Doug / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit df4989954abc5ae160865bec79b0f099086decce

Authored by Dan Carpenter
Committed by Felipe Balbi
1 parent 1826e9b1bd
Exists in smarc-imx_3.14.28_1.0.0_ga and in 1 other branch imx_3.14.28_1.0.0_ga

usb: gadget: gadgetfs: potential use after free in unbind() 

ffs_data_put() can sometimes free "ffs" so I have moved the call down
a line below the dereference.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>

Showing 1 changed file with 1 additions and 1 deletions Inline Diff

drivers/usb/gadget/f_fs.c
Diff comments   View file @ df49899
1 /* 1 /*
2 * f_fs.c -- user mode file system API for USB composite function controllers 2 * f_fs.c -- user mode file system API for USB composite function controllers
3 * 3 *
4 * Copyright (C) 2010 Samsung Electronics 4 * Copyright (C) 2010 Samsung Electronics
5 * Author: Michal Nazarewicz <mina86@mina86.com> 5 * Author: Michal Nazarewicz <mina86@mina86.com>
6 * 6 *
7 * Based on inode.c (GadgetFS) which was: 7 * Based on inode.c (GadgetFS) which was:
8 * Copyright (C) 2003-2004 David Brownell 8 * Copyright (C) 2003-2004 David Brownell
9 * Copyright (C) 2003 Agilent Technologies 9 * Copyright (C) 2003 Agilent Technologies
10 * 10 *
11 * This program is free software; you can redistribute it and/or modify 11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by 12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or 13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version. 14 * (at your option) any later version.
15 */ 15 */
16 16
17 17
18 /* #define DEBUG */ 18 /* #define DEBUG */
19 /* #define VERBOSE_DEBUG */ 19 /* #define VERBOSE_DEBUG */
20 20
21 #include <linux/blkdev.h> 21 #include <linux/blkdev.h>
22 #include <linux/pagemap.h> 22 #include <linux/pagemap.h>
23 #include <linux/export.h> 23 #include <linux/export.h>
24 #include <linux/hid.h> 24 #include <linux/hid.h>
25 #include <asm/unaligned.h> 25 #include <asm/unaligned.h>
26 26
27 #include <linux/usb/composite.h> 27 #include <linux/usb/composite.h>
28 #include <linux/usb/functionfs.h> 28 #include <linux/usb/functionfs.h>
29 29
30 30
31 #define FUNCTIONFS_MAGIC 0xa647361 /* Chosen by a honest dice roll ;) */ 31 #define FUNCTIONFS_MAGIC 0xa647361 /* Chosen by a honest dice roll ;) */
32 32
33 33
34 /* Debugging ****************************************************************/ 34 /* Debugging ****************************************************************/
35 35
36 #ifdef VERBOSE_DEBUG 36 #ifdef VERBOSE_DEBUG
37 #ifndef pr_vdebug 37 #ifndef pr_vdebug
38 # define pr_vdebug pr_debug 38 # define pr_vdebug pr_debug
39 #endif /* pr_vdebug */ 39 #endif /* pr_vdebug */
40 # define ffs_dump_mem(prefix, ptr, len) \ 40 # define ffs_dump_mem(prefix, ptr, len) \
41 print_hex_dump_bytes(pr_fmt(prefix ": "), DUMP_PREFIX_NONE, ptr, len) 41 print_hex_dump_bytes(pr_fmt(prefix ": "), DUMP_PREFIX_NONE, ptr, len)
42 #else 42 #else
43 #ifndef pr_vdebug 43 #ifndef pr_vdebug
44 # define pr_vdebug(...) do { } while (0) 44 # define pr_vdebug(...) do { } while (0)
45 #endif /* pr_vdebug */ 45 #endif /* pr_vdebug */
46 # define ffs_dump_mem(prefix, ptr, len) do { } while (0) 46 # define ffs_dump_mem(prefix, ptr, len) do { } while (0)
47 #endif /* VERBOSE_DEBUG */ 47 #endif /* VERBOSE_DEBUG */
48 48
49 #define ENTER() pr_vdebug("%s()\n", __func__) 49 #define ENTER() pr_vdebug("%s()\n", __func__)
50 50
51 51
52 /* The data structure and setup file ****************************************/ 52 /* The data structure and setup file ****************************************/
53 53
54 enum ffs_state { 54 enum ffs_state {
55 /* 55 /*
56 * Waiting for descriptors and strings. 56 * Waiting for descriptors and strings.
57 * 57 *
58 * In this state no open(2), read(2) or write(2) on epfiles 58 * In this state no open(2), read(2) or write(2) on epfiles
59 * may succeed (which should not be the problem as there 59 * may succeed (which should not be the problem as there
60 * should be no such files opened in the first place). 60 * should be no such files opened in the first place).
61 */ 61 */
62 FFS_READ_DESCRIPTORS, 62 FFS_READ_DESCRIPTORS,
63 FFS_READ_STRINGS, 63 FFS_READ_STRINGS,
64 64
65 /* 65 /*
66 * We've got descriptors and strings. We are or have called 66 * We've got descriptors and strings. We are or have called
67 * functionfs_ready_callback(). functionfs_bind() may have 67 * functionfs_ready_callback(). functionfs_bind() may have
68 * been called but we don't know. 68 * been called but we don't know.
69 * 69 *
70 * This is the only state in which operations on epfiles may 70 * This is the only state in which operations on epfiles may
71 * succeed. 71 * succeed.
72 */ 72 */
73 FFS_ACTIVE, 73 FFS_ACTIVE,
74 74
75 /* 75 /*
76 * All endpoints have been closed. This state is also set if 76 * All endpoints have been closed. This state is also set if
77 * we encounter an unrecoverable error. The only 77 * we encounter an unrecoverable error. The only
78 * unrecoverable error is situation when after reading strings 78 * unrecoverable error is situation when after reading strings
79 * from user space we fail to initialise epfiles or 79 * from user space we fail to initialise epfiles or
80 * functionfs_ready_callback() returns with error (<0). 80 * functionfs_ready_callback() returns with error (<0).
81 * 81 *
82 * In this state no open(2), read(2) or write(2) (both on ep0 82 * In this state no open(2), read(2) or write(2) (both on ep0
83 * as well as epfile) may succeed (at this point epfiles are 83 * as well as epfile) may succeed (at this point epfiles are
84 * unlinked and all closed so this is not a problem; ep0 is 84 * unlinked and all closed so this is not a problem; ep0 is
85 * also closed but ep0 file exists and so open(2) on ep0 must 85 * also closed but ep0 file exists and so open(2) on ep0 must
86 * fail). 86 * fail).
87 */ 87 */
88 FFS_CLOSING 88 FFS_CLOSING
89 }; 89 };
90 90
91 91
92 enum ffs_setup_state { 92 enum ffs_setup_state {
93 /* There is no setup request pending. */ 93 /* There is no setup request pending. */
94 FFS_NO_SETUP, 94 FFS_NO_SETUP,
95 /* 95 /*
96 * User has read events and there was a setup request event 96 * User has read events and there was a setup request event
97 * there. The next read/write on ep0 will handle the 97 * there. The next read/write on ep0 will handle the
98 * request. 98 * request.
99 */ 99 */
100 FFS_SETUP_PENDING, 100 FFS_SETUP_PENDING,
101 /* 101 /*
102 * There was event pending but before user space handled it 102 * There was event pending but before user space handled it
103 * some other event was introduced which canceled existing 103 * some other event was introduced which canceled existing
104 * setup. If this state is set read/write on ep0 return 104 * setup. If this state is set read/write on ep0 return
105 * -EIDRM. This state is only set when adding event. 105 * -EIDRM. This state is only set when adding event.
106 */ 106 */
107 FFS_SETUP_CANCELED 107 FFS_SETUP_CANCELED
108 }; 108 };
109 109
110 110
111 111
112 struct ffs_epfile; 112 struct ffs_epfile;
113 struct ffs_function; 113 struct ffs_function;
114 114
115 struct ffs_data { 115 struct ffs_data {
116 struct usb_gadget *gadget; 116 struct usb_gadget *gadget;
117 117
118 /* 118 /*
119 * Protect access read/write operations, only one read/write 119 * Protect access read/write operations, only one read/write
120 * at a time. As a consequence protects ep0req and company. 120 * at a time. As a consequence protects ep0req and company.
121 * While setup request is being processed (queued) this is 121 * While setup request is being processed (queued) this is
122 * held. 122 * held.
123 */ 123 */
124 struct mutex mutex; 124 struct mutex mutex;
125 125
126 /* 126 /*
127 * Protect access to endpoint related structures (basically 127 * Protect access to endpoint related structures (basically
128 * usb_ep_queue(), usb_ep_dequeue(), etc. calls) except for 128 * usb_ep_queue(), usb_ep_dequeue(), etc. calls) except for
129 * endpoint zero. 129 * endpoint zero.
130 */ 130 */
131 spinlock_t eps_lock; 131 spinlock_t eps_lock;
132 132
133 /* 133 /*
134 * XXX REVISIT do we need our own request? Since we are not 134 * XXX REVISIT do we need our own request? Since we are not
135 * handling setup requests immediately user space may be so 135 * handling setup requests immediately user space may be so
136 * slow that another setup will be sent to the gadget but this 136 * slow that another setup will be sent to the gadget but this
137 * time not to us but another function and then there could be 137 * time not to us but another function and then there could be
138 * a race. Is that the case? Or maybe we can use cdev->req 138 * a race. Is that the case? Or maybe we can use cdev->req
139 * after all, maybe we just need some spinlock for that? 139 * after all, maybe we just need some spinlock for that?
140 */ 140 */
141 struct usb_request *ep0req; /* P: mutex */ 141 struct usb_request *ep0req; /* P: mutex */
142 struct completion ep0req_completion; /* P: mutex */ 142 struct completion ep0req_completion; /* P: mutex */
143 int ep0req_status; /* P: mutex */ 143 int ep0req_status; /* P: mutex */
144 144
145 /* reference counter */ 145 /* reference counter */
146 atomic_t ref; 146 atomic_t ref;
147 /* how many files are opened (EP0 and others) */ 147 /* how many files are opened (EP0 and others) */
148 atomic_t opened; 148 atomic_t opened;
149 149
150 /* EP0 state */ 150 /* EP0 state */
151 enum ffs_state state; 151 enum ffs_state state;
152 152
153 /* 153 /*
154 * Possible transitions: 154 * Possible transitions:
155 * + FFS_NO_SETUP -> FFS_SETUP_PENDING -- P: ev.waitq.lock 155 * + FFS_NO_SETUP -> FFS_SETUP_PENDING -- P: ev.waitq.lock
156 * happens only in ep0 read which is P: mutex 156 * happens only in ep0 read which is P: mutex
157 * + FFS_SETUP_PENDING -> FFS_NO_SETUP -- P: ev.waitq.lock 157 * + FFS_SETUP_PENDING -> FFS_NO_SETUP -- P: ev.waitq.lock
158 * happens only in ep0 i/o which is P: mutex 158 * happens only in ep0 i/o which is P: mutex
159 * + FFS_SETUP_PENDING -> FFS_SETUP_CANCELED -- P: ev.waitq.lock 159 * + FFS_SETUP_PENDING -> FFS_SETUP_CANCELED -- P: ev.waitq.lock
160 * + FFS_SETUP_CANCELED -> FFS_NO_SETUP -- cmpxchg 160 * + FFS_SETUP_CANCELED -> FFS_NO_SETUP -- cmpxchg
161 */ 161 */
162 enum ffs_setup_state setup_state; 162 enum ffs_setup_state setup_state;
163 163
164 #define FFS_SETUP_STATE(ffs) \ 164 #define FFS_SETUP_STATE(ffs) \
165 ((enum ffs_setup_state)cmpxchg(&(ffs)->setup_state, \ 165 ((enum ffs_setup_state)cmpxchg(&(ffs)->setup_state, \
166 FFS_SETUP_CANCELED, FFS_NO_SETUP)) 166 FFS_SETUP_CANCELED, FFS_NO_SETUP))
167 167
168 /* Events & such. */ 168 /* Events & such. */
169 struct { 169 struct {
170 u8 types[4]; 170 u8 types[4];
171 unsigned short count; 171 unsigned short count;
172 /* XXX REVISIT need to update it in some places, or do we? */ 172 /* XXX REVISIT need to update it in some places, or do we? */
173 unsigned short can_stall; 173 unsigned short can_stall;
174 struct usb_ctrlrequest setup; 174 struct usb_ctrlrequest setup;
175 175
176 wait_queue_head_t waitq; 176 wait_queue_head_t waitq;
177 } ev; /* the whole structure, P: ev.waitq.lock */ 177 } ev; /* the whole structure, P: ev.waitq.lock */
178 178
179 /* Flags */ 179 /* Flags */
180 unsigned long flags; 180 unsigned long flags;
181 #define FFS_FL_CALL_CLOSED_CALLBACK 0 181 #define FFS_FL_CALL_CLOSED_CALLBACK 0
182 #define FFS_FL_BOUND 1 182 #define FFS_FL_BOUND 1
183 183
184 /* Active function */ 184 /* Active function */
185 struct ffs_function *func; 185 struct ffs_function *func;
186 186
187 /* 187 /*
188 * Device name, write once when file system is mounted. 188 * Device name, write once when file system is mounted.
189 * Intended for user to read if she wants. 189 * Intended for user to read if she wants.
190 */ 190 */
191 const char *dev_name; 191 const char *dev_name;
192 /* Private data for our user (ie. gadget). Managed by user. */ 192 /* Private data for our user (ie. gadget). Managed by user. */
193 void *private_data; 193 void *private_data;
194 194
195 /* filled by __ffs_data_got_descs() */ 195 /* filled by __ffs_data_got_descs() */
196 /* 196 /*
197 * Real descriptors are 16 bytes after raw_descs (so you need 197 * Real descriptors are 16 bytes after raw_descs (so you need
198 * to skip 16 bytes (ie. ffs->raw_descs + 16) to get to the 198 * to skip 16 bytes (ie. ffs->raw_descs + 16) to get to the
199 * first full speed descriptor). raw_descs_length and 199 * first full speed descriptor). raw_descs_length and
200 * raw_fs_descs_length do not have those 16 bytes added. 200 * raw_fs_descs_length do not have those 16 bytes added.
201 */ 201 */
202 const void *raw_descs; 202 const void *raw_descs;
203 unsigned raw_descs_length; 203 unsigned raw_descs_length;
204 unsigned raw_fs_descs_length; 204 unsigned raw_fs_descs_length;
205 unsigned fs_descs_count; 205 unsigned fs_descs_count;
206 unsigned hs_descs_count; 206 unsigned hs_descs_count;
207 207
208 unsigned short strings_count; 208 unsigned short strings_count;
209 unsigned short interfaces_count; 209 unsigned short interfaces_count;
210 unsigned short eps_count; 210 unsigned short eps_count;
211 unsigned short _pad1; 211 unsigned short _pad1;
212 212
213 /* filled by __ffs_data_got_strings() */ 213 /* filled by __ffs_data_got_strings() */
214 /* ids in stringtabs are set in functionfs_bind() */ 214 /* ids in stringtabs are set in functionfs_bind() */
215 const void *raw_strings; 215 const void *raw_strings;
216 struct usb_gadget_strings **stringtabs; 216 struct usb_gadget_strings **stringtabs;
217 217
218 /* 218 /*
219 * File system's super block, write once when file system is 219 * File system's super block, write once when file system is
220 * mounted. 220 * mounted.
221 */ 221 */
222 struct super_block *sb; 222 struct super_block *sb;
223 223
224 /* File permissions, written once when fs is mounted */ 224 /* File permissions, written once when fs is mounted */
225 struct ffs_file_perms { 225 struct ffs_file_perms {
226 umode_t mode; 226 umode_t mode;
227 kuid_t uid; 227 kuid_t uid;
228 kgid_t gid; 228 kgid_t gid;
229 } file_perms; 229 } file_perms;
230 230
231 /* 231 /*
232 * The endpoint files, filled by ffs_epfiles_create(), 232 * The endpoint files, filled by ffs_epfiles_create(),
233 * destroyed by ffs_epfiles_destroy(). 233 * destroyed by ffs_epfiles_destroy().
