brcm2708: update to v3.18
[openwrt/svn-archive/archive.git] / target / linux / brcm2708 / patches-3.18 / 0004-Add-dwc_otg-driver.patch
1 From 9964a43723df02a84b7f132695193cd452d45b58 Mon Sep 17 00:00:00 2001
2 From: popcornmix <popcornmix@gmail.com>
3 Date: Wed, 1 May 2013 19:46:17 +0100
4 Subject: [PATCH 004/114] Add dwc_otg driver
5
6 Signed-off-by: popcornmix <popcornmix@gmail.com>
7
8 usb: dwc: fix lockdep false positive
9
10 Signed-off-by: Kari Suvanto <karis79@gmail.com>
11
12 usb: dwc: fix inconsistent lock state
13
14 Signed-off-by: Kari Suvanto <karis79@gmail.com>
15 ---
16 drivers/usb/Makefile | 1 +
17 drivers/usb/core/generic.c | 1 +
18 drivers/usb/core/message.c | 79 +
19 drivers/usb/core/otg_whitelist.h | 114 +-
20 drivers/usb/gadget/file_storage.c | 3676 ++++++++++
21 drivers/usb/host/Kconfig | 13 +
22 drivers/usb/host/Makefile | 2 +
23 drivers/usb/host/dwc_common_port/Makefile | 58 +
24 drivers/usb/host/dwc_common_port/Makefile.fbsd | 17 +
25 drivers/usb/host/dwc_common_port/Makefile.linux | 49 +
26 drivers/usb/host/dwc_common_port/changes.txt | 174 +
27 drivers/usb/host/dwc_common_port/doc/doxygen.cfg | 270 +
28 drivers/usb/host/dwc_common_port/dwc_cc.c | 532 ++
29 drivers/usb/host/dwc_common_port/dwc_cc.h | 224 +
30 drivers/usb/host/dwc_common_port/dwc_common_fbsd.c | 1308 ++++
31 .../usb/host/dwc_common_port/dwc_common_linux.c | 1429 ++++
32 drivers/usb/host/dwc_common_port/dwc_common_nbsd.c | 1275 ++++
33 drivers/usb/host/dwc_common_port/dwc_crypto.c | 308 +
34 drivers/usb/host/dwc_common_port/dwc_crypto.h | 111 +
35 drivers/usb/host/dwc_common_port/dwc_dh.c | 291 +
36 drivers/usb/host/dwc_common_port/dwc_dh.h | 106 +
37 drivers/usb/host/dwc_common_port/dwc_list.h | 594 ++
38 drivers/usb/host/dwc_common_port/dwc_mem.c | 245 +
39 drivers/usb/host/dwc_common_port/dwc_modpow.c | 636 ++
40 drivers/usb/host/dwc_common_port/dwc_modpow.h | 34 +
41 drivers/usb/host/dwc_common_port/dwc_notifier.c | 319 +
42 drivers/usb/host/dwc_common_port/dwc_notifier.h | 122 +
43 drivers/usb/host/dwc_common_port/dwc_os.h | 1274 ++++
44 drivers/usb/host/dwc_common_port/usb.h | 946 +++
45 drivers/usb/host/dwc_otg/Makefile | 80 +
46 drivers/usb/host/dwc_otg/doc/doxygen.cfg | 224 +
47 drivers/usb/host/dwc_otg/dummy_audio.c | 1575 +++++
48 drivers/usb/host/dwc_otg/dwc_cfi_common.h | 142 +
49 drivers/usb/host/dwc_otg/dwc_otg_adp.c | 854 +++
50 drivers/usb/host/dwc_otg/dwc_otg_adp.h | 80 +
51 drivers/usb/host/dwc_otg/dwc_otg_attr.c | 1210 ++++
52 drivers/usb/host/dwc_otg/dwc_otg_attr.h | 89 +
53 drivers/usb/host/dwc_otg/dwc_otg_cfi.c | 1876 +++++
54 drivers/usb/host/dwc_otg/dwc_otg_cfi.h | 320 +
55 drivers/usb/host/dwc_otg/dwc_otg_cil.c | 7151 ++++++++++++++++++++
56 drivers/usb/host/dwc_otg/dwc_otg_cil.h | 1464 ++++
57 drivers/usb/host/dwc_otg/dwc_otg_cil_intr.c | 1563 +++++
58 drivers/usb/host/dwc_otg/dwc_otg_core_if.h | 705 ++
59 drivers/usb/host/dwc_otg/dwc_otg_dbg.h | 116 +
60 drivers/usb/host/dwc_otg/dwc_otg_driver.c | 1700 +++++
61 drivers/usb/host/dwc_otg/dwc_otg_driver.h | 86 +
62 drivers/usb/host/dwc_otg/dwc_otg_hcd.c | 3479 ++++++++++
63 drivers/usb/host/dwc_otg/dwc_otg_hcd.h | 824 +++
64 drivers/usb/host/dwc_otg/dwc_otg_hcd_ddma.c | 1133 ++++
65 drivers/usb/host/dwc_otg/dwc_otg_hcd_if.h | 412 ++
66 drivers/usb/host/dwc_otg/dwc_otg_hcd_intr.c | 2106 ++++++
67 drivers/usb/host/dwc_otg/dwc_otg_hcd_linux.c | 893 +++
68 drivers/usb/host/dwc_otg/dwc_otg_hcd_queue.c | 923 +++
69 drivers/usb/host/dwc_otg/dwc_otg_os_dep.h | 185 +
70 drivers/usb/host/dwc_otg/dwc_otg_pcd.c | 2712 ++++++++
71 drivers/usb/host/dwc_otg/dwc_otg_pcd.h | 266 +
72 drivers/usb/host/dwc_otg/dwc_otg_pcd_if.h | 360 +
73 drivers/usb/host/dwc_otg/dwc_otg_pcd_intr.c | 5147 ++++++++++++++
74 drivers/usb/host/dwc_otg/dwc_otg_pcd_linux.c | 1358 ++++
75 drivers/usb/host/dwc_otg/dwc_otg_regs.h | 2550 +++++++
76 drivers/usb/host/dwc_otg/test/Makefile | 16 +
77 drivers/usb/host/dwc_otg/test/dwc_otg_test.pm | 337 +
78 drivers/usb/host/dwc_otg/test/test_mod_param.pl | 133 +
79 drivers/usb/host/dwc_otg/test/test_sysfs.pl | 193 +
80 64 files changed, 56458 insertions(+), 12 deletions(-)
81 create mode 100644 drivers/usb/gadget/file_storage.c
82 create mode 100644 drivers/usb/host/dwc_common_port/Makefile
83 create mode 100644 drivers/usb/host/dwc_common_port/Makefile.fbsd
84 create mode 100644 drivers/usb/host/dwc_common_port/Makefile.linux
85 create mode 100644 drivers/usb/host/dwc_common_port/changes.txt
86 create mode 100644 drivers/usb/host/dwc_common_port/doc/doxygen.cfg
87 create mode 100644 drivers/usb/host/dwc_common_port/dwc_cc.c
88 create mode 100644 drivers/usb/host/dwc_common_port/dwc_cc.h
89 create mode 100644 drivers/usb/host/dwc_common_port/dwc_common_fbsd.c
90 create mode 100644 drivers/usb/host/dwc_common_port/dwc_common_linux.c
91 create mode 100644 drivers/usb/host/dwc_common_port/dwc_common_nbsd.c
92 create mode 100644 drivers/usb/host/dwc_common_port/dwc_crypto.c
93 create mode 100644 drivers/usb/host/dwc_common_port/dwc_crypto.h
94 create mode 100644 drivers/usb/host/dwc_common_port/dwc_dh.c
95 create mode 100644 drivers/usb/host/dwc_common_port/dwc_dh.h
96 create mode 100644 drivers/usb/host/dwc_common_port/dwc_list.h
97 create mode 100644 drivers/usb/host/dwc_common_port/dwc_mem.c
98 create mode 100644 drivers/usb/host/dwc_common_port/dwc_modpow.c
99 create mode 100644 drivers/usb/host/dwc_common_port/dwc_modpow.h
100 create mode 100644 drivers/usb/host/dwc_common_port/dwc_notifier.c
101 create mode 100644 drivers/usb/host/dwc_common_port/dwc_notifier.h
102 create mode 100644 drivers/usb/host/dwc_common_port/dwc_os.h
103 create mode 100644 drivers/usb/host/dwc_common_port/usb.h
104 create mode 100644 drivers/usb/host/dwc_otg/Makefile
105 create mode 100644 drivers/usb/host/dwc_otg/doc/doxygen.cfg
106 create mode 100644 drivers/usb/host/dwc_otg/dummy_audio.c
107 create mode 100644 drivers/usb/host/dwc_otg/dwc_cfi_common.h
108 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_adp.c
109 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_adp.h
110 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_attr.c
111 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_attr.h
112 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_cfi.c
113 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_cfi.h
114 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_cil.c
115 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_cil.h
116 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_cil_intr.c
117 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_core_if.h
118 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_dbg.h
119 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_driver.c
120 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_driver.h
121 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_hcd.c
122 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_hcd.h
123 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_hcd_ddma.c
124 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_hcd_if.h
125 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_hcd_intr.c
126 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_hcd_linux.c
127 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_hcd_queue.c
128 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_os_dep.h
129 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_pcd.c
130 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_pcd.h
131 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_pcd_if.h
132 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_pcd_intr.c
133 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_pcd_linux.c
134 create mode 100644 drivers/usb/host/dwc_otg/dwc_otg_regs.h
135 create mode 100644 drivers/usb/host/dwc_otg/test/Makefile
136 create mode 100644 drivers/usb/host/dwc_otg/test/dwc_otg_test.pm
137 create mode 100644 drivers/usb/host/dwc_otg/test/test_mod_param.pl
138 create mode 100644 drivers/usb/host/dwc_otg/test/test_sysfs.pl
139
140 diff --git a/drivers/usb/Makefile b/drivers/usb/Makefile
141 index d7be717..f48b630 100644
142 --- a/drivers/usb/Makefile
143 +++ b/drivers/usb/Makefile
144 @@ -24,6 +24,7 @@ obj-$(CONFIG_USB_U132_HCD) += host/
145 obj-$(CONFIG_USB_R8A66597_HCD) += host/
146 obj-$(CONFIG_USB_HWA_HCD) += host/
147 obj-$(CONFIG_USB_ISP1760_HCD) += host/
148 +obj-$(CONFIG_USB_DWCOTG) += host/
149 obj-$(CONFIG_USB_IMX21_HCD) += host/
150 obj-$(CONFIG_USB_FSL_MPH_DR_OF) += host/
151 obj-$(CONFIG_USB_FUSBH200_HCD) += host/
152 diff --git a/drivers/usb/core/generic.c b/drivers/usb/core/generic.c
153 index 358ca8d..abaac7c 100644
154 --- a/drivers/usb/core/generic.c
155 +++ b/drivers/usb/core/generic.c
156 @@ -152,6 +152,7 @@ int usb_choose_configuration(struct usb_device *udev)
157 dev_warn(&udev->dev,
158 "no configuration chosen from %d choice%s\n",
159 num_configs, plural(num_configs));
160 + dev_warn(&udev->dev, "No support over %dmA\n", udev->bus_mA);
161 }
162 return i;
163 }
164 diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
165 index f7b7713..5423d18 100644
166 --- a/drivers/usb/core/message.c
167 +++ b/drivers/usb/core/message.c
168 @@ -1889,6 +1889,85 @@ free_interfaces:
169 if (cp->string == NULL &&
170 !(dev->quirks & USB_QUIRK_CONFIG_INTF_STRINGS))
171 cp->string = usb_cache_string(dev, cp->desc.iConfiguration);
172 +/* Uncomment this define to enable the HS Electrical Test support */
173 +#define DWC_HS_ELECT_TST 1
174 +#ifdef DWC_HS_ELECT_TST
175 + /* Here we implement the HS Electrical Test support. The
176 + * tester uses a vendor ID of 0x1A0A to indicate we should
177 + * run a special test sequence. The product ID tells us
178 + * which sequence to run. We invoke the test sequence by
179 + * sending a non-standard SetFeature command to our root
180 + * hub port. Our dwc_otg_hcd_hub_control() routine will
181 + * recognize the command and perform the desired test
182 + * sequence.
183 + */
184 + if (dev->descriptor.idVendor == 0x1A0A) {
185 + /* HSOTG Electrical Test */
186 + dev_warn(&dev->dev, "VID from HSOTG Electrical Test Fixture\n");
187 +
188 + if (dev->bus && dev->bus->root_hub) {
189 + struct usb_device *hdev = dev->bus->root_hub;
190 + dev_warn(&dev->dev, "Got PID 0x%x\n", dev->descriptor.idProduct);
191 +
192 + switch (dev->descriptor.idProduct) {
193 + case 0x0101: /* TEST_SE0_NAK */
194 + dev_warn(&dev->dev, "TEST_SE0_NAK\n");
195 + usb_control_msg(hdev, usb_sndctrlpipe(hdev, 0),
196 + USB_REQ_SET_FEATURE, USB_RT_PORT,
197 + USB_PORT_FEAT_TEST, 0x300, NULL, 0, HZ);
198 + break;
199 +
200 + case 0x0102: /* TEST_J */
201 + dev_warn(&dev->dev, "TEST_J\n");
202 + usb_control_msg(hdev, usb_sndctrlpipe(hdev, 0),
203 + USB_REQ_SET_FEATURE, USB_RT_PORT,
204 + USB_PORT_FEAT_TEST, 0x100, NULL, 0, HZ);
205 + break;
206 +
207 + case 0x0103: /* TEST_K */
208 + dev_warn(&dev->dev, "TEST_K\n");
209 + usb_control_msg(hdev, usb_sndctrlpipe(hdev, 0),
210 + USB_REQ_SET_FEATURE, USB_RT_PORT,
211 + USB_PORT_FEAT_TEST, 0x200, NULL, 0, HZ);
212 + break;
213 +
214 + case 0x0104: /* TEST_PACKET */
215 + dev_warn(&dev->dev, "TEST_PACKET\n");
216 + usb_control_msg(hdev, usb_sndctrlpipe(hdev, 0),
217 + USB_REQ_SET_FEATURE, USB_RT_PORT,
218 + USB_PORT_FEAT_TEST, 0x400, NULL, 0, HZ);
219 + break;
220 +
221 + case 0x0105: /* TEST_FORCE_ENABLE */
222 + dev_warn(&dev->dev, "TEST_FORCE_ENABLE\n");
223 + usb_control_msg(hdev, usb_sndctrlpipe(hdev, 0),
224 + USB_REQ_SET_FEATURE, USB_RT_PORT,
225 + USB_PORT_FEAT_TEST, 0x500, NULL, 0, HZ);
226 + break;
227 +
228 + case 0x0106: /* HS_HOST_PORT_SUSPEND_RESUME */
229 + dev_warn(&dev->dev, "HS_HOST_PORT_SUSPEND_RESUME\n");
230 + usb_control_msg(hdev, usb_sndctrlpipe(hdev, 0),
231 + USB_REQ_SET_FEATURE, USB_RT_PORT,
232 + USB_PORT_FEAT_TEST, 0x600, NULL, 0, 40 * HZ);
233 + break;
234 +
235 + case 0x0107: /* SINGLE_STEP_GET_DEVICE_DESCRIPTOR setup */
236 + dev_warn(&dev->dev, "SINGLE_STEP_GET_DEVICE_DESCRIPTOR setup\n");
237 + usb_control_msg(hdev, usb_sndctrlpipe(hdev, 0),
238 + USB_REQ_SET_FEATURE, USB_RT_PORT,
239 + USB_PORT_FEAT_TEST, 0x700, NULL, 0, 40 * HZ);
240 + break;
241 +
242 + case 0x0108: /* SINGLE_STEP_GET_DEVICE_DESCRIPTOR execute */
243 + dev_warn(&dev->dev, "SINGLE_STEP_GET_DEVICE_DESCRIPTOR execute\n");
244 + usb_control_msg(hdev, usb_sndctrlpipe(hdev, 0),
245 + USB_REQ_SET_FEATURE, USB_RT_PORT,
246 + USB_PORT_FEAT_TEST, 0x800, NULL, 0, 40 * HZ);
247 + }
248 + }
249 + }
250 +#endif /* DWC_HS_ELECT_TST */
251
252 /* Now that the interfaces are installed, re-enable LPM. */
253 usb_unlocked_enable_lpm(dev);
254 diff --git a/drivers/usb/core/otg_whitelist.h b/drivers/usb/core/otg_whitelist.h
255 index a6315ab..165dd53 100644
256 --- a/drivers/usb/core/otg_whitelist.h
257 +++ b/drivers/usb/core/otg_whitelist.h
258 @@ -19,33 +19,82 @@
259 static struct usb_device_id whitelist_table [] = {
260
261 /* hubs are optional in OTG, but very handy ... */
262 +#define CERT_WITHOUT_HUBS
263 +#if defined(CERT_WITHOUT_HUBS)
264 +{ USB_DEVICE( 0x0000, 0x0000 ), }, /* Root HUB Only*/
265 +#else
266 { USB_DEVICE_INFO(USB_CLASS_HUB, 0, 0), },
267 { USB_DEVICE_INFO(USB_CLASS_HUB, 0, 1), },
268 +{ USB_DEVICE_INFO(USB_CLASS_HUB, 0, 2), },
269 +#endif
270
271 #ifdef CONFIG_USB_PRINTER /* ignoring nonstatic linkage! */
272 /* FIXME actually, printers are NOT supposed to use device classes;
273 * they're supposed to use interface classes...
