Doug / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit 12943f097e5a4a0550f52f98ab8f476435e2ce15

Authored by Alan Stern
Committed by Greg Kroah-Hartman
1 parent 94d0f7eac7
Exists in master and in 7 other branches imx_3.0.35_4.1.0, imx_3.10.17_1.0.1_ga, imx_3.10.53_1.1.0_ga, imx_3.14.28_1.0.0_ga, smarc-imx_3.10.53_1.1.0_ga, smarc-imx_3.14.28_1.0.0_ga, smarc-l5.0.0_1.0.0-ga

USB: less-restrictive command checking in g-file-storage 

This patch (as983) makes a test for minimum-length command sizes in
g_file_storage less restrictive.  It doesn't matter because commands
with bad lengths will be detected later on anyway, and doing it like
this makes the driver interoperable with certain buggy hosts such as
the JVC HiFi (reported by Samuel Hangouet).

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

Showing 1 changed file with 1 additions and 1 deletions Inline Diff

drivers/usb/gadget/file_storage.c
Diff comments   View file @ 12943f0
1 /* 1 /*
2 * file_storage.c -- File-backed USB Storage Gadget, for USB development 2 * file_storage.c -- File-backed USB Storage Gadget, for USB development
3 * 3 *
4 * Copyright (C) 2003-2007 Alan Stern 4 * Copyright (C) 2003-2007 Alan Stern
5 * All rights reserved. 5 * All rights reserved.
6 * 6 *
7 * Redistribution and use in source and binary forms, with or without 7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions 8 * modification, are permitted provided that the following conditions
9 * are met: 9 * are met:
10 * 1. Redistributions of source code must retain the above copyright 10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions, and the following disclaimer, 11 * notice, this list of conditions, and the following disclaimer,
12 * without modification. 12 * without modification.
13 * 2. Redistributions in binary form must reproduce the above copyright 13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the 14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution. 15 * documentation and/or other materials provided with the distribution.
16 * 3. The names of the above-listed copyright holders may not be used 16 * 3. The names of the above-listed copyright holders may not be used
17 * to endorse or promote products derived from this software without 17 * to endorse or promote products derived from this software without
18 * specific prior written permission. 18 * specific prior written permission.
19 * 19 *
20 * ALTERNATIVELY, this software may be distributed under the terms of the 20 * ALTERNATIVELY, this software may be distributed under the terms of the
21 * GNU General Public License ("GPL") as published by the Free Software 21 * GNU General Public License ("GPL") as published by the Free Software
22 * Foundation, either version 2 of that License or (at your option) any 22 * Foundation, either version 2 of that License or (at your option) any
23 * later version. 23 * later version.
24 * 24 *
25 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS 25 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
26 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 26 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
27 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 27 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
29 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 29 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
30 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 30 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
31 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 31 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
32 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 32 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
33 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 33 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
34 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 34 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
35 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 */ 36 */
37 37
38 38
39 /* 39 /*
40 * The File-backed Storage Gadget acts as a USB Mass Storage device, 40 * The File-backed Storage Gadget acts as a USB Mass Storage device,
41 * appearing to the host as a disk drive. In addition to providing an 41 * appearing to the host as a disk drive. In addition to providing an
42 * example of a genuinely useful gadget driver for a USB device, it also 42 * example of a genuinely useful gadget driver for a USB device, it also
43 * illustrates a technique of double-buffering for increased throughput. 43 * illustrates a technique of double-buffering for increased throughput.
44 * Last but not least, it gives an easy way to probe the behavior of the 44 * Last but not least, it gives an easy way to probe the behavior of the
45 * Mass Storage drivers in a USB host. 45 * Mass Storage drivers in a USB host.
46 * 46 *
47 * Backing storage is provided by a regular file or a block device, specified 47 * Backing storage is provided by a regular file or a block device, specified
48 * by the "file" module parameter. Access can be limited to read-only by 48 * by the "file" module parameter. Access can be limited to read-only by
49 * setting the optional "ro" module parameter. The gadget will indicate that 49 * setting the optional "ro" module parameter. The gadget will indicate that
50 * it has removable media if the optional "removable" module parameter is set. 50 * it has removable media if the optional "removable" module parameter is set.
51 * 51 *
52 * The gadget supports the Control-Bulk (CB), Control-Bulk-Interrupt (CBI), 52 * The gadget supports the Control-Bulk (CB), Control-Bulk-Interrupt (CBI),
53 * and Bulk-Only (also known as Bulk-Bulk-Bulk or BBB) transports, selected 53 * and Bulk-Only (also known as Bulk-Bulk-Bulk or BBB) transports, selected
54 * by the optional "transport" module parameter. It also supports the 54 * by the optional "transport" module parameter. It also supports the
55 * following protocols: RBC (0x01), ATAPI or SFF-8020i (0x02), QIC-157 (0c03), 55 * following protocols: RBC (0x01), ATAPI or SFF-8020i (0x02), QIC-157 (0c03),
56 * UFI (0x04), SFF-8070i (0x05), and transparent SCSI (0x06), selected by 56 * UFI (0x04), SFF-8070i (0x05), and transparent SCSI (0x06), selected by
57 * the optional "protocol" module parameter. In addition, the default 57 * the optional "protocol" module parameter. In addition, the default
58 * Vendor ID, Product ID, and release number can be overridden. 58 * Vendor ID, Product ID, and release number can be overridden.
59 * 59 *
60 * There is support for multiple logical units (LUNs), each of which has 60 * There is support for multiple logical units (LUNs), each of which has
61 * its own backing file. The number of LUNs can be set using the optional 61 * its own backing file. The number of LUNs can be set using the optional
62 * "luns" module parameter (anywhere from 1 to 8), and the corresponding 62 * "luns" module parameter (anywhere from 1 to 8), and the corresponding
63 * files are specified using comma-separated lists for "file" and "ro". 63 * files are specified using comma-separated lists for "file" and "ro".
64 * The default number of LUNs is taken from the number of "file" elements; 64 * The default number of LUNs is taken from the number of "file" elements;
65 * it is 1 if "file" is not given. If "removable" is not set then a backing 65 * it is 1 if "file" is not given. If "removable" is not set then a backing
66 * file must be specified for each LUN. If it is set, then an unspecified 66 * file must be specified for each LUN. If it is set, then an unspecified
67 * or empty backing filename means the LUN's medium is not loaded. 67 * or empty backing filename means the LUN's medium is not loaded.
68 * 68 *
69 * Requirements are modest; only a bulk-in and a bulk-out endpoint are 69 * Requirements are modest; only a bulk-in and a bulk-out endpoint are
70 * needed (an interrupt-out endpoint is also needed for CBI). The memory 70 * needed (an interrupt-out endpoint is also needed for CBI). The memory
71 * requirement amounts to two 16K buffers, size configurable by a parameter. 71 * requirement amounts to two 16K buffers, size configurable by a parameter.
72 * Support is included for both full-speed and high-speed operation. 72 * Support is included for both full-speed and high-speed operation.
73 * 73 *
74 * Note that the driver is slightly non-portable in that it assumes a 74 * Note that the driver is slightly non-portable in that it assumes a
75 * single memory/DMA buffer will be useable for bulk-in, bulk-out, and 75 * single memory/DMA buffer will be useable for bulk-in, bulk-out, and
76 * interrupt-in endpoints. With most device controllers this isn't an 76 * interrupt-in endpoints. With most device controllers this isn't an
77 * issue, but there may be some with hardware restrictions that prevent 77 * issue, but there may be some with hardware restrictions that prevent
78 * a buffer from being used by more than one endpoint. 78 * a buffer from being used by more than one endpoint.
79 * 79 *
80 * Module options: 80 * Module options:
81 * 81 *
82 * file=filename[,filename...] 82 * file=filename[,filename...]
83 * Required if "removable" is not set, names of 83 * Required if "removable" is not set, names of
84 * the files or block devices used for 84 * the files or block devices used for
85 * backing storage 85 * backing storage
86 * ro=b[,b...] Default false, booleans for read-only access 86 * ro=b[,b...] Default false, booleans for read-only access
87 * removable Default false, boolean for removable media 87 * removable Default false, boolean for removable media
88 * luns=N Default N = number of filenames, number of 88 * luns=N Default N = number of filenames, number of
89 * LUNs to support 89 * LUNs to support
90 * stall Default determined according to the type of 90 * stall Default determined according to the type of
91 * USB device controller (usually true), 91 * USB device controller (usually true),
92 * boolean to permit the driver to halt 92 * boolean to permit the driver to halt
93 * bulk endpoints 93 * bulk endpoints
94 * transport=XXX Default BBB, transport name (CB, CBI, or BBB) 94 * transport=XXX Default BBB, transport name (CB, CBI, or BBB)
95 * protocol=YYY Default SCSI, protocol name (RBC, 8020 or 95 * protocol=YYY Default SCSI, protocol name (RBC, 8020 or
96 * ATAPI, QIC, UFI, 8070, or SCSI; 96 * ATAPI, QIC, UFI, 8070, or SCSI;
97 * also 1 - 6) 97 * also 1 - 6)
98 * vendor=0xVVVV Default 0x0525 (NetChip), USB Vendor ID 98 * vendor=0xVVVV Default 0x0525 (NetChip), USB Vendor ID
99 * product=0xPPPP Default 0xa4a5 (FSG), USB Product ID 99 * product=0xPPPP Default 0xa4a5 (FSG), USB Product ID
100 * release=0xRRRR Override the USB release number (bcdDevice) 100 * release=0xRRRR Override the USB release number (bcdDevice)
101 * buflen=N Default N=16384, buffer size used (will be 101 * buflen=N Default N=16384, buffer size used (will be
102 * rounded down to a multiple of 102 * rounded down to a multiple of
103 * PAGE_CACHE_SIZE) 103 * PAGE_CACHE_SIZE)
104 * 104 *
105 * If CONFIG_USB_FILE_STORAGE_TEST is not set, only the "file", "ro", 105 * If CONFIG_USB_FILE_STORAGE_TEST is not set, only the "file", "ro",
106 * "removable", "luns", and "stall" options are available; default values 106 * "removable", "luns", and "stall" options are available; default values
107 * are used for everything else. 107 * are used for everything else.
108 * 108 *
109 * The pathnames of the backing files and the ro settings are available in 109 * The pathnames of the backing files and the ro settings are available in
110 * the attribute files "file" and "ro" in the lun<n> subdirectory of the 110 * the attribute files "file" and "ro" in the lun<n> subdirectory of the
111 * gadget's sysfs directory. If the "removable" option is set, writing to 111 * gadget's sysfs directory. If the "removable" option is set, writing to
112 * these files will simulate ejecting/loading the medium (writing an empty 112 * these files will simulate ejecting/loading the medium (writing an empty
113 * line means eject) and adjusting a write-enable tab. Changes to the ro 113 * line means eject) and adjusting a write-enable tab. Changes to the ro
114 * setting are not allowed when the medium is loaded. 114 * setting are not allowed when the medium is loaded.
115 * 115 *
116 * This gadget driver is heavily based on "Gadget Zero" by David Brownell. 116 * This gadget driver is heavily based on "Gadget Zero" by David Brownell.
117 * The driver's SCSI command interface was based on the "Information 117 * The driver's SCSI command interface was based on the "Information
118 * technology - Small Computer System Interface - 2" document from 118 * technology - Small Computer System Interface - 2" document from
119 * X3T9.2 Project 375D, Revision 10L, 7-SEP-93, available at 119 * X3T9.2 Project 375D, Revision 10L, 7-SEP-93, available at
120 * <http://www.t10.org/ftp/t10/drafts/s2/s2-r10l.pdf>. The single exception 120 * <http://www.t10.org/ftp/t10/drafts/s2/s2-r10l.pdf>. The single exception
121 * is opcode 0x23 (READ FORMAT CAPACITIES), which was based on the 121 * is opcode 0x23 (READ FORMAT CAPACITIES), which was based on the
122 * "Universal Serial Bus Mass Storage Class UFI Command Specification" 122 * "Universal Serial Bus Mass Storage Class UFI Command Specification"
123 * document, Revision 1.0, December 14, 1998, available at 123 * document, Revision 1.0, December 14, 1998, available at
124 * <http://www.usb.org/developers/devclass_docs/usbmass-ufi10.pdf>. 124 * <http://www.usb.org/developers/devclass_docs/usbmass-ufi10.pdf>.
125 */ 125 */
126 126
127 127
128 /* 128 /*
129 * Driver Design 129 * Driver Design
130 * 130 *
131 * The FSG driver is fairly straightforward. There is a main kernel 131 * The FSG driver is fairly straightforward. There is a main kernel
132 * thread that handles most of the work. Interrupt routines field 132 * thread that handles most of the work. Interrupt routines field
133 * callbacks from the controller driver: bulk- and interrupt-request 133 * callbacks from the controller driver: bulk- and interrupt-request
134 * completion notifications, endpoint-0 events, and disconnect events. 134 * completion notifications, endpoint-0 events, and disconnect events.
135 * Completion events are passed to the main thread by wakeup calls. Many 135 * Completion events are passed to the main thread by wakeup calls. Many
136 * ep0 requests are handled at interrupt time, but SetInterface, 136 * ep0 requests are handled at interrupt time, but SetInterface,
137 * SetConfiguration, and device reset requests are forwarded to the 137 * SetConfiguration, and device reset requests are forwarded to the
138 * thread in the form of "exceptions" using SIGUSR1 signals (since they 138 * thread in the form of "exceptions" using SIGUSR1 signals (since they
139 * should interrupt any ongoing file I/O operations). 139 * should interrupt any ongoing file I/O operations).
140 * 140 *
141 * The thread's main routine implements the standard command/data/status 141 * The thread's main routine implements the standard command/data/status
142 * parts of a SCSI interaction. It and its subroutines are full of tests 142 * parts of a SCSI interaction. It and its subroutines are full of tests
143 * for pending signals/exceptions -- all this polling is necessary since 143 * for pending signals/exceptions -- all this polling is necessary since
144 * the kernel has no setjmp/longjmp equivalents. (Maybe this is an 144 * the kernel has no setjmp/longjmp equivalents. (Maybe this is an
145 * indication that the driver really wants to be running in userspace.) 145 * indication that the driver really wants to be running in userspace.)
146 * An important point is that so long as the thread is alive it keeps an 146 * An important point is that so long as the thread is alive it keeps an
147 * open reference to the backing file. This will prevent unmounting 147 * open reference to the backing file. This will prevent unmounting
148 * the backing file's underlying filesystem and could cause problems 148 * the backing file's underlying filesystem and could cause problems
149 * during system shutdown, for example. To prevent such problems, the 149 * during system shutdown, for example. To prevent such problems, the
150 * thread catches INT, TERM, and KILL signals and converts them into 150 * thread catches INT, TERM, and KILL signals and converts them into
151 * an EXIT exception. 151 * an EXIT exception.
152 * 152 *
153 * In normal operation the main thread is started during the gadget's 153 * In normal operation the main thread is started during the gadget's
154 * fsg_bind() callback and stopped during fsg_unbind(). But it can also 154 * fsg_bind() callback and stopped during fsg_unbind(). But it can also
155 * exit when it receives a signal, and there's no point leaving the 155 * exit when it receives a signal, and there's no point leaving the
156 * gadget running when the thread is dead. So just before the thread 156 * gadget running when the thread is dead. So just before the thread
157 * exits, it deregisters the gadget driver. This makes things a little 157 * exits, it deregisters the gadget driver. This makes things a little
158 * tricky: The driver is deregistered at two places, and the exiting 158 * tricky: The driver is deregistered at two places, and the exiting
159 * thread can indirectly call fsg_unbind() which in turn can tell the 159 * thread can indirectly call fsg_unbind() which in turn can tell the
160 * thread to exit. The first problem is resolved through the use of the 160 * thread to exit. The first problem is resolved through the use of the
161 * REGISTERED atomic bitflag; the driver will only be deregistered once. 161 * REGISTERED atomic bitflag; the driver will only be deregistered once.
162 * The second problem is resolved by having fsg_unbind() check 162 * The second problem is resolved by having fsg_unbind() check
163 * fsg->state; it won't try to stop the thread if the state is already 163 * fsg->state; it won't try to stop the thread if the state is already
164 * FSG_STATE_TERMINATED. 164 * FSG_STATE_TERMINATED.
165 * 165 *
166 * To provide maximum throughput, the driver uses a circular pipeline of 166 * To provide maximum throughput, the driver uses a circular pipeline of
167 * buffer heads (struct fsg_buffhd). In principle the pipeline can be 167 * buffer heads (struct fsg_buffhd). In principle the pipeline can be
168 * arbitrarily long; in practice the benefits don't justify having more 168 * arbitrarily long; in practice the benefits don't justify having more
169 * than 2 stages (i.e., double buffering). But it helps to think of the 169 * than 2 stages (i.e., double buffering). But it helps to think of the
170 * pipeline as being a long one. Each buffer head contains a bulk-in and 170 * pipeline as being a long one. Each buffer head contains a bulk-in and
171 * a bulk-out request pointer (since the buffer can be used for both 171 * a bulk-out request pointer (since the buffer can be used for both
172 * output and input -- directions always are given from the host's 172 * output and input -- directions always are given from the host's
173 * point of view) as well as a pointer to the buffer and various state 173 * point of view) as well as a pointer to the buffer and various state
174 * variables. 174 * variables.
175 * 175 *
176 * Use of the pipeline follows a simple protocol. There is a variable 176 * Use of the pipeline follows a simple protocol. There is a variable
177 * (fsg->next_buffhd_to_fill) that points to the next buffer head to use. 177 * (fsg->next_buffhd_to_fill) that points to the next buffer head to use.
178 * At any time that buffer head may still be in use from an earlier 178 * At any time that buffer head may still be in use from an earlier
179 * request, so each buffer head has a state variable indicating whether 179 * request, so each buffer head has a state variable indicating whether
180 * it is EMPTY, FULL, or BUSY. Typical use involves waiting for the 180 * it is EMPTY, FULL, or BUSY. Typical use involves waiting for the
181 * buffer head to be EMPTY, filling the buffer either by file I/O or by 181 * buffer head to be EMPTY, filling the buffer either by file I/O or by
182 * USB I/O (during which the buffer head is BUSY), and marking the buffer 182 * USB I/O (during which the buffer head is BUSY), and marking the buffer
183 * head FULL when the I/O is complete. Then the buffer will be emptied 183 * head FULL when the I/O is complete. Then the buffer will be emptied
184 * (again possibly by USB I/O, during which it is marked BUSY) and 184 * (again possibly by USB I/O, during which it is marked BUSY) and
185 * finally marked EMPTY again (possibly by a completion routine). 185 * finally marked EMPTY again (possibly by a completion routine).
186 * 186 *
187 * A module parameter tells the driver to avoid stalling the bulk 187 * A module parameter tells the driver to avoid stalling the bulk
188 * endpoints wherever the transport specification allows. This is 188 * endpoints wherever the transport specification allows. This is
189 * necessary for some UDCs like the SuperH, which cannot reliably clear a 189 * necessary for some UDCs like the SuperH, which cannot reliably clear a
190 * halt on a bulk endpoint. However, under certain circumstances the 190 * halt on a bulk endpoint. However, under certain circumstances the
191 * Bulk-only specification requires a stall. In such cases the driver 191 * Bulk-only specification requires a stall. In such cases the driver
192 * will halt the endpoint and set a flag indicating that it should clear 192 * will halt the endpoint and set a flag indicating that it should clear
193 * the halt in software during the next device reset. Hopefully this 193 * the halt in software during the next device reset. Hopefully this
194 * will permit everything to work correctly. Furthermore, although the 194 * will permit everything to work correctly. Furthermore, although the
195 * specification allows the bulk-out endpoint to halt when the host sends 195 * specification allows the bulk-out endpoint to halt when the host sends
196 * too much data, implementing this would cause an unavoidable race. 196 * too much data, implementing this would cause an unavoidable race.
197 * The driver will always use the "no-stall" approach for OUT transfers. 197 * The driver will always use the "no-stall" approach for OUT transfers.
198 * 198 *
199 * One subtle point concerns sending status-stage responses for ep0 199 * One subtle point concerns sending status-stage responses for ep0
200 * requests. Some of these requests, such as device reset, can involve 200 * requests. Some of these requests, such as device reset, can involve
201 * interrupting an ongoing file I/O operation, which might take an 201 * interrupting an ongoing file I/O operation, which might take an
202 * arbitrarily long time. During that delay the host might give up on 202 * arbitrarily long time. During that delay the host might give up on
203 * the original ep0 request and issue a new one. When that happens the 203 * the original ep0 request and issue a new one. When that happens the
204 * driver should not notify the host about completion of the original 204 * driver should not notify the host about completion of the original
205 * request, as the host will no longer be waiting for it. So the driver 205 * request, as the host will no longer be waiting for it. So the driver
206 * assigns to each ep0 request a unique tag, and it keeps track of the 206 * assigns to each ep0 request a unique tag, and it keeps track of the
207 * tag value of the request associated with a long-running exception 207 * tag value of the request associated with a long-running exception
208 * (device-reset, interface-change, or configuration-change). When the 208 * (device-reset, interface-change, or configuration-change). When the
209 * exception handler is finished, the status-stage response is submitted 209 * exception handler is finished, the status-stage response is submitted
210 * only if the current ep0 request tag is equal to the exception request 210 * only if the current ep0 request tag is equal to the exception request
211 * tag. Thus only the most recently received ep0 request will get a 211 * tag. Thus only the most recently received ep0 request will get a
212 * status-stage response. 212 * status-stage response.
213 * 213 *
214 * Warning: This driver source file is too long. It ought to be split up 214 * Warning: This driver source file is too long. It ought to be split up
215 * into a header file plus about 3 separate .c files, to handle the details 215 * into a header file plus about 3 separate .c files, to handle the details
216 * of the Gadget, USB Mass Storage, and SCSI protocols. 216 * of the Gadget, USB Mass Storage, and SCSI protocols.
217 */ 217 */
218 218
219 219
220 /* #define VERBOSE_DEBUG */ 220 /* #define VERBOSE_DEBUG */
221 /* #define DUMP_MSGS */ 221 /* #define DUMP_MSGS */
222 222
223 223
224 #include <linux/blkdev.h> 224 #include <linux/blkdev.h>
225 #include <linux/completion.h> 225 #include <linux/completion.h>
226 #include <linux/dcache.h> 226 #include <linux/dcache.h>
227 #include <linux/delay.h> 227 #include <linux/delay.h>
228 #include <linux/device.h> 228 #include <linux/device.h>
229 #include <linux/fcntl.h> 229 #include <linux/fcntl.h>
230 #include <linux/file.h> 230 #include <linux/file.h>
231 #include <linux/fs.h> 231 #include <linux/fs.h>
232 #include <linux/kref.h> 232 #include <linux/kref.h>
233 #include <linux/kthread.h> 233 #include <linux/kthread.h>
234 #include <linux/limits.h> 234 #include <linux/limits.h>
235 #include <linux/rwsem.h> 235 #include <linux/rwsem.h>
236 #include <linux/slab.h> 236 #include <linux/slab.h>
237 #include <linux/spinlock.h> 237 #include <linux/spinlock.h>
238 #include <linux/string.h> 238 #include <linux/string.h>
239 #include <linux/freezer.h> 239 #include <linux/freezer.h>
240 #include <linux/utsname.h> 240 #include <linux/utsname.h>
241 241
242 #include <linux/usb/ch9.h> 242 #include <linux/usb/ch9.h>
243 #include <linux/usb_gadget.h> 243 #include <linux/usb_gadget.h>
244 244
245 #include "gadget_chips.h" 245 #include "gadget_chips.h"
246 246
247 247
248 /*-------------------------------------------------------------------------*/ 248 /*-------------------------------------------------------------------------*/
249 249
250 #define DRIVER_DESC "File-backed Storage Gadget" 250 #define DRIVER_DESC "File-backed Storage Gadget"
251 #define DRIVER_NAME "g_file_storage" 251 #define DRIVER_NAME "g_file_storage"
252 #define DRIVER_VERSION "7 August 2007" 252 #define DRIVER_VERSION "7 August 2007"
253 253
254 static const char longname[] = DRIVER_DESC; 254 static const char longname[] = DRIVER_DESC;
255 static const char shortname[] = DRIVER_NAME; 255 static const char shortname[] = DRIVER_NAME;
256 256
257 MODULE_DESCRIPTION(DRIVER_DESC); 257 MODULE_DESCRIPTION(DRIVER_DESC);
258 MODULE_AUTHOR("Alan Stern"); 258 MODULE_AUTHOR("Alan Stern");
259 MODULE_LICENSE("Dual BSD/GPL"); 259 MODULE_LICENSE("Dual BSD/GPL");
260 260
261 /* Thanks to NetChip Technologies for donating this product ID. 261 /* Thanks to NetChip Technologies for donating this product ID.
262 * 262 *
263 * DO NOT REUSE THESE IDs with any other driver!! Ever!! 263 * DO NOT REUSE THESE IDs with any other driver!! Ever!!
264 * Instead: allocate your own, using normal USB-IF procedures. */ 264 * Instead: allocate your own, using normal USB-IF procedures. */
265 #define DRIVER_VENDOR_ID 0x0525 // NetChip 265 #define DRIVER_VENDOR_ID 0x0525 // NetChip
266 #define DRIVER_PRODUCT_ID 0xa4a5 // Linux-USB File-backed Storage Gadget 266 #define DRIVER_PRODUCT_ID 0xa4a5 // Linux-USB File-backed Storage Gadget
267 267
268 268
269 /* 269 /*
270 * This driver assumes self-powered hardware and has no way for users to 270 * This driver assumes self-powered hardware and has no way for users to
271 * trigger remote wakeup. It uses autoconfiguration to select endpoints 271 * trigger remote wakeup. It uses autoconfiguration to select endpoints
272 * and endpoint addresses. 272 * and endpoint addresses.
273 */ 273 */
274 274
275 275
276 /*-------------------------------------------------------------------------*/ 276 /*-------------------------------------------------------------------------*/
277 277
278 #ifdef DEBUG 278 #ifdef DEBUG
279 #define LDBG(lun,fmt,args...) \ 279 #define LDBG(lun,fmt,args...) \
280 dev_dbg(&(lun)->dev , fmt , ## args) 280 dev_dbg(&(lun)->dev , fmt , ## args)
281 #define MDBG(fmt,args...) \ 281 #define MDBG(fmt,args...) \
282 printk(KERN_DEBUG DRIVER_NAME ": " fmt , ## args) 282 printk(KERN_DEBUG DRIVER_NAME ": " fmt , ## args)
283 #else 283 #else
284 #define LDBG(lun,fmt,args...) \ 284 #define LDBG(lun,fmt,args...) \
285 do { } while (0) 285 do { } while (0)
286 #define MDBG(fmt,args...) \ 286 #define MDBG(fmt,args...) \
287 do { } while (0) 287 do { } while (0)
288 #undef VERBOSE_DEBUG 288 #undef VERBOSE_DEBUG
289 #undef DUMP_MSGS 289 #undef DUMP_MSGS
290 #endif /* DEBUG */ 290 #endif /* DEBUG */
291 291
292 #ifdef VERBOSE_DEBUG 292 #ifdef VERBOSE_DEBUG
293 #define VLDBG LDBG 293 #define VLDBG LDBG
294 #else 294 #else
295 #define VLDBG(lun,fmt,args...) \ 295 #define VLDBG(lun,fmt,args...) \
296 do { } while (0) 296 do { } while (0)
297 #endif /* VERBOSE_DEBUG */ 297 #endif /* VERBOSE_DEBUG */
298 298
299 #define LERROR(lun,fmt,args...) \ 299 #define LERROR(lun,fmt,args...) \
300 dev_err(&(lun)->dev , fmt , ## args) 300 dev_err(&(lun)->dev , fmt , ## args)
301 #define LWARN(lun,fmt,args...) \ 301 #define LWARN(lun,fmt,args...) \
302 dev_warn(&(lun)->dev , fmt , ## args) 302 dev_warn(&(lun)->dev , fmt , ## args)
303 #define LINFO(lun,fmt,args...) \ 303 #define LINFO(lun,fmt,args...) \
304 dev_info(&(lun)->dev , fmt , ## args) 304 dev_info(&(lun)->dev , fmt , ## args)
305 305
306 #define MINFO(fmt,args...) \ 306 #define MINFO(fmt,args...) \
307 printk(KERN_INFO DRIVER_NAME ": " fmt , ## args) 307 printk(KERN_INFO DRIVER_NAME ": " fmt , ## args)
308 308
309 #define DBG(d, fmt, args...) \ 309 #define DBG(d, fmt, args...) \
310 dev_dbg(&(d)->gadget->dev , fmt , ## args) 310 dev_dbg(&(d)->gadget->dev , fmt , ## args)
311 #define VDBG(d, fmt, args...) \ 311 #define VDBG(d, fmt, args...) \
312 dev_vdbg(&(d)->gadget->dev , fmt , ## args) 312 dev_vdbg(&(d)->gadget->dev , fmt , ## args)
313 #define ERROR(d, fmt, args...) \ 313 #define ERROR(d, fmt, args...) \
314 dev_err(&(d)->gadget->dev , fmt , ## args) 314 dev_err(&(d)->gadget->dev , fmt , ## args)
315 #define WARN(d, fmt, args...) \ 315 #define WARN(d, fmt, args...) \
316 dev_warn(&(d)->gadget->dev , fmt , ## args) 316 dev_warn(&(d)->gadget->dev , fmt , ## args)
317 #define INFO(d, fmt, args...) \ 317 #define INFO(d, fmt, args...) \
318 dev_info(&(d)->gadget->dev , fmt , ## args) 318 dev_info(&(d)->gadget->dev , fmt , ## args)
319 319
320 320
321 /*-------------------------------------------------------------------------*/ 321 /*-------------------------------------------------------------------------*/
322 322
323 /* Encapsulate the module parameter settings */ 323 /* Encapsulate the module parameter settings */
324 324
325 #define MAX_LUNS 8 325 #define MAX_LUNS 8
326 326
327 static struct { 327 static struct {
328 char *file[MAX_LUNS]; 328 char *file[MAX_LUNS];
329 int ro[MAX_LUNS]; 329 int ro[MAX_LUNS];
330 unsigned int num_filenames; 330 unsigned int num_filenames;
331 unsigned int num_ros; 331 unsigned int num_ros;
332 unsigned int nluns; 332 unsigned int nluns;
333 333
334 int removable; 334 int removable;
335 int can_stall; 335 int can_stall;
336 336
337 char *transport_parm; 337 char *transport_parm;
338 char *protocol_parm; 338 char *protocol_parm;
339 unsigned short vendor; 339 unsigned short vendor;
340 unsigned short product; 340 unsigned short product;
341 unsigned short release; 341 unsigned short release;
342 unsigned int buflen; 342 unsigned int buflen;
343 343
344 int transport_type; 344 int transport_type;
345 char *transport_name; 345 char *transport_name;
346 int protocol_type; 346 int protocol_type;
347 char *protocol_name; 347 char *protocol_name;
348 348
349 } mod_data = { // Default values 349 } mod_data = { // Default values
350 .transport_parm = "BBB", 350 .transport_parm = "BBB",
351 .protocol_parm = "SCSI", 351 .protocol_parm = "SCSI",
352 .removable = 0, 352 .removable = 0,
353 .can_stall = 1, 353 .can_stall = 1,
354 .vendor = DRIVER_VENDOR_ID, 354 .vendor = DRIVER_VENDOR_ID,
355 .product = DRIVER_PRODUCT_ID, 355 .product = DRIVER_PRODUCT_ID,
356 .release = 0xffff, // Use controller chip type 356 .release = 0xffff, // Use controller chip type
357 .buflen = 16384, 357 .buflen = 16384,
358 }; 358 };
359 359
360 360
361 module_param_array_named(file, mod_data.file, charp, &mod_data.num_filenames, 361 module_param_array_named(file, mod_data.file, charp, &mod_data.num_filenames,
362 S_IRUGO); 362 S_IRUGO);
363 MODULE_PARM_DESC(file, "names of backing files or devices"); 363 MODULE_PARM_DESC(file, "names of backing files or devices");
364 364
365 module_param_array_named(ro, mod_data.ro, bool, &mod_data.num_ros, S_IRUGO); 365 module_param_array_named(ro, mod_data.ro, bool, &mod_data.num_ros, S_IRUGO);
366 MODULE_PARM_DESC(ro, "true to force read-only"); 366 MODULE_PARM_DESC(ro, "true to force read-only");
367 367
368 module_param_named(luns, mod_data.nluns, uint, S_IRUGO); 368 module_param_named(luns, mod_data.nluns, uint, S_IRUGO);
369 MODULE_PARM_DESC(luns, "number of LUNs"); 369 MODULE_PARM_DESC(luns, "number of LUNs");
370 370
371 module_param_named(removable, mod_data.removable, bool, S_IRUGO); 371 module_param_named(removable, mod_data.removable, bool, S_IRUGO);
372 MODULE_PARM_DESC(removable, "true to simulate removable media"); 372 MODULE_PARM_DESC(removable, "true to simulate removable media");
373 373
374 module_param_named(stall, mod_data.can_stall, bool, S_IRUGO); 374 module_param_named(stall, mod_data.can_stall, bool, S_IRUGO);
375 MODULE_PARM_DESC(stall, "false to prevent bulk stalls"); 375 MODULE_PARM_DESC(stall, "false to prevent bulk stalls");
376 376
377 377
378 /* In the non-TEST version, only the module parameters listed above 378 /* In the non-TEST version, only the module parameters listed above
379 * are available. */ 379 * are available. */
380 #ifdef CONFIG_USB_FILE_STORAGE_TEST 380 #ifdef CONFIG_USB_FILE_STORAGE_TEST
381 381
382 module_param_named(transport, mod_data.transport_parm, charp, S_IRUGO); 382 module_param_named(transport, mod_data.transport_parm, charp, S_IRUGO);
383 MODULE_PARM_DESC(transport, "type of transport (BBB, CBI, or CB)"); 383 MODULE_PARM_DESC(transport, "type of transport (BBB, CBI, or CB)");
384 384
385 module_param_named(protocol, mod_data.protocol_parm, charp, S_IRUGO); 385 module_param_named(protocol, mod_data.protocol_parm, charp, S_IRUGO);
386 MODULE_PARM_DESC(protocol, "type of protocol (RBC, 8020, QIC, UFI, " 386 MODULE_PARM_DESC(protocol, "type of protocol (RBC, 8020, QIC, UFI, "
387 "8070, or SCSI)"); 387 "8070, or SCSI)");
388 388
389 module_param_named(vendor, mod_data.vendor, ushort, S_IRUGO); 389 module_param_named(vendor, mod_data.vendor, ushort, S_IRUGO);
390 MODULE_PARM_DESC(vendor, "USB Vendor ID"); 390 MODULE_PARM_DESC(vendor, "USB Vendor ID");
391 391
392 module_param_named(product, mod_data.product, ushort, S_IRUGO); 392 module_param_named(product, mod_data.product, ushort, S_IRUGO);
393 MODULE_PARM_DESC(product, "USB Product ID"); 393 MODULE_PARM_DESC(product, "USB Product ID");
394 394
395 module_param_named(release, mod_data.release, ushort, S_IRUGO); 395 module_param_named(release, mod_data.release, ushort, S_IRUGO);
396 MODULE_PARM_DESC(release, "USB release number"); 396 MODULE_PARM_DESC(release, "USB release number");
397 397
398 module_param_named(buflen, mod_data.buflen, uint, S_IRUGO); 398 module_param_named(buflen, mod_data.buflen, uint, S_IRUGO);
399 MODULE_PARM_DESC(buflen, "I/O buffer size"); 399 MODULE_PARM_DESC(buflen, "I/O buffer size");
400 400
401 #endif /* CONFIG_USB_FILE_STORAGE_TEST */ 401 #endif /* CONFIG_USB_FILE_STORAGE_TEST */
402 402
403 403
404 /*-------------------------------------------------------------------------*/ 404 /*-------------------------------------------------------------------------*/
405 405
406 /* USB protocol value = the transport method */ 406 /* USB protocol value = the transport method */
407 #define USB_PR_CBI 0x00 // Control/Bulk/Interrupt 407 #define USB_PR_CBI 0x00 // Control/Bulk/Interrupt
408 #define USB_PR_CB 0x01 // Control/Bulk w/o interrupt 408 #define USB_PR_CB 0x01 // Control/Bulk w/o interrupt
409 #define USB_PR_BULK 0x50 // Bulk-only 409 #define USB_PR_BULK 0x50 // Bulk-only
410 410
411 /* USB subclass value = the protocol encapsulation */ 411 /* USB subclass value = the protocol encapsulation */
412 #define USB_SC_RBC 0x01 // Reduced Block Commands (flash) 412 #define USB_SC_RBC 0x01 // Reduced Block Commands (flash)
413 #define USB_SC_8020 0x02 // SFF-8020i, MMC-2, ATAPI (CD-ROM) 413 #define USB_SC_8020 0x02 // SFF-8020i, MMC-2, ATAPI (CD-ROM)
414 #define USB_SC_QIC 0x03 // QIC-157 (tape) 414 #define USB_SC_QIC 0x03 // QIC-157 (tape)
415 #define USB_SC_UFI 0x04 // UFI (floppy) 415 #define USB_SC_UFI 0x04 // UFI (floppy)
416 #define USB_SC_8070 0x05 // SFF-8070i (removable) 416 #define USB_SC_8070 0x05 // SFF-8070i (removable)
417 #define USB_SC_SCSI 0x06 // Transparent SCSI 417 #define USB_SC_SCSI 0x06 // Transparent SCSI
418 418
419 /* Bulk-only data structures */ 419 /* Bulk-only data structures */
420 420
421 /* Command Block Wrapper */ 421 /* Command Block Wrapper */
422 struct bulk_cb_wrap { 422 struct bulk_cb_wrap {
423 __le32 Signature; // Contains 'USBC' 423 __le32 Signature; // Contains 'USBC'
424 u32 Tag; // Unique per command id 424 u32 Tag; // Unique per command id
425 __le32 DataTransferLength; // Size of the data 425 __le32 DataTransferLength; // Size of the data
426 u8 Flags; // Direction in bit 7 426 u8 Flags; // Direction in bit 7
427 u8 Lun; // LUN (normally 0) 427 u8 Lun; // LUN (normally 0)
428 u8 Length; // Of the CDB, <= MAX_COMMAND_SIZE 428 u8 Length; // Of the CDB, <= MAX_COMMAND_SIZE
429 u8 CDB[16]; // Command Data Block 429 u8 CDB[16]; // Command Data Block
430 }; 430 };
431 431
432 #define USB_BULK_CB_WRAP_LEN 31 432 #define USB_BULK_CB_WRAP_LEN 31
433 #define USB_BULK_CB_SIG 0x43425355 // Spells out USBC 433 #define USB_BULK_CB_SIG 0x43425355 // Spells out USBC
434 #define USB_BULK_IN_FLAG 0x80 434 #define USB_BULK_IN_FLAG 0x80
435 435
436 /* Command Status Wrapper */ 436 /* Command Status Wrapper */
437 struct bulk_cs_wrap { 437 struct bulk_cs_wrap {
438 __le32 Signature; // Should = 'USBS' 438 __le32 Signature; // Should = 'USBS'
439 u32 Tag; // Same as original command 439 u32 Tag; // Same as original command
440 __le32 Residue; // Amount not transferred 440 __le32 Residue; // Amount not transferred
441 u8 Status; // See below 441 u8 Status; // See below
442 }; 442 };
443 443
444 #define USB_BULK_CS_WRAP_LEN 13 444 #define USB_BULK_CS_WRAP_LEN 13
445 #define USB_BULK_CS_SIG 0x53425355 // Spells out 'USBS' 445 #define USB_BULK_CS_SIG 0x53425355 // Spells out 'USBS'
446 #define USB_STATUS_PASS 0 446 #define USB_STATUS_PASS 0
447 #define USB_STATUS_FAIL 1 447 #define USB_STATUS_FAIL 1
448 #define USB_STATUS_PHASE_ERROR 2 448 #define USB_STATUS_PHASE_ERROR 2
449 449
450 /* Bulk-only class specific requests */ 450 /* Bulk-only class specific requests */
451 #define USB_BULK_RESET_REQUEST 0xff 451 #define USB_BULK_RESET_REQUEST 0xff
452 #define USB_BULK_GET_MAX_LUN_REQUEST 0xfe 452 #define USB_BULK_GET_MAX_LUN_REQUEST 0xfe
453 453
454 454
455 /* CBI Interrupt data structure */ 455 /* CBI Interrupt data structure */
456 struct interrupt_data { 456 struct interrupt_data {
457 u8 bType; 457 u8 bType;
458 u8 bValue; 458 u8 bValue;
459 }; 459 };
460 460
461 #define CBI_INTERRUPT_DATA_LEN 2 461 #define CBI_INTERRUPT_DATA_LEN 2
462 462
463 /* CBI Accept Device-Specific Command request */ 463 /* CBI Accept Device-Specific Command request */
464 #define USB_CBI_ADSC_REQUEST 0x00 464 #define USB_CBI_ADSC_REQUEST 0x00
465 465
466 466
467 #define MAX_COMMAND_SIZE 16 // Length of a SCSI Command Data Block 467 #define MAX_COMMAND_SIZE 16 // Length of a SCSI Command Data Block
468 468
469 /* SCSI commands that we recognize */ 469 /* SCSI commands that we recognize */
470 #define SC_FORMAT_UNIT 0x04 470 #define SC_FORMAT_UNIT 0x04
471 #define SC_INQUIRY 0x12 471 #define SC_INQUIRY 0x12
472 #define SC_MODE_SELECT_6 0x15 472 #define SC_MODE_SELECT_6 0x15
473 #define SC_MODE_SELECT_10 0x55 473 #define SC_MODE_SELECT_10 0x55
474 #define SC_MODE_SENSE_6 0x1a 474 #define SC_MODE_SENSE_6 0x1a
475 #define SC_MODE_SENSE_10 0x5a 475 #define SC_MODE_SENSE_10 0x5a
476 #define SC_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e 476 #define SC_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
477 #define SC_READ_6 0x08 477 #define SC_READ_6 0x08
478 #define SC_READ_10 0x28 478 #define SC_READ_10 0x28
479 #define SC_READ_12 0xa8 479 #define SC_READ_12 0xa8
480 #define SC_READ_CAPACITY 0x25 480 #define SC_READ_CAPACITY 0x25
481 #define SC_READ_FORMAT_CAPACITIES 0x23 481 #define SC_READ_FORMAT_CAPACITIES 0x23
482 #define SC_RELEASE 0x17 482 #define SC_RELEASE 0x17
483 #define SC_REQUEST_SENSE 0x03 483 #define SC_REQUEST_SENSE 0x03
484 #define SC_RESERVE 0x16 484 #define SC_RESERVE 0x16
485 #define SC_SEND_DIAGNOSTIC 0x1d 485 #define SC_SEND_DIAGNOSTIC 0x1d
486 #define SC_START_STOP_UNIT 0x1b 486 #define SC_START_STOP_UNIT 0x1b
487 #define SC_SYNCHRONIZE_CACHE 0x35 487 #define SC_SYNCHRONIZE_CACHE 0x35
488 #define SC_TEST_UNIT_READY 0x00 488 #define SC_TEST_UNIT_READY 0x00
489 #define SC_VERIFY 0x2f 489 #define SC_VERIFY 0x2f
490 #define SC_WRITE_6 0x0a 490 #define SC_WRITE_6 0x0a
491 #define SC_WRITE_10 0x2a 491 #define SC_WRITE_10 0x2a
492 #define SC_WRITE_12 0xaa 492 #define SC_WRITE_12 0xaa
493 493
494 /* SCSI Sense Key/Additional Sense Code/ASC Qualifier values */ 494 /* SCSI Sense Key/Additional Sense Code/ASC Qualifier values */
495 #define SS_NO_SENSE 0 495 #define SS_NO_SENSE 0
496 #define SS_COMMUNICATION_FAILURE 0x040800 496 #define SS_COMMUNICATION_FAILURE 0x040800
497 #define SS_INVALID_COMMAND 0x052000 497 #define SS_INVALID_COMMAND 0x052000
498 #define SS_INVALID_FIELD_IN_CDB 0x052400 498 #define SS_INVALID_FIELD_IN_CDB 0x052400
499 #define SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE 0x052100 499 #define SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE 0x052100
500 #define SS_LOGICAL_UNIT_NOT_SUPPORTED 0x052500 500 #define SS_LOGICAL_UNIT_NOT_SUPPORTED 0x052500
501 #define SS_MEDIUM_NOT_PRESENT 0x023a00 501 #define SS_MEDIUM_NOT_PRESENT 0x023a00
502 #define SS_MEDIUM_REMOVAL_PREVENTED 0x055302 502 #define SS_MEDIUM_REMOVAL_PREVENTED 0x055302
503 #define SS_NOT_READY_TO_READY_TRANSITION 0x062800 503 #define SS_NOT_READY_TO_READY_TRANSITION 0x062800
504 #define SS_RESET_OCCURRED 0x062900 504 #define SS_RESET_OCCURRED 0x062900
505 #define SS_SAVING_PARAMETERS_NOT_SUPPORTED 0x053900 505 #define SS_SAVING_PARAMETERS_NOT_SUPPORTED 0x053900
506 #define SS_UNRECOVERED_READ_ERROR 0x031100 506 #define SS_UNRECOVERED_READ_ERROR 0x031100
507 #define SS_WRITE_ERROR 0x030c02 507 #define SS_WRITE_ERROR 0x030c02
508 #define SS_WRITE_PROTECTED 0x072700 508 #define SS_WRITE_PROTECTED 0x072700
509 509
510 #define SK(x) ((u8) ((x) >> 16)) // Sense Key byte, etc. 510 #define SK(x) ((u8) ((x) >> 16)) // Sense Key byte, etc.
