /* Some mandatory commands that we recognize but don't implement.
3027 + * They don't mean much in this setting. It's left as an exercise
3028 + * for anyone interested to implement RESERVE and RELEASE in terms
3029 + * of Posix locks. */
3030 + case FORMAT_UNIT:
3031 + case RELEASE:
3032 + case RESERVE:
3033 + case SEND_DIAGNOSTIC:
3034 + // Fall through
3035 +
3036 + default:
3037 + unknown_cmnd:
3038 + fsg->data_size_from_cmnd = 0;
3039 + sprintf(unknown, "Unknown x%02x", fsg->cmnd[0]);
3040 + if ((reply = check_command(fsg, fsg->cmnd_size,
3041 + DATA_DIR_UNKNOWN, ~0, 0, unknown)) == 0) {
3042 + fsg->curlun->sense_data = SS_INVALID_COMMAND;
3043 + reply = -EINVAL;
3044 + }
3045 + break;
3046 + }
3047 + up_read(&fsg->filesem);
3048 +
3049 + if (reply == -EINTR || signal_pending(current))
3050 + return -EINTR;
3051 +
3052 + /* Set up the single reply buffer for finish_reply() */
3053 + if (reply == -EINVAL)
3054 + reply = 0; // Error reply length
3055 + if (reply >= 0 && fsg->data_dir == DATA_DIR_TO_HOST) {
3056 + reply = min((u32) reply, fsg->data_size_from_cmnd);
3057 + bh->inreq->length = reply;
3058 + bh->state = BUF_STATE_FULL;
3059 + fsg->residue -= reply;
3060 + } // Otherwise it's already set
3061 +
3062 + return 0;
3063 +}
3064 +
3065 +
3066 +/*-------------------------------------------------------------------------*/
3067 +
3068 +static int received_cbw(struct fsg_dev *fsg, struct fsg_buffhd *bh)
3069 +{
3070 + struct usb_request *req = bh->outreq;
3071 + struct bulk_cb_wrap *cbw = req->buf;
3072 +
3073 + /* Was this a real packet? Should it be ignored? */
3074 + if (req->status || test_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags))
3075 + return -EINVAL;
3076 +
3077 + /* Is the CBW valid? */
3078 + if (req->actual != US_BULK_CB_WRAP_LEN ||
3079 + cbw->Signature != cpu_to_le32(
3080 + US_BULK_CB_SIGN)) {
3081 + DBG(fsg, "invalid CBW: len %u sig 0x%x\n",
3082 + req->actual,
3083 + le32_to_cpu(cbw->Signature));
3084 +
3085 + /* The Bulk-only spec says we MUST stall the IN endpoint
3086 + * (6.6.1), so it's unavoidable. It also says we must
3087 + * retain this state until the next reset, but there's
3088 + * no way to tell the controller driver it should ignore
3089 + * Clear-Feature(HALT) requests.
3090 + *
3091 + * We aren't required to halt the OUT endpoint; instead
3092 + * we can simply accept and discard any data received
3093 + * until the next reset. */
3094 + wedge_bulk_in_endpoint(fsg);
3095 + set_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags);
3096 + return -EINVAL;
3097 + }
3098 +
3099 + /* Is the CBW meaningful? */
3100 + if (cbw->Lun >= FSG_MAX_LUNS || cbw->Flags & ~US_BULK_FLAG_IN ||
3101 + cbw->Length <= 0 || cbw->Length > MAX_COMMAND_SIZE) {
3102 + DBG(fsg, "non-meaningful CBW: lun = %u, flags = 0x%x, "
3103 + "cmdlen %u\n",
3104 + cbw->Lun, cbw->Flags, cbw->Length);
3105 +
3106 + /* We can do anything we want here, so let's stall the
3107 + * bulk pipes if we are allowed to. */
3108 + if (mod_data.can_stall) {
3109 + fsg_set_halt(fsg, fsg->bulk_out);
3110 + halt_bulk_in_endpoint(fsg);
3111 + }
3112 + return -EINVAL;
3113 + }
3114 +
3115 + /* Save the command for later */
3116 + fsg->cmnd_size = cbw->Length;
3117 + memcpy(fsg->cmnd, cbw->CDB, fsg->cmnd_size);
3118 + if (cbw->Flags & US_BULK_FLAG_IN)
3119 + fsg->data_dir = DATA_DIR_TO_HOST;
