2 * f_mass_storage.c -- Mass Storage USB Composite Function
4 * Copyright (C) 2003-2008 Alan Stern
5 * Copyright (C) 2009 Samsung Electronics
6 * Author: Michal Nazarewicz <m.nazarewicz@samsung.com>
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions, and the following disclaimer,
14 * without modification.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. The names of the above-listed copyright holders may not be used
19 * to endorse or promote products derived from this software without
20 * specific prior written permission.
22 * ALTERNATIVELY, this software may be distributed under the terms of the
23 * GNU General Public License ("GPL") as published by the Free Software
24 * Foundation, either version 2 of that License or (at your option) any
27 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
28 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
29 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
30 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
31 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
32 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
33 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
34 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
35 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
36 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
37 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
42 * The Mass Storage Function acts as a USB Mass Storage device,
43 * appearing to the host as a disk drive or as a CD-ROM drive. In
44 * addition to providing an example of a genuinely useful composite
45 * function for a USB device, it also illustrates a technique of
46 * double-buffering for increased throughput.
48 * Function supports multiple logical units (LUNs). Backing storage
49 * for each LUN is provided by a regular file or a block device.
50 * Access for each LUN can be limited to read-only. Moreover, the
51 * function can indicate that LUN is removable and/or CD-ROM. (The
52 * later implies read-only access.)
54 * MSF is configured by specifying a fsg_config structure. It has the
57 * nluns Number of LUNs function have (anywhere from 1
58 * to FSG_MAX_LUNS which is 8).
59 * luns An array of LUN configuration values. This
60 * should be filled for each LUN that
61 * function will include (ie. for "nluns"
62 * LUNs). Each element of the array has
63 * the following fields:
64 * ->filename The path to the backing file for the LUN.
65 * Required if LUN is not marked as
67 * ->ro Flag specifying access to the LUN shall be
68 * read-only. This is implied if CD-ROM
69 * emulation is enabled as well as when
70 * it was impossible to open "filename"
72 * ->removable Flag specifying that LUN shall be indicated as
74 * ->cdrom Flag specifying that LUN shall be reported as
77 * lun_name_format A printf-like format for names of the LUN
78 * devices. This determines how the
79 * directory in sysfs will be named.
80 * Unless you are using several MSFs in
81 * a single gadget (as opposed to single
82 * MSF in many configurations) you may
83 * leave it as NULL (in which case
84 * "lun%d" will be used). In the format
85 * you can use "%d" to index LUNs for
86 * MSF's with more than one LUN. (Beware
87 * that there is only one integer given
88 * as an argument for the format and
89 * specifying invalid format may cause
90 * unspecified behaviour.)
91 * thread_name Name of the kernel thread process used by the
92 * MSF. You can safely set it to NULL
93 * (in which case default "file-storage"
98 * release Information used as a reply to INQUIRY
99 * request. To use default set to NULL,
100 * NULL, 0xffff respectively. The first
101 * field should be 8 and the second 16
102 * characters or less.
104 * can_stall Set to permit function to halt bulk endpoints.
105 * Disabled on some USB devices known not
106 * to work correctly. You should set it
109 * If "removable" is not set for a LUN then a backing file must be
110 * specified. If it is set, then NULL filename means the LUN's medium
111 * is not loaded (an empty string as "filename" in the fsg_config
112 * structure causes error). The CD-ROM emulation includes a single
113 * data track and no audio tracks; hence there need be only one
114 * backing file per LUN. Note also that the CD-ROM block length is
115 * set to 512 rather than the more common value 2048.
118 * MSF includes support for module parameters. If gadget using it
119 * decides to use it, the following module parameters will be
122 * file=filename[,filename...]
123 * Names of the files or block devices used for
125 * ro=b[,b...] Default false, boolean for read-only access.
127 * Default true, boolean for removable media.
128 * cdrom=b[,b...] Default false, boolean for whether to emulate
130 * luns=N Default N = number of filenames, number of
132 * stall Default determined according to the type of
133 * USB device controller (usually true),
134 * boolean to permit the driver to halt
137 * The module parameters may be prefixed with some string. You need
138 * to consult gadget's documentation or source to verify whether it is
139 * using those module parameters and if it does what are the prefixes
140 * (look for FSG_MODULE_PARAMETERS() macro usage, what's inside it is
144 * Requirements are modest; only a bulk-in and a bulk-out endpoint are
145 * needed. The memory requirement amounts to two 16K buffers, size
146 * configurable by a parameter. Support is included for both
147 * full-speed and high-speed operation.
149 * Note that the driver is slightly non-portable in that it assumes a
150 * single memory/DMA buffer will be useable for bulk-in, bulk-out, and
151 * interrupt-in endpoints. With most device controllers this isn't an
152 * issue, but there may be some with hardware restrictions that prevent
153 * a buffer from being used by more than one endpoint.
156 * The pathnames of the backing files and the ro settings are
157 * available in the attribute files "file" and "ro" in the lun<n> (or
158 * to be more precise in a directory which name comes from
159 * "lun_name_format" option!) subdirectory of the gadget's sysfs
160 * directory. If the "removable" option is set, writing to these
161 * files will simulate ejecting/loading the medium (writing an empty
162 * line means eject) and adjusting a write-enable tab. Changes to the
163 * ro setting are not allowed when the medium is loaded or if CD-ROM
164 * emulation is being used.
167 * This function is heavily based on "File-backed Storage Gadget" by
168 * Alan Stern which in turn is heavily based on "Gadget Zero" by David
169 * Brownell. The driver's SCSI command interface was based on the
170 * "Information technology - Small Computer System Interface - 2"
171 * document from X3T9.2 Project 375D, Revision 10L, 7-SEP-93,
172 * available at <http://www.t10.org/ftp/t10/drafts/s2/s2-r10l.pdf>.
173 * The single exception is opcode 0x23 (READ FORMAT CAPACITIES), which
174 * was based on the "Universal Serial Bus Mass Storage Class UFI
175 * Command Specification" document, Revision 1.0, December 14, 1998,
177 * <http://www.usb.org/developers/devclass_docs/usbmass-ufi10.pdf>.
184 * The MSF is fairly straightforward. There is a main kernel
185 * thread that handles most of the work. Interrupt routines field
186 * callbacks from the controller driver: bulk- and interrupt-request
187 * completion notifications, endpoint-0 events, and disconnect events.
188 * Completion events are passed to the main thread by wakeup calls. Many
189 * ep0 requests are handled at interrupt time, but SetInterface,
190 * SetConfiguration, and device reset requests are forwarded to the
191 * thread in the form of "exceptions" using SIGUSR1 signals (since they
192 * should interrupt any ongoing file I/O operations).
194 * The thread's main routine implements the standard command/data/status
195 * parts of a SCSI interaction. It and its subroutines are full of tests
196 * for pending signals/exceptions -- all this polling is necessary since
197 * the kernel has no setjmp/longjmp equivalents. (Maybe this is an
198 * indication that the driver really wants to be running in userspace.)
199 * An important point is that so long as the thread is alive it keeps an
200 * open reference to the backing file. This will prevent unmounting
201 * the backing file's underlying filesystem and could cause problems
202 * during system shutdown, for example. To prevent such problems, the
203 * thread catches INT, TERM, and KILL signals and converts them into
206 * In normal operation the main thread is started during the gadget's
207 * fsg_bind() callback and stopped during fsg_unbind(). But it can
208 * also exit when it receives a signal, and there's no point leaving
209 * the gadget running when the thread is dead. At of this moment, MSF
210 * provides no way to deregister the gadget when thread dies -- maybe
211 * a callback functions is needed.
213 * To provide maximum throughput, the driver uses a circular pipeline of
214 * buffer heads (struct fsg_buffhd). In principle the pipeline can be
215 * arbitrarily long; in practice the benefits don't justify having more
216 * than 2 stages (i.e., double buffering). But it helps to think of the
217 * pipeline as being a long one. Each buffer head contains a bulk-in and
218 * a bulk-out request pointer (since the buffer can be used for both
219 * output and input -- directions always are given from the host's
220 * point of view) as well as a pointer to the buffer and various state
223 * Use of the pipeline follows a simple protocol. There is a variable
224 * (fsg->next_buffhd_to_fill) that points to the next buffer head to use.
225 * At any time that buffer head may still be in use from an earlier
226 * request, so each buffer head has a state variable indicating whether
227 * it is EMPTY, FULL, or BUSY. Typical use involves waiting for the
228 * buffer head to be EMPTY, filling the buffer either by file I/O or by
229 * USB I/O (during which the buffer head is BUSY), and marking the buffer
230 * head FULL when the I/O is complete. Then the buffer will be emptied
231 * (again possibly by USB I/O, during which it is marked BUSY) and
232 * finally marked EMPTY again (possibly by a completion routine).
234 * A module parameter tells the driver to avoid stalling the bulk
235 * endpoints wherever the transport specification allows. This is
236 * necessary for some UDCs like the SuperH, which cannot reliably clear a
237 * halt on a bulk endpoint. However, under certain circumstances the
238 * Bulk-only specification requires a stall. In such cases the driver
239 * will halt the endpoint and set a flag indicating that it should clear
240 * the halt in software during the next device reset. Hopefully this
241 * will permit everything to work correctly. Furthermore, although the
242 * specification allows the bulk-out endpoint to halt when the host sends
243 * too much data, implementing this would cause an unavoidable race.
244 * The driver will always use the "no-stall" approach for OUT transfers.