274 */
275 -{ USB_DEVICE_INFO(7, 1, 1) },
276 -{ USB_DEVICE_INFO(7, 1, 2) },
277 -{ USB_DEVICE_INFO(7, 1, 3) },
278 +//{ USB_DEVICE_INFO(7, 1, 1) },
279 +//{ USB_DEVICE_INFO(7, 1, 2) },
280 +//{ USB_DEVICE_INFO(7, 1, 3) },
281 #endif
282
283 #ifdef CONFIG_USB_NET_CDCETHER
284 /* Linux-USB CDC Ethernet gadget */
285 -{ USB_DEVICE(0x0525, 0xa4a1), },
286 +//{ USB_DEVICE(0x0525, 0xa4a1), },
287 /* Linux-USB CDC Ethernet + RNDIS gadget */
288 -{ USB_DEVICE(0x0525, 0xa4a2), },
289 +//{ USB_DEVICE(0x0525, 0xa4a2), },
290 #endif
291
292 #if defined(CONFIG_USB_TEST) || defined(CONFIG_USB_TEST_MODULE)
293 /* gadget zero, for testing */
294 -{ USB_DEVICE(0x0525, 0xa4a0), },
295 +//{ USB_DEVICE(0x0525, 0xa4a0), },
296 #endif
297
298 +/* OPT Tester */
299 +{ USB_DEVICE( 0x1a0a, 0x0101 ), }, /* TEST_SE0_NAK */
300 +{ USB_DEVICE( 0x1a0a, 0x0102 ), }, /* Test_J */
301 +{ USB_DEVICE( 0x1a0a, 0x0103 ), }, /* Test_K */
302 +{ USB_DEVICE( 0x1a0a, 0x0104 ), }, /* Test_PACKET */
303 +{ USB_DEVICE( 0x1a0a, 0x0105 ), }, /* Test_FORCE_ENABLE */
304 +{ USB_DEVICE( 0x1a0a, 0x0106 ), }, /* HS_PORT_SUSPEND_RESUME */
305 +{ USB_DEVICE( 0x1a0a, 0x0107 ), }, /* SINGLE_STEP_GET_DESCRIPTOR setup */
306 +{ USB_DEVICE( 0x1a0a, 0x0108 ), }, /* SINGLE_STEP_GET_DESCRIPTOR execute */
307 +
308 +/* Sony cameras */
309 +{ USB_DEVICE_VER(0x054c,0x0010,0x0410, 0x0500), },
310 +
311 +/* Memory Devices */
312 +//{ USB_DEVICE( 0x0781, 0x5150 ), }, /* SanDisk */
313 +//{ USB_DEVICE( 0x05DC, 0x0080 ), }, /* Lexar */
314 +//{ USB_DEVICE( 0x4146, 0x9281 ), }, /* IOMEGA */
315 +//{ USB_DEVICE( 0x067b, 0x2507 ), }, /* Hammer 20GB External HD */
316 +{ USB_DEVICE( 0x0EA0, 0x2168 ), }, /* Ours Technology Inc. (BUFFALO ClipDrive)*/
317 +//{ USB_DEVICE( 0x0457, 0x0150 ), }, /* Silicon Integrated Systems Corp. */
318 +
319 +/* HP Printers */
320 +//{ USB_DEVICE( 0x03F0, 0x1102 ), }, /* HP Photosmart 245 */
321 +//{ USB_DEVICE( 0x03F0, 0x1302 ), }, /* HP Photosmart 370 Series */
322 +
323 +/* Speakers */
324 +//{ USB_DEVICE( 0x0499, 0x3002 ), }, /* YAMAHA YST-MS35D USB Speakers */
325 +//{ USB_DEVICE( 0x0672, 0x1041 ), }, /* Labtec USB Headset */
326 +
327 { } /* Terminating entry */
328 };
329
330 +static inline void report_errors(struct usb_device *dev)
331 +{
332 + /* OTG MESSAGE: report errors here, customize to match your product */
333 + dev_info(&dev->dev, "device Vendor:%04x Product:%04x is not supported\n",
334 + le16_to_cpu(dev->descriptor.idVendor),
335 + le16_to_cpu(dev->descriptor.idProduct));
336 + if (USB_CLASS_HUB == dev->descriptor.bDeviceClass){
337 + dev_printk(KERN_CRIT, &dev->dev, "Unsupported Hub Topology\n");
338 + } else {
339 + dev_printk(KERN_CRIT, &dev->dev, "Attached Device is not Supported\n");
340 + }
341 +}
342 +
343 +
344 static int is_targeted(struct usb_device *dev)
345 {
346 struct usb_device_id *id = whitelist_table;
347 @@ -95,16 +144,57 @@ static int is_targeted(struct usb_device *dev)
348 continue;
349
350 return 1;
351 - }
352 + /* NOTE: can't use usb_match_id() since interface caches
353 + * aren't set up yet. this is cut/paste from that code.
354 + */
355 + for (id = whitelist_table; id->match_flags; id++) {
356 +#ifdef DEBUG
357 + dev_dbg(&dev->dev,
358 + "ID: V:%04x P:%04x DC:%04x SC:%04x PR:%04x \n",
359 + id->idVendor,
360 + id->idProduct,
361 + id->bDeviceClass,
362 + id->bDeviceSubClass,
363 + id->bDeviceProtocol);
364 +#endif
365
366 - /* add other match criteria here ... */
367 + if ((id->match_flags & USB_DEVICE_ID_MATCH_VENDOR) &&
368 + id->idVendor != le16_to_cpu(dev->descriptor.idVendor))
369 + continue;
370
371 + if ((id->match_flags & USB_DEVICE_ID_MATCH_PRODUCT) &&
372 + id->idProduct != le16_to_cpu(dev->descriptor.idProduct))
373 + continue;
374
375 - /* OTG MESSAGE: report errors here, customize to match your product */
376 - dev_err(&dev->dev, "device v%04x p%04x is not supported\n",
377 - le16_to_cpu(dev->descriptor.idVendor),
378 - le16_to_cpu(dev->descriptor.idProduct));
379 + /* No need to test id->bcdDevice_lo != 0, since 0 is never
380 + greater than any unsigned number. */
381 + if ((id->match_flags & USB_DEVICE_ID_MATCH_DEV_LO) &&
382 + (id->bcdDevice_lo > le16_to_cpu(dev->descriptor.bcdDevice)))
383 + continue;
384 +
385 + if ((id->match_flags & USB_DEVICE_ID_MATCH_DEV_HI) &&
386 + (id->bcdDevice_hi < le16_to_cpu(dev->descriptor.bcdDevice)))
387 + continue;
388 +
389 + if ((id->match_flags & USB_DEVICE_ID_MATCH_DEV_CLASS) &&
390 + (id->bDeviceClass != dev->descriptor.bDeviceClass))
391 + continue;
392 +
393 + if ((id->match_flags & USB_DEVICE_ID_MATCH_DEV_SUBCLASS) &&
394 + (id->bDeviceSubClass != dev->descriptor.bDeviceSubClass))
395 + continue;
396 +
397 + if ((id->match_flags & USB_DEVICE_ID_MATCH_DEV_PROTOCOL) &&
398 + (id->bDeviceProtocol != dev->descriptor.bDeviceProtocol))
399 + continue;
400 +
401 + return 1;
402 + }
403 + }
404 +
405 + /* add other match criteria here ... */
406
407 + report_errors(dev);
408 return 0;
409 }
410
411 diff --git a/drivers/usb/gadget/file_storage.c b/drivers/usb/gadget/file_storage.c
412 new file mode 100644
413 index 0000000..a896d73
414 --- /dev/null
415 +++ b/drivers/usb/gadget/file_storage.c
416 @@ -0,0 +1,3676 @@
417 +/*
418 + * file_storage.c -- File-backed USB Storage Gadget, for USB development
419 + *
420 + * Copyright (C) 2003-2008 Alan Stern
421 + * All rights reserved.
422 + *
423 + * Redistribution and use in source and binary forms, with or without
424 + * modification, are permitted provided that the following conditions
425 + * are met:
426 + * 1. Redistributions of source code must retain the above copyright
427 + * notice, this list of conditions, and the following disclaimer,
428 + * without modification.
429 + * 2. Redistributions in binary form must reproduce the above copyright
430 + * notice, this list of conditions and the following disclaimer in the
431 + * documentation and/or other materials provided with the distribution.
432 + * 3. The names of the above-listed copyright holders may not be used
433 + * to endorse or promote products derived from this software without
434 + * specific prior written permission.
435 + *
436 + * ALTERNATIVELY, this software may be distributed under the terms of the
437 + * GNU General Public License ("GPL") as published by the Free Software
438 + * Foundation, either version 2 of that License or (at your option) any
439 + * later version.
440 + *
441 + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
442 + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
443 + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
444 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
445 + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
446 + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
447 + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
448 + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
449 + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
450 + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
451 + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
452 + */
453 +
454 +
455 +/*
456 + * The File-backed Storage Gadget acts as a USB Mass Storage device,
457 + * appearing to the host as a disk drive or as a CD-ROM drive. In addition
458 + * to providing an example of a genuinely useful gadget driver for a USB
459 + * device, it also illustrates a technique of double-buffering for increased
460 + * throughput. Last but not least, it gives an easy way to probe the
461 + * behavior of the Mass Storage drivers in a USB host.
462 + *
463 + * Backing storage is provided by a regular file or a block device, specified
464 + * by the "file" module parameter. Access can be limited to read-only by
465 + * setting the optional "ro" module parameter. (For CD-ROM emulation,
466 + * access is always read-only.) The gadget will indicate that it has
467 + * removable media if the optional "removable" module parameter is set.
468 + *
469 + * The gadget supports the Control-Bulk (CB), Control-Bulk-Interrupt (CBI),
470 + * and Bulk-Only (also known as Bulk-Bulk-Bulk or BBB) transports, selected
471 + * by the optional "transport" module parameter. It also supports the
472 + * following protocols: RBC (0x01), ATAPI or SFF-8020i (0x02), QIC-157 (0c03),
473 + * UFI (0x04), SFF-8070i (0x05), and transparent SCSI (0x06), selected by
474 + * the optional "protocol" module parameter. In addition, the default
475 + * Vendor ID, Product ID, release number and serial number can be overridden.
476 + *
477 + * There is support for multiple logical units (LUNs), each of which has
478 + * its own backing file. The number of LUNs can be set using the optional
479 + * "luns" module parameter (anywhere from 1 to 8), and the corresponding
480 + * files are specified using comma-separated lists for "file" and "ro".
481 + * The default number of LUNs is taken from the number of "file" elements;
482 + * it is 1 if "file" is not given. If "removable" is not set then a backing
483 + * file must be specified for each LUN. If it is set, then an unspecified
484 + * or empty backing filename means the LUN's medium is not loaded. Ideally
485 + * each LUN would be settable independently as a disk drive or a CD-ROM
486 + * drive, but currently all LUNs have to be the same type. The CD-ROM
487 + * emulation includes a single data track and no audio tracks; hence there
488 + * need be only one backing file per LUN.
489 + *
490 + * Requirements are modest; only a bulk-in and a bulk-out endpoint are
491 + * needed (an interrupt-out endpoint is also needed for CBI). The memory
492 + * requirement amounts to two 16K buffers, size configurable by a parameter.
493 + * Support is included for both full-speed and high-speed operation.
494 + *
495 + * Note that the driver is slightly non-portable in that it assumes a
496 + * single memory/DMA buffer will be useable for bulk-in, bulk-out, and
497 + * interrupt-in endpoints. With most device controllers this isn't an
498 + * issue, but there may be some with hardware restrictions that prevent
499 + * a buffer from being used by more than one endpoint.
500 + *
501 + * Module options:
502 + *
503 + * file=filename[,filename...]
504 + * Required if "removable" is not set, names of
505 + * the files or block devices used for
506 + * backing storage
507 + * serial=HHHH... Required serial number (string of hex chars)
508 + * ro=b[,b...] Default false, booleans for read-only access
509 + * removable Default false, boolean for removable media
510 + * luns=N Default N = number of filenames, number of
511 + * LUNs to support
512 + * nofua=b[,b...] Default false, booleans for ignore FUA flag
513 + * in SCSI WRITE(10,12) commands
514 + * stall Default determined according to the type of
515 + * USB device controller (usually true),
516 + * boolean to permit the driver to halt
517 + * bulk endpoints
518 + * cdrom Default false, boolean for whether to emulate
519 + * a CD-ROM drive
520 + * transport=XXX Default BBB, transport name (CB, CBI, or BBB)
521 + * protocol=YYY Default SCSI, protocol name (RBC, 8020 or
522 + * ATAPI, QIC, UFI, 8070, or SCSI;
523 + * also 1 - 6)
524 + * vendor=0xVVVV Default 0x0525 (NetChip), USB Vendor ID
525 + * product=0xPPPP Default 0xa4a5 (FSG), USB Product ID
526 + * release=0xRRRR Override the USB release number (bcdDevice)
527 + * buflen=N Default N=16384, buffer size used (will be
528 + * rounded down to a multiple of
529 + * PAGE_CACHE_SIZE)
530 + *
531 + * If CONFIG_USB_FILE_STORAGE_TEST is not set, only the "file", "serial", "ro",
532 + * "removable", "luns", "nofua", "stall", and "cdrom" options are available;
533 + * default values are used for everything else.
534 + *
535 + * The pathnames of the backing files and the ro settings are available in
536 + * the attribute files "file", "nofua", and "ro" in the lun<n> subdirectory of
537 + * the gadget's sysfs directory. If the "removable" option is set, writing to
538 + * these files will simulate ejecting/loading the medium (writing an empty
539 + * line means eject) and adjusting a write-enable tab. Changes to the ro
540 + * setting are not allowed when the medium is loaded or if CD-ROM emulation
541 + * is being used.
542 + *
543 + * This gadget driver is heavily based on "Gadget Zero" by David Brownell.
544 + * The driver's SCSI command interface was based on the "Information
545 + * technology - Small Computer System Interface - 2" document from
546 + * X3T9.2 Project 375D, Revision 10L, 7-SEP-93, available at
547 + * <http://www.t10.org/ftp/t10/drafts/s2/s2-r10l.pdf>. The single exception
548 + * is opcode 0x23 (READ FORMAT CAPACITIES), which was based on the
549 + * "Universal Serial Bus Mass Storage Class UFI Command Specification"
550 + * document, Revision 1.0, December 14, 1998, available at
551 + * <http://www.usb.org/developers/devclass_docs/usbmass-ufi10.pdf>.
552 + */
553 +
554 +
555 +/*
556 + * Driver Design
557 + *
558 + * The FSG driver is fairly straightforward. There is a main kernel
559 + * thread that handles most of the work. Interrupt routines field
560 + * callbacks from the controller driver: bulk- and interrupt-request
561 + * completion notifications, endpoint-0 events, and disconnect events.
562 + * Completion events are passed to the main thread by wakeup calls. Many
563 + * ep0 requests are handled at interrupt time, but SetInterface,
564 + * SetConfiguration, and device reset requests are forwarded to the
565 + * thread in the form of "exceptions" using SIGUSR1 signals (since they
566 + * should interrupt any ongoing file I/O operations).
567 + *
568 + * The thread's main routine implements the standard command/data/status
569 + * parts of a SCSI interaction. It and its subroutines are full of tests
570 + * for pending signals/exceptions -- all this polling is necessary since
571 + * the kernel has no setjmp/longjmp equivalents. (Maybe this is an
572 + * indication that the driver really wants to be running in userspace.)
573 + * An important point is that so long as the thread is alive it keeps an
574 + * open reference to the backing file. This will prevent unmounting
575 + * the backing file's underlying filesystem and could cause problems
576 + * during system shutdown, for example. To prevent such problems, the
577 + * thread catches INT, TERM, and KILL signals and converts them into
578 + * an EXIT exception.
579 + *
580 + * In normal operation the main thread is started during the gadget's
581 + * fsg_bind() callback and stopped during fsg_unbind(). But it can also
582 + * exit when it receives a signal, and there's no point leaving the
583 + * gadget running when the thread is dead. So just before the thread
584 + * exits, it deregisters the gadget driver. This makes things a little
585 + * tricky: The driver is deregistered at two places, and the exiting
586 + * thread can indirectly call fsg_unbind() which in turn can tell the
587 + * thread to exit. The first problem is resolved through the use of the
588 + * REGISTERED atomic bitflag; the driver will only be deregistered once.
589 + * The second problem is resolved by having fsg_unbind() check
590 + * fsg->state; it won't try to stop the thread if the state is already
591 + * FSG_STATE_TERMINATED.
592 + *
593 + * To provide maximum throughput, the driver uses a circular pipeline of
594 + * buffer heads (struct fsg_buffhd). In principle the pipeline can be
595 + * arbitrarily long; in practice the benefits don't justify having more
596 + * than 2 stages (i.e., double buffering). But it helps to think of the
597 + * pipeline as being a long one. Each buffer head contains a bulk-in and
598 + * a bulk-out request pointer (since the buffer can be used for both
599 + * output and input -- directions always are given from the host's
600 + * point of view) as well as a pointer to the buffer and various state
601 + * variables.
602 + *
603 + * Use of the pipeline follows a simple protocol. There is a variable
604 + * (fsg->next_buffhd_to_fill) that points to the next buffer head to use.
605 + * At any time that buffer head may still be in use from an earlier
606 + * request, so each buffer head has a state variable indicating whether
607 + * it is EMPTY, FULL, or BUSY. Typical use involves waiting for the
608 + * buffer head to be EMPTY, filling the buffer either by file I/O or by
609 + * USB I/O (during which the buffer head is BUSY), and marking the buffer
610 + * head FULL when the I/O is complete. Then the buffer will be emptied
611 + * (again possibly by USB I/O, during which it is marked BUSY) and
612 + * finally marked EMPTY again (possibly by a completion routine).
613 + *
614 + * A module parameter tells the driver to avoid stalling the bulk
615 + * endpoints wherever the transport specification allows. This is
616 + * necessary for some UDCs like the SuperH, which cannot reliably clear a
617 + * halt on a bulk endpoint. However, under certain circumstances the
618 + * Bulk-only specification requires a stall. In such cases the driver
619 + * will halt the endpoint and set a flag indicating that it should clear
620 + * the halt in software during the next device reset. Hopefully this
621 + * will permit everything to work correctly. Furthermore, although the
622 + * specification allows the bulk-out endpoint to halt when the host sends
623 + * too much data, implementing this would cause an unavoidable race.
624 + * The driver will always use the "no-stall" approach for OUT transfers.
625 + *
626 + * One subtle point concerns sending status-stage responses for ep0
627 + * requests. Some of these requests, such as device reset, can involve
628 + * interrupting an ongoing file I/O operation, which might take an
629 + * arbitrarily long time. During that delay the host might give up on
630 + * the original ep0 request and issue a new one. When that happens the
631 + * driver should not notify the host about completion of the original
632 + * request, as the host will no longer be waiting for it. So the driver
633 + * assigns to each ep0 request a unique tag, and it keeps track of the
634 + * tag value of the request associated with a long-running exception
635 + * (device-reset, interface-change, or configuration-change). When the
636 + * exception handler is finished, the status-stage response is submitted
637 + * only if the current ep0 request tag is equal to the exception request
638 + * tag. Thus only the most recently received ep0 request will get a
639 + * status-stage response.
640 + *
641 + * Warning: This driver source file is too long. It ought to be split up
642 + * into a header file plus about 3 separate .c files, to handle the details
643 + * of the Gadget, USB Mass Storage, and SCSI protocols.
