/drivers/usb/gadget/f_mass_storage.c
C | 3173 lines | 2053 code | 421 blank | 699 comment | 474 complexity | 7ae2a02f05aea8f0c3ca979e9574fb03 MD5 | raw file
Possible License(s): LGPL-2.0, AGPL-1.0, GPL-2.0
Large files files are truncated, but you can click here to view the full file
1/* 2 * f_mass_storage.c -- Mass Storage USB Composite Function 3 * 4 * Copyright (C) 2003-2008 Alan Stern 5 * Copyright (C) 2009 Samsung Electronics 6 * Author: Michal Nazarewicz <m.nazarewicz@samsung.com> 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions, and the following disclaimer, 14 * without modification. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. The names of the above-listed copyright holders may not be used 19 * to endorse or promote products derived from this software without 20 * specific prior written permission. 21 * 22 * ALTERNATIVELY, this software may be distributed under the terms of the 23 * GNU General Public License ("GPL") as published by the Free Software 24 * Foundation, either version 2 of that License or (at your option) any 25 * later version. 26 * 27 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS 28 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 29 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 30 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 31 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 32 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 33 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 34 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 35 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 36 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 37 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 38 */ 39 40/* 41 * The Mass Storage Function acts as a USB Mass Storage device, 42 * appearing to the host as a disk drive or as a CD-ROM drive. In 43 * addition to providing an example of a genuinely useful composite 44 * function for a USB device, it also illustrates a technique of 45 * double-buffering for increased throughput. 46 * 47 * Function supports multiple logical units (LUNs). Backing storage 48 * for each LUN is provided by a regular file or a block device. 49 * Access for each LUN can be limited to read-only. Moreover, the 50 * function can indicate that LUN is removable and/or CD-ROM. (The 51 * later implies read-only access.) 52 * 53 * MSF is configured by specifying a fsg_config structure. It has the 54 * following fields: 55 * 56 * nluns Number of LUNs function have (anywhere from 1 57 * to FSG_MAX_LUNS which is 8). 58 * luns An array of LUN configuration values. This 59 * should be filled for each LUN that 60 * function will include (ie. for "nluns" 61 * LUNs). Each element of the array has 62 * the following fields: 63 * ->filename The path to the backing file for the LUN. 64 * Required if LUN is not marked as 65 * removable. 66 * ->ro Flag specifying access to the LUN shall be 67 * read-only. This is implied if CD-ROM 68 * emulation is enabled as well as when 69 * it was impossible to open "filename" 70 * in R/W mode. 71 * ->removable Flag specifying that LUN shall be indicated as 72 * being removable. 73 * ->cdrom Flag specifying that LUN shall be reported as 74 * being a CD-ROM. 75 * ->nofua Flag specifying that FUA flag in SCSI WRITE(10,12) 76 * commands for this LUN shall be ignored. 77 * 78 * lun_name_format A printf-like format for names of the LUN 79 * devices. This determines how the 80 * directory in sysfs will be named. 81 * Unless you are using several MSFs in 82 * a single gadget (as opposed to single 83 * MSF in many configurations) you may 84 * leave it as NULL (in which case 85 * "lun%d" will be used). In the format 86 * you can use "%d" to index LUNs for 87 * MSF's with more than one LUN. (Beware 88 * that there is only one integer given 89 * as an argument for the format and 90 * specifying invalid format may cause 91 * unspecified behaviour.) 92 * thread_name Name of the kernel thread process used by the 93 * MSF. You can safely set it to NULL 94 * (in which case default "file-storage" 95 * will be used). 96 * 97 * vendor_name 98 * product_name 99 * release Information used as a reply to INQUIRY 100 * request. To use default set to NULL, 101 * NULL, 0xffff respectively. The first 102 * field should be 8 and the second 16 103 * characters or less. 104 * 105 * can_stall Set to permit function to halt bulk endpoints. 106 * Disabled on some USB devices known not 107 * to work correctly. You should set it 108 * to true. 109 * 110 * If "removable" is not set for a LUN then a backing file must be 111 * specified. If it is set, then NULL filename means the LUN's medium 112 * is not loaded (an empty string as "filename" in the fsg_config 113 * structure causes error). The CD-ROM emulation includes a single 114 * data track and no audio tracks; hence there need be only one 115 * backing file per LUN. Note also that the CD-ROM block length is 116 * set to 512 rather than the more common value 2048. 117 * 118 * 119 * MSF includes support for module parameters. If gadget using it 120 * decides to use it, the following module parameters will be 121 * available: 122 * 123 * file=filename[,filename...] 124 * Names of the files or block devices used for 125 * backing storage. 126 * ro=b[,b...] Default false, boolean for read-only access. 127 * removable=b[,b...] 128 * Default true, boolean for removable media. 129 * cdrom=b[,b...] Default false, boolean for whether to emulate 130 * a CD-ROM drive. 131 * nofua=b[,b...] Default false, booleans for ignore FUA flag 132 * in SCSI WRITE(10,12) commands 133 * luns=N Default N = number of filenames, number of 134 * LUNs to support. 135 * stall Default determined according to the type of 136 * USB device controller (usually true), 137 * boolean to permit the driver to halt 138 * bulk endpoints. 139 * 140 * The module parameters may be prefixed with some string. You need 141 * to consult gadget's documentation or source to verify whether it is 142 * using those module parameters and if it does what are the prefixes 143 * (look for FSG_MODULE_PARAMETERS() macro usage, what's inside it is 144 * the prefix). 145 * 146 * 147 * Requirements are modest; only a bulk-in and a bulk-out endpoint are 148 * needed. The memory requirement amounts to two 16K buffers, size 149 * configurable by a parameter. Support is included for both 150 * full-speed and high-speed operation. 151 * 152 * Note that the driver is slightly non-portable in that it assumes a 153 * single memory/DMA buffer will be useable for bulk-in, bulk-out, and 154 * interrupt-in endpoints. With most device controllers this isn't an 155 * issue, but there may be some with hardware restrictions that prevent 156 * a buffer from being used by more than one endpoint. 