246 * One subtle point concerns sending status-stage responses for ep0
247 * requests. Some of these requests, such as device reset, can involve
248 * interrupting an ongoing file I/O operation, which might take an
249 * arbitrarily long time. During that delay the host might give up on
250 * the original ep0 request and issue a new one. When that happens the
251 * driver should not notify the host about completion of the original
252 * request, as the host will no longer be waiting for it. So the driver
253 * assigns to each ep0 request a unique tag, and it keeps track of the
254 * tag value of the request associated with a long-running exception
255 * (device-reset, interface-change, or configuration-change). When the
256 * exception handler is finished, the status-stage response is submitted
257 * only if the current ep0 request tag is equal to the exception request
258 * tag. Thus only the most recently received ep0 request will get a
259 * status-stage response.
261 * Warning: This driver source file is too long. It ought to be split up
262 * into a header file plus about 3 separate .c files, to handle the details
263 * of the Gadget, USB Mass Storage, and SCSI protocols.
267 /* #define VERBOSE_DEBUG */
268 /* #define DUMP_MSGS */
271 #include <linux/blkdev.h>
272 #include <linux/completion.h>
273 #include <linux/dcache.h>
274 #include <linux/delay.h>
275 #include <linux/device.h>
276 #include <linux/fcntl.h>
277 #include <linux/file.h>
278 #include <linux/fs.h>
279 #include <linux/kref.h>
280 #include <linux/kthread.h>
281 #include <linux/limits.h>
282 #include <linux/rwsem.h>
283 #include <linux/slab.h>
284 #include <linux/spinlock.h>
285 #include <linux/string.h>
286 #include <linux/freezer.h>
287 #include <linux/utsname.h>
289 #include <linux/usb/ch9.h>
290 #include <linux/usb/gadget.h>
292 #include "gadget_chips.h"
296 /*------------------------------------------------------------------------*/
298 #define FSG_DRIVER_DESC "Mass Storage Function"
299 #define FSG_DRIVER_VERSION "2009/09/11"
301 static const char fsg_string_interface[] = "Mass Storage";
304 #define FSG_NO_INTR_EP 1
305 #define FSG_BUFFHD_STATIC_BUFFER 1
306 #define FSG_NO_DEVICE_STRINGS 1
308 #define FSG_NO_INTR_EP 1
310 #include "storage_common.c"
313 /*-------------------------------------------------------------------------*/
318 /* Data shared by all the FSG instances. */
320 struct usb_gadget *gadget;
322 struct fsg_dev *prev_fsg;
324 /* filesem protects: backing files in use */
325 struct rw_semaphore filesem;
327 /* lock protects: state, all the req_busy's */
330 struct usb_ep *ep0; /* Copy of gadget->ep0 */
331 struct usb_request *ep0req; /* Copy of cdev->req */
332 unsigned int ep0_req_tag;
333 const char *ep0req_name;
335 struct fsg_buffhd *next_buffhd_to_fill;
336 struct fsg_buffhd *next_buffhd_to_drain;
337 struct fsg_buffhd buffhds[FSG_NUM_BUFFERS];
340 u8 cmnd[MAX_COMMAND_SIZE];
344 struct fsg_lun *luns;
345 struct fsg_lun *curlun;
347 unsigned int bulk_out_maxpacket;
348 enum fsg_state state; /* For exception handling */
349 unsigned int exception_req_tag;
351 u8 config, new_config;
352 enum data_direction data_dir;
354 u32 data_size_from_cmnd;
359 unsigned int can_stall:1;
360 unsigned int free_storage_on_release:1;
361 unsigned int phase_error:1;
362 unsigned int short_packet_received:1;
363 unsigned int bad_lun_okay:1;
364 unsigned int running:1;
366 int thread_wakeup_needed;
367 struct completion thread_notifier;
368 struct task_struct *thread_task;
370 /* Vendor (8 chars), product (16 chars), release (4
371 * hexadecimal digits) and NUL byte */
372 char inquiry_string[8 + 16 + 4 + 1];
380 struct fsg_lun_config {
381 const char *filename;
385 } luns[FSG_MAX_LUNS];
387 const char *lun_name_format;
388 const char *thread_name;
390 const char *vendor_name; /* 8 characters or less */
391 const char *product_name; /* 16 characters or less */
399 struct usb_function function;
400 struct usb_gadget *gadget; /* Copy of cdev->gadget */
401 struct fsg_common *common;
403 u16 interface_number;
405 unsigned int bulk_in_enabled:1;
406 unsigned int bulk_out_enabled:1;
408 unsigned long atomic_bitflags;
409 #define IGNORE_BULK_OUT 0
411 struct usb_ep *bulk_in;
412 struct usb_ep *bulk_out;
416 static inline int __fsg_is_set(struct fsg_common *common,
417 const char *func, unsigned line)
421 ERROR(common, "common->fsg is NULL in %s at %u\n", func, line);
425 #define fsg_is_set(common) likely(__fsg_is_set(common, __func__, __LINE__))
428 static inline struct fsg_dev *fsg_from_func(struct usb_function *f)
430 return container_of(f, struct fsg_dev, function);
434 typedef void (*fsg_routine_t)(struct fsg_dev *);
436 static int exception_in_progress(struct fsg_common *common)
438 return common->state > FSG_STATE_IDLE;
441 /* Make bulk-out requests be divisible by the maxpacket size */
442 static void set_bulk_out_req_length(struct fsg_common *common,
443 struct fsg_buffhd *bh, unsigned int length)
447 bh->bulk_out_intended_length = length;
448 rem = length % common->bulk_out_maxpacket;
450 length += common->bulk_out_maxpacket - rem;
451 bh->outreq->length = length;
454 /*-------------------------------------------------------------------------*/
456 static int fsg_set_halt(struct fsg_dev *fsg, struct usb_ep *ep)
460 if (ep == fsg->bulk_in)
462 else if (ep == fsg->bulk_out)
466 DBG(fsg, "%s set halt\n", name);
467 return usb_ep_set_halt(ep);
471 /*-------------------------------------------------------------------------*/
473 /* These routines may be called in process context or in_irq */
475 /* Caller must hold fsg->lock */
476 static void wakeup_thread(struct fsg_common *common)
478 /* Tell the main thread that something has happened */
479 common->thread_wakeup_needed = 1;
480 if (common->thread_task)
481 wake_up_process(common->thread_task);
485 static void raise_exception(struct fsg_common *common, enum fsg_state new_state)
489 /* Do nothing if a higher-priority exception is already in progress.
490 * If a lower-or-equal priority exception is in progress, preempt it
491 * and notify the main thread by sending it a signal. */
492 spin_lock_irqsave(&common->lock, flags);
493 if (common->state <= new_state) {
494 common->exception_req_tag = common->ep0_req_tag;
495 common->state = new_state;
496 if (common->thread_task)
497 send_sig_info(SIGUSR1, SEND_SIG_FORCED,
498 common->thread_task);
500 spin_unlock_irqrestore(&common->lock, flags);
504 /*-------------------------------------------------------------------------*/
506 static int ep0_queue(struct fsg_common *common)
510 rc = usb_ep_queue(common->ep0, common->ep0req, GFP_ATOMIC);
511 common->ep0->driver_data = common;
512 if (rc != 0 && rc != -ESHUTDOWN) {
513 /* We can't do much more than wait for a reset */
514 WARNING(common, "error in submission: %s --> %d\n",
515 common->ep0->name, rc);
520 /*-------------------------------------------------------------------------*/
522 /* Bulk and interrupt endpoint completion handlers.