644 + */
645 +
646 +
647 +/* #define VERBOSE_DEBUG */
648 +/* #define DUMP_MSGS */
649 +
650 +
651 +#include <linux/blkdev.h>
652 +#include <linux/completion.h>
653 +#include <linux/dcache.h>
654 +#include <linux/delay.h>
655 +#include <linux/device.h>
656 +#include <linux/fcntl.h>
657 +#include <linux/file.h>
658 +#include <linux/fs.h>
659 +#include <linux/kref.h>
660 +#include <linux/kthread.h>
661 +#include <linux/limits.h>
662 +#include <linux/module.h>
663 +#include <linux/rwsem.h>
664 +#include <linux/slab.h>
665 +#include <linux/spinlock.h>
666 +#include <linux/string.h>
667 +#include <linux/freezer.h>
668 +#include <linux/utsname.h>
669 +
670 +#include <linux/usb/ch9.h>
671 +#include <linux/usb/gadget.h>
672 +
673 +#include "gadget_chips.h"
674 +
675 +
676 +
677 +/*
678 + * Kbuild is not very cooperative with respect to linking separately
679 + * compiled library objects into one module. So for now we won't use
680 + * separate compilation ... ensuring init/exit sections work to shrink
681 + * the runtime footprint, and giving us at least some parts of what
682 + * a "gcc --combine ... part1.c part2.c part3.c ... " build would.
683 + */
684 +#include "usbstring.c"
685 +#include "config.c"
686 +#include "epautoconf.c"
687 +
688 +/*-------------------------------------------------------------------------*/
689 +
690 +#define DRIVER_DESC "File-backed Storage Gadget"
691 +#define DRIVER_NAME "g_file_storage"
692 +#define DRIVER_VERSION "1 September 2010"
693 +
694 +static char fsg_string_manufacturer[64];
695 +static const char fsg_string_product[] = DRIVER_DESC;
696 +static const char fsg_string_config[] = "Self-powered";
697 +static const char fsg_string_interface[] = "Mass Storage";
698 +
699 +
700 +#include "storage_common.c"
701 +
702 +
703 +MODULE_DESCRIPTION(DRIVER_DESC);
704 +MODULE_AUTHOR("Alan Stern");
705 +MODULE_LICENSE("Dual BSD/GPL");
706 +
707 +/*
708 + * This driver assumes self-powered hardware and has no way for users to
709 + * trigger remote wakeup. It uses autoconfiguration to select endpoints
710 + * and endpoint addresses.
711 + */
712 +
713 +
714 +/*-------------------------------------------------------------------------*/
715 +
716 +
717 +/* Encapsulate the module parameter settings */
718 +
719 +static struct {
720 + char *file[FSG_MAX_LUNS];
721 + char *serial;
722 + bool ro[FSG_MAX_LUNS];
723 + bool nofua[FSG_MAX_LUNS];
724 + unsigned int num_filenames;
725 + unsigned int num_ros;
726 + unsigned int num_nofuas;
727 + unsigned int nluns;
728 +
729 + bool removable;
730 + bool can_stall;
731 + bool cdrom;
732 +
733 + char *transport_parm;
734 + char *protocol_parm;
735 + unsigned short vendor;
736 + unsigned short product;
737 + unsigned short release;
738 + unsigned int buflen;
739 +
740 + int transport_type;
741 + char *transport_name;
742 + int protocol_type;
743 + char *protocol_name;
744 +
745 +} mod_data = { // Default values
746 + .transport_parm = "BBB",
747 + .protocol_parm = "SCSI",
748 + .removable = 0,
749 + .can_stall = 1,
750 + .cdrom = 0,
751 + .vendor = FSG_VENDOR_ID,
752 + .product = FSG_PRODUCT_ID,
753 + .release = 0xffff, // Use controller chip type
754 + .buflen = 16384,
755 + };
756 +
757 +
758 +module_param_array_named(file, mod_data.file, charp, &mod_data.num_filenames,
759 + S_IRUGO);
760 +MODULE_PARM_DESC(file, "names of backing files or devices");
761 +
762 +module_param_named(serial, mod_data.serial, charp, S_IRUGO);
763 +MODULE_PARM_DESC(serial, "USB serial number");
764 +
765 +module_param_array_named(ro, mod_data.ro, bool, &mod_data.num_ros, S_IRUGO);
766 +MODULE_PARM_DESC(ro, "true to force read-only");
767 +
768 +module_param_array_named(nofua, mod_data.nofua, bool, &mod_data.num_nofuas,
769 + S_IRUGO);
770 +MODULE_PARM_DESC(nofua, "true to ignore SCSI WRITE(10,12) FUA bit");
771 +
772 +module_param_named(luns, mod_data.nluns, uint, S_IRUGO);
773 +MODULE_PARM_DESC(luns, "number of LUNs");
774 +
775 +module_param_named(removable, mod_data.removable, bool, S_IRUGO);
776 +MODULE_PARM_DESC(removable, "true to simulate removable media");
777 +
778 +module_param_named(stall, mod_data.can_stall, bool, S_IRUGO);
779 +MODULE_PARM_DESC(stall, "false to prevent bulk stalls");
780 +
781 +module_param_named(cdrom, mod_data.cdrom, bool, S_IRUGO);
782 +MODULE_PARM_DESC(cdrom, "true to emulate cdrom instead of disk");
783 +
784 +/* In the non-TEST version, only the module parameters listed above
785 + * are available. */
786 +#ifdef CONFIG_USB_FILE_STORAGE_TEST
787 +
788 +module_param_named(transport, mod_data.transport_parm, charp, S_IRUGO);
789 +MODULE_PARM_DESC(transport, "type of transport (BBB, CBI, or CB)");
790 +
791 +module_param_named(protocol, mod_data.protocol_parm, charp, S_IRUGO);
792 +MODULE_PARM_DESC(protocol, "type of protocol (RBC, 8020, QIC, UFI, "
793 + "8070, or SCSI)");
794 +
795 +module_param_named(vendor, mod_data.vendor, ushort, S_IRUGO);
796 +MODULE_PARM_DESC(vendor, "USB Vendor ID");
797 +
798 +module_param_named(product, mod_data.product, ushort, S_IRUGO);
799 +MODULE_PARM_DESC(product, "USB Product ID");
800 +
801 +module_param_named(release, mod_data.release, ushort, S_IRUGO);
802 +MODULE_PARM_DESC(release, "USB release number");
803 +
804 +module_param_named(buflen, mod_data.buflen, uint, S_IRUGO);
805 +MODULE_PARM_DESC(buflen, "I/O buffer size");
806 +
807 +#endif /* CONFIG_USB_FILE_STORAGE_TEST */
808 +
809 +
810 +/*
811 + * These definitions will permit the compiler to avoid generating code for
812 + * parts of the driver that aren't used in the non-TEST version. Even gcc
813 + * can recognize when a test of a constant expression yields a dead code
814 + * path.
815 + */
816 +
817 +#ifdef CONFIG_USB_FILE_STORAGE_TEST
818 +
819 +#define transport_is_bbb() (mod_data.transport_type == USB_PR_BULK)
820 +#define transport_is_cbi() (mod_data.transport_type == USB_PR_CBI)
821 +#define protocol_is_scsi() (mod_data.protocol_type == USB_SC_SCSI)
822 +
823 +#else
824 +
825 +#define transport_is_bbb() 1
826 +#define transport_is_cbi() 0
827 +#define protocol_is_scsi() 1
828 +
829 +#endif /* CONFIG_USB_FILE_STORAGE_TEST */
830 +
831 +
832 +/*-------------------------------------------------------------------------*/
833 +
834 +
835 +struct fsg_dev {
836 + /* lock protects: state, all the req_busy's, and cbbuf_cmnd */
837 + spinlock_t lock;
838 + struct usb_gadget *gadget;
839 +
840 + /* filesem protects: backing files in use */
841 + struct rw_semaphore filesem;
842 +
843 + /* reference counting: wait until all LUNs are released */
844 + struct kref ref;
845 +
846 + struct usb_ep *ep0; // Handy copy of gadget->ep0
847 + struct usb_request *ep0req; // For control responses
848 + unsigned int ep0_req_tag;
849 + const char *ep0req_name;
850 +
851 + struct usb_request *intreq; // For interrupt responses
852 + int intreq_busy;
853 + struct fsg_buffhd *intr_buffhd;
854 +
855 + unsigned int bulk_out_maxpacket;
856 + enum fsg_state state; // For exception handling
857 + unsigned int exception_req_tag;
858 +
859 + u8 config, new_config;
860 +
861 + unsigned int running : 1;
862 + unsigned int bulk_in_enabled : 1;
863 + unsigned int bulk_out_enabled : 1;
864 + unsigned int intr_in_enabled : 1;
865 + unsigned int phase_error : 1;
866 + unsigned int short_packet_received : 1;
867 + unsigned int bad_lun_okay : 1;
868 +
869 + unsigned long atomic_bitflags;
870 +#define REGISTERED 0
871 +#define IGNORE_BULK_OUT 1
872 +#define SUSPENDED 2
873 +
874 + struct usb_ep *bulk_in;
875 + struct usb_ep *bulk_out;
876 + struct usb_ep *intr_in;
877 +
878 + struct fsg_buffhd *next_buffhd_to_fill;
879 + struct fsg_buffhd *next_buffhd_to_drain;
880 +
881 + int thread_wakeup_needed;
882 + struct completion thread_notifier;
883 + struct task_struct *thread_task;
884 +
885 + int cmnd_size;
886 + u8 cmnd[MAX_COMMAND_SIZE];
887 + enum data_direction data_dir;
888 + u32 data_size;
889 + u32 data_size_from_cmnd;
890 + u32 tag;
891 + unsigned int lun;
892 + u32 residue;
893 + u32 usb_amount_left;
894 +
895 + /* The CB protocol offers no way for a host to know when a command
896 + * has completed. As a result the next command may arrive early,
897 + * and we will still have to handle it. For that reason we need
898 + * a buffer to store new commands when using CB (or CBI, which
899 + * does not oblige a host to wait for command completion either). */
900 + int cbbuf_cmnd_size;
901 + u8 cbbuf_cmnd[MAX_COMMAND_SIZE];
902 +
903 + unsigned int nluns;
904 + struct fsg_lun *luns;
905 + struct fsg_lun *curlun;
906 + /* Must be the last entry */
907 + struct fsg_buffhd buffhds[];
908 +};
909 +
910 +typedef void (*fsg_routine_t)(struct fsg_dev *);
911 +
912 +static int exception_in_progress(struct fsg_dev *fsg)
913 +{
914 + return (fsg->state > FSG_STATE_IDLE);
915 +}
916 +
917 +/* Make bulk-out requests be divisible by the maxpacket size */
918 +static void set_bulk_out_req_length(struct fsg_dev *fsg,
919 + struct fsg_buffhd *bh, unsigned int length)
920 +{
921 + unsigned int rem;
922 +
923 + bh->bulk_out_intended_length = length;
924 + rem = length % fsg->bulk_out_maxpacket;
925 + if (rem > 0)
926 + length += fsg->bulk_out_maxpacket - rem;
927 + bh->outreq->length = length;
928 +}
929 +
930 +static struct fsg_dev *the_fsg;
931 +static struct usb_gadget_driver fsg_driver;
932 +
933 +
934 +/*-------------------------------------------------------------------------*/
935 +
936 +static int fsg_set_halt(struct fsg_dev *fsg, struct usb_ep *ep)
937 +{
938 + const char *name;
939 +
940 + if (ep == fsg->bulk_in)
941 + name = "bulk-in";
942 + else if (ep == fsg->bulk_out)
943 + name = "bulk-out";
944 + else
945 + name = ep->name;
946 + DBG(fsg, "%s set halt\n", name);
947 + return usb_ep_set_halt(ep);
948 +}
949 +
950 +
951 +/*-------------------------------------------------------------------------*/
952 +
953 +/*
954 + * DESCRIPTORS ... most are static, but strings and (full) configuration
955 + * descriptors are built on demand. Also the (static) config and interface
956 + * descriptors are adjusted during fsg_bind().
957 + */
958 +
959 +/* There is only one configuration. */
960 +#define CONFIG_VALUE 1
961 +
962 +static struct usb_device_descriptor
963 +device_desc = {
964 + .bLength = sizeof device_desc,
965 + .bDescriptorType = USB_DT_DEVICE,
966 +
967 + .bcdUSB = cpu_to_le16(0x0200),
968 + .bDeviceClass = USB_CLASS_PER_INTERFACE,
969 +
970 + /* The next three values can be overridden by module parameters */
971 + .idVendor = cpu_to_le16(FSG_VENDOR_ID),
972 + .idProduct = cpu_to_le16(FSG_PRODUCT_ID),
973 + .bcdDevice = cpu_to_le16(0xffff),
974 +
975 + .iManufacturer = FSG_STRING_MANUFACTURER,
976 + .iProduct = FSG_STRING_PRODUCT,
977 + .iSerialNumber = FSG_STRING_SERIAL,
978 + .bNumConfigurations = 1,
979 +};
980 +
981 +static struct usb_config_descriptor
982 +config_desc = {
983 + .bLength = sizeof config_desc,
984 + .bDescriptorType = USB_DT_CONFIG,
985 +
986 + /* wTotalLength computed by usb_gadget_config_buf() */
987 + .bNumInterfaces = 1,
988 + .bConfigurationValue = CONFIG_VALUE,
989 + .iConfiguration = FSG_STRING_CONFIG,
990 + .bmAttributes = USB_CONFIG_ATT_ONE | USB_CONFIG_ATT_SELFPOWER,
991 + .bMaxPower = CONFIG_USB_GADGET_VBUS_DRAW / 2,
992 +};
993 +
994 +
995 +static struct usb_qualifier_descriptor
996 +dev_qualifier = {
997 + .bLength = sizeof dev_qualifier,
998 + .bDescriptorType = USB_DT_DEVICE_QUALIFIER,
999 +
1000 + .bcdUSB = cpu_to_le16(0x0200),
1001 + .bDeviceClass = USB_CLASS_PER_INTERFACE,
1002 +
1003 + .bNumConfigurations = 1,
1004 +};
1005 +
1006 +static int populate_bos(struct fsg_dev *fsg, u8 *buf)
1007 +{
1008 + memcpy(buf, &fsg_bos_desc, USB_DT_BOS_SIZE);
1009 + buf += USB_DT_BOS_SIZE;
1010 +
1011 + memcpy(buf, &fsg_ext_cap_desc, USB_DT_USB_EXT_CAP_SIZE);
1012 + buf += USB_DT_USB_EXT_CAP_SIZE;
1013 +
1014 + memcpy(buf, &fsg_ss_cap_desc, USB_DT_USB_SS_CAP_SIZE);
1015 +
1016 + return USB_DT_BOS_SIZE + USB_DT_USB_SS_CAP_SIZE
1017 + + USB_DT_USB_EXT_CAP_SIZE;
1018 +}
1019 +
1020 +/*
1021 + * Config descriptors must agree with the code that sets configurations
1022 + * and with code managing interfaces and their altsettings. They must
1023 + * also handle different speeds and other-speed requests.
1024 + */
1025 +static int populate_config_buf(struct usb_gadget *gadget,
1026 + u8 *buf, u8 type, unsigned index)
1027 +{
1028 + enum usb_device_speed speed = gadget->speed;
1029 + int len;
1030 + const struct usb_descriptor_header **function;
1031 +
1032 + if (index > 0)
1033 + return -EINVAL;
1034 +
1035 + if (gadget_is_dualspeed(gadget) && type == USB_DT_OTHER_SPEED_CONFIG)
1036 + speed = (USB_SPEED_FULL + USB_SPEED_HIGH) - speed;
1037 + function = gadget_is_dualspeed(gadget) && speed == USB_SPEED_HIGH
1038 + ? (const struct usb_descriptor_header **)fsg_hs_function
1039 + : (const struct usb_descriptor_header **)fsg_fs_function;
1040 +
1041 + /* for now, don't advertise srp-only devices */
1042 + if (!gadget_is_otg(gadget))
1043 + function++;
1044 +
1045 + len = usb_gadget_config_buf(&config_desc, buf, EP0_BUFSIZE, function);
1046 + ((struct usb_config_descriptor *) buf)->bDescriptorType = type;
1047 + return len;
1048 +}
1049 +
1050 +
1051 +/*-------------------------------------------------------------------------*/
1052 +
1053 +/* These routines may be called in process context or in_irq */
1054 +
1055 +/* Caller must hold fsg->lock */
1056 +static void wakeup_thread(struct fsg_dev *fsg)
1057 +{
1058 + /* Tell the main thread that something has happened */
1059 + fsg->thread_wakeup_needed = 1;
1060 + if (fsg->thread_task)
1061 + wake_up_process(fsg->thread_task);
1062 +}
1063 +
1064 +
1065 +static void raise_exception(struct fsg_dev *fsg, enum fsg_state new_state)
1066 +{
1067 + unsigned long flags;
1068 +
1069 + /* Do nothing if a higher-priority exception is already in progress.
1070 + * If a lower-or-equal priority exception is in progress, preempt it
1071 + * and notify the main thread by sending it a signal. */
1072 + spin_lock_irqsave(&fsg->lock, flags);
1073 + if (fsg->state <= new_state) {
1074 + fsg->exception_req_tag = fsg->ep0_req_tag;
1075 + fsg->state = new_state;
1076 + if (fsg->thread_task)
1077 + send_sig_info(SIGUSR1, SEND_SIG_FORCED,
1078 + fsg->thread_task);
1079 + }
1080 + spin_unlock_irqrestore(&fsg->lock, flags);
1081 +}
1082 +
1083 +
1084 +/*-------------------------------------------------------------------------*/
1085 +
1086 +/* The disconnect callback and ep0 routines. These always run in_irq,
1087 + * except that ep0_queue() is called in the main thread to acknowledge
1088 + * completion of various requests: set config, set interface, and
1089 + * Bulk-only device reset. */
1090 +
1091 +static void fsg_disconnect(struct usb_gadget *gadget)
1092 +{
1093 + struct fsg_dev *fsg = get_gadget_data(gadget);
1094 +
1095 + DBG(fsg, "disconnect or port reset\n");
1096 + raise_exception(fsg, FSG_STATE_DISCONNECT);
1097 +}
1098 +
1099 +
1100 +static int ep0_queue(struct fsg_dev *fsg)
1101 +{
1102 + int rc;
1103 +
1104 + rc = usb_ep_queue(fsg->ep0, fsg->ep0req, GFP_ATOMIC);
1105 + if (rc != 0 && rc != -ESHUTDOWN) {
1106 +
1107 + /* We can't do much more than wait for a reset */
1108 + WARNING(fsg, "error in submission: %s --> %d\n",
1109 + fsg->ep0->name, rc);
1110 + }
1111 + return rc;
1112 +}
1113 +
1114 +static void ep0_complete(struct usb_ep *ep, struct usb_request *req)
1115 +{
1116 + struct fsg_dev *fsg = ep->driver_data;
1117 +
1118 + if (req->actual > 0)
1119 + dump_msg(fsg, fsg->ep0req_name, req->buf, req->actual);
1120 + if (req->status || req->actual != req->length)
1121 + DBG(fsg, "%s --> %d, %u/%u\n", __func__,
1122 + req->status, req->actual, req->length);
1123 + if (req->status == -ECONNRESET) // Request was cancelled
1124 + usb_ep_fifo_flush(ep);
1125 +
1126 + if (req->status == 0 && req->context)
1127 + ((fsg_routine_t) (req->context))(fsg);
1128 +}
1129 +
1130 +
1131 +/*-------------------------------------------------------------------------*/
1132 +
1133 +/* Bulk and interrupt endpoint completion handlers.