511 #define ASC(x) ((u8) ((x) >> 8)) 511 #define ASC(x) ((u8) ((x) >> 8))
512 #define ASCQ(x) ((u8) (x)) 512 #define ASCQ(x) ((u8) (x))
513 513
514 514
515 /*-------------------------------------------------------------------------*/ 515 /*-------------------------------------------------------------------------*/
516 516
517 /* 517 /*
518 * These definitions will permit the compiler to avoid generating code for 518 * These definitions will permit the compiler to avoid generating code for
519 * parts of the driver that aren't used in the non-TEST version. Even gcc 519 * parts of the driver that aren't used in the non-TEST version. Even gcc
520 * can recognize when a test of a constant expression yields a dead code 520 * can recognize when a test of a constant expression yields a dead code
521 * path. 521 * path.
522 */ 522 */
523 523
524 #ifdef CONFIG_USB_FILE_STORAGE_TEST 524 #ifdef CONFIG_USB_FILE_STORAGE_TEST
525 525
526 #define transport_is_bbb() (mod_data.transport_type == USB_PR_BULK) 526 #define transport_is_bbb() (mod_data.transport_type == USB_PR_BULK)
527 #define transport_is_cbi() (mod_data.transport_type == USB_PR_CBI) 527 #define transport_is_cbi() (mod_data.transport_type == USB_PR_CBI)
528 #define protocol_is_scsi() (mod_data.protocol_type == USB_SC_SCSI) 528 #define protocol_is_scsi() (mod_data.protocol_type == USB_SC_SCSI)
529 529
530 #else 530 #else
531 531
532 #define transport_is_bbb() 1 532 #define transport_is_bbb() 1
533 #define transport_is_cbi() 0 533 #define transport_is_cbi() 0
534 #define protocol_is_scsi() 1 534 #define protocol_is_scsi() 1
535 535
536 #endif /* CONFIG_USB_FILE_STORAGE_TEST */ 536 #endif /* CONFIG_USB_FILE_STORAGE_TEST */
537 537
538 538
539 struct lun { 539 struct lun {
540 struct file *filp; 540 struct file *filp;
541 loff_t file_length; 541 loff_t file_length;
542 loff_t num_sectors; 542 loff_t num_sectors;
543 543
544 unsigned int ro : 1; 544 unsigned int ro : 1;
545 unsigned int prevent_medium_removal : 1; 545 unsigned int prevent_medium_removal : 1;
546 unsigned int registered : 1; 546 unsigned int registered : 1;
547 unsigned int info_valid : 1; 547 unsigned int info_valid : 1;
548 548
549 u32 sense_data; 549 u32 sense_data;
550 u32 sense_data_info; 550 u32 sense_data_info;
551 u32 unit_attention_data; 551 u32 unit_attention_data;
552 552
553 struct device dev; 553 struct device dev;
554 }; 554 };
555 555
556 #define backing_file_is_open(curlun) ((curlun)->filp != NULL) 556 #define backing_file_is_open(curlun) ((curlun)->filp != NULL)
557 557
558 static struct lun *dev_to_lun(struct device *dev) 558 static struct lun *dev_to_lun(struct device *dev)
559 { 559 {
560 return container_of(dev, struct lun, dev); 560 return container_of(dev, struct lun, dev);
561 } 561 }
562 562
563 563
564 /* Big enough to hold our biggest descriptor */ 564 /* Big enough to hold our biggest descriptor */
565 #define EP0_BUFSIZE 256 565 #define EP0_BUFSIZE 256
566 #define DELAYED_STATUS (EP0_BUFSIZE + 999) // An impossibly large value 566 #define DELAYED_STATUS (EP0_BUFSIZE + 999) // An impossibly large value
567 567
568 /* Number of buffers we will use. 2 is enough for double-buffering */ 568 /* Number of buffers we will use. 2 is enough for double-buffering */
569 #define NUM_BUFFERS 2 569 #define NUM_BUFFERS 2
570 570
571 enum fsg_buffer_state { 571 enum fsg_buffer_state {
572 BUF_STATE_EMPTY = 0, 572 BUF_STATE_EMPTY = 0,
573 BUF_STATE_FULL, 573 BUF_STATE_FULL,
574 BUF_STATE_BUSY 574 BUF_STATE_BUSY
575 }; 575 };
576 576
577 struct fsg_buffhd { 577 struct fsg_buffhd {
578 void *buf; 578 void *buf;
579 enum fsg_buffer_state state; 579 enum fsg_buffer_state state;
580 struct fsg_buffhd *next; 580 struct fsg_buffhd *next;
581 581
582 /* The NetChip 2280 is faster, and handles some protocol faults 582 /* The NetChip 2280 is faster, and handles some protocol faults
583 * better, if we don't submit any short bulk-out read requests. 583 * better, if we don't submit any short bulk-out read requests.
584 * So we will record the intended request length here. */ 584 * So we will record the intended request length here. */
585 unsigned int bulk_out_intended_length; 585 unsigned int bulk_out_intended_length;
586 586
587 struct usb_request *inreq; 587 struct usb_request *inreq;
588 int inreq_busy; 588 int inreq_busy;
589 struct usb_request *outreq; 589 struct usb_request *outreq;
590 int outreq_busy; 590 int outreq_busy;
591 }; 591 };
592 592
593 enum fsg_state { 593 enum fsg_state {
594 FSG_STATE_COMMAND_PHASE = -10, // This one isn't used anywhere 594 FSG_STATE_COMMAND_PHASE = -10, // This one isn't used anywhere
595 FSG_STATE_DATA_PHASE, 595 FSG_STATE_DATA_PHASE,
596 FSG_STATE_STATUS_PHASE, 596 FSG_STATE_STATUS_PHASE,
597 597
598 FSG_STATE_IDLE = 0, 598 FSG_STATE_IDLE = 0,
599 FSG_STATE_ABORT_BULK_OUT, 599 FSG_STATE_ABORT_BULK_OUT,
600 FSG_STATE_RESET, 600 FSG_STATE_RESET,
601 FSG_STATE_INTERFACE_CHANGE, 601 FSG_STATE_INTERFACE_CHANGE,
602 FSG_STATE_CONFIG_CHANGE, 602 FSG_STATE_CONFIG_CHANGE,
603 FSG_STATE_DISCONNECT, 603 FSG_STATE_DISCONNECT,
604 FSG_STATE_EXIT, 604 FSG_STATE_EXIT,
605 FSG_STATE_TERMINATED 605 FSG_STATE_TERMINATED
606 }; 606 };
607 607
608 enum data_direction { 608 enum data_direction {
609 DATA_DIR_UNKNOWN = 0, 609 DATA_DIR_UNKNOWN = 0,
610 DATA_DIR_FROM_HOST, 610 DATA_DIR_FROM_HOST,
611 DATA_DIR_TO_HOST, 611 DATA_DIR_TO_HOST,
612 DATA_DIR_NONE 612 DATA_DIR_NONE
613 }; 613 };
614 614
615 struct fsg_dev { 615 struct fsg_dev {
616 /* lock protects: state, all the req_busy's, and cbbuf_cmnd */ 616 /* lock protects: state, all the req_busy's, and cbbuf_cmnd */
617 spinlock_t lock; 617 spinlock_t lock;
618 struct usb_gadget *gadget; 618 struct usb_gadget *gadget;
619 619
620 /* filesem protects: backing files in use */ 620 /* filesem protects: backing files in use */
621 struct rw_semaphore filesem; 621 struct rw_semaphore filesem;
622 622
623 /* reference counting: wait until all LUNs are released */ 623 /* reference counting: wait until all LUNs are released */
624 struct kref ref; 624 struct kref ref;
625 625
626 struct usb_ep *ep0; // Handy copy of gadget->ep0 626 struct usb_ep *ep0; // Handy copy of gadget->ep0
627 struct usb_request *ep0req; // For control responses 627 struct usb_request *ep0req; // For control responses
628 unsigned int ep0_req_tag; 628 unsigned int ep0_req_tag;
629 const char *ep0req_name; 629 const char *ep0req_name;
630 630
631 struct usb_request *intreq; // For interrupt responses 631 struct usb_request *intreq; // For interrupt responses
632 int intreq_busy; 632 int intreq_busy;
633 struct fsg_buffhd *intr_buffhd; 633 struct fsg_buffhd *intr_buffhd;
634 634
635 unsigned int bulk_out_maxpacket; 635 unsigned int bulk_out_maxpacket;
636 enum fsg_state state; // For exception handling 636 enum fsg_state state; // For exception handling
637 unsigned int exception_req_tag; 637 unsigned int exception_req_tag;
638 638
639 u8 config, new_config; 639 u8 config, new_config;
640 640
641 unsigned int running : 1; 641 unsigned int running : 1;
642 unsigned int bulk_in_enabled : 1; 642 unsigned int bulk_in_enabled : 1;
643 unsigned int bulk_out_enabled : 1; 643 unsigned int bulk_out_enabled : 1;
644 unsigned int intr_in_enabled : 1; 644 unsigned int intr_in_enabled : 1;
645 unsigned int phase_error : 1; 645 unsigned int phase_error : 1;
646 unsigned int short_packet_received : 1; 646 unsigned int short_packet_received : 1;
647 unsigned int bad_lun_okay : 1; 647 unsigned int bad_lun_okay : 1;
648 648
649 unsigned long atomic_bitflags; 649 unsigned long atomic_bitflags;
650 #define REGISTERED 0 650 #define REGISTERED 0
651 #define CLEAR_BULK_HALTS 1 651 #define CLEAR_BULK_HALTS 1
652 #define SUSPENDED 2 652 #define SUSPENDED 2
653 653
654 struct usb_ep *bulk_in; 654 struct usb_ep *bulk_in;
655 struct usb_ep *bulk_out; 655 struct usb_ep *bulk_out;
656 struct usb_ep *intr_in; 656 struct usb_ep *intr_in;
657 657
658 struct fsg_buffhd *next_buffhd_to_fill; 658 struct fsg_buffhd *next_buffhd_to_fill;
659 struct fsg_buffhd *next_buffhd_to_drain; 659 struct fsg_buffhd *next_buffhd_to_drain;
660 struct fsg_buffhd buffhds[NUM_BUFFERS]; 660 struct fsg_buffhd buffhds[NUM_BUFFERS];
661 661
662 int thread_wakeup_needed; 662 int thread_wakeup_needed;
663 struct completion thread_notifier; 663 struct completion thread_notifier;
664 struct task_struct *thread_task; 664 struct task_struct *thread_task;
665 665
666 int cmnd_size; 666 int cmnd_size;
667 u8 cmnd[MAX_COMMAND_SIZE]; 667 u8 cmnd[MAX_COMMAND_SIZE];
668 enum data_direction data_dir; 668 enum data_direction data_dir;
669 u32 data_size; 669 u32 data_size;
670 u32 data_size_from_cmnd; 670 u32 data_size_from_cmnd;
671 u32 tag; 671 u32 tag;
672 unsigned int lun; 672 unsigned int lun;
673 u32 residue; 673 u32 residue;
674 u32 usb_amount_left; 674 u32 usb_amount_left;
675 675
676 /* The CB protocol offers no way for a host to know when a command 676 /* The CB protocol offers no way for a host to know when a command
677 * has completed. As a result the next command may arrive early, 677 * has completed. As a result the next command may arrive early,
678 * and we will still have to handle it. For that reason we need 678 * and we will still have to handle it. For that reason we need
679 * a buffer to store new commands when using CB (or CBI, which 679 * a buffer to store new commands when using CB (or CBI, which
680 * does not oblige a host to wait for command completion either). */ 680 * does not oblige a host to wait for command completion either). */
681 int cbbuf_cmnd_size; 681 int cbbuf_cmnd_size;
682 u8 cbbuf_cmnd[MAX_COMMAND_SIZE]; 682 u8 cbbuf_cmnd[MAX_COMMAND_SIZE];
683 683
684 unsigned int nluns; 684 unsigned int nluns;
685 struct lun *luns; 685 struct lun *luns;
686 struct lun *curlun; 686 struct lun *curlun;
687 }; 687 };
688 688
689 typedef void (*fsg_routine_t)(struct fsg_dev *); 689 typedef void (*fsg_routine_t)(struct fsg_dev *);
690 690
691 static int exception_in_progress(struct fsg_dev *fsg) 691 static int exception_in_progress(struct fsg_dev *fsg)
692 { 692 {
693 return (fsg->state > FSG_STATE_IDLE); 693 return (fsg->state > FSG_STATE_IDLE);
694 } 694 }
695 695
696 /* Make bulk-out requests be divisible by the maxpacket size */ 696 /* Make bulk-out requests be divisible by the maxpacket size */
697 static void set_bulk_out_req_length(struct fsg_dev *fsg, 697 static void set_bulk_out_req_length(struct fsg_dev *fsg,
698 struct fsg_buffhd *bh, unsigned int length) 698 struct fsg_buffhd *bh, unsigned int length)
699 { 699 {
700 unsigned int rem; 700 unsigned int rem;
701 701
702 bh->bulk_out_intended_length = length; 702 bh->bulk_out_intended_length = length;
703 rem = length % fsg->bulk_out_maxpacket; 703 rem = length % fsg->bulk_out_maxpacket;
704 if (rem > 0) 704 if (rem > 0)
705 length += fsg->bulk_out_maxpacket - rem; 705 length += fsg->bulk_out_maxpacket - rem;
706 bh->outreq->length = length; 706 bh->outreq->length = length;
707 } 707 }
708 708
709 static struct fsg_dev *the_fsg; 709 static struct fsg_dev *the_fsg;
710 static struct usb_gadget_driver fsg_driver; 710 static struct usb_gadget_driver fsg_driver;
711 711
712 static void close_backing_file(struct lun *curlun); 712 static void close_backing_file(struct lun *curlun);
713 static void close_all_backing_files(struct fsg_dev *fsg); 713 static void close_all_backing_files(struct fsg_dev *fsg);
714 714
715 715
716 /*-------------------------------------------------------------------------*/ 716 /*-------------------------------------------------------------------------*/
717 717
718 #ifdef DUMP_MSGS 718 #ifdef DUMP_MSGS
719 719
720 static void dump_msg(struct fsg_dev *fsg, const char *label, 720 static void dump_msg(struct fsg_dev *fsg, const char *label,
721 const u8 *buf, unsigned int length) 721 const u8 *buf, unsigned int length)
722 { 722 {
723 if (length < 512) { 723 if (length < 512) {
724 DBG(fsg, "%s, length %u:\n", label, length); 724 DBG(fsg, "%s, length %u:\n", label, length);
725 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 725 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET,
726 16, 1, buf, length, 0); 726 16, 1, buf, length, 0);
727 } 727 }
728 } 728 }
729 729
730 static void dump_cdb(struct fsg_dev *fsg) 730 static void dump_cdb(struct fsg_dev *fsg)
731 {} 731 {}
732 732
733 #else 733 #else
734 734
735 static void dump_msg(struct fsg_dev *fsg, const char *label, 735 static void dump_msg(struct fsg_dev *fsg, const char *label,
736 const u8 *buf, unsigned int length) 736 const u8 *buf, unsigned int length)
737 {} 737 {}
738 738
739 #ifdef VERBOSE_DEBUG 739 #ifdef VERBOSE_DEBUG
740 740
741 static void dump_cdb(struct fsg_dev *fsg) 741 static void dump_cdb(struct fsg_dev *fsg)
742 { 742 {
743 print_hex_dump(KERN_DEBUG, "SCSI CDB: ", DUMP_PREFIX_NONE, 743 print_hex_dump(KERN_DEBUG, "SCSI CDB: ", DUMP_PREFIX_NONE,
744 16, 1, fsg->cmnd, fsg->cmnd_size, 0); 744 16, 1, fsg->cmnd, fsg->cmnd_size, 0);
745 } 745 }
746 746
747 #else 747 #else
748 748
749 static void dump_cdb(struct fsg_dev *fsg) 749 static void dump_cdb(struct fsg_dev *fsg)
750 {} 750 {}
751 751
752 #endif /* VERBOSE_DEBUG */ 752 #endif /* VERBOSE_DEBUG */
753 #endif /* DUMP_MSGS */ 753 #endif /* DUMP_MSGS */
754 754
755 755
756 static int fsg_set_halt(struct fsg_dev *fsg, struct usb_ep *ep) 756 static int fsg_set_halt(struct fsg_dev *fsg, struct usb_ep *ep)
757 { 757 {
758 const char *name; 758 const char *name;
759 759
760 if (ep == fsg->bulk_in) 760 if (ep == fsg->bulk_in)
761 name = "bulk-in"; 761 name = "bulk-in";
762 else if (ep == fsg->bulk_out) 762 else if (ep == fsg->bulk_out)
763 name = "bulk-out"; 763 name = "bulk-out";
764 else 764 else
765 name = ep->name; 765 name = ep->name;
766 DBG(fsg, "%s set halt\n", name); 766 DBG(fsg, "%s set halt\n", name);
767 return usb_ep_set_halt(ep); 767 return usb_ep_set_halt(ep);
768 } 768 }
769 769
770 770
771 /*-------------------------------------------------------------------------*/ 771 /*-------------------------------------------------------------------------*/
772 772
773 /* Routines for unaligned data access */ 773 /* Routines for unaligned data access */
774 774
775 static u16 get_be16(u8 *buf) 775 static u16 get_be16(u8 *buf)
776 { 776 {
777 return ((u16) buf[0] << 8) | ((u16) buf[1]); 777 return ((u16) buf[0] << 8) | ((u16) buf[1]);
778 } 778 }
779 779
780 static u32 get_be32(u8 *buf) 780 static u32 get_be32(u8 *buf)
781 { 781 {
782 return ((u32) buf[0] << 24) | ((u32) buf[1] << 16) | 782 return ((u32) buf[0] << 24) | ((u32) buf[1] << 16) |
783 ((u32) buf[2] << 8) | ((u32) buf[3]); 783 ((u32) buf[2] << 8) | ((u32) buf[3]);
784 } 784 }
785 785
786 static void put_be16(u8 *buf, u16 val) 786 static void put_be16(u8 *buf, u16 val)
787 { 787 {
788 buf[0] = val >> 8; 788 buf[0] = val >> 8;
789 buf[1] = val; 789 buf[1] = val;
790 } 790 }
791 791
792 static void put_be32(u8 *buf, u32 val) 792 static void put_be32(u8 *buf, u32 val)
793 { 793 {
794 buf[0] = val >> 24; 794 buf[0] = val >> 24;
795 buf[1] = val >> 16; 795 buf[1] = val >> 16;
796 buf[2] = val >> 8; 796 buf[2] = val >> 8;
797 buf[3] = val & 0xff; 797 buf[3] = val & 0xff;
798 } 798 }
799 799
800 800
801 /*-------------------------------------------------------------------------*/ 801 /*-------------------------------------------------------------------------*/
802 802
803 /* 803 /*
804 * DESCRIPTORS ... most are static, but strings and (full) configuration 804 * DESCRIPTORS ... most are static, but strings and (full) configuration
805 * descriptors are built on demand. Also the (static) config and interface 805 * descriptors are built on demand. Also the (static) config and interface
806 * descriptors are adjusted during fsg_bind(). 806 * descriptors are adjusted during fsg_bind().
807 */ 807 */
808 #define STRING_MANUFACTURER 1 808 #define STRING_MANUFACTURER 1
809 #define STRING_PRODUCT 2 809 #define STRING_PRODUCT 2
810 #define STRING_SERIAL 3 810 #define STRING_SERIAL 3
811 #define STRING_CONFIG 4 811 #define STRING_CONFIG 4
812 #define STRING_INTERFACE 5 812 #define STRING_INTERFACE 5
813 813
814 /* There is only one configuration. */ 814 /* There is only one configuration. */
815 #define CONFIG_VALUE 1 815 #define CONFIG_VALUE 1
816 816
817 static struct usb_device_descriptor 817 static struct usb_device_descriptor
818 device_desc = { 818 device_desc = {
819 .bLength = sizeof device_desc, 819 .bLength = sizeof device_desc,
820 .bDescriptorType = USB_DT_DEVICE, 820 .bDescriptorType = USB_DT_DEVICE,
821 821
822 .bcdUSB = __constant_cpu_to_le16(0x0200), 822 .bcdUSB = __constant_cpu_to_le16(0x0200),
823 .bDeviceClass = USB_CLASS_PER_INTERFACE, 823 .bDeviceClass = USB_CLASS_PER_INTERFACE,
824 824
825 /* The next three values can be overridden by module parameters */ 825 /* The next three values can be overridden by module parameters */
826 .idVendor = __constant_cpu_to_le16(DRIVER_VENDOR_ID), 826 .idVendor = __constant_cpu_to_le16(DRIVER_VENDOR_ID),
827 .idProduct = __constant_cpu_to_le16(DRIVER_PRODUCT_ID), 827 .idProduct = __constant_cpu_to_le16(DRIVER_PRODUCT_ID),
828 .bcdDevice = __constant_cpu_to_le16(0xffff), 828 .bcdDevice = __constant_cpu_to_le16(0xffff),
829 829
830 .iManufacturer = STRING_MANUFACTURER, 830 .iManufacturer = STRING_MANUFACTURER,
831 .iProduct = STRING_PRODUCT, 831 .iProduct = STRING_PRODUCT,
832 .iSerialNumber = STRING_SERIAL, 832 .iSerialNumber = STRING_SERIAL,
833 .bNumConfigurations = 1, 833 .bNumConfigurations = 1,
834 }; 834 };
835 835
836 static struct usb_config_descriptor 836 static struct usb_config_descriptor
837 config_desc = { 837 config_desc = {
838 .bLength = sizeof config_desc, 838 .bLength = sizeof config_desc,
839 .bDescriptorType = USB_DT_CONFIG, 839 .bDescriptorType = USB_DT_CONFIG,
840 840
841 /* wTotalLength computed by usb_gadget_config_buf() */ 841 /* wTotalLength computed by usb_gadget_config_buf() */
842 .bNumInterfaces = 1, 842 .bNumInterfaces = 1,
843 .bConfigurationValue = CONFIG_VALUE, 843 .bConfigurationValue = CONFIG_VALUE,
844 .iConfiguration = STRING_CONFIG, 844 .iConfiguration = STRING_CONFIG,
845 .bmAttributes = USB_CONFIG_ATT_ONE | USB_CONFIG_ATT_SELFPOWER, 845 .bmAttributes = USB_CONFIG_ATT_ONE | USB_CONFIG_ATT_SELFPOWER,
846 .bMaxPower = 1, // self-powered 846 .bMaxPower = 1, // self-powered
847 }; 847 };
848 848
849 static struct usb_otg_descriptor 849 static struct usb_otg_descriptor
850 otg_desc = { 850 otg_desc = {
851 .bLength = sizeof(otg_desc), 851 .bLength = sizeof(otg_desc),
852 .bDescriptorType = USB_DT_OTG, 852 .bDescriptorType = USB_DT_OTG,
853 853
854 .bmAttributes = USB_OTG_SRP, 854 .bmAttributes = USB_OTG_SRP,
855 }; 855 };
856 856
857 /* There is only one interface. */ 857 /* There is only one interface. */
858 858
859 static struct usb_interface_descriptor 859 static struct usb_interface_descriptor
860 intf_desc = { 860 intf_desc = {
861 .bLength = sizeof intf_desc, 861 .bLength = sizeof intf_desc,
862 .bDescriptorType = USB_DT_INTERFACE, 862 .bDescriptorType = USB_DT_INTERFACE,
863 863
864 .bNumEndpoints = 2, // Adjusted during fsg_bind() 864 .bNumEndpoints = 2, // Adjusted during fsg_bind()
865 .bInterfaceClass = USB_CLASS_MASS_STORAGE, 865 .bInterfaceClass = USB_CLASS_MASS_STORAGE,
866 .bInterfaceSubClass = USB_SC_SCSI, // Adjusted during fsg_bind() 866 .bInterfaceSubClass = USB_SC_SCSI, // Adjusted during fsg_bind()
867 .bInterfaceProtocol = USB_PR_BULK, // Adjusted during fsg_bind() 867 .bInterfaceProtocol = USB_PR_BULK, // Adjusted during fsg_bind()
868 .iInterface = STRING_INTERFACE, 868 .iInterface = STRING_INTERFACE,
869 }; 869 };
870 870
871 /* Three full-speed endpoint descriptors: bulk-in, bulk-out, 871 /* Three full-speed endpoint descriptors: bulk-in, bulk-out,
872 * and interrupt-in. */ 872 * and interrupt-in. */
873 873
874 static struct usb_endpoint_descriptor 874 static struct usb_endpoint_descriptor
875 fs_bulk_in_desc = { 875 fs_bulk_in_desc = {
876 .bLength = USB_DT_ENDPOINT_SIZE, 876 .bLength = USB_DT_ENDPOINT_SIZE,
877 .bDescriptorType = USB_DT_ENDPOINT, 877 .bDescriptorType = USB_DT_ENDPOINT,
878 878
879 .bEndpointAddress = USB_DIR_IN, 879 .bEndpointAddress = USB_DIR_IN,
880 .bmAttributes = USB_ENDPOINT_XFER_BULK, 880 .bmAttributes = USB_ENDPOINT_XFER_BULK,
881 /* wMaxPacketSize set by autoconfiguration */ 881 /* wMaxPacketSize set by autoconfiguration */
882 }; 882 };
883 883
884 static struct usb_endpoint_descriptor 884 static struct usb_endpoint_descriptor
885 fs_bulk_out_desc = { 885 fs_bulk_out_desc = {
886 .bLength = USB_DT_ENDPOINT_SIZE, 886 .bLength = USB_DT_ENDPOINT_SIZE,
887 .bDescriptorType = USB_DT_ENDPOINT, 887 .bDescriptorType = USB_DT_ENDPOINT,
888 888
889 .bEndpointAddress = USB_DIR_OUT, 889 .bEndpointAddress = USB_DIR_OUT,
890 .bmAttributes = USB_ENDPOINT_XFER_BULK, 890 .bmAttributes = USB_ENDPOINT_XFER_BULK,
891 /* wMaxPacketSize set by autoconfiguration */ 891 /* wMaxPacketSize set by autoconfiguration */
892 }; 892 };
893 893
894 static struct usb_endpoint_descriptor 894 static struct usb_endpoint_descriptor
895 fs_intr_in_desc = { 895 fs_intr_in_desc = {
896 .bLength = USB_DT_ENDPOINT_SIZE, 896 .bLength = USB_DT_ENDPOINT_SIZE,
897 .bDescriptorType = USB_DT_ENDPOINT, 897 .bDescriptorType = USB_DT_ENDPOINT,
898 898
899 .bEndpointAddress = USB_DIR_IN, 899 .bEndpointAddress = USB_DIR_IN,
900 .bmAttributes = USB_ENDPOINT_XFER_INT, 900 .bmAttributes = USB_ENDPOINT_XFER_INT,
901 .wMaxPacketSize = __constant_cpu_to_le16(2), 901 .wMaxPacketSize = __constant_cpu_to_le16(2),
902 .bInterval = 32, // frames -> 32 ms 902 .bInterval = 32, // frames -> 32 ms
903 }; 903 };
904 904
905 static const struct usb_descriptor_header *fs_function[] = { 905 static const struct usb_descriptor_header *fs_function[] = {
906 (struct usb_descriptor_header *) &otg_desc, 906 (struct usb_descriptor_header *) &otg_desc,
907 (struct usb_descriptor_header *) &intf_desc, 907 (struct usb_descriptor_header *) &intf_desc,
908 (struct usb_descriptor_header *) &fs_bulk_in_desc, 908 (struct usb_descriptor_header *) &fs_bulk_in_desc,
909 (struct usb_descriptor_header *) &fs_bulk_out_desc, 909 (struct usb_descriptor_header *) &fs_bulk_out_desc,
910 (struct usb_descriptor_header *) &fs_intr_in_desc, 910 (struct usb_descriptor_header *) &fs_intr_in_desc,
911 NULL, 911 NULL,
912 }; 912 };
913 #define FS_FUNCTION_PRE_EP_ENTRIES 2 913 #define FS_FUNCTION_PRE_EP_ENTRIES 2
914 914
915 915
916 /* 916 /*
917 * USB 2.0 devices need to expose both high speed and full speed 917 * USB 2.0 devices need to expose both high speed and full speed
918 * descriptors, unless they only run at full speed. 918 * descriptors, unless they only run at full speed.
919 * 919 *
920 * That means alternate endpoint descriptors (bigger packets) 920 * That means alternate endpoint descriptors (bigger packets)
921 * and a "device qualifier" ... plus more construction options 921 * and a "device qualifier" ... plus more construction options
922 * for the config descriptor. 922 * for the config descriptor.
923 */ 923 */
924 static struct usb_qualifier_descriptor 924 static struct usb_qualifier_descriptor
925 dev_qualifier = { 925 dev_qualifier = {
926 .bLength = sizeof dev_qualifier, 926 .bLength = sizeof dev_qualifier,
927 .bDescriptorType = USB_DT_DEVICE_QUALIFIER, 927 .bDescriptorType = USB_DT_DEVICE_QUALIFIER,
928 928
929 .bcdUSB = __constant_cpu_to_le16(0x0200), 929 .bcdUSB = __constant_cpu_to_le16(0x0200),
930 .bDeviceClass = USB_CLASS_PER_INTERFACE, 930 .bDeviceClass = USB_CLASS_PER_INTERFACE,
931 931
932 .bNumConfigurations = 1, 932 .bNumConfigurations = 1,
933 }; 933 };
934 934
935 static struct usb_endpoint_descriptor 935 static struct usb_endpoint_descriptor
936 hs_bulk_in_desc = { 936 hs_bulk_in_desc = {
937 .bLength = USB_DT_ENDPOINT_SIZE, 937 .bLength = USB_DT_ENDPOINT_SIZE,
938 .bDescriptorType = USB_DT_ENDPOINT, 938 .bDescriptorType = USB_DT_ENDPOINT,
939 939
940 /* bEndpointAddress copied from fs_bulk_in_desc during fsg_bind() */ 940 /* bEndpointAddress copied from fs_bulk_in_desc during fsg_bind() */
941 .bmAttributes = USB_ENDPOINT_XFER_BULK, 941 .bmAttributes = USB_ENDPOINT_XFER_BULK,
942 .wMaxPacketSize = __constant_cpu_to_le16(512), 942 .wMaxPacketSize = __constant_cpu_to_le16(512),
943 }; 943 };
944 944
945 static struct usb_endpoint_descriptor 945 static struct usb_endpoint_descriptor
946 hs_bulk_out_desc = { 946 hs_bulk_out_desc = {
947 .bLength = USB_DT_ENDPOINT_SIZE, 947 .bLength = USB_DT_ENDPOINT_SIZE,
948 .bDescriptorType = USB_DT_ENDPOINT, 948 .bDescriptorType = USB_DT_ENDPOINT,
949 949
950 /* bEndpointAddress copied from fs_bulk_out_desc during fsg_bind() */ 950 /* bEndpointAddress copied from fs_bulk_out_desc during fsg_bind() */
951 .bmAttributes = USB_ENDPOINT_XFER_BULK, 951 .bmAttributes = USB_ENDPOINT_XFER_BULK,
952 .wMaxPacketSize = __constant_cpu_to_le16(512), 952 .wMaxPacketSize = __constant_cpu_to_le16(512),
953 .bInterval = 1, // NAK every 1 uframe 953 .bInterval = 1, // NAK every 1 uframe
954 }; 954 };
955 955
956 static struct usb_endpoint_descriptor 956 static struct usb_endpoint_descriptor
957 hs_intr_in_desc = { 957 hs_intr_in_desc = {
958 .bLength = USB_DT_ENDPOINT_SIZE, 958 .bLength = USB_DT_ENDPOINT_SIZE,
959 .bDescriptorType = USB_DT_ENDPOINT, 959 .bDescriptorType = USB_DT_ENDPOINT,
960 960
961 /* bEndpointAddress copied from fs_intr_in_desc during fsg_bind() */ 961 /* bEndpointAddress copied from fs_intr_in_desc during fsg_bind() */
962 .bmAttributes = USB_ENDPOINT_XFER_INT, 962 .bmAttributes = USB_ENDPOINT_XFER_INT,
963 .wMaxPacketSize = __constant_cpu_to_le16(2), 963 .wMaxPacketSize = __constant_cpu_to_le16(2),
964 .bInterval = 9, // 2**(9-1) = 256 uframes -> 32 ms 964 .bInterval = 9, // 2**(9-1) = 256 uframes -> 32 ms
965 }; 965 };
966 966
967 static const struct usb_descriptor_header *hs_function[] = { 967 static const struct usb_descriptor_header *hs_function[] = {
968 (struct usb_descriptor_header *) &otg_desc, 968 (struct usb_descriptor_header *) &otg_desc,
969 (struct usb_descriptor_header *) &intf_desc, 969 (struct usb_descriptor_header *) &intf_desc,
970 (struct usb_descriptor_header *) &hs_bulk_in_desc, 970 (struct usb_descriptor_header *) &hs_bulk_in_desc,
971 (struct usb_descriptor_header *) &hs_bulk_out_desc, 971 (struct usb_descriptor_header *) &hs_bulk_out_desc,
972 (struct usb_descriptor_header *) &hs_intr_in_desc, 972 (struct usb_descriptor_header *) &hs_intr_in_desc,
973 NULL, 973 NULL,
974 }; 974 };
975 #define HS_FUNCTION_PRE_EP_ENTRIES 2 975 #define HS_FUNCTION_PRE_EP_ENTRIES 2
976 976
977 /* Maxpacket and other transfer characteristics vary by speed. */ 977 /* Maxpacket and other transfer characteristics vary by speed. */
978 static struct usb_endpoint_descriptor * 978 static struct usb_endpoint_descriptor *
979 ep_desc(struct usb_gadget *g, struct usb_endpoint_descriptor *fs, 979 ep_desc(struct usb_gadget *g, struct usb_endpoint_descriptor *fs,
980 struct usb_endpoint_descriptor *hs) 980 struct usb_endpoint_descriptor *hs)
981 { 981 {
982 if (gadget_is_dualspeed(g) && g->speed == USB_SPEED_HIGH) 982 if (gadget_is_dualspeed(g) && g->speed == USB_SPEED_HIGH)
983 return hs; 983 return hs;
984 return fs; 984 return fs;
985 } 985 }
986 986
987 987
988 /* The CBI specification limits the serial string to 12 uppercase hexadecimal 988 /* The CBI specification limits the serial string to 12 uppercase hexadecimal
989 * characters. */ 989 * characters. */
990 static char manufacturer[64]; 990 static char manufacturer[64];
991 static char serial[13]; 991 static char serial[13];
992 992
993 /* Static strings, in UTF-8 (for simplicity we use only ASCII characters) */ 993 /* Static strings, in UTF-8 (for simplicity we use only ASCII characters) */
994 static struct usb_string strings[] = { 994 static struct usb_string strings[] = {
995 {STRING_MANUFACTURER, manufacturer}, 995 {STRING_MANUFACTURER, manufacturer},
996 {STRING_PRODUCT, longname}, 996 {STRING_PRODUCT, longname},
997 {STRING_SERIAL, serial}, 997 {STRING_SERIAL, serial},
998 {STRING_CONFIG, "Self-powered"}, 998 {STRING_CONFIG, "Self-powered"},
999 {STRING_INTERFACE, "Mass Storage"}, 999 {STRING_INTERFACE, "Mass Storage"},
1000 {} 1000 {}
1001 }; 1001 };
1002 1002
1003 static struct usb_gadget_strings stringtab = { 1003 static struct usb_gadget_strings stringtab = {
1004 .language = 0x0409, // en-us 1004 .language = 0x0409, // en-us
1005 .strings = strings, 1005 .strings = strings,
1006 }; 1006 };
1007 1007
1008 1008
1009 /* 1009 /*
1010 * Config descriptors must agree with the code that sets configurations 1010 * Config descriptors must agree with the code that sets configurations
1011 * and with code managing interfaces and their altsettings. They must 1011 * and with code managing interfaces and their altsettings. They must
1012 * also handle different speeds and other-speed requests. 1012 * also handle different speeds and other-speed requests.