523 * These always run in_irq. */
525 static void bulk_in_complete(struct usb_ep *ep, struct usb_request *req)
527 struct fsg_common *common = ep->driver_data;
528 struct fsg_buffhd *bh = req->context;
530 if (req->status || req->actual != req->length)
531 DBG(common, "%s --> %d, %u/%u\n", __func__,
532 req->status, req->actual, req->length);
533 if (req->status == -ECONNRESET) /* Request was cancelled */
534 usb_ep_fifo_flush(ep);
536 /* Hold the lock while we update the request and buffer states */
538 spin_lock(&common->lock);
540 bh->state = BUF_STATE_EMPTY;
541 wakeup_thread(common);
542 spin_unlock(&common->lock);
545 static void bulk_out_complete(struct usb_ep *ep, struct usb_request *req)
547 struct fsg_common *common = ep->driver_data;
548 struct fsg_buffhd *bh = req->context;
550 dump_msg(common, "bulk-out", req->buf, req->actual);
551 if (req->status || req->actual != bh->bulk_out_intended_length)
552 DBG(common, "%s --> %d, %u/%u\n", __func__,
553 req->status, req->actual,
554 bh->bulk_out_intended_length);
555 if (req->status == -ECONNRESET) /* Request was cancelled */
556 usb_ep_fifo_flush(ep);
558 /* Hold the lock while we update the request and buffer states */
560 spin_lock(&common->lock);
562 bh->state = BUF_STATE_FULL;
563 wakeup_thread(common);
564 spin_unlock(&common->lock);
568 /*-------------------------------------------------------------------------*/
570 /* Ep0 class-specific handlers. These always run in_irq. */
572 static int fsg_setup(struct usb_function *f,
573 const struct usb_ctrlrequest *ctrl)
575 struct fsg_dev *fsg = fsg_from_func(f);
576 struct usb_request *req = fsg->common->ep0req;
577 u16 w_index = le16_to_cpu(ctrl->wIndex);
578 u16 w_value = le16_to_cpu(ctrl->wValue);
579 u16 w_length = le16_to_cpu(ctrl->wLength);
581 if (!fsg->common->config)
584 switch (ctrl->bRequest) {
586 case USB_BULK_RESET_REQUEST:
587 if (ctrl->bRequestType !=
588 (USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE))
590 if (w_index != fsg->interface_number || w_value != 0)
593 /* Raise an exception to stop the current operation
594 * and reinitialize our state. */
595 DBG(fsg, "bulk reset request\n");
596 raise_exception(fsg->common, FSG_STATE_RESET);
597 return DELAYED_STATUS;
599 case USB_BULK_GET_MAX_LUN_REQUEST:
600 if (ctrl->bRequestType !=
601 (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE))
603 if (w_index != fsg->interface_number || w_value != 0)
605 VDBG(fsg, "get max LUN\n");
606 *(u8 *) req->buf = fsg->common->nluns - 1;
611 "unknown class-specific control req "
612 "%02x.%02x v%04x i%04x l%u\n",
613 ctrl->bRequestType, ctrl->bRequest,
614 le16_to_cpu(ctrl->wValue), w_index, w_length);
619 /*-------------------------------------------------------------------------*/
621 /* All the following routines run in process context */
624 /* Use this for bulk or interrupt transfers, not ep0 */
625 static void start_transfer(struct fsg_dev *fsg, struct usb_ep *ep,
626 struct usb_request *req, int *pbusy,
627 enum fsg_buffer_state *state)
631 if (ep == fsg->bulk_in)
632 dump_msg(fsg, "bulk-in", req->buf, req->length);
634 spin_lock_irq(&fsg->common->lock);
636 *state = BUF_STATE_BUSY;
637 spin_unlock_irq(&fsg->common->lock);
638 rc = usb_ep_queue(ep, req, GFP_KERNEL);
641 *state = BUF_STATE_EMPTY;
643 /* We can't do much more than wait for a reset */
645 /* Note: currently the net2280 driver fails zero-length
646 * submissions if DMA is enabled. */
647 if (rc != -ESHUTDOWN && !(rc == -EOPNOTSUPP &&
649 WARNING(fsg, "error in submission: %s --> %d\n",
654 #define START_TRANSFER_OR(common, ep_name, req, pbusy, state) \
655 if (fsg_is_set(common)) \
656 start_transfer((common)->fsg, (common)->fsg->ep_name, \
657 req, pbusy, state); \
660 #define START_TRANSFER(common, ep_name, req, pbusy, state) \
661 START_TRANSFER_OR(common, ep_name, req, pbusy, state) (void)0
665 static int sleep_thread(struct fsg_common *common)
669 /* Wait until a signal arrives or we are woken up */
672 set_current_state(TASK_INTERRUPTIBLE);
673 if (signal_pending(current)) {
677 if (common->thread_wakeup_needed)
681 __set_current_state(TASK_RUNNING);
682 common->thread_wakeup_needed = 0;
687 /*-------------------------------------------------------------------------*/
689 static int do_read(struct fsg_common *common)
691 struct fsg_lun *curlun = common->curlun;
693 struct fsg_buffhd *bh;
696 loff_t file_offset, file_offset_tmp;
698 unsigned int partial_page;
701 /* Get the starting Logical Block Address and check that it's
703 if (common->cmnd[0] == SC_READ_6)
704 lba = get_unaligned_be24(&common->cmnd[1]);
706 lba = get_unaligned_be32(&common->cmnd[2]);
708 /* We allow DPO (Disable Page Out = don't save data in the
709 * cache) and FUA (Force Unit Access = don't read from the
710 * cache), but we don't implement them. */
711 if ((common->cmnd[1] & ~0x18) != 0) {
712 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
716 if (lba >= curlun->num_sectors) {
717 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
720 file_offset = ((loff_t) lba) << 9;
722 /* Carry out the file reads */
723 amount_left = common->data_size_from_cmnd;
724 if (unlikely(amount_left == 0))
725 return -EIO; /* No default reply */
729 /* Figure out how much we need to read:
730 * Try to read the remaining amount.
731 * But don't read more than the buffer size.
732 * And don't try to read past the end of the file.
733 * Finally, if we're not at a page boundary, don't read past
735 * If this means reading 0 then we were asked to read past
736 * the end of file. */
737 amount = min(amount_left, FSG_BUFLEN);
738 amount = min((loff_t) amount,
739 curlun->file_length - file_offset);
740 partial_page = file_offset & (PAGE_CACHE_SIZE - 1);
741 if (partial_page > 0)
742 amount = min(amount, (unsigned int) PAGE_CACHE_SIZE -
745 /* Wait for the next buffer to become available */
746 bh = common->next_buffhd_to_fill;
747 while (bh->state != BUF_STATE_EMPTY) {
748 rc = sleep_thread(common);
753 /* If we were asked to read past the end of file,
754 * end with an empty buffer. */
757 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
758 curlun->sense_data_info = file_offset >> 9;
759 curlun->info_valid = 1;
760 bh->inreq->length = 0;
761 bh->state = BUF_STATE_FULL;
765 /* Perform the read */
766 file_offset_tmp = file_offset;
767 nread = vfs_read(curlun->filp,
768 (char __user *) bh->buf,
769 amount, &file_offset_tmp);
770 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount,
771 (unsigned long long) file_offset,
773 if (signal_pending(current))
777 LDBG(curlun, "error in file read: %d\n",
780 } else if (nread < amount) {
781 LDBG(curlun, "partial file read: %d/%u\n",
782 (int) nread, amount);
783 nread -= (nread & 511); /* Round down to a block */
785 file_offset += nread;
786 amount_left -= nread;
787 common->residue -= nread;
788 bh->inreq->length = nread;
789 bh->state = BUF_STATE_FULL;
791 /* If an error occurred, report it and its position */
792 if (nread < amount) {
793 curlun->sense_data = SS_UNRECOVERED_READ_ERROR;
794 curlun->sense_data_info = file_offset >> 9;
795 curlun->info_valid = 1;
799 if (amount_left == 0)
800 break; /* No more left to read */
802 /* Send this buffer and go read some more */
804 START_TRANSFER_OR(common, bulk_in, bh->inreq,
805 &bh->inreq_busy, &bh->state)
806 /* Don't know what to do if
807 * common->fsg is NULL */
809 common->next_buffhd_to_fill = bh->next;
812 return -EIO; /* No default reply */
816 /*-------------------------------------------------------------------------*/
818 static int do_write(struct fsg_common *common)
820 struct fsg_lun *curlun = common->curlun;
822 struct fsg_buffhd *bh;
824 u32 amount_left_to_req, amount_left_to_write;
825 loff_t usb_offset, file_offset, file_offset_tmp;
827 unsigned int partial_page;
832 curlun->sense_data = SS_WRITE_PROTECTED;
835 spin_lock(&curlun->filp->f_lock);
836 curlun->filp->f_flags &= ~O_SYNC; /* Default is not to wait */
837 spin_unlock(&curlun->filp->f_lock);
839 /* Get the starting Logical Block Address and check that it's
841 if (common->cmnd[0] == SC_WRITE_6)
842 lba = get_unaligned_be24(&common->cmnd[1]);
844 lba = get_unaligned_be32(&common->cmnd[2]);
846 /* We allow DPO (Disable Page Out = don't save data in the
847 * cache) and FUA (Force Unit Access = write directly to the
848 * medium). We don't implement DPO; we implement FUA by
849 * performing synchronous output. */
850 if (common->cmnd[1] & ~0x18) {
851 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
854 if (common->cmnd[1] & 0x08) { /* FUA */
855 spin_lock(&curlun->filp->f_lock);
856 curlun->filp->f_flags |= O_SYNC;
857 spin_unlock(&curlun->filp->f_lock);
860 if (lba >= curlun->num_sectors) {
861 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
865 /* Carry out the file writes */
867 file_offset = usb_offset = ((loff_t) lba) << 9;
868 amount_left_to_req = common->data_size_from_cmnd;
869 amount_left_to_write = common->data_size_from_cmnd;
871 while (amount_left_to_write > 0) {
873 /* Queue a request for more data from the host */
874 bh = common->next_buffhd_to_fill;
875 if (bh->state == BUF_STATE_EMPTY && get_some_more) {
877 /* Figure out how much we want to get:
878 * Try to get the remaining amount.
879 * But don't get more than the buffer size.
880 * And don't try to go past the end of the file.
881 * If we're not at a page boundary,
882 * don't go past the next page.
883 * If this means getting 0, then we were asked
884 * to write past the end of file.