3120 + else
3121 + fsg->data_dir = DATA_DIR_FROM_HOST;
3122 + fsg->data_size = le32_to_cpu(cbw->DataTransferLength);
3123 + if (fsg->data_size == 0)
3124 + fsg->data_dir = DATA_DIR_NONE;
3125 + fsg->lun = cbw->Lun;
3126 + fsg->tag = cbw->Tag;
3127 + return 0;
3128 +}
3129 +
3130 +
3131 +static int get_next_command(struct fsg_dev *fsg)
3132 +{
3133 + struct fsg_buffhd *bh;
3134 + int rc = 0;
3135 +
3136 + if (transport_is_bbb()) {
3137 +
3138 + /* Wait for the next buffer to become available */
3139 + bh = fsg->next_buffhd_to_fill;
3140 + while (bh->state != BUF_STATE_EMPTY) {
3141 + rc = sleep_thread(fsg);
3142 + if (rc)
3143 + return rc;
3144 + }
3145 +
3146 + /* Queue a request to read a Bulk-only CBW */
3147 + set_bulk_out_req_length(fsg, bh, US_BULK_CB_WRAP_LEN);
3148 + start_transfer(fsg, fsg->bulk_out, bh->outreq,
3149 + &bh->outreq_busy, &bh->state);
3150 +
3151 + /* We will drain the buffer in software, which means we
3152 + * can reuse it for the next filling. No need to advance
3153 + * next_buffhd_to_fill. */
3154 +
3155 + /* Wait for the CBW to arrive */
3156 + while (bh->state != BUF_STATE_FULL) {
3157 + rc = sleep_thread(fsg);
3158 + if (rc)
3159 + return rc;
3160 + }
3161 + smp_rmb();
3162 + rc = received_cbw(fsg, bh);
3163 + bh->state = BUF_STATE_EMPTY;
3164 +
3165 + } else { // USB_PR_CB or USB_PR_CBI
3166 +
3167 + /* Wait for the next command to arrive */
3168 + while (fsg->cbbuf_cmnd_size == 0) {
3169 + rc = sleep_thread(fsg);
3170 + if (rc)
3171 + return rc;
3172 + }
3173 +
3174 + /* Is the previous status interrupt request still busy?
3175 + * The host is allowed to skip reading the status,
3176 + * so we must cancel it. */
3177 + if (fsg->intreq_busy)
3178 + usb_ep_dequeue(fsg->intr_in, fsg->intreq);
3179 +
3180 + /* Copy the command and mark the buffer empty */
3181 + fsg->data_dir = DATA_DIR_UNKNOWN;
3182 + spin_lock_irq(&fsg->lock);
3183 + fsg->cmnd_size = fsg->cbbuf_cmnd_size;
3184 + memcpy(fsg->cmnd, fsg->cbbuf_cmnd, fsg->cmnd_size);
3185 + fsg->cbbuf_cmnd_size = 0;
3186 + spin_unlock_irq(&fsg->lock);
3187 +
3188 + /* Use LUN from the command */
3189 + fsg->lun = fsg->cmnd[1] >> 5;
3190 + }
3191 +
3192 + /* Update current lun */
3193 + if (fsg->lun >= 0 && fsg->lun < fsg->nluns)
3194 + fsg->curlun = &fsg->luns[fsg->lun];
3195 + else
3196 + fsg->curlun = NULL;
3197 +
3198 + return rc;
3199 +}
3200 +
3201 +
3202 +/*-------------------------------------------------------------------------*/
3203 +
3204 +static int enable_endpoint(struct fsg_dev *fsg, struct usb_ep *ep,
3205 + const struct usb_endpoint_descriptor *d)
3206 +{
3207 + int rc;
3208 +
3209 + ep->driver_data = fsg;
3210 + ep->desc = d;
3211 + rc = usb_ep_enable(ep);
3212 + if (rc)
3213 + ERROR(fsg, "can't enable %s, result %d\n", ep->name, rc);
3214 + return rc;
3215 +}
3216 +
3217 +static int alloc_request(struct fsg_dev *fsg, struct usb_ep *ep,
3218 + struct usb_request **preq)
3219 +{
3220 + *preq = usb_ep_alloc_request(ep, GFP_ATOMIC);
3221 + if (*preq)
3222 + return 0;
3223 + ERROR(fsg, "can't allocate request for %s\n", ep->name);
3224 + return -ENOMEM;
3225 +}
3226 +
3227 +/*
3228 + * Reset interface setting and re-init endpoint state (toggle etc).
3229 + * Call with altsetting < 0 to disable the interface. The only other
3230 + * available altsetting is 0, which enables the interface.