1013 */ 1013 */
1014 static int populate_config_buf(struct usb_gadget *gadget, 1014 static int populate_config_buf(struct usb_gadget *gadget,
1015 u8 *buf, u8 type, unsigned index) 1015 u8 *buf, u8 type, unsigned index)
1016 { 1016 {
1017 enum usb_device_speed speed = gadget->speed; 1017 enum usb_device_speed speed = gadget->speed;
1018 int len; 1018 int len;
1019 const struct usb_descriptor_header **function; 1019 const struct usb_descriptor_header **function;
1020 1020
1021 if (index > 0) 1021 if (index > 0)
1022 return -EINVAL; 1022 return -EINVAL;
1023 1023
1024 if (gadget_is_dualspeed(gadget) && type == USB_DT_OTHER_SPEED_CONFIG) 1024 if (gadget_is_dualspeed(gadget) && type == USB_DT_OTHER_SPEED_CONFIG)
1025 speed = (USB_SPEED_FULL + USB_SPEED_HIGH) - speed; 1025 speed = (USB_SPEED_FULL + USB_SPEED_HIGH) - speed;
1026 if (gadget_is_dualspeed(gadget) && speed == USB_SPEED_HIGH) 1026 if (gadget_is_dualspeed(gadget) && speed == USB_SPEED_HIGH)
1027 function = hs_function; 1027 function = hs_function;
1028 else 1028 else
1029 function = fs_function; 1029 function = fs_function;
1030 1030
1031 /* for now, don't advertise srp-only devices */ 1031 /* for now, don't advertise srp-only devices */
1032 if (!gadget_is_otg(gadget)) 1032 if (!gadget_is_otg(gadget))
1033 function++; 1033 function++;
1034 1034
1035 len = usb_gadget_config_buf(&config_desc, buf, EP0_BUFSIZE, function); 1035 len = usb_gadget_config_buf(&config_desc, buf, EP0_BUFSIZE, function);
1036 ((struct usb_config_descriptor *) buf)->bDescriptorType = type; 1036 ((struct usb_config_descriptor *) buf)->bDescriptorType = type;
1037 return len; 1037 return len;
1038 } 1038 }
1039 1039
1040 1040
1041 /*-------------------------------------------------------------------------*/ 1041 /*-------------------------------------------------------------------------*/
1042 1042
1043 /* These routines may be called in process context or in_irq */ 1043 /* These routines may be called in process context or in_irq */
1044 1044
1045 /* Caller must hold fsg->lock */ 1045 /* Caller must hold fsg->lock */
1046 static void wakeup_thread(struct fsg_dev *fsg) 1046 static void wakeup_thread(struct fsg_dev *fsg)
1047 { 1047 {
1048 /* Tell the main thread that something has happened */ 1048 /* Tell the main thread that something has happened */
1049 fsg->thread_wakeup_needed = 1; 1049 fsg->thread_wakeup_needed = 1;
1050 if (fsg->thread_task) 1050 if (fsg->thread_task)
1051 wake_up_process(fsg->thread_task); 1051 wake_up_process(fsg->thread_task);
1052 } 1052 }
1053 1053
1054 1054
1055 static void raise_exception(struct fsg_dev *fsg, enum fsg_state new_state) 1055 static void raise_exception(struct fsg_dev *fsg, enum fsg_state new_state)
1056 { 1056 {
1057 unsigned long flags; 1057 unsigned long flags;
1058 1058
1059 /* Do nothing if a higher-priority exception is already in progress. 1059 /* Do nothing if a higher-priority exception is already in progress.
1060 * If a lower-or-equal priority exception is in progress, preempt it 1060 * If a lower-or-equal priority exception is in progress, preempt it
1061 * and notify the main thread by sending it a signal. */ 1061 * and notify the main thread by sending it a signal. */
1062 spin_lock_irqsave(&fsg->lock, flags); 1062 spin_lock_irqsave(&fsg->lock, flags);
1063 if (fsg->state <= new_state) { 1063 if (fsg->state <= new_state) {
1064 fsg->exception_req_tag = fsg->ep0_req_tag; 1064 fsg->exception_req_tag = fsg->ep0_req_tag;
1065 fsg->state = new_state; 1065 fsg->state = new_state;
1066 if (fsg->thread_task) 1066 if (fsg->thread_task)
1067 send_sig_info(SIGUSR1, SEND_SIG_FORCED, 1067 send_sig_info(SIGUSR1, SEND_SIG_FORCED,
1068 fsg->thread_task); 1068 fsg->thread_task);
1069 } 1069 }
1070 spin_unlock_irqrestore(&fsg->lock, flags); 1070 spin_unlock_irqrestore(&fsg->lock, flags);
1071 } 1071 }
1072 1072
1073 1073
1074 /*-------------------------------------------------------------------------*/ 1074 /*-------------------------------------------------------------------------*/
1075 1075
1076 /* The disconnect callback and ep0 routines. These always run in_irq, 1076 /* The disconnect callback and ep0 routines. These always run in_irq,
1077 * except that ep0_queue() is called in the main thread to acknowledge 1077 * except that ep0_queue() is called in the main thread to acknowledge
1078 * completion of various requests: set config, set interface, and 1078 * completion of various requests: set config, set interface, and
1079 * Bulk-only device reset. */ 1079 * Bulk-only device reset. */
1080 1080
1081 static void fsg_disconnect(struct usb_gadget *gadget) 1081 static void fsg_disconnect(struct usb_gadget *gadget)
1082 { 1082 {
1083 struct fsg_dev *fsg = get_gadget_data(gadget); 1083 struct fsg_dev *fsg = get_gadget_data(gadget);
1084 1084
1085 DBG(fsg, "disconnect or port reset\n"); 1085 DBG(fsg, "disconnect or port reset\n");
1086 raise_exception(fsg, FSG_STATE_DISCONNECT); 1086 raise_exception(fsg, FSG_STATE_DISCONNECT);
1087 } 1087 }
1088 1088
1089 1089
1090 static int ep0_queue(struct fsg_dev *fsg) 1090 static int ep0_queue(struct fsg_dev *fsg)
1091 { 1091 {
1092 int rc; 1092 int rc;
1093 1093
1094 rc = usb_ep_queue(fsg->ep0, fsg->ep0req, GFP_ATOMIC); 1094 rc = usb_ep_queue(fsg->ep0, fsg->ep0req, GFP_ATOMIC);
1095 if (rc != 0 && rc != -ESHUTDOWN) { 1095 if (rc != 0 && rc != -ESHUTDOWN) {
1096 1096
1097 /* We can't do much more than wait for a reset */ 1097 /* We can't do much more than wait for a reset */
1098 WARN(fsg, "error in submission: %s --> %d\n", 1098 WARN(fsg, "error in submission: %s --> %d\n",
1099 fsg->ep0->name, rc); 1099 fsg->ep0->name, rc);
1100 } 1100 }
1101 return rc; 1101 return rc;
1102 } 1102 }
1103 1103
1104 static void ep0_complete(struct usb_ep *ep, struct usb_request *req) 1104 static void ep0_complete(struct usb_ep *ep, struct usb_request *req)
1105 { 1105 {
1106 struct fsg_dev *fsg = ep->driver_data; 1106 struct fsg_dev *fsg = ep->driver_data;
1107 1107
1108 if (req->actual > 0) 1108 if (req->actual > 0)
1109 dump_msg(fsg, fsg->ep0req_name, req->buf, req->actual); 1109 dump_msg(fsg, fsg->ep0req_name, req->buf, req->actual);
1110 if (req->status || req->actual != req->length) 1110 if (req->status || req->actual != req->length)
1111 DBG(fsg, "%s --> %d, %u/%u\n", __FUNCTION__, 1111 DBG(fsg, "%s --> %d, %u/%u\n", __FUNCTION__,
1112 req->status, req->actual, req->length); 1112 req->status, req->actual, req->length);
1113 if (req->status == -ECONNRESET) // Request was cancelled 1113 if (req->status == -ECONNRESET) // Request was cancelled
1114 usb_ep_fifo_flush(ep); 1114 usb_ep_fifo_flush(ep);
1115 1115
1116 if (req->status == 0 && req->context) 1116 if (req->status == 0 && req->context)
1117 ((fsg_routine_t) (req->context))(fsg); 1117 ((fsg_routine_t) (req->context))(fsg);
1118 } 1118 }
1119 1119
1120 1120
1121 /*-------------------------------------------------------------------------*/ 1121 /*-------------------------------------------------------------------------*/
1122 1122
1123 /* Bulk and interrupt endpoint completion handlers. 1123 /* Bulk and interrupt endpoint completion handlers.
1124 * These always run in_irq. */ 1124 * These always run in_irq. */
1125 1125
1126 static void bulk_in_complete(struct usb_ep *ep, struct usb_request *req) 1126 static void bulk_in_complete(struct usb_ep *ep, struct usb_request *req)
1127 { 1127 {
1128 struct fsg_dev *fsg = ep->driver_data; 1128 struct fsg_dev *fsg = ep->driver_data;
1129 struct fsg_buffhd *bh = req->context; 1129 struct fsg_buffhd *bh = req->context;
1130 1130
1131 if (req->status || req->actual != req->length) 1131 if (req->status || req->actual != req->length)
1132 DBG(fsg, "%s --> %d, %u/%u\n", __FUNCTION__, 1132 DBG(fsg, "%s --> %d, %u/%u\n", __FUNCTION__,
1133 req->status, req->actual, req->length); 1133 req->status, req->actual, req->length);
1134 if (req->status == -ECONNRESET) // Request was cancelled 1134 if (req->status == -ECONNRESET) // Request was cancelled
1135 usb_ep_fifo_flush(ep); 1135 usb_ep_fifo_flush(ep);
1136 1136
1137 /* Hold the lock while we update the request and buffer states */ 1137 /* Hold the lock while we update the request and buffer states */
1138 smp_wmb(); 1138 smp_wmb();
1139 spin_lock(&fsg->lock); 1139 spin_lock(&fsg->lock);
1140 bh->inreq_busy = 0; 1140 bh->inreq_busy = 0;
1141 bh->state = BUF_STATE_EMPTY; 1141 bh->state = BUF_STATE_EMPTY;
1142 wakeup_thread(fsg); 1142 wakeup_thread(fsg);
1143 spin_unlock(&fsg->lock); 1143 spin_unlock(&fsg->lock);
1144 } 1144 }
1145 1145
1146 static void bulk_out_complete(struct usb_ep *ep, struct usb_request *req) 1146 static void bulk_out_complete(struct usb_ep *ep, struct usb_request *req)
1147 { 1147 {
1148 struct fsg_dev *fsg = ep->driver_data; 1148 struct fsg_dev *fsg = ep->driver_data;
1149 struct fsg_buffhd *bh = req->context; 1149 struct fsg_buffhd *bh = req->context;
1150 1150
1151 dump_msg(fsg, "bulk-out", req->buf, req->actual); 1151 dump_msg(fsg, "bulk-out", req->buf, req->actual);
1152 if (req->status || req->actual != bh->bulk_out_intended_length) 1152 if (req->status || req->actual != bh->bulk_out_intended_length)
1153 DBG(fsg, "%s --> %d, %u/%u\n", __FUNCTION__, 1153 DBG(fsg, "%s --> %d, %u/%u\n", __FUNCTION__,
1154 req->status, req->actual, 1154 req->status, req->actual,
1155 bh->bulk_out_intended_length); 1155 bh->bulk_out_intended_length);
1156 if (req->status == -ECONNRESET) // Request was cancelled 1156 if (req->status == -ECONNRESET) // Request was cancelled
1157 usb_ep_fifo_flush(ep); 1157 usb_ep_fifo_flush(ep);
1158 1158
1159 /* Hold the lock while we update the request and buffer states */ 1159 /* Hold the lock while we update the request and buffer states */
1160 smp_wmb(); 1160 smp_wmb();
1161 spin_lock(&fsg->lock); 1161 spin_lock(&fsg->lock);
1162 bh->outreq_busy = 0; 1162 bh->outreq_busy = 0;
1163 bh->state = BUF_STATE_FULL; 1163 bh->state = BUF_STATE_FULL;
1164 wakeup_thread(fsg); 1164 wakeup_thread(fsg);
1165 spin_unlock(&fsg->lock); 1165 spin_unlock(&fsg->lock);
1166 } 1166 }
1167 1167
1168 1168
1169 #ifdef CONFIG_USB_FILE_STORAGE_TEST 1169 #ifdef CONFIG_USB_FILE_STORAGE_TEST
1170 static void intr_in_complete(struct usb_ep *ep, struct usb_request *req) 1170 static void intr_in_complete(struct usb_ep *ep, struct usb_request *req)
1171 { 1171 {
1172 struct fsg_dev *fsg = ep->driver_data; 1172 struct fsg_dev *fsg = ep->driver_data;
1173 struct fsg_buffhd *bh = req->context; 1173 struct fsg_buffhd *bh = req->context;
1174 1174
1175 if (req->status || req->actual != req->length) 1175 if (req->status || req->actual != req->length)
1176 DBG(fsg, "%s --> %d, %u/%u\n", __FUNCTION__, 1176 DBG(fsg, "%s --> %d, %u/%u\n", __FUNCTION__,
1177 req->status, req->actual, req->length); 1177 req->status, req->actual, req->length);
1178 if (req->status == -ECONNRESET) // Request was cancelled 1178 if (req->status == -ECONNRESET) // Request was cancelled
1179 usb_ep_fifo_flush(ep); 1179 usb_ep_fifo_flush(ep);
1180 1180
1181 /* Hold the lock while we update the request and buffer states */ 1181 /* Hold the lock while we update the request and buffer states */
1182 smp_wmb(); 1182 smp_wmb();
1183 spin_lock(&fsg->lock); 1183 spin_lock(&fsg->lock);
1184 fsg->intreq_busy = 0; 1184 fsg->intreq_busy = 0;
1185 bh->state = BUF_STATE_EMPTY; 1185 bh->state = BUF_STATE_EMPTY;
1186 wakeup_thread(fsg); 1186 wakeup_thread(fsg);
1187 spin_unlock(&fsg->lock); 1187 spin_unlock(&fsg->lock);
1188 } 1188 }
1189 1189
1190 #else 1190 #else
1191 static void intr_in_complete(struct usb_ep *ep, struct usb_request *req) 1191 static void intr_in_complete(struct usb_ep *ep, struct usb_request *req)
1192 {} 1192 {}
1193 #endif /* CONFIG_USB_FILE_STORAGE_TEST */ 1193 #endif /* CONFIG_USB_FILE_STORAGE_TEST */
1194 1194
1195 1195
1196 /*-------------------------------------------------------------------------*/ 1196 /*-------------------------------------------------------------------------*/
1197 1197
1198 /* Ep0 class-specific handlers. These always run in_irq. */ 1198 /* Ep0 class-specific handlers. These always run in_irq. */
1199 1199
1200 #ifdef CONFIG_USB_FILE_STORAGE_TEST 1200 #ifdef CONFIG_USB_FILE_STORAGE_TEST
1201 static void received_cbi_adsc(struct fsg_dev *fsg, struct fsg_buffhd *bh) 1201 static void received_cbi_adsc(struct fsg_dev *fsg, struct fsg_buffhd *bh)
1202 { 1202 {
1203 struct usb_request *req = fsg->ep0req; 1203 struct usb_request *req = fsg->ep0req;
1204 static u8 cbi_reset_cmnd[6] = { 1204 static u8 cbi_reset_cmnd[6] = {
1205 SC_SEND_DIAGNOSTIC, 4, 0xff, 0xff, 0xff, 0xff}; 1205 SC_SEND_DIAGNOSTIC, 4, 0xff, 0xff, 0xff, 0xff};
1206 1206
1207 /* Error in command transfer? */ 1207 /* Error in command transfer? */
1208 if (req->status || req->length != req->actual || 1208 if (req->status || req->length != req->actual ||
1209 req->actual < 6 || req->actual > MAX_COMMAND_SIZE) { 1209 req->actual < 6 || req->actual > MAX_COMMAND_SIZE) {
1210 1210
1211 /* Not all controllers allow a protocol stall after 1211 /* Not all controllers allow a protocol stall after
1212 * receiving control-out data, but we'll try anyway. */ 1212 * receiving control-out data, but we'll try anyway. */
1213 fsg_set_halt(fsg, fsg->ep0); 1213 fsg_set_halt(fsg, fsg->ep0);
1214 return; // Wait for reset 1214 return; // Wait for reset
1215 } 1215 }
1216 1216
1217 /* Is it the special reset command? */ 1217 /* Is it the special reset command? */
1218 if (req->actual >= sizeof cbi_reset_cmnd && 1218 if (req->actual >= sizeof cbi_reset_cmnd &&
1219 memcmp(req->buf, cbi_reset_cmnd, 1219 memcmp(req->buf, cbi_reset_cmnd,
1220 sizeof cbi_reset_cmnd) == 0) { 1220 sizeof cbi_reset_cmnd) == 0) {
1221 1221
1222 /* Raise an exception to stop the current operation 1222 /* Raise an exception to stop the current operation
1223 * and reinitialize our state. */ 1223 * and reinitialize our state. */
1224 DBG(fsg, "cbi reset request\n"); 1224 DBG(fsg, "cbi reset request\n");
1225 raise_exception(fsg, FSG_STATE_RESET); 1225 raise_exception(fsg, FSG_STATE_RESET);
1226 return; 1226 return;
1227 } 1227 }
1228 1228
1229 VDBG(fsg, "CB[I] accept device-specific command\n"); 1229 VDBG(fsg, "CB[I] accept device-specific command\n");
1230 spin_lock(&fsg->lock); 1230 spin_lock(&fsg->lock);
1231 1231
1232 /* Save the command for later */ 1232 /* Save the command for later */
1233 if (fsg->cbbuf_cmnd_size) 1233 if (fsg->cbbuf_cmnd_size)
1234 WARN(fsg, "CB[I] overwriting previous command\n"); 1234 WARN(fsg, "CB[I] overwriting previous command\n");
1235 fsg->cbbuf_cmnd_size = req->actual; 1235 fsg->cbbuf_cmnd_size = req->actual;
1236 memcpy(fsg->cbbuf_cmnd, req->buf, fsg->cbbuf_cmnd_size); 1236 memcpy(fsg->cbbuf_cmnd, req->buf, fsg->cbbuf_cmnd_size);
1237 1237
1238 wakeup_thread(fsg); 1238 wakeup_thread(fsg);
1239 spin_unlock(&fsg->lock); 1239 spin_unlock(&fsg->lock);
1240 } 1240 }
1241 1241
1242 #else 1242 #else
1243 static void received_cbi_adsc(struct fsg_dev *fsg, struct fsg_buffhd *bh) 1243 static void received_cbi_adsc(struct fsg_dev *fsg, struct fsg_buffhd *bh)
1244 {} 1244 {}
1245 #endif /* CONFIG_USB_FILE_STORAGE_TEST */ 1245 #endif /* CONFIG_USB_FILE_STORAGE_TEST */
1246 1246
1247 1247
1248 static int class_setup_req(struct fsg_dev *fsg, 1248 static int class_setup_req(struct fsg_dev *fsg,
1249 const struct usb_ctrlrequest *ctrl) 1249 const struct usb_ctrlrequest *ctrl)
1250 { 1250 {
1251 struct usb_request *req = fsg->ep0req; 1251 struct usb_request *req = fsg->ep0req;
1252 int value = -EOPNOTSUPP; 1252 int value = -EOPNOTSUPP;
1253 u16 w_index = le16_to_cpu(ctrl->wIndex); 1253 u16 w_index = le16_to_cpu(ctrl->wIndex);
1254 u16 w_value = le16_to_cpu(ctrl->wValue); 1254 u16 w_value = le16_to_cpu(ctrl->wValue);
1255 u16 w_length = le16_to_cpu(ctrl->wLength); 1255 u16 w_length = le16_to_cpu(ctrl->wLength);
1256 1256
1257 if (!fsg->config) 1257 if (!fsg->config)
1258 return value; 1258 return value;
1259 1259
1260 /* Handle Bulk-only class-specific requests */ 1260 /* Handle Bulk-only class-specific requests */
1261 if (transport_is_bbb()) { 1261 if (transport_is_bbb()) {
1262 switch (ctrl->bRequest) { 1262 switch (ctrl->bRequest) {
1263 1263
1264 case USB_BULK_RESET_REQUEST: 1264 case USB_BULK_RESET_REQUEST:
1265 if (ctrl->bRequestType != (USB_DIR_OUT | 1265 if (ctrl->bRequestType != (USB_DIR_OUT |
1266 USB_TYPE_CLASS | USB_RECIP_INTERFACE)) 1266 USB_TYPE_CLASS | USB_RECIP_INTERFACE))
1267 break; 1267 break;
1268 if (w_index != 0 || w_value != 0) { 1268 if (w_index != 0 || w_value != 0) {
1269 value = -EDOM; 1269 value = -EDOM;
1270 break; 1270 break;
1271 } 1271 }
1272 1272
1273 /* Raise an exception to stop the current operation 1273 /* Raise an exception to stop the current operation
1274 * and reinitialize our state. */ 1274 * and reinitialize our state. */
1275 DBG(fsg, "bulk reset request\n"); 1275 DBG(fsg, "bulk reset request\n");
1276 raise_exception(fsg, FSG_STATE_RESET); 1276 raise_exception(fsg, FSG_STATE_RESET);
1277 value = DELAYED_STATUS; 1277 value = DELAYED_STATUS;
1278 break; 1278 break;
1279 1279
1280 case USB_BULK_GET_MAX_LUN_REQUEST: 1280 case USB_BULK_GET_MAX_LUN_REQUEST:
1281 if (ctrl->bRequestType != (USB_DIR_IN | 1281 if (ctrl->bRequestType != (USB_DIR_IN |
1282 USB_TYPE_CLASS | USB_RECIP_INTERFACE)) 1282 USB_TYPE_CLASS | USB_RECIP_INTERFACE))
1283 break; 1283 break;
1284 if (w_index != 0 || w_value != 0) { 1284 if (w_index != 0 || w_value != 0) {
1285 value = -EDOM; 1285 value = -EDOM;
1286 break; 1286 break;
1287 } 1287 }
1288 VDBG(fsg, "get max LUN\n"); 1288 VDBG(fsg, "get max LUN\n");
1289 *(u8 *) req->buf = fsg->nluns - 1; 1289 *(u8 *) req->buf = fsg->nluns - 1;
1290 value = 1; 1290 value = 1;
1291 break; 1291 break;
1292 } 1292 }
1293 } 1293 }
1294 1294
1295 /* Handle CBI class-specific requests */ 1295 /* Handle CBI class-specific requests */
1296 else { 1296 else {
1297 switch (ctrl->bRequest) { 1297 switch (ctrl->bRequest) {
1298 1298
1299 case USB_CBI_ADSC_REQUEST: 1299 case USB_CBI_ADSC_REQUEST:
1300 if (ctrl->bRequestType != (USB_DIR_OUT | 1300 if (ctrl->bRequestType != (USB_DIR_OUT |
1301 USB_TYPE_CLASS | USB_RECIP_INTERFACE)) 1301 USB_TYPE_CLASS | USB_RECIP_INTERFACE))
1302 break; 1302 break;
1303 if (w_index != 0 || w_value != 0) { 1303 if (w_index != 0 || w_value != 0) {
1304 value = -EDOM; 1304 value = -EDOM;
1305 break; 1305 break;
1306 } 1306 }
1307 if (w_length > MAX_COMMAND_SIZE) { 1307 if (w_length > MAX_COMMAND_SIZE) {
1308 value = -EOVERFLOW; 1308 value = -EOVERFLOW;
1309 break; 1309 break;
1310 } 1310 }
1311 value = w_length; 1311 value = w_length;
1312 fsg->ep0req->context = received_cbi_adsc; 1312 fsg->ep0req->context = received_cbi_adsc;
1313 break; 1313 break;
1314 } 1314 }
1315 } 1315 }
1316 1316
1317 if (value == -EOPNOTSUPP) 1317 if (value == -EOPNOTSUPP)
1318 VDBG(fsg, 1318 VDBG(fsg,
1319 "unknown class-specific control req " 1319 "unknown class-specific control req "
1320 "%02x.%02x v%04x i%04x l%u\n", 1320 "%02x.%02x v%04x i%04x l%u\n",
1321 ctrl->bRequestType, ctrl->bRequest, 1321 ctrl->bRequestType, ctrl->bRequest,
1322 le16_to_cpu(ctrl->wValue), w_index, w_length); 1322 le16_to_cpu(ctrl->wValue), w_index, w_length);
1323 return value; 1323 return value;
1324 } 1324 }
1325 1325
1326 1326
1327 /*-------------------------------------------------------------------------*/ 1327 /*-------------------------------------------------------------------------*/
1328 1328
1329 /* Ep0 standard request handlers. These always run in_irq. */ 1329 /* Ep0 standard request handlers. These always run in_irq. */
1330 1330
1331 static int standard_setup_req(struct fsg_dev *fsg, 1331 static int standard_setup_req(struct fsg_dev *fsg,
1332 const struct usb_ctrlrequest *ctrl) 1332 const struct usb_ctrlrequest *ctrl)
1333 { 1333 {
1334 struct usb_request *req = fsg->ep0req; 1334 struct usb_request *req = fsg->ep0req;
1335 int value = -EOPNOTSUPP; 1335 int value = -EOPNOTSUPP;
1336 u16 w_index = le16_to_cpu(ctrl->wIndex); 1336 u16 w_index = le16_to_cpu(ctrl->wIndex);
1337 u16 w_value = le16_to_cpu(ctrl->wValue); 1337 u16 w_value = le16_to_cpu(ctrl->wValue);
1338 1338
1339 /* Usually this just stores reply data in the pre-allocated ep0 buffer, 1339 /* Usually this just stores reply data in the pre-allocated ep0 buffer,
1340 * but config change events will also reconfigure hardware. */ 1340 * but config change events will also reconfigure hardware. */
1341 switch (ctrl->bRequest) { 1341 switch (ctrl->bRequest) {
1342 1342
1343 case USB_REQ_GET_DESCRIPTOR: 1343 case USB_REQ_GET_DESCRIPTOR:
1344 if (ctrl->bRequestType != (USB_DIR_IN | USB_TYPE_STANDARD | 1344 if (ctrl->bRequestType != (USB_DIR_IN | USB_TYPE_STANDARD |
1345 USB_RECIP_DEVICE)) 1345 USB_RECIP_DEVICE))
1346 break; 1346 break;
1347 switch (w_value >> 8) { 1347 switch (w_value >> 8) {
1348 1348
1349 case USB_DT_DEVICE: 1349 case USB_DT_DEVICE:
1350 VDBG(fsg, "get device descriptor\n"); 1350 VDBG(fsg, "get device descriptor\n");
1351 value = sizeof device_desc; 1351 value = sizeof device_desc;
1352 memcpy(req->buf, &device_desc, value); 1352 memcpy(req->buf, &device_desc, value);
1353 break; 1353 break;
1354 case USB_DT_DEVICE_QUALIFIER: 1354 case USB_DT_DEVICE_QUALIFIER:
1355 VDBG(fsg, "get device qualifier\n"); 1355 VDBG(fsg, "get device qualifier\n");
1356 if (!gadget_is_dualspeed(fsg->gadget)) 1356 if (!gadget_is_dualspeed(fsg->gadget))
1357 break; 1357 break;
1358 value = sizeof dev_qualifier; 1358 value = sizeof dev_qualifier;
1359 memcpy(req->buf, &dev_qualifier, value); 1359 memcpy(req->buf, &dev_qualifier, value);
1360 break; 1360 break;
1361 1361
1362 case USB_DT_OTHER_SPEED_CONFIG: 1362 case USB_DT_OTHER_SPEED_CONFIG:
1363 VDBG(fsg, "get other-speed config descriptor\n"); 1363 VDBG(fsg, "get other-speed config descriptor\n");
1364 if (!gadget_is_dualspeed(fsg->gadget)) 1364 if (!gadget_is_dualspeed(fsg->gadget))
1365 break; 1365 break;
1366 goto get_config; 1366 goto get_config;
1367 case USB_DT_CONFIG: 1367 case USB_DT_CONFIG:
1368 VDBG(fsg, "get configuration descriptor\n"); 1368 VDBG(fsg, "get configuration descriptor\n");
1369 get_config: 1369 get_config:
1370 value = populate_config_buf(fsg->gadget, 1370 value = populate_config_buf(fsg->gadget,
1371 req->buf, 1371 req->buf,
1372 w_value >> 8, 1372 w_value >> 8,
1373 w_value & 0xff); 1373 w_value & 0xff);
1374 break; 1374 break;
1375 1375
1376 case USB_DT_STRING: 1376 case USB_DT_STRING:
1377 VDBG(fsg, "get string descriptor\n"); 1377 VDBG(fsg, "get string descriptor\n");
1378 1378
1379 /* wIndex == language code */ 1379 /* wIndex == language code */
1380 value = usb_gadget_get_string(&stringtab, 1380 value = usb_gadget_get_string(&stringtab,
1381 w_value & 0xff, req->buf); 1381 w_value & 0xff, req->buf);
1382 break; 1382 break;
1383 } 1383 }
1384 break; 1384 break;
1385 1385
1386 /* One config, two speeds */ 1386 /* One config, two speeds */
1387 case USB_REQ_SET_CONFIGURATION: 1387 case USB_REQ_SET_CONFIGURATION:
1388 if (ctrl->bRequestType != (USB_DIR_OUT | USB_TYPE_STANDARD | 1388 if (ctrl->bRequestType != (USB_DIR_OUT | USB_TYPE_STANDARD |
1389 USB_RECIP_DEVICE)) 1389 USB_RECIP_DEVICE))
1390 break; 1390 break;
1391 VDBG(fsg, "set configuration\n"); 1391 VDBG(fsg, "set configuration\n");
1392 if (w_value == CONFIG_VALUE || w_value == 0) { 1392 if (w_value == CONFIG_VALUE || w_value == 0) {
1393 fsg->new_config = w_value; 1393 fsg->new_config = w_value;
1394 1394
1395 /* Raise an exception to wipe out previous transaction 1395 /* Raise an exception to wipe out previous transaction
1396 * state (queued bufs, etc) and set the new config. */ 1396 * state (queued bufs, etc) and set the new config. */
1397 raise_exception(fsg, FSG_STATE_CONFIG_CHANGE); 1397 raise_exception(fsg, FSG_STATE_CONFIG_CHANGE);
1398 value = DELAYED_STATUS; 1398 value = DELAYED_STATUS;
1399 } 1399 }
1400 break; 1400 break;
1401 case USB_REQ_GET_CONFIGURATION: 1401 case USB_REQ_GET_CONFIGURATION:
1402 if (ctrl->bRequestType != (USB_DIR_IN | USB_TYPE_STANDARD | 1402 if (ctrl->bRequestType != (USB_DIR_IN | USB_TYPE_STANDARD |
1403 USB_RECIP_DEVICE)) 1403 USB_RECIP_DEVICE))
1404 break; 1404 break;
1405 VDBG(fsg, "get configuration\n"); 1405 VDBG(fsg, "get configuration\n");
1406 *(u8 *) req->buf = fsg->config; 1406 *(u8 *) req->buf = fsg->config;
1407 value = 1; 1407 value = 1;
1408 break; 1408 break;
1409 1409
1410 case USB_REQ_SET_INTERFACE: 1410 case USB_REQ_SET_INTERFACE:
1411 if (ctrl->bRequestType != (USB_DIR_OUT| USB_TYPE_STANDARD | 1411 if (ctrl->bRequestType != (USB_DIR_OUT| USB_TYPE_STANDARD |
1412 USB_RECIP_INTERFACE)) 1412 USB_RECIP_INTERFACE))
1413 break; 1413 break;
1414 if (fsg->config && w_index == 0) { 1414 if (fsg->config && w_index == 0) {
1415 1415
1416 /* Raise an exception to wipe out previous transaction 1416 /* Raise an exception to wipe out previous transaction
1417 * state (queued bufs, etc) and install the new 1417 * state (queued bufs, etc) and install the new
1418 * interface altsetting. */ 1418 * interface altsetting. */
1419 raise_exception(fsg, FSG_STATE_INTERFACE_CHANGE); 1419 raise_exception(fsg, FSG_STATE_INTERFACE_CHANGE);
1420 value = DELAYED_STATUS; 1420 value = DELAYED_STATUS;
1421 } 1421 }
1422 break; 1422 break;
1423 case USB_REQ_GET_INTERFACE: 1423 case USB_REQ_GET_INTERFACE:
1424 if (ctrl->bRequestType != (USB_DIR_IN | USB_TYPE_STANDARD | 1424 if (ctrl->bRequestType != (USB_DIR_IN | USB_TYPE_STANDARD |
1425 USB_RECIP_INTERFACE)) 1425 USB_RECIP_INTERFACE))
1426 break; 1426 break;
1427 if (!fsg->config) 1427 if (!fsg->config)
1428 break; 1428 break;
1429 if (w_index != 0) { 1429 if (w_index != 0) {
1430 value = -EDOM; 1430 value = -EDOM;
1431 break; 1431 break;
1432 } 1432 }
1433 VDBG(fsg, "get interface\n"); 1433 VDBG(fsg, "get interface\n");
1434 *(u8 *) req->buf = 0; 1434 *(u8 *) req->buf = 0;
1435 value = 1; 1435 value = 1;
1436 break; 1436 break;
1437 1437
1438 default: 1438 default:
1439 VDBG(fsg, 1439 VDBG(fsg,
1440 "unknown control req %02x.%02x v%04x i%04x l%u\n", 1440 "unknown control req %02x.%02x v%04x i%04x l%u\n",
1441 ctrl->bRequestType, ctrl->bRequest, 1441 ctrl->bRequestType, ctrl->bRequest,
1442 w_value, w_index, le16_to_cpu(ctrl->wLength)); 1442 w_value, w_index, le16_to_cpu(ctrl->wLength));
1443 } 1443 }
1444 1444
1445 return value; 1445 return value;
1446 } 1446 }
1447 1447
1448 1448
1449 static int fsg_setup(struct usb_gadget *gadget, 1449 static int fsg_setup(struct usb_gadget *gadget,
1450 const struct usb_ctrlrequest *ctrl) 1450 const struct usb_ctrlrequest *ctrl)
1451 { 1451 {
1452 struct fsg_dev *fsg = get_gadget_data(gadget); 1452 struct fsg_dev *fsg = get_gadget_data(gadget);
1453 int rc; 1453 int rc;
1454 int w_length = le16_to_cpu(ctrl->wLength); 1454 int w_length = le16_to_cpu(ctrl->wLength);
1455 1455
1456 ++fsg->ep0_req_tag; // Record arrival of a new request 1456 ++fsg->ep0_req_tag; // Record arrival of a new request
1457 fsg->ep0req->context = NULL; 1457 fsg->ep0req->context = NULL;
1458 fsg->ep0req->length = 0; 1458 fsg->ep0req->length = 0;
1459 dump_msg(fsg, "ep0-setup", (u8 *) ctrl, sizeof(*ctrl)); 1459 dump_msg(fsg, "ep0-setup", (u8 *) ctrl, sizeof(*ctrl));
1460 1460
1461 if ((ctrl->bRequestType & USB_TYPE_MASK) == USB_TYPE_CLASS) 1461 if ((ctrl->bRequestType & USB_TYPE_MASK) == USB_TYPE_CLASS)
1462 rc = class_setup_req(fsg, ctrl); 1462 rc = class_setup_req(fsg, ctrl);
1463 else 1463 else
1464 rc = standard_setup_req(fsg, ctrl); 1464 rc = standard_setup_req(fsg, ctrl);
1465 1465
1466 /* Respond with data/status or defer until later? */ 1466 /* Respond with data/status or defer until later? */
1467 if (rc >= 0 && rc != DELAYED_STATUS) { 1467 if (rc >= 0 && rc != DELAYED_STATUS) {
1468 rc = min(rc, w_length); 1468 rc = min(rc, w_length);
1469 fsg->ep0req->length = rc; 1469 fsg->ep0req->length = rc;
1470 fsg->ep0req->zero = rc < w_length; 1470 fsg->ep0req->zero = rc < w_length;
1471 fsg->ep0req_name = (ctrl->bRequestType & USB_DIR_IN ? 1471 fsg->ep0req_name = (ctrl->bRequestType & USB_DIR_IN ?