1134 + * These always run in_irq. */
1135 +
1136 +static void bulk_in_complete(struct usb_ep *ep, struct usb_request *req)
1137 +{
1138 + struct fsg_dev *fsg = ep->driver_data;
1139 + struct fsg_buffhd *bh = req->context;
1140 +
1141 + if (req->status || req->actual != req->length)
1142 + DBG(fsg, "%s --> %d, %u/%u\n", __func__,
1143 + req->status, req->actual, req->length);
1144 + if (req->status == -ECONNRESET) // Request was cancelled
1145 + usb_ep_fifo_flush(ep);
1146 +
1147 + /* Hold the lock while we update the request and buffer states */
1148 + smp_wmb();
1149 + spin_lock(&fsg->lock);
1150 + bh->inreq_busy = 0;
1151 + bh->state = BUF_STATE_EMPTY;
1152 + wakeup_thread(fsg);
1153 + spin_unlock(&fsg->lock);
1154 +}
1155 +
1156 +static void bulk_out_complete(struct usb_ep *ep, struct usb_request *req)
1157 +{
1158 + struct fsg_dev *fsg = ep->driver_data;
1159 + struct fsg_buffhd *bh = req->context;
1160 +
1161 + dump_msg(fsg, "bulk-out", req->buf, req->actual);
1162 + if (req->status || req->actual != bh->bulk_out_intended_length)
1163 + DBG(fsg, "%s --> %d, %u/%u\n", __func__,
1164 + req->status, req->actual,
1165 + bh->bulk_out_intended_length);
1166 + if (req->status == -ECONNRESET) // Request was cancelled
1167 + usb_ep_fifo_flush(ep);
1168 +
1169 + /* Hold the lock while we update the request and buffer states */
1170 + smp_wmb();
1171 + spin_lock(&fsg->lock);
1172 + bh->outreq_busy = 0;
1173 + bh->state = BUF_STATE_FULL;
1174 + wakeup_thread(fsg);
1175 + spin_unlock(&fsg->lock);
1176 +}
1177 +
1178 +
1179 +#ifdef CONFIG_USB_FILE_STORAGE_TEST
1180 +static void intr_in_complete(struct usb_ep *ep, struct usb_request *req)
1181 +{
1182 + struct fsg_dev *fsg = ep->driver_data;
1183 + struct fsg_buffhd *bh = req->context;
1184 +
1185 + if (req->status || req->actual != req->length)
1186 + DBG(fsg, "%s --> %d, %u/%u\n", __func__,
1187 + req->status, req->actual, req->length);
1188 + if (req->status == -ECONNRESET) // Request was cancelled
1189 + usb_ep_fifo_flush(ep);
1190 +
1191 + /* Hold the lock while we update the request and buffer states */
1192 + smp_wmb();
1193 + spin_lock(&fsg->lock);
1194 + fsg->intreq_busy = 0;
1195 + bh->state = BUF_STATE_EMPTY;
1196 + wakeup_thread(fsg);
1197 + spin_unlock(&fsg->lock);
1198 +}
1199 +
1200 +#else
1201 +static void intr_in_complete(struct usb_ep *ep, struct usb_request *req)
1202 +{}
1203 +#endif /* CONFIG_USB_FILE_STORAGE_TEST */
1204 +
1205 +
1206 +/*-------------------------------------------------------------------------*/
1207 +
1208 +/* Ep0 class-specific handlers. These always run in_irq. */
1209 +
1210 +#ifdef CONFIG_USB_FILE_STORAGE_TEST
1211 +static void received_cbi_adsc(struct fsg_dev *fsg, struct fsg_buffhd *bh)
1212 +{
1213 + struct usb_request *req = fsg->ep0req;
1214 + static u8 cbi_reset_cmnd[6] = {
1215 + SEND_DIAGNOSTIC, 4, 0xff, 0xff, 0xff, 0xff};
1216 +
1217 + /* Error in command transfer? */
1218 + if (req->status || req->length != req->actual ||
1219 + req->actual < 6 || req->actual > MAX_COMMAND_SIZE) {
1220 +
1221 + /* Not all controllers allow a protocol stall after
1222 + * receiving control-out data, but we'll try anyway. */
1223 + fsg_set_halt(fsg, fsg->ep0);
1224 + return; // Wait for reset
1225 + }
1226 +
1227 + /* Is it the special reset command? */
1228 + if (req->actual >= sizeof cbi_reset_cmnd &&
1229 + memcmp(req->buf, cbi_reset_cmnd,
1230 + sizeof cbi_reset_cmnd) == 0) {
1231 +
1232 + /* Raise an exception to stop the current operation
1233 + * and reinitialize our state. */
1234 + DBG(fsg, "cbi reset request\n");
1235 + raise_exception(fsg, FSG_STATE_RESET);
1236 + return;
1237 + }
1238 +
1239 + VDBG(fsg, "CB[I] accept device-specific command\n");
1240 + spin_lock(&fsg->lock);
1241 +
1242 + /* Save the command for later */
1243 + if (fsg->cbbuf_cmnd_size)
1244 + WARNING(fsg, "CB[I] overwriting previous command\n");
1245 + fsg->cbbuf_cmnd_size = req->actual;
1246 + memcpy(fsg->cbbuf_cmnd, req->buf, fsg->cbbuf_cmnd_size);
1247 +
1248 + wakeup_thread(fsg);
1249 + spin_unlock(&fsg->lock);
1250 +}
1251 +
1252 +#else
1253 +static void received_cbi_adsc(struct fsg_dev *fsg, struct fsg_buffhd *bh)
1254 +{}
1255 +#endif /* CONFIG_USB_FILE_STORAGE_TEST */
1256 +
1257 +
1258 +static int class_setup_req(struct fsg_dev *fsg,
1259 + const struct usb_ctrlrequest *ctrl)
1260 +{
1261 + struct usb_request *req = fsg->ep0req;
1262 + int value = -EOPNOTSUPP;
1263 + u16 w_index = le16_to_cpu(ctrl->wIndex);
1264 + u16 w_value = le16_to_cpu(ctrl->wValue);
1265 + u16 w_length = le16_to_cpu(ctrl->wLength);
1266 +
1267 + if (!fsg->config)
1268 + return value;
1269 +
1270 + /* Handle Bulk-only class-specific requests */
1271 + if (transport_is_bbb()) {
1272 + switch (ctrl->bRequest) {
1273 +
1274 + case US_BULK_RESET_REQUEST:
1275 + if (ctrl->bRequestType != (USB_DIR_OUT |
1276 + USB_TYPE_CLASS | USB_RECIP_INTERFACE))
1277 + break;
1278 + if (w_index != 0 || w_value != 0 || w_length != 0) {
1279 + value = -EDOM;
1280 + break;
1281 + }
1282 +
1283 + /* Raise an exception to stop the current operation
1284 + * and reinitialize our state. */
1285 + DBG(fsg, "bulk reset request\n");
1286 + raise_exception(fsg, FSG_STATE_RESET);
1287 + value = DELAYED_STATUS;
1288 + break;
1289 +
1290 + case US_BULK_GET_MAX_LUN:
1291 + if (ctrl->bRequestType != (USB_DIR_IN |
1292 + USB_TYPE_CLASS | USB_RECIP_INTERFACE))
1293 + break;
1294 + if (w_index != 0 || w_value != 0 || w_length != 1) {
1295 + value = -EDOM;
1296 + break;
1297 + }
1298 + VDBG(fsg, "get max LUN\n");
1299 + *(u8 *) req->buf = fsg->nluns - 1;
1300 + value = 1;
1301 + break;
1302 + }
1303 + }
1304 +
1305 + /* Handle CBI class-specific requests */
1306 + else {
1307 + switch (ctrl->bRequest) {
1308 +
1309 + case USB_CBI_ADSC_REQUEST:
1310 + if (ctrl->bRequestType != (USB_DIR_OUT |
1311 + USB_TYPE_CLASS | USB_RECIP_INTERFACE))
1312 + break;
1313 + if (w_index != 0 || w_value != 0) {
1314 + value = -EDOM;
1315 + break;
1316 + }
1317 + if (w_length > MAX_COMMAND_SIZE) {
1318 + value = -EOVERFLOW;
1319 + break;
1320 + }
1321 + value = w_length;
1322 + fsg->ep0req->context = received_cbi_adsc;
1323 + break;
1324 + }
1325 + }
1326 +
1327 + if (value == -EOPNOTSUPP)
1328 + VDBG(fsg,
1329 + "unknown class-specific control req "
1330 + "%02x.%02x v%04x i%04x l%u\n",
1331 + ctrl->bRequestType, ctrl->bRequest,
1332 + le16_to_cpu(ctrl->wValue), w_index, w_length);
1333 + return value;
1334 +}
1335 +
1336 +
1337 +/*-------------------------------------------------------------------------*/
1338 +
1339 +/* Ep0 standard request handlers. These always run in_irq. */
1340 +
1341 +static int standard_setup_req(struct fsg_dev *fsg,
1342 + const struct usb_ctrlrequest *ctrl)
1343 +{
1344 + struct usb_request *req = fsg->ep0req;
1345 + int value = -EOPNOTSUPP;
1346 + u16 w_index = le16_to_cpu(ctrl->wIndex);
1347 + u16 w_value = le16_to_cpu(ctrl->wValue);
1348 +
1349 + /* Usually this just stores reply data in the pre-allocated ep0 buffer,
1350 + * but config change events will also reconfigure hardware. */
1351 + switch (ctrl->bRequest) {
1352 +
1353 + case USB_REQ_GET_DESCRIPTOR:
1354 + if (ctrl->bRequestType != (USB_DIR_IN | USB_TYPE_STANDARD |
1355 + USB_RECIP_DEVICE))
1356 + break;
1357 + switch (w_value >> 8) {
1358 +
1359 + case USB_DT_DEVICE:
1360 + VDBG(fsg, "get device descriptor\n");
1361 + device_desc.bMaxPacketSize0 = fsg->ep0->maxpacket;
1362 + value = sizeof device_desc;
1363 + memcpy(req->buf, &device_desc, value);
1364 + break;
1365 + case USB_DT_DEVICE_QUALIFIER:
1366 + VDBG(fsg, "get device qualifier\n");
1367 + if (!gadget_is_dualspeed(fsg->gadget) ||
1368 + fsg->gadget->speed == USB_SPEED_SUPER)
1369 + break;
1370 + /*
1371 + * Assume ep0 uses the same maxpacket value for both
1372 + * speeds
1373 + */
1374 + dev_qualifier.bMaxPacketSize0 = fsg->ep0->maxpacket;
1375 + value = sizeof dev_qualifier;
1376 + memcpy(req->buf, &dev_qualifier, value);
1377 + break;
1378 +
1379 + case USB_DT_OTHER_SPEED_CONFIG:
1380 + VDBG(fsg, "get other-speed config descriptor\n");
1381 + if (!gadget_is_dualspeed(fsg->gadget) ||
1382 + fsg->gadget->speed == USB_SPEED_SUPER)
1383 + break;
1384 + goto get_config;
1385 + case USB_DT_CONFIG:
1386 + VDBG(fsg, "get configuration descriptor\n");
1387 +get_config:
1388 + value = populate_config_buf(fsg->gadget,
1389 + req->buf,
1390 + w_value >> 8,
1391 + w_value & 0xff);
1392 + break;
1393 +
1394 + case USB_DT_STRING:
1395 + VDBG(fsg, "get string descriptor\n");
1396 +
1397 + /* wIndex == language code */
1398 + value = usb_gadget_get_string(&fsg_stringtab,
1399 + w_value & 0xff, req->buf);
1400 + break;
1401 +
1402 + case USB_DT_BOS:
1403 + VDBG(fsg, "get bos descriptor\n");
1404 +
1405 + if (gadget_is_superspeed(fsg->gadget))
1406 + value = populate_bos(fsg, req->buf);
1407 + break;
1408 + }
1409 +
1410 + break;
1411 +
1412 + /* One config, two speeds */
1413 + case USB_REQ_SET_CONFIGURATION:
1414 + if (ctrl->bRequestType != (USB_DIR_OUT | USB_TYPE_STANDARD |
1415 + USB_RECIP_DEVICE))
1416 + break;
1417 + VDBG(fsg, "set configuration\n");
1418 + if (w_value == CONFIG_VALUE || w_value == 0) {
1419 + fsg->new_config = w_value;
1420 +
1421 + /* Raise an exception to wipe out previous transaction
1422 + * state (queued bufs, etc) and set the new config. */
1423 + raise_exception(fsg, FSG_STATE_CONFIG_CHANGE);
1424 + value = DELAYED_STATUS;
1425 + }
1426 + break;
1427 + case USB_REQ_GET_CONFIGURATION:
1428 + if (ctrl->bRequestType != (USB_DIR_IN | USB_TYPE_STANDARD |
1429 + USB_RECIP_DEVICE))
1430 + break;
1431 + VDBG(fsg, "get configuration\n");
1432 + *(u8 *) req->buf = fsg->config;
1433 + value = 1;
1434 + break;
1435 +
1436 + case USB_REQ_SET_INTERFACE:
1437 + if (ctrl->bRequestType != (USB_DIR_OUT| USB_TYPE_STANDARD |
1438 + USB_RECIP_INTERFACE))
1439 + break;
1440 + if (fsg->config && w_index == 0) {
1441 +
1442 + /* Raise an exception to wipe out previous transaction
1443 + * state (queued bufs, etc) and install the new
1444 + * interface altsetting. */
1445 + raise_exception(fsg, FSG_STATE_INTERFACE_CHANGE);
1446 + value = DELAYED_STATUS;
1447 + }
1448 + break;
1449 + case USB_REQ_GET_INTERFACE:
1450 + if (ctrl->bRequestType != (USB_DIR_IN | USB_TYPE_STANDARD |
1451 + USB_RECIP_INTERFACE))
1452 + break;
1453 + if (!fsg->config)
1454 + break;
1455 + if (w_index != 0) {
1456 + value = -EDOM;
1457 + break;
1458 + }
1459 + VDBG(fsg, "get interface\n");
1460 + *(u8 *) req->buf = 0;
1461 + value = 1;
1462 + break;
1463 +
1464 + default:
1465 + VDBG(fsg,
1466 + "unknown control req %02x.%02x v%04x i%04x l%u\n",
1467 + ctrl->bRequestType, ctrl->bRequest,
1468 + w_value, w_index, le16_to_cpu(ctrl->wLength));
1469 + }
1470 +
1471 + return value;
1472 +}
1473 +
1474 +
1475 +static int fsg_setup(struct usb_gadget *gadget,
1476 + const struct usb_ctrlrequest *ctrl)
1477 +{
1478 + struct fsg_dev *fsg = get_gadget_data(gadget);
1479 + int rc;
1480 + int w_length = le16_to_cpu(ctrl->wLength);
1481 +
1482 + ++fsg->ep0_req_tag; // Record arrival of a new request
1483 + fsg->ep0req->context = NULL;
1484 + fsg->ep0req->length = 0;
1485 + dump_msg(fsg, "ep0-setup", (u8 *) ctrl, sizeof(*ctrl));
1486 +
1487 + if ((ctrl->bRequestType & USB_TYPE_MASK) == USB_TYPE_CLASS)
1488 + rc = class_setup_req(fsg, ctrl);
1489 + else
1490 + rc = standard_setup_req(fsg, ctrl);
1491 +
1492 + /* Respond with data/status or defer until later? */
1493 + if (rc >= 0 && rc != DELAYED_STATUS) {
1494 + rc = min(rc, w_length);
1495 + fsg->ep0req->length = rc;
1496 + fsg->ep0req->zero = rc < w_length;
1497 + fsg->ep0req_name = (ctrl->bRequestType & USB_DIR_IN ?