885 * Finally, round down to a block boundary. */
886 amount = min(amount_left_to_req, FSG_BUFLEN);
887 amount = min((loff_t) amount, curlun->file_length -
889 partial_page = usb_offset & (PAGE_CACHE_SIZE - 1);
890 if (partial_page > 0)
892 (unsigned int) PAGE_CACHE_SIZE - partial_page);
897 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
898 curlun->sense_data_info = usb_offset >> 9;
899 curlun->info_valid = 1;
902 amount -= (amount & 511);
905 /* Why were we were asked to transfer a
911 /* Get the next buffer */
912 usb_offset += amount;
913 common->usb_amount_left -= amount;
914 amount_left_to_req -= amount;
915 if (amount_left_to_req == 0)
918 /* amount is always divisible by 512, hence by
919 * the bulk-out maxpacket size */
920 bh->outreq->length = amount;
921 bh->bulk_out_intended_length = amount;
922 bh->outreq->short_not_ok = 1;
923 START_TRANSFER_OR(common, bulk_out, bh->outreq,
924 &bh->outreq_busy, &bh->state)
925 /* Don't know what to do if
926 * common->fsg is NULL */
928 common->next_buffhd_to_fill = bh->next;
932 /* Write the received data to the backing file */
933 bh = common->next_buffhd_to_drain;
934 if (bh->state == BUF_STATE_EMPTY && !get_some_more)
935 break; /* We stopped early */
936 if (bh->state == BUF_STATE_FULL) {
938 common->next_buffhd_to_drain = bh->next;
939 bh->state = BUF_STATE_EMPTY;
941 /* Did something go wrong with the transfer? */
942 if (bh->outreq->status != 0) {
943 curlun->sense_data = SS_COMMUNICATION_FAILURE;
944 curlun->sense_data_info = file_offset >> 9;
945 curlun->info_valid = 1;
949 amount = bh->outreq->actual;
950 if (curlun->file_length - file_offset < amount) {
952 "write %u @ %llu beyond end %llu\n",
953 amount, (unsigned long long) file_offset,
954 (unsigned long long) curlun->file_length);
955 amount = curlun->file_length - file_offset;
958 /* Perform the write */
959 file_offset_tmp = file_offset;
960 nwritten = vfs_write(curlun->filp,
961 (char __user *) bh->buf,
962 amount, &file_offset_tmp);
963 VLDBG(curlun, "file write %u @ %llu -> %d\n", amount,
964 (unsigned long long) file_offset,
966 if (signal_pending(current))
967 return -EINTR; /* Interrupted! */
970 LDBG(curlun, "error in file write: %d\n",
973 } else if (nwritten < amount) {
974 LDBG(curlun, "partial file write: %d/%u\n",
975 (int) nwritten, amount);
976 nwritten -= (nwritten & 511);
977 /* Round down to a block */
979 file_offset += nwritten;
980 amount_left_to_write -= nwritten;
981 common->residue -= nwritten;
983 /* If an error occurred, report it and its position */
984 if (nwritten < amount) {
985 curlun->sense_data = SS_WRITE_ERROR;
986 curlun->sense_data_info = file_offset >> 9;
987 curlun->info_valid = 1;
991 /* Did the host decide to stop early? */
992 if (bh->outreq->actual != bh->outreq->length) {
993 common->short_packet_received = 1;
999 /* Wait for something to happen */
1000 rc = sleep_thread(common);
1005 return -EIO; /* No default reply */
1009 /*-------------------------------------------------------------------------*/
1011 static int do_synchronize_cache(struct fsg_common *common)
1013 struct fsg_lun *curlun = common->curlun;
1016 /* We ignore the requested LBA and write out all file's
1017 * dirty data buffers. */
1018 rc = fsg_lun_fsync_sub(curlun);
1020 curlun->sense_data = SS_WRITE_ERROR;
1025 /*-------------------------------------------------------------------------*/
1027 static void invalidate_sub(struct fsg_lun *curlun)
1029 struct file *filp = curlun->filp;
1030 struct inode *inode = filp->f_path.dentry->d_inode;
1033 rc = invalidate_mapping_pages(inode->i_mapping, 0, -1);
1034 VLDBG(curlun, "invalidate_inode_pages -> %ld\n", rc);
1037 static int do_verify(struct fsg_common *common)
1039 struct fsg_lun *curlun = common->curlun;
1041 u32 verification_length;
1042 struct fsg_buffhd *bh = common->next_buffhd_to_fill;
1043 loff_t file_offset, file_offset_tmp;
1045 unsigned int amount;
1048 /* Get the starting Logical Block Address and check that it's
1050 lba = get_unaligned_be32(&common->cmnd[2]);
1051 if (lba >= curlun->num_sectors) {
1052 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1056 /* We allow DPO (Disable Page Out = don't save data in the
1057 * cache) but we don't implement it. */
1058 if (common->cmnd[1] & ~0x10) {
1059 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1063 verification_length = get_unaligned_be16(&common->cmnd[7]);
1064 if (unlikely(verification_length == 0))
1065 return -EIO; /* No default reply */
1067 /* Prepare to carry out the file verify */
1068 amount_left = verification_length << 9;
1069 file_offset = ((loff_t) lba) << 9;
1071 /* Write out all the dirty buffers before invalidating them */
1072 fsg_lun_fsync_sub(curlun);
1073 if (signal_pending(current))
1076 invalidate_sub(curlun);
1077 if (signal_pending(current))
1080 /* Just try to read the requested blocks */
1081 while (amount_left > 0) {
1083 /* Figure out how much we need to read:
1084 * Try to read the remaining amount, but not more than
1086 * And don't try to read past the end of the file.
1087 * If this means reading 0 then we were asked to read
1088 * past the end of file. */
1089 amount = min(amount_left, FSG_BUFLEN);
1090 amount = min((loff_t) amount,
1091 curlun->file_length - file_offset);
1093 curlun->sense_data =
1094 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1095 curlun->sense_data_info = file_offset >> 9;
1096 curlun->info_valid = 1;
1100 /* Perform the read */
1101 file_offset_tmp = file_offset;
1102 nread = vfs_read(curlun->filp,
1103 (char __user *) bh->buf,
1104 amount, &file_offset_tmp);
1105 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount,
1106 (unsigned long long) file_offset,
1108 if (signal_pending(current))
1112 LDBG(curlun, "error in file verify: %d\n",
1115 } else if (nread < amount) {
1116 LDBG(curlun, "partial file verify: %d/%u\n",
1117 (int) nread, amount);
1118 nread -= (nread & 511); /* Round down to a sector */
1121 curlun->sense_data = SS_UNRECOVERED_READ_ERROR;
1122 curlun->sense_data_info = file_offset >> 9;
1123 curlun->info_valid = 1;
1126 file_offset += nread;
1127 amount_left -= nread;
1133 /*-------------------------------------------------------------------------*/
1135 static int do_inquiry(struct fsg_common *common, struct fsg_buffhd *bh)
1137 struct fsg_lun *curlun = common->curlun;
1138 u8 *buf = (u8 *) bh->buf;
1140 if (!curlun) { /* Unsupported LUNs are okay */
1141 common->bad_lun_okay = 1;
1143 buf[0] = 0x7f; /* Unsupported, no device-type */
1144 buf[4] = 31; /* Additional length */
1148 buf[0] = curlun->cdrom ? TYPE_CDROM : TYPE_DISK;
1149 buf[1] = curlun->removable ? 0x80 : 0;
1150 buf[2] = 2; /* ANSI SCSI level 2 */
1151 buf[3] = 2; /* SCSI-2 INQUIRY data format */
1152 buf[4] = 31; /* Additional length */
1153 buf[5] = 0; /* No special options */
1156 memcpy(buf + 8, common->inquiry_string, sizeof common->inquiry_string);
1161 static int do_request_sense(struct fsg_common *common, struct fsg_buffhd *bh)
1163 struct fsg_lun *curlun = common->curlun;
1164 u8 *buf = (u8 *) bh->buf;
1169 * From the SCSI-2 spec., section 7.9 (Unit attention condition):
1171 * If a REQUEST SENSE command is received from an initiator
1172 * with a pending unit attention condition (before the target
1173 * generates the contingent allegiance condition), then the
1174 * target shall either:
1175 * a) report any pending sense data and preserve the unit
1176 * attention condition on the logical unit, or,
1177 * b) report the unit attention condition, may discard any
1178 * pending sense data, and clear the unit attention
1179 * condition on the logical unit for that initiator.
1181 * FSG normally uses option a); enable this code to use option b).
1184 if (curlun && curlun->unit_attention_data != SS_NO_SENSE) {
1185 curlun->sense_data = curlun->unit_attention_data;
1186 curlun->unit_attention_data = SS_NO_SENSE;
1190 if (!curlun) { /* Unsupported LUNs are okay */
1191 common->bad_lun_okay = 1;
1192 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
1196 sd = curlun->sense_data;
1197 sdinfo = curlun->sense_data_info;
1198 valid = curlun->info_valid << 7;
1199 curlun->sense_data = SS_NO_SENSE;
1200 curlun->sense_data_info = 0;
1201 curlun->info_valid = 0;
1205 buf[0] = valid | 0x70; /* Valid, current error */
1207 put_unaligned_be32(sdinfo, &buf[3]); /* Sense information */
1208 buf[7] = 18 - 8; /* Additional sense length */
1215 static int do_read_capacity(struct fsg_common *common, struct fsg_buffhd *bh)
1217 struct fsg_lun *curlun = common->curlun;
1218 u32 lba = get_unaligned_be32(&common->cmnd[2]);
1219 int pmi = common->cmnd[8];
1220 u8 *buf = (u8 *) bh->buf;
1222 /* Check the PMI and LBA fields */
1223 if (pmi > 1 || (pmi == 0 && lba != 0)) {
1224 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1228 put_unaligned_be32(curlun->num_sectors - 1, &buf[0]);
1229 /* Max logical block */
1230 put_unaligned_be32(512, &buf[4]); /* Block length */
1235 static int do_read_header(struct fsg_common *common, struct fsg_buffhd *bh)
1237 struct fsg_lun *curlun = common->curlun;
1238 int msf = common->cmnd[1] & 0x02;
1239 u32 lba = get_unaligned_be32(&common->cmnd[2]);
1240 u8 *buf = (u8 *) bh->buf;
1242 if (common->cmnd[1] & ~0x02) { /* Mask away MSF */
1243 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1246 if (lba >= curlun->num_sectors) {
1247 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1252 buf[0] = 0x01; /* 2048 bytes of user data, rest is EC */
1253 store_cdrom_address(&buf[4], msf, lba);
1258 static int do_read_toc(struct fsg_common *common, struct fsg_buffhd *bh)
1260 struct fsg_lun *curlun = common->curlun;
1261 int msf = common->cmnd[1] & 0x02;
1262 int start_track = common->cmnd[6];
1263 u8 *buf = (u8 *) bh->buf;
1265 if ((common->cmnd[1] & ~0x02) != 0 || /* Mask away MSF */
1267 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1272 buf[1] = (20-2); /* TOC data length */
1273 buf[2] = 1; /* First track number */
1274 buf[3] = 1; /* Last track number */
1275 buf[5] = 0x16; /* Data track, copying allowed */
1276 buf[6] = 0x01; /* Only track is number 1 */
1277 store_cdrom_address(&buf[8], msf, 0);
1279 buf[13] = 0x16; /* Lead-out track is data */
1280 buf[14] = 0xAA; /* Lead-out track number */
1281 store_cdrom_address(&buf[16], msf, curlun->num_sectors);
1286 static int do_mode_sense(struct fsg_common *common, struct fsg_buffhd *bh)
1288 struct fsg_lun *curlun = common->curlun;
1289 int mscmnd = common->cmnd[0];
1290 u8 *buf = (u8 *) bh->buf;
1293 int changeable_values, all_pages;
1297 if ((common->cmnd[1] & ~0x08) != 0) { /* Mask away DBD */
1298 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1301 pc = common->cmnd[2] >> 6;
1302 page_code = common->cmnd[2] & 0x3f;
1304 curlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED;
1307 changeable_values = (pc == 1);
1308 all_pages = (page_code == 0x3f);
1310 /* Write the mode parameter header. Fixed values are: default
1311 * medium type, no cache control (DPOFUA), and no block descriptors.