1472 "ep0-in" : "ep0-out"); 1472 "ep0-in" : "ep0-out");
1473 rc = ep0_queue(fsg); 1473 rc = ep0_queue(fsg);
1474 } 1474 }
1475 1475
1476 /* Device either stalls (rc < 0) or reports success */ 1476 /* Device either stalls (rc < 0) or reports success */
1477 return rc; 1477 return rc;
1478 } 1478 }
1479 1479
1480 1480
1481 /*-------------------------------------------------------------------------*/ 1481 /*-------------------------------------------------------------------------*/
1482 1482
1483 /* All the following routines run in process context */ 1483 /* All the following routines run in process context */
1484 1484
1485 1485
1486 /* Use this for bulk or interrupt transfers, not ep0 */ 1486 /* Use this for bulk or interrupt transfers, not ep0 */
1487 static void start_transfer(struct fsg_dev *fsg, struct usb_ep *ep, 1487 static void start_transfer(struct fsg_dev *fsg, struct usb_ep *ep,
1488 struct usb_request *req, int *pbusy, 1488 struct usb_request *req, int *pbusy,
1489 enum fsg_buffer_state *state) 1489 enum fsg_buffer_state *state)
1490 { 1490 {
1491 int rc; 1491 int rc;
1492 1492
1493 if (ep == fsg->bulk_in) 1493 if (ep == fsg->bulk_in)
1494 dump_msg(fsg, "bulk-in", req->buf, req->length); 1494 dump_msg(fsg, "bulk-in", req->buf, req->length);
1495 else if (ep == fsg->intr_in) 1495 else if (ep == fsg->intr_in)
1496 dump_msg(fsg, "intr-in", req->buf, req->length); 1496 dump_msg(fsg, "intr-in", req->buf, req->length);
1497 1497
1498 spin_lock_irq(&fsg->lock); 1498 spin_lock_irq(&fsg->lock);
1499 *pbusy = 1; 1499 *pbusy = 1;
1500 *state = BUF_STATE_BUSY; 1500 *state = BUF_STATE_BUSY;
1501 spin_unlock_irq(&fsg->lock); 1501 spin_unlock_irq(&fsg->lock);
1502 rc = usb_ep_queue(ep, req, GFP_KERNEL); 1502 rc = usb_ep_queue(ep, req, GFP_KERNEL);
1503 if (rc != 0) { 1503 if (rc != 0) {
1504 *pbusy = 0; 1504 *pbusy = 0;
1505 *state = BUF_STATE_EMPTY; 1505 *state = BUF_STATE_EMPTY;
1506 1506
1507 /* We can't do much more than wait for a reset */ 1507 /* We can't do much more than wait for a reset */
1508 1508
1509 /* Note: currently the net2280 driver fails zero-length 1509 /* Note: currently the net2280 driver fails zero-length
1510 * submissions if DMA is enabled. */ 1510 * submissions if DMA is enabled. */
1511 if (rc != -ESHUTDOWN && !(rc == -EOPNOTSUPP && 1511 if (rc != -ESHUTDOWN && !(rc == -EOPNOTSUPP &&
1512 req->length == 0)) 1512 req->length == 0))
1513 WARN(fsg, "error in submission: %s --> %d\n", 1513 WARN(fsg, "error in submission: %s --> %d\n",
1514 ep->name, rc); 1514 ep->name, rc);
1515 } 1515 }
1516 } 1516 }
1517 1517
1518 1518
1519 static int sleep_thread(struct fsg_dev *fsg) 1519 static int sleep_thread(struct fsg_dev *fsg)
1520 { 1520 {
1521 int rc = 0; 1521 int rc = 0;
1522 1522
1523 /* Wait until a signal arrives or we are woken up */ 1523 /* Wait until a signal arrives or we are woken up */
1524 for (;;) { 1524 for (;;) {
1525 try_to_freeze(); 1525 try_to_freeze();
1526 set_current_state(TASK_INTERRUPTIBLE); 1526 set_current_state(TASK_INTERRUPTIBLE);
1527 if (signal_pending(current)) { 1527 if (signal_pending(current)) {
1528 rc = -EINTR; 1528 rc = -EINTR;
1529 break; 1529 break;
1530 } 1530 }
1531 if (fsg->thread_wakeup_needed) 1531 if (fsg->thread_wakeup_needed)
1532 break; 1532 break;
1533 schedule(); 1533 schedule();
1534 } 1534 }
1535 __set_current_state(TASK_RUNNING); 1535 __set_current_state(TASK_RUNNING);
1536 fsg->thread_wakeup_needed = 0; 1536 fsg->thread_wakeup_needed = 0;
1537 return rc; 1537 return rc;
1538 } 1538 }
1539 1539
1540 1540
1541 /*-------------------------------------------------------------------------*/ 1541 /*-------------------------------------------------------------------------*/
1542 1542
1543 static int do_read(struct fsg_dev *fsg) 1543 static int do_read(struct fsg_dev *fsg)
1544 { 1544 {
1545 struct lun *curlun = fsg->curlun; 1545 struct lun *curlun = fsg->curlun;
1546 u32 lba; 1546 u32 lba;
1547 struct fsg_buffhd *bh; 1547 struct fsg_buffhd *bh;
1548 int rc; 1548 int rc;
1549 u32 amount_left; 1549 u32 amount_left;
1550 loff_t file_offset, file_offset_tmp; 1550 loff_t file_offset, file_offset_tmp;
1551 unsigned int amount; 1551 unsigned int amount;
1552 unsigned int partial_page; 1552 unsigned int partial_page;
1553 ssize_t nread; 1553 ssize_t nread;
1554 1554
1555 /* Get the starting Logical Block Address and check that it's 1555 /* Get the starting Logical Block Address and check that it's
1556 * not too big */ 1556 * not too big */
1557 if (fsg->cmnd[0] == SC_READ_6) 1557 if (fsg->cmnd[0] == SC_READ_6)
1558 lba = (fsg->cmnd[1] << 16) | get_be16(&fsg->cmnd[2]); 1558 lba = (fsg->cmnd[1] << 16) | get_be16(&fsg->cmnd[2]);
1559 else { 1559 else {
1560 lba = get_be32(&fsg->cmnd[2]); 1560 lba = get_be32(&fsg->cmnd[2]);
1561 1561
1562 /* We allow DPO (Disable Page Out = don't save data in the 1562 /* We allow DPO (Disable Page Out = don't save data in the
1563 * cache) and FUA (Force Unit Access = don't read from the 1563 * cache) and FUA (Force Unit Access = don't read from the
1564 * cache), but we don't implement them. */ 1564 * cache), but we don't implement them. */
1565 if ((fsg->cmnd[1] & ~0x18) != 0) { 1565 if ((fsg->cmnd[1] & ~0x18) != 0) {
1566 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1566 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1567 return -EINVAL; 1567 return -EINVAL;
1568 } 1568 }
1569 } 1569 }
1570 if (lba >= curlun->num_sectors) { 1570 if (lba >= curlun->num_sectors) {
1571 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1571 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1572 return -EINVAL; 1572 return -EINVAL;
1573 } 1573 }
1574 file_offset = ((loff_t) lba) << 9; 1574 file_offset = ((loff_t) lba) << 9;
1575 1575
1576 /* Carry out the file reads */ 1576 /* Carry out the file reads */
1577 amount_left = fsg->data_size_from_cmnd; 1577 amount_left = fsg->data_size_from_cmnd;
1578 if (unlikely(amount_left == 0)) 1578 if (unlikely(amount_left == 0))
1579 return -EIO; // No default reply 1579 return -EIO; // No default reply
1580 1580
1581 for (;;) { 1581 for (;;) {
1582 1582
1583 /* Figure out how much we need to read: 1583 /* Figure out how much we need to read:
1584 * Try to read the remaining amount. 1584 * Try to read the remaining amount.
1585 * But don't read more than the buffer size. 1585 * But don't read more than the buffer size.
1586 * And don't try to read past the end of the file. 1586 * And don't try to read past the end of the file.
1587 * Finally, if we're not at a page boundary, don't read past 1587 * Finally, if we're not at a page boundary, don't read past
1588 * the next page. 1588 * the next page.
1589 * If this means reading 0 then we were asked to read past 1589 * If this means reading 0 then we were asked to read past
1590 * the end of file. */ 1590 * the end of file. */
1591 amount = min((unsigned int) amount_left, mod_data.buflen); 1591 amount = min((unsigned int) amount_left, mod_data.buflen);
1592 amount = min((loff_t) amount, 1592 amount = min((loff_t) amount,
1593 curlun->file_length - file_offset); 1593 curlun->file_length - file_offset);
1594 partial_page = file_offset & (PAGE_CACHE_SIZE - 1); 1594 partial_page = file_offset & (PAGE_CACHE_SIZE - 1);
1595 if (partial_page > 0) 1595 if (partial_page > 0)
1596 amount = min(amount, (unsigned int) PAGE_CACHE_SIZE - 1596 amount = min(amount, (unsigned int) PAGE_CACHE_SIZE -
1597 partial_page); 1597 partial_page);
1598 1598
1599 /* Wait for the next buffer to become available */ 1599 /* Wait for the next buffer to become available */
1600 bh = fsg->next_buffhd_to_fill; 1600 bh = fsg->next_buffhd_to_fill;
1601 while (bh->state != BUF_STATE_EMPTY) { 1601 while (bh->state != BUF_STATE_EMPTY) {
1602 rc = sleep_thread(fsg); 1602 rc = sleep_thread(fsg);
1603 if (rc) 1603 if (rc)
1604 return rc; 1604 return rc;
1605 } 1605 }
1606 1606
1607 /* If we were asked to read past the end of file, 1607 /* If we were asked to read past the end of file,
1608 * end with an empty buffer. */ 1608 * end with an empty buffer. */
1609 if (amount == 0) { 1609 if (amount == 0) {
1610 curlun->sense_data = 1610 curlun->sense_data =
1611 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1611 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1612 curlun->sense_data_info = file_offset >> 9; 1612 curlun->sense_data_info = file_offset >> 9;
1613 curlun->info_valid = 1; 1613 curlun->info_valid = 1;
1614 bh->inreq->length = 0; 1614 bh->inreq->length = 0;
1615 bh->state = BUF_STATE_FULL; 1615 bh->state = BUF_STATE_FULL;
1616 break; 1616 break;
1617 } 1617 }
1618 1618
1619 /* Perform the read */ 1619 /* Perform the read */
1620 file_offset_tmp = file_offset; 1620 file_offset_tmp = file_offset;
1621 nread = vfs_read(curlun->filp, 1621 nread = vfs_read(curlun->filp,
1622 (char __user *) bh->buf, 1622 (char __user *) bh->buf,
1623 amount, &file_offset_tmp); 1623 amount, &file_offset_tmp);
1624 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount, 1624 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount,
1625 (unsigned long long) file_offset, 1625 (unsigned long long) file_offset,
1626 (int) nread); 1626 (int) nread);
1627 if (signal_pending(current)) 1627 if (signal_pending(current))
1628 return -EINTR; 1628 return -EINTR;
1629 1629
1630 if (nread < 0) { 1630 if (nread < 0) {
1631 LDBG(curlun, "error in file read: %d\n", 1631 LDBG(curlun, "error in file read: %d\n",
1632 (int) nread); 1632 (int) nread);
1633 nread = 0; 1633 nread = 0;
1634 } else if (nread < amount) { 1634 } else if (nread < amount) {
1635 LDBG(curlun, "partial file read: %d/%u\n", 1635 LDBG(curlun, "partial file read: %d/%u\n",
1636 (int) nread, amount); 1636 (int) nread, amount);
1637 nread -= (nread & 511); // Round down to a block 1637 nread -= (nread & 511); // Round down to a block
1638 } 1638 }
1639 file_offset += nread; 1639 file_offset += nread;
1640 amount_left -= nread; 1640 amount_left -= nread;
1641 fsg->residue -= nread; 1641 fsg->residue -= nread;
1642 bh->inreq->length = nread; 1642 bh->inreq->length = nread;
1643 bh->state = BUF_STATE_FULL; 1643 bh->state = BUF_STATE_FULL;
1644 1644
1645 /* If an error occurred, report it and its position */ 1645 /* If an error occurred, report it and its position */
1646 if (nread < amount) { 1646 if (nread < amount) {
1647 curlun->sense_data = SS_UNRECOVERED_READ_ERROR; 1647 curlun->sense_data = SS_UNRECOVERED_READ_ERROR;
1648 curlun->sense_data_info = file_offset >> 9; 1648 curlun->sense_data_info = file_offset >> 9;
1649 curlun->info_valid = 1; 1649 curlun->info_valid = 1;
1650 break; 1650 break;
1651 } 1651 }
1652 1652
1653 if (amount_left == 0) 1653 if (amount_left == 0)
1654 break; // No more left to read 1654 break; // No more left to read
1655 1655
1656 /* Send this buffer and go read some more */ 1656 /* Send this buffer and go read some more */
1657 bh->inreq->zero = 0; 1657 bh->inreq->zero = 0;
1658 start_transfer(fsg, fsg->bulk_in, bh->inreq, 1658 start_transfer(fsg, fsg->bulk_in, bh->inreq,
1659 &bh->inreq_busy, &bh->state); 1659 &bh->inreq_busy, &bh->state);
1660 fsg->next_buffhd_to_fill = bh->next; 1660 fsg->next_buffhd_to_fill = bh->next;
1661 } 1661 }
1662 1662
1663 return -EIO; // No default reply 1663 return -EIO; // No default reply
1664 } 1664 }
1665 1665
1666 1666
1667 /*-------------------------------------------------------------------------*/ 1667 /*-------------------------------------------------------------------------*/
1668 1668
1669 static int do_write(struct fsg_dev *fsg) 1669 static int do_write(struct fsg_dev *fsg)
1670 { 1670 {
1671 struct lun *curlun = fsg->curlun; 1671 struct lun *curlun = fsg->curlun;
1672 u32 lba; 1672 u32 lba;
1673 struct fsg_buffhd *bh; 1673 struct fsg_buffhd *bh;
1674 int get_some_more; 1674 int get_some_more;
1675 u32 amount_left_to_req, amount_left_to_write; 1675 u32 amount_left_to_req, amount_left_to_write;
1676 loff_t usb_offset, file_offset, file_offset_tmp; 1676 loff_t usb_offset, file_offset, file_offset_tmp;
1677 unsigned int amount; 1677 unsigned int amount;
1678 unsigned int partial_page; 1678 unsigned int partial_page;
1679 ssize_t nwritten; 1679 ssize_t nwritten;
1680 int rc; 1680 int rc;
1681 1681
1682 if (curlun->ro) { 1682 if (curlun->ro) {
1683 curlun->sense_data = SS_WRITE_PROTECTED; 1683 curlun->sense_data = SS_WRITE_PROTECTED;
1684 return -EINVAL; 1684 return -EINVAL;
1685 } 1685 }
1686 curlun->filp->f_flags &= ~O_SYNC; // Default is not to wait 1686 curlun->filp->f_flags &= ~O_SYNC; // Default is not to wait
1687 1687
1688 /* Get the starting Logical Block Address and check that it's 1688 /* Get the starting Logical Block Address and check that it's
1689 * not too big */ 1689 * not too big */
1690 if (fsg->cmnd[0] == SC_WRITE_6) 1690 if (fsg->cmnd[0] == SC_WRITE_6)
1691 lba = (fsg->cmnd[1] << 16) | get_be16(&fsg->cmnd[2]); 1691 lba = (fsg->cmnd[1] << 16) | get_be16(&fsg->cmnd[2]);
1692 else { 1692 else {
1693 lba = get_be32(&fsg->cmnd[2]); 1693 lba = get_be32(&fsg->cmnd[2]);
1694 1694
1695 /* We allow DPO (Disable Page Out = don't save data in the 1695 /* We allow DPO (Disable Page Out = don't save data in the
1696 * cache) and FUA (Force Unit Access = write directly to the 1696 * cache) and FUA (Force Unit Access = write directly to the
1697 * medium). We don't implement DPO; we implement FUA by 1697 * medium). We don't implement DPO; we implement FUA by
1698 * performing synchronous output. */ 1698 * performing synchronous output. */
1699 if ((fsg->cmnd[1] & ~0x18) != 0) { 1699 if ((fsg->cmnd[1] & ~0x18) != 0) {
1700 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1700 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1701 return -EINVAL; 1701 return -EINVAL;
1702 } 1702 }
1703 if (fsg->cmnd[1] & 0x08) // FUA 1703 if (fsg->cmnd[1] & 0x08) // FUA
1704 curlun->filp->f_flags |= O_SYNC; 1704 curlun->filp->f_flags |= O_SYNC;
1705 } 1705 }
1706 if (lba >= curlun->num_sectors) { 1706 if (lba >= curlun->num_sectors) {
1707 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1707 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1708 return -EINVAL; 1708 return -EINVAL;
1709 } 1709 }
1710 1710
1711 /* Carry out the file writes */ 1711 /* Carry out the file writes */
1712 get_some_more = 1; 1712 get_some_more = 1;
1713 file_offset = usb_offset = ((loff_t) lba) << 9; 1713 file_offset = usb_offset = ((loff_t) lba) << 9;
1714 amount_left_to_req = amount_left_to_write = fsg->data_size_from_cmnd; 1714 amount_left_to_req = amount_left_to_write = fsg->data_size_from_cmnd;
1715 1715
1716 while (amount_left_to_write > 0) { 1716 while (amount_left_to_write > 0) {
1717 1717
1718 /* Queue a request for more data from the host */ 1718 /* Queue a request for more data from the host */
1719 bh = fsg->next_buffhd_to_fill; 1719 bh = fsg->next_buffhd_to_fill;
1720 if (bh->state == BUF_STATE_EMPTY && get_some_more) { 1720 if (bh->state == BUF_STATE_EMPTY && get_some_more) {
1721 1721
1722 /* Figure out how much we want to get: 1722 /* Figure out how much we want to get:
1723 * Try to get the remaining amount. 1723 * Try to get the remaining amount.
1724 * But don't get more than the buffer size. 1724 * But don't get more than the buffer size.
1725 * And don't try to go past the end of the file. 1725 * And don't try to go past the end of the file.
1726 * If we're not at a page boundary, 1726 * If we're not at a page boundary,
1727 * don't go past the next page. 1727 * don't go past the next page.
1728 * If this means getting 0, then we were asked 1728 * If this means getting 0, then we were asked
1729 * to write past the end of file. 1729 * to write past the end of file.
1730 * Finally, round down to a block boundary. */ 1730 * Finally, round down to a block boundary. */
1731 amount = min(amount_left_to_req, mod_data.buflen); 1731 amount = min(amount_left_to_req, mod_data.buflen);
1732 amount = min((loff_t) amount, curlun->file_length - 1732 amount = min((loff_t) amount, curlun->file_length -
1733 usb_offset); 1733 usb_offset);
1734 partial_page = usb_offset & (PAGE_CACHE_SIZE - 1); 1734 partial_page = usb_offset & (PAGE_CACHE_SIZE - 1);
1735 if (partial_page > 0) 1735 if (partial_page > 0)
1736 amount = min(amount, 1736 amount = min(amount,
1737 (unsigned int) PAGE_CACHE_SIZE - partial_page); 1737 (unsigned int) PAGE_CACHE_SIZE - partial_page);
1738 1738
1739 if (amount == 0) { 1739 if (amount == 0) {
1740 get_some_more = 0; 1740 get_some_more = 0;
1741 curlun->sense_data = 1741 curlun->sense_data =
1742 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1742 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1743 curlun->sense_data_info = usb_offset >> 9; 1743 curlun->sense_data_info = usb_offset >> 9;
1744 curlun->info_valid = 1; 1744 curlun->info_valid = 1;
1745 continue; 1745 continue;
1746 } 1746 }
1747 amount -= (amount & 511); 1747 amount -= (amount & 511);
1748 if (amount == 0) { 1748 if (amount == 0) {
1749 1749
1750 /* Why were we were asked to transfer a 1750 /* Why were we were asked to transfer a
1751 * partial block? */ 1751 * partial block? */
1752 get_some_more = 0; 1752 get_some_more = 0;
1753 continue; 1753 continue;
1754 } 1754 }
1755 1755
1756 /* Get the next buffer */ 1756 /* Get the next buffer */
1757 usb_offset += amount; 1757 usb_offset += amount;
1758 fsg->usb_amount_left -= amount; 1758 fsg->usb_amount_left -= amount;
1759 amount_left_to_req -= amount; 1759 amount_left_to_req -= amount;
1760 if (amount_left_to_req == 0) 1760 if (amount_left_to_req == 0)
1761 get_some_more = 0; 1761 get_some_more = 0;
1762 1762
1763 /* amount is always divisible by 512, hence by 1763 /* amount is always divisible by 512, hence by
1764 * the bulk-out maxpacket size */ 1764 * the bulk-out maxpacket size */
1765 bh->outreq->length = bh->bulk_out_intended_length = 1765 bh->outreq->length = bh->bulk_out_intended_length =
1766 amount; 1766 amount;
1767 bh->outreq->short_not_ok = 1; 1767 bh->outreq->short_not_ok = 1;
1768 start_transfer(fsg, fsg->bulk_out, bh->outreq, 1768 start_transfer(fsg, fsg->bulk_out, bh->outreq,
1769 &bh->outreq_busy, &bh->state); 1769 &bh->outreq_busy, &bh->state);
1770 fsg->next_buffhd_to_fill = bh->next; 1770 fsg->next_buffhd_to_fill = bh->next;
1771 continue; 1771 continue;
1772 } 1772 }
1773 1773
1774 /* Write the received data to the backing file */ 1774 /* Write the received data to the backing file */
1775 bh = fsg->next_buffhd_to_drain; 1775 bh = fsg->next_buffhd_to_drain;
1776 if (bh->state == BUF_STATE_EMPTY && !get_some_more) 1776 if (bh->state == BUF_STATE_EMPTY && !get_some_more)
1777 break; // We stopped early 1777 break; // We stopped early
1778 if (bh->state == BUF_STATE_FULL) { 1778 if (bh->state == BUF_STATE_FULL) {
1779 smp_rmb(); 1779 smp_rmb();
1780 fsg->next_buffhd_to_drain = bh->next; 1780 fsg->next_buffhd_to_drain = bh->next;
1781 bh->state = BUF_STATE_EMPTY; 1781 bh->state = BUF_STATE_EMPTY;
1782 1782
1783 /* Did something go wrong with the transfer? */ 1783 /* Did something go wrong with the transfer? */
1784 if (bh->outreq->status != 0) { 1784 if (bh->outreq->status != 0) {
1785 curlun->sense_data = SS_COMMUNICATION_FAILURE; 1785 curlun->sense_data = SS_COMMUNICATION_FAILURE;
1786 curlun->sense_data_info = file_offset >> 9; 1786 curlun->sense_data_info = file_offset >> 9;
1787 curlun->info_valid = 1; 1787 curlun->info_valid = 1;
1788 break; 1788 break;
1789 } 1789 }
1790 1790
1791 amount = bh->outreq->actual; 1791 amount = bh->outreq->actual;
1792 if (curlun->file_length - file_offset < amount) { 1792 if (curlun->file_length - file_offset < amount) {
1793 LERROR(curlun, 1793 LERROR(curlun,
1794 "write %u @ %llu beyond end %llu\n", 1794 "write %u @ %llu beyond end %llu\n",
1795 amount, (unsigned long long) file_offset, 1795 amount, (unsigned long long) file_offset,
1796 (unsigned long long) curlun->file_length); 1796 (unsigned long long) curlun->file_length);
1797 amount = curlun->file_length - file_offset; 1797 amount = curlun->file_length - file_offset;
1798 } 1798 }
1799 1799
1800 /* Perform the write */ 1800 /* Perform the write */
1801 file_offset_tmp = file_offset; 1801 file_offset_tmp = file_offset;
1802 nwritten = vfs_write(curlun->filp, 1802 nwritten = vfs_write(curlun->filp,
1803 (char __user *) bh->buf, 1803 (char __user *) bh->buf,
1804 amount, &file_offset_tmp); 1804 amount, &file_offset_tmp);
1805 VLDBG(curlun, "file write %u @ %llu -> %d\n", amount, 1805 VLDBG(curlun, "file write %u @ %llu -> %d\n", amount,
1806 (unsigned long long) file_offset, 1806 (unsigned long long) file_offset,
1807 (int) nwritten); 1807 (int) nwritten);
1808 if (signal_pending(current)) 1808 if (signal_pending(current))
1809 return -EINTR; // Interrupted! 1809 return -EINTR; // Interrupted!
1810 1810
1811 if (nwritten < 0) { 1811 if (nwritten < 0) {
1812 LDBG(curlun, "error in file write: %d\n", 1812 LDBG(curlun, "error in file write: %d\n",
1813 (int) nwritten); 1813 (int) nwritten);
1814 nwritten = 0; 1814 nwritten = 0;
1815 } else if (nwritten < amount) { 1815 } else if (nwritten < amount) {
1816 LDBG(curlun, "partial file write: %d/%u\n", 1816 LDBG(curlun, "partial file write: %d/%u\n",
1817 (int) nwritten, amount); 1817 (int) nwritten, amount);
1818 nwritten -= (nwritten & 511); 1818 nwritten -= (nwritten & 511);
1819 // Round down to a block 1819 // Round down to a block
1820 } 1820 }
1821 file_offset += nwritten; 1821 file_offset += nwritten;
1822 amount_left_to_write -= nwritten; 1822 amount_left_to_write -= nwritten;
1823 fsg->residue -= nwritten; 1823 fsg->residue -= nwritten;
1824 1824
1825 /* If an error occurred, report it and its position */ 1825 /* If an error occurred, report it and its position */
1826 if (nwritten < amount) { 1826 if (nwritten < amount) {
1827 curlun->sense_data = SS_WRITE_ERROR; 1827 curlun->sense_data = SS_WRITE_ERROR;
1828 curlun->sense_data_info = file_offset >> 9; 1828 curlun->sense_data_info = file_offset >> 9;
1829 curlun->info_valid = 1; 1829 curlun->info_valid = 1;
1830 break; 1830 break;
1831 } 1831 }
1832 1832
1833 /* Did the host decide to stop early? */ 1833 /* Did the host decide to stop early? */
1834 if (bh->outreq->actual != bh->outreq->length) { 1834 if (bh->outreq->actual != bh->outreq->length) {
1835 fsg->short_packet_received = 1; 1835 fsg->short_packet_received = 1;
1836 break; 1836 break;
1837 } 1837 }
1838 continue; 1838 continue;
1839 } 1839 }
1840 1840
1841 /* Wait for something to happen */ 1841 /* Wait for something to happen */
1842 rc = sleep_thread(fsg); 1842 rc = sleep_thread(fsg);
1843 if (rc) 1843 if (rc)
1844 return rc; 1844 return rc;
1845 } 1845 }
1846 1846
1847 return -EIO; // No default reply 1847 return -EIO; // No default reply
1848 } 1848 }
1849 1849
1850 1850
1851 /*-------------------------------------------------------------------------*/ 1851 /*-------------------------------------------------------------------------*/
1852 1852
1853 /* Sync the file data, don't bother with the metadata. 1853 /* Sync the file data, don't bother with the metadata.
1854 * This code was copied from fs/buffer.c:sys_fdatasync(). */ 1854 * This code was copied from fs/buffer.c:sys_fdatasync(). */
1855 static int fsync_sub(struct lun *curlun) 1855 static int fsync_sub(struct lun *curlun)
1856 { 1856 {
1857 struct file *filp = curlun->filp; 1857 struct file *filp = curlun->filp;
1858 struct inode *inode; 1858 struct inode *inode;
1859 int rc, err; 1859 int rc, err;
1860 1860
1861 if (curlun->ro || !filp) 1861 if (curlun->ro || !filp)
1862 return 0; 1862 return 0;
1863 if (!filp->f_op->fsync) 1863 if (!filp->f_op->fsync)
1864 return -EINVAL; 1864 return -EINVAL;
1865 1865
1866 inode = filp->f_path.dentry->d_inode; 1866 inode = filp->f_path.dentry->d_inode;
1867 mutex_lock(&inode->i_mutex); 1867 mutex_lock(&inode->i_mutex);
1868 rc = filemap_fdatawrite(inode->i_mapping); 1868 rc = filemap_fdatawrite(inode->i_mapping);
1869 err = filp->f_op->fsync(filp, filp->f_path.dentry, 1); 1869 err = filp->f_op->fsync(filp, filp->f_path.dentry, 1);
1870 if (!rc) 1870 if (!rc)
1871 rc = err; 1871 rc = err;
1872 err = filemap_fdatawait(inode->i_mapping); 1872 err = filemap_fdatawait(inode->i_mapping);
1873 if (!rc) 1873 if (!rc)
1874 rc = err; 1874 rc = err;
1875 mutex_unlock(&inode->i_mutex); 1875 mutex_unlock(&inode->i_mutex);
1876 VLDBG(curlun, "fdatasync -> %d\n", rc); 1876 VLDBG(curlun, "fdatasync -> %d\n", rc);
1877 return rc; 1877 return rc;
1878 } 1878 }
1879 1879
1880 static void fsync_all(struct fsg_dev *fsg) 1880 static void fsync_all(struct fsg_dev *fsg)
1881 { 1881 {
1882 int i; 1882 int i;
1883 1883
1884 for (i = 0; i < fsg->nluns; ++i) 1884 for (i = 0; i < fsg->nluns; ++i)
1885 fsync_sub(&fsg->luns[i]); 1885 fsync_sub(&fsg->luns[i]);
1886 } 1886 }
1887 1887
1888 static int do_synchronize_cache(struct fsg_dev *fsg) 1888 static int do_synchronize_cache(struct fsg_dev *fsg)
1889 { 1889 {
1890 struct lun *curlun = fsg->curlun; 1890 struct lun *curlun = fsg->curlun;
1891 int rc; 1891 int rc;
1892 1892
1893 /* We ignore the requested LBA and write out all file's 1893 /* We ignore the requested LBA and write out all file's
1894 * dirty data buffers. */ 1894 * dirty data buffers. */
1895 rc = fsync_sub(curlun); 1895 rc = fsync_sub(curlun);
1896 if (rc) 1896 if (rc)
1897 curlun->sense_data = SS_WRITE_ERROR; 1897 curlun->sense_data = SS_WRITE_ERROR;
1898 return 0; 1898 return 0;
1899 } 1899 }
1900 1900
1901 1901
1902 /*-------------------------------------------------------------------------*/ 1902 /*-------------------------------------------------------------------------*/
1903 1903
1904 static void invalidate_sub(struct lun *curlun) 1904 static void invalidate_sub(struct lun *curlun)
1905 { 1905 {
1906 struct file *filp = curlun->filp; 1906 struct file *filp = curlun->filp;
1907 struct inode *inode = filp->f_path.dentry->d_inode; 1907 struct inode *inode = filp->f_path.dentry->d_inode;
1908 unsigned long rc; 1908 unsigned long rc;
1909 1909
1910 rc = invalidate_mapping_pages(inode->i_mapping, 0, -1); 1910 rc = invalidate_mapping_pages(inode->i_mapping, 0, -1);
1911 VLDBG(curlun, "invalidate_inode_pages -> %ld\n", rc); 1911 VLDBG(curlun, "invalidate_inode_pages -> %ld\n", rc);
1912 } 1912 }
1913 1913
1914 static int do_verify(struct fsg_dev *fsg) 1914 static int do_verify(struct fsg_dev *fsg)
1915 { 1915 {
1916 struct lun *curlun = fsg->curlun; 1916 struct lun *curlun = fsg->curlun;
1917 u32 lba; 1917 u32 lba;
1918 u32 verification_length; 1918 u32 verification_length;
1919 struct fsg_buffhd *bh = fsg->next_buffhd_to_fill; 1919 struct fsg_buffhd *bh = fsg->next_buffhd_to_fill;
1920 loff_t file_offset, file_offset_tmp; 1920 loff_t file_offset, file_offset_tmp;
1921 u32 amount_left; 1921 u32 amount_left;
1922 unsigned int amount; 1922 unsigned int amount;
1923 ssize_t nread; 1923 ssize_t nread;
1924 1924
1925 /* Get the starting Logical Block Address and check that it's 1925 /* Get the starting Logical Block Address and check that it's
1926 * not too big */ 1926 * not too big */
1927 lba = get_be32(&fsg->cmnd[2]); 1927 lba = get_be32(&fsg->cmnd[2]);
1928 if (lba >= curlun->num_sectors) { 1928 if (lba >= curlun->num_sectors) {
1929 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1929 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1930 return -EINVAL; 1930 return -EINVAL;
1931 } 1931 }
1932 1932
1933 /* We allow DPO (Disable Page Out = don't save data in the 1933 /* We allow DPO (Disable Page Out = don't save data in the
1934 * cache) but we don't implement it. */ 1934 * cache) but we don't implement it. */
1935 if ((fsg->cmnd[1] & ~0x10) != 0) { 1935 if ((fsg->cmnd[1] & ~0x10) != 0) {
1936 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1936 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1937 return -EINVAL; 1937 return -EINVAL;
1938 } 1938 }
1939 1939
1940 verification_length = get_be16(&fsg->cmnd[7]); 1940 verification_length = get_be16(&fsg->cmnd[7]);
1941 if (unlikely(verification_length == 0)) 1941 if (unlikely(verification_length == 0))
1942 return -EIO; // No default reply 1942 return -EIO; // No default reply
1943 1943
1944 /* Prepare to carry out the file verify */ 1944 /* Prepare to carry out the file verify */
1945 amount_left = verification_length << 9; 1945 amount_left = verification_length << 9;
1946 file_offset = ((loff_t) lba) << 9; 1946 file_offset = ((loff_t) lba) << 9;
1947 1947
1948 /* Write out all the dirty buffers before invalidating them */ 1948 /* Write out all the dirty buffers before invalidating them */
1949 fsync_sub(curlun); 1949 fsync_sub(curlun);
1950 if (signal_pending(current)) 1950 if (signal_pending(current))
1951 return -EINTR; 1951 return -EINTR;
1952 1952
1953 invalidate_sub(curlun); 1953 invalidate_sub(curlun);
1954 if (signal_pending(current)) 1954 if (signal_pending(current))
1955 return -EINTR; 1955 return -EINTR;
1956 1956
1957 /* Just try to read the requested blocks */ 1957 /* Just try to read the requested blocks */
1958 while (amount_left > 0) { 1958 while (amount_left > 0) {
1959 1959
1960 /* Figure out how much we need to read: 1960 /* Figure out how much we need to read:
1961 * Try to read the remaining amount, but not more than 1961 * Try to read the remaining amount, but not more than
1962 * the buffer size. 1962 * the buffer size.
1963 * And don't try to read past the end of the file. 1963 * And don't try to read past the end of the file.
1964 * If this means reading 0 then we were asked to read 1964 * If this means reading 0 then we were asked to read
1965 * past the end of file. */ 1965 * past the end of file. */
1966 amount = min((unsigned int) amount_left, mod_data.buflen); 1966 amount = min((unsigned int) amount_left, mod_data.buflen);
1967 amount = min((loff_t) amount, 1967 amount = min((loff_t) amount,
1968 curlun->file_length - file_offset); 1968 curlun->file_length - file_offset);
1969 if (amount == 0) { 1969 if (amount == 0) {
1970 curlun->sense_data = 1970 curlun->sense_data =
1971 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1971 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1972 curlun->sense_data_info = file_offset >> 9; 1972 curlun->sense_data_info = file_offset >> 9;
1973 curlun->info_valid = 1; 1973 curlun->info_valid = 1;
1974 break; 1974 break;
1975 } 1975 }
1976 1976
1977 /* Perform the read */ 1977 /* Perform the read */
1978 file_offset_tmp = file_offset; 1978 file_offset_tmp = file_offset;
1979 nread = vfs_read(curlun->filp, 1979 nread = vfs_read(curlun->filp,
1980 (char __user *) bh->buf, 1980 (char __user *) bh->buf,
1981 amount, &file_offset_tmp); 1981 amount, &file_offset_tmp);
1982 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount, 1982 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount,
1983 (unsigned long long) file_offset, 1983 (unsigned long long) file_offset,
1984 (int) nread); 1984 (int) nread);
1985 if (signal_pending(current)) 1985 if (signal_pending(current))
1986 return -EINTR; 1986 return -EINTR;
1987 1987
1988 if (nread < 0) { 1988 if (nread < 0) {
1989 LDBG(curlun, "error in file verify: %d\n", 1989 LDBG(curlun, "error in file verify: %d\n",
1990 (int) nread); 1990 (int) nread);
1991 nread = 0; 1991 nread = 0;
1992 } else if (nread < amount) { 1992 } else if (nread < amount) {
1993 LDBG(curlun, "partial file verify: %d/%u\n", 1993 LDBG(curlun, "partial file verify: %d/%u\n",
1994 (int) nread, amount); 1994 (int) nread, amount);
1995 nread -= (nread & 511); // Round down to a sector 1995 nread -= (nread & 511); // Round down to a sector
1996 } 1996 }
1997 if (nread == 0) { 1997 if (nread == 0) {
1998 curlun->sense_data = SS_UNRECOVERED_READ_ERROR; 1998 curlun->sense_data = SS_UNRECOVERED_READ_ERROR;
1999 curlun->sense_data_info = file_offset >> 9; 1999 curlun->sense_data_info = file_offset >> 9;
2000 curlun->info_valid = 1; 2000 curlun->info_valid = 1;
2001 break; 2001 break;
2002 } 2002 }
2003 file_offset += nread; 2003 file_offset += nread;
2004 amount_left -= nread; 2004 amount_left -= nread;
2005 } 2005 }
2006 return 0; 2006 return 0;
2007 } 2007 }
2008 2008
2009 2009
2010 /*-------------------------------------------------------------------------*/ 2010 /*-------------------------------------------------------------------------*/
2011 2011
2012 static int do_inquiry(struct fsg_dev *fsg, struct fsg_buffhd *bh) 2012 static int do_inquiry(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2013 { 2013 {
2014 u8 *buf = (u8 *) bh->buf; 2014 u8 *buf = (u8 *) bh->buf;
2015 2015
2016 static char vendor_id[] = "Linux "; 2016 static char vendor_id[] = "Linux ";
2017 static char product_id[] = "File-Stor Gadget"; 2017 static char product_id[] = "File-Stor Gadget";
2018 2018
2019 if (!fsg->curlun) { // Unsupported LUNs are okay 2019 if (!fsg->curlun) { // Unsupported LUNs are okay
2020 fsg->bad_lun_okay = 1; 2020 fsg->bad_lun_okay = 1;
2021 memset(buf, 0, 36); 2021 memset(buf, 0, 36);
2022 buf[0] = 0x7f; // Unsupported, no device-type 2022 buf[0] = 0x7f; // Unsupported, no device-type
2023 return 36; 2023 return 36;
2024 } 2024 }
2025 2025
2026 memset(buf, 0, 8); // Non-removable, direct-access device 2026 memset(buf, 0, 8); // Non-removable, direct-access device
2027 if (mod_data.removable) 2027 if (mod_data.removable)
2028 buf[1] = 0x80; 2028 buf[1] = 0x80;
2029 buf[2] = 2; // ANSI SCSI level 2 2029 buf[2] = 2; // ANSI SCSI level 2
2030 buf[3] = 2; // SCSI-2 INQUIRY data format 2030 buf[3] = 2; // SCSI-2 INQUIRY data format
2031 buf[4] = 31; // Additional length 2031 buf[4] = 31; // Additional length
2032 // No special options 2032 // No special options
2033 sprintf(buf + 8, "%-8s%-16s%04x", vendor_id, product_id, 2033 sprintf(buf + 8, "%-8s%-16s%04x", vendor_id, product_id,
2034 mod_data.release); 2034 mod_data.release);
2035 return 36; 2035 return 36;
2036 } 2036 }
2037 2037
2038 2038
2039 static int do_request_sense(struct fsg_dev *fsg, struct fsg_buffhd *bh) 2039 static int do_request_sense(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2040 { 2040 {
2041 struct lun *curlun = fsg->curlun; 2041 struct lun *curlun = fsg->curlun;
2042 u8 *buf = (u8 *) bh->buf; 2042 u8 *buf = (u8 *) bh->buf;
2043 u32 sd, sdinfo; 2043 u32 sd, sdinfo;
2044 int valid; 2044 int valid;
2045 2045
2046 /* 2046 /*
2047 * From the SCSI-2 spec., section 7.9 (Unit attention condition): 2047 * From the SCSI-2 spec., section 7.9 (Unit attention condition):
2048 * 2048 *
2049 * If a REQUEST SENSE command is received from an initiator 2049 * If a REQUEST SENSE command is received from an initiator
2050 * with a pending unit attention condition (before the target 2050 * with a pending unit attention condition (before the target
2051 * generates the contingent allegiance condition), then the 2051 * generates the contingent allegiance condition), then the
2052 * target shall either: 2052 * target shall either:
2053 * a) report any pending sense data and preserve the unit 2053 * a) report any pending sense data and preserve the unit
2054 * attention condition on the logical unit, or, 2054 * attention condition on the logical unit, or,
2055 * b) report the unit attention condition, may discard any 2055 * b) report the unit attention condition, may discard any
2056 * pending sense data, and clear the unit attention 2056 * pending sense data, and clear the unit attention
2057 * condition on the logical unit for that initiator. 2057 * condition on the logical unit for that initiator.
2058 * 2058 *
2059 * FSG normally uses option a); enable this code to use option b). 2059 * FSG normally uses option a); enable this code to use option b).