1498 + "ep0-in" : "ep0-out");
1499 + rc = ep0_queue(fsg);
1500 + }
1501 +
1502 + /* Device either stalls (rc < 0) or reports success */
1503 + return rc;
1504 +}
1505 +
1506 +
1507 +/*-------------------------------------------------------------------------*/
1508 +
1509 +/* All the following routines run in process context */
1510 +
1511 +
1512 +/* Use this for bulk or interrupt transfers, not ep0 */
1513 +static void start_transfer(struct fsg_dev *fsg, struct usb_ep *ep,
1514 + struct usb_request *req, int *pbusy,
1515 + enum fsg_buffer_state *state)
1516 +{
1517 + int rc;
1518 +
1519 + if (ep == fsg->bulk_in)
1520 + dump_msg(fsg, "bulk-in", req->buf, req->length);
1521 + else if (ep == fsg->intr_in)
1522 + dump_msg(fsg, "intr-in", req->buf, req->length);
1523 +
1524 + spin_lock_irq(&fsg->lock);
1525 + *pbusy = 1;
1526 + *state = BUF_STATE_BUSY;
1527 + spin_unlock_irq(&fsg->lock);
1528 + rc = usb_ep_queue(ep, req, GFP_KERNEL);
1529 + if (rc != 0) {
1530 + *pbusy = 0;
1531 + *state = BUF_STATE_EMPTY;
1532 +
1533 + /* We can't do much more than wait for a reset */
1534 +
1535 + /* Note: currently the net2280 driver fails zero-length
1536 + * submissions if DMA is enabled. */
1537 + if (rc != -ESHUTDOWN && !(rc == -EOPNOTSUPP &&
1538 + req->length == 0))
1539 + WARNING(fsg, "error in submission: %s --> %d\n",
1540 + ep->name, rc);
1541 + }
1542 +}
1543 +
1544 +
1545 +static int sleep_thread(struct fsg_dev *fsg)
1546 +{
1547 + int rc = 0;
1548 +
1549 + /* Wait until a signal arrives or we are woken up */
1550 + for (;;) {
1551 + try_to_freeze();
1552 + set_current_state(TASK_INTERRUPTIBLE);
1553 + if (signal_pending(current)) {
1554 + rc = -EINTR;
1555 + break;
1556 + }
1557 + if (fsg->thread_wakeup_needed)
1558 + break;
1559 + schedule();
1560 + }
1561 + __set_current_state(TASK_RUNNING);
1562 + fsg->thread_wakeup_needed = 0;
1563 + return rc;
1564 +}
1565 +
1566 +
1567 +/*-------------------------------------------------------------------------*/
1568 +
1569 +static int do_read(struct fsg_dev *fsg)
1570 +{
1571 + struct fsg_lun *curlun = fsg->curlun;
1572 + u32 lba;
1573 + struct fsg_buffhd *bh;
1574 + int rc;
1575 + u32 amount_left;
1576 + loff_t file_offset, file_offset_tmp;
1577 + unsigned int amount;
1578 + ssize_t nread;
1579 +
1580 + /* Get the starting Logical Block Address and check that it's
1581 + * not too big */
1582 + if (fsg->cmnd[0] == READ_6)
1583 + lba = get_unaligned_be24(&fsg->cmnd[1]);
1584 + else {
1585 + lba = get_unaligned_be32(&fsg->cmnd[2]);
1586 +
1587 + /* We allow DPO (Disable Page Out = don't save data in the
1588 + * cache) and FUA (Force Unit Access = don't read from the
1589 + * cache), but we don't implement them. */
1590 + if ((fsg->cmnd[1] & ~0x18) != 0) {
1591 + curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1592 + return -EINVAL;
1593 + }
1594 + }
1595 + if (lba >= curlun->num_sectors) {
1596 + curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1597 + return -EINVAL;
1598 + }
1599 + file_offset = ((loff_t) lba) << curlun->blkbits;
1600 +
1601 + /* Carry out the file reads */
1602 + amount_left = fsg->data_size_from_cmnd;
1603 + if (unlikely(amount_left == 0))
1604 + return -EIO; // No default reply
1605 +
1606 + for (;;) {
1607 +
1608 + /* Figure out how much we need to read:
1609 + * Try to read the remaining amount.
1610 + * But don't read more than the buffer size.
1611 + * And don't try to read past the end of the file.
1612 + */
1613 + amount = min((unsigned int) amount_left, mod_data.buflen);
1614 + amount = min((loff_t) amount,
1615 + curlun->file_length - file_offset);
1616 +
1617 + /* Wait for the next buffer to become available */
1618 + bh = fsg->next_buffhd_to_fill;
1619 + while (bh->state != BUF_STATE_EMPTY) {
1620 + rc = sleep_thread(fsg);
1621 + if (rc)
1622 + return rc;
1623 + }
1624 +
1625 + /* If we were asked to read past the end of file,
1626 + * end with an empty buffer. */
1627 + if (amount == 0) {
1628 + curlun->sense_data =
1629 + SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1630 + curlun->sense_data_info = file_offset >> curlun->blkbits;
1631 + curlun->info_valid = 1;
1632 + bh->inreq->length = 0;
1633 + bh->state = BUF_STATE_FULL;
1634 + break;
1635 + }
1636 +
1637 + /* Perform the read */
1638 + file_offset_tmp = file_offset;
1639 + nread = vfs_read(curlun->filp,
1640 + (char __user *) bh->buf,
1641 + amount, &file_offset_tmp);
1642 + VLDBG(curlun, "file read %u @ %llu -> %d\n", amount,
1643 + (unsigned long long) file_offset,
1644 + (int) nread);
1645 + if (signal_pending(current))
1646 + return -EINTR;
1647 +
1648 + if (nread < 0) {
1649 + LDBG(curlun, "error in file read: %d\n",
1650 + (int) nread);
1651 + nread = 0;
1652 + } else if (nread < amount) {
1653 + LDBG(curlun, "partial file read: %d/%u\n",
1654 + (int) nread, amount);
1655 + nread = round_down(nread, curlun->blksize);
1656 + }
1657 + file_offset += nread;
1658 + amount_left -= nread;
1659 + fsg->residue -= nread;
1660 +
1661 + /* Except at the end of the transfer, nread will be
1662 + * equal to the buffer size, which is divisible by the
1663 + * bulk-in maxpacket size.
1664 + */
1665 + bh->inreq->length = nread;
1666 + bh->state = BUF_STATE_FULL;
1667 +
1668 + /* If an error occurred, report it and its position */
1669 + if (nread < amount) {
1670 + curlun->sense_data = SS_UNRECOVERED_READ_ERROR;
1671 + curlun->sense_data_info = file_offset >> curlun->blkbits;
1672 + curlun->info_valid = 1;
1673 + break;
1674 + }
1675 +
1676 + if (amount_left == 0)
1677 + break; // No more left to read
1678 +
1679 + /* Send this buffer and go read some more */
1680 + bh->inreq->zero = 0;
1681 + start_transfer(fsg, fsg->bulk_in, bh->inreq,
1682 + &bh->inreq_busy, &bh->state);
1683 + fsg->next_buffhd_to_fill = bh->next;
1684 + }
1685 +
1686 + return -EIO; // No default reply
1687 +}
1688 +
1689 +
1690 +/*-------------------------------------------------------------------------*/
1691 +
1692 +static int do_write(struct fsg_dev *fsg)
1693 +{
1694 + struct fsg_lun *curlun = fsg->curlun;
1695 + u32 lba;
1696 + struct fsg_buffhd *bh;
1697 + int get_some_more;
1698 + u32 amount_left_to_req, amount_left_to_write;
1699 + loff_t usb_offset, file_offset, file_offset_tmp;
1700 + unsigned int amount;
1701 + ssize_t nwritten;
1702 + int rc;
1703 +
1704 + if (curlun->ro) {
1705 + curlun->sense_data = SS_WRITE_PROTECTED;
1706 + return -EINVAL;
1707 + }
1708 + spin_lock(&curlun->filp->f_lock);
1709 + curlun->filp->f_flags &= ~O_SYNC; // Default is not to wait
1710 + spin_unlock(&curlun->filp->f_lock);
1711 +
1712 + /* Get the starting Logical Block Address and check that it's
1713 + * not too big */
1714 + if (fsg->cmnd[0] == WRITE_6)
1715 + lba = get_unaligned_be24(&fsg->cmnd[1]);
1716 + else {
1717 + lba = get_unaligned_be32(&fsg->cmnd[2]);
1718 +
1719 + /* We allow DPO (Disable Page Out = don't save data in the
1720 + * cache) and FUA (Force Unit Access = write directly to the
1721 + * medium). We don't implement DPO; we implement FUA by
1722 + * performing synchronous output. */
1723 + if ((fsg->cmnd[1] & ~0x18) != 0) {
1724 + curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1725 + return -EINVAL;
1726 + }
1727 + /* FUA */
1728 + if (!curlun->nofua && (fsg->cmnd[1] & 0x08)) {
1729 + spin_lock(&curlun->filp->f_lock);
1730 + curlun->filp->f_flags |= O_DSYNC;
1731 + spin_unlock(&curlun->filp->f_lock);
1732 + }
1733 + }
1734 + if (lba >= curlun->num_sectors) {
1735 + curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1736 + return -EINVAL;
1737 + }
1738 +
1739 + /* Carry out the file writes */
1740 + get_some_more = 1;
1741 + file_offset = usb_offset = ((loff_t) lba) << curlun->blkbits;
1742 + amount_left_to_req = amount_left_to_write = fsg->data_size_from_cmnd;
1743 +
1744 + while (amount_left_to_write > 0) {
1745 +
1746 + /* Queue a request for more data from the host */
1747 + bh = fsg->next_buffhd_to_fill;
1748 + if (bh->state == BUF_STATE_EMPTY && get_some_more) {
1749 +
1750 + /* Figure out how much we want to get:
1751 + * Try to get the remaining amount,
1752 + * but not more than the buffer size.
1753 + */
1754 + amount = min(amount_left_to_req, mod_data.buflen);
1755 +
1756 + /* Beyond the end of the backing file? */
1757 + if (usb_offset >= curlun->file_length) {
1758 + get_some_more = 0;
1759 + curlun->sense_data =
1760 + SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1761 + curlun->sense_data_info = usb_offset >> curlun->blkbits;
1762 + curlun->info_valid = 1;
1763 + continue;
1764 + }
1765 +
1766 + /* Get the next buffer */
1767 + usb_offset += amount;
1768 + fsg->usb_amount_left -= amount;
1769 + amount_left_to_req -= amount;
1770 + if (amount_left_to_req == 0)
1771 + get_some_more = 0;
1772 +
1773 + /* Except at the end of the transfer, amount will be
1774 + * equal to the buffer size, which is divisible by
1775 + * the bulk-out maxpacket size.
1776 + */
1777 + set_bulk_out_req_length(fsg, bh, amount);
1778 + start_transfer(fsg, fsg->bulk_out, bh->outreq,
1779 + &bh->outreq_busy, &bh->state);
1780 + fsg->next_buffhd_to_fill = bh->next;
1781 + continue;
1782 + }
1783 +
1784 + /* Write the received data to the backing file */
1785 + bh = fsg->next_buffhd_to_drain;
1786 + if (bh->state == BUF_STATE_EMPTY && !get_some_more)
1787 + break; // We stopped early
1788 + if (bh->state == BUF_STATE_FULL) {
1789 + smp_rmb();
1790 + fsg->next_buffhd_to_drain = bh->next;
1791 + bh->state = BUF_STATE_EMPTY;
1792 +
1793 + /* Did something go wrong with the transfer? */
1794 + if (bh->outreq->status != 0) {
1795 + curlun->sense_data = SS_COMMUNICATION_FAILURE;
1796 + curlun->sense_data_info = file_offset >> curlun->blkbits;
1797 + curlun->info_valid = 1;
1798 + break;
1799 + }
1800 +
1801 + amount = bh->outreq->actual;
1802 + if (curlun->file_length - file_offset < amount) {
1803 + LERROR(curlun,
1804 + "write %u @ %llu beyond end %llu\n",
1805 + amount, (unsigned long long) file_offset,
1806 + (unsigned long long) curlun->file_length);
1807 + amount = curlun->file_length - file_offset;
1808 + }
1809 +
1810 + /* Don't accept excess data. The spec doesn't say
1811 + * what to do in this case. We'll ignore the error.
1812 + */
1813 + amount = min(amount, bh->bulk_out_intended_length);
1814 +
1815 + /* Don't write a partial block */
1816 + amount = round_down(amount, curlun->blksize);
1817 + if (amount == 0)
1818 + goto empty_write;
1819 +
1820 + /* Perform the write */
1821 + file_offset_tmp = file_offset;
1822 + nwritten = vfs_write(curlun->filp,
1823 + (char __user *) bh->buf,
1824 + amount, &file_offset_tmp);
1825 + VLDBG(curlun, "file write %u @ %llu -> %d\n", amount,
1826 + (unsigned long long) file_offset,
1827 + (int) nwritten);
1828 + if (signal_pending(current))
1829 + return -EINTR; // Interrupted!
1830 +
1831 + if (nwritten < 0) {
1832 + LDBG(curlun, "error in file write: %d\n",
1833 + (int) nwritten);
1834 + nwritten = 0;
1835 + } else if (nwritten < amount) {
1836 + LDBG(curlun, "partial file write: %d/%u\n",
1837 + (int) nwritten, amount);
1838 + nwritten = round_down(nwritten, curlun->blksize);
1839 + }
1840 + file_offset += nwritten;
1841 + amount_left_to_write -= nwritten;
1842 + fsg->residue -= nwritten;
1843 +
1844 + /* If an error occurred, report it and its position */
1845 + if (nwritten < amount) {
1846 + curlun->sense_data = SS_WRITE_ERROR;
1847 + curlun->sense_data_info = file_offset >> curlun->blkbits;
1848 + curlun->info_valid = 1;
1849 + break;
1850 + }
1851 +
1852 + empty_write:
1853 + /* Did the host decide to stop early? */
1854 + if (bh->outreq->actual < bh->bulk_out_intended_length) {
1855 + fsg->short_packet_received = 1;
1856 + break;
1857 + }
1858 + continue;
1859 + }
1860 +
1861 + /* Wait for something to happen */
1862 + rc = sleep_thread(fsg);
1863 + if (rc)
1864 + return rc;
1865 + }
1866 +
1867 + return -EIO; // No default reply
1868 +}
1869 +
1870 +
1871 +/*-------------------------------------------------------------------------*/
1872 +
1873 +static int do_synchronize_cache(struct fsg_dev *fsg)
1874 +{
1875 + struct fsg_lun *curlun = fsg->curlun;
1876 + int rc;
1877 +
1878 + /* We ignore the requested LBA and write out all file's
1879 + * dirty data buffers. */
1880 + rc = fsg_lun_fsync_sub(curlun);
1881 + if (rc)
1882 + curlun->sense_data = SS_WRITE_ERROR;
1883 + return 0;
1884 +}
1885 +
1886 +
1887 +/*-------------------------------------------------------------------------*/
1888 +
1889 +static void invalidate_sub(struct fsg_lun *curlun)
1890 +{
1891 + struct file *filp = curlun->filp;
1892 + struct inode *inode = filp->f_path.dentry->d_inode;
1893 + unsigned long rc;
1894 +
1895 + rc = invalidate_mapping_pages(inode->i_mapping, 0, -1);
1896 + VLDBG(curlun, "invalidate_mapping_pages -> %ld\n", rc);
1897 +}
1898 +
1899 +static int do_verify(struct fsg_dev *fsg)
1900 +{
1901 + struct fsg_lun *curlun = fsg->curlun;
1902 + u32 lba;
1903 + u32 verification_length;
1904 + struct fsg_buffhd *bh = fsg->next_buffhd_to_fill;
1905 + loff_t file_offset, file_offset_tmp;
1906 + u32 amount_left;
1907 + unsigned int amount;
1908 + ssize_t nread;
1909 +
1910 + /* Get the starting Logical Block Address and check that it's
1911 + * not too big */
1912 + lba = get_unaligned_be32(&fsg->cmnd[2]);
1913 + if (lba >= curlun->num_sectors) {
1914 + curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1915 + return -EINVAL;
1916 + }
1917 +
1918 + /* We allow DPO (Disable Page Out = don't save data in the
1919 + * cache) but we don't implement it. */
1920 + if ((fsg->cmnd[1] & ~0x10) != 0) {
1921 + curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1922 + return -EINVAL;
1923 + }
1924 +
1925 + verification_length = get_unaligned_be16(&fsg->cmnd[7]);
1926 + if (unlikely(verification_length == 0))
1927 + return -EIO; // No default reply
1928 +
1929 + /* Prepare to carry out the file verify */
1930 + amount_left = verification_length << curlun->blkbits;
1931 + file_offset = ((loff_t) lba) << curlun->blkbits;
1932 +
1933 + /* Write out all the dirty buffers before invalidating them */
1934 + fsg_lun_fsync_sub(curlun);
1935 + if (signal_pending(current))
1936 + return -EINTR;
1937 +
1938 + invalidate_sub(curlun);
1939 + if (signal_pending(current))
1940 + return -EINTR;
1941 +
1942 + /* Just try to read the requested blocks */
1943 + while (amount_left > 0) {
1944 +
1945 + /* Figure out how much we need to read:
1946 + * Try to read the remaining amount, but not more than
1947 + * the buffer size.
1948 + * And don't try to read past the end of the file.
1949 + */
1950 + amount = min((unsigned int) amount_left, mod_data.buflen);
1951 + amount = min((loff_t) amount,
1952 + curlun->file_length - file_offset);
1953 + if (amount == 0) {
1954 + curlun->sense_data =
1955 + SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1956 + curlun->sense_data_info = file_offset >> curlun->blkbits;
1957 + curlun->info_valid = 1;
1958 + break;
1959 + }
1960 +
1961 + /* Perform the read */
1962 + file_offset_tmp = file_offset;
1963 + nread = vfs_read(curlun->filp,
1964 + (char __user *) bh->buf,
1965 + amount, &file_offset_tmp);
1966 + VLDBG(curlun, "file read %u @ %llu -> %d\n", amount,
1967 + (unsigned long long) file_offset,
1968 + (int) nread);
1969 + if (signal_pending(current))
1970 + return -EINTR;
1971 +
1972 + if (nread < 0) {
1973 + LDBG(curlun, "error in file verify: %d\n",
1974 + (int) nread);
1975 + nread = 0;
1976 + } else if (nread < amount) {
1977 + LDBG(curlun, "partial file verify: %d/%u\n",
1978 + (int) nread, amount);
1979 + nread = round_down(nread, curlun->blksize);
1980 + }
1981 + if (nread == 0) {
1982 + curlun->sense_data = SS_UNRECOVERED_READ_ERROR;
1983 + curlun->sense_data_info = file_offset >> curlun->blkbits;
1984 + curlun->info_valid = 1;
1985 + break;
1986 + }
1987 + file_offset += nread;
1988 + amount_left -= nread;
1989 + }
1990 + return 0;
1991 +}
1992 +
1993 +
1994 +/*-------------------------------------------------------------------------*/
1995 +
1996 +static int do_inquiry(struct fsg_dev *fsg, struct fsg_buffhd *bh)
1997 +{
1998 + u8 *buf = (u8 *) bh->buf;
1999 +
2000 + static char vendor_id[] = "Linux ";
2001 + static char product_disk_id[] = "File-Stor Gadget";
2002 + static char product_cdrom_id[] = "File-CD Gadget ";
2003 +
2004 + if (!fsg->curlun) { // Unsupported LUNs are okay
2005 + fsg->bad_lun_okay = 1;
2006 + memset(buf, 0, 36);
2007 + buf[0] = 0x7f; // Unsupported, no device-type
2008 + buf[4] = 31; // Additional length
2009 + return 36;
2010 + }
2011 +
2012 + memset(buf, 0, 8);
2013 + buf[0] = (mod_data.cdrom ? TYPE_ROM : TYPE_DISK);
2014 + if (mod_data.removable)
2015 + buf[1] = 0x80;
2016 + buf[2] = 2; // ANSI SCSI level 2
2017 + buf[3] = 2; // SCSI-2 INQUIRY data format
2018 + buf[4] = 31; // Additional length
2019 + // No special options
2020 + sprintf(buf + 8, "%-8s%-16s%04x", vendor_id,
2021 + (mod_data.cdrom ? product_cdrom_id :
2022 + product_disk_id),
2023 + mod_data.release);
2024 + return 36;
2025 +}
2026 +
2027 +
2028 +static int do_request_sense(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2029 +{
2030 + struct fsg_lun *curlun = fsg->curlun;
2031 + u8 *buf = (u8 *) bh->buf;
2032 + u32 sd, sdinfo;
2033 + int valid;
2034 +
2035 + /*
2036 + * From the SCSI-2 spec., section 7.9 (Unit attention condition):
2037 + *
2038 + * If a REQUEST SENSE command is received from an initiator
2039 + * with a pending unit attention condition (before the target
2040 + * generates the contingent allegiance condition), then the
2041 + * target shall either:
2042 + * a) report any pending sense data and preserve the unit
2043 + * attention condition on the logical unit, or,
2044 + * b) report the unit attention condition, may discard any
2045 + * pending sense data, and clear the unit attention
2046 + * condition on the logical unit for that initiator.