157 * 158 * 159 * The pathnames of the backing files and the ro settings are 160 * available in the attribute files "file" and "ro" in the lun<n> (or 161 * to be more precise in a directory which name comes from 162 * "lun_name_format" option!) subdirectory of the gadget's sysfs 163 * directory. If the "removable" option is set, writing to these 164 * files will simulate ejecting/loading the medium (writing an empty 165 * line means eject) and adjusting a write-enable tab. Changes to the 166 * ro setting are not allowed when the medium is loaded or if CD-ROM 167 * emulation is being used. 168 * 169 * When a LUN receive an "eject" SCSI request (Start/Stop Unit), 170 * if the LUN is removable, the backing file is released to simulate 171 * ejection. 172 * 173 * 174 * This function is heavily based on "File-backed Storage Gadget" by 175 * Alan Stern which in turn is heavily based on "Gadget Zero" by David 176 * Brownell. The driver's SCSI command interface was based on the 177 * "Information technology - Small Computer System Interface - 2" 178 * document from X3T9.2 Project 375D, Revision 10L, 7-SEP-93, 179 * available at <http://www.t10.org/ftp/t10/drafts/s2/s2-r10l.pdf>. 180 * The single exception is opcode 0x23 (READ FORMAT CAPACITIES), which 181 * was based on the "Universal Serial Bus Mass Storage Class UFI 182 * Command Specification" document, Revision 1.0, December 14, 1998, 183 * available at 184 * <http://www.usb.org/developers/devclass_docs/usbmass-ufi10.pdf>. 185 */ 186 187/* 188 * Driver Design 189 * 190 * The MSF is fairly straightforward. There is a main kernel 191 * thread that handles most of the work. Interrupt routines field 192 * callbacks from the controller driver: bulk- and interrupt-request 193 * completion notifications, endpoint-0 events, and disconnect events. 194 * Completion events are passed to the main thread by wakeup calls. Many 195 * ep0 requests are handled at interrupt time, but SetInterface, 196 * SetConfiguration, and device reset requests are forwarded to the 197 * thread in the form of "exceptions" using SIGUSR1 signals (since they 198 * should interrupt any ongoing file I/O operations). 199 * 200 * The thread's main routine implements the standard command/data/status 201 * parts of a SCSI interaction. It and its subroutines are full of tests 202 * for pending signals/exceptions -- all this polling is necessary since 203 * the kernel has no setjmp/longjmp equivalents. (Maybe this is an 204 * indication that the driver really wants to be running in userspace.) 205 * An important point is that so long as the thread is alive it keeps an 206 * open reference to the backing file. This will prevent unmounting 207 * the backing file's underlying filesystem and could cause problems 208 * during system shutdown, for example. To prevent such problems, the 209 * thread catches INT, TERM, and KILL signals and converts them into 210 * an EXIT exception. 211 * 212 * In normal operation the main thread is started during the gadget's 213 * fsg_bind() callback and stopped during fsg_unbind(). But it can 214 * also exit when it receives a signal, and there's no point leaving 215 * the gadget running when the thread is dead. At of this moment, MSF 216 * provides no way to deregister the gadget when thread dies -- maybe 217 * a callback functions is needed. 218 * 219 * To provide maximum throughput, the driver uses a circular pipeline of 220 * buffer heads (struct fsg_buffhd). In principle the pipeline can be 221 * arbitrarily long; in practice the benefits don't justify having more 222 * than 2 stages (i.e., double buffering). But it helps to think of the 223 * pipeline as being a long one. Each buffer head contains a bulk-in and 224 * a bulk-out request pointer (since the buffer can be used for both 225 * output and input -- directions always are given from the host's 226 * point of view) as well as a pointer to the buffer and various state 227 * variables. 228 * 229 * Use of the pipeline follows a simple protocol. There is a variable 230 * (fsg->next_buffhd_to_fill) that points to the next buffer head to use. 231 * At any time that buffer head may still be in use from an earlier 232 * request, so each buffer head has a state variable indicating whether 233 * it is EMPTY, FULL, or BUSY. Typical use involves waiting for the 234 * buffer head to be EMPTY, filling the buffer either by file I/O or by 235 * USB I/O (during which the buffer head is BUSY), and marking the buffer 236 * head FULL when the I/O is complete. Then the buffer will be emptied 237 * (again possibly by USB I/O, during which it is marked BUSY) and 238 * finally marked EMPTY again (possibly by a completion routine). 239 * 240 * A module parameter tells the driver to avoid stalling the bulk 241 * endpoints wherever the transport specification allows. This is 242 * necessary for some UDCs like the SuperH, which cannot reliably clear a 243 * halt on a bulk endpoint. However, under certain circumstances the 244 * Bulk-only specification requires a stall. In such cases the driver 245 * will halt the endpoint and set a flag indicating that it should clear 246 * the halt in software during the next device reset. Hopefully this 247 * will permit everything to work correctly. Furthermore, although the 248 * specification allows the bulk-out endpoint to halt when the host sends 249 * too much data, implementing this would cause an unavoidable race. 250 * The driver will always use the "no-stall" approach for OUT transfers. 251 * 252 * One subtle point concerns sending status-stage responses for ep0 253 * requests. Some of these requests, such as device reset, can involve 254 * interrupting an ongoing file I/O operation, which might take an 255 * arbitrarily long time. During that delay the host might give up on 256 * the original ep0 request and issue a new one. When that happens the 257 * driver should not notify the host about completion of the original 258 * request, as the host will no longer be waiting for it. So the driver 259 * assigns to each ep0 request a unique tag, and it keeps track of the 260 * tag value of the request associated with a long-running exception 261 * (device-reset, interface-change, or configuration-change). When the 262 * exception handler is finished, the status-stage response is submitted 263 * only if the current ep0 request tag is equal to the exception request 264 * tag. Thus only the most recently received ep0 request will get a 265 * status-stage response. 266 * 267 * Warning: This driver source file is too long. It ought to be split up 268 * into a header file plus about 3 separate .c files, to handle the details 269 * of the Gadget, USB Mass Storage, and SCSI protocols. 