2060 */ 2060 */
2061 #if 0 2061 #if 0
2062 if (curlun && curlun->unit_attention_data != SS_NO_SENSE) { 2062 if (curlun && curlun->unit_attention_data != SS_NO_SENSE) {
2063 curlun->sense_data = curlun->unit_attention_data; 2063 curlun->sense_data = curlun->unit_attention_data;
2064 curlun->unit_attention_data = SS_NO_SENSE; 2064 curlun->unit_attention_data = SS_NO_SENSE;
2065 } 2065 }
2066 #endif 2066 #endif
2067 2067
2068 if (!curlun) { // Unsupported LUNs are okay 2068 if (!curlun) { // Unsupported LUNs are okay
2069 fsg->bad_lun_okay = 1; 2069 fsg->bad_lun_okay = 1;
2070 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED; 2070 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
2071 sdinfo = 0; 2071 sdinfo = 0;
2072 valid = 0; 2072 valid = 0;
2073 } else { 2073 } else {
2074 sd = curlun->sense_data; 2074 sd = curlun->sense_data;
2075 sdinfo = curlun->sense_data_info; 2075 sdinfo = curlun->sense_data_info;
2076 valid = curlun->info_valid << 7; 2076 valid = curlun->info_valid << 7;
2077 curlun->sense_data = SS_NO_SENSE; 2077 curlun->sense_data = SS_NO_SENSE;
2078 curlun->sense_data_info = 0; 2078 curlun->sense_data_info = 0;
2079 curlun->info_valid = 0; 2079 curlun->info_valid = 0;
2080 } 2080 }
2081 2081
2082 memset(buf, 0, 18); 2082 memset(buf, 0, 18);
2083 buf[0] = valid | 0x70; // Valid, current error 2083 buf[0] = valid | 0x70; // Valid, current error
2084 buf[2] = SK(sd); 2084 buf[2] = SK(sd);
2085 put_be32(&buf[3], sdinfo); // Sense information 2085 put_be32(&buf[3], sdinfo); // Sense information
2086 buf[7] = 18 - 8; // Additional sense length 2086 buf[7] = 18 - 8; // Additional sense length
2087 buf[12] = ASC(sd); 2087 buf[12] = ASC(sd);
2088 buf[13] = ASCQ(sd); 2088 buf[13] = ASCQ(sd);
2089 return 18; 2089 return 18;
2090 } 2090 }
2091 2091
2092 2092
2093 static int do_read_capacity(struct fsg_dev *fsg, struct fsg_buffhd *bh) 2093 static int do_read_capacity(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2094 { 2094 {
2095 struct lun *curlun = fsg->curlun; 2095 struct lun *curlun = fsg->curlun;
2096 u32 lba = get_be32(&fsg->cmnd[2]); 2096 u32 lba = get_be32(&fsg->cmnd[2]);
2097 int pmi = fsg->cmnd[8]; 2097 int pmi = fsg->cmnd[8];
2098 u8 *buf = (u8 *) bh->buf; 2098 u8 *buf = (u8 *) bh->buf;
2099 2099
2100 /* Check the PMI and LBA fields */ 2100 /* Check the PMI and LBA fields */
2101 if (pmi > 1 || (pmi == 0 && lba != 0)) { 2101 if (pmi > 1 || (pmi == 0 && lba != 0)) {
2102 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 2102 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
2103 return -EINVAL; 2103 return -EINVAL;
2104 } 2104 }
2105 2105
2106 put_be32(&buf[0], curlun->num_sectors - 1); // Max logical block 2106 put_be32(&buf[0], curlun->num_sectors - 1); // Max logical block
2107 put_be32(&buf[4], 512); // Block length 2107 put_be32(&buf[4], 512); // Block length
2108 return 8; 2108 return 8;
2109 } 2109 }
2110 2110
2111 2111
2112 static int do_mode_sense(struct fsg_dev *fsg, struct fsg_buffhd *bh) 2112 static int do_mode_sense(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2113 { 2113 {
2114 struct lun *curlun = fsg->curlun; 2114 struct lun *curlun = fsg->curlun;
2115 int mscmnd = fsg->cmnd[0]; 2115 int mscmnd = fsg->cmnd[0];
2116 u8 *buf = (u8 *) bh->buf; 2116 u8 *buf = (u8 *) bh->buf;
2117 u8 *buf0 = buf; 2117 u8 *buf0 = buf;
2118 int pc, page_code; 2118 int pc, page_code;
2119 int changeable_values, all_pages; 2119 int changeable_values, all_pages;
2120 int valid_page = 0; 2120 int valid_page = 0;
2121 int len, limit; 2121 int len, limit;
2122 2122
2123 if ((fsg->cmnd[1] & ~0x08) != 0) { // Mask away DBD 2123 if ((fsg->cmnd[1] & ~0x08) != 0) { // Mask away DBD
2124 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 2124 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
2125 return -EINVAL; 2125 return -EINVAL;
2126 } 2126 }
2127 pc = fsg->cmnd[2] >> 6; 2127 pc = fsg->cmnd[2] >> 6;
2128 page_code = fsg->cmnd[2] & 0x3f; 2128 page_code = fsg->cmnd[2] & 0x3f;
2129 if (pc == 3) { 2129 if (pc == 3) {
2130 curlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED; 2130 curlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED;
2131 return -EINVAL; 2131 return -EINVAL;
2132 } 2132 }
2133 changeable_values = (pc == 1); 2133 changeable_values = (pc == 1);
2134 all_pages = (page_code == 0x3f); 2134 all_pages = (page_code == 0x3f);
2135 2135
2136 /* Write the mode parameter header. Fixed values are: default 2136 /* Write the mode parameter header. Fixed values are: default
2137 * medium type, no cache control (DPOFUA), and no block descriptors. 2137 * medium type, no cache control (DPOFUA), and no block descriptors.
2138 * The only variable value is the WriteProtect bit. We will fill in 2138 * The only variable value is the WriteProtect bit. We will fill in
2139 * the mode data length later. */ 2139 * the mode data length later. */
2140 memset(buf, 0, 8); 2140 memset(buf, 0, 8);
2141 if (mscmnd == SC_MODE_SENSE_6) { 2141 if (mscmnd == SC_MODE_SENSE_6) {
2142 buf[2] = (curlun->ro ? 0x80 : 0x00); // WP, DPOFUA 2142 buf[2] = (curlun->ro ? 0x80 : 0x00); // WP, DPOFUA
2143 buf += 4; 2143 buf += 4;
2144 limit = 255; 2144 limit = 255;
2145 } else { // SC_MODE_SENSE_10 2145 } else { // SC_MODE_SENSE_10
2146 buf[3] = (curlun->ro ? 0x80 : 0x00); // WP, DPOFUA 2146 buf[3] = (curlun->ro ? 0x80 : 0x00); // WP, DPOFUA
2147 buf += 8; 2147 buf += 8;
2148 limit = 65535; // Should really be mod_data.buflen 2148 limit = 65535; // Should really be mod_data.buflen
2149 } 2149 }
2150 2150
2151 /* No block descriptors */ 2151 /* No block descriptors */
2152 2152
2153 /* The mode pages, in numerical order. The only page we support 2153 /* The mode pages, in numerical order. The only page we support
2154 * is the Caching page. */ 2154 * is the Caching page. */
2155 if (page_code == 0x08 || all_pages) { 2155 if (page_code == 0x08 || all_pages) {
2156 valid_page = 1; 2156 valid_page = 1;
2157 buf[0] = 0x08; // Page code 2157 buf[0] = 0x08; // Page code
2158 buf[1] = 10; // Page length 2158 buf[1] = 10; // Page length
2159 memset(buf+2, 0, 10); // None of the fields are changeable 2159 memset(buf+2, 0, 10); // None of the fields are changeable
2160 2160
2161 if (!changeable_values) { 2161 if (!changeable_values) {
2162 buf[2] = 0x04; // Write cache enable, 2162 buf[2] = 0x04; // Write cache enable,
2163 // Read cache not disabled 2163 // Read cache not disabled
2164 // No cache retention priorities 2164 // No cache retention priorities
2165 put_be16(&buf[4], 0xffff); // Don't disable prefetch 2165 put_be16(&buf[4], 0xffff); // Don't disable prefetch
2166 // Minimum prefetch = 0 2166 // Minimum prefetch = 0
2167 put_be16(&buf[8], 0xffff); // Maximum prefetch 2167 put_be16(&buf[8], 0xffff); // Maximum prefetch
2168 put_be16(&buf[10], 0xffff); // Maximum prefetch ceiling 2168 put_be16(&buf[10], 0xffff); // Maximum prefetch ceiling
2169 } 2169 }
2170 buf += 12; 2170 buf += 12;
2171 } 2171 }
2172 2172
2173 /* Check that a valid page was requested and the mode data length 2173 /* Check that a valid page was requested and the mode data length
2174 * isn't too long. */ 2174 * isn't too long. */
2175 len = buf - buf0; 2175 len = buf - buf0;
2176 if (!valid_page || len > limit) { 2176 if (!valid_page || len > limit) {
2177 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 2177 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
2178 return -EINVAL; 2178 return -EINVAL;
2179 } 2179 }
2180 2180
2181 /* Store the mode data length */ 2181 /* Store the mode data length */
2182 if (mscmnd == SC_MODE_SENSE_6) 2182 if (mscmnd == SC_MODE_SENSE_6)
2183 buf0[0] = len - 1; 2183 buf0[0] = len - 1;
2184 else 2184 else
2185 put_be16(buf0, len - 2); 2185 put_be16(buf0, len - 2);
2186 return len; 2186 return len;
2187 } 2187 }
2188 2188
2189 2189
2190 static int do_start_stop(struct fsg_dev *fsg) 2190 static int do_start_stop(struct fsg_dev *fsg)
2191 { 2191 {
2192 struct lun *curlun = fsg->curlun; 2192 struct lun *curlun = fsg->curlun;
2193 int loej, start; 2193 int loej, start;
2194 2194
2195 if (!mod_data.removable) { 2195 if (!mod_data.removable) {
2196 curlun->sense_data = SS_INVALID_COMMAND; 2196 curlun->sense_data = SS_INVALID_COMMAND;
2197 return -EINVAL; 2197 return -EINVAL;
2198 } 2198 }
2199 2199
2200 // int immed = fsg->cmnd[1] & 0x01; 2200 // int immed = fsg->cmnd[1] & 0x01;
2201 loej = fsg->cmnd[4] & 0x02; 2201 loej = fsg->cmnd[4] & 0x02;
2202 start = fsg->cmnd[4] & 0x01; 2202 start = fsg->cmnd[4] & 0x01;
2203 2203
2204 #ifdef CONFIG_USB_FILE_STORAGE_TEST 2204 #ifdef CONFIG_USB_FILE_STORAGE_TEST
2205 if ((fsg->cmnd[1] & ~0x01) != 0 || // Mask away Immed 2205 if ((fsg->cmnd[1] & ~0x01) != 0 || // Mask away Immed
2206 (fsg->cmnd[4] & ~0x03) != 0) { // Mask LoEj, Start 2206 (fsg->cmnd[4] & ~0x03) != 0) { // Mask LoEj, Start
2207 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 2207 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
2208 return -EINVAL; 2208 return -EINVAL;
2209 } 2209 }
2210 2210
2211 if (!start) { 2211 if (!start) {
2212 2212
2213 /* Are we allowed to unload the media? */ 2213 /* Are we allowed to unload the media? */
2214 if (curlun->prevent_medium_removal) { 2214 if (curlun->prevent_medium_removal) {
2215 LDBG(curlun, "unload attempt prevented\n"); 2215 LDBG(curlun, "unload attempt prevented\n");
2216 curlun->sense_data = SS_MEDIUM_REMOVAL_PREVENTED; 2216 curlun->sense_data = SS_MEDIUM_REMOVAL_PREVENTED;
2217 return -EINVAL; 2217 return -EINVAL;
2218 } 2218 }
2219 if (loej) { // Simulate an unload/eject 2219 if (loej) { // Simulate an unload/eject
2220 up_read(&fsg->filesem); 2220 up_read(&fsg->filesem);
2221 down_write(&fsg->filesem); 2221 down_write(&fsg->filesem);
2222 close_backing_file(curlun); 2222 close_backing_file(curlun);
2223 up_write(&fsg->filesem); 2223 up_write(&fsg->filesem);
2224 down_read(&fsg->filesem); 2224 down_read(&fsg->filesem);
2225 } 2225 }
2226 } else { 2226 } else {
2227 2227
2228 /* Our emulation doesn't support mounting; the medium is 2228 /* Our emulation doesn't support mounting; the medium is
2229 * available for use as soon as it is loaded. */ 2229 * available for use as soon as it is loaded. */
2230 if (!backing_file_is_open(curlun)) { 2230 if (!backing_file_is_open(curlun)) {
2231 curlun->sense_data = SS_MEDIUM_NOT_PRESENT; 2231 curlun->sense_data = SS_MEDIUM_NOT_PRESENT;
2232 return -EINVAL; 2232 return -EINVAL;
2233 } 2233 }
2234 } 2234 }
2235 #endif 2235 #endif
2236 return 0; 2236 return 0;
2237 } 2237 }
2238 2238
2239 2239
2240 static int do_prevent_allow(struct fsg_dev *fsg) 2240 static int do_prevent_allow(struct fsg_dev *fsg)
2241 { 2241 {
2242 struct lun *curlun = fsg->curlun; 2242 struct lun *curlun = fsg->curlun;
2243 int prevent; 2243 int prevent;
2244 2244
2245 if (!mod_data.removable) { 2245 if (!mod_data.removable) {
2246 curlun->sense_data = SS_INVALID_COMMAND; 2246 curlun->sense_data = SS_INVALID_COMMAND;
2247 return -EINVAL; 2247 return -EINVAL;
2248 } 2248 }
2249 2249
2250 prevent = fsg->cmnd[4] & 0x01; 2250 prevent = fsg->cmnd[4] & 0x01;
2251 if ((fsg->cmnd[4] & ~0x01) != 0) { // Mask away Prevent 2251 if ((fsg->cmnd[4] & ~0x01) != 0) { // Mask away Prevent
2252 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 2252 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
2253 return -EINVAL; 2253 return -EINVAL;
2254 } 2254 }
2255 2255
2256 if (curlun->prevent_medium_removal && !prevent) 2256 if (curlun->prevent_medium_removal && !prevent)
2257 fsync_sub(curlun); 2257 fsync_sub(curlun);
2258 curlun->prevent_medium_removal = prevent; 2258 curlun->prevent_medium_removal = prevent;
2259 return 0; 2259 return 0;
2260 } 2260 }
2261 2261
2262 2262
2263 static int do_read_format_capacities(struct fsg_dev *fsg, 2263 static int do_read_format_capacities(struct fsg_dev *fsg,
2264 struct fsg_buffhd *bh) 2264 struct fsg_buffhd *bh)
2265 { 2265 {
2266 struct lun *curlun = fsg->curlun; 2266 struct lun *curlun = fsg->curlun;
2267 u8 *buf = (u8 *) bh->buf; 2267 u8 *buf = (u8 *) bh->buf;
2268 2268
2269 buf[0] = buf[1] = buf[2] = 0; 2269 buf[0] = buf[1] = buf[2] = 0;
2270 buf[3] = 8; // Only the Current/Maximum Capacity Descriptor 2270 buf[3] = 8; // Only the Current/Maximum Capacity Descriptor
2271 buf += 4; 2271 buf += 4;
2272 2272
2273 put_be32(&buf[0], curlun->num_sectors); // Number of blocks 2273 put_be32(&buf[0], curlun->num_sectors); // Number of blocks
2274 put_be32(&buf[4], 512); // Block length 2274 put_be32(&buf[4], 512); // Block length
2275 buf[4] = 0x02; // Current capacity 2275 buf[4] = 0x02; // Current capacity
2276 return 12; 2276 return 12;
2277 } 2277 }
2278 2278
2279 2279
2280 static int do_mode_select(struct fsg_dev *fsg, struct fsg_buffhd *bh) 2280 static int do_mode_select(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2281 { 2281 {
2282 struct lun *curlun = fsg->curlun; 2282 struct lun *curlun = fsg->curlun;
2283 2283
2284 /* We don't support MODE SELECT */ 2284 /* We don't support MODE SELECT */
2285 curlun->sense_data = SS_INVALID_COMMAND; 2285 curlun->sense_data = SS_INVALID_COMMAND;
2286 return -EINVAL; 2286 return -EINVAL;
2287 } 2287 }
2288 2288
2289 2289
2290 /*-------------------------------------------------------------------------*/ 2290 /*-------------------------------------------------------------------------*/
2291 2291
2292 static int halt_bulk_in_endpoint(struct fsg_dev *fsg) 2292 static int halt_bulk_in_endpoint(struct fsg_dev *fsg)
2293 { 2293 {
2294 int rc; 2294 int rc;
2295 2295
2296 rc = fsg_set_halt(fsg, fsg->bulk_in); 2296 rc = fsg_set_halt(fsg, fsg->bulk_in);
2297 if (rc == -EAGAIN) 2297 if (rc == -EAGAIN)
2298 VDBG(fsg, "delayed bulk-in endpoint halt\n"); 2298 VDBG(fsg, "delayed bulk-in endpoint halt\n");
2299 while (rc != 0) { 2299 while (rc != 0) {
2300 if (rc != -EAGAIN) { 2300 if (rc != -EAGAIN) {
2301 WARN(fsg, "usb_ep_set_halt -> %d\n", rc); 2301 WARN(fsg, "usb_ep_set_halt -> %d\n", rc);
2302 rc = 0; 2302 rc = 0;
2303 break; 2303 break;
2304 } 2304 }
2305 2305
2306 /* Wait for a short time and then try again */ 2306 /* Wait for a short time and then try again */
2307 if (msleep_interruptible(100) != 0) 2307 if (msleep_interruptible(100) != 0)
2308 return -EINTR; 2308 return -EINTR;
2309 rc = usb_ep_set_halt(fsg->bulk_in); 2309 rc = usb_ep_set_halt(fsg->bulk_in);
2310 } 2310 }
2311 return rc; 2311 return rc;
2312 } 2312 }
2313 2313
2314 static int pad_with_zeros(struct fsg_dev *fsg) 2314 static int pad_with_zeros(struct fsg_dev *fsg)
2315 { 2315 {
2316 struct fsg_buffhd *bh = fsg->next_buffhd_to_fill; 2316 struct fsg_buffhd *bh = fsg->next_buffhd_to_fill;
2317 u32 nkeep = bh->inreq->length; 2317 u32 nkeep = bh->inreq->length;
2318 u32 nsend; 2318 u32 nsend;
2319 int rc; 2319 int rc;
2320 2320
2321 bh->state = BUF_STATE_EMPTY; // For the first iteration 2321 bh->state = BUF_STATE_EMPTY; // For the first iteration
2322 fsg->usb_amount_left = nkeep + fsg->residue; 2322 fsg->usb_amount_left = nkeep + fsg->residue;
2323 while (fsg->usb_amount_left > 0) { 2323 while (fsg->usb_amount_left > 0) {
2324 2324
2325 /* Wait for the next buffer to be free */ 2325 /* Wait for the next buffer to be free */
2326 while (bh->state != BUF_STATE_EMPTY) { 2326 while (bh->state != BUF_STATE_EMPTY) {
2327 rc = sleep_thread(fsg); 2327 rc = sleep_thread(fsg);
2328 if (rc) 2328 if (rc)
2329 return rc; 2329 return rc;
2330 } 2330 }
2331 2331
2332 nsend = min(fsg->usb_amount_left, (u32) mod_data.buflen); 2332 nsend = min(fsg->usb_amount_left, (u32) mod_data.buflen);
2333 memset(bh->buf + nkeep, 0, nsend - nkeep); 2333 memset(bh->buf + nkeep, 0, nsend - nkeep);
2334 bh->inreq->length = nsend; 2334 bh->inreq->length = nsend;
2335 bh->inreq->zero = 0; 2335 bh->inreq->zero = 0;
2336 start_transfer(fsg, fsg->bulk_in, bh->inreq, 2336 start_transfer(fsg, fsg->bulk_in, bh->inreq,
2337 &bh->inreq_busy, &bh->state); 2337 &bh->inreq_busy, &bh->state);
2338 bh = fsg->next_buffhd_to_fill = bh->next; 2338 bh = fsg->next_buffhd_to_fill = bh->next;
2339 fsg->usb_amount_left -= nsend; 2339 fsg->usb_amount_left -= nsend;
2340 nkeep = 0; 2340 nkeep = 0;
2341 } 2341 }
2342 return 0; 2342 return 0;
2343 } 2343 }
2344 2344
2345 static int throw_away_data(struct fsg_dev *fsg) 2345 static int throw_away_data(struct fsg_dev *fsg)
2346 { 2346 {
2347 struct fsg_buffhd *bh; 2347 struct fsg_buffhd *bh;
2348 u32 amount; 2348 u32 amount;
2349 int rc; 2349 int rc;
2350 2350
2351 while ((bh = fsg->next_buffhd_to_drain)->state != BUF_STATE_EMPTY || 2351 while ((bh = fsg->next_buffhd_to_drain)->state != BUF_STATE_EMPTY ||
2352 fsg->usb_amount_left > 0) { 2352 fsg->usb_amount_left > 0) {
2353 2353
2354 /* Throw away the data in a filled buffer */ 2354 /* Throw away the data in a filled buffer */
2355 if (bh->state == BUF_STATE_FULL) { 2355 if (bh->state == BUF_STATE_FULL) {
2356 smp_rmb(); 2356 smp_rmb();
2357 bh->state = BUF_STATE_EMPTY; 2357 bh->state = BUF_STATE_EMPTY;
2358 fsg->next_buffhd_to_drain = bh->next; 2358 fsg->next_buffhd_to_drain = bh->next;
2359 2359
2360 /* A short packet or an error ends everything */ 2360 /* A short packet or an error ends everything */
2361 if (bh->outreq->actual != bh->outreq->length || 2361 if (bh->outreq->actual != bh->outreq->length ||
2362 bh->outreq->status != 0) { 2362 bh->outreq->status != 0) {
2363 raise_exception(fsg, FSG_STATE_ABORT_BULK_OUT); 2363 raise_exception(fsg, FSG_STATE_ABORT_BULK_OUT);
2364 return -EINTR; 2364 return -EINTR;
2365 } 2365 }
2366 continue; 2366 continue;
2367 } 2367 }
2368 2368
2369 /* Try to submit another request if we need one */ 2369 /* Try to submit another request if we need one */
2370 bh = fsg->next_buffhd_to_fill; 2370 bh = fsg->next_buffhd_to_fill;
2371 if (bh->state == BUF_STATE_EMPTY && fsg->usb_amount_left > 0) { 2371 if (bh->state == BUF_STATE_EMPTY && fsg->usb_amount_left > 0) {
2372 amount = min(fsg->usb_amount_left, 2372 amount = min(fsg->usb_amount_left,
2373 (u32) mod_data.buflen); 2373 (u32) mod_data.buflen);
2374 2374
2375 /* amount is always divisible by 512, hence by 2375 /* amount is always divisible by 512, hence by
2376 * the bulk-out maxpacket size */ 2376 * the bulk-out maxpacket size */
2377 bh->outreq->length = bh->bulk_out_intended_length = 2377 bh->outreq->length = bh->bulk_out_intended_length =
2378 amount; 2378 amount;
2379 bh->outreq->short_not_ok = 1; 2379 bh->outreq->short_not_ok = 1;
2380 start_transfer(fsg, fsg->bulk_out, bh->outreq, 2380 start_transfer(fsg, fsg->bulk_out, bh->outreq,
2381 &bh->outreq_busy, &bh->state); 2381 &bh->outreq_busy, &bh->state);
2382 fsg->next_buffhd_to_fill = bh->next; 2382 fsg->next_buffhd_to_fill = bh->next;
2383 fsg->usb_amount_left -= amount; 2383 fsg->usb_amount_left -= amount;
2384 continue; 2384 continue;
2385 } 2385 }
2386 2386
2387 /* Otherwise wait for something to happen */ 2387 /* Otherwise wait for something to happen */
2388 rc = sleep_thread(fsg); 2388 rc = sleep_thread(fsg);
2389 if (rc) 2389 if (rc)
2390 return rc; 2390 return rc;
2391 } 2391 }
2392 return 0; 2392 return 0;
2393 } 2393 }
2394 2394
2395 2395
2396 static int finish_reply(struct fsg_dev *fsg) 2396 static int finish_reply(struct fsg_dev *fsg)
2397 { 2397 {
2398 struct fsg_buffhd *bh = fsg->next_buffhd_to_fill; 2398 struct fsg_buffhd *bh = fsg->next_buffhd_to_fill;
2399 int rc = 0; 2399 int rc = 0;
2400 2400
2401 switch (fsg->data_dir) { 2401 switch (fsg->data_dir) {
2402 case DATA_DIR_NONE: 2402 case DATA_DIR_NONE:
2403 break; // Nothing to send 2403 break; // Nothing to send
2404 2404
2405 /* If we don't know whether the host wants to read or write, 2405 /* If we don't know whether the host wants to read or write,
2406 * this must be CB or CBI with an unknown command. We mustn't 2406 * this must be CB or CBI with an unknown command. We mustn't
2407 * try to send or receive any data. So stall both bulk pipes 2407 * try to send or receive any data. So stall both bulk pipes
2408 * if we can and wait for a reset. */ 2408 * if we can and wait for a reset. */
2409 case DATA_DIR_UNKNOWN: 2409 case DATA_DIR_UNKNOWN:
2410 if (mod_data.can_stall) { 2410 if (mod_data.can_stall) {
2411 fsg_set_halt(fsg, fsg->bulk_out); 2411 fsg_set_halt(fsg, fsg->bulk_out);
2412 rc = halt_bulk_in_endpoint(fsg); 2412 rc = halt_bulk_in_endpoint(fsg);
2413 } 2413 }
2414 break; 2414 break;
2415 2415
2416 /* All but the last buffer of data must have already been sent */ 2416 /* All but the last buffer of data must have already been sent */
2417 case DATA_DIR_TO_HOST: 2417 case DATA_DIR_TO_HOST:
2418 if (fsg->data_size == 0) 2418 if (fsg->data_size == 0)
2419 ; // Nothing to send 2419 ; // Nothing to send
2420 2420
2421 /* If there's no residue, simply send the last buffer */ 2421 /* If there's no residue, simply send the last buffer */
2422 else if (fsg->residue == 0) { 2422 else if (fsg->residue == 0) {
2423 bh->inreq->zero = 0; 2423 bh->inreq->zero = 0;
2424 start_transfer(fsg, fsg->bulk_in, bh->inreq, 2424 start_transfer(fsg, fsg->bulk_in, bh->inreq,
2425 &bh->inreq_busy, &bh->state); 2425 &bh->inreq_busy, &bh->state);
2426 fsg->next_buffhd_to_fill = bh->next; 2426 fsg->next_buffhd_to_fill = bh->next;
2427 } 2427 }
2428 2428
2429 /* There is a residue. For CB and CBI, simply mark the end 2429 /* There is a residue. For CB and CBI, simply mark the end
2430 * of the data with a short packet. However, if we are 2430 * of the data with a short packet. However, if we are
2431 * allowed to stall, there was no data at all (residue == 2431 * allowed to stall, there was no data at all (residue ==
2432 * data_size), and the command failed (invalid LUN or 2432 * data_size), and the command failed (invalid LUN or
2433 * sense data is set), then halt the bulk-in endpoint 2433 * sense data is set), then halt the bulk-in endpoint
2434 * instead. */ 2434 * instead. */
2435 else if (!transport_is_bbb()) { 2435 else if (!transport_is_bbb()) {
2436 if (mod_data.can_stall && 2436 if (mod_data.can_stall &&
2437 fsg->residue == fsg->data_size && 2437 fsg->residue == fsg->data_size &&
2438 (!fsg->curlun || fsg->curlun->sense_data != SS_NO_SENSE)) { 2438 (!fsg->curlun || fsg->curlun->sense_data != SS_NO_SENSE)) {
2439 bh->state = BUF_STATE_EMPTY; 2439 bh->state = BUF_STATE_EMPTY;
2440 rc = halt_bulk_in_endpoint(fsg); 2440 rc = halt_bulk_in_endpoint(fsg);
2441 } else { 2441 } else {
2442 bh->inreq->zero = 1; 2442 bh->inreq->zero = 1;
2443 start_transfer(fsg, fsg->bulk_in, bh->inreq, 2443 start_transfer(fsg, fsg->bulk_in, bh->inreq,
2444 &bh->inreq_busy, &bh->state); 2444 &bh->inreq_busy, &bh->state);
2445 fsg->next_buffhd_to_fill = bh->next; 2445 fsg->next_buffhd_to_fill = bh->next;
2446 } 2446 }
2447 } 2447 }
2448 2448
2449 /* For Bulk-only, if we're allowed to stall then send the 2449 /* For Bulk-only, if we're allowed to stall then send the
2450 * short packet and halt the bulk-in endpoint. If we can't 2450 * short packet and halt the bulk-in endpoint. If we can't
2451 * stall, pad out the remaining data with 0's. */ 2451 * stall, pad out the remaining data with 0's. */
2452 else { 2452 else {
2453 if (mod_data.can_stall) { 2453 if (mod_data.can_stall) {
2454 bh->inreq->zero = 1; 2454 bh->inreq->zero = 1;
2455 start_transfer(fsg, fsg->bulk_in, bh->inreq, 2455 start_transfer(fsg, fsg->bulk_in, bh->inreq,
2456 &bh->inreq_busy, &bh->state); 2456 &bh->inreq_busy, &bh->state);
2457 fsg->next_buffhd_to_fill = bh->next; 2457 fsg->next_buffhd_to_fill = bh->next;
2458 rc = halt_bulk_in_endpoint(fsg); 2458 rc = halt_bulk_in_endpoint(fsg);
2459 } else 2459 } else
2460 rc = pad_with_zeros(fsg); 2460 rc = pad_with_zeros(fsg);
2461 } 2461 }
2462 break; 2462 break;
2463 2463
2464 /* We have processed all we want from the data the host has sent. 2464 /* We have processed all we want from the data the host has sent.
2465 * There may still be outstanding bulk-out requests. */ 2465 * There may still be outstanding bulk-out requests. */
2466 case DATA_DIR_FROM_HOST: 2466 case DATA_DIR_FROM_HOST:
2467 if (fsg->residue == 0) 2467 if (fsg->residue == 0)
2468 ; // Nothing to receive 2468 ; // Nothing to receive
2469 2469
2470 /* Did the host stop sending unexpectedly early? */ 2470 /* Did the host stop sending unexpectedly early? */
2471 else if (fsg->short_packet_received) { 2471 else if (fsg->short_packet_received) {
2472 raise_exception(fsg, FSG_STATE_ABORT_BULK_OUT); 2472 raise_exception(fsg, FSG_STATE_ABORT_BULK_OUT);
2473 rc = -EINTR; 2473 rc = -EINTR;
2474 } 2474 }
2475 2475
2476 /* We haven't processed all the incoming data. Even though 2476 /* We haven't processed all the incoming data. Even though
2477 * we may be allowed to stall, doing so would cause a race. 2477 * we may be allowed to stall, doing so would cause a race.
2478 * The controller may already have ACK'ed all the remaining 2478 * The controller may already have ACK'ed all the remaining
2479 * bulk-out packets, in which case the host wouldn't see a 2479 * bulk-out packets, in which case the host wouldn't see a
2480 * STALL. Not realizing the endpoint was halted, it wouldn't 2480 * STALL. Not realizing the endpoint was halted, it wouldn't
2481 * clear the halt -- leading to problems later on. */ 2481 * clear the halt -- leading to problems later on. */
2482 #if 0 2482 #if 0
2483 else if (mod_data.can_stall) { 2483 else if (mod_data.can_stall) {
2484 fsg_set_halt(fsg, fsg->bulk_out); 2484 fsg_set_halt(fsg, fsg->bulk_out);
2485 raise_exception(fsg, FSG_STATE_ABORT_BULK_OUT); 2485 raise_exception(fsg, FSG_STATE_ABORT_BULK_OUT);
2486 rc = -EINTR; 2486 rc = -EINTR;
2487 } 2487 }
2488 #endif 2488 #endif
2489 2489
2490 /* We can't stall. Read in the excess data and throw it 2490 /* We can't stall. Read in the excess data and throw it
2491 * all away. */ 2491 * all away. */
2492 else 2492 else
2493 rc = throw_away_data(fsg); 2493 rc = throw_away_data(fsg);
2494 break; 2494 break;
2495 } 2495 }
2496 return rc; 2496 return rc;
2497 } 2497 }
2498 2498
2499 2499
2500 static int send_status(struct fsg_dev *fsg) 2500 static int send_status(struct fsg_dev *fsg)
2501 { 2501 {
2502 struct lun *curlun = fsg->curlun; 2502 struct lun *curlun = fsg->curlun;
2503 struct fsg_buffhd *bh; 2503 struct fsg_buffhd *bh;
2504 int rc; 2504 int rc;
2505 u8 status = USB_STATUS_PASS; 2505 u8 status = USB_STATUS_PASS;
2506 u32 sd, sdinfo = 0; 2506 u32 sd, sdinfo = 0;
2507 2507
2508 /* Wait for the next buffer to become available */ 2508 /* Wait for the next buffer to become available */
2509 bh = fsg->next_buffhd_to_fill; 2509 bh = fsg->next_buffhd_to_fill;
2510 while (bh->state != BUF_STATE_EMPTY) { 2510 while (bh->state != BUF_STATE_EMPTY) {
2511 rc = sleep_thread(fsg); 2511 rc = sleep_thread(fsg);
2512 if (rc) 2512 if (rc)
2513 return rc; 2513 return rc;
2514 } 2514 }
2515 2515
2516 if (curlun) { 2516 if (curlun) {
2517 sd = curlun->sense_data; 2517 sd = curlun->sense_data;
2518 sdinfo = curlun->sense_data_info; 2518 sdinfo = curlun->sense_data_info;
2519 } else if (fsg->bad_lun_okay) 2519 } else if (fsg->bad_lun_okay)
2520 sd = SS_NO_SENSE; 2520 sd = SS_NO_SENSE;
2521 else 2521 else
2522 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED; 2522 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
2523 2523
2524 if (fsg->phase_error) { 2524 if (fsg->phase_error) {
2525 DBG(fsg, "sending phase-error status\n"); 2525 DBG(fsg, "sending phase-error status\n");
2526 status = USB_STATUS_PHASE_ERROR; 2526 status = USB_STATUS_PHASE_ERROR;
2527 sd = SS_INVALID_COMMAND; 2527 sd = SS_INVALID_COMMAND;
2528 } else if (sd != SS_NO_SENSE) { 2528 } else if (sd != SS_NO_SENSE) {
2529 DBG(fsg, "sending command-failure status\n"); 2529 DBG(fsg, "sending command-failure status\n");
2530 status = USB_STATUS_FAIL; 2530 status = USB_STATUS_FAIL;
2531 VDBG(fsg, " sense data: SK x%02x, ASC x%02x, ASCQ x%02x;" 2531 VDBG(fsg, " sense data: SK x%02x, ASC x%02x, ASCQ x%02x;"
2532 " info x%x\n", 2532 " info x%x\n",
2533 SK(sd), ASC(sd), ASCQ(sd), sdinfo); 2533 SK(sd), ASC(sd), ASCQ(sd), sdinfo);
2534 } 2534 }
2535 2535
2536 if (transport_is_bbb()) { 2536 if (transport_is_bbb()) {
2537 struct bulk_cs_wrap *csw = bh->buf; 2537 struct bulk_cs_wrap *csw = bh->buf;
2538 2538
2539 /* Store and send the Bulk-only CSW */ 2539 /* Store and send the Bulk-only CSW */
2540 csw->Signature = __constant_cpu_to_le32(USB_BULK_CS_SIG); 2540 csw->Signature = __constant_cpu_to_le32(USB_BULK_CS_SIG);
2541 csw->Tag = fsg->tag; 2541 csw->Tag = fsg->tag;
2542 csw->Residue = cpu_to_le32(fsg->residue); 2542 csw->Residue = cpu_to_le32(fsg->residue);
2543 csw->Status = status; 2543 csw->Status = status;
2544 2544
2545 bh->inreq->length = USB_BULK_CS_WRAP_LEN; 2545 bh->inreq->length = USB_BULK_CS_WRAP_LEN;
2546 bh->inreq->zero = 0; 2546 bh->inreq->zero = 0;
2547 start_transfer(fsg, fsg->bulk_in, bh->inreq, 2547 start_transfer(fsg, fsg->bulk_in, bh->inreq,
2548 &bh->inreq_busy, &bh->state); 2548 &bh->inreq_busy, &bh->state);
2549 2549
2550 } else if (mod_data.transport_type == USB_PR_CB) { 2550 } else if (mod_data.transport_type == USB_PR_CB) {
2551 2551
2552 /* Control-Bulk transport has no status phase! */ 2552 /* Control-Bulk transport has no status phase! */
2553 return 0; 2553 return 0;
2554 2554
2555 } else { // USB_PR_CBI 2555 } else { // USB_PR_CBI
2556 struct interrupt_data *buf = bh->buf; 2556 struct interrupt_data *buf = bh->buf;
2557 2557
2558 /* Store and send the Interrupt data. UFI sends the ASC 2558 /* Store and send the Interrupt data. UFI sends the ASC
2559 * and ASCQ bytes. Everything else sends a Type (which 2559 * and ASCQ bytes. Everything else sends a Type (which
2560 * is always 0) and the status Value. */ 2560 * is always 0) and the status Value. */
2561 if (mod_data.protocol_type == USB_SC_UFI) { 2561 if (mod_data.protocol_type == USB_SC_UFI) {
2562 buf->bType = ASC(sd); 2562 buf->bType = ASC(sd);
2563 buf->bValue = ASCQ(sd); 2563 buf->bValue = ASCQ(sd);
2564 } else { 2564 } else {
2565 buf->bType = 0; 2565 buf->bType = 0;
2566 buf->bValue = status; 2566 buf->bValue = status;
2567 } 2567 }
2568 fsg->intreq->length = CBI_INTERRUPT_DATA_LEN; 2568 fsg->intreq->length = CBI_INTERRUPT_DATA_LEN;
2569 2569
2570 fsg->intr_buffhd = bh; // Point to the right buffhd 2570 fsg->intr_buffhd = bh; // Point to the right buffhd
2571 fsg->intreq->buf = bh->inreq->buf; 2571 fsg->intreq->buf = bh->inreq->buf;
2572 fsg->intreq->context = bh; 2572 fsg->intreq->context = bh;
2573 start_transfer(fsg, fsg->intr_in, fsg->intreq, 2573 start_transfer(fsg, fsg->intr_in, fsg->intreq,
2574 &fsg->intreq_busy, &bh->state); 2574 &fsg->intreq_busy, &bh->state);
2575 } 2575 }
2576 2576
2577 fsg->next_buffhd_to_fill = bh->next; 2577 fsg->next_buffhd_to_fill = bh->next;
2578 return 0; 2578 return 0;
2579 } 2579 }
2580 2580
2581 2581
2582 /*-------------------------------------------------------------------------*/ 2582 /*-------------------------------------------------------------------------*/
2583 2583
2584 /* Check whether the command is properly formed and whether its data size 2584 /* Check whether the command is properly formed and whether its data size
2585 * and direction agree with the values we already have. */ 2585 * and direction agree with the values we already have. */
2586 static int check_command(struct fsg_dev *fsg, int cmnd_size, 2586 static int check_command(struct fsg_dev *fsg, int cmnd_size,
2587 enum data_direction data_dir, unsigned int mask, 2587 enum data_direction data_dir, unsigned int mask,
2588 int needs_medium, const char *name) 2588 int needs_medium, const char *name)
2589 { 2589 {
2590 int i; 2590 int i;
2591 int lun = fsg->cmnd[1] >> 5; 2591 int lun = fsg->cmnd[1] >> 5;
2592 static const char dirletter[4] = {'u', 'o', 'i', 'n'}; 2592 static const char dirletter[4] = {'u', 'o', 'i', 'n'};
2593 char hdlen[20]; 2593 char hdlen[20];
2594 struct lun *curlun; 2594 struct lun *curlun;
2595 2595
2596 /* Adjust the expected cmnd_size for protocol encapsulation padding. 2596 /* Adjust the expected cmnd_size for protocol encapsulation padding.
2597 * Transparent SCSI doesn't pad. */ 2597 * Transparent SCSI doesn't pad. */
2598 if (protocol_is_scsi()) 2598 if (protocol_is_scsi())
2599 ; 2599 ;
2600 2600
2601 /* There's some disagreement as to whether RBC pads commands or not. 2601 /* There's some disagreement as to whether RBC pads commands or not.