2047 + *
2048 + * FSG normally uses option a); enable this code to use option b).
2049 + */
2050 +#if 0
2051 + if (curlun && curlun->unit_attention_data != SS_NO_SENSE) {
2052 + curlun->sense_data = curlun->unit_attention_data;
2053 + curlun->unit_attention_data = SS_NO_SENSE;
2054 + }
2055 +#endif
2056 +
2057 + if (!curlun) { // Unsupported LUNs are okay
2058 + fsg->bad_lun_okay = 1;
2059 + sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
2060 + sdinfo = 0;
2061 + valid = 0;
2062 + } else {
2063 + sd = curlun->sense_data;
2064 + sdinfo = curlun->sense_data_info;
2065 + valid = curlun->info_valid << 7;
2066 + curlun->sense_data = SS_NO_SENSE;
2067 + curlun->sense_data_info = 0;
2068 + curlun->info_valid = 0;
2069 + }
2070 +
2071 + memset(buf, 0, 18);
2072 + buf[0] = valid | 0x70; // Valid, current error
2073 + buf[2] = SK(sd);
2074 + put_unaligned_be32(sdinfo, &buf[3]); /* Sense information */
2075 + buf[7] = 18 - 8; // Additional sense length
2076 + buf[12] = ASC(sd);
2077 + buf[13] = ASCQ(sd);
2078 + return 18;
2079 +}
2080 +
2081 +
2082 +static int do_read_capacity(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2083 +{
2084 + struct fsg_lun *curlun = fsg->curlun;
2085 + u32 lba = get_unaligned_be32(&fsg->cmnd[2]);
2086 + int pmi = fsg->cmnd[8];
2087 + u8 *buf = (u8 *) bh->buf;
2088 +
2089 + /* Check the PMI and LBA fields */
2090 + if (pmi > 1 || (pmi == 0 && lba != 0)) {
2091 + curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
2092 + return -EINVAL;
2093 + }
2094 +
2095 + put_unaligned_be32(curlun->num_sectors - 1, &buf[0]);
2096 + /* Max logical block */
2097 + put_unaligned_be32(curlun->blksize, &buf[4]); /* Block length */
2098 + return 8;
2099 +}
2100 +
2101 +
2102 +static int do_read_header(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2103 +{
2104 + struct fsg_lun *curlun = fsg->curlun;
2105 + int msf = fsg->cmnd[1] & 0x02;
2106 + u32 lba = get_unaligned_be32(&fsg->cmnd[2]);
2107 + u8 *buf = (u8 *) bh->buf;
2108 +
2109 + if ((fsg->cmnd[1] & ~0x02) != 0) { /* Mask away MSF */
2110 + curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
2111 + return -EINVAL;
2112 + }
2113 + if (lba >= curlun->num_sectors) {
2114 + curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
2115 + return -EINVAL;
2116 + }
2117 +
2118 + memset(buf, 0, 8);
2119 + buf[0] = 0x01; /* 2048 bytes of user data, rest is EC */
2120 + store_cdrom_address(&buf[4], msf, lba);
2121 + return 8;
2122 +}
2123 +
2124 +
2125 +static int do_read_toc(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2126 +{
2127 + struct fsg_lun *curlun = fsg->curlun;
2128 + int msf = fsg->cmnd[1] & 0x02;
2129 + int start_track = fsg->cmnd[6];
2130 + u8 *buf = (u8 *) bh->buf;
2131 +
2132 + if ((fsg->cmnd[1] & ~0x02) != 0 || /* Mask away MSF */
2133 + start_track > 1) {
2134 + curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
2135 + return -EINVAL;
2136 + }
2137 +
2138 + memset(buf, 0, 20);
2139 + buf[1] = (20-2); /* TOC data length */
2140 + buf[2] = 1; /* First track number */
2141 + buf[3] = 1; /* Last track number */
2142 + buf[5] = 0x16; /* Data track, copying allowed */
2143 + buf[6] = 0x01; /* Only track is number 1 */
2144 + store_cdrom_address(&buf[8], msf, 0);
2145 +
2146 + buf[13] = 0x16; /* Lead-out track is data */
2147 + buf[14] = 0xAA; /* Lead-out track number */
2148 + store_cdrom_address(&buf[16], msf, curlun->num_sectors);
2149 + return 20;
2150 +}
2151 +
2152 +
2153 +static int do_mode_sense(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2154 +{
2155 + struct fsg_lun *curlun = fsg->curlun;
2156 + int mscmnd = fsg->cmnd[0];
2157 + u8 *buf = (u8 *) bh->buf;
2158 + u8 *buf0 = buf;
2159 + int pc, page_code;
2160 + int changeable_values, all_pages;
2161 + int valid_page = 0;
2162 + int len, limit;
2163 +
2164 + if ((fsg->cmnd[1] & ~0x08) != 0) { // Mask away DBD
2165 + curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
2166 + return -EINVAL;
2167 + }
2168 + pc = fsg->cmnd[2] >> 6;
2169 + page_code = fsg->cmnd[2] & 0x3f;
2170 + if (pc == 3) {
2171 + curlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED;
2172 + return -EINVAL;
2173 + }
2174 + changeable_values = (pc == 1);
2175 + all_pages = (page_code == 0x3f);
2176 +
2177 + /* Write the mode parameter header. Fixed values are: default
2178 + * medium type, no cache control (DPOFUA), and no block descriptors.
2179 + * The only variable value is the WriteProtect bit. We will fill in
2180 + * the mode data length later. */
2181 + memset(buf, 0, 8);
2182 + if (mscmnd == MODE_SENSE) {
2183 + buf[2] = (curlun->ro ? 0x80 : 0x00); // WP, DPOFUA
2184 + buf += 4;
2185 + limit = 255;
2186 + } else { // MODE_SENSE_10
2187 + buf[3] = (curlun->ro ? 0x80 : 0x00); // WP, DPOFUA
2188 + buf += 8;
2189 + limit = 65535; // Should really be mod_data.buflen
2190 + }
2191 +
2192 + /* No block descriptors */
2193 +
2194 + /* The mode pages, in numerical order. The only page we support
2195 + * is the Caching page. */
2196 + if (page_code == 0x08 || all_pages) {
2197 + valid_page = 1;
2198 + buf[0] = 0x08; // Page code
2199 + buf[1] = 10; // Page length
2200 + memset(buf+2, 0, 10); // None of the fields are changeable
2201 +
2202 + if (!changeable_values) {
2203 + buf[2] = 0x04; // Write cache enable,
2204 + // Read cache not disabled
2205 + // No cache retention priorities
2206 + put_unaligned_be16(0xffff, &buf[4]);
2207 + /* Don't disable prefetch */
2208 + /* Minimum prefetch = 0 */
2209 + put_unaligned_be16(0xffff, &buf[8]);
2210 + /* Maximum prefetch */
2211 + put_unaligned_be16(0xffff, &buf[10]);
2212 + /* Maximum prefetch ceiling */
2213 + }
2214 + buf += 12;
2215 + }
2216 +
2217 + /* Check that a valid page was requested and the mode data length
2218 + * isn't too long. */
2219 + len = buf - buf0;
2220 + if (!valid_page || len > limit) {
2221 + curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
2222 + return -EINVAL;
2223 + }
2224 +
2225 + /* Store the mode data length */
2226 + if (mscmnd == MODE_SENSE)
2227 + buf0[0] = len - 1;
2228 + else
2229 + put_unaligned_be16(len - 2, buf0);
2230 + return len;
2231 +}
2232 +
2233 +
2234 +static int do_start_stop(struct fsg_dev *fsg)
2235 +{
2236 + struct fsg_lun *curlun = fsg->curlun;
2237 + int loej, start;
2238 +
2239 + if (!mod_data.removable) {
2240 + curlun->sense_data = SS_INVALID_COMMAND;
2241 + return -EINVAL;
2242 + }
2243 +
2244 + // int immed = fsg->cmnd[1] & 0x01;
2245 + loej = fsg->cmnd[4] & 0x02;
2246 + start = fsg->cmnd[4] & 0x01;
2247 +
2248 +#ifdef CONFIG_USB_FILE_STORAGE_TEST
2249 + if ((fsg->cmnd[1] & ~0x01) != 0 || // Mask away Immed
2250 + (fsg->cmnd[4] & ~0x03) != 0) { // Mask LoEj, Start
2251 + curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
2252 + return -EINVAL;
2253 + }
2254 +
2255 + if (!start) {
2256 +
2257 + /* Are we allowed to unload the media? */
2258 + if (curlun->prevent_medium_removal) {
2259 + LDBG(curlun, "unload attempt prevented\n");
2260 + curlun->sense_data = SS_MEDIUM_REMOVAL_PREVENTED;
2261 + return -EINVAL;
2262 + }
2263 + if (loej) { // Simulate an unload/eject
2264 + up_read(&fsg->filesem);
2265 + down_write(&fsg->filesem);
2266 + fsg_lun_close(curlun);
2267 + up_write(&fsg->filesem);
2268 + down_read(&fsg->filesem);
2269 + }
2270 + } else {
2271 +
2272 + /* Our emulation doesn't support mounting; the medium is
2273 + * available for use as soon as it is loaded. */
2274 + if (!fsg_lun_is_open(curlun)) {
2275 + curlun->sense_data = SS_MEDIUM_NOT_PRESENT;
2276 + return -EINVAL;
2277 + }
2278 + }
2279 +#endif
2280 + return 0;
2281 +}
2282 +
2283 +
2284 +static int do_prevent_allow(struct fsg_dev *fsg)
2285 +{
2286 + struct fsg_lun *curlun = fsg->curlun;
2287 + int prevent;
2288 +
2289 + if (!mod_data.removable) {
2290 + curlun->sense_data = SS_INVALID_COMMAND;
2291 + return -EINVAL;
2292 + }
2293 +
2294 + prevent = fsg->cmnd[4] & 0x01;
2295 + if ((fsg->cmnd[4] & ~0x01) != 0) { // Mask away Prevent
2296 + curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
2297 + return -EINVAL;
2298 + }
2299 +
2300 + if (curlun->prevent_medium_removal && !prevent)
2301 + fsg_lun_fsync_sub(curlun);
2302 + curlun->prevent_medium_removal = prevent;
2303 + return 0;
2304 +}
2305 +
2306 +
2307 +static int do_read_format_capacities(struct fsg_dev *fsg,
2308 + struct fsg_buffhd *bh)
2309 +{
2310 + struct fsg_lun *curlun = fsg->curlun;
2311 + u8 *buf = (u8 *) bh->buf;
2312 +
2313 + buf[0] = buf[1] = buf[2] = 0;
2314 + buf[3] = 8; // Only the Current/Maximum Capacity Descriptor
2315 + buf += 4;
2316 +
2317 + put_unaligned_be32(curlun->num_sectors, &buf[0]);
2318 + /* Number of blocks */
2319 + put_unaligned_be32(curlun->blksize, &buf[4]); /* Block length */
2320 + buf[4] = 0x02; /* Current capacity */
2321 + return 12;
2322 +}
2323 +
2324 +
2325 +static int do_mode_select(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2326 +{
2327 + struct fsg_lun *curlun = fsg->curlun;
2328 +
2329 + /* We don't support MODE SELECT */
2330 + curlun->sense_data = SS_INVALID_COMMAND;
2331 + return -EINVAL;
2332 +}
2333 +
2334 +
2335 +/*-------------------------------------------------------------------------*/
2336 +
2337 +static int halt_bulk_in_endpoint(struct fsg_dev *fsg)
2338 +{
2339 + int rc;
2340 +
2341 + rc = fsg_set_halt(fsg, fsg->bulk_in);
2342 + if (rc == -EAGAIN)
2343 + VDBG(fsg, "delayed bulk-in endpoint halt\n");
2344 + while (rc != 0) {
2345 + if (rc != -EAGAIN) {
2346 + WARNING(fsg, "usb_ep_set_halt -> %d\n", rc);
2347 + rc = 0;
2348 + break;
2349 + }
2350 +
2351 + /* Wait for a short time and then try again */
2352 + if (msleep_interruptible(100) != 0)
2353 + return -EINTR;
2354 + rc = usb_ep_set_halt(fsg->bulk_in);
2355 + }
2356 + return rc;
2357 +}
2358 +
2359 +static int wedge_bulk_in_endpoint(struct fsg_dev *fsg)
2360 +{
2361 + int rc;
2362 +
2363 + DBG(fsg, "bulk-in set wedge\n");
2364 + rc = usb_ep_set_wedge(fsg->bulk_in);
2365 + if (rc == -EAGAIN)
2366 + VDBG(fsg, "delayed bulk-in endpoint wedge\n");
2367 + while (rc != 0) {
2368 + if (rc != -EAGAIN) {
2369 + WARNING(fsg, "usb_ep_set_wedge -> %d\n", rc);
2370 + rc = 0;
2371 + break;
2372 + }
2373 +
2374 + /* Wait for a short time and then try again */
2375 + if (msleep_interruptible(100) != 0)
2376 + return -EINTR;
2377 + rc = usb_ep_set_wedge(fsg->bulk_in);
2378 + }
2379 + return rc;
2380 +}
2381 +
2382 +static int throw_away_data(struct fsg_dev *fsg)
2383 +{
2384 + struct fsg_buffhd *bh;
2385 + u32 amount;
2386 + int rc;
2387 +
2388 + while ((bh = fsg->next_buffhd_to_drain)->state != BUF_STATE_EMPTY ||
2389 + fsg->usb_amount_left > 0) {
2390 +
2391 + /* Throw away the data in a filled buffer */
2392 + if (bh->state == BUF_STATE_FULL) {
2393 + smp_rmb();
2394 + bh->state = BUF_STATE_EMPTY;
2395 + fsg->next_buffhd_to_drain = bh->next;
2396 +
2397 + /* A short packet or an error ends everything */
2398 + if (bh->outreq->actual < bh->bulk_out_intended_length ||
2399 + bh->outreq->status != 0) {
2400 + raise_exception(fsg, FSG_STATE_ABORT_BULK_OUT);
2401 + return -EINTR;
2402 + }
2403 + continue;
2404 + }
2405 +
2406 + /* Try to submit another request if we need one */
2407 + bh = fsg->next_buffhd_to_fill;
2408 + if (bh->state == BUF_STATE_EMPTY && fsg->usb_amount_left > 0) {
2409 + amount = min(fsg->usb_amount_left,
2410 + (u32) mod_data.buflen);
2411 +
2412 + /* Except at the end of the transfer, amount will be
2413 + * equal to the buffer size, which is divisible by
2414 + * the bulk-out maxpacket size.
2415 + */
2416 + set_bulk_out_req_length(fsg, bh, amount);
2417 + start_transfer(fsg, fsg->bulk_out, bh->outreq,
2418 + &bh->outreq_busy, &bh->state);
2419 + fsg->next_buffhd_to_fill = bh->next;
2420 + fsg->usb_amount_left -= amount;
2421 + continue;
2422 + }
2423 +
2424 + /* Otherwise wait for something to happen */
2425 + rc = sleep_thread(fsg);
2426 + if (rc)
2427 + return rc;
2428 + }
2429 + return 0;
2430 +}
2431 +
2432 +
2433 +static int finish_reply(struct fsg_dev *fsg)
2434 +{
2435 + struct fsg_buffhd *bh = fsg->next_buffhd_to_fill;
2436 + int rc = 0;
2437 +
2438 + switch (fsg->data_dir) {
2439 + case DATA_DIR_NONE:
2440 + break; // Nothing to send
2441 +
2442 + /* If we don't know whether the host wants to read or write,
2443 + * this must be CB or CBI with an unknown command. We mustn't
2444 + * try to send or receive any data. So stall both bulk pipes
2445 + * if we can and wait for a reset. */
2446 + case DATA_DIR_UNKNOWN:
2447 + if (mod_data.can_stall) {
2448 + fsg_set_halt(fsg, fsg->bulk_out);
2449 + rc = halt_bulk_in_endpoint(fsg);
2450 + }
2451 + break;
2452 +
2453 + /* All but the last buffer of data must have already been sent */
2454 + case DATA_DIR_TO_HOST:
2455 + if (fsg->data_size == 0)
2456 + ; // Nothing to send
2457 +
2458 + /* If there's no residue, simply send the last buffer */
2459 + else if (fsg->residue == 0) {
2460 + bh->inreq->zero = 0;
2461 + start_transfer(fsg, fsg->bulk_in, bh->inreq,
2462 + &bh->inreq_busy, &bh->state);
2463 + fsg->next_buffhd_to_fill = bh->next;
2464 + }
2465 +
2466 + /* There is a residue. For CB and CBI, simply mark the end
2467 + * of the data with a short packet. However, if we are
2468 + * allowed to stall, there was no data at all (residue ==
2469 + * data_size), and the command failed (invalid LUN or
2470 + * sense data is set), then halt the bulk-in endpoint
2471 + * instead. */
2472 + else if (!transport_is_bbb()) {
2473 + if (mod_data.can_stall &&
2474 + fsg->residue == fsg->data_size &&
2475 + (!fsg->curlun || fsg->curlun->sense_data != SS_NO_SENSE)) {
2476 + bh->state = BUF_STATE_EMPTY;
2477 + rc = halt_bulk_in_endpoint(fsg);
2478 + } else {
2479 + bh->inreq->zero = 1;
2480 + start_transfer(fsg, fsg->bulk_in, bh->inreq,
2481 + &bh->inreq_busy, &bh->state);
2482 + fsg->next_buffhd_to_fill = bh->next;
2483 + }
2484 + }
2485 +
2486 + /*
2487 + * For Bulk-only, mark the end of the data with a short
2488 + * packet. If we are allowed to stall, halt the bulk-in
2489 + * endpoint. (Note: This violates the Bulk-Only Transport
2490 + * specification, which requires us to pad the data if we
2491 + * don't halt the endpoint. Presumably nobody will mind.)