270 */ 271 272 273/* #define VERBOSE_DEBUG */ 274/* #define DUMP_MSGS */ 275 276#include <linux/blkdev.h> 277#include <linux/completion.h> 278#include <linux/dcache.h> 279#include <linux/delay.h> 280#include <linux/device.h> 281#include <linux/fcntl.h> 282#include <linux/file.h> 283#include <linux/fs.h> 284#include <linux/kref.h> 285#include <linux/kthread.h> 286#include <linux/limits.h> 287#include <linux/rwsem.h> 288#include <linux/slab.h> 289#include <linux/spinlock.h> 290#include <linux/string.h> 291#include <linux/freezer.h> 292#include <linux/utsname.h> 293 294#include <linux/usb/ch9.h> 295#include <linux/usb/gadget.h> 296#include <linux/usb/composite.h> 297 298#include "gadget_chips.h" 299 300 301/*------------------------------------------------------------------------*/ 302 303#define FSG_DRIVER_DESC "Mass Storage Function" 304#define FSG_DRIVER_VERSION "2009/09/11" 305 306static const char fsg_string_interface[] = "Mass Storage"; 307 308#define FSG_NO_INTR_EP 1 309#define FSG_NO_DEVICE_STRINGS 1 310#define FSG_NO_OTG 1 311#define FSG_NO_INTR_EP 1 312 313#include "storage_common.c" 314 315 316/*-------------------------------------------------------------------------*/ 317 318struct fsg_dev; 319struct fsg_common; 320 321/* FSF callback functions */ 322struct fsg_operations { 323 /* 324 * Callback function to call when thread exits. If no 325 * callback is set or it returns value lower then zero MSF 326 * will force eject all LUNs it operates on (including those 327 * marked as non-removable or with prevent_medium_removal flag 328 * set). 329 */ 330 int (*thread_exits)(struct fsg_common *common); 331 332 /* 333 * Called prior to ejection. Negative return means error, 334 * zero means to continue with ejection, positive means not to 335 * eject. 336 */ 337 int (*pre_eject)(struct fsg_common *common, 338 struct fsg_lun *lun, int num); 339 /* 340 * Called after ejection. Negative return means error, zero 341 * or positive is just a success. 342 */ 343 int (*post_eject)(struct fsg_common *common, 344 struct fsg_lun *lun, int num); 345}; 346 347/* Data shared by all the FSG instances. */ 348struct fsg_common { 349 struct usb_gadget *gadget; 350 struct usb_composite_dev *cdev; 351 struct fsg_dev *fsg, *new_fsg; 352 wait_queue_head_t fsg_wait; 353 354 /* filesem protects: backing files in use */ 355 struct rw_semaphore filesem; 356 357 /* lock protects: state, all the req_busy's */ 358 spinlock_t lock; 359 360 struct usb_ep *ep0; /* Copy of gadget->ep0 */ 361 struct usb_request *ep0req; /* Copy of cdev->req */ 362 unsigned int ep0_req_tag; 363 364 struct fsg_buffhd *next_buffhd_to_fill; 365 struct fsg_buffhd *next_buffhd_to_drain; 366 struct fsg_buffhd buffhds[FSG_NUM_BUFFERS]; 367 368 int cmnd_size; 369 u8 cmnd[MAX_COMMAND_SIZE]; 370 371 unsigned int nluns; 372 unsigned int lun; 373 struct fsg_lun *luns; 374 struct fsg_lun *curlun; 375 376 unsigned int bulk_out_maxpacket; 377 enum fsg_state state; /* For exception handling */ 378 unsigned int exception_req_tag; 379 380 enum data_direction data_dir; 381 u32 data_size; 382 u32 data_size_from_cmnd; 383 u32 tag; 384 u32 residue; 385 u32 usb_amount_left; 386 387 unsigned int can_stall:1; 388 unsigned int free_storage_on_release:1; 389 unsigned int phase_error:1; 390 unsigned int short_packet_received:1; 391 unsigned int bad_lun_okay:1; 392 unsigned int running:1; 393 394 int thread_wakeup_needed; 395 struct completion thread_notifier; 396 struct task_struct *thread_task; 397 398 /* Callback functions. */ 399 const struct fsg_operations *ops; 400 /* Gadget's private data. */ 401 void *private_data; 402 403 /* 404 * Vendor (8 chars), product (16 chars), release (4 405 * hexadecimal digits) and NUL byte 406 */ 407 char inquiry_string[8 + 16 + 4 + 1]; 408 409 struct kref ref; 410}; 411 412struct fsg_config { 413 unsigned nluns; 414 struct fsg_lun_config { 415 const char *filename; 416 char ro; 417 char removable; 418 char cdrom; 419 char nofua; 420 } luns[FSG_MAX_LUNS]; 421 422 const char *lun_name_format; 423 const char *thread_name; 424 425 /* Callback functions. */ 426 const struct fsg_operations *ops; 427 /* Gadget's private data. */ 428 void *private_data; 429 430 const char *vendor_name; /* 8 characters or less */ 431 const char *product_name; /* 16 characters or less */ 432 u16 release; 433 434 char can_stall; 435}; 436 437struct fsg_dev { 438 struct usb_function function; 439 struct usb_gadget *gadget; /* Copy of cdev->gadget */ 440 struct fsg_common *common; 441 442 u16 interface_number; 443 444 unsigned int bulk_in_enabled:1; 445 unsigned int bulk_out_enabled:1; 446 447 unsigned long atomic_bitflags; 448#define IGNORE_BULK_OUT 0 449 450 struct usb_ep *bulk_in; 451 struct usb_ep *bulk_out; 452}; 453 454static inline int __fsg_is_set(struct fsg_common *common, 455 const char *func, unsigned line) 456{ 457 if (common->fsg) 458 return 1; 459 ERROR(common, "common->fsg is NULL in %s at %u\n", func, line); 460 WARN_ON(1); 461 return 0; 462} 463 464#define fsg_is_set(common) likely(__fsg_is_set(common, __func__, __LINE__)) 465 466static inline struct fsg_dev *fsg_from_func(struct usb_function *f) 467{ 468 return container_of(f, struct fsg_dev, function); 469} 470 471typedef void (*fsg_routine_t)(struct fsg_dev *); 472 473static int exception_in_progress(struct fsg_common *common) 474{ 475 return common->state > FSG_STATE_IDLE; 476} 477 478/* Make bulk-out requests be divisible by the maxpacket size */ 479static void set_bulk_out_req_length(struct fsg_common *common, 480 struct fsg_buffhd *bh, unsigned int length) 481{ 482 unsigned int rem; 483 484 bh->bulk_out_intended_length = length; 485 rem = length % common->bulk_out_maxpacket; 486 if (rem > 0) 487 length += common->bulk_out_maxpacket - rem; 488 bh->outreq->length = length; 489} 490 491 492/*-------------------------------------------------------------------------*/ 493 494static int fsg_set_halt(struct fsg_dev *fsg, struct usb_ep *ep) 495{ 496 const char *name; 497 498 if (ep == fsg->bulk_in) 499 name = "bulk-in"; 500 else if (ep == fsg->bulk_out) 501 name = "bulk-out"; 502 else 503 name = ep->name; 504 DBG(fsg, "%s set halt\n", name); 505 return usb_ep_set_halt(ep); 506} 507 508 509/*-------------------------------------------------------------------------*/ 510 511/* These routines may be called in process context or in_irq */ 512 513/* Caller must hold fsg->lock */ 514static void wakeup_thread(struct fsg_common *common) 515{ 516 /* Tell the main thread that something has happened */ 517 common->thread_wakeup_needed = 1; 518 if (common->thread_task) 519 wake_up_process(common->thread_task); 520} 521 522static void raise_exception(struct fsg_common *common, enum fsg_state new_state) 523{ 524 unsigned long flags; 525 526 /* 527 * Do nothing if a higher-priority exception is already in progress. 