2602 * We'll play it safe and accept either form. */ 2602 * We'll play it safe and accept either form. */
2603 else if (mod_data.protocol_type == USB_SC_RBC) { 2603 else if (mod_data.protocol_type == USB_SC_RBC) {
2604 if (fsg->cmnd_size == 12) 2604 if (fsg->cmnd_size == 12)
2605 cmnd_size = 12; 2605 cmnd_size = 12;
2606 2606
2607 /* All the other protocols pad to 12 bytes */ 2607 /* All the other protocols pad to 12 bytes */
2608 } else 2608 } else
2609 cmnd_size = 12; 2609 cmnd_size = 12;
2610 2610
2611 hdlen[0] = 0; 2611 hdlen[0] = 0;
2612 if (fsg->data_dir != DATA_DIR_UNKNOWN) 2612 if (fsg->data_dir != DATA_DIR_UNKNOWN)
2613 sprintf(hdlen, ", H%c=%u", dirletter[(int) fsg->data_dir], 2613 sprintf(hdlen, ", H%c=%u", dirletter[(int) fsg->data_dir],
2614 fsg->data_size); 2614 fsg->data_size);
2615 VDBG(fsg, "SCSI command: %s; Dc=%d, D%c=%u; Hc=%d%s\n", 2615 VDBG(fsg, "SCSI command: %s; Dc=%d, D%c=%u; Hc=%d%s\n",
2616 name, cmnd_size, dirletter[(int) data_dir], 2616 name, cmnd_size, dirletter[(int) data_dir],
2617 fsg->data_size_from_cmnd, fsg->cmnd_size, hdlen); 2617 fsg->data_size_from_cmnd, fsg->cmnd_size, hdlen);
2618 2618
2619 /* We can't reply at all until we know the correct data direction 2619 /* We can't reply at all until we know the correct data direction
2620 * and size. */ 2620 * and size. */
2621 if (fsg->data_size_from_cmnd == 0) 2621 if (fsg->data_size_from_cmnd == 0)
2622 data_dir = DATA_DIR_NONE; 2622 data_dir = DATA_DIR_NONE;
2623 if (fsg->data_dir == DATA_DIR_UNKNOWN) { // CB or CBI 2623 if (fsg->data_dir == DATA_DIR_UNKNOWN) { // CB or CBI
2624 fsg->data_dir = data_dir; 2624 fsg->data_dir = data_dir;
2625 fsg->data_size = fsg->data_size_from_cmnd; 2625 fsg->data_size = fsg->data_size_from_cmnd;
2626 2626
2627 } else { // Bulk-only 2627 } else { // Bulk-only
2628 if (fsg->data_size < fsg->data_size_from_cmnd) { 2628 if (fsg->data_size < fsg->data_size_from_cmnd) {
2629 2629
2630 /* Host data size < Device data size is a phase error. 2630 /* Host data size < Device data size is a phase error.
2631 * Carry out the command, but only transfer as much 2631 * Carry out the command, but only transfer as much
2632 * as we are allowed. */ 2632 * as we are allowed. */
2633 fsg->data_size_from_cmnd = fsg->data_size; 2633 fsg->data_size_from_cmnd = fsg->data_size;
2634 fsg->phase_error = 1; 2634 fsg->phase_error = 1;
2635 } 2635 }
2636 } 2636 }
2637 fsg->residue = fsg->usb_amount_left = fsg->data_size; 2637 fsg->residue = fsg->usb_amount_left = fsg->data_size;
2638 2638
2639 /* Conflicting data directions is a phase error */ 2639 /* Conflicting data directions is a phase error */
2640 if (fsg->data_dir != data_dir && fsg->data_size_from_cmnd > 0) { 2640 if (fsg->data_dir != data_dir && fsg->data_size_from_cmnd > 0) {
2641 fsg->phase_error = 1; 2641 fsg->phase_error = 1;
2642 return -EINVAL; 2642 return -EINVAL;
2643 } 2643 }
2644 2644
2645 /* Verify the length of the command itself */ 2645 /* Verify the length of the command itself */
2646 if (cmnd_size != fsg->cmnd_size) { 2646 if (cmnd_size != fsg->cmnd_size) {
2647 2647
2648 /* Special case workaround: MS-Windows issues REQUEST SENSE 2648 /* Special case workaround: MS-Windows issues REQUEST SENSE
2649 * with cbw->Length == 12 (it should be 6). */ 2649 * with cbw->Length == 12 (it should be 6). */
2650 if (fsg->cmnd[0] == SC_REQUEST_SENSE && fsg->cmnd_size == 12) 2650 if (fsg->cmnd[0] == SC_REQUEST_SENSE && fsg->cmnd_size == 12)
2651 cmnd_size = fsg->cmnd_size; 2651 cmnd_size = fsg->cmnd_size;
2652 else { 2652 else {
2653 fsg->phase_error = 1; 2653 fsg->phase_error = 1;
2654 return -EINVAL; 2654 return -EINVAL;
2655 } 2655 }
2656 } 2656 }
2657 2657
2658 /* Check that the LUN values are consistent */ 2658 /* Check that the LUN values are consistent */
2659 if (transport_is_bbb()) { 2659 if (transport_is_bbb()) {
2660 if (fsg->lun != lun) 2660 if (fsg->lun != lun)
2661 DBG(fsg, "using LUN %d from CBW, " 2661 DBG(fsg, "using LUN %d from CBW, "
2662 "not LUN %d from CDB\n", 2662 "not LUN %d from CDB\n",
2663 fsg->lun, lun); 2663 fsg->lun, lun);
2664 } else 2664 } else
2665 fsg->lun = lun; // Use LUN from the command 2665 fsg->lun = lun; // Use LUN from the command
2666 2666
2667 /* Check the LUN */ 2667 /* Check the LUN */
2668 if (fsg->lun >= 0 && fsg->lun < fsg->nluns) { 2668 if (fsg->lun >= 0 && fsg->lun < fsg->nluns) {
2669 fsg->curlun = curlun = &fsg->luns[fsg->lun]; 2669 fsg->curlun = curlun = &fsg->luns[fsg->lun];
2670 if (fsg->cmnd[0] != SC_REQUEST_SENSE) { 2670 if (fsg->cmnd[0] != SC_REQUEST_SENSE) {
2671 curlun->sense_data = SS_NO_SENSE; 2671 curlun->sense_data = SS_NO_SENSE;
2672 curlun->sense_data_info = 0; 2672 curlun->sense_data_info = 0;
2673 curlun->info_valid = 0; 2673 curlun->info_valid = 0;
2674 } 2674 }
2675 } else { 2675 } else {
2676 fsg->curlun = curlun = NULL; 2676 fsg->curlun = curlun = NULL;
2677 fsg->bad_lun_okay = 0; 2677 fsg->bad_lun_okay = 0;
2678 2678
2679 /* INQUIRY and REQUEST SENSE commands are explicitly allowed 2679 /* INQUIRY and REQUEST SENSE commands are explicitly allowed
2680 * to use unsupported LUNs; all others may not. */ 2680 * to use unsupported LUNs; all others may not. */
2681 if (fsg->cmnd[0] != SC_INQUIRY && 2681 if (fsg->cmnd[0] != SC_INQUIRY &&
2682 fsg->cmnd[0] != SC_REQUEST_SENSE) { 2682 fsg->cmnd[0] != SC_REQUEST_SENSE) {
2683 DBG(fsg, "unsupported LUN %d\n", fsg->lun); 2683 DBG(fsg, "unsupported LUN %d\n", fsg->lun);
2684 return -EINVAL; 2684 return -EINVAL;
2685 } 2685 }
2686 } 2686 }
2687 2687
2688 /* If a unit attention condition exists, only INQUIRY and 2688 /* If a unit attention condition exists, only INQUIRY and
2689 * REQUEST SENSE commands are allowed; anything else must fail. */ 2689 * REQUEST SENSE commands are allowed; anything else must fail. */
2690 if (curlun && curlun->unit_attention_data != SS_NO_SENSE && 2690 if (curlun && curlun->unit_attention_data != SS_NO_SENSE &&
2691 fsg->cmnd[0] != SC_INQUIRY && 2691 fsg->cmnd[0] != SC_INQUIRY &&
2692 fsg->cmnd[0] != SC_REQUEST_SENSE) { 2692 fsg->cmnd[0] != SC_REQUEST_SENSE) {
2693 curlun->sense_data = curlun->unit_attention_data; 2693 curlun->sense_data = curlun->unit_attention_data;
2694 curlun->unit_attention_data = SS_NO_SENSE; 2694 curlun->unit_attention_data = SS_NO_SENSE;
2695 return -EINVAL; 2695 return -EINVAL;
2696 } 2696 }
2697 2697
2698 /* Check that only command bytes listed in the mask are non-zero */ 2698 /* Check that only command bytes listed in the mask are non-zero */
2699 fsg->cmnd[1] &= 0x1f; // Mask away the LUN 2699 fsg->cmnd[1] &= 0x1f; // Mask away the LUN
2700 for (i = 1; i < cmnd_size; ++i) { 2700 for (i = 1; i < cmnd_size; ++i) {
2701 if (fsg->cmnd[i] && !(mask & (1 << i))) { 2701 if (fsg->cmnd[i] && !(mask & (1 << i))) {
2702 if (curlun) 2702 if (curlun)
2703 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 2703 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
2704 return -EINVAL; 2704 return -EINVAL;
2705 } 2705 }
2706 } 2706 }
2707 2707
2708 /* If the medium isn't mounted and the command needs to access 2708 /* If the medium isn't mounted and the command needs to access
2709 * it, return an error. */ 2709 * it, return an error. */
2710 if (curlun && !backing_file_is_open(curlun) && needs_medium) { 2710 if (curlun && !backing_file_is_open(curlun) && needs_medium) {
2711 curlun->sense_data = SS_MEDIUM_NOT_PRESENT; 2711 curlun->sense_data = SS_MEDIUM_NOT_PRESENT;
2712 return -EINVAL; 2712 return -EINVAL;
2713 } 2713 }
2714 2714
2715 return 0; 2715 return 0;
2716 } 2716 }
2717 2717
2718 2718
2719 static int do_scsi_command(struct fsg_dev *fsg) 2719 static int do_scsi_command(struct fsg_dev *fsg)
2720 { 2720 {
2721 struct fsg_buffhd *bh; 2721 struct fsg_buffhd *bh;
2722 int rc; 2722 int rc;
2723 int reply = -EINVAL; 2723 int reply = -EINVAL;
2724 int i; 2724 int i;
2725 static char unknown[16]; 2725 static char unknown[16];
2726 2726
2727 dump_cdb(fsg); 2727 dump_cdb(fsg);
2728 2728
2729 /* Wait for the next buffer to become available for data or status */ 2729 /* Wait for the next buffer to become available for data or status */
2730 bh = fsg->next_buffhd_to_drain = fsg->next_buffhd_to_fill; 2730 bh = fsg->next_buffhd_to_drain = fsg->next_buffhd_to_fill;
2731 while (bh->state != BUF_STATE_EMPTY) { 2731 while (bh->state != BUF_STATE_EMPTY) {
2732 rc = sleep_thread(fsg); 2732 rc = sleep_thread(fsg);
2733 if (rc) 2733 if (rc)
2734 return rc; 2734 return rc;
2735 } 2735 }
2736 fsg->phase_error = 0; 2736 fsg->phase_error = 0;
2737 fsg->short_packet_received = 0; 2737 fsg->short_packet_received = 0;
2738 2738
2739 down_read(&fsg->filesem); // We're using the backing file 2739 down_read(&fsg->filesem); // We're using the backing file
2740 switch (fsg->cmnd[0]) { 2740 switch (fsg->cmnd[0]) {
2741 2741
2742 case SC_INQUIRY: 2742 case SC_INQUIRY:
2743 fsg->data_size_from_cmnd = fsg->cmnd[4]; 2743 fsg->data_size_from_cmnd = fsg->cmnd[4];
2744 if ((reply = check_command(fsg, 6, DATA_DIR_TO_HOST, 2744 if ((reply = check_command(fsg, 6, DATA_DIR_TO_HOST,
2745 (1<<4), 0, 2745 (1<<4), 0,
2746 "INQUIRY")) == 0) 2746 "INQUIRY")) == 0)
2747 reply = do_inquiry(fsg, bh); 2747 reply = do_inquiry(fsg, bh);
2748 break; 2748 break;
2749 2749
2750 case SC_MODE_SELECT_6: 2750 case SC_MODE_SELECT_6:
2751 fsg->data_size_from_cmnd = fsg->cmnd[4]; 2751 fsg->data_size_from_cmnd = fsg->cmnd[4];
2752 if ((reply = check_command(fsg, 6, DATA_DIR_FROM_HOST, 2752 if ((reply = check_command(fsg, 6, DATA_DIR_FROM_HOST,
2753 (1<<1) | (1<<4), 0, 2753 (1<<1) | (1<<4), 0,
2754 "MODE SELECT(6)")) == 0) 2754 "MODE SELECT(6)")) == 0)
2755 reply = do_mode_select(fsg, bh); 2755 reply = do_mode_select(fsg, bh);
2756 break; 2756 break;
2757 2757
2758 case SC_MODE_SELECT_10: 2758 case SC_MODE_SELECT_10:
2759 fsg->data_size_from_cmnd = get_be16(&fsg->cmnd[7]); 2759 fsg->data_size_from_cmnd = get_be16(&fsg->cmnd[7]);
2760 if ((reply = check_command(fsg, 10, DATA_DIR_FROM_HOST, 2760 if ((reply = check_command(fsg, 10, DATA_DIR_FROM_HOST,
2761 (1<<1) | (3<<7), 0, 2761 (1<<1) | (3<<7), 0,
2762 "MODE SELECT(10)")) == 0) 2762 "MODE SELECT(10)")) == 0)
2763 reply = do_mode_select(fsg, bh); 2763 reply = do_mode_select(fsg, bh);
2764 break; 2764 break;
2765 2765
2766 case SC_MODE_SENSE_6: 2766 case SC_MODE_SENSE_6:
2767 fsg->data_size_from_cmnd = fsg->cmnd[4]; 2767 fsg->data_size_from_cmnd = fsg->cmnd[4];
2768 if ((reply = check_command(fsg, 6, DATA_DIR_TO_HOST, 2768 if ((reply = check_command(fsg, 6, DATA_DIR_TO_HOST,
2769 (1<<1) | (1<<2) | (1<<4), 0, 2769 (1<<1) | (1<<2) | (1<<4), 0,
2770 "MODE SENSE(6)")) == 0) 2770 "MODE SENSE(6)")) == 0)
2771 reply = do_mode_sense(fsg, bh); 2771 reply = do_mode_sense(fsg, bh);
2772 break; 2772 break;
2773 2773
2774 case SC_MODE_SENSE_10: 2774 case SC_MODE_SENSE_10:
2775 fsg->data_size_from_cmnd = get_be16(&fsg->cmnd[7]); 2775 fsg->data_size_from_cmnd = get_be16(&fsg->cmnd[7]);
2776 if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST, 2776 if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST,
2777 (1<<1) | (1<<2) | (3<<7), 0, 2777 (1<<1) | (1<<2) | (3<<7), 0,
2778 "MODE SENSE(10)")) == 0) 2778 "MODE SENSE(10)")) == 0)
2779 reply = do_mode_sense(fsg, bh); 2779 reply = do_mode_sense(fsg, bh);
2780 break; 2780 break;
2781 2781
2782 case SC_PREVENT_ALLOW_MEDIUM_REMOVAL: 2782 case SC_PREVENT_ALLOW_MEDIUM_REMOVAL:
2783 fsg->data_size_from_cmnd = 0; 2783 fsg->data_size_from_cmnd = 0;
2784 if ((reply = check_command(fsg, 6, DATA_DIR_NONE, 2784 if ((reply = check_command(fsg, 6, DATA_DIR_NONE,
2785 (1<<4), 0, 2785 (1<<4), 0,
2786 "PREVENT-ALLOW MEDIUM REMOVAL")) == 0) 2786 "PREVENT-ALLOW MEDIUM REMOVAL")) == 0)
2787 reply = do_prevent_allow(fsg); 2787 reply = do_prevent_allow(fsg);
2788 break; 2788 break;
2789 2789
2790 case SC_READ_6: 2790 case SC_READ_6:
2791 i = fsg->cmnd[4]; 2791 i = fsg->cmnd[4];
2792 fsg->data_size_from_cmnd = (i == 0 ? 256 : i) << 9; 2792 fsg->data_size_from_cmnd = (i == 0 ? 256 : i) << 9;
2793 if ((reply = check_command(fsg, 6, DATA_DIR_TO_HOST, 2793 if ((reply = check_command(fsg, 6, DATA_DIR_TO_HOST,
2794 (7<<1) | (1<<4), 1, 2794 (7<<1) | (1<<4), 1,
2795 "READ(6)")) == 0) 2795 "READ(6)")) == 0)
2796 reply = do_read(fsg); 2796 reply = do_read(fsg);
2797 break; 2797 break;
2798 2798
2799 case SC_READ_10: 2799 case SC_READ_10:
2800 fsg->data_size_from_cmnd = get_be16(&fsg->cmnd[7]) << 9; 2800 fsg->data_size_from_cmnd = get_be16(&fsg->cmnd[7]) << 9;
2801 if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST, 2801 if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST,
2802 (1<<1) | (0xf<<2) | (3<<7), 1, 2802 (1<<1) | (0xf<<2) | (3<<7), 1,
2803 "READ(10)")) == 0) 2803 "READ(10)")) == 0)
2804 reply = do_read(fsg); 2804 reply = do_read(fsg);
2805 break; 2805 break;
2806 2806
2807 case SC_READ_12: 2807 case SC_READ_12:
2808 fsg->data_size_from_cmnd = get_be32(&fsg->cmnd[6]) << 9; 2808 fsg->data_size_from_cmnd = get_be32(&fsg->cmnd[6]) << 9;
2809 if ((reply = check_command(fsg, 12, DATA_DIR_TO_HOST, 2809 if ((reply = check_command(fsg, 12, DATA_DIR_TO_HOST,
2810 (1<<1) | (0xf<<2) | (0xf<<6), 1, 2810 (1<<1) | (0xf<<2) | (0xf<<6), 1,
2811 "READ(12)")) == 0) 2811 "READ(12)")) == 0)
2812 reply = do_read(fsg); 2812 reply = do_read(fsg);
2813 break; 2813 break;
2814 2814
2815 case SC_READ_CAPACITY: 2815 case SC_READ_CAPACITY:
2816 fsg->data_size_from_cmnd = 8; 2816 fsg->data_size_from_cmnd = 8;
2817 if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST, 2817 if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST,
2818 (0xf<<2) | (1<<8), 1, 2818 (0xf<<2) | (1<<8), 1,
2819 "READ CAPACITY")) == 0) 2819 "READ CAPACITY")) == 0)
2820 reply = do_read_capacity(fsg, bh); 2820 reply = do_read_capacity(fsg, bh);
2821 break; 2821 break;
2822 2822
2823 case SC_READ_FORMAT_CAPACITIES: 2823 case SC_READ_FORMAT_CAPACITIES:
2824 fsg->data_size_from_cmnd = get_be16(&fsg->cmnd[7]); 2824 fsg->data_size_from_cmnd = get_be16(&fsg->cmnd[7]);
2825 if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST, 2825 if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST,
2826 (3<<7), 1, 2826 (3<<7), 1,
2827 "READ FORMAT CAPACITIES")) == 0) 2827 "READ FORMAT CAPACITIES")) == 0)
2828 reply = do_read_format_capacities(fsg, bh); 2828 reply = do_read_format_capacities(fsg, bh);
2829 break; 2829 break;
2830 2830
2831 case SC_REQUEST_SENSE: 2831 case SC_REQUEST_SENSE:
2832 fsg->data_size_from_cmnd = fsg->cmnd[4]; 2832 fsg->data_size_from_cmnd = fsg->cmnd[4];
2833 if ((reply = check_command(fsg, 6, DATA_DIR_TO_HOST, 2833 if ((reply = check_command(fsg, 6, DATA_DIR_TO_HOST,
2834 (1<<4), 0, 2834 (1<<4), 0,
2835 "REQUEST SENSE")) == 0) 2835 "REQUEST SENSE")) == 0)
2836 reply = do_request_sense(fsg, bh); 2836 reply = do_request_sense(fsg, bh);
2837 break; 2837 break;
2838 2838
2839 case SC_START_STOP_UNIT: 2839 case SC_START_STOP_UNIT:
2840 fsg->data_size_from_cmnd = 0; 2840 fsg->data_size_from_cmnd = 0;
2841 if ((reply = check_command(fsg, 6, DATA_DIR_NONE, 2841 if ((reply = check_command(fsg, 6, DATA_DIR_NONE,
2842 (1<<1) | (1<<4), 0, 2842 (1<<1) | (1<<4), 0,
2843 "START-STOP UNIT")) == 0) 2843 "START-STOP UNIT")) == 0)
2844 reply = do_start_stop(fsg); 2844 reply = do_start_stop(fsg);
2845 break; 2845 break;
2846 2846
2847 case SC_SYNCHRONIZE_CACHE: 2847 case SC_SYNCHRONIZE_CACHE:
2848 fsg->data_size_from_cmnd = 0; 2848 fsg->data_size_from_cmnd = 0;
2849 if ((reply = check_command(fsg, 10, DATA_DIR_NONE, 2849 if ((reply = check_command(fsg, 10, DATA_DIR_NONE,
2850 (0xf<<2) | (3<<7), 1, 2850 (0xf<<2) | (3<<7), 1,
2851 "SYNCHRONIZE CACHE")) == 0) 2851 "SYNCHRONIZE CACHE")) == 0)
2852 reply = do_synchronize_cache(fsg); 2852 reply = do_synchronize_cache(fsg);
2853 break; 2853 break;
2854 2854
2855 case SC_TEST_UNIT_READY: 2855 case SC_TEST_UNIT_READY:
2856 fsg->data_size_from_cmnd = 0; 2856 fsg->data_size_from_cmnd = 0;
2857 reply = check_command(fsg, 6, DATA_DIR_NONE, 2857 reply = check_command(fsg, 6, DATA_DIR_NONE,
2858 0, 1, 2858 0, 1,
2859 "TEST UNIT READY"); 2859 "TEST UNIT READY");
2860 break; 2860 break;
2861 2861
2862 /* Although optional, this command is used by MS-Windows. We 2862 /* Although optional, this command is used by MS-Windows. We
2863 * support a minimal version: BytChk must be 0. */ 2863 * support a minimal version: BytChk must be 0. */
2864 case SC_VERIFY: 2864 case SC_VERIFY:
2865 fsg->data_size_from_cmnd = 0; 2865 fsg->data_size_from_cmnd = 0;
2866 if ((reply = check_command(fsg, 10, DATA_DIR_NONE, 2866 if ((reply = check_command(fsg, 10, DATA_DIR_NONE,
2867 (1<<1) | (0xf<<2) | (3<<7), 1, 2867 (1<<1) | (0xf<<2) | (3<<7), 1,
2868 "VERIFY")) == 0) 2868 "VERIFY")) == 0)
2869 reply = do_verify(fsg); 2869 reply = do_verify(fsg);
2870 break; 2870 break;
2871 2871
2872 case SC_WRITE_6: 2872 case SC_WRITE_6:
2873 i = fsg->cmnd[4]; 2873 i = fsg->cmnd[4];
2874 fsg->data_size_from_cmnd = (i == 0 ? 256 : i) << 9; 2874 fsg->data_size_from_cmnd = (i == 0 ? 256 : i) << 9;
2875 if ((reply = check_command(fsg, 6, DATA_DIR_FROM_HOST, 2875 if ((reply = check_command(fsg, 6, DATA_DIR_FROM_HOST,
2876 (7<<1) | (1<<4), 1, 2876 (7<<1) | (1<<4), 1,
2877 "WRITE(6)")) == 0) 2877 "WRITE(6)")) == 0)
2878 reply = do_write(fsg); 2878 reply = do_write(fsg);
2879 break; 2879 break;
2880 2880
2881 case SC_WRITE_10: 2881 case SC_WRITE_10:
2882 fsg->data_size_from_cmnd = get_be16(&fsg->cmnd[7]) << 9; 2882 fsg->data_size_from_cmnd = get_be16(&fsg->cmnd[7]) << 9;
2883 if ((reply = check_command(fsg, 10, DATA_DIR_FROM_HOST, 2883 if ((reply = check_command(fsg, 10, DATA_DIR_FROM_HOST,
2884 (1<<1) | (0xf<<2) | (3<<7), 1, 2884 (1<<1) | (0xf<<2) | (3<<7), 1,
2885 "WRITE(10)")) == 0) 2885 "WRITE(10)")) == 0)
2886 reply = do_write(fsg); 2886 reply = do_write(fsg);
2887 break; 2887 break;
2888 2888
2889 case SC_WRITE_12: 2889 case SC_WRITE_12:
2890 fsg->data_size_from_cmnd = get_be32(&fsg->cmnd[6]) << 9; 2890 fsg->data_size_from_cmnd = get_be32(&fsg->cmnd[6]) << 9;
2891 if ((reply = check_command(fsg, 12, DATA_DIR_FROM_HOST, 2891 if ((reply = check_command(fsg, 12, DATA_DIR_FROM_HOST,
2892 (1<<1) | (0xf<<2) | (0xf<<6), 1, 2892 (1<<1) | (0xf<<2) | (0xf<<6), 1,
2893 "WRITE(12)")) == 0) 2893 "WRITE(12)")) == 0)
2894 reply = do_write(fsg); 2894 reply = do_write(fsg);
2895 break; 2895 break;
2896 2896
2897 /* Some mandatory commands that we recognize but don't implement. 2897 /* Some mandatory commands that we recognize but don't implement.
2898 * They don't mean much in this setting. It's left as an exercise 2898 * They don't mean much in this setting. It's left as an exercise
2899 * for anyone interested to implement RESERVE and RELEASE in terms 2899 * for anyone interested to implement RESERVE and RELEASE in terms
2900 * of Posix locks. */ 2900 * of Posix locks. */
2901 case SC_FORMAT_UNIT: 2901 case SC_FORMAT_UNIT:
2902 case SC_RELEASE: 2902 case SC_RELEASE:
2903 case SC_RESERVE: 2903 case SC_RESERVE:
2904 case SC_SEND_DIAGNOSTIC: 2904 case SC_SEND_DIAGNOSTIC:
2905 // Fall through 2905 // Fall through
2906 2906
2907 default: 2907 default:
2908 fsg->data_size_from_cmnd = 0; 2908 fsg->data_size_from_cmnd = 0;
2909 sprintf(unknown, "Unknown x%02x", fsg->cmnd[0]); 2909 sprintf(unknown, "Unknown x%02x", fsg->cmnd[0]);
2910 if ((reply = check_command(fsg, fsg->cmnd_size, 2910 if ((reply = check_command(fsg, fsg->cmnd_size,
2911 DATA_DIR_UNKNOWN, 0xff, 0, unknown)) == 0) { 2911 DATA_DIR_UNKNOWN, 0xff, 0, unknown)) == 0) {
2912 fsg->curlun->sense_data = SS_INVALID_COMMAND; 2912 fsg->curlun->sense_data = SS_INVALID_COMMAND;
2913 reply = -EINVAL; 2913 reply = -EINVAL;
2914 } 2914 }
2915 break; 2915 break;
2916 } 2916 }
2917 up_read(&fsg->filesem); 2917 up_read(&fsg->filesem);
2918 2918
2919 if (reply == -EINTR || signal_pending(current)) 2919 if (reply == -EINTR || signal_pending(current))
2920 return -EINTR; 2920 return -EINTR;
2921 2921
2922 /* Set up the single reply buffer for finish_reply() */ 2922 /* Set up the single reply buffer for finish_reply() */
2923 if (reply == -EINVAL) 2923 if (reply == -EINVAL)
2924 reply = 0; // Error reply length 2924 reply = 0; // Error reply length
2925 if (reply >= 0 && fsg->data_dir == DATA_DIR_TO_HOST) { 2925 if (reply >= 0 && fsg->data_dir == DATA_DIR_TO_HOST) {
2926 reply = min((u32) reply, fsg->data_size_from_cmnd); 2926 reply = min((u32) reply, fsg->data_size_from_cmnd);
2927 bh->inreq->length = reply; 2927 bh->inreq->length = reply;
2928 bh->state = BUF_STATE_FULL; 2928 bh->state = BUF_STATE_FULL;
2929 fsg->residue -= reply; 2929 fsg->residue -= reply;
2930 } // Otherwise it's already set 2930 } // Otherwise it's already set
2931 2931
2932 return 0; 2932 return 0;
2933 } 2933 }
2934 2934
2935 2935
2936 /*-------------------------------------------------------------------------*/ 2936 /*-------------------------------------------------------------------------*/
2937 2937
2938 static int received_cbw(struct fsg_dev *fsg, struct fsg_buffhd *bh) 2938 static int received_cbw(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2939 { 2939 {
2940 struct usb_request *req = bh->outreq; 2940 struct usb_request *req = bh->outreq;
2941 struct bulk_cb_wrap *cbw = req->buf; 2941 struct bulk_cb_wrap *cbw = req->buf;
2942 2942
2943 /* Was this a real packet? */ 2943 /* Was this a real packet? */
2944 if (req->status) 2944 if (req->status)
2945 return -EINVAL; 2945 return -EINVAL;
2946 2946
2947 /* Is the CBW valid? */ 2947 /* Is the CBW valid? */
2948 if (req->actual != USB_BULK_CB_WRAP_LEN || 2948 if (req->actual != USB_BULK_CB_WRAP_LEN ||
2949 cbw->Signature != __constant_cpu_to_le32( 2949 cbw->Signature != __constant_cpu_to_le32(
2950 USB_BULK_CB_SIG)) { 2950 USB_BULK_CB_SIG)) {
2951 DBG(fsg, "invalid CBW: len %u sig 0x%x\n", 2951 DBG(fsg, "invalid CBW: len %u sig 0x%x\n",
2952 req->actual, 2952 req->actual,
2953 le32_to_cpu(cbw->Signature)); 2953 le32_to_cpu(cbw->Signature));
2954 2954
2955 /* The Bulk-only spec says we MUST stall the bulk pipes! 2955 /* The Bulk-only spec says we MUST stall the bulk pipes!
2956 * If we want to avoid stalls, set a flag so that we will 2956 * If we want to avoid stalls, set a flag so that we will
2957 * clear the endpoint halts at the next reset. */ 2957 * clear the endpoint halts at the next reset. */
2958 if (!mod_data.can_stall) 2958 if (!mod_data.can_stall)
2959 set_bit(CLEAR_BULK_HALTS, &fsg->atomic_bitflags); 2959 set_bit(CLEAR_BULK_HALTS, &fsg->atomic_bitflags);
2960 fsg_set_halt(fsg, fsg->bulk_out); 2960 fsg_set_halt(fsg, fsg->bulk_out);
2961 halt_bulk_in_endpoint(fsg); 2961 halt_bulk_in_endpoint(fsg);
2962 return -EINVAL; 2962 return -EINVAL;
2963 } 2963 }
2964 2964
2965 /* Is the CBW meaningful? */ 2965 /* Is the CBW meaningful? */
2966 if (cbw->Lun >= MAX_LUNS || cbw->Flags & ~USB_BULK_IN_FLAG || 2966 if (cbw->Lun >= MAX_LUNS || cbw->Flags & ~USB_BULK_IN_FLAG ||
2967 cbw->Length < 6 || cbw->Length > MAX_COMMAND_SIZE) { 2967 cbw->Length <= 0 || cbw->Length > MAX_COMMAND_SIZE) {
2968 DBG(fsg, "non-meaningful CBW: lun = %u, flags = 0x%x, " 2968 DBG(fsg, "non-meaningful CBW: lun = %u, flags = 0x%x, "
2969 "cmdlen %u\n", 2969 "cmdlen %u\n",
2970 cbw->Lun, cbw->Flags, cbw->Length); 2970 cbw->Lun, cbw->Flags, cbw->Length);
2971 2971
2972 /* We can do anything we want here, so let's stall the 2972 /* We can do anything we want here, so let's stall the
2973 * bulk pipes if we are allowed to. */ 2973 * bulk pipes if we are allowed to. */
2974 if (mod_data.can_stall) { 2974 if (mod_data.can_stall) {
2975 fsg_set_halt(fsg, fsg->bulk_out); 2975 fsg_set_halt(fsg, fsg->bulk_out);
2976 halt_bulk_in_endpoint(fsg); 2976 halt_bulk_in_endpoint(fsg);
2977 } 2977 }
2978 return -EINVAL; 2978 return -EINVAL;
2979 } 2979 }
2980 2980
2981 /* Save the command for later */ 2981 /* Save the command for later */
2982 fsg->cmnd_size = cbw->Length; 2982 fsg->cmnd_size = cbw->Length;
2983 memcpy(fsg->cmnd, cbw->CDB, fsg->cmnd_size); 2983 memcpy(fsg->cmnd, cbw->CDB, fsg->cmnd_size);
2984 if (cbw->Flags & USB_BULK_IN_FLAG) 2984 if (cbw->Flags & USB_BULK_IN_FLAG)
2985 fsg->data_dir = DATA_DIR_TO_HOST; 2985 fsg->data_dir = DATA_DIR_TO_HOST;
2986 else 2986 else
2987 fsg->data_dir = DATA_DIR_FROM_HOST; 2987 fsg->data_dir = DATA_DIR_FROM_HOST;
2988 fsg->data_size = le32_to_cpu(cbw->DataTransferLength); 2988 fsg->data_size = le32_to_cpu(cbw->DataTransferLength);
2989 if (fsg->data_size == 0) 2989 if (fsg->data_size == 0)
2990 fsg->data_dir = DATA_DIR_NONE; 2990 fsg->data_dir = DATA_DIR_NONE;
2991 fsg->lun = cbw->Lun; 2991 fsg->lun = cbw->Lun;
2992 fsg->tag = cbw->Tag; 2992 fsg->tag = cbw->Tag;
2993 return 0; 2993 return 0;
2994 } 2994 }
2995 2995
2996 2996
2997 static int get_next_command(struct fsg_dev *fsg) 2997 static int get_next_command(struct fsg_dev *fsg)
2998 { 2998 {
2999 struct fsg_buffhd *bh; 2999 struct fsg_buffhd *bh;
3000 int rc = 0; 3000 int rc = 0;
3001 3001
3002 if (transport_is_bbb()) { 3002 if (transport_is_bbb()) {
3003 3003
3004 /* Wait for the next buffer to become available */ 3004 /* Wait for the next buffer to become available */
3005 bh = fsg->next_buffhd_to_fill; 3005 bh = fsg->next_buffhd_to_fill;
3006 while (bh->state != BUF_STATE_EMPTY) { 3006 while (bh->state != BUF_STATE_EMPTY) {
3007 rc = sleep_thread(fsg); 3007 rc = sleep_thread(fsg);
3008 if (rc) 3008 if (rc)
3009 return rc; 3009 return rc;
3010 } 3010 }
3011 3011
3012 /* Queue a request to read a Bulk-only CBW */ 3012 /* Queue a request to read a Bulk-only CBW */
3013 set_bulk_out_req_length(fsg, bh, USB_BULK_CB_WRAP_LEN); 3013 set_bulk_out_req_length(fsg, bh, USB_BULK_CB_WRAP_LEN);
3014 bh->outreq->short_not_ok = 1; 3014 bh->outreq->short_not_ok = 1;
3015 start_transfer(fsg, fsg->bulk_out, bh->outreq, 3015 start_transfer(fsg, fsg->bulk_out, bh->outreq,
3016 &bh->outreq_busy, &bh->state); 3016 &bh->outreq_busy, &bh->state);
3017 3017
3018 /* We will drain the buffer in software, which means we 3018 /* We will drain the buffer in software, which means we
3019 * can reuse it for the next filling. No need to advance 3019 * can reuse it for the next filling. No need to advance
3020 * next_buffhd_to_fill. */ 3020 * next_buffhd_to_fill. */
3021 3021
3022 /* Wait for the CBW to arrive */ 3022 /* Wait for the CBW to arrive */
3023 while (bh->state != BUF_STATE_FULL) { 3023 while (bh->state != BUF_STATE_FULL) {
3024 rc = sleep_thread(fsg); 3024 rc = sleep_thread(fsg);
3025 if (rc) 3025 if (rc)
3026 return rc; 3026 return rc;
3027 } 3027 }
3028 smp_rmb(); 3028 smp_rmb();
3029 rc = received_cbw(fsg, bh); 3029 rc = received_cbw(fsg, bh);
3030 bh->state = BUF_STATE_EMPTY; 3030 bh->state = BUF_STATE_EMPTY;
3031 3031
3032 } else { // USB_PR_CB or USB_PR_CBI 3032 } else { // USB_PR_CB or USB_PR_CBI
3033 3033
3034 /* Wait for the next command to arrive */ 3034 /* Wait for the next command to arrive */
3035 while (fsg->cbbuf_cmnd_size == 0) { 3035 while (fsg->cbbuf_cmnd_size == 0) {
3036 rc = sleep_thread(fsg); 3036 rc = sleep_thread(fsg);
3037 if (rc) 3037 if (rc)
3038 return rc; 3038 return rc;
3039 } 3039 }
3040 3040
3041 /* Is the previous status interrupt request still busy? 3041 /* Is the previous status interrupt request still busy?
3042 * The host is allowed to skip reading the status, 3042 * The host is allowed to skip reading the status,
3043 * so we must cancel it. */ 3043 * so we must cancel it. */
3044 if (fsg->intreq_busy) 3044 if (fsg->intreq_busy)
3045 usb_ep_dequeue(fsg->intr_in, fsg->intreq); 3045 usb_ep_dequeue(fsg->intr_in, fsg->intreq);
3046 3046
3047 /* Copy the command and mark the buffer empty */ 3047 /* Copy the command and mark the buffer empty */
3048 fsg->data_dir = DATA_DIR_UNKNOWN; 3048 fsg->data_dir = DATA_DIR_UNKNOWN;
3049 spin_lock_irq(&fsg->lock); 3049 spin_lock_irq(&fsg->lock);
3050 fsg->cmnd_size = fsg->cbbuf_cmnd_size; 3050 fsg->cmnd_size = fsg->cbbuf_cmnd_size;
3051 memcpy(fsg->cmnd, fsg->cbbuf_cmnd, fsg->cmnd_size); 3051 memcpy(fsg->cmnd, fsg->cbbuf_cmnd, fsg->cmnd_size);
3052 fsg->cbbuf_cmnd_size = 0; 3052 fsg->cbbuf_cmnd_size = 0;
3053 spin_unlock_irq(&fsg->lock); 3053 spin_unlock_irq(&fsg->lock);
3054 } 3054 }
3055 return rc; 3055 return rc;
3056 } 3056 }
3057 3057
3058 3058
3059 /*-------------------------------------------------------------------------*/ 3059 /*-------------------------------------------------------------------------*/
3060 3060
3061 static int enable_endpoint(struct fsg_dev *fsg, struct usb_ep *ep, 3061 static int enable_endpoint(struct fsg_dev *fsg, struct usb_ep *ep,
3062 const struct usb_endpoint_descriptor *d) 3062 const struct usb_endpoint_descriptor *d)
3063 { 3063 {
3064 int rc; 3064 int rc;
3065 3065
3066 ep->driver_data = fsg; 3066 ep->driver_data = fsg;
3067 rc = usb_ep_enable(ep, d); 3067 rc = usb_ep_enable(ep, d);
3068 if (rc) 3068 if (rc)
3069 ERROR(fsg, "can't enable %s, result %d\n", ep->name, rc); 3069 ERROR(fsg, "can't enable %s, result %d\n", ep->name, rc);
3070 return rc; 3070 return rc;
3071 } 3071 }
3072 3072
3073 static int alloc_request(struct fsg_dev *fsg, struct usb_ep *ep, 3073 static int alloc_request(struct fsg_dev *fsg, struct usb_ep *ep,
3074 struct usb_request **preq) 3074 struct usb_request **preq)
3075 { 3075 {
3076 *preq = usb_ep_alloc_request(ep, GFP_ATOMIC); 3076 *preq = usb_ep_alloc_request(ep, GFP_ATOMIC);
3077 if (*preq) 3077 if (*preq)
3078 return 0; 3078 return 0;
3079 ERROR(fsg, "can't allocate request for %s\n", ep->name); 3079 ERROR(fsg, "can't allocate request for %s\n", ep->name);
3080 return -ENOMEM; 3080 return -ENOMEM;
3081 } 3081 }
3082 3082
3083 /* 3083 /*
3084 * Reset interface setting and re-init endpoint state (toggle etc). 3084 * Reset interface setting and re-init endpoint state (toggle etc).
3085 * Call with altsetting < 0 to disable the interface. The only other 3085 * Call with altsetting < 0 to disable the interface. The only other
3086 * available altsetting is 0, which enables the interface. 3086 * available altsetting is 0, which enables the interface.