234 */ 234 */
235 struct ffs_epfile *epfiles; 235 struct ffs_epfile *epfiles;
236 }; 236 };
237 237
238 /* Reference counter handling */ 238 /* Reference counter handling */
239 static void ffs_data_get(struct ffs_data *ffs); 239 static void ffs_data_get(struct ffs_data *ffs);
240 static void ffs_data_put(struct ffs_data *ffs); 240 static void ffs_data_put(struct ffs_data *ffs);
241 /* Creates new ffs_data object. */ 241 /* Creates new ffs_data object. */
242 static struct ffs_data *__must_check ffs_data_new(void) __attribute__((malloc)); 242 static struct ffs_data *__must_check ffs_data_new(void) __attribute__((malloc));
243 243
244 /* Opened counter handling. */ 244 /* Opened counter handling. */
245 static void ffs_data_opened(struct ffs_data *ffs); 245 static void ffs_data_opened(struct ffs_data *ffs);
246 static void ffs_data_closed(struct ffs_data *ffs); 246 static void ffs_data_closed(struct ffs_data *ffs);
247 247
248 /* Called with ffs->mutex held; take over ownership of data. */ 248 /* Called with ffs->mutex held; take over ownership of data. */
249 static int __must_check 249 static int __must_check
250 __ffs_data_got_descs(struct ffs_data *ffs, char *data, size_t len); 250 __ffs_data_got_descs(struct ffs_data *ffs, char *data, size_t len);
251 static int __must_check 251 static int __must_check
252 __ffs_data_got_strings(struct ffs_data *ffs, char *data, size_t len); 252 __ffs_data_got_strings(struct ffs_data *ffs, char *data, size_t len);
253 253
254 254
255 /* The function structure ***************************************************/ 255 /* The function structure ***************************************************/
256 256
257 struct ffs_ep; 257 struct ffs_ep;
258 258
259 struct ffs_function { 259 struct ffs_function {
260 struct usb_configuration *conf; 260 struct usb_configuration *conf;
261 struct usb_gadget *gadget; 261 struct usb_gadget *gadget;
262 struct ffs_data *ffs; 262 struct ffs_data *ffs;
263 263
264 struct ffs_ep *eps; 264 struct ffs_ep *eps;
265 u8 eps_revmap[16]; 265 u8 eps_revmap[16];
266 short *interfaces_nums; 266 short *interfaces_nums;
267 267
268 struct usb_function function; 268 struct usb_function function;
269 }; 269 };
270 270
271 271
272 static struct ffs_function *ffs_func_from_usb(struct usb_function *f) 272 static struct ffs_function *ffs_func_from_usb(struct usb_function *f)
273 { 273 {
274 return container_of(f, struct ffs_function, function); 274 return container_of(f, struct ffs_function, function);
275 } 275 }
276 276
277 static void ffs_func_free(struct ffs_function *func); 277 static void ffs_func_free(struct ffs_function *func);
278 278
279 static void ffs_func_eps_disable(struct ffs_function *func); 279 static void ffs_func_eps_disable(struct ffs_function *func);
280 static int __must_check ffs_func_eps_enable(struct ffs_function *func); 280 static int __must_check ffs_func_eps_enable(struct ffs_function *func);
281 281
282 static int ffs_func_bind(struct usb_configuration *, 282 static int ffs_func_bind(struct usb_configuration *,
283 struct usb_function *); 283 struct usb_function *);
284 static void ffs_func_unbind(struct usb_configuration *, 284 static void ffs_func_unbind(struct usb_configuration *,
285 struct usb_function *); 285 struct usb_function *);
286 static int ffs_func_set_alt(struct usb_function *, unsigned, unsigned); 286 static int ffs_func_set_alt(struct usb_function *, unsigned, unsigned);
287 static void ffs_func_disable(struct usb_function *); 287 static void ffs_func_disable(struct usb_function *);
288 static int ffs_func_setup(struct usb_function *, 288 static int ffs_func_setup(struct usb_function *,
289 const struct usb_ctrlrequest *); 289 const struct usb_ctrlrequest *);
290 static void ffs_func_suspend(struct usb_function *); 290 static void ffs_func_suspend(struct usb_function *);
291 static void ffs_func_resume(struct usb_function *); 291 static void ffs_func_resume(struct usb_function *);
292 292
293 293
294 static int ffs_func_revmap_ep(struct ffs_function *func, u8 num); 294 static int ffs_func_revmap_ep(struct ffs_function *func, u8 num);
295 static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf); 295 static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf);
296 296
297 297
298 /* The endpoints structures *************************************************/ 298 /* The endpoints structures *************************************************/
299 299
300 struct ffs_ep { 300 struct ffs_ep {
301 struct usb_ep *ep; /* P: ffs->eps_lock */ 301 struct usb_ep *ep; /* P: ffs->eps_lock */
302 struct usb_request *req; /* P: epfile->mutex */ 302 struct usb_request *req; /* P: epfile->mutex */
303 303
304 /* [0]: full speed, [1]: high speed */ 304 /* [0]: full speed, [1]: high speed */
305 struct usb_endpoint_descriptor *descs[2]; 305 struct usb_endpoint_descriptor *descs[2];
306 306
307 u8 num; 307 u8 num;
308 308
309 int status; /* P: epfile->mutex */ 309 int status; /* P: epfile->mutex */
310 }; 310 };
311 311
312 struct ffs_epfile { 312 struct ffs_epfile {
313 /* Protects ep->ep and ep->req. */ 313 /* Protects ep->ep and ep->req. */
314 struct mutex mutex; 314 struct mutex mutex;
315 wait_queue_head_t wait; 315 wait_queue_head_t wait;
316 316
317 struct ffs_data *ffs; 317 struct ffs_data *ffs;
318 struct ffs_ep *ep; /* P: ffs->eps_lock */ 318 struct ffs_ep *ep; /* P: ffs->eps_lock */
319 319
320 struct dentry *dentry; 320 struct dentry *dentry;
321 321
322 char name[5]; 322 char name[5];
323 323
324 unsigned char in; /* P: ffs->eps_lock */ 324 unsigned char in; /* P: ffs->eps_lock */
325 unsigned char isoc; /* P: ffs->eps_lock */ 325 unsigned char isoc; /* P: ffs->eps_lock */
326 326
327 unsigned char _pad; 327 unsigned char _pad;
328 }; 328 };
329 329
330 static int __must_check ffs_epfiles_create(struct ffs_data *ffs); 330 static int __must_check ffs_epfiles_create(struct ffs_data *ffs);
331 static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count); 331 static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count);
332 332
333 static struct inode *__must_check 333 static struct inode *__must_check
334 ffs_sb_create_file(struct super_block *sb, const char *name, void *data, 334 ffs_sb_create_file(struct super_block *sb, const char *name, void *data,
335 const struct file_operations *fops, 335 const struct file_operations *fops,
336 struct dentry **dentry_p); 336 struct dentry **dentry_p);
337 337
338 338
339 /* Misc helper functions ****************************************************/ 339 /* Misc helper functions ****************************************************/
340 340
341 static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock) 341 static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
342 __attribute__((warn_unused_result, nonnull)); 342 __attribute__((warn_unused_result, nonnull));
343 static char *ffs_prepare_buffer(const char __user *buf, size_t len) 343 static char *ffs_prepare_buffer(const char __user *buf, size_t len)
344 __attribute__((warn_unused_result, nonnull)); 344 __attribute__((warn_unused_result, nonnull));
345 345
346 346
347 /* Control file aka ep0 *****************************************************/ 347 /* Control file aka ep0 *****************************************************/
348 348
349 static void ffs_ep0_complete(struct usb_ep *ep, struct usb_request *req) 349 static void ffs_ep0_complete(struct usb_ep *ep, struct usb_request *req)
350 { 350 {
351 struct ffs_data *ffs = req->context; 351 struct ffs_data *ffs = req->context;
352 352
353 complete_all(&ffs->ep0req_completion); 353 complete_all(&ffs->ep0req_completion);
354 } 354 }
355 355
356 static int __ffs_ep0_queue_wait(struct ffs_data *ffs, char *data, size_t len) 356 static int __ffs_ep0_queue_wait(struct ffs_data *ffs, char *data, size_t len)
357 { 357 {
358 struct usb_request *req = ffs->ep0req; 358 struct usb_request *req = ffs->ep0req;
359 int ret; 359 int ret;
360 360
361 req->zero = len < le16_to_cpu(ffs->ev.setup.wLength); 361 req->zero = len < le16_to_cpu(ffs->ev.setup.wLength);
362 362
363 spin_unlock_irq(&ffs->ev.waitq.lock); 363 spin_unlock_irq(&ffs->ev.waitq.lock);
364 364
365 req->buf = data; 365 req->buf = data;
366 req->length = len; 366 req->length = len;
367 367
368 /* 368 /*
369 * UDC layer requires to provide a buffer even for ZLP, but should 369 * UDC layer requires to provide a buffer even for ZLP, but should
370 * not use it at all. Let's provide some poisoned pointer to catch 370 * not use it at all. Let's provide some poisoned pointer to catch
371 * possible bug in the driver. 371 * possible bug in the driver.
372 */ 372 */
373 if (req->buf == NULL) 373 if (req->buf == NULL)
374 req->buf = (void *)0xDEADBABE; 374 req->buf = (void *)0xDEADBABE;
375 375
376 INIT_COMPLETION(ffs->ep0req_completion); 376 INIT_COMPLETION(ffs->ep0req_completion);
377 377
378 ret = usb_ep_queue(ffs->gadget->ep0, req, GFP_ATOMIC); 378 ret = usb_ep_queue(ffs->gadget->ep0, req, GFP_ATOMIC);
379 if (unlikely(ret < 0)) 379 if (unlikely(ret < 0))
380 return ret; 380 return ret;
381 381
382 ret = wait_for_completion_interruptible(&ffs->ep0req_completion); 382 ret = wait_for_completion_interruptible(&ffs->ep0req_completion);
383 if (unlikely(ret)) { 383 if (unlikely(ret)) {
384 usb_ep_dequeue(ffs->gadget->ep0, req); 384 usb_ep_dequeue(ffs->gadget->ep0, req);
385 return -EINTR; 385 return -EINTR;
386 } 386 }
387 387
388 ffs->setup_state = FFS_NO_SETUP; 388 ffs->setup_state = FFS_NO_SETUP;
389 return ffs->ep0req_status; 389 return ffs->ep0req_status;
390 } 390 }
391 391
392 static int __ffs_ep0_stall(struct ffs_data *ffs) 392 static int __ffs_ep0_stall(struct ffs_data *ffs)
393 { 393 {
394 if (ffs->ev.can_stall) { 394 if (ffs->ev.can_stall) {
395 pr_vdebug("ep0 stall\n"); 395 pr_vdebug("ep0 stall\n");
396 usb_ep_set_halt(ffs->gadget->ep0); 396 usb_ep_set_halt(ffs->gadget->ep0);
397 ffs->setup_state = FFS_NO_SETUP; 397 ffs->setup_state = FFS_NO_SETUP;
398 return -EL2HLT; 398 return -EL2HLT;
399 } else { 399 } else {
400 pr_debug("bogus ep0 stall!\n"); 400 pr_debug("bogus ep0 stall!\n");
401 return -ESRCH; 401 return -ESRCH;
402 } 402 }
403 } 403 }
404 404
405 static ssize_t ffs_ep0_write(struct file *file, const char __user *buf, 405 static ssize_t ffs_ep0_write(struct file *file, const char __user *buf,
406 size_t len, loff_t *ptr) 406 size_t len, loff_t *ptr)
407 { 407 {
408 struct ffs_data *ffs = file->private_data; 408 struct ffs_data *ffs = file->private_data;
409 ssize_t ret; 409 ssize_t ret;
410 char *data; 410 char *data;
411 411
412 ENTER(); 412 ENTER();
413 413
414 /* Fast check if setup was canceled */ 414 /* Fast check if setup was canceled */
415 if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED) 415 if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED)
416 return -EIDRM; 416 return -EIDRM;
417 417
418 /* Acquire mutex */ 418 /* Acquire mutex */
419 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK); 419 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
420 if (unlikely(ret < 0)) 420 if (unlikely(ret < 0))
421 return ret; 421 return ret;
422 422
423 /* Check state */ 423 /* Check state */
424 switch (ffs->state) { 424 switch (ffs->state) {
425 case FFS_READ_DESCRIPTORS: 425 case FFS_READ_DESCRIPTORS:
426 case FFS_READ_STRINGS: 426 case FFS_READ_STRINGS:
427 /* Copy data */ 427 /* Copy data */
428 if (unlikely(len < 16)) { 428 if (unlikely(len < 16)) {
429 ret = -EINVAL; 429 ret = -EINVAL;
430 break; 430 break;
431 } 431 }
432 432
433 data = ffs_prepare_buffer(buf, len); 433 data = ffs_prepare_buffer(buf, len);
434 if (IS_ERR(data)) { 434 if (IS_ERR(data)) {
435 ret = PTR_ERR(data); 435 ret = PTR_ERR(data);
436 break; 436 break;
437 } 437 }
438 438
439 /* Handle data */ 439 /* Handle data */
440 if (ffs->state == FFS_READ_DESCRIPTORS) { 440 if (ffs->state == FFS_READ_DESCRIPTORS) {
441 pr_info("read descriptors\n"); 441 pr_info("read descriptors\n");
442 ret = __ffs_data_got_descs(ffs, data, len); 442 ret = __ffs_data_got_descs(ffs, data, len);
443 if (unlikely(ret < 0)) 443 if (unlikely(ret < 0))
444 break; 444 break;
445 445
446 ffs->state = FFS_READ_STRINGS; 446 ffs->state = FFS_READ_STRINGS;
447 ret = len; 447 ret = len;
448 } else { 448 } else {
449 pr_info("read strings\n"); 449 pr_info("read strings\n");
450 ret = __ffs_data_got_strings(ffs, data, len); 450 ret = __ffs_data_got_strings(ffs, data, len);
451 if (unlikely(ret < 0)) 451 if (unlikely(ret < 0))
452 break; 452 break;
453 453
454 ret = ffs_epfiles_create(ffs); 454 ret = ffs_epfiles_create(ffs);
455 if (unlikely(ret)) { 455 if (unlikely(ret)) {
456 ffs->state = FFS_CLOSING; 456 ffs->state = FFS_CLOSING;
457 break; 457 break;
458 } 458 }
459 459
460 ffs->state = FFS_ACTIVE; 460 ffs->state = FFS_ACTIVE;
461 mutex_unlock(&ffs->mutex); 461 mutex_unlock(&ffs->mutex);
462 462
463 ret = functionfs_ready_callback(ffs); 463 ret = functionfs_ready_callback(ffs);
464 if (unlikely(ret < 0)) { 464 if (unlikely(ret < 0)) {
465 ffs->state = FFS_CLOSING; 465 ffs->state = FFS_CLOSING;
466 return ret; 466 return ret;
467 } 467 }
468 468
469 set_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags); 469 set_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags);
470 return len; 470 return len;
471 } 471 }
472 break; 472 break;
473 473
474 case FFS_ACTIVE: 474 case FFS_ACTIVE:
475 data = NULL; 475 data = NULL;
476 /* 476 /*
477 * We're called from user space, we can use _irq 477 * We're called from user space, we can use _irq
478 * rather then _irqsave 478 * rather then _irqsave
479 */ 479 */
480 spin_lock_irq(&ffs->ev.waitq.lock); 480 spin_lock_irq(&ffs->ev.waitq.lock);
481 switch (FFS_SETUP_STATE(ffs)) { 481 switch (FFS_SETUP_STATE(ffs)) {
482 case FFS_SETUP_CANCELED: 482 case FFS_SETUP_CANCELED:
483 ret = -EIDRM; 483 ret = -EIDRM;
484 goto done_spin; 484 goto done_spin;
485 485
486 case FFS_NO_SETUP: 486 case FFS_NO_SETUP:
487 ret = -ESRCH; 487 ret = -ESRCH;
488 goto done_spin; 488 goto done_spin;
489 489
490 case FFS_SETUP_PENDING: 490 case FFS_SETUP_PENDING:
491 break; 491 break;
492 } 492 }
493 493
494 /* FFS_SETUP_PENDING */ 494 /* FFS_SETUP_PENDING */
495 if (!(ffs->ev.setup.bRequestType & USB_DIR_IN)) { 495 if (!(ffs->ev.setup.bRequestType & USB_DIR_IN)) {
496 spin_unlock_irq(&ffs->ev.waitq.lock); 496 spin_unlock_irq(&ffs->ev.waitq.lock);
497 ret = __ffs_ep0_stall(ffs); 497 ret = __ffs_ep0_stall(ffs);
498 break; 498 break;
499 } 499 }
500 500
501 /* FFS_SETUP_PENDING and not stall */ 501 /* FFS_SETUP_PENDING and not stall */
502 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength)); 502 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
503 503
504 spin_unlock_irq(&ffs->ev.waitq.lock); 504 spin_unlock_irq(&ffs->ev.waitq.lock);
505 505
506 data = ffs_prepare_buffer(buf, len); 506 data = ffs_prepare_buffer(buf, len);
507 if (IS_ERR(data)) { 507 if (IS_ERR(data)) {
508 ret = PTR_ERR(data); 508 ret = PTR_ERR(data);
509 break; 509 break;
510 } 510 }
511 511
512 spin_lock_irq(&ffs->ev.waitq.lock); 512 spin_lock_irq(&ffs->ev.waitq.lock);
513 513
514 /* 514 /*
515 * We are guaranteed to be still in FFS_ACTIVE state 515 * We are guaranteed to be still in FFS_ACTIVE state
516 * but the state of setup could have changed from 516 * but the state of setup could have changed from
517 * FFS_SETUP_PENDING to FFS_SETUP_CANCELED so we need 517 * FFS_SETUP_PENDING to FFS_SETUP_CANCELED so we need
518 * to check for that. If that happened we copied data 518 * to check for that. If that happened we copied data
519 * from user space in vain but it's unlikely. 519 * from user space in vain but it's unlikely.
520 * 520 *
521 * For sure we are not in FFS_NO_SETUP since this is 521 * For sure we are not in FFS_NO_SETUP since this is
522 * the only place FFS_SETUP_PENDING -> FFS_NO_SETUP 522 * the only place FFS_SETUP_PENDING -> FFS_NO_SETUP
523 * transition can be performed and it's protected by 523 * transition can be performed and it's protected by
524 * mutex. 524 * mutex.
525 */ 525 */
526 if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED) { 526 if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED) {
527 ret = -EIDRM; 527 ret = -EIDRM;
528 done_spin: 528 done_spin:
529 spin_unlock_irq(&ffs->ev.waitq.lock); 529 spin_unlock_irq(&ffs->ev.waitq.lock);
530 } else { 530 } else {
531 /* unlocks spinlock */ 531 /* unlocks spinlock */
532 ret = __ffs_ep0_queue_wait(ffs, data, len); 532 ret = __ffs_ep0_queue_wait(ffs, data, len);
533 } 533 }
534 kfree(data); 534 kfree(data);
535 break; 535 break;
536 536
537 default: 537 default:
538 ret = -EBADFD; 538 ret = -EBADFD;
539 break; 539 break;
540 } 540 }
541 541
542 mutex_unlock(&ffs->mutex); 542 mutex_unlock(&ffs->mutex);
543 return ret; 543 return ret;
544 } 544 }
545 545
546 static ssize_t __ffs_ep0_read_events(struct ffs_data *ffs, char __user *buf, 546 static ssize_t __ffs_ep0_read_events(struct ffs_data *ffs, char __user *buf,
547 size_t n) 547 size_t n)
548 { 548 {
549 /* 549 /*
550 * We are holding ffs->ev.waitq.lock and ffs->mutex and we need 550 * We are holding ffs->ev.waitq.lock and ffs->mutex and we need
551 * to release them. 551 * to release them.