528 * If a lower-or-equal priority exception is in progress, preempt it 529 * and notify the main thread by sending it a signal. 530 */ 531 spin_lock_irqsave(&common->lock, flags); 532 if (common->state <= new_state) { 533 common->exception_req_tag = common->ep0_req_tag; 534 common->state = new_state; 535 if (common->thread_task) 536 send_sig_info(SIGUSR1, SEND_SIG_FORCED, 537 common->thread_task); 538 } 539 spin_unlock_irqrestore(&common->lock, flags); 540} 541 542 543/*-------------------------------------------------------------------------*/ 544 545static int ep0_queue(struct fsg_common *common) 546{ 547 int rc; 548 549 rc = usb_ep_queue(common->ep0, common->ep0req, GFP_ATOMIC); 550 common->ep0->driver_data = common; 551 if (rc != 0 && rc != -ESHUTDOWN) { 552 /* We can't do much more than wait for a reset */ 553 WARNING(common, "error in submission: %s --> %d\n", 554 common->ep0->name, rc); 555 } 556 return rc; 557} 558 559 560/*-------------------------------------------------------------------------*/ 561 562/* Completion handlers. These always run in_irq. */ 563 564static void bulk_in_complete(struct usb_ep *ep, struct usb_request *req) 565{ 566 struct fsg_common *common = ep->driver_data; 567 struct fsg_buffhd *bh = req->context; 568 569 if (req->status || req->actual != req->length) 570 DBG(common, "%s --> %d, %u/%u\n", __func__, 571 req->status, req->actual, req->length); 572 if (req->status == -ECONNRESET) /* Request was cancelled */ 573 usb_ep_fifo_flush(ep); 574 575 /* Hold the lock while we update the request and buffer states */ 576 smp_wmb(); 577 spin_lock(&common->lock); 578 bh->inreq_busy = 0; 579 bh->state = BUF_STATE_EMPTY; 580 wakeup_thread(common); 581 spin_unlock(&common->lock); 582} 583 584static void bulk_out_complete(struct usb_ep *ep, struct usb_request *req) 585{ 586 struct fsg_common *common = ep->driver_data; 587 struct fsg_buffhd *bh = req->context; 588 589 dump_msg(common, "bulk-out", req->buf, req->actual); 590 if (req->status || req->actual != bh->bulk_out_intended_length) 591 DBG(common, "%s --> %d, %u/%u\n", __func__, 592 req->status, req->actual, bh->bulk_out_intended_length); 593 if (req->status == -ECONNRESET) /* Request was cancelled */ 594 usb_ep_fifo_flush(ep); 595 596 /* Hold the lock while we update the request and buffer states */ 597 smp_wmb(); 598 spin_lock(&common->lock); 599 bh->outreq_busy = 0; 600 bh->state = BUF_STATE_FULL; 601 wakeup_thread(common); 602 spin_unlock(&common->lock); 603} 604 605static int fsg_setup(struct usb_function *f, 606 const struct usb_ctrlrequest *ctrl) 607{ 608 struct fsg_dev *fsg = fsg_from_func(f); 609 struct usb_request *req = fsg->common->ep0req; 610 u16 w_index = le16_to_cpu(ctrl->wIndex); 611 u16 w_value = le16_to_cpu(ctrl->wValue); 612 u16 w_length = le16_to_cpu(ctrl->wLength); 613 614 if (!fsg_is_set(fsg->common)) 615 return -EOPNOTSUPP; 616 617 ++fsg->common->ep0_req_tag; /* Record arrival of a new request */ 618 req->context = NULL; 619 req->length = 0; 620 dump_msg(fsg, "ep0-setup", (u8 *) ctrl, sizeof(*ctrl)); 621 622 switch (ctrl->bRequest) { 623 624 case USB_BULK_RESET_REQUEST: 625 if (ctrl->bRequestType != 626 (USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE)) 627 break; 628 if (w_index != fsg->interface_number || w_value != 0) 629 return -EDOM; 630 631 /* 632 * Raise an exception to stop the current operation 633 * and reinitialize our state. 634 */ 635 DBG(fsg, "bulk reset request\n"); 636 raise_exception(fsg->common, FSG_STATE_RESET); 637 return DELAYED_STATUS; 638 639 case USB_BULK_GET_MAX_LUN_REQUEST: 640 if (ctrl->bRequestType != 641 (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE)) 642 break; 643 if (w_index != fsg->interface_number || w_value != 0) 644 return -EDOM; 645 VDBG(fsg, "get max LUN\n"); 646 *(u8 *)req->buf = fsg->common->nluns - 1; 647 648 /* Respond with data/status */ 649 req->length = min((u16)1, w_length); 650 return ep0_queue(fsg->common); 651 } 652 653 VDBG(fsg, 654 "unknown class-specific control req %02x.%02x v%04x i%04x l%u\n", 655 ctrl->bRequestType, ctrl->bRequest, 656 le16_to_cpu(ctrl->wValue), w_index, w_length); 657 return -EOPNOTSUPP; 658} 659 660 661/*-------------------------------------------------------------------------*/ 662 663/* All the following routines run in process context */ 664 665/* Use this for bulk or interrupt transfers, not ep0 */ 666static void start_transfer(struct fsg_dev *fsg, struct usb_ep *ep, 667 struct usb_request *req, int *pbusy, 668 enum fsg_buffer_state *state) 669{ 670 int rc; 671 672 if (ep == fsg->bulk_in) 673 dump_msg(fsg, "bulk-in", req->buf, req->length); 674 675 spin_lock_irq(&fsg->common->lock); 676 *pbusy = 1; 677 *state = BUF_STATE_BUSY; 678 spin_unlock_irq(&fsg->common->lock); 679 rc = usb_ep_queue(ep, req, GFP_KERNEL); 680 if (rc != 0) { 681 *pbusy = 0; 682 *state = BUF_STATE_EMPTY; 683 684 /* We can't do much more than wait for a reset */ 685 686 /* 687 * Note: currently the net2280 driver fails zero-length 688 * submissions if DMA is enabled. 689 */ 690 if (rc != -ESHUTDOWN && 691 !(rc == -EOPNOTSUPP && req->length == 0)) 692 WARNING(fsg, "error in submission: %s --> %d\n", 693 ep->name, rc); 694 } 695} 696 697static bool start_in_transfer(struct fsg_common *common, struct fsg_buffhd *bh) 698{ 699 if (!fsg_is_set(common)) 700 return false; 701 start_transfer(common->fsg, common->fsg->bulk_in, 702 bh->inreq, &bh->inreq_busy, &bh->state); 703 return true; 704} 705 706static bool start_out_transfer(struct fsg_common *common, struct fsg_buffhd *bh) 707{ 708 if (!fsg_is_set(common)) 709 return false; 710 start_transfer(common->fsg, common->fsg->bulk_out, 711 bh->outreq, &bh->outreq_busy, &bh->state); 712 return true; 713} 714 715static int sleep_thread(struct fsg_common *common) 716{ 717 int rc = 0; 718 719 /* Wait until a signal arrives or we are woken up */ 720 for (;;) { 721 try_to_freeze(); 722 set_current_state(TASK_INTERRUPTIBLE); 723 if (signal_pending(current)) { 724 rc = -EINTR; 725 break; 726 } 727 if (common->thread_wakeup_needed) 728 break; 729 schedule(); 730 } 731 __set_current_state(TASK_RUNNING); 732 common->thread_wakeup_needed = 0; 733 return rc; 734} 735 736 737/*-------------------------------------------------------------------------*/ 738 739static int do_read(struct fsg_common *common) 740{ 741 struct fsg_lun *curlun = common->curlun; 742 u32 lba; 743 struct fsg_buffhd *bh; 744 int rc; 745 u32 amount_left; 746 loff_t file_offset, file_offset_tmp; 747 unsigned int amount; 748 unsigned int partial_page; 749 ssize_t nread; 750 751 /* 752 * Get the starting Logical Block Address and check that it's 753 * not too big. 754 */ 755 if (common->cmnd[0] == READ_6) 756 lba = get_unaligned_be24(&common->cmnd[1]); 757 else { 758 lba = get_unaligned_be32(&common->cmnd[2]); 759 760 /* 761 * We allow DPO (Disable Page Out = don't save data in the 762 * cache) and FUA (Force Unit Access = don't read from the 763 * cache), but we don't implement them. 764 */ 765 if ((common->cmnd[1] & ~0x18) != 0) { 766 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 767 return -EINVAL; 768 } 769 } 770 if (lba >= curlun->num_sectors) { 771 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 772 return -EINVAL; 773 } 774 file_offset = ((loff_t) lba) << 9; 775 776 /* Carry out the file reads */ 777 amount_left = common->data_size_from_cmnd; 778 if (unlikely(amount_left == 0)) 779 return -EIO; /* No default reply */ 780 781 for (;;) { 782 /* 783 * Figure out how much we need to read: 784 * Try to read the remaining amount. 