3087 */ 3087 */
3088 static int do_set_interface(struct fsg_dev *fsg, int altsetting) 3088 static int do_set_interface(struct fsg_dev *fsg, int altsetting)
3089 { 3089 {
3090 int rc = 0; 3090 int rc = 0;
3091 int i; 3091 int i;
3092 const struct usb_endpoint_descriptor *d; 3092 const struct usb_endpoint_descriptor *d;
3093 3093
3094 if (fsg->running) 3094 if (fsg->running)
3095 DBG(fsg, "reset interface\n"); 3095 DBG(fsg, "reset interface\n");
3096 3096
3097 reset: 3097 reset:
3098 /* Deallocate the requests */ 3098 /* Deallocate the requests */
3099 for (i = 0; i < NUM_BUFFERS; ++i) { 3099 for (i = 0; i < NUM_BUFFERS; ++i) {
3100 struct fsg_buffhd *bh = &fsg->buffhds[i]; 3100 struct fsg_buffhd *bh = &fsg->buffhds[i];
3101 3101
3102 if (bh->inreq) { 3102 if (bh->inreq) {
3103 usb_ep_free_request(fsg->bulk_in, bh->inreq); 3103 usb_ep_free_request(fsg->bulk_in, bh->inreq);
3104 bh->inreq = NULL; 3104 bh->inreq = NULL;
3105 } 3105 }
3106 if (bh->outreq) { 3106 if (bh->outreq) {
3107 usb_ep_free_request(fsg->bulk_out, bh->outreq); 3107 usb_ep_free_request(fsg->bulk_out, bh->outreq);
3108 bh->outreq = NULL; 3108 bh->outreq = NULL;
3109 } 3109 }
3110 } 3110 }
3111 if (fsg->intreq) { 3111 if (fsg->intreq) {
3112 usb_ep_free_request(fsg->intr_in, fsg->intreq); 3112 usb_ep_free_request(fsg->intr_in, fsg->intreq);
3113 fsg->intreq = NULL; 3113 fsg->intreq = NULL;
3114 } 3114 }
3115 3115
3116 /* Disable the endpoints */ 3116 /* Disable the endpoints */
3117 if (fsg->bulk_in_enabled) { 3117 if (fsg->bulk_in_enabled) {
3118 usb_ep_disable(fsg->bulk_in); 3118 usb_ep_disable(fsg->bulk_in);
3119 fsg->bulk_in_enabled = 0; 3119 fsg->bulk_in_enabled = 0;
3120 } 3120 }
3121 if (fsg->bulk_out_enabled) { 3121 if (fsg->bulk_out_enabled) {
3122 usb_ep_disable(fsg->bulk_out); 3122 usb_ep_disable(fsg->bulk_out);
3123 fsg->bulk_out_enabled = 0; 3123 fsg->bulk_out_enabled = 0;
3124 } 3124 }
3125 if (fsg->intr_in_enabled) { 3125 if (fsg->intr_in_enabled) {
3126 usb_ep_disable(fsg->intr_in); 3126 usb_ep_disable(fsg->intr_in);
3127 fsg->intr_in_enabled = 0; 3127 fsg->intr_in_enabled = 0;
3128 } 3128 }
3129 3129
3130 fsg->running = 0; 3130 fsg->running = 0;
3131 if (altsetting < 0 || rc != 0) 3131 if (altsetting < 0 || rc != 0)
3132 return rc; 3132 return rc;
3133 3133
3134 DBG(fsg, "set interface %d\n", altsetting); 3134 DBG(fsg, "set interface %d\n", altsetting);
3135 3135
3136 /* Enable the endpoints */ 3136 /* Enable the endpoints */
3137 d = ep_desc(fsg->gadget, &fs_bulk_in_desc, &hs_bulk_in_desc); 3137 d = ep_desc(fsg->gadget, &fs_bulk_in_desc, &hs_bulk_in_desc);
3138 if ((rc = enable_endpoint(fsg, fsg->bulk_in, d)) != 0) 3138 if ((rc = enable_endpoint(fsg, fsg->bulk_in, d)) != 0)
3139 goto reset; 3139 goto reset;
3140 fsg->bulk_in_enabled = 1; 3140 fsg->bulk_in_enabled = 1;
3141 3141
3142 d = ep_desc(fsg->gadget, &fs_bulk_out_desc, &hs_bulk_out_desc); 3142 d = ep_desc(fsg->gadget, &fs_bulk_out_desc, &hs_bulk_out_desc);
3143 if ((rc = enable_endpoint(fsg, fsg->bulk_out, d)) != 0) 3143 if ((rc = enable_endpoint(fsg, fsg->bulk_out, d)) != 0)
3144 goto reset; 3144 goto reset;
3145 fsg->bulk_out_enabled = 1; 3145 fsg->bulk_out_enabled = 1;
3146 fsg->bulk_out_maxpacket = le16_to_cpu(d->wMaxPacketSize); 3146 fsg->bulk_out_maxpacket = le16_to_cpu(d->wMaxPacketSize);
3147 3147
3148 if (transport_is_cbi()) { 3148 if (transport_is_cbi()) {
3149 d = ep_desc(fsg->gadget, &fs_intr_in_desc, &hs_intr_in_desc); 3149 d = ep_desc(fsg->gadget, &fs_intr_in_desc, &hs_intr_in_desc);
3150 if ((rc = enable_endpoint(fsg, fsg->intr_in, d)) != 0) 3150 if ((rc = enable_endpoint(fsg, fsg->intr_in, d)) != 0)
3151 goto reset; 3151 goto reset;
3152 fsg->intr_in_enabled = 1; 3152 fsg->intr_in_enabled = 1;
3153 } 3153 }
3154 3154
3155 /* Allocate the requests */ 3155 /* Allocate the requests */
3156 for (i = 0; i < NUM_BUFFERS; ++i) { 3156 for (i = 0; i < NUM_BUFFERS; ++i) {
3157 struct fsg_buffhd *bh = &fsg->buffhds[i]; 3157 struct fsg_buffhd *bh = &fsg->buffhds[i];
3158 3158
3159 if ((rc = alloc_request(fsg, fsg->bulk_in, &bh->inreq)) != 0) 3159 if ((rc = alloc_request(fsg, fsg->bulk_in, &bh->inreq)) != 0)
3160 goto reset; 3160 goto reset;
3161 if ((rc = alloc_request(fsg, fsg->bulk_out, &bh->outreq)) != 0) 3161 if ((rc = alloc_request(fsg, fsg->bulk_out, &bh->outreq)) != 0)
3162 goto reset; 3162 goto reset;
3163 bh->inreq->buf = bh->outreq->buf = bh->buf; 3163 bh->inreq->buf = bh->outreq->buf = bh->buf;
3164 bh->inreq->context = bh->outreq->context = bh; 3164 bh->inreq->context = bh->outreq->context = bh;
3165 bh->inreq->complete = bulk_in_complete; 3165 bh->inreq->complete = bulk_in_complete;
3166 bh->outreq->complete = bulk_out_complete; 3166 bh->outreq->complete = bulk_out_complete;
3167 } 3167 }
3168 if (transport_is_cbi()) { 3168 if (transport_is_cbi()) {
3169 if ((rc = alloc_request(fsg, fsg->intr_in, &fsg->intreq)) != 0) 3169 if ((rc = alloc_request(fsg, fsg->intr_in, &fsg->intreq)) != 0)
3170 goto reset; 3170 goto reset;
3171 fsg->intreq->complete = intr_in_complete; 3171 fsg->intreq->complete = intr_in_complete;
3172 } 3172 }
3173 3173
3174 fsg->running = 1; 3174 fsg->running = 1;
3175 for (i = 0; i < fsg->nluns; ++i) 3175 for (i = 0; i < fsg->nluns; ++i)
3176 fsg->luns[i].unit_attention_data = SS_RESET_OCCURRED; 3176 fsg->luns[i].unit_attention_data = SS_RESET_OCCURRED;
3177 return rc; 3177 return rc;
3178 } 3178 }
3179 3179
3180 3180
3181 /* 3181 /*
3182 * Change our operational configuration. This code must agree with the code 3182 * Change our operational configuration. This code must agree with the code
3183 * that returns config descriptors, and with interface altsetting code. 3183 * that returns config descriptors, and with interface altsetting code.
3184 * 3184 *
3185 * It's also responsible for power management interactions. Some 3185 * It's also responsible for power management interactions. Some
3186 * configurations might not work with our current power sources. 3186 * configurations might not work with our current power sources.
3187 * For now we just assume the gadget is always self-powered. 3187 * For now we just assume the gadget is always self-powered.
3188 */ 3188 */
3189 static int do_set_config(struct fsg_dev *fsg, u8 new_config) 3189 static int do_set_config(struct fsg_dev *fsg, u8 new_config)
3190 { 3190 {
3191 int rc = 0; 3191 int rc = 0;
3192 3192
3193 /* Disable the single interface */ 3193 /* Disable the single interface */
3194 if (fsg->config != 0) { 3194 if (fsg->config != 0) {
3195 DBG(fsg, "reset config\n"); 3195 DBG(fsg, "reset config\n");
3196 fsg->config = 0; 3196 fsg->config = 0;
3197 rc = do_set_interface(fsg, -1); 3197 rc = do_set_interface(fsg, -1);
3198 } 3198 }
3199 3199
3200 /* Enable the interface */ 3200 /* Enable the interface */
3201 if (new_config != 0) { 3201 if (new_config != 0) {
3202 fsg->config = new_config; 3202 fsg->config = new_config;
3203 if ((rc = do_set_interface(fsg, 0)) != 0) 3203 if ((rc = do_set_interface(fsg, 0)) != 0)
3204 fsg->config = 0; // Reset on errors 3204 fsg->config = 0; // Reset on errors
3205 else { 3205 else {
3206 char *speed; 3206 char *speed;
3207 3207
3208 switch (fsg->gadget->speed) { 3208 switch (fsg->gadget->speed) {
3209 case USB_SPEED_LOW: speed = "low"; break; 3209 case USB_SPEED_LOW: speed = "low"; break;
3210 case USB_SPEED_FULL: speed = "full"; break; 3210 case USB_SPEED_FULL: speed = "full"; break;
3211 case USB_SPEED_HIGH: speed = "high"; break; 3211 case USB_SPEED_HIGH: speed = "high"; break;
3212 default: speed = "?"; break; 3212 default: speed = "?"; break;
3213 } 3213 }
3214 INFO(fsg, "%s speed config #%d\n", speed, fsg->config); 3214 INFO(fsg, "%s speed config #%d\n", speed, fsg->config);
3215 } 3215 }
3216 } 3216 }
3217 return rc; 3217 return rc;
3218 } 3218 }
3219 3219
3220 3220
3221 /*-------------------------------------------------------------------------*/ 3221 /*-------------------------------------------------------------------------*/
3222 3222
3223 static void handle_exception(struct fsg_dev *fsg) 3223 static void handle_exception(struct fsg_dev *fsg)
3224 { 3224 {
3225 siginfo_t info; 3225 siginfo_t info;
3226 int sig; 3226 int sig;
3227 int i; 3227 int i;
3228 int num_active; 3228 int num_active;
3229 struct fsg_buffhd *bh; 3229 struct fsg_buffhd *bh;
3230 enum fsg_state old_state; 3230 enum fsg_state old_state;
3231 u8 new_config; 3231 u8 new_config;
3232 struct lun *curlun; 3232 struct lun *curlun;
3233 unsigned int exception_req_tag; 3233 unsigned int exception_req_tag;
3234 int rc; 3234 int rc;
3235 3235
3236 /* Clear the existing signals. Anything but SIGUSR1 is converted 3236 /* Clear the existing signals. Anything but SIGUSR1 is converted
3237 * into a high-priority EXIT exception. */ 3237 * into a high-priority EXIT exception. */
3238 for (;;) { 3238 for (;;) {
3239 sig = dequeue_signal_lock(current, &current->blocked, &info); 3239 sig = dequeue_signal_lock(current, &current->blocked, &info);
3240 if (!sig) 3240 if (!sig)
3241 break; 3241 break;
3242 if (sig != SIGUSR1) { 3242 if (sig != SIGUSR1) {
3243 if (fsg->state < FSG_STATE_EXIT) 3243 if (fsg->state < FSG_STATE_EXIT)
3244 DBG(fsg, "Main thread exiting on signal\n"); 3244 DBG(fsg, "Main thread exiting on signal\n");
3245 raise_exception(fsg, FSG_STATE_EXIT); 3245 raise_exception(fsg, FSG_STATE_EXIT);
3246 } 3246 }
3247 } 3247 }
3248 3248
3249 /* Cancel all the pending transfers */ 3249 /* Cancel all the pending transfers */
3250 if (fsg->intreq_busy) 3250 if (fsg->intreq_busy)
3251 usb_ep_dequeue(fsg->intr_in, fsg->intreq); 3251 usb_ep_dequeue(fsg->intr_in, fsg->intreq);
3252 for (i = 0; i < NUM_BUFFERS; ++i) { 3252 for (i = 0; i < NUM_BUFFERS; ++i) {
3253 bh = &fsg->buffhds[i]; 3253 bh = &fsg->buffhds[i];
3254 if (bh->inreq_busy) 3254 if (bh->inreq_busy)
3255 usb_ep_dequeue(fsg->bulk_in, bh->inreq); 3255 usb_ep_dequeue(fsg->bulk_in, bh->inreq);
3256 if (bh->outreq_busy) 3256 if (bh->outreq_busy)
3257 usb_ep_dequeue(fsg->bulk_out, bh->outreq); 3257 usb_ep_dequeue(fsg->bulk_out, bh->outreq);
3258 } 3258 }
3259 3259
3260 /* Wait until everything is idle */ 3260 /* Wait until everything is idle */
3261 for (;;) { 3261 for (;;) {
3262 num_active = fsg->intreq_busy; 3262 num_active = fsg->intreq_busy;
3263 for (i = 0; i < NUM_BUFFERS; ++i) { 3263 for (i = 0; i < NUM_BUFFERS; ++i) {
3264 bh = &fsg->buffhds[i]; 3264 bh = &fsg->buffhds[i];
3265 num_active += bh->inreq_busy + bh->outreq_busy; 3265 num_active += bh->inreq_busy + bh->outreq_busy;
3266 } 3266 }
3267 if (num_active == 0) 3267 if (num_active == 0)
3268 break; 3268 break;
3269 if (sleep_thread(fsg)) 3269 if (sleep_thread(fsg))
3270 return; 3270 return;
3271 } 3271 }
3272 3272
3273 /* Clear out the controller's fifos */ 3273 /* Clear out the controller's fifos */
3274 if (fsg->bulk_in_enabled) 3274 if (fsg->bulk_in_enabled)
3275 usb_ep_fifo_flush(fsg->bulk_in); 3275 usb_ep_fifo_flush(fsg->bulk_in);
3276 if (fsg->bulk_out_enabled) 3276 if (fsg->bulk_out_enabled)
3277 usb_ep_fifo_flush(fsg->bulk_out); 3277 usb_ep_fifo_flush(fsg->bulk_out);
3278 if (fsg->intr_in_enabled) 3278 if (fsg->intr_in_enabled)
3279 usb_ep_fifo_flush(fsg->intr_in); 3279 usb_ep_fifo_flush(fsg->intr_in);
3280 3280
3281 /* Reset the I/O buffer states and pointers, the SCSI 3281 /* Reset the I/O buffer states and pointers, the SCSI
3282 * state, and the exception. Then invoke the handler. */ 3282 * state, and the exception. Then invoke the handler. */
3283 spin_lock_irq(&fsg->lock); 3283 spin_lock_irq(&fsg->lock);
3284 3284
3285 for (i = 0; i < NUM_BUFFERS; ++i) { 3285 for (i = 0; i < NUM_BUFFERS; ++i) {
3286 bh = &fsg->buffhds[i]; 3286 bh = &fsg->buffhds[i];
3287 bh->state = BUF_STATE_EMPTY; 3287 bh->state = BUF_STATE_EMPTY;
3288 } 3288 }
3289 fsg->next_buffhd_to_fill = fsg->next_buffhd_to_drain = 3289 fsg->next_buffhd_to_fill = fsg->next_buffhd_to_drain =
3290 &fsg->buffhds[0]; 3290 &fsg->buffhds[0];
3291 3291
3292 exception_req_tag = fsg->exception_req_tag; 3292 exception_req_tag = fsg->exception_req_tag;
3293 new_config = fsg->new_config; 3293 new_config = fsg->new_config;
3294 old_state = fsg->state; 3294 old_state = fsg->state;
3295 3295
3296 if (old_state == FSG_STATE_ABORT_BULK_OUT) 3296 if (old_state == FSG_STATE_ABORT_BULK_OUT)
3297 fsg->state = FSG_STATE_STATUS_PHASE; 3297 fsg->state = FSG_STATE_STATUS_PHASE;
3298 else { 3298 else {
3299 for (i = 0; i < fsg->nluns; ++i) { 3299 for (i = 0; i < fsg->nluns; ++i) {
3300 curlun = &fsg->luns[i]; 3300 curlun = &fsg->luns[i];
3301 curlun->prevent_medium_removal = 0; 3301 curlun->prevent_medium_removal = 0;
3302 curlun->sense_data = curlun->unit_attention_data = 3302 curlun->sense_data = curlun->unit_attention_data =
3303 SS_NO_SENSE; 3303 SS_NO_SENSE;
3304 curlun->sense_data_info = 0; 3304 curlun->sense_data_info = 0;
3305 curlun->info_valid = 0; 3305 curlun->info_valid = 0;
3306 } 3306 }
3307 fsg->state = FSG_STATE_IDLE; 3307 fsg->state = FSG_STATE_IDLE;
3308 } 3308 }
3309 spin_unlock_irq(&fsg->lock); 3309 spin_unlock_irq(&fsg->lock);
3310 3310
3311 /* Carry out any extra actions required for the exception */ 3311 /* Carry out any extra actions required for the exception */
3312 switch (old_state) { 3312 switch (old_state) {
3313 default: 3313 default:
3314 break; 3314 break;
3315 3315
3316 case FSG_STATE_ABORT_BULK_OUT: 3316 case FSG_STATE_ABORT_BULK_OUT:
3317 send_status(fsg); 3317 send_status(fsg);
3318 spin_lock_irq(&fsg->lock); 3318 spin_lock_irq(&fsg->lock);
3319 if (fsg->state == FSG_STATE_STATUS_PHASE) 3319 if (fsg->state == FSG_STATE_STATUS_PHASE)
3320 fsg->state = FSG_STATE_IDLE; 3320 fsg->state = FSG_STATE_IDLE;
3321 spin_unlock_irq(&fsg->lock); 3321 spin_unlock_irq(&fsg->lock);
3322 break; 3322 break;
3323 3323
3324 case FSG_STATE_RESET: 3324 case FSG_STATE_RESET:
3325 /* In case we were forced against our will to halt a 3325 /* In case we were forced against our will to halt a
3326 * bulk endpoint, clear the halt now. (The SuperH UDC 3326 * bulk endpoint, clear the halt now. (The SuperH UDC
3327 * requires this.) */ 3327 * requires this.) */
3328 if (test_and_clear_bit(CLEAR_BULK_HALTS, 3328 if (test_and_clear_bit(CLEAR_BULK_HALTS,
3329 &fsg->atomic_bitflags)) { 3329 &fsg->atomic_bitflags)) {
3330 usb_ep_clear_halt(fsg->bulk_in); 3330 usb_ep_clear_halt(fsg->bulk_in);
3331 usb_ep_clear_halt(fsg->bulk_out); 3331 usb_ep_clear_halt(fsg->bulk_out);
3332 } 3332 }
3333 3333
3334 if (transport_is_bbb()) { 3334 if (transport_is_bbb()) {
3335 if (fsg->ep0_req_tag == exception_req_tag) 3335 if (fsg->ep0_req_tag == exception_req_tag)
3336 ep0_queue(fsg); // Complete the status stage 3336 ep0_queue(fsg); // Complete the status stage
3337 3337
3338 } else if (transport_is_cbi()) 3338 } else if (transport_is_cbi())
3339 send_status(fsg); // Status by interrupt pipe 3339 send_status(fsg); // Status by interrupt pipe
3340 3340
3341 /* Technically this should go here, but it would only be 3341 /* Technically this should go here, but it would only be
3342 * a waste of time. Ditto for the INTERFACE_CHANGE and 3342 * a waste of time. Ditto for the INTERFACE_CHANGE and
3343 * CONFIG_CHANGE cases. */ 3343 * CONFIG_CHANGE cases. */
3344 // for (i = 0; i < fsg->nluns; ++i) 3344 // for (i = 0; i < fsg->nluns; ++i)
3345 // fsg->luns[i].unit_attention_data = SS_RESET_OCCURRED; 3345 // fsg->luns[i].unit_attention_data = SS_RESET_OCCURRED;
3346 break; 3346 break;
3347 3347
3348 case FSG_STATE_INTERFACE_CHANGE: 3348 case FSG_STATE_INTERFACE_CHANGE:
3349 rc = do_set_interface(fsg, 0); 3349 rc = do_set_interface(fsg, 0);
3350 if (fsg->ep0_req_tag != exception_req_tag) 3350 if (fsg->ep0_req_tag != exception_req_tag)
3351 break; 3351 break;
3352 if (rc != 0) // STALL on errors 3352 if (rc != 0) // STALL on errors
3353 fsg_set_halt(fsg, fsg->ep0); 3353 fsg_set_halt(fsg, fsg->ep0);
3354 else // Complete the status stage 3354 else // Complete the status stage
3355 ep0_queue(fsg); 3355 ep0_queue(fsg);
3356 break; 3356 break;
3357 3357
3358 case FSG_STATE_CONFIG_CHANGE: 3358 case FSG_STATE_CONFIG_CHANGE:
3359 rc = do_set_config(fsg, new_config); 3359 rc = do_set_config(fsg, new_config);
3360 if (fsg->ep0_req_tag != exception_req_tag) 3360 if (fsg->ep0_req_tag != exception_req_tag)
3361 break; 3361 break;
3362 if (rc != 0) // STALL on errors 3362 if (rc != 0) // STALL on errors
3363 fsg_set_halt(fsg, fsg->ep0); 3363 fsg_set_halt(fsg, fsg->ep0);
3364 else // Complete the status stage 3364 else // Complete the status stage
3365 ep0_queue(fsg); 3365 ep0_queue(fsg);
3366 break; 3366 break;
3367 3367
3368 case FSG_STATE_DISCONNECT: 3368 case FSG_STATE_DISCONNECT:
3369 fsync_all(fsg); 3369 fsync_all(fsg);
3370 do_set_config(fsg, 0); // Unconfigured state 3370 do_set_config(fsg, 0); // Unconfigured state
3371 break; 3371 break;
3372 3372
3373 case FSG_STATE_EXIT: 3373 case FSG_STATE_EXIT:
3374 case FSG_STATE_TERMINATED: 3374 case FSG_STATE_TERMINATED:
3375 do_set_config(fsg, 0); // Free resources 3375 do_set_config(fsg, 0); // Free resources
3376 spin_lock_irq(&fsg->lock); 3376 spin_lock_irq(&fsg->lock);
3377 fsg->state = FSG_STATE_TERMINATED; // Stop the thread 3377 fsg->state = FSG_STATE_TERMINATED; // Stop the thread
3378 spin_unlock_irq(&fsg->lock); 3378 spin_unlock_irq(&fsg->lock);
3379 break; 3379 break;
3380 } 3380 }
3381 } 3381 }
3382 3382
3383 3383
3384 /*-------------------------------------------------------------------------*/ 3384 /*-------------------------------------------------------------------------*/
3385 3385
3386 static int fsg_main_thread(void *fsg_) 3386 static int fsg_main_thread(void *fsg_)
3387 { 3387 {
3388 struct fsg_dev *fsg = fsg_; 3388 struct fsg_dev *fsg = fsg_;
3389 3389
3390 /* Allow the thread to be killed by a signal, but set the signal mask 3390 /* Allow the thread to be killed by a signal, but set the signal mask
3391 * to block everything but INT, TERM, KILL, and USR1. */ 3391 * to block everything but INT, TERM, KILL, and USR1. */
3392 allow_signal(SIGINT); 3392 allow_signal(SIGINT);
3393 allow_signal(SIGTERM); 3393 allow_signal(SIGTERM);
3394 allow_signal(SIGKILL); 3394 allow_signal(SIGKILL);
3395 allow_signal(SIGUSR1); 3395 allow_signal(SIGUSR1);
3396 3396
3397 /* Allow the thread to be frozen */ 3397 /* Allow the thread to be frozen */
3398 set_freezable(); 3398 set_freezable();
3399 3399
3400 /* Arrange for userspace references to be interpreted as kernel 3400 /* Arrange for userspace references to be interpreted as kernel
3401 * pointers. That way we can pass a kernel pointer to a routine 3401 * pointers. That way we can pass a kernel pointer to a routine
3402 * that expects a __user pointer and it will work okay. */ 3402 * that expects a __user pointer and it will work okay. */
3403 set_fs(get_ds()); 3403 set_fs(get_ds());
3404 3404
3405 /* The main loop */ 3405 /* The main loop */
3406 while (fsg->state != FSG_STATE_TERMINATED) { 3406 while (fsg->state != FSG_STATE_TERMINATED) {
3407 if (exception_in_progress(fsg) || signal_pending(current)) { 3407 if (exception_in_progress(fsg) || signal_pending(current)) {
3408 handle_exception(fsg); 3408 handle_exception(fsg);
3409 continue; 3409 continue;
3410 } 3410 }
3411 3411
3412 if (!fsg->running) { 3412 if (!fsg->running) {
3413 sleep_thread(fsg); 3413 sleep_thread(fsg);
3414 continue; 3414 continue;
3415 } 3415 }
3416 3416
3417 if (get_next_command(fsg)) 3417 if (get_next_command(fsg))
3418 continue; 3418 continue;
3419 3419
3420 spin_lock_irq(&fsg->lock); 3420 spin_lock_irq(&fsg->lock);
3421 if (!exception_in_progress(fsg)) 3421 if (!exception_in_progress(fsg))
3422 fsg->state = FSG_STATE_DATA_PHASE; 3422 fsg->state = FSG_STATE_DATA_PHASE;
3423 spin_unlock_irq(&fsg->lock); 3423 spin_unlock_irq(&fsg->lock);
3424 3424
3425 if (do_scsi_command(fsg) || finish_reply(fsg)) 3425 if (do_scsi_command(fsg) || finish_reply(fsg))
3426 continue; 3426 continue;
3427 3427
3428 spin_lock_irq(&fsg->lock); 3428 spin_lock_irq(&fsg->lock);
3429 if (!exception_in_progress(fsg)) 3429 if (!exception_in_progress(fsg))
3430 fsg->state = FSG_STATE_STATUS_PHASE; 3430 fsg->state = FSG_STATE_STATUS_PHASE;
3431 spin_unlock_irq(&fsg->lock); 3431 spin_unlock_irq(&fsg->lock);
3432 3432
3433 if (send_status(fsg)) 3433 if (send_status(fsg))
3434 continue; 3434 continue;
3435 3435
3436 spin_lock_irq(&fsg->lock); 3436 spin_lock_irq(&fsg->lock);
3437 if (!exception_in_progress(fsg)) 3437 if (!exception_in_progress(fsg))
3438 fsg->state = FSG_STATE_IDLE; 3438 fsg->state = FSG_STATE_IDLE;
3439 spin_unlock_irq(&fsg->lock); 3439 spin_unlock_irq(&fsg->lock);
3440 } 3440 }
3441 3441
3442 spin_lock_irq(&fsg->lock); 3442 spin_lock_irq(&fsg->lock);
3443 fsg->thread_task = NULL; 3443 fsg->thread_task = NULL;
3444 spin_unlock_irq(&fsg->lock); 3444 spin_unlock_irq(&fsg->lock);
3445 3445
3446 /* In case we are exiting because of a signal, unregister the 3446 /* In case we are exiting because of a signal, unregister the
3447 * gadget driver and close the backing file. */ 3447 * gadget driver and close the backing file. */
3448 if (test_and_clear_bit(REGISTERED, &fsg->atomic_bitflags)) { 3448 if (test_and_clear_bit(REGISTERED, &fsg->atomic_bitflags)) {
3449 usb_gadget_unregister_driver(&fsg_driver); 3449 usb_gadget_unregister_driver(&fsg_driver);
3450 close_all_backing_files(fsg); 3450 close_all_backing_files(fsg);
3451 } 3451 }
3452 3452
3453 /* Let the unbind and cleanup routines know the thread has exited */ 3453 /* Let the unbind and cleanup routines know the thread has exited */
3454 complete_and_exit(&fsg->thread_notifier, 0); 3454 complete_and_exit(&fsg->thread_notifier, 0);
3455 } 3455 }
3456 3456
3457 3457
3458 /*-------------------------------------------------------------------------*/ 3458 /*-------------------------------------------------------------------------*/
3459 3459
3460 /* If the next two routines are called while the gadget is registered, 3460 /* If the next two routines are called while the gadget is registered,
3461 * the caller must own fsg->filesem for writing. */ 3461 * the caller must own fsg->filesem for writing. */
3462 3462
3463 static int open_backing_file(struct lun *curlun, const char *filename) 3463 static int open_backing_file(struct lun *curlun, const char *filename)
3464 { 3464 {
3465 int ro; 3465 int ro;
3466 struct file *filp = NULL; 3466 struct file *filp = NULL;
3467 int rc = -EINVAL; 3467 int rc = -EINVAL;
3468 struct inode *inode = NULL; 3468 struct inode *inode = NULL;
3469 loff_t size; 3469 loff_t size;
3470 loff_t num_sectors; 3470 loff_t num_sectors;
3471 3471
3472 /* R/W if we can, R/O if we must */ 3472 /* R/W if we can, R/O if we must */
3473 ro = curlun->ro; 3473 ro = curlun->ro;
3474 if (!ro) { 3474 if (!ro) {
3475 filp = filp_open(filename, O_RDWR | O_LARGEFILE, 0); 3475 filp = filp_open(filename, O_RDWR | O_LARGEFILE, 0);
3476 if (-EROFS == PTR_ERR(filp)) 3476 if (-EROFS == PTR_ERR(filp))
3477 ro = 1; 3477 ro = 1;
3478 } 3478 }
3479 if (ro) 3479 if (ro)
3480 filp = filp_open(filename, O_RDONLY | O_LARGEFILE, 0); 3480 filp = filp_open(filename, O_RDONLY | O_LARGEFILE, 0);
3481 if (IS_ERR(filp)) { 3481 if (IS_ERR(filp)) {
3482 LINFO(curlun, "unable to open backing file: %s\n", filename); 3482 LINFO(curlun, "unable to open backing file: %s\n", filename);
3483 return PTR_ERR(filp); 3483 return PTR_ERR(filp);
3484 } 3484 }
3485 3485
3486 if (!(filp->f_mode & FMODE_WRITE)) 3486 if (!(filp->f_mode & FMODE_WRITE))
3487 ro = 1; 3487 ro = 1;
3488 3488
3489 if (filp->f_path.dentry) 3489 if (filp->f_path.dentry)
3490 inode = filp->f_path.dentry->d_inode; 3490 inode = filp->f_path.dentry->d_inode;
3491 if (inode && S_ISBLK(inode->i_mode)) { 3491 if (inode && S_ISBLK(inode->i_mode)) {
3492 if (bdev_read_only(inode->i_bdev)) 3492 if (bdev_read_only(inode->i_bdev))
3493 ro = 1; 3493 ro = 1;
3494 } else if (!inode || !S_ISREG(inode->i_mode)) { 3494 } else if (!inode || !S_ISREG(inode->i_mode)) {
3495 LINFO(curlun, "invalid file type: %s\n", filename); 3495 LINFO(curlun, "invalid file type: %s\n", filename);
3496 goto out; 3496 goto out;
3497 } 3497 }
3498 3498
3499 /* If we can't read the file, it's no good. 3499 /* If we can't read the file, it's no good.
3500 * If we can't write the file, use it read-only. */ 3500 * If we can't write the file, use it read-only. */
3501 if (!filp->f_op || !(filp->f_op->read || filp->f_op->aio_read)) { 3501 if (!filp->f_op || !(filp->f_op->read || filp->f_op->aio_read)) {
3502 LINFO(curlun, "file not readable: %s\n", filename); 3502 LINFO(curlun, "file not readable: %s\n", filename);
3503 goto out; 3503 goto out;
3504 } 3504 }
3505 if (!(filp->f_op->write || filp->f_op->aio_write)) 3505 if (!(filp->f_op->write || filp->f_op->aio_write))
3506 ro = 1; 3506 ro = 1;
3507 3507
3508 size = i_size_read(inode->i_mapping->host); 3508 size = i_size_read(inode->i_mapping->host);
3509 if (size < 0) { 3509 if (size < 0) {
3510 LINFO(curlun, "unable to find file size: %s\n", filename); 3510 LINFO(curlun, "unable to find file size: %s\n", filename);
3511 rc = (int) size; 3511 rc = (int) size;
3512 goto out; 3512 goto out;
3513 } 3513 }
3514 num_sectors = size >> 9; // File size in 512-byte sectors 3514 num_sectors = size >> 9; // File size in 512-byte sectors
3515 if (num_sectors == 0) { 3515 if (num_sectors == 0) {
3516 LINFO(curlun, "file too small: %s\n", filename); 3516 LINFO(curlun, "file too small: %s\n", filename);
3517 rc = -ETOOSMALL; 3517 rc = -ETOOSMALL;
3518 goto out; 3518 goto out;
3519 } 3519 }
3520 3520
3521 get_file(filp); 3521 get_file(filp);
3522 curlun->ro = ro; 3522 curlun->ro = ro;
3523 curlun->filp = filp; 3523 curlun->filp = filp;
3524 curlun->file_length = size; 3524 curlun->file_length = size;
3525 curlun->num_sectors = num_sectors; 3525 curlun->num_sectors = num_sectors;
3526 LDBG(curlun, "open backing file: %s\n", filename); 3526 LDBG(curlun, "open backing file: %s\n", filename);
3527 rc = 0; 3527 rc = 0;
3528 3528
3529 out: 3529 out:
3530 filp_close(filp, current->files); 3530 filp_close(filp, current->files);
3531 return rc; 3531 return rc;
3532 } 3532 }
3533 3533
3534 3534
3535 static void close_backing_file(struct lun *curlun) 3535 static void close_backing_file(struct lun *curlun)
3536 { 3536 {
3537 if (curlun->filp) { 3537 if (curlun->filp) {
3538 LDBG(curlun, "close backing file\n"); 3538 LDBG(curlun, "close backing file\n");
3539 fput(curlun->filp); 3539 fput(curlun->filp);
3540 curlun->filp = NULL; 3540 curlun->filp = NULL;
3541 } 3541 }
3542 } 3542 }
3543 3543
3544 static void close_all_backing_files(struct fsg_dev *fsg) 3544 static void close_all_backing_files(struct fsg_dev *fsg)
3545 { 3545 {
3546 int i; 3546 int i;
3547 3547
3548 for (i = 0; i < fsg->nluns; ++i) 3548 for (i = 0; i < fsg->nluns; ++i)
3549 close_backing_file(&fsg->luns[i]); 3549 close_backing_file(&fsg->luns[i]);
3550 } 3550 }
3551 3551
3552 3552
3553 static ssize_t show_ro(struct device *dev, struct device_attribute *attr, char *buf) 3553 static ssize_t show_ro(struct device *dev, struct device_attribute *attr, char *buf)
3554 { 3554 {
3555 struct lun *curlun = dev_to_lun(dev); 3555 struct lun *curlun = dev_to_lun(dev);
3556 3556
3557 return sprintf(buf, "%d\n", curlun->ro); 3557 return sprintf(buf, "%d\n", curlun->ro);
3558 } 3558 }
3559 3559
3560 static ssize_t show_file(struct device *dev, struct device_attribute *attr, 3560 static ssize_t show_file(struct device *dev, struct device_attribute *attr,
3561 char *buf) 3561 char *buf)
3562 { 3562 {
3563 struct lun *curlun = dev_to_lun(dev); 3563 struct lun *curlun = dev_to_lun(dev);
3564 struct fsg_dev *fsg = dev_get_drvdata(dev); 3564 struct fsg_dev *fsg = dev_get_drvdata(dev);
3565 char *p; 3565 char *p;
3566 ssize_t rc; 3566 ssize_t rc;
3567 3567
3568 down_read(&fsg->filesem); 3568 down_read(&fsg->filesem);
3569 if (backing_file_is_open(curlun)) { // Get the complete pathname 3569 if (backing_file_is_open(curlun)) { // Get the complete pathname
3570 p = d_path(curlun->filp->f_path.dentry, 3570 p = d_path(curlun->filp->f_path.dentry,
3571 curlun->filp->f_path.mnt, buf, PAGE_SIZE - 1); 3571 curlun->filp->f_path.mnt, buf, PAGE_SIZE - 1);
3572 if (IS_ERR(p)) 3572 if (IS_ERR(p))
3573 rc = PTR_ERR(p); 3573 rc = PTR_ERR(p);
3574 else { 3574 else {
3575 rc = strlen(p); 3575 rc = strlen(p);
3576 memmove(buf, p, rc); 3576 memmove(buf, p, rc);
3577 buf[rc] = '\n'; // Add a newline 3577 buf[rc] = '\n'; // Add a newline
3578 buf[++rc] = 0; 3578 buf[++rc] = 0;
3579 } 3579 }
3580 } else { // No file, return 0 bytes 3580 } else { // No file, return 0 bytes
3581 *buf = 0; 3581 *buf = 0;
3582 rc = 0; 3582 rc = 0;
3583 } 3583 }
3584 up_read(&fsg->filesem); 3584 up_read(&fsg->filesem);
3585 return rc; 3585 return rc;
3586 } 3586 }
3587 3587
3588 3588
3589 static ssize_t store_ro(struct device *dev, struct device_attribute *attr, 3589 static ssize_t store_ro(struct device *dev, struct device_attribute *attr,
3590 const char *buf, size_t count) 3590 const char *buf, size_t count)
3591 { 3591 {
3592 ssize_t rc = count; 3592 ssize_t rc = count;
3593 struct lun *curlun = dev_to_lun(dev); 3593 struct lun *curlun = dev_to_lun(dev);
3594 struct fsg_dev *fsg = dev_get_drvdata(dev); 3594 struct fsg_dev *fsg = dev_get_drvdata(dev);
3595 int i; 3595 int i;
3596 3596
3597 if (sscanf(buf, "%d", &i) != 1) 3597 if (sscanf(buf, "%d", &i) != 1)
3598 return -EINVAL; 3598 return -EINVAL;
3599 3599
3600 /* Allow the write-enable status to change only while the backing file 3600 /* Allow the write-enable status to change only while the backing file
3601 * is closed. */ 3601 * is closed. */
3602 down_read(&fsg->filesem); 3602 down_read(&fsg->filesem);
3603 if (backing_file_is_open(curlun)) { 3603 if (backing_file_is_open(curlun)) {
3604 LDBG(curlun, "read-only status change prevented\n"); 3604 LDBG(curlun, "read-only status change prevented\n");
3605 rc = -EBUSY; 3605 rc = -EBUSY;
3606 } else { 3606 } else {
3607 curlun->ro = !!i; 3607 curlun->ro = !!i;
3608 LDBG(curlun, "read-only status set to %d\n", curlun->ro); 3608 LDBG(curlun, "read-only status set to %d\n", curlun->ro);
3609 } 3609 }
3610 up_read(&fsg->filesem); 3610 up_read(&fsg->filesem);
3611 return rc; 3611 return rc;
3612 } 3612 }
3613 3613
3614 static ssize_t store_file(struct device *dev, struct device_attribute *attr, 3614 static ssize_t store_file(struct device *dev, struct device_attribute *attr,
3615 const char *buf, size_t count) 3615 const char *buf, size_t count)
3616 { 3616 {
3617 struct lun *curlun = dev_to_lun(dev); 3617 struct lun *curlun = dev_to_lun(dev);
3618 struct fsg_dev *fsg = dev_get_drvdata(dev); 3618 struct fsg_dev *fsg = dev_get_drvdata(dev);
3619 int rc = 0; 3619 int rc = 0;
3620 3620
3621 if (curlun->prevent_medium_removal && backing_file_is_open(curlun)) { 3621 if (curlun->prevent_medium_removal && backing_file_is_open(curlun)) {
3622 LDBG(curlun, "eject attempt prevented\n"); 3622 LDBG(curlun, "eject attempt prevented\n");
3623 return -EBUSY; // "Door is locked" 3623 return -EBUSY; // "Door is locked"
3624 } 3624 }
3625 3625
3626 /* Remove a trailing newline */ 3626 /* Remove a trailing newline */
3627 if (count > 0 && buf[count-1] == '\n') 3627 if (count > 0 && buf[count-1] == '\n')
3628 ((char *) buf)[count-1] = 0; // Ugh! 3628 ((char *) buf)[count-1] = 0; // Ugh!