1312 * The only variable value is the WriteProtect bit. We will fill in
1313 * the mode data length later. */
1315 if (mscmnd == SC_MODE_SENSE_6) {
1316 buf[2] = (curlun->ro ? 0x80 : 0x00); /* WP, DPOFUA */
1319 } else { /* SC_MODE_SENSE_10 */
1320 buf[3] = (curlun->ro ? 0x80 : 0x00); /* WP, DPOFUA */
1322 limit = 65535; /* Should really be FSG_BUFLEN */
1325 /* No block descriptors */
1327 /* The mode pages, in numerical order. The only page we support
1328 * is the Caching page. */
1329 if (page_code == 0x08 || all_pages) {
1331 buf[0] = 0x08; /* Page code */
1332 buf[1] = 10; /* Page length */
1333 memset(buf+2, 0, 10); /* None of the fields are changeable */
1335 if (!changeable_values) {
1336 buf[2] = 0x04; /* Write cache enable, */
1337 /* Read cache not disabled */
1338 /* No cache retention priorities */
1339 put_unaligned_be16(0xffff, &buf[4]);
1340 /* Don't disable prefetch */
1341 /* Minimum prefetch = 0 */
1342 put_unaligned_be16(0xffff, &buf[8]);
1343 /* Maximum prefetch */
1344 put_unaligned_be16(0xffff, &buf[10]);
1345 /* Maximum prefetch ceiling */
1350 /* Check that a valid page was requested and the mode data length
1351 * isn't too long. */
1353 if (!valid_page || len > limit) {
1354 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1358 /* Store the mode data length */
1359 if (mscmnd == SC_MODE_SENSE_6)
1362 put_unaligned_be16(len - 2, buf0);
1367 static int do_start_stop(struct fsg_common *common)
1369 if (!common->curlun) {
1371 } else if (!common->curlun->removable) {
1372 common->curlun->sense_data = SS_INVALID_COMMAND;
1379 static int do_prevent_allow(struct fsg_common *common)
1381 struct fsg_lun *curlun = common->curlun;
1384 if (!common->curlun) {
1386 } else if (!common->curlun->removable) {
1387 common->curlun->sense_data = SS_INVALID_COMMAND;
1391 prevent = common->cmnd[4] & 0x01;
1392 if ((common->cmnd[4] & ~0x01) != 0) { /* Mask away Prevent */
1393 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1397 if (curlun->prevent_medium_removal && !prevent)
1398 fsg_lun_fsync_sub(curlun);
1399 curlun->prevent_medium_removal = prevent;
1404 static int do_read_format_capacities(struct fsg_common *common,
1405 struct fsg_buffhd *bh)
1407 struct fsg_lun *curlun = common->curlun;
1408 u8 *buf = (u8 *) bh->buf;
1410 buf[0] = buf[1] = buf[2] = 0;
1411 buf[3] = 8; /* Only the Current/Maximum Capacity Descriptor */
1414 put_unaligned_be32(curlun->num_sectors, &buf[0]);
1415 /* Number of blocks */
1416 put_unaligned_be32(512, &buf[4]); /* Block length */
1417 buf[4] = 0x02; /* Current capacity */
1422 static int do_mode_select(struct fsg_common *common, struct fsg_buffhd *bh)
1424 struct fsg_lun *curlun = common->curlun;
1426 /* We don't support MODE SELECT */
1428 curlun->sense_data = SS_INVALID_COMMAND;
1433 /*-------------------------------------------------------------------------*/
1435 static int halt_bulk_in_endpoint(struct fsg_dev *fsg)
1439 rc = fsg_set_halt(fsg, fsg->bulk_in);
1441 VDBG(fsg, "delayed bulk-in endpoint halt\n");
1443 if (rc != -EAGAIN) {
1444 WARNING(fsg, "usb_ep_set_halt -> %d\n", rc);
1449 /* Wait for a short time and then try again */
1450 if (msleep_interruptible(100) != 0)
1452 rc = usb_ep_set_halt(fsg->bulk_in);
1457 static int wedge_bulk_in_endpoint(struct fsg_dev *fsg)
1461 DBG(fsg, "bulk-in set wedge\n");
1462 rc = usb_ep_set_wedge(fsg->bulk_in);
1464 VDBG(fsg, "delayed bulk-in endpoint wedge\n");
1466 if (rc != -EAGAIN) {
1467 WARNING(fsg, "usb_ep_set_wedge -> %d\n", rc);
1472 /* Wait for a short time and then try again */
1473 if (msleep_interruptible(100) != 0)
1475 rc = usb_ep_set_wedge(fsg->bulk_in);
1480 static int pad_with_zeros(struct fsg_dev *fsg)
1482 struct fsg_buffhd *bh = fsg->common->next_buffhd_to_fill;
1483 u32 nkeep = bh->inreq->length;
1487 bh->state = BUF_STATE_EMPTY; /* For the first iteration */
1488 fsg->common->usb_amount_left = nkeep + fsg->common->residue;
1489 while (fsg->common->usb_amount_left > 0) {
1491 /* Wait for the next buffer to be free */
1492 while (bh->state != BUF_STATE_EMPTY) {
1493 rc = sleep_thread(fsg->common);
1498 nsend = min(fsg->common->usb_amount_left, FSG_BUFLEN);
1499 memset(bh->buf + nkeep, 0, nsend - nkeep);
1500 bh->inreq->length = nsend;
1501 bh->inreq->zero = 0;
1502 start_transfer(fsg, fsg->bulk_in, bh->inreq,
1503 &bh->inreq_busy, &bh->state);
1504 bh = fsg->common->next_buffhd_to_fill = bh->next;
1505 fsg->common->usb_amount_left -= nsend;
1511 static int throw_away_data(struct fsg_common *common)
1513 struct fsg_buffhd *bh;
1517 for (bh = common->next_buffhd_to_drain;
1518 bh->state != BUF_STATE_EMPTY || common->usb_amount_left > 0;
1519 bh = common->next_buffhd_to_drain) {
1521 /* Throw away the data in a filled buffer */
1522 if (bh->state == BUF_STATE_FULL) {
1524 bh->state = BUF_STATE_EMPTY;
1525 common->next_buffhd_to_drain = bh->next;
1527 /* A short packet or an error ends everything */
1528 if (bh->outreq->actual != bh->outreq->length ||
1529 bh->outreq->status != 0) {
1530 raise_exception(common,
1531 FSG_STATE_ABORT_BULK_OUT);
1537 /* Try to submit another request if we need one */
1538 bh = common->next_buffhd_to_fill;
1539 if (bh->state == BUF_STATE_EMPTY
1540 && common->usb_amount_left > 0) {
1541 amount = min(common->usb_amount_left, FSG_BUFLEN);
1543 /* amount is always divisible by 512, hence by
1544 * the bulk-out maxpacket size */
1545 bh->outreq->length = amount;
1546 bh->bulk_out_intended_length = amount;
1547 bh->outreq->short_not_ok = 1;
1548 START_TRANSFER_OR(common, bulk_out, bh->outreq,
1549 &bh->outreq_busy, &bh->state)
1550 /* Don't know what to do if
1551 * common->fsg is NULL */
1553 common->next_buffhd_to_fill = bh->next;
1554 common->usb_amount_left -= amount;
1558 /* Otherwise wait for something to happen */
1559 rc = sleep_thread(common);
1567 static int finish_reply(struct fsg_common *common)
1569 struct fsg_buffhd *bh = common->next_buffhd_to_fill;
1572 switch (common->data_dir) {
1574 break; /* Nothing to send */
1576 /* If we don't know whether the host wants to read or write,
1577 * this must be CB or CBI with an unknown command. We mustn't
1578 * try to send or receive any data. So stall both bulk pipes
1579 * if we can and wait for a reset. */
1580 case DATA_DIR_UNKNOWN:
1581 if (!common->can_stall) {
1583 } else if (fsg_is_set(common)) {
1584 fsg_set_halt(common->fsg, common->fsg->bulk_out);
1585 rc = halt_bulk_in_endpoint(common->fsg);
1587 /* Don't know what to do if common->fsg is NULL */
1592 /* All but the last buffer of data must have already been sent */
1593 case DATA_DIR_TO_HOST:
1594 if (common->data_size == 0) {
1595 /* Nothing to send */
1597 /* If there's no residue, simply send the last buffer */
1598 } else if (common->residue == 0) {
1599 bh->inreq->zero = 0;
1600 START_TRANSFER_OR(common, bulk_in, bh->inreq,
1601 &bh->inreq_busy, &bh->state)
1603 common->next_buffhd_to_fill = bh->next;
1605 /* For Bulk-only, if we're allowed to stall then send the
1606 * short packet and halt the bulk-in endpoint. If we can't
1607 * stall, pad out the remaining data with 0's. */
1608 } else if (common->can_stall) {
1609 bh->inreq->zero = 1;
1610 START_TRANSFER_OR(common, bulk_in, bh->inreq,
1611 &bh->inreq_busy, &bh->state)
1612 /* Don't know what to do if
1613 * common->fsg is NULL */
1615 common->next_buffhd_to_fill = bh->next;
1617 rc = halt_bulk_in_endpoint(common->fsg);
1618 } else if (fsg_is_set(common)) {
1619 rc = pad_with_zeros(common->fsg);
1621 /* Don't know what to do if common->fsg is NULL */
1626 /* We have processed all we want from the data the host has sent.