3231 + */
3232 +static int do_set_interface(struct fsg_dev *fsg, int altsetting)
3233 +{
3234 + int rc = 0;
3235 + int i;
3236 + const struct usb_endpoint_descriptor *d;
3237 +
3238 + if (fsg->running)
3239 + DBG(fsg, "reset interface\n");
3240 +
3241 +reset:
3242 + /* Deallocate the requests */
3243 + for (i = 0; i < fsg_num_buffers; ++i) {
3244 + struct fsg_buffhd *bh = &fsg->buffhds[i];
3245 +
3246 + if (bh->inreq) {
3247 + usb_ep_free_request(fsg->bulk_in, bh->inreq);
3248 + bh->inreq = NULL;
3249 + }
3250 + if (bh->outreq) {
3251 + usb_ep_free_request(fsg->bulk_out, bh->outreq);
3252 + bh->outreq = NULL;
3253 + }
3254 + }
3255 + if (fsg->intreq) {
3256 + usb_ep_free_request(fsg->intr_in, fsg->intreq);
3257 + fsg->intreq = NULL;
3258 + }
3259 +
3260 + /* Disable the endpoints */
3261 + if (fsg->bulk_in_enabled) {
3262 + usb_ep_disable(fsg->bulk_in);
3263 + fsg->bulk_in_enabled = 0;
3264 + }
3265 + if (fsg->bulk_out_enabled) {
3266 + usb_ep_disable(fsg->bulk_out);
3267 + fsg->bulk_out_enabled = 0;
3268 + }
3269 + if (fsg->intr_in_enabled) {
3270 + usb_ep_disable(fsg->intr_in);
3271 + fsg->intr_in_enabled = 0;
3272 + }
3273 +
3274 + fsg->running = 0;
3275 + if (altsetting < 0 || rc != 0)
3276 + return rc;
3277 +
3278 + DBG(fsg, "set interface %d\n", altsetting);
3279 +
3280 + /* Enable the endpoints */
3281 + d = fsg_ep_desc(fsg->gadget,
3282 + &fsg_fs_bulk_in_desc, &fsg_hs_bulk_in_desc,
3283 + &fsg_ss_bulk_in_desc);
3284 + if ((rc = enable_endpoint(fsg, fsg->bulk_in, d)) != 0)
3285 + goto reset;
3286 + fsg->bulk_in_enabled = 1;
3287 +
3288 + d = fsg_ep_desc(fsg->gadget,
3289 + &fsg_fs_bulk_out_desc, &fsg_hs_bulk_out_desc,
3290 + &fsg_ss_bulk_out_desc);
3291 + if ((rc = enable_endpoint(fsg, fsg->bulk_out, d)) != 0)
3292 + goto reset;
3293 + fsg->bulk_out_enabled = 1;
3294 + fsg->bulk_out_maxpacket = usb_endpoint_maxp(d);
3295 + clear_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags);
3296 +
3297 + if (transport_is_cbi()) {
3298 + d = fsg_ep_desc(fsg->gadget,
3299 + &fsg_fs_intr_in_desc, &fsg_hs_intr_in_desc,
3300 + &fsg_ss_intr_in_desc);
3301 + if ((rc = enable_endpoint(fsg, fsg->intr_in, d)) != 0)
3302 + goto reset;
3303 + fsg->intr_in_enabled = 1;
3304 + }
3305 +
3306 + /* Allocate the requests */
3307 + for (i = 0; i < fsg_num_buffers; ++i) {
3308 + struct fsg_buffhd *bh = &fsg->buffhds[i];
3309 +
3310 + if ((rc = alloc_request(fsg, fsg->bulk_in, &bh->inreq)) != 0)
3311 + goto reset;
3312 + if ((rc = alloc_request(fsg, fsg->bulk_out, &bh->outreq)) != 0)
3313 + goto reset;
3314 + bh->inreq->buf = bh->outreq->buf = bh->buf;
3315 + bh->inreq->context = bh->outreq->context = bh;
3316 + bh->inreq->complete = bulk_in_complete;
3317 + bh->outreq->complete = bulk_out_complete;
3318 + }
3319 + if (transport_is_cbi()) {
3320 + if ((rc = alloc_request(fsg, fsg->intr_in, &fsg->intreq)) != 0)
3321 + goto reset;
3322 + fsg->intreq->complete = intr_in_complete;
3323 + }
3324 +
3325 + fsg->running = 1;
3326 + for (i = 0; i < fsg->nluns; ++i)
3327 + fsg->luns[i].unit_attention_data = SS_RESET_OCCURRED;
3328 + return rc;
3329 +}
3330 +
3331 +
3332 +/*