552 */ 552 */
553 struct usb_functionfs_event events[n]; 553 struct usb_functionfs_event events[n];
554 unsigned i = 0; 554 unsigned i = 0;
555 555
556 memset(events, 0, sizeof events); 556 memset(events, 0, sizeof events);
557 557
558 do { 558 do {
559 events[i].type = ffs->ev.types[i]; 559 events[i].type = ffs->ev.types[i];
560 if (events[i].type == FUNCTIONFS_SETUP) { 560 if (events[i].type == FUNCTIONFS_SETUP) {
561 events[i].u.setup = ffs->ev.setup; 561 events[i].u.setup = ffs->ev.setup;
562 ffs->setup_state = FFS_SETUP_PENDING; 562 ffs->setup_state = FFS_SETUP_PENDING;
563 } 563 }
564 } while (++i < n); 564 } while (++i < n);
565 565
566 if (n < ffs->ev.count) { 566 if (n < ffs->ev.count) {
567 ffs->ev.count -= n; 567 ffs->ev.count -= n;
568 memmove(ffs->ev.types, ffs->ev.types + n, 568 memmove(ffs->ev.types, ffs->ev.types + n,
569 ffs->ev.count * sizeof *ffs->ev.types); 569 ffs->ev.count * sizeof *ffs->ev.types);
570 } else { 570 } else {
571 ffs->ev.count = 0; 571 ffs->ev.count = 0;
572 } 572 }
573 573
574 spin_unlock_irq(&ffs->ev.waitq.lock); 574 spin_unlock_irq(&ffs->ev.waitq.lock);
575 mutex_unlock(&ffs->mutex); 575 mutex_unlock(&ffs->mutex);
576 576
577 return unlikely(__copy_to_user(buf, events, sizeof events)) 577 return unlikely(__copy_to_user(buf, events, sizeof events))
578 ? -EFAULT : sizeof events; 578 ? -EFAULT : sizeof events;
579 } 579 }
580 580
581 static ssize_t ffs_ep0_read(struct file *file, char __user *buf, 581 static ssize_t ffs_ep0_read(struct file *file, char __user *buf,
582 size_t len, loff_t *ptr) 582 size_t len, loff_t *ptr)
583 { 583 {
584 struct ffs_data *ffs = file->private_data; 584 struct ffs_data *ffs = file->private_data;
585 char *data = NULL; 585 char *data = NULL;
586 size_t n; 586 size_t n;
587 int ret; 587 int ret;
588 588
589 ENTER(); 589 ENTER();
590 590
591 /* Fast check if setup was canceled */ 591 /* Fast check if setup was canceled */
592 if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED) 592 if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED)
593 return -EIDRM; 593 return -EIDRM;
594 594
595 /* Acquire mutex */ 595 /* Acquire mutex */
596 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK); 596 ret = ffs_mutex_lock(&ffs->mutex, file->f_flags & O_NONBLOCK);
597 if (unlikely(ret < 0)) 597 if (unlikely(ret < 0))
598 return ret; 598 return ret;
599 599
600 /* Check state */ 600 /* Check state */
601 if (ffs->state != FFS_ACTIVE) { 601 if (ffs->state != FFS_ACTIVE) {
602 ret = -EBADFD; 602 ret = -EBADFD;
603 goto done_mutex; 603 goto done_mutex;
604 } 604 }
605 605
606 /* 606 /*
607 * We're called from user space, we can use _irq rather then 607 * We're called from user space, we can use _irq rather then
608 * _irqsave 608 * _irqsave
609 */ 609 */
610 spin_lock_irq(&ffs->ev.waitq.lock); 610 spin_lock_irq(&ffs->ev.waitq.lock);
611 611
612 switch (FFS_SETUP_STATE(ffs)) { 612 switch (FFS_SETUP_STATE(ffs)) {
613 case FFS_SETUP_CANCELED: 613 case FFS_SETUP_CANCELED:
614 ret = -EIDRM; 614 ret = -EIDRM;
615 break; 615 break;
616 616
617 case FFS_NO_SETUP: 617 case FFS_NO_SETUP:
618 n = len / sizeof(struct usb_functionfs_event); 618 n = len / sizeof(struct usb_functionfs_event);
619 if (unlikely(!n)) { 619 if (unlikely(!n)) {
620 ret = -EINVAL; 620 ret = -EINVAL;
621 break; 621 break;
622 } 622 }
623 623
624 if ((file->f_flags & O_NONBLOCK) && !ffs->ev.count) { 624 if ((file->f_flags & O_NONBLOCK) && !ffs->ev.count) {
625 ret = -EAGAIN; 625 ret = -EAGAIN;
626 break; 626 break;
627 } 627 }
628 628
629 if (wait_event_interruptible_exclusive_locked_irq(ffs->ev.waitq, 629 if (wait_event_interruptible_exclusive_locked_irq(ffs->ev.waitq,
630 ffs->ev.count)) { 630 ffs->ev.count)) {
631 ret = -EINTR; 631 ret = -EINTR;
632 break; 632 break;
633 } 633 }
634 634
635 return __ffs_ep0_read_events(ffs, buf, 635 return __ffs_ep0_read_events(ffs, buf,
636 min(n, (size_t)ffs->ev.count)); 636 min(n, (size_t)ffs->ev.count));
637 637
638 case FFS_SETUP_PENDING: 638 case FFS_SETUP_PENDING:
639 if (ffs->ev.setup.bRequestType & USB_DIR_IN) { 639 if (ffs->ev.setup.bRequestType & USB_DIR_IN) {
640 spin_unlock_irq(&ffs->ev.waitq.lock); 640 spin_unlock_irq(&ffs->ev.waitq.lock);
641 ret = __ffs_ep0_stall(ffs); 641 ret = __ffs_ep0_stall(ffs);
642 goto done_mutex; 642 goto done_mutex;
643 } 643 }
644 644
645 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength)); 645 len = min(len, (size_t)le16_to_cpu(ffs->ev.setup.wLength));
646 646
647 spin_unlock_irq(&ffs->ev.waitq.lock); 647 spin_unlock_irq(&ffs->ev.waitq.lock);
648 648
649 if (likely(len)) { 649 if (likely(len)) {
650 data = kmalloc(len, GFP_KERNEL); 650 data = kmalloc(len, GFP_KERNEL);
651 if (unlikely(!data)) { 651 if (unlikely(!data)) {
652 ret = -ENOMEM; 652 ret = -ENOMEM;
653 goto done_mutex; 653 goto done_mutex;
654 } 654 }
655 } 655 }
656 656
657 spin_lock_irq(&ffs->ev.waitq.lock); 657 spin_lock_irq(&ffs->ev.waitq.lock);
658 658
659 /* See ffs_ep0_write() */ 659 /* See ffs_ep0_write() */
660 if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED) { 660 if (FFS_SETUP_STATE(ffs) == FFS_SETUP_CANCELED) {
661 ret = -EIDRM; 661 ret = -EIDRM;
662 break; 662 break;
663 } 663 }
664 664
665 /* unlocks spinlock */ 665 /* unlocks spinlock */
666 ret = __ffs_ep0_queue_wait(ffs, data, len); 666 ret = __ffs_ep0_queue_wait(ffs, data, len);
667 if (likely(ret > 0) && unlikely(__copy_to_user(buf, data, len))) 667 if (likely(ret > 0) && unlikely(__copy_to_user(buf, data, len)))
668 ret = -EFAULT; 668 ret = -EFAULT;
669 goto done_mutex; 669 goto done_mutex;
670 670
671 default: 671 default:
672 ret = -EBADFD; 672 ret = -EBADFD;
673 break; 673 break;
674 } 674 }
675 675
676 spin_unlock_irq(&ffs->ev.waitq.lock); 676 spin_unlock_irq(&ffs->ev.waitq.lock);
677 done_mutex: 677 done_mutex:
678 mutex_unlock(&ffs->mutex); 678 mutex_unlock(&ffs->mutex);
679 kfree(data); 679 kfree(data);
680 return ret; 680 return ret;
681 } 681 }
682 682
683 static int ffs_ep0_open(struct inode *inode, struct file *file) 683 static int ffs_ep0_open(struct inode *inode, struct file *file)
684 { 684 {
685 struct ffs_data *ffs = inode->i_private; 685 struct ffs_data *ffs = inode->i_private;
686 686
687 ENTER(); 687 ENTER();
688 688
689 if (unlikely(ffs->state == FFS_CLOSING)) 689 if (unlikely(ffs->state == FFS_CLOSING))
690 return -EBUSY; 690 return -EBUSY;
691 691
692 file->private_data = ffs; 692 file->private_data = ffs;
693 ffs_data_opened(ffs); 693 ffs_data_opened(ffs);
694 694
695 return 0; 695 return 0;
696 } 696 }
697 697
698 static int ffs_ep0_release(struct inode *inode, struct file *file) 698 static int ffs_ep0_release(struct inode *inode, struct file *file)
699 { 699 {
700 struct ffs_data *ffs = file->private_data; 700 struct ffs_data *ffs = file->private_data;
701 701
702 ENTER(); 702 ENTER();
703 703
704 ffs_data_closed(ffs); 704 ffs_data_closed(ffs);
705 705
706 return 0; 706 return 0;
707 } 707 }
708 708
709 static long ffs_ep0_ioctl(struct file *file, unsigned code, unsigned long value) 709 static long ffs_ep0_ioctl(struct file *file, unsigned code, unsigned long value)
710 { 710 {
711 struct ffs_data *ffs = file->private_data; 711 struct ffs_data *ffs = file->private_data;
712 struct usb_gadget *gadget = ffs->gadget; 712 struct usb_gadget *gadget = ffs->gadget;
713 long ret; 713 long ret;
714 714
715 ENTER(); 715 ENTER();
716 716
717 if (code == FUNCTIONFS_INTERFACE_REVMAP) { 717 if (code == FUNCTIONFS_INTERFACE_REVMAP) {
718 struct ffs_function *func = ffs->func; 718 struct ffs_function *func = ffs->func;
719 ret = func ? ffs_func_revmap_intf(func, value) : -ENODEV; 719 ret = func ? ffs_func_revmap_intf(func, value) : -ENODEV;
720 } else if (gadget && gadget->ops->ioctl) { 720 } else if (gadget && gadget->ops->ioctl) {
721 ret = gadget->ops->ioctl(gadget, code, value); 721 ret = gadget->ops->ioctl(gadget, code, value);
722 } else { 722 } else {
723 ret = -ENOTTY; 723 ret = -ENOTTY;
724 } 724 }
725 725
726 return ret; 726 return ret;
727 } 727 }
728 728
729 static const struct file_operations ffs_ep0_operations = { 729 static const struct file_operations ffs_ep0_operations = {
730 .llseek = no_llseek, 730 .llseek = no_llseek,
731 731
732 .open = ffs_ep0_open, 732 .open = ffs_ep0_open,
733 .write = ffs_ep0_write, 733 .write = ffs_ep0_write,
734 .read = ffs_ep0_read, 734 .read = ffs_ep0_read,
735 .release = ffs_ep0_release, 735 .release = ffs_ep0_release,
736 .unlocked_ioctl = ffs_ep0_ioctl, 736 .unlocked_ioctl = ffs_ep0_ioctl,
737 }; 737 };
738 738
739 739
740 /* "Normal" endpoints operations ********************************************/ 740 /* "Normal" endpoints operations ********************************************/
741 741
742 static void ffs_epfile_io_complete(struct usb_ep *_ep, struct usb_request *req) 742 static void ffs_epfile_io_complete(struct usb_ep *_ep, struct usb_request *req)
743 { 743 {
744 ENTER(); 744 ENTER();
745 if (likely(req->context)) { 745 if (likely(req->context)) {
746 struct ffs_ep *ep = _ep->driver_data; 746 struct ffs_ep *ep = _ep->driver_data;
747 ep->status = req->status ? req->status : req->actual; 747 ep->status = req->status ? req->status : req->actual;
748 complete(req->context); 748 complete(req->context);
749 } 749 }
750 } 750 }
751 751
752 static ssize_t ffs_epfile_io(struct file *file, 752 static ssize_t ffs_epfile_io(struct file *file,
753 char __user *buf, size_t len, int read) 753 char __user *buf, size_t len, int read)
754 { 754 {
755 struct ffs_epfile *epfile = file->private_data; 755 struct ffs_epfile *epfile = file->private_data;
756 struct ffs_ep *ep; 756 struct ffs_ep *ep;
757 char *data = NULL; 757 char *data = NULL;
758 ssize_t ret; 758 ssize_t ret;
759 int halt; 759 int halt;
760 760
761 goto first_try; 761 goto first_try;
762 do { 762 do {
763 spin_unlock_irq(&epfile->ffs->eps_lock); 763 spin_unlock_irq(&epfile->ffs->eps_lock);
764 mutex_unlock(&epfile->mutex); 764 mutex_unlock(&epfile->mutex);
765 765
766 first_try: 766 first_try:
767 /* Are we still active? */ 767 /* Are we still active? */
768 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE)) { 768 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE)) {
769 ret = -ENODEV; 769 ret = -ENODEV;
770 goto error; 770 goto error;
771 } 771 }
772 772
773 /* Wait for endpoint to be enabled */ 773 /* Wait for endpoint to be enabled */
774 ep = epfile->ep; 774 ep = epfile->ep;
775 if (!ep) { 775 if (!ep) {
776 if (file->f_flags & O_NONBLOCK) { 776 if (file->f_flags & O_NONBLOCK) {
777 ret = -EAGAIN; 777 ret = -EAGAIN;
778 goto error; 778 goto error;
779 } 779 }
780 780
781 if (wait_event_interruptible(epfile->wait, 781 if (wait_event_interruptible(epfile->wait,
782 (ep = epfile->ep))) { 782 (ep = epfile->ep))) {
783 ret = -EINTR; 783 ret = -EINTR;
784 goto error; 784 goto error;
785 } 785 }
786 } 786 }
787 787
788 /* Do we halt? */ 788 /* Do we halt? */
789 halt = !read == !epfile->in; 789 halt = !read == !epfile->in;
790 if (halt && epfile->isoc) { 790 if (halt && epfile->isoc) {
791 ret = -EINVAL; 791 ret = -EINVAL;
792 goto error; 792 goto error;
793 } 793 }
794 794
795 /* Allocate & copy */ 795 /* Allocate & copy */
796 if (!halt && !data) { 796 if (!halt && !data) {
797 data = kzalloc(len, GFP_KERNEL); 797 data = kzalloc(len, GFP_KERNEL);
798 if (unlikely(!data)) 798 if (unlikely(!data))
799 return -ENOMEM; 799 return -ENOMEM;
800 800
801 if (!read && 801 if (!read &&
802 unlikely(__copy_from_user(data, buf, len))) { 802 unlikely(__copy_from_user(data, buf, len))) {
803 ret = -EFAULT; 803 ret = -EFAULT;
804 goto error; 804 goto error;
805 } 805 }
806 } 806 }
807 807
808 /* We will be using request */ 808 /* We will be using request */
809 ret = ffs_mutex_lock(&epfile->mutex, 809 ret = ffs_mutex_lock(&epfile->mutex,
810 file->f_flags & O_NONBLOCK); 810 file->f_flags & O_NONBLOCK);
811 if (unlikely(ret)) 811 if (unlikely(ret))
812 goto error; 812 goto error;
813 813
814 /* 814 /*
815 * We're called from user space, we can use _irq rather then 815 * We're called from user space, we can use _irq rather then
816 * _irqsave 816 * _irqsave
817 */ 817 */
818 spin_lock_irq(&epfile->ffs->eps_lock); 818 spin_lock_irq(&epfile->ffs->eps_lock);
819 819
820 /* 820 /*
821 * While we were acquiring mutex endpoint got disabled 821 * While we were acquiring mutex endpoint got disabled
822 * or changed? 822 * or changed?
823 */ 823 */
824 } while (unlikely(epfile->ep != ep)); 824 } while (unlikely(epfile->ep != ep));
825 825
826 /* Halt */ 826 /* Halt */
827 if (unlikely(halt)) { 827 if (unlikely(halt)) {
828 if (likely(epfile->ep == ep) && !WARN_ON(!ep->ep)) 828 if (likely(epfile->ep == ep) && !WARN_ON(!ep->ep))
829 usb_ep_set_halt(ep->ep); 829 usb_ep_set_halt(ep->ep);
830 spin_unlock_irq(&epfile->ffs->eps_lock); 830 spin_unlock_irq(&epfile->ffs->eps_lock);
831 ret = -EBADMSG; 831 ret = -EBADMSG;
832 } else { 832 } else {
833 /* Fire the request */ 833 /* Fire the request */
834 DECLARE_COMPLETION_ONSTACK(done); 834 DECLARE_COMPLETION_ONSTACK(done);
835 835
836 struct usb_request *req = ep->req; 836 struct usb_request *req = ep->req;
837 req->context = &done; 837 req->context = &done;
838 req->complete = ffs_epfile_io_complete; 838 req->complete = ffs_epfile_io_complete;
839 req->buf = data; 839 req->buf = data;
840 req->length = len; 840 req->length = len;
841 841
842 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC); 842 ret = usb_ep_queue(ep->ep, req, GFP_ATOMIC);
843 843
844 spin_unlock_irq(&epfile->ffs->eps_lock); 844 spin_unlock_irq(&epfile->ffs->eps_lock);
845 845
846 if (unlikely(ret < 0)) { 846 if (unlikely(ret < 0)) {
847 /* nop */ 847 /* nop */
848 } else if (unlikely(wait_for_completion_interruptible(&done))) { 848 } else if (unlikely(wait_for_completion_interruptible(&done))) {
849 ret = -EINTR; 849 ret = -EINTR;
850 usb_ep_dequeue(ep->ep, req); 850 usb_ep_dequeue(ep->ep, req);
851 } else { 851 } else {
852 ret = ep->status; 852 ret = ep->status;
853 if (read && ret > 0 && 853 if (read && ret > 0 &&
854 unlikely(copy_to_user(buf, data, ret))) 854 unlikely(copy_to_user(buf, data, ret)))
855 ret = -EFAULT; 855 ret = -EFAULT;
856 } 856 }
857 } 857 }
858 858
859 mutex_unlock(&epfile->mutex); 859 mutex_unlock(&epfile->mutex);
860 error: 860 error:
861 kfree(data); 861 kfree(data);
862 return ret; 862 return ret;
863 } 863 }
864 864
865 static ssize_t 865 static ssize_t
866 ffs_epfile_write(struct file *file, const char __user *buf, size_t len, 866 ffs_epfile_write(struct file *file, const char __user *buf, size_t len,
867 loff_t *ptr) 867 loff_t *ptr)
868 { 868 {
869 ENTER(); 869 ENTER();
870 870
871 return ffs_epfile_io(file, (char __user *)buf, len, 0); 871 return ffs_epfile_io(file, (char __user *)buf, len, 0);
872 } 872 }
873 873
874 static ssize_t 874 static ssize_t
875 ffs_epfile_read(struct file *file, char __user *buf, size_t len, loff_t *ptr) 875 ffs_epfile_read(struct file *file, char __user *buf, size_t len, loff_t *ptr)
876 { 876 {
877 ENTER(); 877 ENTER();
878 878
879 return ffs_epfile_io(file, buf, len, 1); 879 return ffs_epfile_io(file, buf, len, 1);
880 } 880 }
881 881
882 static int 882 static int
883 ffs_epfile_open(struct inode *inode, struct file *file) 883 ffs_epfile_open(struct inode *inode, struct file *file)
884 { 884 {
885 struct ffs_epfile *epfile = inode->i_private; 885 struct ffs_epfile *epfile = inode->i_private;
886 886
887 ENTER(); 887 ENTER();
888 888
889 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE)) 889 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
890 return -ENODEV; 890 return -ENODEV;
891 891
892 file->private_data = epfile; 892 file->private_data = epfile;
893 ffs_data_opened(epfile->ffs); 893 ffs_data_opened(epfile->ffs);
894 894
895 return 0; 895 return 0;
896 } 896 }
897 897
898 static int 898 static int
899 ffs_epfile_release(struct inode *inode, struct file *file) 899 ffs_epfile_release(struct inode *inode, struct file *file)
900 { 900 {
901 struct ffs_epfile *epfile = inode->i_private; 901 struct ffs_epfile *epfile = inode->i_private;
902 902
903 ENTER(); 903 ENTER();
904 904
905 ffs_data_closed(epfile->ffs); 905 ffs_data_closed(epfile->ffs);
906 906
907 return 0; 907 return 0;
908 } 908 }
909 909
910 static long ffs_epfile_ioctl(struct file *file, unsigned code, 910 static long ffs_epfile_ioctl(struct file *file, unsigned code,
911 unsigned long value) 911 unsigned long value)
912 { 912 {
913 struct ffs_epfile *epfile = file->private_data; 913 struct ffs_epfile *epfile = file->private_data;
914 int ret; 914 int ret;
915 915
916 ENTER(); 916 ENTER();
917 917
918 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE)) 918 if (WARN_ON(epfile->ffs->state != FFS_ACTIVE))
919 return -ENODEV; 919 return -ENODEV;
920 920
921 spin_lock_irq(&epfile->ffs->eps_lock); 921 spin_lock_irq(&epfile->ffs->eps_lock);
922 if (likely(epfile->ep)) { 922 if (likely(epfile->ep)) {
923 switch (code) { 923 switch (code) {
924 case FUNCTIONFS_FIFO_STATUS: 924 case FUNCTIONFS_FIFO_STATUS:
925 ret = usb_ep_fifo_status(epfile->ep->ep); 925 ret = usb_ep_fifo_status(epfile->ep->ep);
926 break; 926 break;
927 case FUNCTIONFS_FIFO_FLUSH: 927 case FUNCTIONFS_FIFO_FLUSH:
928 usb_ep_fifo_flush(epfile->ep->ep); 928 usb_ep_fifo_flush(epfile->ep->ep);
929 ret = 0; 929 ret = 0;
930 break; 930 break;
931 case FUNCTIONFS_CLEAR_HALT: 931 case FUNCTIONFS_CLEAR_HALT:
932 ret = usb_ep_clear_halt(epfile->ep->ep); 932 ret = usb_ep_clear_halt(epfile->ep->ep);
933 break; 933 break;
934 case FUNCTIONFS_ENDPOINT_REVMAP: 934 case FUNCTIONFS_ENDPOINT_REVMAP:
935 ret = epfile->ep->num; 935 ret = epfile->ep->num;
936 break; 936 break;
937 default: 937 default:
938 ret = -ENOTTY; 938 ret = -ENOTTY;
939 } 939 }
940 } else { 940 } else {
941 ret = -ENODEV; 941 ret = -ENODEV;
942 } 942 }
943 spin_unlock_irq(&epfile->ffs->eps_lock); 943 spin_unlock_irq(&epfile->ffs->eps_lock);
944 944
945 return ret; 945 return ret;
946 } 946 }
947 947
948 static const struct file_operations ffs_epfile_operations = { 948 static const struct file_operations ffs_epfile_operations = {
949 .llseek = no_llseek, 949 .llseek = no_llseek,
950 950
951 .open = ffs_epfile_open, 951 .open = ffs_epfile_open,
952 .write = ffs_epfile_write, 952 .write = ffs_epfile_write,
953 .read = ffs_epfile_read, 953 .read = ffs_epfile_read,
954 .release = ffs_epfile_release, 954 .release = ffs_epfile_release,
955 .unlocked_ioctl = ffs_epfile_ioctl, 955 .unlocked_ioctl = ffs_epfile_ioctl,
956 }; 956 };
957 957
958 958
959 /* File system and super block operations ***********************************/ 959 /* File system and super block operations ***********************************/
960 960
961 /* 961 /*
962 * Mounting the file system creates a controller file, used first for 962 * Mounting the file system creates a controller file, used first for
963 * function configuration then later for event monitoring. 963 * function configuration then later for event monitoring.