3629 3629
3630 /* Eject current medium */ 3630 /* Eject current medium */
3631 down_write(&fsg->filesem); 3631 down_write(&fsg->filesem);
3632 if (backing_file_is_open(curlun)) { 3632 if (backing_file_is_open(curlun)) {
3633 close_backing_file(curlun); 3633 close_backing_file(curlun);
3634 curlun->unit_attention_data = SS_MEDIUM_NOT_PRESENT; 3634 curlun->unit_attention_data = SS_MEDIUM_NOT_PRESENT;
3635 } 3635 }
3636 3636
3637 /* Load new medium */ 3637 /* Load new medium */
3638 if (count > 0 && buf[0]) { 3638 if (count > 0 && buf[0]) {
3639 rc = open_backing_file(curlun, buf); 3639 rc = open_backing_file(curlun, buf);
3640 if (rc == 0) 3640 if (rc == 0)
3641 curlun->unit_attention_data = 3641 curlun->unit_attention_data =
3642 SS_NOT_READY_TO_READY_TRANSITION; 3642 SS_NOT_READY_TO_READY_TRANSITION;
3643 } 3643 }
3644 up_write(&fsg->filesem); 3644 up_write(&fsg->filesem);
3645 return (rc < 0 ? rc : count); 3645 return (rc < 0 ? rc : count);
3646 } 3646 }
3647 3647
3648 3648
3649 /* The write permissions and store_xxx pointers are set in fsg_bind() */ 3649 /* The write permissions and store_xxx pointers are set in fsg_bind() */
3650 static DEVICE_ATTR(ro, 0444, show_ro, NULL); 3650 static DEVICE_ATTR(ro, 0444, show_ro, NULL);
3651 static DEVICE_ATTR(file, 0444, show_file, NULL); 3651 static DEVICE_ATTR(file, 0444, show_file, NULL);
3652 3652
3653 3653
3654 /*-------------------------------------------------------------------------*/ 3654 /*-------------------------------------------------------------------------*/
3655 3655
3656 static void fsg_release(struct kref *ref) 3656 static void fsg_release(struct kref *ref)
3657 { 3657 {
3658 struct fsg_dev *fsg = container_of(ref, struct fsg_dev, ref); 3658 struct fsg_dev *fsg = container_of(ref, struct fsg_dev, ref);
3659 3659
3660 kfree(fsg->luns); 3660 kfree(fsg->luns);
3661 kfree(fsg); 3661 kfree(fsg);
3662 } 3662 }
3663 3663
3664 static void lun_release(struct device *dev) 3664 static void lun_release(struct device *dev)
3665 { 3665 {
3666 struct fsg_dev *fsg = dev_get_drvdata(dev); 3666 struct fsg_dev *fsg = dev_get_drvdata(dev);
3667 3667
3668 kref_put(&fsg->ref, fsg_release); 3668 kref_put(&fsg->ref, fsg_release);
3669 } 3669 }
3670 3670
3671 static void /* __init_or_exit */ fsg_unbind(struct usb_gadget *gadget) 3671 static void /* __init_or_exit */ fsg_unbind(struct usb_gadget *gadget)
3672 { 3672 {
3673 struct fsg_dev *fsg = get_gadget_data(gadget); 3673 struct fsg_dev *fsg = get_gadget_data(gadget);
3674 int i; 3674 int i;
3675 struct lun *curlun; 3675 struct lun *curlun;
3676 struct usb_request *req = fsg->ep0req; 3676 struct usb_request *req = fsg->ep0req;
3677 3677
3678 DBG(fsg, "unbind\n"); 3678 DBG(fsg, "unbind\n");
3679 clear_bit(REGISTERED, &fsg->atomic_bitflags); 3679 clear_bit(REGISTERED, &fsg->atomic_bitflags);
3680 3680
3681 /* Unregister the sysfs attribute files and the LUNs */ 3681 /* Unregister the sysfs attribute files and the LUNs */
3682 for (i = 0; i < fsg->nluns; ++i) { 3682 for (i = 0; i < fsg->nluns; ++i) {
3683 curlun = &fsg->luns[i]; 3683 curlun = &fsg->luns[i];
3684 if (curlun->registered) { 3684 if (curlun->registered) {
3685 device_remove_file(&curlun->dev, &dev_attr_ro); 3685 device_remove_file(&curlun->dev, &dev_attr_ro);
3686 device_remove_file(&curlun->dev, &dev_attr_file); 3686 device_remove_file(&curlun->dev, &dev_attr_file);
3687 device_unregister(&curlun->dev); 3687 device_unregister(&curlun->dev);
3688 curlun->registered = 0; 3688 curlun->registered = 0;
3689 } 3689 }
3690 } 3690 }
3691 3691
3692 /* If the thread isn't already dead, tell it to exit now */ 3692 /* If the thread isn't already dead, tell it to exit now */
3693 if (fsg->state != FSG_STATE_TERMINATED) { 3693 if (fsg->state != FSG_STATE_TERMINATED) {
3694 raise_exception(fsg, FSG_STATE_EXIT); 3694 raise_exception(fsg, FSG_STATE_EXIT);
3695 wait_for_completion(&fsg->thread_notifier); 3695 wait_for_completion(&fsg->thread_notifier);
3696 3696
3697 /* The cleanup routine waits for this completion also */ 3697 /* The cleanup routine waits for this completion also */
3698 complete(&fsg->thread_notifier); 3698 complete(&fsg->thread_notifier);
3699 } 3699 }
3700 3700
3701 /* Free the data buffers */ 3701 /* Free the data buffers */
3702 for (i = 0; i < NUM_BUFFERS; ++i) 3702 for (i = 0; i < NUM_BUFFERS; ++i)
3703 kfree(fsg->buffhds[i].buf); 3703 kfree(fsg->buffhds[i].buf);
3704 3704
3705 /* Free the request and buffer for endpoint 0 */ 3705 /* Free the request and buffer for endpoint 0 */
3706 if (req) { 3706 if (req) {
3707 kfree(req->buf); 3707 kfree(req->buf);
3708 usb_ep_free_request(fsg->ep0, req); 3708 usb_ep_free_request(fsg->ep0, req);
3709 } 3709 }
3710 3710
3711 set_gadget_data(gadget, NULL); 3711 set_gadget_data(gadget, NULL);
3712 } 3712 }
3713 3713
3714 3714
3715 static int __init check_parameters(struct fsg_dev *fsg) 3715 static int __init check_parameters(struct fsg_dev *fsg)
3716 { 3716 {
3717 int prot; 3717 int prot;
3718 int gcnum; 3718 int gcnum;
3719 3719
3720 /* Store the default values */ 3720 /* Store the default values */
3721 mod_data.transport_type = USB_PR_BULK; 3721 mod_data.transport_type = USB_PR_BULK;
3722 mod_data.transport_name = "Bulk-only"; 3722 mod_data.transport_name = "Bulk-only";
3723 mod_data.protocol_type = USB_SC_SCSI; 3723 mod_data.protocol_type = USB_SC_SCSI;
3724 mod_data.protocol_name = "Transparent SCSI"; 3724 mod_data.protocol_name = "Transparent SCSI";
3725 3725
3726 if (gadget_is_sh(fsg->gadget)) 3726 if (gadget_is_sh(fsg->gadget))
3727 mod_data.can_stall = 0; 3727 mod_data.can_stall = 0;
3728 3728
3729 if (mod_data.release == 0xffff) { // Parameter wasn't set 3729 if (mod_data.release == 0xffff) { // Parameter wasn't set
3730 /* The sa1100 controller is not supported */ 3730 /* The sa1100 controller is not supported */
3731 if (gadget_is_sa1100(fsg->gadget)) 3731 if (gadget_is_sa1100(fsg->gadget))
3732 gcnum = -1; 3732 gcnum = -1;
3733 else 3733 else
3734 gcnum = usb_gadget_controller_number(fsg->gadget); 3734 gcnum = usb_gadget_controller_number(fsg->gadget);
3735 if (gcnum >= 0) 3735 if (gcnum >= 0)
3736 mod_data.release = 0x0300 + gcnum; 3736 mod_data.release = 0x0300 + gcnum;
3737 else { 3737 else {
3738 WARN(fsg, "controller '%s' not recognized\n", 3738 WARN(fsg, "controller '%s' not recognized\n",
3739 fsg->gadget->name); 3739 fsg->gadget->name);
3740 mod_data.release = 0x0399; 3740 mod_data.release = 0x0399;
3741 } 3741 }
3742 } 3742 }
3743 3743
3744 prot = simple_strtol(mod_data.protocol_parm, NULL, 0); 3744 prot = simple_strtol(mod_data.protocol_parm, NULL, 0);
3745 3745
3746 #ifdef CONFIG_USB_FILE_STORAGE_TEST 3746 #ifdef CONFIG_USB_FILE_STORAGE_TEST
3747 if (strnicmp(mod_data.transport_parm, "BBB", 10) == 0) { 3747 if (strnicmp(mod_data.transport_parm, "BBB", 10) == 0) {
3748 ; // Use default setting 3748 ; // Use default setting
3749 } else if (strnicmp(mod_data.transport_parm, "CB", 10) == 0) { 3749 } else if (strnicmp(mod_data.transport_parm, "CB", 10) == 0) {
3750 mod_data.transport_type = USB_PR_CB; 3750 mod_data.transport_type = USB_PR_CB;
3751 mod_data.transport_name = "Control-Bulk"; 3751 mod_data.transport_name = "Control-Bulk";
3752 } else if (strnicmp(mod_data.transport_parm, "CBI", 10) == 0) { 3752 } else if (strnicmp(mod_data.transport_parm, "CBI", 10) == 0) {
3753 mod_data.transport_type = USB_PR_CBI; 3753 mod_data.transport_type = USB_PR_CBI;
3754 mod_data.transport_name = "Control-Bulk-Interrupt"; 3754 mod_data.transport_name = "Control-Bulk-Interrupt";
3755 } else { 3755 } else {
3756 ERROR(fsg, "invalid transport: %s\n", mod_data.transport_parm); 3756 ERROR(fsg, "invalid transport: %s\n", mod_data.transport_parm);
3757 return -EINVAL; 3757 return -EINVAL;
3758 } 3758 }
3759 3759
3760 if (strnicmp(mod_data.protocol_parm, "SCSI", 10) == 0 || 3760 if (strnicmp(mod_data.protocol_parm, "SCSI", 10) == 0 ||
3761 prot == USB_SC_SCSI) { 3761 prot == USB_SC_SCSI) {
3762 ; // Use default setting 3762 ; // Use default setting
3763 } else if (strnicmp(mod_data.protocol_parm, "RBC", 10) == 0 || 3763 } else if (strnicmp(mod_data.protocol_parm, "RBC", 10) == 0 ||
3764 prot == USB_SC_RBC) { 3764 prot == USB_SC_RBC) {
3765 mod_data.protocol_type = USB_SC_RBC; 3765 mod_data.protocol_type = USB_SC_RBC;
3766 mod_data.protocol_name = "RBC"; 3766 mod_data.protocol_name = "RBC";
3767 } else if (strnicmp(mod_data.protocol_parm, "8020", 4) == 0 || 3767 } else if (strnicmp(mod_data.protocol_parm, "8020", 4) == 0 ||
3768 strnicmp(mod_data.protocol_parm, "ATAPI", 10) == 0 || 3768 strnicmp(mod_data.protocol_parm, "ATAPI", 10) == 0 ||
3769 prot == USB_SC_8020) { 3769 prot == USB_SC_8020) {
3770 mod_data.protocol_type = USB_SC_8020; 3770 mod_data.protocol_type = USB_SC_8020;
3771 mod_data.protocol_name = "8020i (ATAPI)"; 3771 mod_data.protocol_name = "8020i (ATAPI)";
3772 } else if (strnicmp(mod_data.protocol_parm, "QIC", 3) == 0 || 3772 } else if (strnicmp(mod_data.protocol_parm, "QIC", 3) == 0 ||
3773 prot == USB_SC_QIC) { 3773 prot == USB_SC_QIC) {
3774 mod_data.protocol_type = USB_SC_QIC; 3774 mod_data.protocol_type = USB_SC_QIC;
3775 mod_data.protocol_name = "QIC-157"; 3775 mod_data.protocol_name = "QIC-157";
3776 } else if (strnicmp(mod_data.protocol_parm, "UFI", 10) == 0 || 3776 } else if (strnicmp(mod_data.protocol_parm, "UFI", 10) == 0 ||
3777 prot == USB_SC_UFI) { 3777 prot == USB_SC_UFI) {
3778 mod_data.protocol_type = USB_SC_UFI; 3778 mod_data.protocol_type = USB_SC_UFI;
3779 mod_data.protocol_name = "UFI"; 3779 mod_data.protocol_name = "UFI";
3780 } else if (strnicmp(mod_data.protocol_parm, "8070", 4) == 0 || 3780 } else if (strnicmp(mod_data.protocol_parm, "8070", 4) == 0 ||
3781 prot == USB_SC_8070) { 3781 prot == USB_SC_8070) {
3782 mod_data.protocol_type = USB_SC_8070; 3782 mod_data.protocol_type = USB_SC_8070;
3783 mod_data.protocol_name = "8070i"; 3783 mod_data.protocol_name = "8070i";
3784 } else { 3784 } else {
3785 ERROR(fsg, "invalid protocol: %s\n", mod_data.protocol_parm); 3785 ERROR(fsg, "invalid protocol: %s\n", mod_data.protocol_parm);
3786 return -EINVAL; 3786 return -EINVAL;
3787 } 3787 }
3788 3788
3789 mod_data.buflen &= PAGE_CACHE_MASK; 3789 mod_data.buflen &= PAGE_CACHE_MASK;
3790 if (mod_data.buflen <= 0) { 3790 if (mod_data.buflen <= 0) {
3791 ERROR(fsg, "invalid buflen\n"); 3791 ERROR(fsg, "invalid buflen\n");
3792 return -ETOOSMALL; 3792 return -ETOOSMALL;
3793 } 3793 }
3794 #endif /* CONFIG_USB_FILE_STORAGE_TEST */ 3794 #endif /* CONFIG_USB_FILE_STORAGE_TEST */
3795 3795
3796 return 0; 3796 return 0;
3797 } 3797 }
3798 3798
3799 3799
3800 static int __init fsg_bind(struct usb_gadget *gadget) 3800 static int __init fsg_bind(struct usb_gadget *gadget)
3801 { 3801 {
3802 struct fsg_dev *fsg = the_fsg; 3802 struct fsg_dev *fsg = the_fsg;
3803 int rc; 3803 int rc;
3804 int i; 3804 int i;
3805 struct lun *curlun; 3805 struct lun *curlun;
3806 struct usb_ep *ep; 3806 struct usb_ep *ep;
3807 struct usb_request *req; 3807 struct usb_request *req;
3808 char *pathbuf, *p; 3808 char *pathbuf, *p;
3809 3809
3810 fsg->gadget = gadget; 3810 fsg->gadget = gadget;
3811 set_gadget_data(gadget, fsg); 3811 set_gadget_data(gadget, fsg);
3812 fsg->ep0 = gadget->ep0; 3812 fsg->ep0 = gadget->ep0;
3813 fsg->ep0->driver_data = fsg; 3813 fsg->ep0->driver_data = fsg;
3814 3814
3815 if ((rc = check_parameters(fsg)) != 0) 3815 if ((rc = check_parameters(fsg)) != 0)
3816 goto out; 3816 goto out;
3817 3817
3818 if (mod_data.removable) { // Enable the store_xxx attributes 3818 if (mod_data.removable) { // Enable the store_xxx attributes
3819 dev_attr_ro.attr.mode = dev_attr_file.attr.mode = 0644; 3819 dev_attr_ro.attr.mode = dev_attr_file.attr.mode = 0644;
3820 dev_attr_ro.store = store_ro; 3820 dev_attr_ro.store = store_ro;
3821 dev_attr_file.store = store_file; 3821 dev_attr_file.store = store_file;
3822 } 3822 }
3823 3823
3824 /* Find out how many LUNs there should be */ 3824 /* Find out how many LUNs there should be */
3825 i = mod_data.nluns; 3825 i = mod_data.nluns;
3826 if (i == 0) 3826 if (i == 0)
3827 i = max(mod_data.num_filenames, 1u); 3827 i = max(mod_data.num_filenames, 1u);
3828 if (i > MAX_LUNS) { 3828 if (i > MAX_LUNS) {
3829 ERROR(fsg, "invalid number of LUNs: %d\n", i); 3829 ERROR(fsg, "invalid number of LUNs: %d\n", i);
3830 rc = -EINVAL; 3830 rc = -EINVAL;
3831 goto out; 3831 goto out;
3832 } 3832 }
3833 3833
3834 /* Create the LUNs, open their backing files, and register the 3834 /* Create the LUNs, open their backing files, and register the
3835 * LUN devices in sysfs. */ 3835 * LUN devices in sysfs. */
3836 fsg->luns = kzalloc(i * sizeof(struct lun), GFP_KERNEL); 3836 fsg->luns = kzalloc(i * sizeof(struct lun), GFP_KERNEL);
3837 if (!fsg->luns) { 3837 if (!fsg->luns) {
3838 rc = -ENOMEM; 3838 rc = -ENOMEM;
3839 goto out; 3839 goto out;
3840 } 3840 }
3841 fsg->nluns = i; 3841 fsg->nluns = i;
3842 3842
3843 for (i = 0; i < fsg->nluns; ++i) { 3843 for (i = 0; i < fsg->nluns; ++i) {
3844 curlun = &fsg->luns[i]; 3844 curlun = &fsg->luns[i];
3845 curlun->ro = mod_data.ro[i]; 3845 curlun->ro = mod_data.ro[i];
3846 curlun->dev.release = lun_release; 3846 curlun->dev.release = lun_release;
3847 curlun->dev.parent = &gadget->dev; 3847 curlun->dev.parent = &gadget->dev;
3848 curlun->dev.driver = &fsg_driver.driver; 3848 curlun->dev.driver = &fsg_driver.driver;
3849 dev_set_drvdata(&curlun->dev, fsg); 3849 dev_set_drvdata(&curlun->dev, fsg);
3850 snprintf(curlun->dev.bus_id, BUS_ID_SIZE, 3850 snprintf(curlun->dev.bus_id, BUS_ID_SIZE,
3851 "%s-lun%d", gadget->dev.bus_id, i); 3851 "%s-lun%d", gadget->dev.bus_id, i);
3852 3852
3853 if ((rc = device_register(&curlun->dev)) != 0) { 3853 if ((rc = device_register(&curlun->dev)) != 0) {
3854 INFO(fsg, "failed to register LUN%d: %d\n", i, rc); 3854 INFO(fsg, "failed to register LUN%d: %d\n", i, rc);
3855 goto out; 3855 goto out;
3856 } 3856 }
3857 if ((rc = device_create_file(&curlun->dev, 3857 if ((rc = device_create_file(&curlun->dev,
3858 &dev_attr_ro)) != 0 || 3858 &dev_attr_ro)) != 0 ||
3859 (rc = device_create_file(&curlun->dev, 3859 (rc = device_create_file(&curlun->dev,
3860 &dev_attr_file)) != 0) { 3860 &dev_attr_file)) != 0) {
3861 device_unregister(&curlun->dev); 3861 device_unregister(&curlun->dev);
3862 goto out; 3862 goto out;
3863 } 3863 }
3864 curlun->registered = 1; 3864 curlun->registered = 1;
3865 kref_get(&fsg->ref); 3865 kref_get(&fsg->ref);
3866 3866
3867 if (mod_data.file[i] && *mod_data.file[i]) { 3867 if (mod_data.file[i] && *mod_data.file[i]) {
3868 if ((rc = open_backing_file(curlun, 3868 if ((rc = open_backing_file(curlun,
3869 mod_data.file[i])) != 0) 3869 mod_data.file[i])) != 0)
3870 goto out; 3870 goto out;
3871 } else if (!mod_data.removable) { 3871 } else if (!mod_data.removable) {
3872 ERROR(fsg, "no file given for LUN%d\n", i); 3872 ERROR(fsg, "no file given for LUN%d\n", i);
3873 rc = -EINVAL; 3873 rc = -EINVAL;
3874 goto out; 3874 goto out;
3875 } 3875 }
3876 } 3876 }
3877 3877
3878 /* Find all the endpoints we will use */ 3878 /* Find all the endpoints we will use */
3879 usb_ep_autoconfig_reset(gadget); 3879 usb_ep_autoconfig_reset(gadget);
3880 ep = usb_ep_autoconfig(gadget, &fs_bulk_in_desc); 3880 ep = usb_ep_autoconfig(gadget, &fs_bulk_in_desc);
3881 if (!ep) 3881 if (!ep)
3882 goto autoconf_fail; 3882 goto autoconf_fail;
3883 ep->driver_data = fsg; // claim the endpoint 3883 ep->driver_data = fsg; // claim the endpoint
3884 fsg->bulk_in = ep; 3884 fsg->bulk_in = ep;
3885 3885
3886 ep = usb_ep_autoconfig(gadget, &fs_bulk_out_desc); 3886 ep = usb_ep_autoconfig(gadget, &fs_bulk_out_desc);
3887 if (!ep) 3887 if (!ep)
3888 goto autoconf_fail; 3888 goto autoconf_fail;
3889 ep->driver_data = fsg; // claim the endpoint 3889 ep->driver_data = fsg; // claim the endpoint
3890 fsg->bulk_out = ep; 3890 fsg->bulk_out = ep;
3891 3891
3892 if (transport_is_cbi()) { 3892 if (transport_is_cbi()) {
3893 ep = usb_ep_autoconfig(gadget, &fs_intr_in_desc); 3893 ep = usb_ep_autoconfig(gadget, &fs_intr_in_desc);
3894 if (!ep) 3894 if (!ep)
3895 goto autoconf_fail; 3895 goto autoconf_fail;
3896 ep->driver_data = fsg; // claim the endpoint 3896 ep->driver_data = fsg; // claim the endpoint
3897 fsg->intr_in = ep; 3897 fsg->intr_in = ep;
3898 } 3898 }
3899 3899
3900 /* Fix up the descriptors */ 3900 /* Fix up the descriptors */
3901 device_desc.bMaxPacketSize0 = fsg->ep0->maxpacket; 3901 device_desc.bMaxPacketSize0 = fsg->ep0->maxpacket;
3902 device_desc.idVendor = cpu_to_le16(mod_data.vendor); 3902 device_desc.idVendor = cpu_to_le16(mod_data.vendor);
3903 device_desc.idProduct = cpu_to_le16(mod_data.product); 3903 device_desc.idProduct = cpu_to_le16(mod_data.product);
3904 device_desc.bcdDevice = cpu_to_le16(mod_data.release); 3904 device_desc.bcdDevice = cpu_to_le16(mod_data.release);
3905 3905
3906 i = (transport_is_cbi() ? 3 : 2); // Number of endpoints 3906 i = (transport_is_cbi() ? 3 : 2); // Number of endpoints
3907 intf_desc.bNumEndpoints = i; 3907 intf_desc.bNumEndpoints = i;
3908 intf_desc.bInterfaceSubClass = mod_data.protocol_type; 3908 intf_desc.bInterfaceSubClass = mod_data.protocol_type;
3909 intf_desc.bInterfaceProtocol = mod_data.transport_type; 3909 intf_desc.bInterfaceProtocol = mod_data.transport_type;
3910 fs_function[i + FS_FUNCTION_PRE_EP_ENTRIES] = NULL; 3910 fs_function[i + FS_FUNCTION_PRE_EP_ENTRIES] = NULL;
3911 3911
3912 if (gadget_is_dualspeed(gadget)) { 3912 if (gadget_is_dualspeed(gadget)) {
3913 hs_function[i + HS_FUNCTION_PRE_EP_ENTRIES] = NULL; 3913 hs_function[i + HS_FUNCTION_PRE_EP_ENTRIES] = NULL;
3914 3914
3915 /* Assume ep0 uses the same maxpacket value for both speeds */ 3915 /* Assume ep0 uses the same maxpacket value for both speeds */
3916 dev_qualifier.bMaxPacketSize0 = fsg->ep0->maxpacket; 3916 dev_qualifier.bMaxPacketSize0 = fsg->ep0->maxpacket;
3917 3917
3918 /* Assume endpoint addresses are the same for both speeds */ 3918 /* Assume endpoint addresses are the same for both speeds */
3919 hs_bulk_in_desc.bEndpointAddress = 3919 hs_bulk_in_desc.bEndpointAddress =
3920 fs_bulk_in_desc.bEndpointAddress; 3920 fs_bulk_in_desc.bEndpointAddress;
3921 hs_bulk_out_desc.bEndpointAddress = 3921 hs_bulk_out_desc.bEndpointAddress =
3922 fs_bulk_out_desc.bEndpointAddress; 3922 fs_bulk_out_desc.bEndpointAddress;
3923 hs_intr_in_desc.bEndpointAddress = 3923 hs_intr_in_desc.bEndpointAddress =
3924 fs_intr_in_desc.bEndpointAddress; 3924 fs_intr_in_desc.bEndpointAddress;
3925 } 3925 }
3926 3926
3927 if (gadget_is_otg(gadget)) 3927 if (gadget_is_otg(gadget))
3928 otg_desc.bmAttributes |= USB_OTG_HNP; 3928 otg_desc.bmAttributes |= USB_OTG_HNP;
3929 3929
3930 rc = -ENOMEM; 3930 rc = -ENOMEM;
3931 3931
3932 /* Allocate the request and buffer for endpoint 0 */ 3932 /* Allocate the request and buffer for endpoint 0 */
3933 fsg->ep0req = req = usb_ep_alloc_request(fsg->ep0, GFP_KERNEL); 3933 fsg->ep0req = req = usb_ep_alloc_request(fsg->ep0, GFP_KERNEL);
3934 if (!req) 3934 if (!req)
3935 goto out; 3935 goto out;
3936 req->buf = kmalloc(EP0_BUFSIZE, GFP_KERNEL); 3936 req->buf = kmalloc(EP0_BUFSIZE, GFP_KERNEL);
3937 if (!req->buf) 3937 if (!req->buf)
3938 goto out; 3938 goto out;
3939 req->complete = ep0_complete; 3939 req->complete = ep0_complete;
3940 3940
3941 /* Allocate the data buffers */ 3941 /* Allocate the data buffers */
3942 for (i = 0; i < NUM_BUFFERS; ++i) { 3942 for (i = 0; i < NUM_BUFFERS; ++i) {
3943 struct fsg_buffhd *bh = &fsg->buffhds[i]; 3943 struct fsg_buffhd *bh = &fsg->buffhds[i];
3944 3944
3945 /* Allocate for the bulk-in endpoint. We assume that 3945 /* Allocate for the bulk-in endpoint. We assume that
3946 * the buffer will also work with the bulk-out (and 3946 * the buffer will also work with the bulk-out (and
3947 * interrupt-in) endpoint. */ 3947 * interrupt-in) endpoint. */
3948 bh->buf = kmalloc(mod_data.buflen, GFP_KERNEL); 3948 bh->buf = kmalloc(mod_data.buflen, GFP_KERNEL);
3949 if (!bh->buf) 3949 if (!bh->buf)
3950 goto out; 3950 goto out;
3951 bh->next = bh + 1; 3951 bh->next = bh + 1;
3952 } 3952 }
3953 fsg->buffhds[NUM_BUFFERS - 1].next = &fsg->buffhds[0]; 3953 fsg->buffhds[NUM_BUFFERS - 1].next = &fsg->buffhds[0];
3954 3954
3955 /* This should reflect the actual gadget power source */ 3955 /* This should reflect the actual gadget power source */
3956 usb_gadget_set_selfpowered(gadget); 3956 usb_gadget_set_selfpowered(gadget);
3957 3957
3958 snprintf(manufacturer, sizeof manufacturer, "%s %s with %s", 3958 snprintf(manufacturer, sizeof manufacturer, "%s %s with %s",
3959 init_utsname()->sysname, init_utsname()->release, 3959 init_utsname()->sysname, init_utsname()->release,
3960 gadget->name); 3960 gadget->name);
3961 3961
3962 /* On a real device, serial[] would be loaded from permanent 3962 /* On a real device, serial[] would be loaded from permanent
3963 * storage. We just encode it from the driver version string. */ 3963 * storage. We just encode it from the driver version string. */
3964 for (i = 0; i < sizeof(serial) - 2; i += 2) { 3964 for (i = 0; i < sizeof(serial) - 2; i += 2) {
3965 unsigned char c = DRIVER_VERSION[i / 2]; 3965 unsigned char c = DRIVER_VERSION[i / 2];
3966 3966
3967 if (!c) 3967 if (!c)
3968 break; 3968 break;
3969 sprintf(&serial[i], "%02X", c); 3969 sprintf(&serial[i], "%02X", c);
3970 } 3970 }
3971 3971
3972 fsg->thread_task = kthread_create(fsg_main_thread, fsg, 3972 fsg->thread_task = kthread_create(fsg_main_thread, fsg,
3973 "file-storage-gadget"); 3973 "file-storage-gadget");
3974 if (IS_ERR(fsg->thread_task)) { 3974 if (IS_ERR(fsg->thread_task)) {
3975 rc = PTR_ERR(fsg->thread_task); 3975 rc = PTR_ERR(fsg->thread_task);
3976 goto out; 3976 goto out;
3977 } 3977 }
3978 3978
3979 INFO(fsg, DRIVER_DESC ", version: " DRIVER_VERSION "\n"); 3979 INFO(fsg, DRIVER_DESC ", version: " DRIVER_VERSION "\n");
3980 INFO(fsg, "Number of LUNs=%d\n", fsg->nluns); 3980 INFO(fsg, "Number of LUNs=%d\n", fsg->nluns);
3981 3981
3982 pathbuf = kmalloc(PATH_MAX, GFP_KERNEL); 3982 pathbuf = kmalloc(PATH_MAX, GFP_KERNEL);
3983 for (i = 0; i < fsg->nluns; ++i) { 3983 for (i = 0; i < fsg->nluns; ++i) {
3984 curlun = &fsg->luns[i]; 3984 curlun = &fsg->luns[i];
3985 if (backing_file_is_open(curlun)) { 3985 if (backing_file_is_open(curlun)) {
3986 p = NULL; 3986 p = NULL;
3987 if (pathbuf) { 3987 if (pathbuf) {
3988 p = d_path(curlun->filp->f_path.dentry, 3988 p = d_path(curlun->filp->f_path.dentry,
3989 curlun->filp->f_path.mnt, 3989 curlun->filp->f_path.mnt,
3990 pathbuf, PATH_MAX); 3990 pathbuf, PATH_MAX);
3991 if (IS_ERR(p)) 3991 if (IS_ERR(p))
3992 p = NULL; 3992 p = NULL;
3993 } 3993 }
3994 LINFO(curlun, "ro=%d, file: %s\n", 3994 LINFO(curlun, "ro=%d, file: %s\n",
3995 curlun->ro, (p ? p : "(error)")); 3995 curlun->ro, (p ? p : "(error)"));
3996 } 3996 }
3997 } 3997 }
3998 kfree(pathbuf); 3998 kfree(pathbuf);
3999 3999
4000 DBG(fsg, "transport=%s (x%02x)\n", 4000 DBG(fsg, "transport=%s (x%02x)\n",
4001 mod_data.transport_name, mod_data.transport_type); 4001 mod_data.transport_name, mod_data.transport_type);
4002 DBG(fsg, "protocol=%s (x%02x)\n", 4002 DBG(fsg, "protocol=%s (x%02x)\n",
4003 mod_data.protocol_name, mod_data.protocol_type); 4003 mod_data.protocol_name, mod_data.protocol_type);
4004 DBG(fsg, "VendorID=x%04x, ProductID=x%04x, Release=x%04x\n", 4004 DBG(fsg, "VendorID=x%04x, ProductID=x%04x, Release=x%04x\n",
4005 mod_data.vendor, mod_data.product, mod_data.release); 4005 mod_data.vendor, mod_data.product, mod_data.release);
4006 DBG(fsg, "removable=%d, stall=%d, buflen=%u\n", 4006 DBG(fsg, "removable=%d, stall=%d, buflen=%u\n",
4007 mod_data.removable, mod_data.can_stall, 4007 mod_data.removable, mod_data.can_stall,
4008 mod_data.buflen); 4008 mod_data.buflen);
4009 DBG(fsg, "I/O thread pid: %d\n", fsg->thread_task->pid); 4009 DBG(fsg, "I/O thread pid: %d\n", fsg->thread_task->pid);
4010 4010
4011 set_bit(REGISTERED, &fsg->atomic_bitflags); 4011 set_bit(REGISTERED, &fsg->atomic_bitflags);
4012 4012
4013 /* Tell the thread to start working */ 4013 /* Tell the thread to start working */
4014 wake_up_process(fsg->thread_task); 4014 wake_up_process(fsg->thread_task);
4015 return 0; 4015 return 0;
4016 4016
4017 autoconf_fail: 4017 autoconf_fail:
4018 ERROR(fsg, "unable to autoconfigure all endpoints\n"); 4018 ERROR(fsg, "unable to autoconfigure all endpoints\n");
4019 rc = -ENOTSUPP; 4019 rc = -ENOTSUPP;
4020 4020
4021 out: 4021 out:
4022 fsg->state = FSG_STATE_TERMINATED; // The thread is dead 4022 fsg->state = FSG_STATE_TERMINATED; // The thread is dead
4023 fsg_unbind(gadget); 4023 fsg_unbind(gadget);
4024 close_all_backing_files(fsg); 4024 close_all_backing_files(fsg);
4025 return rc; 4025 return rc;
4026 } 4026 }
4027 4027
4028 4028
4029 /*-------------------------------------------------------------------------*/ 4029 /*-------------------------------------------------------------------------*/
4030 4030
4031 static void fsg_suspend(struct usb_gadget *gadget) 4031 static void fsg_suspend(struct usb_gadget *gadget)
4032 { 4032 {
4033 struct fsg_dev *fsg = get_gadget_data(gadget); 4033 struct fsg_dev *fsg = get_gadget_data(gadget);
4034 4034
4035 DBG(fsg, "suspend\n"); 4035 DBG(fsg, "suspend\n");
4036 set_bit(SUSPENDED, &fsg->atomic_bitflags); 4036 set_bit(SUSPENDED, &fsg->atomic_bitflags);
4037 } 4037 }
4038 4038
4039 static void fsg_resume(struct usb_gadget *gadget) 4039 static void fsg_resume(struct usb_gadget *gadget)
4040 { 4040 {
4041 struct fsg_dev *fsg = get_gadget_data(gadget); 4041 struct fsg_dev *fsg = get_gadget_data(gadget);
4042 4042
4043 DBG(fsg, "resume\n"); 4043 DBG(fsg, "resume\n");
4044 clear_bit(SUSPENDED, &fsg->atomic_bitflags); 4044 clear_bit(SUSPENDED, &fsg->atomic_bitflags);
4045 } 4045 }
4046 4046
4047 4047
4048 /*-------------------------------------------------------------------------*/ 4048 /*-------------------------------------------------------------------------*/
4049 4049
4050 static struct usb_gadget_driver fsg_driver = { 4050 static struct usb_gadget_driver fsg_driver = {
4051 #ifdef CONFIG_USB_GADGET_DUALSPEED 4051 #ifdef CONFIG_USB_GADGET_DUALSPEED
4052 .speed = USB_SPEED_HIGH, 4052 .speed = USB_SPEED_HIGH,
4053 #else 4053 #else
4054 .speed = USB_SPEED_FULL, 4054 .speed = USB_SPEED_FULL,
4055 #endif 4055 #endif
4056 .function = (char *) longname, 4056 .function = (char *) longname,
4057 .bind = fsg_bind, 4057 .bind = fsg_bind,
4058 .unbind = fsg_unbind, 4058 .unbind = fsg_unbind,
4059 .disconnect = fsg_disconnect, 4059 .disconnect = fsg_disconnect,
4060 .setup = fsg_setup, 4060 .setup = fsg_setup,
4061 .suspend = fsg_suspend, 4061 .suspend = fsg_suspend,
4062 .resume = fsg_resume, 4062 .resume = fsg_resume,
4063 4063
4064 .driver = { 4064 .driver = {
4065 .name = (char *) shortname, 4065 .name = (char *) shortname,
4066 .owner = THIS_MODULE, 4066 .owner = THIS_MODULE,
4067 // .release = ... 4067 // .release = ...
4068 // .suspend = ... 4068 // .suspend = ...
4069 // .resume = ... 4069 // .resume = ...
4070 }, 4070 },
4071 }; 4071 };
4072 4072
4073 4073
4074 static int __init fsg_alloc(void) 4074 static int __init fsg_alloc(void)
4075 { 4075 {
4076 struct fsg_dev *fsg; 4076 struct fsg_dev *fsg;
4077 4077
4078 fsg = kzalloc(sizeof *fsg, GFP_KERNEL); 4078 fsg = kzalloc(sizeof *fsg, GFP_KERNEL);
4079 if (!fsg) 4079 if (!fsg)
4080 return -ENOMEM; 4080 return -ENOMEM;
4081 spin_lock_init(&fsg->lock); 4081 spin_lock_init(&fsg->lock);
4082 init_rwsem(&fsg->filesem); 4082 init_rwsem(&fsg->filesem);
4083 kref_init(&fsg->ref); 4083 kref_init(&fsg->ref);
4084 init_completion(&fsg->thread_notifier); 4084 init_completion(&fsg->thread_notifier);
4085 4085
4086 the_fsg = fsg; 4086 the_fsg = fsg;
4087 return 0; 4087 return 0;
4088 } 4088 }
4089 4089
4090 4090
4091 static int __init fsg_init(void) 4091 static int __init fsg_init(void)
4092 { 4092 {
4093 int rc; 4093 int rc;
4094 struct fsg_dev *fsg; 4094 struct fsg_dev *fsg;
4095 4095
4096 if ((rc = fsg_alloc()) != 0) 4096 if ((rc = fsg_alloc()) != 0)
4097 return rc; 4097 return rc;
4098 fsg = the_fsg; 4098 fsg = the_fsg;
4099 if ((rc = usb_gadget_register_driver(&fsg_driver)) != 0) 4099 if ((rc = usb_gadget_register_driver(&fsg_driver)) != 0)
4100 kref_put(&fsg->ref, fsg_release); 4100 kref_put(&fsg->ref, fsg_release);
4101 return rc; 4101 return rc;
4102 } 4102 }
4103 module_init(fsg_init); 4103 module_init(fsg_init);
4104 4104
4105 4105
4106 static void __exit fsg_cleanup(void) 4106 static void __exit fsg_cleanup(void)
4107 { 4107 {
4108 struct fsg_dev *fsg = the_fsg; 4108 struct fsg_dev *fsg = the_fsg;
4109 4109
4110 /* Unregister the driver iff the thread hasn't already done so */ 4110 /* Unregister the driver iff the thread hasn't already done so */
4111 if (test_and_clear_bit(REGISTERED, &fsg->atomic_bitflags)) 4111 if (test_and_clear_bit(REGISTERED, &fsg->atomic_bitflags))
4112 usb_gadget_unregister_driver(&fsg_driver); 4112 usb_gadget_unregister_driver(&fsg_driver);
4113 4113
4114 /* Wait for the thread to finish up */ 4114 /* Wait for the thread to finish up */
4115 wait_for_completion(&fsg->thread_notifier); 4115 wait_for_completion(&fsg->thread_notifier);
4116 4116
4117 close_all_backing_files(fsg); 4117 close_all_backing_files(fsg);
4118 kref_put(&fsg->ref, fsg_release); 4118 kref_put(&fsg->ref, fsg_release);
4119 } 4119 }
4120 module_exit(fsg_cleanup); 4120 module_exit(fsg_cleanup);
4121 4121