785 * But don't read more than the buffer size. 786 * And don't try to read past the end of the file. 787 * Finally, if we're not at a page boundary, don't read past 788 * the next page. 789 * If this means reading 0 then we were asked to read past 790 * the end of file. 791 */ 792 amount = min(amount_left, FSG_BUFLEN); 793 amount = min((loff_t)amount, 794 curlun->file_length - file_offset); 795 partial_page = file_offset & (PAGE_CACHE_SIZE - 1); 796 if (partial_page > 0) 797 amount = min(amount, (unsigned int)PAGE_CACHE_SIZE - 798 partial_page); 799 800 /* Wait for the next buffer to become available */ 801 bh = common->next_buffhd_to_fill; 802 while (bh->state != BUF_STATE_EMPTY) { 803 rc = sleep_thread(common); 804 if (rc) 805 return rc; 806 } 807 808 /* 809 * If we were asked to read past the end of file, 810 * end with an empty buffer. 811 */ 812 if (amount == 0) { 813 curlun->sense_data = 814 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 815 curlun->sense_data_info = file_offset >> 9; 816 curlun->info_valid = 1; 817 bh->inreq->length = 0; 818 bh->state = BUF_STATE_FULL; 819 break; 820 } 821 822 /* Perform the read */ 823 file_offset_tmp = file_offset; 824 nread = vfs_read(curlun->filp, 825 (char __user *)bh->buf, 826 amount, &file_offset_tmp); 827 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount, 828 (unsigned long long)file_offset, (int)nread); 829 if (signal_pending(current)) 830 return -EINTR; 831 832 if (nread < 0) { 833 LDBG(curlun, "error in file read: %d\n", (int)nread); 834 nread = 0; 835 } else if (nread < amount) { 836 LDBG(curlun, "partial file read: %d/%u\n", 837 (int)nread, amount); 838 nread -= (nread & 511); /* Round down to a block */ 839 } 840 file_offset += nread; 841 amount_left -= nread; 842 common->residue -= nread; 843 bh->inreq->length = nread; 844 bh->state = BUF_STATE_FULL; 845 846 /* If an error occurred, report it and its position */ 847 if (nread < amount) { 848 curlun->sense_data = SS_UNRECOVERED_READ_ERROR; 849 curlun->sense_data_info = file_offset >> 9; 850 curlun->info_valid = 1; 851 break; 852 } 853 854 if (amount_left == 0) 855 break; /* No more left to read */ 856 857 /* Send this buffer and go read some more */ 858 bh->inreq->zero = 0; 859 if (!start_in_transfer(common, bh)) 860 /* Don't know what to do if common->fsg is NULL */ 861 return -EIO; 862 common->next_buffhd_to_fill = bh->next; 863 } 864 865 return -EIO; /* No default reply */ 866} 867 868 869/*-------------------------------------------------------------------------*/ 870 871static int do_write(struct fsg_common *common) 872{ 873 struct fsg_lun *curlun = common->curlun; 874 u32 lba; 875 struct fsg_buffhd *bh; 876 int get_some_more; 877 u32 amount_left_to_req, amount_left_to_write; 878 loff_t usb_offset, file_offset, file_offset_tmp; 879 unsigned int amount; 880 unsigned int partial_page; 881 ssize_t nwritten; 882 int rc; 883 884 if (curlun->ro) { 885 curlun->sense_data = SS_WRITE_PROTECTED; 886 return -EINVAL; 887 } 888 spin_lock(&curlun->filp->f_lock); 889 curlun->filp->f_flags &= ~O_SYNC; /* Default is not to wait */ 890 spin_unlock(&curlun->filp->f_lock); 891 892 /* 893 * Get the starting Logical Block Address and check that it's 894 * not too big 895 */ 896 if (common->cmnd[0] == WRITE_6) 897 lba = get_unaligned_be24(&common->cmnd[1]); 898 else { 899 lba = get_unaligned_be32(&common->cmnd[2]); 900 901 /* 902 * We allow DPO (Disable Page Out = don't save data in the 903 * cache) and FUA (Force Unit Access = write directly to the 904 * medium). We don't implement DPO; we implement FUA by 905 * performing synchronous output. 906 */ 907 if (common->cmnd[1] & ~0x18) { 908 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 909 return -EINVAL; 910 } 911 if (!curlun->nofua && (common->cmnd[1] & 0x08)) { /* FUA */ 912 spin_lock(&curlun->filp->f_lock); 913 curlun->filp->f_flags |= O_SYNC; 914 spin_unlock(&curlun->filp->f_lock); 915 } 916 } 917 if (lba >= curlun->num_sectors) { 918 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 919 return -EINVAL; 920 } 921 922 /* Carry out the file writes */ 923 get_some_more = 1; 924 file_offset = usb_offset = ((loff_t) lba) << 9; 925 amount_left_to_req = common->data_size_from_cmnd; 926 amount_left_to_write = common->data_size_from_cmnd; 927 928 while (amount_left_to_write > 0) { 929 930 /* Queue a request for more data from the host */ 931 bh = common->next_buffhd_to_fill; 932 if (bh->state == BUF_STATE_EMPTY && get_some_more) { 933 934 /* 935 * Figure out how much we want to get: 936 * Try to get the remaining amount. 937 * But don't get more than the buffer size. 938 * And don't try to go past the end of the file. 939 * If we're not at a page boundary, 940 * don't go past the next page. 941 * If this means getting 0, then we were asked 942 * to write past the end of file. 943 * Finally, round down to a block boundary. 944 */ 945 amount = min(amount_left_to_req, FSG_BUFLEN); 946 amount = min((loff_t)amount, 947 curlun->file_length - usb_offset); 948 partial_page = usb_offset & (PAGE_CACHE_SIZE - 1); 949 if (partial_page > 0) 950 amount = min(amount, 951 (unsigned int)PAGE_CACHE_SIZE - partial_page); 952 953 if (amount == 0) { 954 get_some_more = 0; 955 curlun->sense_data = 956 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 957 curlun->sense_data_info = usb_offset >> 9; 958 curlun->info_valid = 1; 959 continue; 960 } 961 amount -= amount & 511; 962 if (amount == 0) { 963 964 /* 965 * Why were we were asked to transfer a 966 * partial block? 