964 */ 964 */
965 965
966 static struct inode *__must_check 966 static struct inode *__must_check
967 ffs_sb_make_inode(struct super_block *sb, void *data, 967 ffs_sb_make_inode(struct super_block *sb, void *data,
968 const struct file_operations *fops, 968 const struct file_operations *fops,
969 const struct inode_operations *iops, 969 const struct inode_operations *iops,
970 struct ffs_file_perms *perms) 970 struct ffs_file_perms *perms)
971 { 971 {
972 struct inode *inode; 972 struct inode *inode;
973 973
974 ENTER(); 974 ENTER();
975 975
976 inode = new_inode(sb); 976 inode = new_inode(sb);
977 977
978 if (likely(inode)) { 978 if (likely(inode)) {
979 struct timespec current_time = CURRENT_TIME; 979 struct timespec current_time = CURRENT_TIME;
980 980
981 inode->i_ino = get_next_ino(); 981 inode->i_ino = get_next_ino();
982 inode->i_mode = perms->mode; 982 inode->i_mode = perms->mode;
983 inode->i_uid = perms->uid; 983 inode->i_uid = perms->uid;
984 inode->i_gid = perms->gid; 984 inode->i_gid = perms->gid;
985 inode->i_atime = current_time; 985 inode->i_atime = current_time;
986 inode->i_mtime = current_time; 986 inode->i_mtime = current_time;
987 inode->i_ctime = current_time; 987 inode->i_ctime = current_time;
988 inode->i_private = data; 988 inode->i_private = data;
989 if (fops) 989 if (fops)
990 inode->i_fop = fops; 990 inode->i_fop = fops;
991 if (iops) 991 if (iops)
992 inode->i_op = iops; 992 inode->i_op = iops;
993 } 993 }
994 994
995 return inode; 995 return inode;
996 } 996 }
997 997
998 /* Create "regular" file */ 998 /* Create "regular" file */
999 static struct inode *ffs_sb_create_file(struct super_block *sb, 999 static struct inode *ffs_sb_create_file(struct super_block *sb,
1000 const char *name, void *data, 1000 const char *name, void *data,
1001 const struct file_operations *fops, 1001 const struct file_operations *fops,
1002 struct dentry **dentry_p) 1002 struct dentry **dentry_p)
1003 { 1003 {
1004 struct ffs_data *ffs = sb->s_fs_info; 1004 struct ffs_data *ffs = sb->s_fs_info;
1005 struct dentry *dentry; 1005 struct dentry *dentry;
1006 struct inode *inode; 1006 struct inode *inode;
1007 1007
1008 ENTER(); 1008 ENTER();
1009 1009
1010 dentry = d_alloc_name(sb->s_root, name); 1010 dentry = d_alloc_name(sb->s_root, name);
1011 if (unlikely(!dentry)) 1011 if (unlikely(!dentry))
1012 return NULL; 1012 return NULL;
1013 1013
1014 inode = ffs_sb_make_inode(sb, data, fops, NULL, &ffs->file_perms); 1014 inode = ffs_sb_make_inode(sb, data, fops, NULL, &ffs->file_perms);
1015 if (unlikely(!inode)) { 1015 if (unlikely(!inode)) {
1016 dput(dentry); 1016 dput(dentry);
1017 return NULL; 1017 return NULL;
1018 } 1018 }
1019 1019
1020 d_add(dentry, inode); 1020 d_add(dentry, inode);
1021 if (dentry_p) 1021 if (dentry_p)
1022 *dentry_p = dentry; 1022 *dentry_p = dentry;
1023 1023
1024 return inode; 1024 return inode;
1025 } 1025 }
1026 1026
1027 /* Super block */ 1027 /* Super block */
1028 static const struct super_operations ffs_sb_operations = { 1028 static const struct super_operations ffs_sb_operations = {
1029 .statfs = simple_statfs, 1029 .statfs = simple_statfs,
1030 .drop_inode = generic_delete_inode, 1030 .drop_inode = generic_delete_inode,
1031 }; 1031 };
1032 1032
1033 struct ffs_sb_fill_data { 1033 struct ffs_sb_fill_data {
1034 struct ffs_file_perms perms; 1034 struct ffs_file_perms perms;
1035 umode_t root_mode; 1035 umode_t root_mode;
1036 const char *dev_name; 1036 const char *dev_name;
1037 union { 1037 union {
1038 /* set by ffs_fs_mount(), read by ffs_sb_fill() */ 1038 /* set by ffs_fs_mount(), read by ffs_sb_fill() */
1039 void *private_data; 1039 void *private_data;
1040 /* set by ffs_sb_fill(), read by ffs_fs_mount */ 1040 /* set by ffs_sb_fill(), read by ffs_fs_mount */
1041 struct ffs_data *ffs_data; 1041 struct ffs_data *ffs_data;
1042 }; 1042 };
1043 }; 1043 };
1044 1044
1045 static int ffs_sb_fill(struct super_block *sb, void *_data, int silent) 1045 static int ffs_sb_fill(struct super_block *sb, void *_data, int silent)
1046 { 1046 {
1047 struct ffs_sb_fill_data *data = _data; 1047 struct ffs_sb_fill_data *data = _data;
1048 struct inode *inode; 1048 struct inode *inode;
1049 struct ffs_data *ffs; 1049 struct ffs_data *ffs;
1050 1050
1051 ENTER(); 1051 ENTER();
1052 1052
1053 /* Initialise data */ 1053 /* Initialise data */
1054 ffs = ffs_data_new(); 1054 ffs = ffs_data_new();
1055 if (unlikely(!ffs)) 1055 if (unlikely(!ffs))
1056 goto Enomem; 1056 goto Enomem;
1057 1057
1058 ffs->sb = sb; 1058 ffs->sb = sb;
1059 ffs->dev_name = kstrdup(data->dev_name, GFP_KERNEL); 1059 ffs->dev_name = kstrdup(data->dev_name, GFP_KERNEL);
1060 if (unlikely(!ffs->dev_name)) 1060 if (unlikely(!ffs->dev_name))
1061 goto Enomem; 1061 goto Enomem;
1062 ffs->file_perms = data->perms; 1062 ffs->file_perms = data->perms;
1063 ffs->private_data = data->private_data; 1063 ffs->private_data = data->private_data;
1064 1064
1065 /* used by the caller of this function */ 1065 /* used by the caller of this function */
1066 data->ffs_data = ffs; 1066 data->ffs_data = ffs;
1067 1067
1068 sb->s_fs_info = ffs; 1068 sb->s_fs_info = ffs;
1069 sb->s_blocksize = PAGE_CACHE_SIZE; 1069 sb->s_blocksize = PAGE_CACHE_SIZE;
1070 sb->s_blocksize_bits = PAGE_CACHE_SHIFT; 1070 sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
1071 sb->s_magic = FUNCTIONFS_MAGIC; 1071 sb->s_magic = FUNCTIONFS_MAGIC;
1072 sb->s_op = &ffs_sb_operations; 1072 sb->s_op = &ffs_sb_operations;
1073 sb->s_time_gran = 1; 1073 sb->s_time_gran = 1;
1074 1074
1075 /* Root inode */ 1075 /* Root inode */
1076 data->perms.mode = data->root_mode; 1076 data->perms.mode = data->root_mode;
1077 inode = ffs_sb_make_inode(sb, NULL, 1077 inode = ffs_sb_make_inode(sb, NULL,
1078 &simple_dir_operations, 1078 &simple_dir_operations,
1079 &simple_dir_inode_operations, 1079 &simple_dir_inode_operations,
1080 &data->perms); 1080 &data->perms);
1081 sb->s_root = d_make_root(inode); 1081 sb->s_root = d_make_root(inode);
1082 if (unlikely(!sb->s_root)) 1082 if (unlikely(!sb->s_root))
1083 goto Enomem; 1083 goto Enomem;
1084 1084
1085 /* EP0 file */ 1085 /* EP0 file */
1086 if (unlikely(!ffs_sb_create_file(sb, "ep0", ffs, 1086 if (unlikely(!ffs_sb_create_file(sb, "ep0", ffs,
1087 &ffs_ep0_operations, NULL))) 1087 &ffs_ep0_operations, NULL)))
1088 goto Enomem; 1088 goto Enomem;
1089 1089
1090 return 0; 1090 return 0;
1091 1091
1092 Enomem: 1092 Enomem:
1093 return -ENOMEM; 1093 return -ENOMEM;
1094 } 1094 }
1095 1095
1096 static int ffs_fs_parse_opts(struct ffs_sb_fill_data *data, char *opts) 1096 static int ffs_fs_parse_opts(struct ffs_sb_fill_data *data, char *opts)
1097 { 1097 {
1098 ENTER(); 1098 ENTER();
1099 1099
1100 if (!opts || !*opts) 1100 if (!opts || !*opts)
1101 return 0; 1101 return 0;
1102 1102
1103 for (;;) { 1103 for (;;) {
1104 unsigned long value; 1104 unsigned long value;
1105 char *eq, *comma; 1105 char *eq, *comma;
1106 1106
1107 /* Option limit */ 1107 /* Option limit */
1108 comma = strchr(opts, ','); 1108 comma = strchr(opts, ',');
1109 if (comma) 1109 if (comma)
1110 *comma = 0; 1110 *comma = 0;
1111 1111
1112 /* Value limit */ 1112 /* Value limit */
1113 eq = strchr(opts, '='); 1113 eq = strchr(opts, '=');
1114 if (unlikely(!eq)) { 1114 if (unlikely(!eq)) {
1115 pr_err("'=' missing in %s\n", opts); 1115 pr_err("'=' missing in %s\n", opts);
1116 return -EINVAL; 1116 return -EINVAL;
1117 } 1117 }
1118 *eq = 0; 1118 *eq = 0;
1119 1119
1120 /* Parse value */ 1120 /* Parse value */
1121 if (kstrtoul(eq + 1, 0, &value)) { 1121 if (kstrtoul(eq + 1, 0, &value)) {
1122 pr_err("%s: invalid value: %s\n", opts, eq + 1); 1122 pr_err("%s: invalid value: %s\n", opts, eq + 1);
1123 return -EINVAL; 1123 return -EINVAL;
1124 } 1124 }
1125 1125
1126 /* Interpret option */ 1126 /* Interpret option */
1127 switch (eq - opts) { 1127 switch (eq - opts) {
1128 case 5: 1128 case 5:
1129 if (!memcmp(opts, "rmode", 5)) 1129 if (!memcmp(opts, "rmode", 5))
1130 data->root_mode = (value & 0555) | S_IFDIR; 1130 data->root_mode = (value & 0555) | S_IFDIR;
1131 else if (!memcmp(opts, "fmode", 5)) 1131 else if (!memcmp(opts, "fmode", 5))
1132 data->perms.mode = (value & 0666) | S_IFREG; 1132 data->perms.mode = (value & 0666) | S_IFREG;
1133 else 1133 else
1134 goto invalid; 1134 goto invalid;
1135 break; 1135 break;
1136 1136
1137 case 4: 1137 case 4:
1138 if (!memcmp(opts, "mode", 4)) { 1138 if (!memcmp(opts, "mode", 4)) {
1139 data->root_mode = (value & 0555) | S_IFDIR; 1139 data->root_mode = (value & 0555) | S_IFDIR;
1140 data->perms.mode = (value & 0666) | S_IFREG; 1140 data->perms.mode = (value & 0666) | S_IFREG;
1141 } else { 1141 } else {
1142 goto invalid; 1142 goto invalid;
1143 } 1143 }
1144 break; 1144 break;
1145 1145
1146 case 3: 1146 case 3:
1147 if (!memcmp(opts, "uid", 3)) { 1147 if (!memcmp(opts, "uid", 3)) {
1148 data->perms.uid = make_kuid(current_user_ns(), value); 1148 data->perms.uid = make_kuid(current_user_ns(), value);
1149 if (!uid_valid(data->perms.uid)) { 1149 if (!uid_valid(data->perms.uid)) {
1150 pr_err("%s: unmapped value: %lu\n", opts, value); 1150 pr_err("%s: unmapped value: %lu\n", opts, value);
1151 return -EINVAL; 1151 return -EINVAL;
1152 } 1152 }
1153 } else if (!memcmp(opts, "gid", 3)) { 1153 } else if (!memcmp(opts, "gid", 3)) {
1154 data->perms.gid = make_kgid(current_user_ns(), value); 1154 data->perms.gid = make_kgid(current_user_ns(), value);
1155 if (!gid_valid(data->perms.gid)) { 1155 if (!gid_valid(data->perms.gid)) {
1156 pr_err("%s: unmapped value: %lu\n", opts, value); 1156 pr_err("%s: unmapped value: %lu\n", opts, value);
1157 return -EINVAL; 1157 return -EINVAL;
1158 } 1158 }
1159 } else { 1159 } else {
1160 goto invalid; 1160 goto invalid;
1161 } 1161 }
1162 break; 1162 break;
1163 1163
1164 default: 1164 default:
1165 invalid: 1165 invalid:
1166 pr_err("%s: invalid option\n", opts); 1166 pr_err("%s: invalid option\n", opts);
1167 return -EINVAL; 1167 return -EINVAL;
1168 } 1168 }
1169 1169
1170 /* Next iteration */ 1170 /* Next iteration */
1171 if (!comma) 1171 if (!comma)
1172 break; 1172 break;
1173 opts = comma + 1; 1173 opts = comma + 1;
1174 } 1174 }
1175 1175
1176 return 0; 1176 return 0;
1177 } 1177 }
1178 1178
1179 /* "mount -t functionfs dev_name /dev/function" ends up here */ 1179 /* "mount -t functionfs dev_name /dev/function" ends up here */
1180 1180
1181 static struct dentry * 1181 static struct dentry *
1182 ffs_fs_mount(struct file_system_type *t, int flags, 1182 ffs_fs_mount(struct file_system_type *t, int flags,
1183 const char *dev_name, void *opts) 1183 const char *dev_name, void *opts)
1184 { 1184 {
1185 struct ffs_sb_fill_data data = { 1185 struct ffs_sb_fill_data data = {
1186 .perms = { 1186 .perms = {
1187 .mode = S_IFREG | 0600, 1187 .mode = S_IFREG | 0600,
1188 .uid = GLOBAL_ROOT_UID, 1188 .uid = GLOBAL_ROOT_UID,
1189 .gid = GLOBAL_ROOT_GID, 1189 .gid = GLOBAL_ROOT_GID,
1190 }, 1190 },
1191 .root_mode = S_IFDIR | 0500, 1191 .root_mode = S_IFDIR | 0500,
1192 }; 1192 };
1193 struct dentry *rv; 1193 struct dentry *rv;
1194 int ret; 1194 int ret;
1195 void *ffs_dev; 1195 void *ffs_dev;
1196 1196
1197 ENTER(); 1197 ENTER();
1198 1198
1199 ret = ffs_fs_parse_opts(&data, opts); 1199 ret = ffs_fs_parse_opts(&data, opts);
1200 if (unlikely(ret < 0)) 1200 if (unlikely(ret < 0))
1201 return ERR_PTR(ret); 1201 return ERR_PTR(ret);
1202 1202
1203 ffs_dev = functionfs_acquire_dev_callback(dev_name); 1203 ffs_dev = functionfs_acquire_dev_callback(dev_name);
1204 if (IS_ERR(ffs_dev)) 1204 if (IS_ERR(ffs_dev))
1205 return ffs_dev; 1205 return ffs_dev;
1206 1206
1207 data.dev_name = dev_name; 1207 data.dev_name = dev_name;
1208 data.private_data = ffs_dev; 1208 data.private_data = ffs_dev;
1209 rv = mount_nodev(t, flags, &data, ffs_sb_fill); 1209 rv = mount_nodev(t, flags, &data, ffs_sb_fill);
1210 1210
1211 /* data.ffs_data is set by ffs_sb_fill */ 1211 /* data.ffs_data is set by ffs_sb_fill */
1212 if (IS_ERR(rv)) 1212 if (IS_ERR(rv))
1213 functionfs_release_dev_callback(data.ffs_data); 1213 functionfs_release_dev_callback(data.ffs_data);
1214 1214
1215 return rv; 1215 return rv;
1216 } 1216 }
1217 1217
1218 static void 1218 static void
1219 ffs_fs_kill_sb(struct super_block *sb) 1219 ffs_fs_kill_sb(struct super_block *sb)
1220 { 1220 {
1221 ENTER(); 1221 ENTER();
1222 1222
1223 kill_litter_super(sb); 1223 kill_litter_super(sb);
1224 if (sb->s_fs_info) { 1224 if (sb->s_fs_info) {
1225 functionfs_release_dev_callback(sb->s_fs_info); 1225 functionfs_release_dev_callback(sb->s_fs_info);
1226 ffs_data_put(sb->s_fs_info); 1226 ffs_data_put(sb->s_fs_info);
1227 } 1227 }
1228 } 1228 }
1229 1229
1230 static struct file_system_type ffs_fs_type = { 1230 static struct file_system_type ffs_fs_type = {
1231 .owner = THIS_MODULE, 1231 .owner = THIS_MODULE,
1232 .name = "functionfs", 1232 .name = "functionfs",
1233 .mount = ffs_fs_mount, 1233 .mount = ffs_fs_mount,
1234 .kill_sb = ffs_fs_kill_sb, 1234 .kill_sb = ffs_fs_kill_sb,
1235 }; 1235 };
1236 MODULE_ALIAS_FS("functionfs"); 1236 MODULE_ALIAS_FS("functionfs");
1237 1237
1238 1238
1239 /* Driver's main init/cleanup functions *************************************/ 1239 /* Driver's main init/cleanup functions *************************************/
1240 1240
1241 static int functionfs_init(void) 1241 static int functionfs_init(void)
1242 { 1242 {
1243 int ret; 1243 int ret;
1244 1244
1245 ENTER(); 1245 ENTER();
1246 1246
1247 ret = register_filesystem(&ffs_fs_type); 1247 ret = register_filesystem(&ffs_fs_type);
1248 if (likely(!ret)) 1248 if (likely(!ret))
1249 pr_info("file system registered\n"); 1249 pr_info("file system registered\n");
1250 else 1250 else
1251 pr_err("failed registering file system (%d)\n", ret); 1251 pr_err("failed registering file system (%d)\n", ret);
1252 1252
1253 return ret; 1253 return ret;
1254 } 1254 }
1255 1255
1256 static void functionfs_cleanup(void) 1256 static void functionfs_cleanup(void)
1257 { 1257 {
1258 ENTER(); 1258 ENTER();
1259 1259
1260 pr_info("unloading\n"); 1260 pr_info("unloading\n");
1261 unregister_filesystem(&ffs_fs_type); 1261 unregister_filesystem(&ffs_fs_type);
1262 } 1262 }
1263 1263
1264 1264
1265 /* ffs_data and ffs_function construction and destruction code **************/ 1265 /* ffs_data and ffs_function construction and destruction code **************/
1266 1266
1267 static void ffs_data_clear(struct ffs_data *ffs); 1267 static void ffs_data_clear(struct ffs_data *ffs);
1268 static void ffs_data_reset(struct ffs_data *ffs); 1268 static void ffs_data_reset(struct ffs_data *ffs);
1269 1269
1270 static void ffs_data_get(struct ffs_data *ffs) 1270 static void ffs_data_get(struct ffs_data *ffs)
1271 { 1271 {
1272 ENTER(); 1272 ENTER();
1273 1273
1274 atomic_inc(&ffs->ref); 1274 atomic_inc(&ffs->ref);
1275 } 1275 }
1276 1276
1277 static void ffs_data_opened(struct ffs_data *ffs) 1277 static void ffs_data_opened(struct ffs_data *ffs)
1278 { 1278 {
1279 ENTER(); 1279 ENTER();
1280 1280
1281 atomic_inc(&ffs->ref); 1281 atomic_inc(&ffs->ref);
1282 atomic_inc(&ffs->opened); 1282 atomic_inc(&ffs->opened);
1283 } 1283 }
1284 1284
1285 static void ffs_data_put(struct ffs_data *ffs) 1285 static void ffs_data_put(struct ffs_data *ffs)
1286 { 1286 {
1287 ENTER(); 1287 ENTER();
1288 1288
1289 if (unlikely(atomic_dec_and_test(&ffs->ref))) { 1289 if (unlikely(atomic_dec_and_test(&ffs->ref))) {
1290 pr_info("%s(): freeing\n", __func__); 1290 pr_info("%s(): freeing\n", __func__);
1291 ffs_data_clear(ffs); 1291 ffs_data_clear(ffs);
1292 BUG_ON(waitqueue_active(&ffs->ev.waitq) || 1292 BUG_ON(waitqueue_active(&ffs->ev.waitq) ||
1293 waitqueue_active(&ffs->ep0req_completion.wait)); 1293 waitqueue_active(&ffs->ep0req_completion.wait));