1627 * There may still be outstanding bulk-out requests. */
1628 case DATA_DIR_FROM_HOST:
1629 if (common->residue == 0) {
1630 /* Nothing to receive */
1632 /* Did the host stop sending unexpectedly early? */
1633 } else if (common->short_packet_received) {
1634 raise_exception(common, FSG_STATE_ABORT_BULK_OUT);
1637 /* We haven't processed all the incoming data. Even though
1638 * we may be allowed to stall, doing so would cause a race.
1639 * The controller may already have ACK'ed all the remaining
1640 * bulk-out packets, in which case the host wouldn't see a
1641 * STALL. Not realizing the endpoint was halted, it wouldn't
1642 * clear the halt -- leading to problems later on. */
1644 } else if (common->can_stall) {
1645 if (fsg_is_set(common))
1646 fsg_set_halt(common->fsg,
1647 common->fsg->bulk_out);
1648 raise_exception(common, FSG_STATE_ABORT_BULK_OUT);
1652 /* We can't stall. Read in the excess data and throw it
1655 rc = throw_away_data(common);
1663 static int send_status(struct fsg_common *common)
1665 struct fsg_lun *curlun = common->curlun;
1666 struct fsg_buffhd *bh;
1667 struct bulk_cs_wrap *csw;
1669 u8 status = USB_STATUS_PASS;
1672 /* Wait for the next buffer to become available */
1673 bh = common->next_buffhd_to_fill;
1674 while (bh->state != BUF_STATE_EMPTY) {
1675 rc = sleep_thread(common);
1681 sd = curlun->sense_data;
1682 sdinfo = curlun->sense_data_info;
1683 } else if (common->bad_lun_okay)
1686 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
1688 if (common->phase_error) {
1689 DBG(common, "sending phase-error status\n");
1690 status = USB_STATUS_PHASE_ERROR;
1691 sd = SS_INVALID_COMMAND;
1692 } else if (sd != SS_NO_SENSE) {
1693 DBG(common, "sending command-failure status\n");
1694 status = USB_STATUS_FAIL;
1695 VDBG(common, " sense data: SK x%02x, ASC x%02x, ASCQ x%02x;"
1697 SK(sd), ASC(sd), ASCQ(sd), sdinfo);
1700 /* Store and send the Bulk-only CSW */
1701 csw = (void *)bh->buf;
1703 csw->Signature = cpu_to_le32(USB_BULK_CS_SIG);
1704 csw->Tag = common->tag;
1705 csw->Residue = cpu_to_le32(common->residue);
1706 csw->Status = status;
1708 bh->inreq->length = USB_BULK_CS_WRAP_LEN;
1709 bh->inreq->zero = 0;
1710 START_TRANSFER_OR(common, bulk_in, bh->inreq,
1711 &bh->inreq_busy, &bh->state)
1712 /* Don't know what to do if common->fsg is NULL */
1715 common->next_buffhd_to_fill = bh->next;
1720 /*-------------------------------------------------------------------------*/
1722 /* Check whether the command is properly formed and whether its data size
1723 * and direction agree with the values we already have. */
1724 static int check_command(struct fsg_common *common, int cmnd_size,
1725 enum data_direction data_dir, unsigned int mask,
1726 int needs_medium, const char *name)
1729 int lun = common->cmnd[1] >> 5;
1730 static const char dirletter[4] = {'u', 'o', 'i', 'n'};
1732 struct fsg_lun *curlun;
1735 if (common->data_dir != DATA_DIR_UNKNOWN)
1736 sprintf(hdlen, ", H%c=%u", dirletter[(int) common->data_dir],
1738 VDBG(common, "SCSI command: %s; Dc=%d, D%c=%u; Hc=%d%s\n",
1739 name, cmnd_size, dirletter[(int) data_dir],
1740 common->data_size_from_cmnd, common->cmnd_size, hdlen);
1742 /* We can't reply at all until we know the correct data direction
1744 if (common->data_size_from_cmnd == 0)
1745 data_dir = DATA_DIR_NONE;
1746 if (common->data_size < common->data_size_from_cmnd) {
1747 /* Host data size < Device data size is a phase error.
1748 * Carry out the command, but only transfer as much as
1749 * we are allowed. */
1750 common->data_size_from_cmnd = common->data_size;
1751 common->phase_error = 1;
1753 common->residue = common->data_size;
1754 common->usb_amount_left = common->data_size;
1756 /* Conflicting data directions is a phase error */
1757 if (common->data_dir != data_dir
1758 && common->data_size_from_cmnd > 0) {
1759 common->phase_error = 1;
1763 /* Verify the length of the command itself */
1764 if (cmnd_size != common->cmnd_size) {
1766 /* Special case workaround: There are plenty of buggy SCSI
1767 * implementations. Many have issues with cbw->Length
1768 * field passing a wrong command size. For those cases we
1769 * always try to work around the problem by using the length
1770 * sent by the host side provided it is at least as large
1771 * as the correct command length.
1772 * Examples of such cases would be MS-Windows, which issues
1773 * REQUEST SENSE with cbw->Length == 12 where it should
1774 * be 6, and xbox360 issuing INQUIRY, TEST UNIT READY and
1775 * REQUEST SENSE with cbw->Length == 10 where it should
1778 if (cmnd_size <= common->cmnd_size) {
1779 DBG(common, "%s is buggy! Expected length %d "
1780 "but we got %d\n", name,
1781 cmnd_size, common->cmnd_size);
1782 cmnd_size = common->cmnd_size;
1784 common->phase_error = 1;
1789 /* Check that the LUN values are consistent */
1790 if (common->lun != lun)
1791 DBG(common, "using LUN %d from CBW, not LUN %d from CDB\n",
1795 if (common->lun >= 0 && common->lun < common->nluns) {
1796 curlun = &common->luns[common->lun];
1797 common->curlun = curlun;
1798 if (common->cmnd[0] != SC_REQUEST_SENSE) {
1799 curlun->sense_data = SS_NO_SENSE;
1800 curlun->sense_data_info = 0;
1801 curlun->info_valid = 0;
1804 common->curlun = NULL;
1806 common->bad_lun_okay = 0;
1808 /* INQUIRY and REQUEST SENSE commands are explicitly allowed
1809 * to use unsupported LUNs; all others may not. */
1810 if (common->cmnd[0] != SC_INQUIRY &&
1811 common->cmnd[0] != SC_REQUEST_SENSE) {
1812 DBG(common, "unsupported LUN %d\n", common->lun);
1817 /* If a unit attention condition exists, only INQUIRY and
1818 * REQUEST SENSE commands are allowed; anything else must fail. */
1819 if (curlun && curlun->unit_attention_data != SS_NO_SENSE &&
1820 common->cmnd[0] != SC_INQUIRY &&
1821 common->cmnd[0] != SC_REQUEST_SENSE) {
1822 curlun->sense_data = curlun->unit_attention_data;
1823 curlun->unit_attention_data = SS_NO_SENSE;
1827 /* Check that only command bytes listed in the mask are non-zero */
1828 common->cmnd[1] &= 0x1f; /* Mask away the LUN */
1829 for (i = 1; i < cmnd_size; ++i) {
1830 if (common->cmnd[i] && !(mask & (1 << i))) {
1832 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1837 /* If the medium isn't mounted and the command needs to access
1838 * it, return an error. */
1839 if (curlun && !fsg_lun_is_open(curlun) && needs_medium) {
1840 curlun->sense_data = SS_MEDIUM_NOT_PRESENT;
1848 static int do_scsi_command(struct fsg_common *common)
1850 struct fsg_buffhd *bh;
1852 int reply = -EINVAL;
1854 static char unknown[16];
1858 /* Wait for the next buffer to become available for data or status */
1859 bh = common->next_buffhd_to_fill;
1860 common->next_buffhd_to_drain = bh;
1861 while (bh->state != BUF_STATE_EMPTY) {
1862 rc = sleep_thread(common);
1866 common->phase_error = 0;
1867 common->short_packet_received = 0;
1869 down_read(&common->filesem); /* We're using the backing file */
1870 switch (common->cmnd[0]) {
1873 common->data_size_from_cmnd = common->cmnd[4];
1874 reply = check_command(common, 6, DATA_DIR_TO_HOST,
1878 reply = do_inquiry(common, bh);
1881 case SC_MODE_SELECT_6:
1882 common->data_size_from_cmnd = common->cmnd[4];
1883 reply = check_command(common, 6, DATA_DIR_FROM_HOST,
1887 reply = do_mode_select(common, bh);
1890 case SC_MODE_SELECT_10:
1891 common->data_size_from_cmnd =
1892 get_unaligned_be16(&common->cmnd[7]);
1893 reply = check_command(common, 10, DATA_DIR_FROM_HOST,
1897 reply = do_mode_select(common, bh);
1900 case SC_MODE_SENSE_6:
1901 common->data_size_from_cmnd = common->cmnd[4];
1902 reply = check_command(common, 6, DATA_DIR_TO_HOST,
1903 (1<<1) | (1<<2) | (1<<4), 0,
1906 reply = do_mode_sense(common, bh);
1909 case SC_MODE_SENSE_10:
1910 common->data_size_from_cmnd =
1911 get_unaligned_be16(&common->cmnd[7]);
1912 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1913 (1<<1) | (1<<2) | (3<<7), 0,
1916 reply = do_mode_sense(common, bh);
1919 case SC_PREVENT_ALLOW_MEDIUM_REMOVAL:
1920 common->data_size_from_cmnd = 0;
1921 reply = check_command(common, 6, DATA_DIR_NONE,
1923 "PREVENT-ALLOW MEDIUM REMOVAL");
1925 reply = do_prevent_allow(common);
1929 i = common->cmnd[4];
1930 common->data_size_from_cmnd = (i == 0 ? 256 : i) << 9;
1931 reply = check_command(common, 6, DATA_DIR_TO_HOST,
1935 reply = do_read(common);
1939 common->data_size_from_cmnd =
1940 get_unaligned_be16(&common->cmnd[7]) << 9;
1941 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1942 (1<<1) | (0xf<<2) | (3<<7), 1,
1945 reply = do_read(common);
1949 common->data_size_from_cmnd =
1950 get_unaligned_be32(&common->cmnd[6]) << 9;
1951 reply = check_command(common, 12, DATA_DIR_TO_HOST,
1952 (1<<1) | (0xf<<2) | (0xf<<6), 1,
1955 reply = do_read(common);
1958 case SC_READ_CAPACITY:
1959 common->data_size_from_cmnd = 8;
1960 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1961 (0xf<<2) | (1<<8), 1,
1964 reply = do_read_capacity(common, bh);
1967 case SC_READ_HEADER:
1968 if (!common->curlun || !common->curlun->cdrom)
1970 common->data_size_from_cmnd =
1971 get_unaligned_be16(&common->cmnd[7]);
1972 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1973 (3<<7) | (0x1f<<1), 1,
1976 reply = do_read_header(common, bh);
1980 if (!common->curlun || !common->curlun->cdrom)
1982 common->data_size_from_cmnd =
1983 get_unaligned_be16(&common->cmnd[7]);
1984 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1988 reply = do_read_toc(common, bh);
1991 case SC_READ_FORMAT_CAPACITIES:
1992 common->data_size_from_cmnd =
1993 get_unaligned_be16(&common->cmnd[7]);
1994 reply = check_command(common, 10, DATA_DIR_TO_HOST,
1996 "READ FORMAT CAPACITIES");
1998 reply = do_read_format_capacities(common, bh);
2001 case SC_REQUEST_SENSE:
2002 common->data_size_from_cmnd = common->cmnd[4];
2003 reply = check_command(common, 6, DATA_DIR_TO_HOST,
2007 reply = do_request_sense(common, bh);
2010 case SC_START_STOP_UNIT:
2011 common->data_size_from_cmnd = 0;
2012 reply = check_command(common, 6, DATA_DIR_NONE,
2016 reply = do_start_stop(common);
2019 case SC_SYNCHRONIZE_CACHE:
2020 common->data_size_from_cmnd = 0;
2021 reply = check_command(common, 10, DATA_DIR_NONE,
2022 (0xf<<2) | (3<<7), 1,
2023 "SYNCHRONIZE CACHE");
2025 reply = do_synchronize_cache(common);
2028 case SC_TEST_UNIT_READY:
2029 common->data_size_from_cmnd = 0;
2030 reply = check_command(common, 6, DATA_DIR_NONE,
2035 /* Although optional, this command is used by MS-Windows. We
2036 * support a minimal version: BytChk must be 0. */
2038 common->data_size_from_cmnd = 0;
2039 reply = check_command(common, 10, DATA_DIR_NONE,
2040 (1<<1) | (0xf<<2) | (3<<7), 1,
2043 reply = do_verify(common);
2047 i = common->cmnd[4];
2048 common->data_size_from_cmnd = (i == 0 ? 256 : i) << 9;
2049 reply = check_command(common, 6, DATA_DIR_FROM_HOST,
2053 reply = do_write(common);
2057 common->data_size_from_cmnd =
2058 get_unaligned_be16(&common->cmnd[7]) << 9;
2059 reply = check_command(common, 10, DATA_DIR_FROM_HOST,
2060 (1<<1) | (0xf<<2) | (3<<7), 1,
2063 reply = do_write(common);
2067 common->data_size_from_cmnd =
2068 get_unaligned_be32(&common->cmnd[6]) << 9;
2069 reply = check_command(common, 12, DATA_DIR_FROM_HOST,
2070 (1<<1) | (0xf<<2) | (0xf<<6), 1,
2073 reply = do_write(common);
2076 /* Some mandatory commands that we recognize but don't implement.
2077 * They don't mean much in this setting. It's left as an exercise
2078 * for anyone interested to implement RESERVE and RELEASE in terms
2079 * of Posix locks. */
2080 case SC_FORMAT_UNIT:
2083 case SC_SEND_DIAGNOSTIC:
2088 common->data_size_from_cmnd = 0;
2089 sprintf(unknown, "Unknown x%02x", common->cmnd[0]);
2090 reply = check_command(common, common->cmnd_size,
2091 DATA_DIR_UNKNOWN, 0xff, 0, unknown);
2093 common->curlun->sense_data = SS_INVALID_COMMAND;
2098 up_read(&common->filesem);
2100 if (reply == -EINTR || signal_pending(current))
2103 /* Set up the single reply buffer for finish_reply() */
2104 if (reply == -EINVAL)
2105 reply = 0; /* Error reply length */
2106 if (reply >= 0 && common->data_dir == DATA_DIR_TO_HOST) {
2107 reply = min((u32) reply, common->data_size_from_cmnd);
2108 bh->inreq->length = reply;
2109 bh->state = BUF_STATE_FULL;
2110 common->residue -= reply;
2111 } /* Otherwise it's already set */
2117 /*-------------------------------------------------------------------------*/
2119 static int received_cbw(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2121 struct usb_request *req = bh->outreq;
2122 struct fsg_bulk_cb_wrap *cbw = req->buf;
2123 struct fsg_common *common = fsg->common;
2125 /* Was this a real packet? Should it be ignored? */
2126 if (req->status || test_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags))
2129 /* Is the CBW valid? */
2130 if (req->actual != USB_BULK_CB_WRAP_LEN ||
2131 cbw->Signature != cpu_to_le32(
2133 DBG(fsg, "invalid CBW: len %u sig 0x%x\n",
2135 le32_to_cpu(cbw->Signature));
2137 /* The Bulk-only spec says we MUST stall the IN endpoint
2138 * (6.6.1), so it's unavoidable. It also says we must
2139 * retain this state until the next reset, but there's
2140 * no way to tell the controller driver it should ignore
2141 * Clear-Feature(HALT) requests.
2143 * We aren't required to halt the OUT endpoint; instead
2144 * we can simply accept and discard any data received
2145 * until the next reset. */
2146 wedge_bulk_in_endpoint(fsg);
2147 set_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags);
2151 /* Is the CBW meaningful? */
2152 if (cbw->Lun >= FSG_MAX_LUNS || cbw->Flags & ~USB_BULK_IN_FLAG ||
2153 cbw->Length <= 0 || cbw->Length > MAX_COMMAND_SIZE) {
2154 DBG(fsg, "non-meaningful CBW: lun = %u, flags = 0x%x, "
2156 cbw->Lun, cbw->Flags, cbw->Length);
2158 /* We can do anything we want here, so let's stall the
2159 * bulk pipes if we are allowed to. */
2160 if (common->can_stall) {
2161 fsg_set_halt(fsg, fsg->bulk_out);
2162 halt_bulk_in_endpoint(fsg);
2167 /* Save the command for later */
2168 common->cmnd_size = cbw->Length;
2169 memcpy(common->cmnd, cbw->CDB, common->cmnd_size);
2170 if (cbw->Flags & USB_BULK_IN_FLAG)
2171 common->data_dir = DATA_DIR_TO_HOST;
2173 common->data_dir = DATA_DIR_FROM_HOST;
2174 common->data_size = le32_to_cpu(cbw->DataTransferLength);
2175 if (common->data_size == 0)
2176 common->data_dir = DATA_DIR_NONE;
2177 common->lun = cbw->Lun;
2178 common->tag = cbw->Tag;
2183 static int get_next_command(struct fsg_common *common)
2185 struct fsg_buffhd *bh;
2188 /* Wait for the next buffer to become available */
2189 bh = common->next_buffhd_to_fill;
2190 while (bh->state != BUF_STATE_EMPTY) {
2191 rc = sleep_thread(common);
2196 /* Queue a request to read a Bulk-only CBW */
2197 set_bulk_out_req_length(common, bh, USB_BULK_CB_WRAP_LEN);
2198 bh->outreq->short_not_ok = 1;
2199 START_TRANSFER_OR(common, bulk_out, bh->outreq,
2200 &bh->outreq_busy, &bh->state)
2201 /* Don't know what to do if common->fsg is NULL */
2204 /* We will drain the buffer in software, which means we
2205 * can reuse it for the next filling. No need to advance
2206 * next_buffhd_to_fill. */
2208 /* Wait for the CBW to arrive */
2209 while (bh->state != BUF_STATE_FULL) {
2210 rc = sleep_thread(common);
2215 rc = fsg_is_set(common) ? received_cbw(common->fsg, bh) : -EIO;
2216 bh->state = BUF_STATE_EMPTY;
2222 /*-------------------------------------------------------------------------*/
2224 static int enable_endpoint(struct fsg_common *common, struct usb_ep *ep,
2225 const struct usb_endpoint_descriptor *d)
2229 ep->driver_data = common;
2230 rc = usb_ep_enable(ep, d);
2232 ERROR(common, "can't enable %s, result %d\n", ep->name, rc);
2236 static int alloc_request(struct fsg_common *common, struct usb_ep *ep,
2237 struct usb_request **preq)
2239 *preq = usb_ep_alloc_request(ep, GFP_ATOMIC);
2242 ERROR(common, "can't allocate request for %s\n", ep->name);
2247 * Reset interface setting and re-init endpoint state (toggle etc).