967 */ 968 get_some_more = 0; 969 continue; 970 } 971 972 /* Get the next buffer */ 973 usb_offset += amount; 974 common->usb_amount_left -= amount; 975 amount_left_to_req -= amount; 976 if (amount_left_to_req == 0) 977 get_some_more = 0; 978 979 /* 980 * amount is always divisible by 512, hence by 981 * the bulk-out maxpacket size 982 */ 983 bh->outreq->length = amount; 984 bh->bulk_out_intended_length = amount; 985 bh->outreq->short_not_ok = 1; 986 if (!start_out_transfer(common, bh)) 987 /* Dunno what to do if common->fsg is NULL */ 988 return -EIO; 989 common->next_buffhd_to_fill = bh->next; 990 continue; 991 } 992 993 /* Write the received data to the backing file */ 994 bh = common->next_buffhd_to_drain; 995 if (bh->state == BUF_STATE_EMPTY && !get_some_more) 996 break; /* We stopped early */ 997 if (bh->state == BUF_STATE_FULL) { 998 smp_rmb(); 999 common->next_buffhd_to_drain = bh->next; 1000 bh->state = BUF_STATE_EMPTY; 1001 1002 /* Did something go wrong with the transfer? */ 1003 if (bh->outreq->status != 0) { 1004 curlun->sense_data = SS_COMMUNICATION_FAILURE; 1005 curlun->sense_data_info = file_offset >> 9; 1006 curlun->info_valid = 1; 1007 break; 1008 } 1009 1010 amount = bh->outreq->actual; 1011 if (curlun->file_length - file_offset < amount) { 1012 LERROR(curlun, 1013 "write %u @ %llu beyond end %llu\n", 1014 amount, (unsigned long long)file_offset, 1015 (unsigned long long)curlun->file_length); 1016 amount = curlun->file_length - file_offset; 1017 } 1018 1019 /* Perform the write */ 1020 file_offset_tmp = file_offset; 1021 nwritten = vfs_write(curlun->filp, 1022 (char __user *)bh->buf, 1023 amount, &file_offset_tmp); 1024 VLDBG(curlun, "file write %u @ %llu -> %d\n", amount, 1025 (unsigned long long)file_offset, (int)nwritten); 1026 if (signal_pending(current)) 1027 return -EINTR; /* Interrupted! */ 1028 1029 if (nwritten < 0) { 1030 LDBG(curlun, "error in file write: %d\n", 1031 (int)nwritten); 1032 nwritten = 0; 1033 } else if (nwritten < amount) { 1034 LDBG(curlun, "partial file write: %d/%u\n", 1035 (int)nwritten, amount); 1036 nwritten -= (nwritten & 511); 1037 /* Round down to a block */ 1038 } 1039 file_offset += nwritten; 1040 amount_left_to_write -= nwritten; 1041 common->residue -= nwritten; 1042 1043 /* If an error occurred, report it and its position */ 1044 if (nwritten < amount) { 1045 curlun->sense_data = SS_WRITE_ERROR; 1046 curlun->sense_data_info = file_offset >> 9; 1047 curlun->info_valid = 1; 1048 break; 1049 } 1050 1051 /* Did the host decide to stop early? */ 1052 if (bh->outreq->actual != bh->outreq->length) { 1053 common->short_packet_received = 1; 1054 break; 1055 } 1056 continue; 1057 } 1058 1059 /* Wait for something to happen */ 1060 rc = sleep_thread(common); 1061 if (rc) 1062 return rc; 1063 } 1064 1065 return -EIO; /* No default reply */ 1066} 1067 1068 1069/*-------------------------------------------------------------------------*/ 1070 1071static int do_synchronize_cache(struct fsg_common *common) 1072{ 1073 struct fsg_lun *curlun = common->curlun; 1074 int rc; 1075 1076 /* We ignore the requested LBA and write out all file's 1077 * dirty data buffers. */ 1078 rc = fsg_lun_fsync_sub(curlun); 1079 if (rc) 1080 curlun->sense_data = SS_WRITE_ERROR; 1081 return 0; 1082} 1083 1084 1085/*-------------------------------------------------------------------------*/ 1086 1087static void invalidate_sub(struct fsg_lun *curlun) 1088{ 1089 struct file *filp = curlun->filp; 1090 struct inode *inode = filp->f_path.dentry->d_inode; 1091 unsigned long rc; 1092 1093 rc = invalidate_mapping_pages(inode->i_mapping, 0, -1); 1094 VLDBG(curlun, "invalidate_mapping_pages -> %ld\n", rc); 1095} 1096 1097static int do_verify(struct fsg_common *common) 1098{ 1099 struct fsg_lun *curlun = common->curlun; 1100 u32 lba; 1101 u32 verification_length; 1102 struct fsg_buffhd *bh = common->next_buffhd_to_fill; 1103 loff_t file_offset, file_offset_tmp; 1104 u32 amount_left; 1105 unsigned int amount; 1106 ssize_t nread; 1107 1108 /* 1109 * Get the starting Logical Block Address and check that it's 1110 * not too big. 1111 */ 1112 lba = get_unaligned_be32(&common->cmnd[2]); 1113 if (lba >= curlun->num_sectors) { 1114 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1115 return -EINVAL; 1116 } 1117 1118 /* 1119 * We allow DPO (Disable Page Out = don't save data in the 1120 * cache) but we don't implement it. 1121 */ 1122 if (common->cmnd[1] & ~0x10) { 1123 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1124 return -EINVAL; 1125 } 1126 1127 verification_length = get_unaligned_be16(&common->cmnd[7]); 1128 if (unlikely(verification_length == 0)) 1129 return -EIO; /* No default reply */ 1130 1131 /* Prepare to carry out the file verify */ 1132 amount_left = verification_length << 9; 1133 file_offset = ((loff_t) lba) << 9; 1134 1135 /* Write out all the dirty buffers before invalidating them */ 1136 fsg_lun_fsync_sub(curlun); 1137 if (signal_pending(current)) 1138 return -EINTR; 1139 1140 invalidate_sub(curlun); 1141 if (signal_pending(current)) 1142 return -EINTR; 1143 1144 /* Just try to read the requested blocks */ 1145 while (amount_left > 0) { 1146 /* 1147 * Figure out how much we need to read: 1148 * Try to read the remaining amount, but not more than 1149 * the buffer size. 1150 * And don't try to read past the end of the file. 1151 * If this means reading 0 then we were asked to read 1152 * past the end of file. 1153 */ 1154 amount = min(amount_left, FSG_BUFLEN); 1155 amount = min((loff_t)amount, 1156 curlun->file_length - file_offset); 1157 if (amount == 0) { 1158 curlun->sense_data = 1159 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1160 curlun->sense_data_info = file_offset >> 9; 1161 curlun->info_valid = 1; 1162 break; 1163 } 1164 1165 /* Perform the read */ 1166 file_offset_tmp = file_offset; 1167 nread = vfs_read(curlun->filp, 1168 (char __user *) bh->buf, 1169 amount, &file_offset_tmp); 1170 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount, 1171 (unsigned long long) file_offset, 1172 (int) nread); 1173 if (signal_pending(current)) 1174 return -EINTR; 1175 1176 if (nread < 0) { 1177 LDBG(curlun, "error in file verify: %d\n", (int)nread); 1178 nread = 0; 1179 } else if (nread < amount) { 1180 LDBG(curlun, "partial file verify: %d/%u\n", 1181 (int)nread, amount); 1182 nread -= nread & 511; /* Round down to a sector */ 1183 } 1184 if (nread == 0) { 1185 curlun->sense_data = SS_UNRECOVERED_READ_ERROR; 1186 curlun->sense_data_info = file_offset >> 9; 1187 curlun->info_valid = 1; 1188 break; 1189 } 1190 file_offset += nread; 1191 amount_left -= nread; 1192 } 1193 return 0; 1194} 1195 1196 1197/*-------------------------------------------------------------------------*/ 1198 1199static int do_inquiry(struct fsg_common *common, struct fsg_buffhd *bh) 1200{ 1201 struct fsg_lun *curlun = common->curlun; 1202 u8 *buf = (u8 *) bh->buf; 1203 1204 if (!curlun) { /* Unsupported LUNs are okay */ 1205 common->bad_lun_okay = 1; 1206 memset(buf, 0, 36); 1207 buf[0] = 0x7f; /* Unsupported, no device-type */ 1208 buf[4] = 31; /* Additional length */ 1209 return 36; 1210 } 1211 1212 buf[0] = curlun->cdrom ? TYPE_ROM : TYPE_DISK; 1213 buf[1] = curlun->removable ? 