1294 kfree(ffs->dev_name); 1294 kfree(ffs->dev_name);
1295 kfree(ffs); 1295 kfree(ffs);
1296 } 1296 }
1297 } 1297 }
1298 1298
1299 static void ffs_data_closed(struct ffs_data *ffs) 1299 static void ffs_data_closed(struct ffs_data *ffs)
1300 { 1300 {
1301 ENTER(); 1301 ENTER();
1302 1302
1303 if (atomic_dec_and_test(&ffs->opened)) { 1303 if (atomic_dec_and_test(&ffs->opened)) {
1304 ffs->state = FFS_CLOSING; 1304 ffs->state = FFS_CLOSING;
1305 ffs_data_reset(ffs); 1305 ffs_data_reset(ffs);
1306 } 1306 }
1307 1307
1308 ffs_data_put(ffs); 1308 ffs_data_put(ffs);
1309 } 1309 }
1310 1310
1311 static struct ffs_data *ffs_data_new(void) 1311 static struct ffs_data *ffs_data_new(void)
1312 { 1312 {
1313 struct ffs_data *ffs = kzalloc(sizeof *ffs, GFP_KERNEL); 1313 struct ffs_data *ffs = kzalloc(sizeof *ffs, GFP_KERNEL);
1314 if (unlikely(!ffs)) 1314 if (unlikely(!ffs))
1315 return 0; 1315 return 0;
1316 1316
1317 ENTER(); 1317 ENTER();
1318 1318
1319 atomic_set(&ffs->ref, 1); 1319 atomic_set(&ffs->ref, 1);
1320 atomic_set(&ffs->opened, 0); 1320 atomic_set(&ffs->opened, 0);
1321 ffs->state = FFS_READ_DESCRIPTORS; 1321 ffs->state = FFS_READ_DESCRIPTORS;
1322 mutex_init(&ffs->mutex); 1322 mutex_init(&ffs->mutex);
1323 spin_lock_init(&ffs->eps_lock); 1323 spin_lock_init(&ffs->eps_lock);
1324 init_waitqueue_head(&ffs->ev.waitq); 1324 init_waitqueue_head(&ffs->ev.waitq);
1325 init_completion(&ffs->ep0req_completion); 1325 init_completion(&ffs->ep0req_completion);
1326 1326
1327 /* XXX REVISIT need to update it in some places, or do we? */ 1327 /* XXX REVISIT need to update it in some places, or do we? */
1328 ffs->ev.can_stall = 1; 1328 ffs->ev.can_stall = 1;
1329 1329
1330 return ffs; 1330 return ffs;
1331 } 1331 }
1332 1332
1333 static void ffs_data_clear(struct ffs_data *ffs) 1333 static void ffs_data_clear(struct ffs_data *ffs)
1334 { 1334 {
1335 ENTER(); 1335 ENTER();
1336 1336
1337 if (test_and_clear_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags)) 1337 if (test_and_clear_bit(FFS_FL_CALL_CLOSED_CALLBACK, &ffs->flags))
1338 functionfs_closed_callback(ffs); 1338 functionfs_closed_callback(ffs);
1339 1339
1340 BUG_ON(ffs->gadget); 1340 BUG_ON(ffs->gadget);
1341 1341
1342 if (ffs->epfiles) 1342 if (ffs->epfiles)
1343 ffs_epfiles_destroy(ffs->epfiles, ffs->eps_count); 1343 ffs_epfiles_destroy(ffs->epfiles, ffs->eps_count);
1344 1344
1345 kfree(ffs->raw_descs); 1345 kfree(ffs->raw_descs);
1346 kfree(ffs->raw_strings); 1346 kfree(ffs->raw_strings);
1347 kfree(ffs->stringtabs); 1347 kfree(ffs->stringtabs);
1348 } 1348 }
1349 1349
1350 static void ffs_data_reset(struct ffs_data *ffs) 1350 static void ffs_data_reset(struct ffs_data *ffs)
1351 { 1351 {
1352 ENTER(); 1352 ENTER();
1353 1353
1354 ffs_data_clear(ffs); 1354 ffs_data_clear(ffs);
1355 1355
1356 ffs->epfiles = NULL; 1356 ffs->epfiles = NULL;
1357 ffs->raw_descs = NULL; 1357 ffs->raw_descs = NULL;
1358 ffs->raw_strings = NULL; 1358 ffs->raw_strings = NULL;
1359 ffs->stringtabs = NULL; 1359 ffs->stringtabs = NULL;
1360 1360
1361 ffs->raw_descs_length = 0; 1361 ffs->raw_descs_length = 0;
1362 ffs->raw_fs_descs_length = 0; 1362 ffs->raw_fs_descs_length = 0;
1363 ffs->fs_descs_count = 0; 1363 ffs->fs_descs_count = 0;
1364 ffs->hs_descs_count = 0; 1364 ffs->hs_descs_count = 0;
1365 1365
1366 ffs->strings_count = 0; 1366 ffs->strings_count = 0;
1367 ffs->interfaces_count = 0; 1367 ffs->interfaces_count = 0;
1368 ffs->eps_count = 0; 1368 ffs->eps_count = 0;
1369 1369
1370 ffs->ev.count = 0; 1370 ffs->ev.count = 0;
1371 1371
1372 ffs->state = FFS_READ_DESCRIPTORS; 1372 ffs->state = FFS_READ_DESCRIPTORS;
1373 ffs->setup_state = FFS_NO_SETUP; 1373 ffs->setup_state = FFS_NO_SETUP;
1374 ffs->flags = 0; 1374 ffs->flags = 0;
1375 } 1375 }
1376 1376
1377 1377
1378 static int functionfs_bind(struct ffs_data *ffs, struct usb_composite_dev *cdev) 1378 static int functionfs_bind(struct ffs_data *ffs, struct usb_composite_dev *cdev)
1379 { 1379 {
1380 struct usb_gadget_strings **lang; 1380 struct usb_gadget_strings **lang;
1381 int first_id; 1381 int first_id;
1382 1382
1383 ENTER(); 1383 ENTER();
1384 1384
1385 if (WARN_ON(ffs->state != FFS_ACTIVE 1385 if (WARN_ON(ffs->state != FFS_ACTIVE
1386 || test_and_set_bit(FFS_FL_BOUND, &ffs->flags))) 1386 || test_and_set_bit(FFS_FL_BOUND, &ffs->flags)))
1387 return -EBADFD; 1387 return -EBADFD;
1388 1388
1389 first_id = usb_string_ids_n(cdev, ffs->strings_count); 1389 first_id = usb_string_ids_n(cdev, ffs->strings_count);
1390 if (unlikely(first_id < 0)) 1390 if (unlikely(first_id < 0))
1391 return first_id; 1391 return first_id;
1392 1392
1393 ffs->ep0req = usb_ep_alloc_request(cdev->gadget->ep0, GFP_KERNEL); 1393 ffs->ep0req = usb_ep_alloc_request(cdev->gadget->ep0, GFP_KERNEL);
1394 if (unlikely(!ffs->ep0req)) 1394 if (unlikely(!ffs->ep0req))
1395 return -ENOMEM; 1395 return -ENOMEM;
1396 ffs->ep0req->complete = ffs_ep0_complete; 1396 ffs->ep0req->complete = ffs_ep0_complete;
1397 ffs->ep0req->context = ffs; 1397 ffs->ep0req->context = ffs;
1398 1398
1399 lang = ffs->stringtabs; 1399 lang = ffs->stringtabs;
1400 for (lang = ffs->stringtabs; *lang; ++lang) { 1400 for (lang = ffs->stringtabs; *lang; ++lang) {
1401 struct usb_string *str = (*lang)->strings; 1401 struct usb_string *str = (*lang)->strings;
1402 int id = first_id; 1402 int id = first_id;
1403 for (; str->s; ++id, ++str) 1403 for (; str->s; ++id, ++str)
1404 str->id = id; 1404 str->id = id;
1405 } 1405 }
1406 1406
1407 ffs->gadget = cdev->gadget; 1407 ffs->gadget = cdev->gadget;
1408 ffs_data_get(ffs); 1408 ffs_data_get(ffs);
1409 return 0; 1409 return 0;
1410 } 1410 }
1411 1411
1412 static void functionfs_unbind(struct ffs_data *ffs) 1412 static void functionfs_unbind(struct ffs_data *ffs)
1413 { 1413 {
1414 ENTER(); 1414 ENTER();
1415 1415
1416 if (!WARN_ON(!ffs->gadget)) { 1416 if (!WARN_ON(!ffs->gadget)) {
1417 usb_ep_free_request(ffs->gadget->ep0, ffs->ep0req); 1417 usb_ep_free_request(ffs->gadget->ep0, ffs->ep0req);
1418 ffs->ep0req = NULL; 1418 ffs->ep0req = NULL;
1419 ffs->gadget = NULL; 1419 ffs->gadget = NULL;
1420 ffs_data_put(ffs);
1421 clear_bit(FFS_FL_BOUND, &ffs->flags); 1420 clear_bit(FFS_FL_BOUND, &ffs->flags);
1421 ffs_data_put(ffs);
1422 } 1422 }
1423 } 1423 }
1424 1424
1425 static int ffs_epfiles_create(struct ffs_data *ffs) 1425 static int ffs_epfiles_create(struct ffs_data *ffs)
1426 { 1426 {
1427 struct ffs_epfile *epfile, *epfiles; 1427 struct ffs_epfile *epfile, *epfiles;
1428 unsigned i, count; 1428 unsigned i, count;
1429 1429
1430 ENTER(); 1430 ENTER();
1431 1431
1432 count = ffs->eps_count; 1432 count = ffs->eps_count;
1433 epfiles = kcalloc(count, sizeof(*epfiles), GFP_KERNEL); 1433 epfiles = kcalloc(count, sizeof(*epfiles), GFP_KERNEL);
1434 if (!epfiles) 1434 if (!epfiles)
1435 return -ENOMEM; 1435 return -ENOMEM;
1436 1436
1437 epfile = epfiles; 1437 epfile = epfiles;
1438 for (i = 1; i <= count; ++i, ++epfile) { 1438 for (i = 1; i <= count; ++i, ++epfile) {
1439 epfile->ffs = ffs; 1439 epfile->ffs = ffs;
1440 mutex_init(&epfile->mutex); 1440 mutex_init(&epfile->mutex);
1441 init_waitqueue_head(&epfile->wait); 1441 init_waitqueue_head(&epfile->wait);
1442 sprintf(epfiles->name, "ep%u", i); 1442 sprintf(epfiles->name, "ep%u", i);
1443 if (!unlikely(ffs_sb_create_file(ffs->sb, epfiles->name, epfile, 1443 if (!unlikely(ffs_sb_create_file(ffs->sb, epfiles->name, epfile,
1444 &ffs_epfile_operations, 1444 &ffs_epfile_operations,
1445 &epfile->dentry))) { 1445 &epfile->dentry))) {
1446 ffs_epfiles_destroy(epfiles, i - 1); 1446 ffs_epfiles_destroy(epfiles, i - 1);
1447 return -ENOMEM; 1447 return -ENOMEM;
1448 } 1448 }
1449 } 1449 }
1450 1450
1451 ffs->epfiles = epfiles; 1451 ffs->epfiles = epfiles;
1452 return 0; 1452 return 0;
1453 } 1453 }
1454 1454
1455 static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count) 1455 static void ffs_epfiles_destroy(struct ffs_epfile *epfiles, unsigned count)
1456 { 1456 {
1457 struct ffs_epfile *epfile = epfiles; 1457 struct ffs_epfile *epfile = epfiles;
1458 1458
1459 ENTER(); 1459 ENTER();
1460 1460
1461 for (; count; --count, ++epfile) { 1461 for (; count; --count, ++epfile) {
1462 BUG_ON(mutex_is_locked(&epfile->mutex) || 1462 BUG_ON(mutex_is_locked(&epfile->mutex) ||
1463 waitqueue_active(&epfile->wait)); 1463 waitqueue_active(&epfile->wait));
1464 if (epfile->dentry) { 1464 if (epfile->dentry) {
1465 d_delete(epfile->dentry); 1465 d_delete(epfile->dentry);
1466 dput(epfile->dentry); 1466 dput(epfile->dentry);
1467 epfile->dentry = NULL; 1467 epfile->dentry = NULL;
1468 } 1468 }
1469 } 1469 }
1470 1470
1471 kfree(epfiles); 1471 kfree(epfiles);
1472 } 1472 }
1473 1473
1474 static int functionfs_bind_config(struct usb_composite_dev *cdev, 1474 static int functionfs_bind_config(struct usb_composite_dev *cdev,
1475 struct usb_configuration *c, 1475 struct usb_configuration *c,
1476 struct ffs_data *ffs) 1476 struct ffs_data *ffs)
1477 { 1477 {
1478 struct ffs_function *func; 1478 struct ffs_function *func;
1479 int ret; 1479 int ret;
1480 1480
1481 ENTER(); 1481 ENTER();
1482 1482
1483 func = kzalloc(sizeof *func, GFP_KERNEL); 1483 func = kzalloc(sizeof *func, GFP_KERNEL);
1484 if (unlikely(!func)) 1484 if (unlikely(!func))
1485 return -ENOMEM; 1485 return -ENOMEM;
1486 1486
1487 func->function.name = "Function FS Gadget"; 1487 func->function.name = "Function FS Gadget";
1488 func->function.strings = ffs->stringtabs; 1488 func->function.strings = ffs->stringtabs;
1489 1489
1490 func->function.bind = ffs_func_bind; 1490 func->function.bind = ffs_func_bind;
1491 func->function.unbind = ffs_func_unbind; 1491 func->function.unbind = ffs_func_unbind;
1492 func->function.set_alt = ffs_func_set_alt; 1492 func->function.set_alt = ffs_func_set_alt;
1493 func->function.disable = ffs_func_disable; 1493 func->function.disable = ffs_func_disable;
1494 func->function.setup = ffs_func_setup; 1494 func->function.setup = ffs_func_setup;
1495 func->function.suspend = ffs_func_suspend; 1495 func->function.suspend = ffs_func_suspend;
1496 func->function.resume = ffs_func_resume; 1496 func->function.resume = ffs_func_resume;
1497 1497
1498 func->conf = c; 1498 func->conf = c;
1499 func->gadget = cdev->gadget; 1499 func->gadget = cdev->gadget;
1500 func->ffs = ffs; 1500 func->ffs = ffs;
1501 ffs_data_get(ffs); 1501 ffs_data_get(ffs);
1502 1502
1503 ret = usb_add_function(c, &func->function); 1503 ret = usb_add_function(c, &func->function);
1504 if (unlikely(ret)) 1504 if (unlikely(ret))
1505 ffs_func_free(func); 1505 ffs_func_free(func);
1506 1506
1507 return ret; 1507 return ret;
1508 } 1508 }
1509 1509
1510 static void ffs_func_free(struct ffs_function *func) 1510 static void ffs_func_free(struct ffs_function *func)
1511 { 1511 {
1512 struct ffs_ep *ep = func->eps; 1512 struct ffs_ep *ep = func->eps;
1513 unsigned count = func->ffs->eps_count; 1513 unsigned count = func->ffs->eps_count;
1514 unsigned long flags; 1514 unsigned long flags;
1515 1515
1516 ENTER(); 1516 ENTER();
1517 1517
1518 /* cleanup after autoconfig */ 1518 /* cleanup after autoconfig */
1519 spin_lock_irqsave(&func->ffs->eps_lock, flags); 1519 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1520 do { 1520 do {
1521 if (ep->ep && ep->req) 1521 if (ep->ep && ep->req)
1522 usb_ep_free_request(ep->ep, ep->req); 1522 usb_ep_free_request(ep->ep, ep->req);
1523 ep->req = NULL; 1523 ep->req = NULL;
1524 ++ep; 1524 ++ep;
1525 } while (--count); 1525 } while (--count);
1526 spin_unlock_irqrestore(&func->ffs->eps_lock, flags); 1526 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1527 1527
1528 ffs_data_put(func->ffs); 1528 ffs_data_put(func->ffs);
1529 1529
1530 kfree(func->eps); 1530 kfree(func->eps);
1531 /* 1531 /*
1532 * eps and interfaces_nums are allocated in the same chunk so 1532 * eps and interfaces_nums are allocated in the same chunk so
1533 * only one free is required. Descriptors are also allocated 1533 * only one free is required. Descriptors are also allocated
1534 * in the same chunk. 1534 * in the same chunk.
1535 */ 1535 */
1536 1536
1537 kfree(func); 1537 kfree(func);
1538 } 1538 }
1539 1539
1540 static void ffs_func_eps_disable(struct ffs_function *func) 1540 static void ffs_func_eps_disable(struct ffs_function *func)
1541 { 1541 {
1542 struct ffs_ep *ep = func->eps; 1542 struct ffs_ep *ep = func->eps;
1543 struct ffs_epfile *epfile = func->ffs->epfiles; 1543 struct ffs_epfile *epfile = func->ffs->epfiles;
1544 unsigned count = func->ffs->eps_count; 1544 unsigned count = func->ffs->eps_count;
1545 unsigned long flags; 1545 unsigned long flags;
1546 1546
1547 spin_lock_irqsave(&func->ffs->eps_lock, flags); 1547 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1548 do { 1548 do {
1549 /* pending requests get nuked */ 1549 /* pending requests get nuked */
1550 if (likely(ep->ep)) 1550 if (likely(ep->ep))
1551 usb_ep_disable(ep->ep); 1551 usb_ep_disable(ep->ep);
1552 epfile->ep = NULL; 1552 epfile->ep = NULL;
1553 1553
1554 ++ep; 1554 ++ep;
1555 ++epfile; 1555 ++epfile;
1556 } while (--count); 1556 } while (--count);
1557 spin_unlock_irqrestore(&func->ffs->eps_lock, flags); 1557 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1558 } 1558 }
1559 1559
1560 static int ffs_func_eps_enable(struct ffs_function *func) 1560 static int ffs_func_eps_enable(struct ffs_function *func)
1561 { 1561 {
1562 struct ffs_data *ffs = func->ffs; 1562 struct ffs_data *ffs = func->ffs;
1563 struct ffs_ep *ep = func->eps; 1563 struct ffs_ep *ep = func->eps;
1564 struct ffs_epfile *epfile = ffs->epfiles; 1564 struct ffs_epfile *epfile = ffs->epfiles;
1565 unsigned count = ffs->eps_count; 1565 unsigned count = ffs->eps_count;
1566 unsigned long flags; 1566 unsigned long flags;
1567 int ret = 0; 1567 int ret = 0;
1568 1568
1569 spin_lock_irqsave(&func->ffs->eps_lock, flags); 1569 spin_lock_irqsave(&func->ffs->eps_lock, flags);
1570 do { 1570 do {
1571 struct usb_endpoint_descriptor *ds; 1571 struct usb_endpoint_descriptor *ds;
1572 ds = ep->descs[ep->descs[1] ? 1 : 0]; 1572 ds = ep->descs[ep->descs[1] ? 1 : 0];
1573 1573
1574 ep->ep->driver_data = ep; 1574 ep->ep->driver_data = ep;
1575 ep->ep->desc = ds; 1575 ep->ep->desc = ds;
1576 ret = usb_ep_enable(ep->ep); 1576 ret = usb_ep_enable(ep->ep);
1577 if (likely(!ret)) { 1577 if (likely(!ret)) {
1578 epfile->ep = ep; 1578 epfile->ep = ep;
1579 epfile->in = usb_endpoint_dir_in(ds); 1579 epfile->in = usb_endpoint_dir_in(ds);
1580 epfile->isoc = usb_endpoint_xfer_isoc(ds); 1580 epfile->isoc = usb_endpoint_xfer_isoc(ds);
1581 } else { 1581 } else {
1582 break; 1582 break;
1583 } 1583 }
1584 1584
1585 wake_up(&epfile->wait); 1585 wake_up(&epfile->wait);
1586 1586
1587 ++ep; 1587 ++ep;
1588 ++epfile; 1588 ++epfile;
1589 } while (--count); 1589 } while (--count);
1590 spin_unlock_irqrestore(&func->ffs->eps_lock, flags); 1590 spin_unlock_irqrestore(&func->ffs->eps_lock, flags);
1591 1591
1592 return ret; 1592 return ret;
1593 } 1593 }
1594 1594
1595 1595
1596 /* Parsing and building descriptors and strings *****************************/ 1596 /* Parsing and building descriptors and strings *****************************/
1597 1597
1598 /* 1598 /*
1599 * This validates if data pointed by data is a valid USB descriptor as 1599 * This validates if data pointed by data is a valid USB descriptor as
1600 * well as record how many interfaces, endpoints and strings are 1600 * well as record how many interfaces, endpoints and strings are
1601 * required by given configuration. Returns address after the 1601 * required by given configuration. Returns address after the
1602 * descriptor or NULL if data is invalid. 1602 * descriptor or NULL if data is invalid.