2492 + */
2493 + else {
2494 + bh->inreq->zero = 1;
2495 + start_transfer(fsg, fsg->bulk_in, bh->inreq,
2496 + &bh->inreq_busy, &bh->state);
2497 + fsg->next_buffhd_to_fill = bh->next;
2498 + if (mod_data.can_stall)
2499 + rc = halt_bulk_in_endpoint(fsg);
2500 + }
2501 + break;
2502 +
2503 + /* We have processed all we want from the data the host has sent.
2504 + * There may still be outstanding bulk-out requests. */
2505 + case DATA_DIR_FROM_HOST:
2506 + if (fsg->residue == 0)
2507 + ; // Nothing to receive
2508 +
2509 + /* Did the host stop sending unexpectedly early? */
2510 + else if (fsg->short_packet_received) {
2511 + raise_exception(fsg, FSG_STATE_ABORT_BULK_OUT);
2512 + rc = -EINTR;
2513 + }
2514 +
2515 + /* We haven't processed all the incoming data. Even though
2516 + * we may be allowed to stall, doing so would cause a race.
2517 + * The controller may already have ACK'ed all the remaining
2518 + * bulk-out packets, in which case the host wouldn't see a
2519 + * STALL. Not realizing the endpoint was halted, it wouldn't
2520 + * clear the halt -- leading to problems later on. */
2521 +#if 0
2522 + else if (mod_data.can_stall) {
2523 + fsg_set_halt(fsg, fsg->bulk_out);
2524 + raise_exception(fsg, FSG_STATE_ABORT_BULK_OUT);
2525 + rc = -EINTR;
2526 + }
2527 +#endif
2528 +
2529 + /* We can't stall. Read in the excess data and throw it
2530 + * all away. */
2531 + else
2532 + rc = throw_away_data(fsg);
2533 + break;
2534 + }
2535 + return rc;
2536 +}
2537 +
2538 +
2539 +static int send_status(struct fsg_dev *fsg)
2540 +{
2541 + struct fsg_lun *curlun = fsg->curlun;
2542 + struct fsg_buffhd *bh;
2543 + int rc;
2544 + u8 status = US_BULK_STAT_OK;
2545 + u32 sd, sdinfo = 0;
2546 +
2547 + /* Wait for the next buffer to become available */
2548 + bh = fsg->next_buffhd_to_fill;
2549 + while (bh->state != BUF_STATE_EMPTY) {
2550 + rc = sleep_thread(fsg);
2551 + if (rc)
2552 + return rc;
2553 + }
2554 +
2555 + if (curlun) {
2556 + sd = curlun->sense_data;
2557 + sdinfo = curlun->sense_data_info;
2558 + } else if (fsg->bad_lun_okay)
2559 + sd = SS_NO_SENSE;
2560 + else
2561 + sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
2562 +
2563 + if (fsg->phase_error) {
2564 + DBG(fsg, "sending phase-error status\n");
2565 + status = US_BULK_STAT_PHASE;
2566 + sd = SS_INVALID_COMMAND;
2567 + } else if (sd != SS_NO_SENSE) {
2568 + DBG(fsg, "sending command-failure status\n");
2569 + status = US_BULK_STAT_FAIL;
2570 + VDBG(fsg, " sense data: SK x%02x, ASC x%02x, ASCQ x%02x;"
2571 + " info x%x\n",
2572 + SK(sd), ASC(sd), ASCQ(sd), sdinfo);
2573 + }
2574 +
2575 + if (transport_is_bbb()) {
2576 + struct bulk_cs_wrap *csw = bh->buf;
2577 +
2578 + /* Store and send the Bulk-only CSW */
2579 + csw->Signature = cpu_to_le32(US_BULK_CS_SIGN);
2580 + csw->Tag = fsg->tag;
2581 + csw->Residue = cpu_to_le32(fsg->residue);
2582 + csw->Status = status;
2583 +
2584 + bh->inreq->length = US_BULK_CS_WRAP_LEN;
2585 + bh->inreq->zero = 0;
2586 + start_transfer(fsg, fsg->bulk_in, bh->inreq,
2587 + &bh->inreq_busy, &bh->state);
2588 +
2589 + } else if (mod_data.transport_type == USB_PR_CB) {
2590 +
2591 + /* Control-Bulk transport has no status phase! */
2592 + return 0;
2593 +
2594 + } else { // USB_PR_CBI
2595 + struct interrupt_data *buf = bh->buf;
2596 +
2597 + /* Store and send the Interrupt data. UFI sends the ASC
2598 + * and ASCQ bytes. Everything else sends a Type (which
2599 + * is always 0) and the status Value. */
2600 + if (mod_data.protocol_type == USB_SC_UFI) {
2601 + buf->bType = ASC(sd);
2602 + buf->bValue = ASCQ(sd);
2603 + } else {
2604 + buf->bType = 0;
2605 + buf->bValue = status;
2606 + }
2607 + fsg->intreq->length = CBI_INTERRUPT_DATA_LEN;
2608 +
2609 + fsg->intr_buffhd = bh; // Point to the right buffhd
2610 + fsg->intreq->buf = bh->inreq->buf;
2611 + fsg->intreq->context = bh;
2612 + start_transfer(fsg, fsg->intr_in, fsg->intreq,
2613 + &fsg->intreq_busy, &bh->state);
2614 + }
2615 +
2616 + fsg->next_buffhd_to_fill = bh->next;
2617 + return 0;
2618 +}
2619 +
2620 +
2621 +/*-------------------------------------------------------------------------*/
2622 +
2623 +/* Check whether the command is properly formed and whether its data size
2624 + * and direction agree with the values we already have. */
2625 +static int check_command(struct fsg_dev *fsg, int cmnd_size,
2626 + enum data_direction data_dir, unsigned int mask,
2627 + int needs_medium, const char *name)
2628 +{
2629 + int i;
2630 + int lun = fsg->cmnd[1] >> 5;
2631 + static const char dirletter[4] = {'u', 'o', 'i', 'n'};
2632 + char hdlen[20];
2633 + struct fsg_lun *curlun;
2634 +
2635 + /* Adjust the expected cmnd_size for protocol encapsulation padding.
2636 + * Transparent SCSI doesn't pad. */
2637 + if (protocol_is_scsi())
2638 + ;
2639 +
2640 + /* There's some disagreement as to whether RBC pads commands or not.
2641 + * We'll play it safe and accept either form. */
2642 + else if (mod_data.protocol_type == USB_SC_RBC) {
2643 + if (fsg->cmnd_size == 12)
2644 + cmnd_size = 12;
2645 +
2646 + /* All the other protocols pad to 12 bytes */
2647 + } else
2648 + cmnd_size = 12;
2649 +
2650 + hdlen[0] = 0;
2651 + if (fsg->data_dir != DATA_DIR_UNKNOWN)
2652 + sprintf(hdlen, ", H%c=%u", dirletter[(int) fsg->data_dir],
2653 + fsg->data_size);
2654 + VDBG(fsg, "SCSI command: %s; Dc=%d, D%c=%u; Hc=%d%s\n",
2655 + name, cmnd_size, dirletter[(int) data_dir],
2656 + fsg->data_size_from_cmnd, fsg->cmnd_size, hdlen);
2657 +
2658 + /* We can't reply at all until we know the correct data direction
2659 + * and size. */
2660 + if (fsg->data_size_from_cmnd == 0)
2661 + data_dir = DATA_DIR_NONE;
2662 + if (fsg->data_dir == DATA_DIR_UNKNOWN) { // CB or CBI
2663 + fsg->data_dir = data_dir;
2664 + fsg->data_size = fsg->data_size_from_cmnd;
2665 +
2666 + } else { // Bulk-only
2667 + if (fsg->data_size < fsg->data_size_from_cmnd) {
2668 +
2669 + /* Host data size < Device data size is a phase error.
2670 + * Carry out the command, but only transfer as much
2671 + * as we are allowed. */
2672 + fsg->data_size_from_cmnd = fsg->data_size;
2673 + fsg->phase_error = 1;
2674 + }
2675 + }
2676 + fsg->residue = fsg->usb_amount_left = fsg->data_size;
2677 +
2678 + /* Conflicting data directions is a phase error */
2679 + if (fsg->data_dir != data_dir && fsg->data_size_from_cmnd > 0) {
2680 + fsg->phase_error = 1;
2681 + return -EINVAL;
2682 + }
2683 +
2684 + /* Verify the length of the command itself */
2685 + if (cmnd_size != fsg->cmnd_size) {
2686 +
2687 + /* Special case workaround: There are plenty of buggy SCSI
2688 + * implementations. Many have issues with cbw->Length
2689 + * field passing a wrong command size. For those cases we
2690 + * always try to work around the problem by using the length
2691 + * sent by the host side provided it is at least as large
2692 + * as the correct command length.
2693 + * Examples of such cases would be MS-Windows, which issues
2694 + * REQUEST SENSE with cbw->Length == 12 where it should
2695 + * be 6, and xbox360 issuing INQUIRY, TEST UNIT READY and
2696 + * REQUEST SENSE with cbw->Length == 10 where it should
2697 + * be 6 as well.
2698 + */
2699 + if (cmnd_size <= fsg->cmnd_size) {
2700 + DBG(fsg, "%s is buggy! Expected length %d "
2701 + "but we got %d\n", name,
2702 + cmnd_size, fsg->cmnd_size);
2703 + cmnd_size = fsg->cmnd_size;
2704 + } else {
2705 + fsg->phase_error = 1;
2706 + return -EINVAL;
2707 + }
2708 + }
2709 +
2710 + /* Check that the LUN values are consistent */
2711 + if (transport_is_bbb()) {
2712 + if (fsg->lun != lun)
2713 + DBG(fsg, "using LUN %d from CBW, "
2714 + "not LUN %d from CDB\n",
2715 + fsg->lun, lun);
2716 + }
2717 +
2718 + /* Check the LUN */
2719 + curlun = fsg->curlun;
2720 + if (curlun) {
2721 + if (fsg->cmnd[0] != REQUEST_SENSE) {
2722 + curlun->sense_data = SS_NO_SENSE;
2723 + curlun->sense_data_info = 0;
2724 + curlun->info_valid = 0;
2725 + }
2726 + } else {
2727 + fsg->bad_lun_okay = 0;
2728 +
2729 + /* INQUIRY and REQUEST SENSE commands are explicitly allowed
2730 + * to use unsupported LUNs; all others may not. */
2731 + if (fsg->cmnd[0] != INQUIRY &&
2732 + fsg->cmnd[0] != REQUEST_SENSE) {
2733 + DBG(fsg, "unsupported LUN %d\n", fsg->lun);
2734 + return -EINVAL;
2735 + }
2736 + }
2737 +
2738 + /* If a unit attention condition exists, only INQUIRY and
2739 + * REQUEST SENSE commands are allowed; anything else must fail. */
2740 + if (curlun && curlun->unit_attention_data != SS_NO_SENSE &&
2741 + fsg->cmnd[0] != INQUIRY &&
2742 + fsg->cmnd[0] != REQUEST_SENSE) {
2743 + curlun->sense_data = curlun->unit_attention_data;
2744 + curlun->unit_attention_data = SS_NO_SENSE;
2745 + return -EINVAL;
2746 + }
2747 +
2748 + /* Check that only command bytes listed in the mask are non-zero */
2749 + fsg->cmnd[1] &= 0x1f; // Mask away the LUN
2750 + for (i = 1; i < cmnd_size; ++i) {
2751 + if (fsg->cmnd[i] && !(mask & (1 << i))) {
2752 + if (curlun)
2753 + curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
2754 + return -EINVAL;
2755 + }
2756 + }
2757 +
2758 + /* If the medium isn't mounted and the command needs to access
2759 + * it, return an error. */
2760 + if (curlun && !fsg_lun_is_open(curlun) && needs_medium) {
2761 + curlun->sense_data = SS_MEDIUM_NOT_PRESENT;
2762 + return -EINVAL;
2763 + }
2764 +
2765 + return 0;
2766 +}
2767 +
2768 +/* wrapper of check_command for data size in blocks handling */
2769 +static int check_command_size_in_blocks(struct fsg_dev *fsg, int cmnd_size,
2770 + enum data_direction data_dir, unsigned int mask,
2771 + int needs_medium, const char *name)
2772 +{
2773 + if (fsg->curlun)
2774 + fsg->data_size_from_cmnd <<= fsg->curlun->blkbits;
2775 + return check_command(fsg, cmnd_size, data_dir,
2776 + mask, needs_medium, name);
2777 +}
2778 +
2779 +static int do_scsi_command(struct fsg_dev *fsg)
2780 +{
2781 + struct fsg_buffhd *bh;
2782 + int rc;
2783 + int reply = -EINVAL;
2784 + int i;
2785 + static char unknown[16];
2786 +
2787 + dump_cdb(fsg);
2788 +
2789 + /* Wait for the next buffer to become available for data or status */
2790 + bh = fsg->next_buffhd_to_drain = fsg->next_buffhd_to_fill;
2791 + while (bh->state != BUF_STATE_EMPTY) {
2792 + rc = sleep_thread(fsg);
2793 + if (rc)
2794 + return rc;
2795 + }
2796 + fsg->phase_error = 0;
2797 + fsg->short_packet_received = 0;
2798 +
2799 + down_read(&fsg->filesem); // We're using the backing file
2800 + switch (fsg->cmnd[0]) {
2801 +
2802 + case INQUIRY:
2803 + fsg->data_size_from_cmnd = fsg->cmnd[4];
2804 + if ((reply = check_command(fsg, 6, DATA_DIR_TO_HOST,
2805 + (1<<4), 0,
2806 + "INQUIRY")) == 0)
2807 + reply = do_inquiry(fsg, bh);
2808 + break;
2809 +
2810 + case MODE_SELECT:
2811 + fsg->data_size_from_cmnd = fsg->cmnd[4];
2812 + if ((reply = check_command(fsg, 6, DATA_DIR_FROM_HOST,
2813 + (1<<1) | (1<<4), 0,
2814 + "MODE SELECT(6)")) == 0)
2815 + reply = do_mode_select(fsg, bh);
2816 + break;
2817 +
2818 + case MODE_SELECT_10:
2819 + fsg->data_size_from_cmnd = get_unaligned_be16(&fsg->cmnd[7]);
2820 + if ((reply = check_command(fsg, 10, DATA_DIR_FROM_HOST,
2821 + (1<<1) | (3<<7), 0,
2822 + "MODE SELECT(10)")) == 0)
2823 + reply = do_mode_select(fsg, bh);
2824 + break;
2825 +
2826 + case MODE_SENSE:
2827 + fsg->data_size_from_cmnd = fsg->cmnd[4];
2828 + if ((reply = check_command(fsg, 6, DATA_DIR_TO_HOST,
2829 + (1<<1) | (1<<2) | (1<<4), 0,
2830 + "MODE SENSE(6)")) == 0)
2831 + reply = do_mode_sense(fsg, bh);
2832 + break;
2833 +
2834 + case MODE_SENSE_10:
2835 + fsg->data_size_from_cmnd = get_unaligned_be16(&fsg->cmnd[7]);
2836 + if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST,
2837 + (1<<1) | (1<<2) | (3<<7), 0,
2838 + "MODE SENSE(10)")) == 0)
2839 + reply = do_mode_sense(fsg, bh);
2840 + break;
2841 +
2842 + case ALLOW_MEDIUM_REMOVAL:
2843 + fsg->data_size_from_cmnd = 0;
2844 + if ((reply = check_command(fsg, 6, DATA_DIR_NONE,
2845 + (1<<4), 0,
2846 + "PREVENT-ALLOW MEDIUM REMOVAL")) == 0)
2847 + reply = do_prevent_allow(fsg);
2848 + break;
2849 +
2850 + case READ_6:
2851 + i = fsg->cmnd[4];
2852 + fsg->data_size_from_cmnd = (i == 0) ? 256 : i;
2853 + if ((reply = check_command_size_in_blocks(fsg, 6,
2854 + DATA_DIR_TO_HOST,
2855 + (7<<1) | (1<<4), 1,
2856 + "READ(6)")) == 0)
2857 + reply = do_read(fsg);
2858 + break;
2859 +
2860 + case READ_10:
2861 + fsg->data_size_from_cmnd = get_unaligned_be16(&fsg->cmnd[7]);
2862 + if ((reply = check_command_size_in_blocks(fsg, 10,
2863 + DATA_DIR_TO_HOST,
2864 + (1<<1) | (0xf<<2) | (3<<7), 1,
2865 + "READ(10)")) == 0)
2866 + reply = do_read(fsg);
2867 + break;
2868 +
2869 + case READ_12:
2870 + fsg->data_size_from_cmnd = get_unaligned_be32(&fsg->cmnd[6]);
2871 + if ((reply = check_command_size_in_blocks(fsg, 12,
2872 + DATA_DIR_TO_HOST,
2873 + (1<<1) | (0xf<<2) | (0xf<<6), 1,
2874 + "READ(12)")) == 0)
2875 + reply = do_read(fsg);
2876 + break;
2877 +
2878 + case READ_CAPACITY:
2879 + fsg->data_size_from_cmnd = 8;
2880 + if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST,
2881 + (0xf<<2) | (1<<8), 1,
2882 + "READ CAPACITY")) == 0)
2883 + reply = do_read_capacity(fsg, bh);
2884 + break;
2885 +
2886 + case READ_HEADER:
2887 + if (!mod_data.cdrom)
2888 + goto unknown_cmnd;
2889 + fsg->data_size_from_cmnd = get_unaligned_be16(&fsg->cmnd[7]);
2890 + if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST,
2891 + (3<<7) | (0x1f<<1), 1,
2892 + "READ HEADER")) == 0)
2893 + reply = do_read_header(fsg, bh);
2894 + break;
2895 +
2896 + case READ_TOC:
2897 + if (!mod_data.cdrom)
2898 + goto unknown_cmnd;
2899 + fsg->data_size_from_cmnd = get_unaligned_be16(&fsg->cmnd[7]);
2900 + if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST,
2901 + (7<<6) | (1<<1), 1,
2902 + "READ TOC")) == 0)
2903 + reply = do_read_toc(fsg, bh);
2904 + break;
2905 +
2906 + case READ_FORMAT_CAPACITIES:
2907 + fsg->data_size_from_cmnd = get_unaligned_be16(&fsg->cmnd[7]);
2908 + if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST,
2909 + (3<<7), 1,
2910 + "READ FORMAT CAPACITIES")) == 0)
2911 + reply = do_read_format_capacities(fsg, bh);
2912 + break;
2913 +
2914 + case REQUEST_SENSE:
2915 + fsg->data_size_from_cmnd = fsg->cmnd[4];
2916 + if ((reply = check_command(fsg, 6, DATA_DIR_TO_HOST,
2917 + (1<<4), 0,
2918 + "REQUEST SENSE")) == 0)
2919 + reply = do_request_sense(fsg, bh);
2920 + break;
2921 +
2922 + case START_STOP:
2923 + fsg->data_size_from_cmnd = 0;
2924 + if ((reply = check_command(fsg, 6, DATA_DIR_NONE,
2925 + (1<<1) | (1<<4), 0,
2926 + "START-STOP UNIT")) == 0)
2927 + reply = do_start_stop(fsg);
2928 + break;
2929 +
2930 + case SYNCHRONIZE_CACHE:
2931 + fsg->data_size_from_cmnd = 0;
2932 + if ((reply = check_command(fsg, 10, DATA_DIR_NONE,
2933 + (0xf<<2) | (3<<7), 1,
2934 + "SYNCHRONIZE CACHE")) == 0)
2935 + reply = do_synchronize_cache(fsg);
2936 + break;
2937 +
2938 + case TEST_UNIT_READY:
2939 + fsg->data_size_from_cmnd = 0;
2940 + reply = check_command(fsg, 6, DATA_DIR_NONE,
2941 + 0, 1,
2942 + "TEST UNIT READY");
2943 + break;
2944 +
2945 + /* Although optional, this command is used by MS-Windows. We
2946 + * support a minimal version: BytChk must be 0. */
2947 + case VERIFY:
2948 + fsg->data_size_from_cmnd = 0;
2949 + if ((reply = check_command(fsg, 10, DATA_DIR_NONE,
2950 + (1<<1) | (0xf<<2) | (3<<7), 1,
2951 + "VERIFY")) == 0)
2952 + reply = do_verify(fsg);
2953 + break;
2954 +
2955 + case WRITE_6:
2956 + i = fsg->cmnd[4];
2957 + fsg->data_size_from_cmnd = (i == 0) ? 256 : i;
2958 + if ((reply = check_command_size_in_blocks(fsg, 6,
2959 + DATA_DIR_FROM_HOST,
2960 + (7<<1) | (1<<4), 1,
2961 + "WRITE(6)")) == 0)
2962 + reply = do_write(fsg);
2963 + break;
2964 +
2965 + case WRITE_10:
2966 + fsg->data_size_from_cmnd = get_unaligned_be16(&fsg->cmnd[7]);
2967 + if ((reply = check_command_size_in_blocks(fsg, 10,
2968 + DATA_DIR_FROM_HOST,
2969 + (1<<1) | (0xf<<2) | (3<<7), 1,
2970 + "WRITE(10)")) == 0)
2971 + reply = do_write(fsg);
2972 + break;
2973 +
2974 + case WRITE_12:
2975 + fsg->data_size_from_cmnd = get_unaligned_be32(&fsg->cmnd[6]);
2976 + if ((reply = check_command_size_in_blocks(fsg, 12,
2977 + DATA_DIR_FROM_HOST,
2978 + (1<<1) | (0xf<<2) | (0xf<<6), 1,
2979 + "WRITE(12)")) == 0)
2980 + reply = do_write(fsg);
2981 + break;
2982 +
2983 + /* Some mandatory commands that we recognize but don't implement.