0x80 : 0; 1214 buf[2] = 2; /* ANSI SCSI level 2 */ 1215 buf[3] = 2; /* SCSI-2 INQUIRY data format */ 1216 buf[4] = 31; /* Additional length */ 1217 buf[5] = 0; /* No special options */ 1218 buf[6] = 0; 1219 buf[7] = 0; 1220 memcpy(buf + 8, common->inquiry_string, sizeof common->inquiry_string); 1221 return 36; 1222} 1223 1224static int do_request_sense(struct fsg_common *common, struct fsg_buffhd *bh) 1225{ 1226 struct fsg_lun *curlun = common->curlun; 1227 u8 *buf = (u8 *) bh->buf; 1228 u32 sd, sdinfo; 1229 int valid; 1230 1231 /* 1232 * From the SCSI-2 spec., section 7.9 (Unit attention condition): 1233 * 1234 * If a REQUEST SENSE command is received from an initiator 1235 * with a pending unit attention condition (before the target 1236 * generates the contingent allegiance condition), then the 1237 * target shall either: 1238 * a) report any pending sense data and preserve the unit 1239 * attention condition on the logical unit, or, 1240 * b) report the unit attention condition, may discard any 1241 * pending sense data, and clear the unit attention 1242 * condition on the logical unit for that initiator. 1243 * 1244 * FSG normally uses option a); enable this code to use option b). 1245 */ 1246#if 0 1247 if (curlun && curlun->unit_attention_data != SS_NO_SENSE) { 1248 curlun->sense_data = curlun->unit_attention_data; 1249 curlun->unit_attention_data = SS_NO_SENSE; 1250 } 1251#endif 1252 1253 if (!curlun) { /* Unsupported LUNs are okay */ 1254 common->bad_lun_okay = 1; 1255 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED; 1256 sdinfo = 0; 1257 valid = 0; 1258 } else { 1259 sd = curlun->sense_data; 1260 sdinfo = curlun->sense_data_info; 1261 valid = curlun->info_valid << 7; 1262 curlun->sense_data = SS_NO_SENSE; 1263 curlun->sense_data_info = 0; 1264 curlun->info_valid = 0; 1265 } 1266 1267 memset(buf, 0, 18); 1268 buf[0] = valid | 0x70; /* Valid, current error */ 1269 buf[2] = SK(sd); 1270 put_unaligned_be32(sdinfo, &buf[3]); /* Sense information */ 1271 buf[7] = 18 - 8; /* Additional sense length */ 1272 buf[12] = ASC(sd); 1273 buf[13] = ASCQ(sd); 1274 return 18; 1275} 1276 1277static int do_read_capacity(struct fsg_common *common, struct fsg_buffhd *bh) 1278{ 1279 struct fsg_lun *curlun = common->curlun; 1280 u32 lba = get_unaligned_be32(&common->cmnd[2]); 1281 int pmi = common->cmnd[8]; 1282 u8 *buf = (u8 *)bh->buf; 1283 1284 /* Check the PMI and LBA fields */ 1285 if (pmi > 1 || (pmi == 0 && lba != 0)) { 1286 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1287 return -EINVAL; 1288 } 1289 1290 put_unaligned_be32(curlun->num_sectors - 1, &buf[0]); 1291 /* Max logical block */ 1292 put_unaligned_be32(512, &buf[4]); /* Block length */ 1293 return 8; 1294} 1295 1296static int do_read_header(struct fsg_common *common, struct fsg_buffhd *bh) 1297{ 1298 struct fsg_lun *curlun = common->curlun; 1299 int msf = common->cmnd[1] & 0x02; 1300 u32 lba = get_unaligned_be32(&common->cmnd[2]); 1301 u8 *buf = (u8 *)bh->buf; 1302 1303 if (common->cmnd[1] & ~0x02) { /* Mask away MSF */ 1304 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1305 return -EINVAL; 1306 } 1307 if (lba >= curlun->num_sectors) { 1308 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE; 1309 return -EINVAL; 1310 } 1311 1312 memset(buf, 0, 8); 1313 buf[0] = 0x01; /* 2048 bytes of user data, rest is EC */ 1314 store_cdrom_address(&buf[4], msf, lba); 1315 return 8; 1316} 1317 1318static int do_read_toc(struct fsg_common *common, struct fsg_buffhd *bh) 1319{ 1320 struct fsg_lun *curlun = common->curlun; 1321 int msf = common->cmnd[1] & 0x02; 1322 int start_track = common->cmnd[6]; 1323 u8 *buf = (u8 *)bh->buf; 1324 1325 if ((common->cmnd[1] & ~0x02) != 0 || /* Mask away MSF */ 1326 start_track > 1) { 1327 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1328 return -EINVAL; 1329 } 1330 1331 memset(buf, 0, 20); 1332 buf[1] = (20-2); /* TOC data length */ 1333 buf[2] = 1; /* First track number */ 1334 buf[3] = 1; /* Last track number */ 1335 buf[5] = 0x16; /* Data track, copying allowed */ 1336 buf[6] = 0x01; /* Only track is number 1 */ 1337 store_cdrom_address(&buf[8], msf, 0); 1338 1339 buf[13] = 0x16; /* Lead-out track is data */ 1340 buf[14] = 0xAA; /* Lead-out track number */ 1341 store_cdrom_address(&buf[16], msf, curlun->num_sectors); 1342 return 20; 1343} 1344 1345static int do_mode_sense(struct fsg_common *common, struct fsg_buffhd *bh) 1346{ 1347 struct fsg_lun *curlun = common->curlun; 1348 int mscmnd = common->cmnd[0]; 1349 u8 *buf = (u8 *) bh->buf; 1350 u8 *buf0 = buf; 1351 int pc, page_code; 1352 int changeable_values, all_pages; 1353 int valid_page = 0; 1354 int len, limit; 1355 1356 if ((common->cmnd[1] & ~0x08) != 0) { /* Mask away DBD */ 1357 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1358 return -EINVAL; 1359 } 1360 pc = common->cmnd[2] >> 6; 1361 page_code = common->cmnd[2] & 0x3f; 1362 if (pc == 3) { 1363 curlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED; 1364 return -EINVAL; 1365 } 1366 changeable_values = (pc == 1); 1367 all_pages = (page_code == 0x3f); 1368 1369 /* 1370 * Write the mode parameter header. Fixed values are: default 1371 * medium type, no cache control (DPOFUA), and no block descriptors. 1372 * The only variable value is the WriteProtect bit. We will fill in 1373 * the mode data length later. 1374 */ 1375 memset(buf, 0, 8); 1376 if (mscmnd == MODE_SENSE) { 1377 buf[2] = (curlun->ro ? 0x80 : 0x00); /* WP, DPOFUA */ 1378 buf += 4; 1379 limit = 255; 1380 } else { /* MODE_SENSE_10 */ 1381 buf[3] = (curlun->ro ? 