1603 */ 1603 */
1604 1604
1605 enum ffs_entity_type { 1605 enum ffs_entity_type {
1606 FFS_DESCRIPTOR, FFS_INTERFACE, FFS_STRING, FFS_ENDPOINT 1606 FFS_DESCRIPTOR, FFS_INTERFACE, FFS_STRING, FFS_ENDPOINT
1607 }; 1607 };
1608 1608
1609 typedef int (*ffs_entity_callback)(enum ffs_entity_type entity, 1609 typedef int (*ffs_entity_callback)(enum ffs_entity_type entity,
1610 u8 *valuep, 1610 u8 *valuep,
1611 struct usb_descriptor_header *desc, 1611 struct usb_descriptor_header *desc,
1612 void *priv); 1612 void *priv);
1613 1613
1614 static int __must_check ffs_do_desc(char *data, unsigned len, 1614 static int __must_check ffs_do_desc(char *data, unsigned len,
1615 ffs_entity_callback entity, void *priv) 1615 ffs_entity_callback entity, void *priv)
1616 { 1616 {
1617 struct usb_descriptor_header *_ds = (void *)data; 1617 struct usb_descriptor_header *_ds = (void *)data;
1618 u8 length; 1618 u8 length;
1619 int ret; 1619 int ret;
1620 1620
1621 ENTER(); 1621 ENTER();
1622 1622
1623 /* At least two bytes are required: length and type */ 1623 /* At least two bytes are required: length and type */
1624 if (len < 2) { 1624 if (len < 2) {
1625 pr_vdebug("descriptor too short\n"); 1625 pr_vdebug("descriptor too short\n");
1626 return -EINVAL; 1626 return -EINVAL;
1627 } 1627 }
1628 1628
1629 /* If we have at least as many bytes as the descriptor takes? */ 1629 /* If we have at least as many bytes as the descriptor takes? */
1630 length = _ds->bLength; 1630 length = _ds->bLength;
1631 if (len < length) { 1631 if (len < length) {
1632 pr_vdebug("descriptor longer then available data\n"); 1632 pr_vdebug("descriptor longer then available data\n");
1633 return -EINVAL; 1633 return -EINVAL;
1634 } 1634 }
1635 1635
1636 #define __entity_check_INTERFACE(val) 1 1636 #define __entity_check_INTERFACE(val) 1
1637 #define __entity_check_STRING(val) (val) 1637 #define __entity_check_STRING(val) (val)
1638 #define __entity_check_ENDPOINT(val) ((val) & USB_ENDPOINT_NUMBER_MASK) 1638 #define __entity_check_ENDPOINT(val) ((val) & USB_ENDPOINT_NUMBER_MASK)
1639 #define __entity(type, val) do { \ 1639 #define __entity(type, val) do { \
1640 pr_vdebug("entity " #type "(%02x)\n", (val)); \ 1640 pr_vdebug("entity " #type "(%02x)\n", (val)); \
1641 if (unlikely(!__entity_check_ ##type(val))) { \ 1641 if (unlikely(!__entity_check_ ##type(val))) { \
1642 pr_vdebug("invalid entity's value\n"); \ 1642 pr_vdebug("invalid entity's value\n"); \
1643 return -EINVAL; \ 1643 return -EINVAL; \
1644 } \ 1644 } \
1645 ret = entity(FFS_ ##type, &val, _ds, priv); \ 1645 ret = entity(FFS_ ##type, &val, _ds, priv); \
1646 if (unlikely(ret < 0)) { \ 1646 if (unlikely(ret < 0)) { \
1647 pr_debug("entity " #type "(%02x); ret = %d\n", \ 1647 pr_debug("entity " #type "(%02x); ret = %d\n", \
1648 (val), ret); \ 1648 (val), ret); \
1649 return ret; \ 1649 return ret; \
1650 } \ 1650 } \
1651 } while (0) 1651 } while (0)
1652 1652
1653 /* Parse descriptor depending on type. */ 1653 /* Parse descriptor depending on type. */
1654 switch (_ds->bDescriptorType) { 1654 switch (_ds->bDescriptorType) {
1655 case USB_DT_DEVICE: 1655 case USB_DT_DEVICE:
1656 case USB_DT_CONFIG: 1656 case USB_DT_CONFIG:
1657 case USB_DT_STRING: 1657 case USB_DT_STRING:
1658 case USB_DT_DEVICE_QUALIFIER: 1658 case USB_DT_DEVICE_QUALIFIER:
1659 /* function can't have any of those */ 1659 /* function can't have any of those */
1660 pr_vdebug("descriptor reserved for gadget: %d\n", 1660 pr_vdebug("descriptor reserved for gadget: %d\n",
1661 _ds->bDescriptorType); 1661 _ds->bDescriptorType);
1662 return -EINVAL; 1662 return -EINVAL;
1663 1663
1664 case USB_DT_INTERFACE: { 1664 case USB_DT_INTERFACE: {
1665 struct usb_interface_descriptor *ds = (void *)_ds; 1665 struct usb_interface_descriptor *ds = (void *)_ds;
1666 pr_vdebug("interface descriptor\n"); 1666 pr_vdebug("interface descriptor\n");
1667 if (length != sizeof *ds) 1667 if (length != sizeof *ds)
1668 goto inv_length; 1668 goto inv_length;
1669 1669
1670 __entity(INTERFACE, ds->bInterfaceNumber); 1670 __entity(INTERFACE, ds->bInterfaceNumber);
1671 if (ds->iInterface) 1671 if (ds->iInterface)
1672 __entity(STRING, ds->iInterface); 1672 __entity(STRING, ds->iInterface);
1673 } 1673 }
1674 break; 1674 break;
1675 1675
1676 case USB_DT_ENDPOINT: { 1676 case USB_DT_ENDPOINT: {
1677 struct usb_endpoint_descriptor *ds = (void *)_ds; 1677 struct usb_endpoint_descriptor *ds = (void *)_ds;
1678 pr_vdebug("endpoint descriptor\n"); 1678 pr_vdebug("endpoint descriptor\n");
1679 if (length != USB_DT_ENDPOINT_SIZE && 1679 if (length != USB_DT_ENDPOINT_SIZE &&
1680 length != USB_DT_ENDPOINT_AUDIO_SIZE) 1680 length != USB_DT_ENDPOINT_AUDIO_SIZE)
1681 goto inv_length; 1681 goto inv_length;
1682 __entity(ENDPOINT, ds->bEndpointAddress); 1682 __entity(ENDPOINT, ds->bEndpointAddress);
1683 } 1683 }
1684 break; 1684 break;
1685 1685
1686 case HID_DT_HID: 1686 case HID_DT_HID:
1687 pr_vdebug("hid descriptor\n"); 1687 pr_vdebug("hid descriptor\n");
1688 if (length != sizeof(struct hid_descriptor)) 1688 if (length != sizeof(struct hid_descriptor))
1689 goto inv_length; 1689 goto inv_length;
1690 break; 1690 break;
1691 1691
1692 case USB_DT_OTG: 1692 case USB_DT_OTG:
1693 if (length != sizeof(struct usb_otg_descriptor)) 1693 if (length != sizeof(struct usb_otg_descriptor))
1694 goto inv_length; 1694 goto inv_length;
1695 break; 1695 break;
1696 1696
1697 case USB_DT_INTERFACE_ASSOCIATION: { 1697 case USB_DT_INTERFACE_ASSOCIATION: {
1698 struct usb_interface_assoc_descriptor *ds = (void *)_ds; 1698 struct usb_interface_assoc_descriptor *ds = (void *)_ds;
1699 pr_vdebug("interface association descriptor\n"); 1699 pr_vdebug("interface association descriptor\n");
1700 if (length != sizeof *ds) 1700 if (length != sizeof *ds)
1701 goto inv_length; 1701 goto inv_length;
1702 if (ds->iFunction) 1702 if (ds->iFunction)
1703 __entity(STRING, ds->iFunction); 1703 __entity(STRING, ds->iFunction);
1704 } 1704 }
1705 break; 1705 break;
1706 1706
1707 case USB_DT_OTHER_SPEED_CONFIG: 1707 case USB_DT_OTHER_SPEED_CONFIG:
1708 case USB_DT_INTERFACE_POWER: 1708 case USB_DT_INTERFACE_POWER:
1709 case USB_DT_DEBUG: 1709 case USB_DT_DEBUG:
1710 case USB_DT_SECURITY: 1710 case USB_DT_SECURITY:
1711 case USB_DT_CS_RADIO_CONTROL: 1711 case USB_DT_CS_RADIO_CONTROL:
1712 /* TODO */ 1712 /* TODO */
1713 pr_vdebug("unimplemented descriptor: %d\n", _ds->bDescriptorType); 1713 pr_vdebug("unimplemented descriptor: %d\n", _ds->bDescriptorType);
1714 return -EINVAL; 1714 return -EINVAL;
1715 1715
1716 default: 1716 default:
1717 /* We should never be here */ 1717 /* We should never be here */
1718 pr_vdebug("unknown descriptor: %d\n", _ds->bDescriptorType); 1718 pr_vdebug("unknown descriptor: %d\n", _ds->bDescriptorType);
1719 return -EINVAL; 1719 return -EINVAL;
1720 1720
1721 inv_length: 1721 inv_length:
1722 pr_vdebug("invalid length: %d (descriptor %d)\n", 1722 pr_vdebug("invalid length: %d (descriptor %d)\n",
1723 _ds->bLength, _ds->bDescriptorType); 1723 _ds->bLength, _ds->bDescriptorType);
1724 return -EINVAL; 1724 return -EINVAL;
1725 } 1725 }
1726 1726
1727 #undef __entity 1727 #undef __entity
1728 #undef __entity_check_DESCRIPTOR 1728 #undef __entity_check_DESCRIPTOR
1729 #undef __entity_check_INTERFACE 1729 #undef __entity_check_INTERFACE
1730 #undef __entity_check_STRING 1730 #undef __entity_check_STRING
1731 #undef __entity_check_ENDPOINT 1731 #undef __entity_check_ENDPOINT
1732 1732
1733 return length; 1733 return length;
1734 } 1734 }
1735 1735
1736 static int __must_check ffs_do_descs(unsigned count, char *data, unsigned len, 1736 static int __must_check ffs_do_descs(unsigned count, char *data, unsigned len,
1737 ffs_entity_callback entity, void *priv) 1737 ffs_entity_callback entity, void *priv)
1738 { 1738 {
1739 const unsigned _len = len; 1739 const unsigned _len = len;
1740 unsigned long num = 0; 1740 unsigned long num = 0;
1741 1741
1742 ENTER(); 1742 ENTER();
1743 1743
1744 for (;;) { 1744 for (;;) {
1745 int ret; 1745 int ret;
1746 1746
1747 if (num == count) 1747 if (num == count)
1748 data = NULL; 1748 data = NULL;
1749 1749
1750 /* Record "descriptor" entity */ 1750 /* Record "descriptor" entity */
1751 ret = entity(FFS_DESCRIPTOR, (u8 *)num, (void *)data, priv); 1751 ret = entity(FFS_DESCRIPTOR, (u8 *)num, (void *)data, priv);
1752 if (unlikely(ret < 0)) { 1752 if (unlikely(ret < 0)) {
1753 pr_debug("entity DESCRIPTOR(%02lx); ret = %d\n", 1753 pr_debug("entity DESCRIPTOR(%02lx); ret = %d\n",
1754 num, ret); 1754 num, ret);
1755 return ret; 1755 return ret;
1756 } 1756 }
1757 1757
1758 if (!data) 1758 if (!data)
1759 return _len - len; 1759 return _len - len;
1760 1760
1761 ret = ffs_do_desc(data, len, entity, priv); 1761 ret = ffs_do_desc(data, len, entity, priv);
1762 if (unlikely(ret < 0)) { 1762 if (unlikely(ret < 0)) {
1763 pr_debug("%s returns %d\n", __func__, ret); 1763 pr_debug("%s returns %d\n", __func__, ret);
1764 return ret; 1764 return ret;
1765 } 1765 }
1766 1766
1767 len -= ret; 1767 len -= ret;
1768 data += ret; 1768 data += ret;
1769 ++num; 1769 ++num;
1770 } 1770 }
1771 } 1771 }
1772 1772
1773 static int __ffs_data_do_entity(enum ffs_entity_type type, 1773 static int __ffs_data_do_entity(enum ffs_entity_type type,
1774 u8 *valuep, struct usb_descriptor_header *desc, 1774 u8 *valuep, struct usb_descriptor_header *desc,
1775 void *priv) 1775 void *priv)
1776 { 1776 {
1777 struct ffs_data *ffs = priv; 1777 struct ffs_data *ffs = priv;
1778 1778
1779 ENTER(); 1779 ENTER();
1780 1780
1781 switch (type) { 1781 switch (type) {
1782 case FFS_DESCRIPTOR: 1782 case FFS_DESCRIPTOR:
1783 break; 1783 break;
1784 1784
1785 case FFS_INTERFACE: 1785 case FFS_INTERFACE:
1786 /* 1786 /*
1787 * Interfaces are indexed from zero so if we 1787 * Interfaces are indexed from zero so if we
1788 * encountered interface "n" then there are at least 1788 * encountered interface "n" then there are at least
1789 * "n+1" interfaces. 1789 * "n+1" interfaces.
1790 */ 1790 */
1791 if (*valuep >= ffs->interfaces_count) 1791 if (*valuep >= ffs->interfaces_count)
1792 ffs->interfaces_count = *valuep + 1; 1792 ffs->interfaces_count = *valuep + 1;
1793 break; 1793 break;
1794 1794
1795 case FFS_STRING: 1795 case FFS_STRING:
1796 /* 1796 /*
1797 * Strings are indexed from 1 (0 is magic ;) reserved 1797 * Strings are indexed from 1 (0 is magic ;) reserved
1798 * for languages list or some such) 1798 * for languages list or some such)
1799 */ 1799 */
1800 if (*valuep > ffs->strings_count) 1800 if (*valuep > ffs->strings_count)
1801 ffs->strings_count = *valuep; 1801 ffs->strings_count = *valuep;
1802 break; 1802 break;
1803 1803
1804 case FFS_ENDPOINT: 1804 case FFS_ENDPOINT:
1805 /* Endpoints are indexed from 1 as well. */ 1805 /* Endpoints are indexed from 1 as well. */
1806 if ((*valuep & USB_ENDPOINT_NUMBER_MASK) > ffs->eps_count) 1806 if ((*valuep & USB_ENDPOINT_NUMBER_MASK) > ffs->eps_count)
1807 ffs->eps_count = (*valuep & USB_ENDPOINT_NUMBER_MASK); 1807 ffs->eps_count = (*valuep & USB_ENDPOINT_NUMBER_MASK);
1808 break; 1808 break;
1809 } 1809 }
1810 1810
1811 return 0; 1811 return 0;
1812 } 1812 }
1813 1813
1814 static int __ffs_data_got_descs(struct ffs_data *ffs, 1814 static int __ffs_data_got_descs(struct ffs_data *ffs,
1815 char *const _data, size_t len) 1815 char *const _data, size_t len)
1816 { 1816 {
1817 unsigned fs_count, hs_count; 1817 unsigned fs_count, hs_count;
1818 int fs_len, ret = -EINVAL; 1818 int fs_len, ret = -EINVAL;
1819 char *data = _data; 1819 char *data = _data;
1820 1820
1821 ENTER(); 1821 ENTER();
1822 1822
1823 if (unlikely(get_unaligned_le32(data) != FUNCTIONFS_DESCRIPTORS_MAGIC || 1823 if (unlikely(get_unaligned_le32(data) != FUNCTIONFS_DESCRIPTORS_MAGIC ||
1824 get_unaligned_le32(data + 4) != len)) 1824 get_unaligned_le32(data + 4) != len))
1825 goto error; 1825 goto error;
1826 fs_count = get_unaligned_le32(data + 8); 1826 fs_count = get_unaligned_le32(data + 8);
1827 hs_count = get_unaligned_le32(data + 12); 1827 hs_count = get_unaligned_le32(data + 12);
1828 1828
1829 if (!fs_count && !hs_count) 1829 if (!fs_count && !hs_count)
1830 goto einval; 1830 goto einval;
1831 1831
1832 data += 16; 1832 data += 16;
1833 len -= 16; 1833 len -= 16;
1834 1834
1835 if (likely(fs_count)) { 1835 if (likely(fs_count)) {
1836 fs_len = ffs_do_descs(fs_count, data, len, 1836 fs_len = ffs_do_descs(fs_count, data, len,
1837 __ffs_data_do_entity, ffs); 1837 __ffs_data_do_entity, ffs);
1838 if (unlikely(fs_len < 0)) { 1838 if (unlikely(fs_len < 0)) {
1839 ret = fs_len; 1839 ret = fs_len;
1840 goto error; 1840 goto error;
1841 } 1841 }
1842 1842
1843 data += fs_len; 1843 data += fs_len;
1844 len -= fs_len; 1844 len -= fs_len;
1845 } else { 1845 } else {
1846 fs_len = 0; 1846 fs_len = 0;
1847 } 1847 }
1848 1848
1849 if (likely(hs_count)) { 1849 if (likely(hs_count)) {
1850 ret = ffs_do_descs(hs_count, data, len, 1850 ret = ffs_do_descs(hs_count, data, len,
1851 __ffs_data_do_entity, ffs); 1851 __ffs_data_do_entity, ffs);
1852 if (unlikely(ret < 0)) 1852 if (unlikely(ret < 0))
1853 goto error; 1853 goto error;
1854 } else { 1854 } else {
1855 ret = 0; 1855 ret = 0;
1856 } 1856 }
1857 1857
1858 if (unlikely(len != ret)) 1858 if (unlikely(len != ret))
1859 goto einval; 1859 goto einval;
1860 1860
1861 ffs->raw_fs_descs_length = fs_len; 1861 ffs->raw_fs_descs_length = fs_len;
1862 ffs->raw_descs_length = fs_len + ret; 1862 ffs->raw_descs_length = fs_len + ret;
1863 ffs->raw_descs = _data; 1863 ffs->raw_descs = _data;
1864 ffs->fs_descs_count = fs_count; 1864 ffs->fs_descs_count = fs_count;
1865 ffs->hs_descs_count = hs_count; 1865 ffs->hs_descs_count = hs_count;
1866 1866
1867 return 0; 1867 return 0;
1868 1868
1869 einval: 1869 einval:
1870 ret = -EINVAL; 1870 ret = -EINVAL;
1871 error: 1871 error:
1872 kfree(_data); 1872 kfree(_data);
1873 return ret; 1873 return ret;
1874 } 1874 }
1875 1875
1876 static int __ffs_data_got_strings(struct ffs_data *ffs, 1876 static int __ffs_data_got_strings(struct ffs_data *ffs,
1877 char *const _data, size_t len) 1877 char *const _data, size_t len)
1878 { 1878 {
1879 u32 str_count, needed_count, lang_count; 1879 u32 str_count, needed_count, lang_count;
1880 struct usb_gadget_strings **stringtabs, *t; 1880 struct usb_gadget_strings **stringtabs, *t;
1881 struct usb_string *strings, *s; 1881 struct usb_string *strings, *s;
1882 const char *data = _data; 1882 const char *data = _data;
1883 1883
1884 ENTER(); 1884 ENTER();
1885 1885
1886 if (unlikely(get_unaligned_le32(data) != FUNCTIONFS_STRINGS_MAGIC || 1886 if (unlikely(get_unaligned_le32(data) != FUNCTIONFS_STRINGS_MAGIC ||
1887 get_unaligned_le32(data + 4) != len)) 1887 get_unaligned_le32(data + 4) != len))
1888 goto error; 1888 goto error;
1889 str_count = get_unaligned_le32(data + 8); 1889 str_count = get_unaligned_le32(data + 8);
1890 lang_count = get_unaligned_le32(data + 12); 1890 lang_count = get_unaligned_le32(data + 12);
1891 1891
1892 /* if one is zero the other must be zero */ 1892 /* if one is zero the other must be zero */
1893 if (unlikely(!str_count != !lang_count)) 1893 if (unlikely(!str_count != !lang_count))
1894 goto error; 1894 goto error;
1895 1895
1896 /* Do we have at least as many strings as descriptors need? */ 1896 /* Do we have at least as many strings as descriptors need? */
1897 needed_count = ffs->strings_count; 1897 needed_count = ffs->strings_count;
1898 if (unlikely(str_count < needed_count)) 1898 if (unlikely(str_count < needed_count))
1899 goto error; 1899 goto error;
1900 1900
1901 /* 1901 /*
1902 * If we don't need any strings just return and free all 1902 * If we don't need any strings just return and free all
1903 * memory. 1903 * memory.