2984 + * They don't mean much in this setting. It's left as an exercise
2985 + * for anyone interested to implement RESERVE and RELEASE in terms
2986 + * of Posix locks. */
2987 + case FORMAT_UNIT:
2988 + case RELEASE:
2989 + case RESERVE:
2990 + case SEND_DIAGNOSTIC:
2991 + // Fall through
2992 +
2993 + default:
2994 + unknown_cmnd:
2995 + fsg->data_size_from_cmnd = 0;
2996 + sprintf(unknown, "Unknown x%02x", fsg->cmnd[0]);
2997 + if ((reply = check_command(fsg, fsg->cmnd_size,
2998 + DATA_DIR_UNKNOWN, ~0, 0, unknown)) == 0) {
2999 + fsg->curlun->sense_data = SS_INVALID_COMMAND;
3000 + reply = -EINVAL;
3001 + }
3002 + break;
3003 + }
3004 + up_read(&fsg->filesem);
3005 +
3006 + if (reply == -EINTR || signal_pending(current))
3007 + return -EINTR;
3008 +
3009 + /* Set up the single reply buffer for finish_reply() */
3010 + if (reply == -EINVAL)
3011 + reply = 0; // Error reply length
3012 + if (reply >= 0 && fsg->data_dir == DATA_DIR_TO_HOST) {
3013 + reply = min((u32) reply, fsg->data_size_from_cmnd);
3014 + bh->inreq->length = reply;
3015 + bh->state = BUF_STATE_FULL;
3016 + fsg->residue -= reply;
3017 + } // Otherwise it's already set
3018 +
3019 + return 0;
3020 +}
3021 +
3022 +
3023 +/*-------------------------------------------------------------------------*/
3024 +
3025 +static int received_cbw(struct fsg_dev *fsg, struct fsg_buffhd *bh)
3026 +{
3027 + struct usb_request *req = bh->outreq;
3028 + struct bulk_cb_wrap *cbw = req->buf;
3029 +
3030 + /* Was this a real packet? Should it be ignored? */
3031 + if (req->status || test_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags))
3032 + return -EINVAL;
3033 +
3034 + /* Is the CBW valid? */
3035 + if (req->actual != US_BULK_CB_WRAP_LEN ||
3036 + cbw->Signature != cpu_to_le32(
3037 + US_BULK_CB_SIGN)) {
3038 + DBG(fsg, "invalid CBW: len %u sig 0x%x\n",
3039 + req->actual,
3040 + le32_to_cpu(cbw->Signature));
3041 +
3042 + /* The Bulk-only spec says we MUST stall the IN endpoint
3043 + * (6.6.1), so it's unavoidable. It also says we must
3044 + * retain this state until the next reset, but there's
3045 + * no way to tell the controller driver it should ignore
3046 + * Clear-Feature(HALT) requests.
3047 + *
3048 + * We aren't required to halt the OUT endpoint; instead
3049 + * we can simply accept and discard any data received
3050 + * until the next reset. */
3051 + wedge_bulk_in_endpoint(fsg);
3052 + set_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags);
3053 + return -EINVAL;
3054 + }
3055 +
3056 + /* Is the CBW meaningful? */
3057 + if (cbw->Lun >= FSG_MAX_LUNS || cbw->Flags & ~US_BULK_FLAG_IN ||
3058 + cbw->Length <= 0 || cbw->Length > MAX_COMMAND_SIZE) {
3059 + DBG(fsg, "non-meaningful CBW: lun = %u, flags = 0x%x, "
3060 + "cmdlen %u\n",
3061 + cbw->Lun, cbw->Flags, cbw->Length);
3062 +
3063 + /* We can do anything we want here, so let's stall the
3064 + * bulk pipes if we are allowed to. */
3065 + if (mod_data.can_stall) {
3066 + fsg_set_halt(fsg, fsg->bulk_out);
3067 + halt_bulk_in_endpoint(fsg);
3068 + }
3069 + return -EINVAL;
3070 + }
3071 +
3072 + /* Save the command for later */
3073 + fsg->cmnd_size = cbw->Length;
3074 + memcpy(fsg->cmnd, cbw->CDB, fsg->cmnd_size);
3075 + if (cbw->Flags & US_BULK_FLAG_IN)
3076 + fsg->data_dir = DATA_DIR_TO_HOST;
3077 + else
3078 + fsg->data_dir = DATA_DIR_FROM_HOST;
3079 + fsg->data_size = le32_to_cpu(cbw->DataTransferLength);
3080 + if (fsg->data_size == 0)
3081 + fsg->data_dir = DATA_DIR_NONE;
3082 + fsg->lun = cbw->Lun;
3083 + fsg->tag = cbw->Tag;
3084 + return 0;
3085 +}
3086 +
3087 +
3088 +static int get_next_command(struct fsg_dev *fsg)
3089 +{
3090 + struct fsg_buffhd *bh;
3091 + int rc = 0;
3092 +
3093 + if (transport_is_bbb()) {
3094 +
3095 + /* Wait for the next buffer to become available */
3096 + bh = fsg->next_buffhd_to_fill;
3097 + while (bh->state != BUF_STATE_EMPTY) {
3098 + rc = sleep_thread(fsg);
3099 + if (rc)
3100 + return rc;
3101 + }
3102 +
3103 + /* Queue a request to read a Bulk-only CBW */
3104 + set_bulk_out_req_length(fsg, bh, US_BULK_CB_WRAP_LEN);
3105 + start_transfer(fsg, fsg->bulk_out, bh->outreq,
3106 + &bh->outreq_busy, &bh->state);
3107 +
3108 + /* We will drain the buffer in software, which means we
3109 + * can reuse it for the next filling. No need to advance
3110 + * next_buffhd_to_fill. */
3111 +
3112 + /* Wait for the CBW to arrive */
3113 + while (bh->state != BUF_STATE_FULL) {
3114 + rc = sleep_thread(fsg);
3115 + if (rc)
3116 + return rc;
3117 + }
3118 + smp_rmb();
3119 + rc = received_cbw(fsg, bh);
3120 + bh->state = BUF_STATE_EMPTY;
3121 +
3122 + } else { // USB_PR_CB or USB_PR_CBI
3123 +
3124 + /* Wait for the next command to arrive */
3125 + while (fsg->cbbuf_cmnd_size == 0) {
3126 + rc = sleep_thread(fsg);
3127 + if (rc)
3128 + return rc;
3129 + }
3130 +
3131 + /* Is the previous status interrupt request still busy?
3132 + * The host is allowed to skip reading the status,
3133 + * so we must cancel it. */
3134 + if (fsg->intreq_busy)
3135 + usb_ep_dequeue(fsg->intr_in, fsg->intreq);
3136 +
3137 + /* Copy the command and mark the buffer empty */
3138 + fsg->data_dir = DATA_DIR_UNKNOWN;
3139 + spin_lock_irq(&fsg->lock);
3140 + fsg->cmnd_size = fsg->cbbuf_cmnd_size;
3141 + memcpy(fsg->cmnd, fsg->cbbuf_cmnd, fsg->cmnd_size);
3142 + fsg->cbbuf_cmnd_size = 0;
3143 + spin_unlock_irq(&fsg->lock);
3144 +
3145 + /* Use LUN from the command */
3146 + fsg->lun = fsg->cmnd[1] >> 5;
3147 + }
3148 +
3149 + /* Update current lun */
3150 + if (fsg->lun >= 0 && fsg->lun < fsg->nluns)
3151 + fsg->curlun = &fsg->luns[fsg->lun];
3152 + else
3153 + fsg->curlun = NULL;
3154 +
3155 + return rc;
3156 +}
3157 +
3158 +
3159 +/*-------------------------------------------------------------------------*/
3160 +
3161 +static int enable_endpoint(struct fsg_dev *fsg, struct usb_ep *ep,
3162 + const struct usb_endpoint_descriptor *d)
3163 +{
3164 + int rc;
3165 +
3166 + ep->driver_data = fsg;
3167 + ep->desc = d;
3168 + rc = usb_ep_enable(ep);
3169 + if (rc)
3170 + ERROR(fsg, "can't enable %s, result %d\n", ep->name, rc);
3171 + return rc;
3172 +}
3173 +
3174 +static int alloc_request(struct fsg_dev *fsg, struct usb_ep *ep,
3175 + struct usb_request **preq)
3176 +{
3177 + *preq = usb_ep_alloc_request(ep, GFP_ATOMIC);
3178 + if (*preq)
3179 + return 0;
3180 + ERROR(fsg, "can't allocate request for %s\n", ep->name);
3181 + return -ENOMEM;
3182 +}
3183 +
3184 +/*
3185 + * Reset interface setting and re-init endpoint state (toggle etc).
3186 + * Call with altsetting < 0 to disable the interface. The only other
3187 + * available altsetting is 0, which enables the interface.
3188 + */
3189 +static int do_set_interface(struct fsg_dev *fsg, int altsetting)
3190 +{
3191 + int rc = 0;
3192 + int i;
3193 + const struct usb_endpoint_descriptor *d;
3194 +
3195 + if (fsg->running)
3196 + DBG(fsg, "reset interface\n");
3197 +
3198 +reset:
3199 + /* Deallocate the requests */
3200 + for (i = 0; i < fsg_num_buffers; ++i) {
3201 + struct fsg_buffhd *bh = &fsg->buffhds[i];
3202 +
3203 + if (bh->inreq) {
3204 + usb_ep_free_request(fsg->bulk_in, bh->inreq);
3205 + bh->inreq = NULL;
3206 + }
3207 + if (bh->outreq) {
3208 + usb_ep_free_request(fsg->bulk_out, bh->outreq);
3209 + bh->outreq = NULL;
3210 + }
3211 + }
3212 + if (fsg->intreq) {
3213 + usb_ep_free_request(fsg->intr_in, fsg->intreq);
3214 + fsg->intreq = NULL;
3215 + }
3216 +
3217 + /* Disable the endpoints */
3218 + if (fsg->bulk_in_enabled) {
3219 + usb_ep_disable(fsg->bulk_in);
3220 + fsg->bulk_in_enabled = 0;
3221 + }
3222 + if (fsg->bulk_out_enabled) {
3223 + usb_ep_disable(fsg->bulk_out);
3224 + fsg->bulk_out_enabled = 0;
3225 + }
3226 + if (fsg->intr_in_enabled) {
3227 + usb_ep_disable(fsg->intr_in);
3228 + fsg->intr_in_enabled = 0;
3229 + }
3230 +
3231 + fsg->running = 0;
3232 + if (altsetting < 0 || rc != 0)
3233 + return rc;
3234 +
3235 + DBG(fsg, "set interface %d\n", altsetting);
3236 +
3237 + /* Enable the endpoints */
3238 + d = fsg_ep_desc(fsg->gadget,
3239 + &fsg_fs_bulk_in_desc, &fsg_hs_bulk_in_desc,
3240 + &fsg_ss_bulk_in_desc);
3241 + if ((rc = enable_endpoint(fsg, fsg->bulk_in, d)) != 0)
3242 + goto reset;
3243 + fsg->bulk_in_enabled = 1;
3244 +
3245 + d = fsg_ep_desc(fsg->gadget,
3246 + &fsg_fs_bulk_out_desc, &fsg_hs_bulk_out_desc,
3247 + &fsg_ss_bulk_out_desc);
3248 + if ((rc = enable_endpoint(fsg, fsg->bulk_out, d)) != 0)
3249 + goto reset;
3250 + fsg->bulk_out_enabled = 1;
3251 + fsg->bulk_out_maxpacket = usb_endpoint_maxp(d);
3252 + clear_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags);
3253 +
3254 + if (transport_is_cbi()) {
3255 + d = fsg_ep_desc(fsg->gadget,
3256 + &fsg_fs_intr_in_desc, &fsg_hs_intr_in_desc,
3257 + &fsg_ss_intr_in_desc);
3258 + if ((rc = enable_endpoint(fsg, fsg->intr_in, d)) != 0)
3259 + goto reset;
3260 + fsg->intr_in_enabled = 1;
3261 + }
3262 +
3263 + /* Allocate the requests */
3264 + for (i = 0; i < fsg_num_buffers; ++i) {
3265 + struct fsg_buffhd *bh = &fsg->buffhds[i];
3266 +
3267 + if ((rc = alloc_request(fsg, fsg->bulk_in, &bh->inreq)) != 0)
3268 + goto reset;
3269 + if ((rc = alloc_request(fsg, fsg->bulk_out, &bh->outreq)) != 0)
3270 + goto reset;
3271 + bh->inreq->buf = bh->outreq->buf = bh->buf;
3272 + bh->inreq->context = bh->outreq->context = bh;
3273 + bh->inreq->complete = bulk_in_complete;
3274 + bh->outreq->complete = bulk_out_complete;
3275 + }
3276 + if (transport_is_cbi()) {
3277 + if ((rc = alloc_request(fsg, fsg->intr_in, &fsg->intreq)) != 0)
3278 + goto reset;
3279 + fsg->intreq->complete = intr_in_complete;
3280 + }
3281 +
3282 + fsg->running = 1;
3283 + for (i = 0; i < fsg->nluns; ++i)
3284 + fsg->luns[i].unit_attention_data = SS_RESET_OCCURRED;
3285 + return rc;
3286 +}
3287 +
3288 +
3289 +/*
3290 + * Change our operational configuration. This code must agree with the code
3291 + * that returns config descriptors, and with interface altsetting code.
3292 + *
3293 + * It's also responsible for power management interactions. Some
3294 + * configurations might not work with our current power sources.
3295 + * For now we just assume the gadget is always self-powered.
3296 + */
3297 +static int do_set_config(struct fsg_dev *fsg, u8 new_config)
3298 +{
3299 + int rc = 0;
3300 +
3301 + /* Disable the single interface */
3302 + if (fsg->config != 0) {
3303 + DBG(fsg, "reset config\n");
3304 + fsg->config = 0;
3305 + rc = do_set_interface(fsg, -1);
3306 + }
3307 +
3308 + /* Enable the interface */
3309 + if (new_config != 0) {
3310 + fsg->config = new_config;
3311 + if ((rc = do_set_interface(fsg, 0)) != 0)
3312 + fsg->config = 0; // Reset on errors
3313 + else
3314 + INFO(fsg, "%s config #%d\n",
3315 + usb_speed_string(fsg->gadget->speed),
3316 + fsg->config);
3317 + }
3318 + return rc;
3319 +}
3320 +
3321 +
3322 +/*-------------------------------------------------------------------------*/
3323 +
3324 +static void handle_exception(struct fsg_dev *fsg)
3325 +{
3326 + siginfo_t info;
3327 + int sig;
3328 + int i;
3329 + int num_active;
3330 + struct fsg_buffhd *bh;
3331 + enum fsg_state old_state;
3332 + u8 new_config;
3333 + struct fsg_lun *curlun;
3334 + unsigned int exception_req_tag;