0x80 : 0x00); /* WP, DPOFUA */ 1382 buf += 8; 1383 limit = 65535; /* Should really be FSG_BUFLEN */ 1384 } 1385 1386 /* No block descriptors */ 1387 1388 /* 1389 * The mode pages, in numerical order. The only page we support 1390 * is the Caching page. 1391 */ 1392 if (page_code == 0x08 || all_pages) { 1393 valid_page = 1; 1394 buf[0] = 0x08; /* Page code */ 1395 buf[1] = 10; /* Page length */ 1396 memset(buf+2, 0, 10); /* None of the fields are changeable */ 1397 1398 if (!changeable_values) { 1399 buf[2] = 0x04; /* Write cache enable, */ 1400 /* Read cache not disabled */ 1401 /* No cache retention priorities */ 1402 put_unaligned_be16(0xffff, &buf[4]); 1403 /* Don't disable prefetch */ 1404 /* Minimum prefetch = 0 */ 1405 put_unaligned_be16(0xffff, &buf[8]); 1406 /* Maximum prefetch */ 1407 put_unaligned_be16(0xffff, &buf[10]); 1408 /* Maximum prefetch ceiling */ 1409 } 1410 buf += 12; 1411 } 1412 1413 /* 1414 * Check that a valid page was requested and the mode data length 1415 * isn't too long. 1416 */ 1417 len = buf - buf0; 1418 if (!valid_page || len > limit) { 1419 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1420 return -EINVAL; 1421 } 1422 1423 /* Store the mode data length */ 1424 if (mscmnd == MODE_SENSE) 1425 buf0[0] = len - 1; 1426 else 1427 put_unaligned_be16(len - 2, buf0); 1428 return len; 1429} 1430 1431static int do_start_stop(struct fsg_common *common) 1432{ 1433 struct fsg_lun *curlun = common->curlun; 1434 int loej, start; 1435 1436 if (!curlun) { 1437 return -EINVAL; 1438 } else if (!curlun->removable) { 1439 curlun->sense_data = SS_INVALID_COMMAND; 1440 return -EINVAL; 1441 } else if ((common->cmnd[1] & ~0x01) != 0 || /* Mask away Immed */ 1442 (common->cmnd[4] & ~0x03) != 0) { /* Mask LoEj, Start */ 1443 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1444 return -EINVAL; 1445 } 1446 1447 loej = common->cmnd[4] & 0x02; 1448 start = common->cmnd[4] & 0x01; 1449 1450 /* 1451 * Our emulation doesn't support mounting; the medium is 1452 * available for use as soon as it is loaded. 1453 */ 1454 if (start) { 1455 if (!fsg_lun_is_open(curlun)) { 1456 curlun->sense_data = SS_MEDIUM_NOT_PRESENT; 1457 return -EINVAL; 1458 } 1459 return 0; 1460 } 1461 1462 /* Are we allowed to unload the media? */ 1463 if (curlun->prevent_medium_removal) { 1464 LDBG(curlun, "unload attempt prevented\n"); 1465 curlun->sense_data = SS_MEDIUM_REMOVAL_PREVENTED; 1466 return -EINVAL; 1467 } 1468 1469 if (!loej) 1470 return 0; 1471 1472 /* Simulate an unload/eject */ 1473 if (common->ops && common->ops->pre_eject) { 1474 int r = common->ops->pre_eject(common, curlun, 1475 curlun - common->luns); 1476 if (unlikely(r < 0)) 1477 return r; 1478 else if (r) 1479 return 0; 1480 } 1481 1482 up_read(&common->filesem); 1483 down_write(&common->filesem); 1484 fsg_lun_close(curlun); 1485 up_write(&common->filesem); 1486 down_read(&common->filesem); 1487 1488 return common->ops && common->ops->post_eject 1489 ? min(0, common->ops->post_eject(common, curlun, 1490 curlun - common->luns)) 1491 : 0; 1492} 1493 1494static int do_prevent_allow(struct fsg_common *common) 1495{ 1496 struct fsg_lun *curlun = common->curlun; 1497 int prevent; 1498 1499 if (!common->curlun) { 1500 return -EINVAL; 1501 } else if (!common->curlun->removable) { 1502 common->curlun->sense_data = SS_INVALID_COMMAND; 1503 return -EINVAL; 1504 } 1505 1506 prevent = common->cmnd[4] & 0x01; 1507 if ((common->cmnd[4] & ~0x01) != 0) { /* Mask away Prevent */ 1508 curlun->sense_data = SS_INVALID_FIELD_IN_CDB; 1509 return -EINVAL; 1510 } 1511 1512 if (curlun->prevent_medium_removal && !prevent) 1513 fsg_lun_fsync_sub(curlun); 1514 curlun->prevent_medium_removal = prevent; 1515 return 0; 1516} 1517 1518static int do_read_format_capacities(struct fsg_common *common, 1519 struct fsg_buffhd *bh) 1520{ 1521 struct fsg_lun *curlun = common->curlun; 1522 u8 *buf = (u8 *) bh->buf; 1523 1524 buf[0] = buf[1] = buf[2] = 0; 1525 buf[3] = 8; /* Only the Current/Maximum Capacity Descriptor */ 1526 buf += 4; 1527 1528 put_unaligned_be32(curlun->num_sectors, &buf[0]); 1529 /* Number of blocks */ 1530 put_unaligned_be32(512, &buf[4]); /* Block length */ 1531 buf[4] = 0x02; /* Current capacity */ 1532 return 12; 1533} 1534 1535static int do_mode_select(struct fsg_common *common, struct fsg_buffhd *bh) 1536{ 1537 struct fsg_lun *curlun = common->curlun; 1538 1539 /* We don't support MODE SELECT */ 1540 if (curlun) 1541 curlun->sense_data = SS_INVALID_COMMAND; 1542 return -EINVAL; 1543} 1544 1545 1546/*-------------------------------------------------------------------------*/ 1547 1548static int halt_bulk_in_endpoint(struct fsg_dev *fsg) 1549{ 1550 int rc; 1551 1552 rc = fsg_set_halt(fsg, fsg->bulk_in); 1553 if (rc == -EAGAIN) 1554 VDBG(fsg, "delayed bulk-in endpoint halt\n"); 1555 while (rc != 0) { 1556 if (rc != -EAGAIN) { 1557 WARNING(fsg, "usb_ep_set_halt -> %d\n", rc); 1558 rc = 0; 1559 break; 1560 } 1561 1562 /* Wait for a short time and then try again */ 1563 if (msleep_interruptible(100) != 0) 1564 return -EINTR; 1565 rc = usb_ep_set_halt(fsg->bulk_in); 1566 } 1567 return rc; 1568} 1569 1570static int wedge_bulk_in_endpoint(struct fsg_dev *fsg) 1571{ 1572 int rc; 1573 1574 DBG(fsg, "bulk-in set wedge\n"); 1575 rc = usb_ep_set_wedge(fsg->bulk_in); 1576 if (rc == -EAGAIN) 1577 VDBG(fsg, "delayed bulk-in endpoint wedge\n"); 1578 while (rc != 0) { 1579 if (rc != -EAGAIN) { 1580 WARNING(fsg, "usb_ep_set_wedge -> %d\n", rc); 1581 rc = 0; 1582 break; 1583 } 1584 1585 /* Wait for a short time and then try again */ 1586 if (msleep_interruptible(100) != 0) 1587 return -EINTR; 1588 rc = usb_ep_set_wedge(fsg->bulk_in); 1589 } 1590 return rc; 1591} 1592 1593static int throw_away_data(struct fsg_common *common) 1594{ 1595 struct fsg_buffhd *bh; 1596 u32 amount; 1597 int rc; 1598 1599 for (bh = common->next_buffhd_to_drain; 1600 bh->state != BUF_STATE_EMPTY || common->usb_amount_left > 0; 1601 bh = common->next_buffhd_to_drain) { 1602 1603 /* Throw away the data in a filled buffer */ 1604 if (bh->state == BUF_STATE_FULL) { 1605 smp_rmb(); 1606 bh->state = BUF_STATE_EMPTY; 1607 common->next_buffhd_to_drain = bh->next; 1608 1609 /* A short packet or an error ends everything */ 1610 if (bh->outreq->actual != bh->outreq->length || 1611 bh->outreq->status != 0) { 1612 raise_exception(common, 1613 FSG_STATE_ABORT_BULK_OUT); 1614 return -EINTR; 1615 } 1616 continue; 1617 } 1618 1619 /* Try to submit another request if we need one */ 1620 bh = common->next_buffhd_to_fill; 1621 if (bh->state == BUF_STATE_EMPTY 1622 && common->usb_amount_left > 0) { 1623 amount = min(common->usb_amount_left, FSG_BUFLEN); 1624 1625 /* 1626 * amount is always divisible by 512, hence by 1627 * the bulk-out maxpacket size. 1628 */ 1629 bh->outreq->length = amount; 1630 bh->bulk_out_intended_length = amount; 1631 bh->outreq->short_not_ok = 1; 1632 if (!start_out_transfer(common, bh)) 1633 /* Dunno what to do if common->fsg is NULL */ 1634 return -EIO; 1635 common->next_buffhd_to_fill = bh->next; 1636 common->usb_amount_left -= amount; 1637 continue; 1638 } 1639 1640 /* Otherwise wait for something to happen */ 1641 rc = sleep_thread(common); 1642 if (rc) 1643 return rc; 1644 } 1645 return 0; 1646} 1647 1648static int finish_reply(struct fsg_common *common) 1649{ 1650 struct fsg_buffhd *bh = common->next_buffhd_to_fill; 1651 int rc = 0; 1652 1653 switch (common->data_dir) { 1654 case DATA_DIR_NONE: 1655 break; /* Nothing to send */ 1656 1657 /* 1658 * If we don't know whether the host wants to read or write, 1659 * this must be CB or CBI with an unknown command. We…
Large files files are truncated, but you can click here to view the full file