1904 */ 1904 */
1905 if (!needed_count) { 1905 if (!needed_count) {
1906 kfree(_data); 1906 kfree(_data);
1907 return 0; 1907 return 0;
1908 } 1908 }
1909 1909
1910 /* Allocate everything in one chunk so there's less maintenance. */ 1910 /* Allocate everything in one chunk so there's less maintenance. */
1911 { 1911 {
1912 struct { 1912 struct {
1913 struct usb_gadget_strings *stringtabs[lang_count + 1]; 1913 struct usb_gadget_strings *stringtabs[lang_count + 1];
1914 struct usb_gadget_strings stringtab[lang_count]; 1914 struct usb_gadget_strings stringtab[lang_count];
1915 struct usb_string strings[lang_count*(needed_count+1)]; 1915 struct usb_string strings[lang_count*(needed_count+1)];
1916 } *d; 1916 } *d;
1917 unsigned i = 0; 1917 unsigned i = 0;
1918 1918
1919 d = kmalloc(sizeof *d, GFP_KERNEL); 1919 d = kmalloc(sizeof *d, GFP_KERNEL);
1920 if (unlikely(!d)) { 1920 if (unlikely(!d)) {
1921 kfree(_data); 1921 kfree(_data);
1922 return -ENOMEM; 1922 return -ENOMEM;
1923 } 1923 }
1924 1924
1925 stringtabs = d->stringtabs; 1925 stringtabs = d->stringtabs;
1926 t = d->stringtab; 1926 t = d->stringtab;
1927 i = lang_count; 1927 i = lang_count;
1928 do { 1928 do {
1929 *stringtabs++ = t++; 1929 *stringtabs++ = t++;
1930 } while (--i); 1930 } while (--i);
1931 *stringtabs = NULL; 1931 *stringtabs = NULL;
1932 1932
1933 stringtabs = d->stringtabs; 1933 stringtabs = d->stringtabs;
1934 t = d->stringtab; 1934 t = d->stringtab;
1935 s = d->strings; 1935 s = d->strings;
1936 strings = s; 1936 strings = s;
1937 } 1937 }
1938 1938
1939 /* For each language */ 1939 /* For each language */
1940 data += 16; 1940 data += 16;
1941 len -= 16; 1941 len -= 16;
1942 1942
1943 do { /* lang_count > 0 so we can use do-while */ 1943 do { /* lang_count > 0 so we can use do-while */
1944 unsigned needed = needed_count; 1944 unsigned needed = needed_count;
1945 1945
1946 if (unlikely(len < 3)) 1946 if (unlikely(len < 3))
1947 goto error_free; 1947 goto error_free;
1948 t->language = get_unaligned_le16(data); 1948 t->language = get_unaligned_le16(data);
1949 t->strings = s; 1949 t->strings = s;
1950 ++t; 1950 ++t;
1951 1951
1952 data += 2; 1952 data += 2;
1953 len -= 2; 1953 len -= 2;
1954 1954
1955 /* For each string */ 1955 /* For each string */
1956 do { /* str_count > 0 so we can use do-while */ 1956 do { /* str_count > 0 so we can use do-while */
1957 size_t length = strnlen(data, len); 1957 size_t length = strnlen(data, len);
1958 1958
1959 if (unlikely(length == len)) 1959 if (unlikely(length == len))
1960 goto error_free; 1960 goto error_free;
1961 1961
1962 /* 1962 /*
1963 * User may provide more strings then we need, 1963 * User may provide more strings then we need,
1964 * if that's the case we simply ignore the 1964 * if that's the case we simply ignore the
1965 * rest 1965 * rest
1966 */ 1966 */
1967 if (likely(needed)) { 1967 if (likely(needed)) {
1968 /* 1968 /*
1969 * s->id will be set while adding 1969 * s->id will be set while adding
1970 * function to configuration so for 1970 * function to configuration so for
1971 * now just leave garbage here. 1971 * now just leave garbage here.
1972 */ 1972 */
1973 s->s = data; 1973 s->s = data;
1974 --needed; 1974 --needed;
1975 ++s; 1975 ++s;
1976 } 1976 }
1977 1977
1978 data += length + 1; 1978 data += length + 1;
1979 len -= length + 1; 1979 len -= length + 1;
1980 } while (--str_count); 1980 } while (--str_count);
1981 1981
1982 s->id = 0; /* terminator */ 1982 s->id = 0; /* terminator */
1983 s->s = NULL; 1983 s->s = NULL;
1984 ++s; 1984 ++s;
1985 1985
1986 } while (--lang_count); 1986 } while (--lang_count);
1987 1987
1988 /* Some garbage left? */ 1988 /* Some garbage left? */
1989 if (unlikely(len)) 1989 if (unlikely(len))
1990 goto error_free; 1990 goto error_free;
1991 1991
1992 /* Done! */ 1992 /* Done! */
1993 ffs->stringtabs = stringtabs; 1993 ffs->stringtabs = stringtabs;
1994 ffs->raw_strings = _data; 1994 ffs->raw_strings = _data;
1995 1995
1996 return 0; 1996 return 0;
1997 1997
1998 error_free: 1998 error_free:
1999 kfree(stringtabs); 1999 kfree(stringtabs);
2000 error: 2000 error:
2001 kfree(_data); 2001 kfree(_data);
2002 return -EINVAL; 2002 return -EINVAL;
2003 } 2003 }
2004 2004
2005 2005
2006 /* Events handling and management *******************************************/ 2006 /* Events handling and management *******************************************/
2007 2007
2008 static void __ffs_event_add(struct ffs_data *ffs, 2008 static void __ffs_event_add(struct ffs_data *ffs,
2009 enum usb_functionfs_event_type type) 2009 enum usb_functionfs_event_type type)
2010 { 2010 {
2011 enum usb_functionfs_event_type rem_type1, rem_type2 = type; 2011 enum usb_functionfs_event_type rem_type1, rem_type2 = type;
2012 int neg = 0; 2012 int neg = 0;
2013 2013
2014 /* 2014 /*
2015 * Abort any unhandled setup 2015 * Abort any unhandled setup
2016 * 2016 *
2017 * We do not need to worry about some cmpxchg() changing value 2017 * We do not need to worry about some cmpxchg() changing value
2018 * of ffs->setup_state without holding the lock because when 2018 * of ffs->setup_state without holding the lock because when
2019 * state is FFS_SETUP_PENDING cmpxchg() in several places in 2019 * state is FFS_SETUP_PENDING cmpxchg() in several places in
2020 * the source does nothing. 2020 * the source does nothing.
2021 */ 2021 */
2022 if (ffs->setup_state == FFS_SETUP_PENDING) 2022 if (ffs->setup_state == FFS_SETUP_PENDING)
2023 ffs->setup_state = FFS_SETUP_CANCELED; 2023 ffs->setup_state = FFS_SETUP_CANCELED;
2024 2024
2025 switch (type) { 2025 switch (type) {
2026 case FUNCTIONFS_RESUME: 2026 case FUNCTIONFS_RESUME:
2027 rem_type2 = FUNCTIONFS_SUSPEND; 2027 rem_type2 = FUNCTIONFS_SUSPEND;
2028 /* FALL THROUGH */ 2028 /* FALL THROUGH */
2029 case FUNCTIONFS_SUSPEND: 2029 case FUNCTIONFS_SUSPEND:
2030 case FUNCTIONFS_SETUP: 2030 case FUNCTIONFS_SETUP:
2031 rem_type1 = type; 2031 rem_type1 = type;
2032 /* Discard all similar events */ 2032 /* Discard all similar events */
2033 break; 2033 break;
2034 2034
2035 case FUNCTIONFS_BIND: 2035 case FUNCTIONFS_BIND:
2036 case FUNCTIONFS_UNBIND: 2036 case FUNCTIONFS_UNBIND:
2037 case FUNCTIONFS_DISABLE: 2037 case FUNCTIONFS_DISABLE:
2038 case FUNCTIONFS_ENABLE: 2038 case FUNCTIONFS_ENABLE:
2039 /* Discard everything other then power management. */ 2039 /* Discard everything other then power management. */
2040 rem_type1 = FUNCTIONFS_SUSPEND; 2040 rem_type1 = FUNCTIONFS_SUSPEND;
2041 rem_type2 = FUNCTIONFS_RESUME; 2041 rem_type2 = FUNCTIONFS_RESUME;
2042 neg = 1; 2042 neg = 1;
2043 break; 2043 break;
2044 2044
2045 default: 2045 default:
2046 BUG(); 2046 BUG();
2047 } 2047 }
2048 2048
2049 { 2049 {
2050 u8 *ev = ffs->ev.types, *out = ev; 2050 u8 *ev = ffs->ev.types, *out = ev;
2051 unsigned n = ffs->ev.count; 2051 unsigned n = ffs->ev.count;
2052 for (; n; --n, ++ev) 2052 for (; n; --n, ++ev)
2053 if ((*ev == rem_type1 || *ev == rem_type2) == neg) 2053 if ((*ev == rem_type1 || *ev == rem_type2) == neg)
2054 *out++ = *ev; 2054 *out++ = *ev;
2055 else 2055 else
2056 pr_vdebug("purging event %d\n", *ev); 2056 pr_vdebug("purging event %d\n", *ev);
2057 ffs->ev.count = out - ffs->ev.types; 2057 ffs->ev.count = out - ffs->ev.types;
2058 } 2058 }
2059 2059
2060 pr_vdebug("adding event %d\n", type); 2060 pr_vdebug("adding event %d\n", type);
2061 ffs->ev.types[ffs->ev.count++] = type; 2061 ffs->ev.types[ffs->ev.count++] = type;
2062 wake_up_locked(&ffs->ev.waitq); 2062 wake_up_locked(&ffs->ev.waitq);
2063 } 2063 }
2064 2064
2065 static void ffs_event_add(struct ffs_data *ffs, 2065 static void ffs_event_add(struct ffs_data *ffs,
2066 enum usb_functionfs_event_type type) 2066 enum usb_functionfs_event_type type)
2067 { 2067 {
2068 unsigned long flags; 2068 unsigned long flags;
2069 spin_lock_irqsave(&ffs->ev.waitq.lock, flags); 2069 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
2070 __ffs_event_add(ffs, type); 2070 __ffs_event_add(ffs, type);
2071 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags); 2071 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
2072 } 2072 }
2073 2073
2074 2074
2075 /* Bind/unbind USB function hooks *******************************************/ 2075 /* Bind/unbind USB function hooks *******************************************/
2076 2076
2077 static int __ffs_func_bind_do_descs(enum ffs_entity_type type, u8 *valuep, 2077 static int __ffs_func_bind_do_descs(enum ffs_entity_type type, u8 *valuep,
2078 struct usb_descriptor_header *desc, 2078 struct usb_descriptor_header *desc,
2079 void *priv) 2079 void *priv)
2080 { 2080 {
2081 struct usb_endpoint_descriptor *ds = (void *)desc; 2081 struct usb_endpoint_descriptor *ds = (void *)desc;
2082 struct ffs_function *func = priv; 2082 struct ffs_function *func = priv;
2083 struct ffs_ep *ffs_ep; 2083 struct ffs_ep *ffs_ep;
2084 2084
2085 /* 2085 /*
2086 * If hs_descriptors is not NULL then we are reading hs 2086 * If hs_descriptors is not NULL then we are reading hs
2087 * descriptors now 2087 * descriptors now
2088 */ 2088 */
2089 const int isHS = func->function.hs_descriptors != NULL; 2089 const int isHS = func->function.hs_descriptors != NULL;
2090 unsigned idx; 2090 unsigned idx;
2091 2091
2092 if (type != FFS_DESCRIPTOR) 2092 if (type != FFS_DESCRIPTOR)
2093 return 0; 2093 return 0;
2094 2094
2095 if (isHS) 2095 if (isHS)
2096 func->function.hs_descriptors[(long)valuep] = desc; 2096 func->function.hs_descriptors[(long)valuep] = desc;
2097 else 2097 else
2098 func->function.fs_descriptors[(long)valuep] = desc; 2098 func->function.fs_descriptors[(long)valuep] = desc;
2099 2099
2100 if (!desc || desc->bDescriptorType != USB_DT_ENDPOINT) 2100 if (!desc || desc->bDescriptorType != USB_DT_ENDPOINT)
2101 return 0; 2101 return 0;
2102 2102
2103 idx = (ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK) - 1; 2103 idx = (ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK) - 1;
2104 ffs_ep = func->eps + idx; 2104 ffs_ep = func->eps + idx;
2105 2105
2106 if (unlikely(ffs_ep->descs[isHS])) { 2106 if (unlikely(ffs_ep->descs[isHS])) {
2107 pr_vdebug("two %sspeed descriptors for EP %d\n", 2107 pr_vdebug("two %sspeed descriptors for EP %d\n",
2108 isHS ? "high" : "full", 2108 isHS ? "high" : "full",
2109 ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK); 2109 ds->bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
2110 return -EINVAL; 2110 return -EINVAL;
2111 } 2111 }
2112 ffs_ep->descs[isHS] = ds; 2112 ffs_ep->descs[isHS] = ds;
2113 2113
2114 ffs_dump_mem(": Original ep desc", ds, ds->bLength); 2114 ffs_dump_mem(": Original ep desc", ds, ds->bLength);
2115 if (ffs_ep->ep) { 2115 if (ffs_ep->ep) {
2116 ds->bEndpointAddress = ffs_ep->descs[0]->bEndpointAddress; 2116 ds->bEndpointAddress = ffs_ep->descs[0]->bEndpointAddress;
2117 if (!ds->wMaxPacketSize) 2117 if (!ds->wMaxPacketSize)
2118 ds->wMaxPacketSize = ffs_ep->descs[0]->wMaxPacketSize; 2118 ds->wMaxPacketSize = ffs_ep->descs[0]->wMaxPacketSize;
2119 } else { 2119 } else {
2120 struct usb_request *req; 2120 struct usb_request *req;
2121 struct usb_ep *ep; 2121 struct usb_ep *ep;
2122 2122
2123 pr_vdebug("autoconfig\n"); 2123 pr_vdebug("autoconfig\n");
2124 ep = usb_ep_autoconfig(func->gadget, ds); 2124 ep = usb_ep_autoconfig(func->gadget, ds);
2125 if (unlikely(!ep)) 2125 if (unlikely(!ep))
2126 return -ENOTSUPP; 2126 return -ENOTSUPP;
2127 ep->driver_data = func->eps + idx; 2127 ep->driver_data = func->eps + idx;
2128 2128
2129 req = usb_ep_alloc_request(ep, GFP_KERNEL); 2129 req = usb_ep_alloc_request(ep, GFP_KERNEL);
2130 if (unlikely(!req)) 2130 if (unlikely(!req))
2131 return -ENOMEM; 2131 return -ENOMEM;
2132 2132
2133 ffs_ep->ep = ep; 2133 ffs_ep->ep = ep;
2134 ffs_ep->req = req; 2134 ffs_ep->req = req;
2135 func->eps_revmap[ds->bEndpointAddress & 2135 func->eps_revmap[ds->bEndpointAddress &
2136 USB_ENDPOINT_NUMBER_MASK] = idx + 1; 2136 USB_ENDPOINT_NUMBER_MASK] = idx + 1;
2137 } 2137 }
2138 ffs_dump_mem(": Rewritten ep desc", ds, ds->bLength); 2138 ffs_dump_mem(": Rewritten ep desc", ds, ds->bLength);
2139 2139
2140 return 0; 2140 return 0;
2141 } 2141 }
2142 2142
2143 static int __ffs_func_bind_do_nums(enum ffs_entity_type type, u8 *valuep, 2143 static int __ffs_func_bind_do_nums(enum ffs_entity_type type, u8 *valuep,
2144 struct usb_descriptor_header *desc, 2144 struct usb_descriptor_header *desc,
2145 void *priv) 2145 void *priv)
2146 { 2146 {
2147 struct ffs_function *func = priv; 2147 struct ffs_function *func = priv;
2148 unsigned idx; 2148 unsigned idx;
2149 u8 newValue; 2149 u8 newValue;
2150 2150
2151 switch (type) { 2151 switch (type) {
2152 default: 2152 default:
2153 case FFS_DESCRIPTOR: 2153 case FFS_DESCRIPTOR:
2154 /* Handled in previous pass by __ffs_func_bind_do_descs() */ 2154 /* Handled in previous pass by __ffs_func_bind_do_descs() */
2155 return 0; 2155 return 0;
2156 2156
2157 case FFS_INTERFACE: 2157 case FFS_INTERFACE:
2158 idx = *valuep; 2158 idx = *valuep;
2159 if (func->interfaces_nums[idx] < 0) { 2159 if (func->interfaces_nums[idx] < 0) {
2160 int id = usb_interface_id(func->conf, &func->function); 2160 int id = usb_interface_id(func->conf, &func->function);
2161 if (unlikely(id < 0)) 2161 if (unlikely(id < 0))
2162 return id; 2162 return id;
2163 func->interfaces_nums[idx] = id; 2163 func->interfaces_nums[idx] = id;
2164 } 2164 }
2165 newValue = func->interfaces_nums[idx]; 2165 newValue = func->interfaces_nums[idx];
2166 break; 2166 break;
2167 2167
2168 case FFS_STRING: 2168 case FFS_STRING:
2169 /* String' IDs are allocated when fsf_data is bound to cdev */ 2169 /* String' IDs are allocated when fsf_data is bound to cdev */
2170 newValue = func->ffs->stringtabs[0]->strings[*valuep - 1].id; 2170 newValue = func->ffs->stringtabs[0]->strings[*valuep - 1].id;
2171 break; 2171 break;
2172 2172
2173 case FFS_ENDPOINT: 2173 case FFS_ENDPOINT:
2174 /* 2174 /*
2175 * USB_DT_ENDPOINT are handled in 2175 * USB_DT_ENDPOINT are handled in
2176 * __ffs_func_bind_do_descs(). 2176 * __ffs_func_bind_do_descs().
2177 */ 2177 */
2178 if (desc->bDescriptorType == USB_DT_ENDPOINT) 2178 if (desc->bDescriptorType == USB_DT_ENDPOINT)
2179 return 0; 2179 return 0;
2180 2180
2181 idx = (*valuep & USB_ENDPOINT_NUMBER_MASK) - 1; 2181 idx = (*valuep & USB_ENDPOINT_NUMBER_MASK) - 1;
2182 if (unlikely(!func->eps[idx].ep)) 2182 if (unlikely(!func->eps[idx].ep))
2183 return -EINVAL; 2183 return -EINVAL;
2184 2184
2185 { 2185 {
2186 struct usb_endpoint_descriptor **descs; 2186 struct usb_endpoint_descriptor **descs;
2187 descs = func->eps[idx].descs; 2187 descs = func->eps[idx].descs;
2188 newValue = descs[descs[0] ? 0 : 1]->bEndpointAddress; 2188 newValue = descs[descs[0] ? 0 : 1]->bEndpointAddress;
2189 } 2189 }
2190 break; 2190 break;
2191 } 2191 }
2192 2192
2193 pr_vdebug("%02x -> %02x\n", *valuep, newValue); 2193 pr_vdebug("%02x -> %02x\n", *valuep, newValue);
2194 *valuep = newValue; 2194 *valuep = newValue;
2195 return 0; 2195 return 0;
2196 } 2196 }
2197 2197
2198 static int ffs_func_bind(struct usb_configuration *c, 2198 static int ffs_func_bind(struct usb_configuration *c,
2199 struct usb_function *f) 2199 struct usb_function *f)
2200 { 2200 {
2201 struct ffs_function *func = ffs_func_from_usb(f); 2201 struct ffs_function *func = ffs_func_from_usb(f);
2202 struct ffs_data *ffs = func->ffs; 2202 struct ffs_data *ffs = func->ffs;
2203 2203
2204 const int full = !!func->ffs->fs_descs_count; 2204 const int full = !!func->ffs->fs_descs_count;
2205 const int high = gadget_is_dualspeed(func->gadget) && 2205 const int high = gadget_is_dualspeed(func->gadget) &&
2206 func->ffs->hs_descs_count; 2206 func->ffs->hs_descs_count;
2207 2207
2208 int ret; 2208 int ret;
2209 2209
2210 /* Make it a single chunk, less management later on */ 2210 /* Make it a single chunk, less management later on */
2211 struct { 2211 struct {
2212 struct ffs_ep eps[ffs->eps_count]; 2212 struct ffs_ep eps[ffs->eps_count];
2213 struct usb_descriptor_header 2213 struct usb_descriptor_header
2214 *fs_descs[full ? ffs->fs_descs_count + 1 : 0]; 2214 *fs_descs[full ? ffs->fs_descs_count + 1 : 0];
2215 struct usb_descriptor_header 2215 struct usb_descriptor_header
2216 *hs_descs[high ? ffs->hs_descs_count + 1 : 0]; 2216 *hs_descs[high ? ffs->hs_descs_count + 1 : 0];
2217 short inums[ffs->interfaces_count]; 2217 short inums[ffs->interfaces_count];
2218 char raw_descs[high ? ffs->raw_descs_length 2218 char raw_descs[high ? ffs->raw_descs_length
2219 : ffs->raw_fs_descs_length]; 2219 : ffs->raw_fs_descs_length];
2220 } *data; 2220 } *data;
2221 2221
2222 ENTER(); 2222 ENTER();
2223 2223
2224 /* Only high speed but not supported by gadget? */ 2224 /* Only high speed but not supported by gadget? */
2225 if (unlikely(!(full | high))) 2225 if (unlikely(!(full | high)))
2226 return -ENOTSUPP; 2226 return -ENOTSUPP;
2227 2227
2228 /* Allocate */ 2228 /* Allocate */
2229 data = kmalloc(sizeof *data, GFP_KERNEL); 2229 data = kmalloc(sizeof *data, GFP_KERNEL);
2230 if (unlikely(!data)) 2230 if (unlikely(!data))
2231 return -ENOMEM; 2231 return -ENOMEM;
2232 2232
2233 /* Zero */ 2233 /* Zero */
2234 memset(data->eps, 0, sizeof data->eps); 2234 memset(data->eps, 0, sizeof data->eps);
2235 memcpy(data->raw_descs, ffs->raw_descs + 16, sizeof data->raw_descs); 2235 memcpy(data->raw_descs, ffs->raw_descs + 16, sizeof data->raw_descs);
2236 memset(data->inums, 0xff, sizeof data->inums); 2236 memset(data->inums, 0xff, sizeof data->inums);
2237 for (ret = ffs->eps_count; ret; --ret) 2237 for (ret = ffs->eps_count; ret; --ret)
2238 data->eps[ret].num = -1; 2238 data->eps[ret].num = -1;
2239 2239
2240 /* Save pointers */ 2240 /* Save pointers */
2241 func->eps = data->eps; 2241 func->eps = data->eps;
2242 func->interfaces_nums = data->inums; 2242 func->interfaces_nums = data->inums;
2243 2243
2244 /* 2244 /*
2245 * Go through all the endpoint descriptors and allocate 2245 * Go through all the endpoint descriptors and allocate
2246 * endpoints first, so that later we can rewrite the endpoint 2246 * endpoints first, so that later we can rewrite the endpoint
2247 * numbers without worrying that it may be described later on. 2247 * numbers without worrying that it may be described later on.
2248 */ 2248 */
2249 if (likely(full)) { 2249 if (likely(full)) {
2250 func->function.fs_descriptors = data->fs_descs; 2250 func->function.fs_descriptors = data->fs_descs;
2251 ret = ffs_do_descs(ffs->fs_descs_count, 2251 ret = ffs_do_descs(ffs->fs_descs_count,
2252 data->raw_descs, 2252 data->raw_descs,
2253 sizeof data->raw_descs, 2253 sizeof data->raw_descs,
2254 __ffs_func_bind_do_descs, func); 2254 __ffs_func_bind_do_descs, func);
2255 if (unlikely(ret < 0)) 2255 if (unlikely(ret < 0))
2256 goto error; 2256 goto error;
2257 } else { 2257 } else {
2258 ret = 0; 2258 ret = 0;
2259 } 2259 }
2260 2260
2261 if (likely(high)) { 2261 if (likely(high)) {
2262 func->function.hs_descriptors = data->hs_descs; 2262 func->function.hs_descriptors = data->hs_descs;
2263 ret = ffs_do_descs(ffs->hs_descs_count, 2263 ret = ffs_do_descs(ffs->hs_descs_count,
2264 data->raw_descs + ret, 2264 data->raw_descs + ret,
2265 (sizeof data->raw_descs) - ret, 2265 (sizeof data->raw_descs) - ret,
2266 __ffs_func_bind_do_descs, func); 2266 __ffs_func_bind_do_descs, func);
2267 } 2267 }
2268 2268
2269 /* 2269 /*
2270 * Now handle interface numbers allocation and interface and 2270 * Now handle interface numbers allocation and interface and
2271 * endpoint numbers rewriting. We can do that in one go 2271 * endpoint numbers rewriting. We can do that in one go
2272 * now. 2272 * now.
2273 */ 2273 */
2274 ret = ffs_do_descs(ffs->fs_descs_count + 2274 ret = ffs_do_descs(ffs->fs_descs_count +
2275 (high ? ffs->hs_descs_count : 0), 2275 (high ? ffs->hs_descs_count : 0),
2276 data->raw_descs, sizeof data->raw_descs, 2276 data->raw_descs, sizeof data->raw_descs,
2277 __ffs_func_bind_do_nums, func); 2277 __ffs_func_bind_do_nums, func);
2278 if (unlikely(ret < 0)) 2278 if (unlikely(ret < 0))
2279 goto error; 2279 goto error;
2280 2280
2281 /* And we're done */ 2281 /* And we're done */
2282 ffs_event_add(ffs, FUNCTIONFS_BIND); 2282 ffs_event_add(ffs, FUNCTIONFS_BIND);
2283 return 0; 2283 return 0;
2284 2284
2285 error: 2285 error:
2286 /* XXX Do we need to release all claimed endpoints here? */ 2286 /* XXX Do we need to release all claimed endpoints here? */
2287 return ret; 2287 return ret;
2288 } 2288 }
2289 2289
2290 2290
2291 /* Other USB function hooks *************************************************/ 2291 /* Other USB function hooks *************************************************/
2292 2292
2293 static void ffs_func_unbind(struct usb_configuration *c, 2293 static void ffs_func_unbind(struct usb_configuration *c,
2294 struct usb_function *f) 2294 struct usb_function *f)
2295 { 2295 {
2296 struct ffs_function *func = ffs_func_from_usb(f); 2296 struct ffs_function *func = ffs_func_from_usb(f);
2297 struct ffs_data *ffs = func->ffs; 2297 struct ffs_data *ffs = func->ffs;
2298 2298
2299 ENTER(); 2299 ENTER();
2300 2300
2301 if (ffs->func == func) { 2301 if (ffs->func == func) {
2302 ffs_func_eps_disable(func); 2302 ffs_func_eps_disable(func);
2303 ffs->func = NULL; 2303 ffs->func = NULL;
2304 } 2304 }
2305 2305
2306 ffs_event_add(ffs, FUNCTIONFS_UNBIND); 2306 ffs_event_add(ffs, FUNCTIONFS_UNBIND);
2307 2307
2308 ffs_func_free(func); 2308 ffs_func_free(func);
2309 } 2309 }
2310 2310
2311 static int ffs_func_set_alt(struct usb_function *f, 2311 static int ffs_func_set_alt(struct usb_function *f,
2312 unsigned interface, unsigned alt) 2312 unsigned interface, unsigned alt)
2313 { 2313 {
2314 struct ffs_function *func = ffs_func_from_usb(f); 2314 struct ffs_function *func = ffs_func_from_usb(f);
2315 struct ffs_data *ffs = func->ffs; 2315 struct ffs_data *ffs = func->ffs;
2316 int ret = 0, intf; 2316 int ret = 0, intf;
2317 2317
2318 if (alt != (unsigned)-1) { 2318 if (alt != (unsigned)-1) {
2319 intf = ffs_func_revmap_intf(func, interface); 2319 intf = ffs_func_revmap_intf(func, interface);
2320 if (unlikely(intf < 0)) 2320 if (unlikely(intf < 0))
2321 return intf; 2321 return intf;
2322 } 2322 }
2323 2323
2324 if (ffs->func) 2324 if (ffs->func)
2325 ffs_func_eps_disable(ffs->func); 2325 ffs_func_eps_disable(ffs->func);
2326 2326
2327 if (ffs->state != FFS_ACTIVE) 2327 if (ffs->state != FFS_ACTIVE)
2328 return -ENODEV; 2328 return -ENODEV;
2329 2329
2330 if (alt == (unsigned)-1) { 2330 if (alt == (unsigned)-1) {
2331 ffs->func = NULL; 2331 ffs->func = NULL;
2332 ffs_event_add(ffs, FUNCTIONFS_DISABLE); 2332 ffs_event_add(ffs, FUNCTIONFS_DISABLE);
2333 return 0; 2333 return 0;
2334 } 2334 }
2335 2335
2336 ffs->func = func; 2336 ffs->func = func;
2337 ret = ffs_func_eps_enable(func); 2337 ret = ffs_func_eps_enable(func);
2338 if (likely(ret >= 0)) 2338 if (likely(ret >= 0))
2339 ffs_event_add(ffs, FUNCTIONFS_ENABLE); 2339 ffs_event_add(ffs, FUNCTIONFS_ENABLE);
2340 return ret; 2340 return ret;
2341 } 2341 }
2342 2342
2343 static void ffs_func_disable(struct usb_function *f) 2343 static void ffs_func_disable(struct usb_function *f)
2344 { 2344 {
2345 ffs_func_set_alt(f, 0, (unsigned)-1); 2345 ffs_func_set_alt(f, 0, (unsigned)-1);
2346 } 2346 }
2347 2347
2348 static int ffs_func_setup(struct usb_function *f, 2348 static int ffs_func_setup(struct usb_function *f,
2349 const struct usb_ctrlrequest *creq) 2349 const struct usb_ctrlrequest *creq)
2350 { 2350 {
2351 struct ffs_function *func = ffs_func_from_usb(f); 2351 struct ffs_function *func = ffs_func_from_usb(f);
2352 struct ffs_data *ffs = func->ffs; 2352 struct ffs_data *ffs = func->ffs;
2353 unsigned long flags; 2353 unsigned long flags;
2354 int ret; 2354 int ret;
2355 2355
2356 ENTER(); 2356 ENTER();
2357 2357
2358 pr_vdebug("creq->bRequestType = %02x\n", creq->bRequestType); 2358 pr_vdebug("creq->bRequestType = %02x\n", creq->bRequestType);
2359 pr_vdebug("creq->bRequest = %02x\n", creq->bRequest); 2359 pr_vdebug("creq->bRequest = %02x\n", creq->bRequest);
2360 pr_vdebug("creq->wValue = %04x\n", le16_to_cpu(creq->wValue)); 2360 pr_vdebug("creq->wValue = %04x\n", le16_to_cpu(creq->wValue));
2361 pr_vdebug("creq->wIndex = %04x\n", le16_to_cpu(creq->wIndex)); 2361 pr_vdebug("creq->wIndex = %04x\n", le16_to_cpu(creq->wIndex));
2362 pr_vdebug("creq->wLength = %04x\n", le16_to_cpu(creq->wLength)); 2362 pr_vdebug("creq->wLength = %04x\n", le16_to_cpu(creq->wLength));
2363 2363
2364 /* 2364 /*
2365 * Most requests directed to interface go through here 2365 * Most requests directed to interface go through here
2366 * (notable exceptions are set/get interface) so we need to 2366 * (notable exceptions are set/get interface) so we need to
2367 * handle them. All other either handled by composite or 2367 * handle them. All other either handled by composite or
2368 * passed to usb_configuration->setup() (if one is set). No 2368 * passed to usb_configuration->setup() (if one is set). No
2369 * matter, we will handle requests directed to endpoint here 2369 * matter, we will handle requests directed to endpoint here
2370 * as well (as it's straightforward) but what to do with any 2370 * as well (as it's straightforward) but what to do with any
2371 * other request? 2371 * other request?
2372 */ 2372 */
2373 if (ffs->state != FFS_ACTIVE) 2373 if (ffs->state != FFS_ACTIVE)
2374 return -ENODEV; 2374 return -ENODEV;
2375 2375
2376 switch (creq->bRequestType & USB_RECIP_MASK) { 2376 switch (creq->bRequestType & USB_RECIP_MASK) {
2377 case USB_RECIP_INTERFACE: 2377 case USB_RECIP_INTERFACE:
2378 ret = ffs_func_revmap_intf(func, le16_to_cpu(creq->wIndex)); 2378 ret = ffs_func_revmap_intf(func, le16_to_cpu(creq->wIndex));
2379 if (unlikely(ret < 0)) 2379 if (unlikely(ret < 0))
2380 return ret; 2380 return ret;
2381 break; 2381 break;
2382 2382
2383 case USB_RECIP_ENDPOINT: 2383 case USB_RECIP_ENDPOINT:
2384 ret = ffs_func_revmap_ep(func, le16_to_cpu(creq->wIndex)); 2384 ret = ffs_func_revmap_ep(func, le16_to_cpu(creq->wIndex));
2385 if (unlikely(ret < 0)) 2385 if (unlikely(ret < 0))
2386 return ret; 2386 return ret;
2387 break; 2387 break;
2388 2388
2389 default: 2389 default:
2390 return -EOPNOTSUPP; 2390 return -EOPNOTSUPP;
2391 } 2391 }
2392 2392
2393 spin_lock_irqsave(&ffs->ev.waitq.lock, flags); 2393 spin_lock_irqsave(&ffs->ev.waitq.lock, flags);
2394 ffs->ev.setup = *creq; 2394 ffs->ev.setup = *creq;
2395 ffs->ev.setup.wIndex = cpu_to_le16(ret); 2395 ffs->ev.setup.wIndex = cpu_to_le16(ret);
2396 __ffs_event_add(ffs, FUNCTIONFS_SETUP); 2396 __ffs_event_add(ffs, FUNCTIONFS_SETUP);
2397 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags); 2397 spin_unlock_irqrestore(&ffs->ev.waitq.lock, flags);
2398 2398
2399 return 0; 2399 return 0;
2400 } 2400 }
2401 2401
2402 static void ffs_func_suspend(struct usb_function *f) 2402 static void ffs_func_suspend(struct usb_function *f)
2403 { 2403 {
2404 ENTER(); 2404 ENTER();
2405 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_SUSPEND); 2405 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_SUSPEND);
2406 } 2406 }
2407 2407
2408 static void ffs_func_resume(struct usb_function *f) 2408 static void ffs_func_resume(struct usb_function *f)
2409 { 2409 {
2410 ENTER(); 2410 ENTER();
2411 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_RESUME); 2411 ffs_event_add(ffs_func_from_usb(f)->ffs, FUNCTIONFS_RESUME);
2412 } 2412 }
2413 2413
2414 2414
2415 /* Endpoint and interface numbers reverse mapping ***************************/ 2415 /* Endpoint and interface numbers reverse mapping ***************************/
2416 2416
2417 static int ffs_func_revmap_ep(struct ffs_function *func, u8 num) 2417 static int ffs_func_revmap_ep(struct ffs_function *func, u8 num)
2418 { 2418 {
2419 num = func->eps_revmap[num & USB_ENDPOINT_NUMBER_MASK]; 2419 num = func->eps_revmap[num & USB_ENDPOINT_NUMBER_MASK];
2420 return num ? num : -EDOM; 2420 return num ? num : -EDOM;
2421 } 2421 }
2422 2422
2423 static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf) 2423 static int ffs_func_revmap_intf(struct ffs_function *func, u8 intf)
2424 { 2424 {
2425 short *nums = func->interfaces_nums; 2425 short *nums = func->interfaces_nums;
2426 unsigned count = func->ffs->interfaces_count; 2426 unsigned count = func->ffs->interfaces_count;
2427 2427
2428 for (; count; --count, ++nums) { 2428 for (; count; --count, ++nums) {
2429 if (*nums >= 0 && *nums == intf) 2429 if (*nums >= 0 && *nums == intf)
2430 return nums - func->interfaces_nums; 2430 return nums - func->interfaces_nums;
2431 } 2431 }
2432 2432
2433 return -EDOM; 2433 return -EDOM;
2434 } 2434 }
2435 2435
2436 2436
2437 /* Misc helper functions ****************************************************/ 2437 /* Misc helper functions ****************************************************/
2438 2438
2439 static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock) 2439 static int ffs_mutex_lock(struct mutex *mutex, unsigned nonblock)
2440 { 2440 {
2441 return nonblock 2441 return nonblock
2442 ? likely(mutex_trylock(mutex)) ? 0 : -EAGAIN 2442 ? likely(mutex_trylock(mutex)) ? 0 : -EAGAIN
2443 : mutex_lock_interruptible(mutex); 2443 : mutex_lock_interruptible(mutex);
2444 } 2444 }
2445 2445
2446 static char *ffs_prepare_buffer(const char __user *buf, size_t len) 2446 static char *ffs_prepare_buffer(const char __user *buf, size_t len)
2447 { 2447 {
2448 char *data; 2448 char *data;
2449 2449
2450 if (unlikely(!len)) 2450 if (unlikely(!len))
2451 return NULL; 2451 return NULL;
2452 2452
2453 data = kmalloc(len, GFP_KERNEL); 2453 data = kmalloc(len, GFP_KERNEL);
2454 if (unlikely(!data)) 2454 if (unlikely(!data))
2455 return ERR_PTR(-ENOMEM); 2455 return ERR_PTR(-ENOMEM);
2456 2456
2457 if (unlikely(__copy_from_user(data, buf, len))) { 2457 if (unlikely(__copy_from_user(data, buf, len))) {
2458 kfree(data); 2458 kfree(data);
2459 return ERR_PTR(-EFAULT); 2459 return ERR_PTR(-EFAULT);
2460 } 2460 }
2461 2461
2462 pr_vdebug("Buffer from user space:\n"); 2462 pr_vdebug("Buffer from user space:\n");
2463 ffs_dump_mem("", data, len); 2463 ffs_dump_mem("", data, len);
2464 2464
2465 return data; 2465 return data;
2466 } 2466 }