2248 * Call with altsetting < 0 to disable the interface. The only other
2249 * available altsetting is 0, which enables the interface.
2251 static int do_set_interface(struct fsg_common *common, int altsetting)
2255 const struct usb_endpoint_descriptor *d;
2257 if (common->running)
2258 DBG(common, "reset interface\n");
2261 /* Deallocate the requests */
2262 if (common->prev_fsg) {
2263 struct fsg_dev *fsg = common->prev_fsg;
2265 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
2266 struct fsg_buffhd *bh = &common->buffhds[i];
2269 usb_ep_free_request(fsg->bulk_in, bh->inreq);
2273 usb_ep_free_request(fsg->bulk_out, bh->outreq);
2278 /* Disable the endpoints */
2279 if (fsg->bulk_in_enabled) {
2280 usb_ep_disable(fsg->bulk_in);
2281 fsg->bulk_in_enabled = 0;
2283 if (fsg->bulk_out_enabled) {
2284 usb_ep_disable(fsg->bulk_out);
2285 fsg->bulk_out_enabled = 0;
2288 common->prev_fsg = 0;
2291 common->running = 0;
2292 if (altsetting < 0 || rc != 0)
2295 DBG(common, "set interface %d\n", altsetting);
2297 if (fsg_is_set(common)) {
2298 struct fsg_dev *fsg = common->fsg;
2299 common->prev_fsg = common->fsg;
2301 /* Enable the endpoints */
2302 d = fsg_ep_desc(common->gadget,
2303 &fsg_fs_bulk_in_desc, &fsg_hs_bulk_in_desc);
2304 rc = enable_endpoint(common, fsg->bulk_in, d);
2307 fsg->bulk_in_enabled = 1;
2309 d = fsg_ep_desc(common->gadget,
2310 &fsg_fs_bulk_out_desc, &fsg_hs_bulk_out_desc);
2311 rc = enable_endpoint(common, fsg->bulk_out, d);
2314 fsg->bulk_out_enabled = 1;
2315 common->bulk_out_maxpacket = le16_to_cpu(d->wMaxPacketSize);
2316 clear_bit(IGNORE_BULK_OUT, &fsg->atomic_bitflags);
2318 /* Allocate the requests */
2319 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
2320 struct fsg_buffhd *bh = &common->buffhds[i];
2322 rc = alloc_request(common, fsg->bulk_in, &bh->inreq);
2325 rc = alloc_request(common, fsg->bulk_out, &bh->outreq);
2328 bh->inreq->buf = bh->outreq->buf = bh->buf;
2329 bh->inreq->context = bh->outreq->context = bh;
2330 bh->inreq->complete = bulk_in_complete;
2331 bh->outreq->complete = bulk_out_complete;
2334 common->running = 1;
2335 for (i = 0; i < common->nluns; ++i)
2336 common->luns[i].unit_attention_data = SS_RESET_OCCURRED;
2345 * Change our operational configuration. This code must agree with the code
2346 * that returns config descriptors, and with interface altsetting code.
2348 * It's also responsible for power management interactions. Some
2349 * configurations might not work with our current power sources.
2350 * For now we just assume the gadget is always self-powered.
2352 static int do_set_config(struct fsg_common *common, u8 new_config)
2356 /* Disable the single interface */
2357 if (common->config != 0) {
2358 DBG(common, "reset config\n");
2360 rc = do_set_interface(common, -1);
2363 /* Enable the interface */
2364 if (new_config != 0) {
2365 common->config = new_config;
2366 rc = do_set_interface(common, 0);
2368 common->config = 0; /* Reset on errors */
2374 /****************************** ALT CONFIGS ******************************/
2377 static int fsg_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
2379 struct fsg_dev *fsg = fsg_from_func(f);
2380 fsg->common->prev_fsg = fsg->common->fsg;
2381 fsg->common->fsg = fsg;
2382 fsg->common->new_config = 1;
2383 raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE);
2387 static void fsg_disable(struct usb_function *f)
2389 struct fsg_dev *fsg = fsg_from_func(f);
2390 fsg->common->prev_fsg = fsg->common->fsg;
2391 fsg->common->fsg = fsg;
2392 fsg->common->new_config = 0;
2393 raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE);
2397 /*-------------------------------------------------------------------------*/
2399 static void handle_exception(struct fsg_common *common)
2404 struct fsg_buffhd *bh;
2405 enum fsg_state old_state;
2407 struct fsg_lun *curlun;
2408 unsigned int exception_req_tag;
2411 /* Clear the existing signals. Anything but SIGUSR1 is converted
2412 * into a high-priority EXIT exception. */
2414 sig = dequeue_signal_lock(current, ¤t->blocked, &info);
2417 if (sig != SIGUSR1) {
2418 if (common->state < FSG_STATE_EXIT)
2419 DBG(common, "Main thread exiting on signal\n");
2420 raise_exception(common, FSG_STATE_EXIT);
2424 /* Cancel all the pending transfers */
2425 if (fsg_is_set(common)) {
2426 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
2427 bh = &common->buffhds[i];
2429 usb_ep_dequeue(common->fsg->bulk_in, bh->inreq);
2430 if (bh->outreq_busy)
2431 usb_ep_dequeue(common->fsg->bulk_out,
2435 /* Wait until everything is idle */
2438 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
2439 bh = &common->buffhds[i];
2440 num_active += bh->inreq_busy + bh->outreq_busy;
2442 if (num_active == 0)
2444 if (sleep_thread(common))
2448 /* Clear out the controller's fifos */
2449 if (common->fsg->bulk_in_enabled)
2450 usb_ep_fifo_flush(common->fsg->bulk_in);
2451 if (common->fsg->bulk_out_enabled)
2452 usb_ep_fifo_flush(common->fsg->bulk_out);
2455 /* Reset the I/O buffer states and pointers, the SCSI
2456 * state, and the exception. Then invoke the handler. */
2457 spin_lock_irq(&common->lock);
2459 for (i = 0; i < FSG_NUM_BUFFERS; ++i) {
2460 bh = &common->buffhds[i];
2461 bh->state = BUF_STATE_EMPTY;
2463 common->next_buffhd_to_fill = &common->buffhds[0];
2464 common->next_buffhd_to_drain = &common->buffhds[0];
2465 exception_req_tag = common->exception_req_tag;
2466 new_config = common->new_config;
2467 old_state = common->state;
2469 if (old_state == FSG_STATE_ABORT_BULK_OUT)
2470 common->state = FSG_STATE_STATUS_PHASE;
2472 for (i = 0; i < common->nluns; ++i) {
2473 curlun = &common->luns[i];
2474 curlun->prevent_medium_removal = 0;
2475 curlun->sense_data = SS_NO_SENSE;
2476 curlun->unit_attention_data = SS_NO_SENSE;
2477 curlun->sense_data_info = 0;
2478 curlun->info_valid = 0;
2480 common->state = FSG_STATE_IDLE;
2482 spin_unlock_irq(&common->lock);
2484 /* Carry out any extra actions required for the exception */
2485 switch (old_state) {
2486 case FSG_STATE_ABORT_BULK_OUT:
2487 send_status(common);
2488 spin_lock_irq(&common->lock);
2489 if (common->state == FSG_STATE_STATUS_PHASE)
2490 common->state = FSG_STATE_IDLE;
2491 spin_unlock_irq(&common->lock);
2494 case FSG_STATE_RESET:
2495 /* In case we were forced against our will to halt a
2496 * bulk endpoint, clear the halt now. (The SuperH UDC
2497 * requires this.) */
2498 if (!fsg_is_set(common))
2500 if (test_and_clear_bit(IGNORE_BULK_OUT,
2501 &common->fsg->atomic_bitflags))
2502 usb_ep_clear_halt(common->fsg->bulk_in);
2504 if (common->ep0_req_tag == exception_req_tag)
2505 ep0_queue(common); /* Complete the status stage */
2507 /* Technically this should go here, but it would only be
2508 * a waste of time. Ditto for the INTERFACE_CHANGE and
2509 * CONFIG_CHANGE cases. */
2510 /* for (i = 0; i < common->nluns; ++i) */
2511 /* common->luns[i].unit_attention_data = */
2512 /* SS_RESET_OCCURRED; */
2515 case FSG_STATE_CONFIG_CHANGE:
2516 rc = do_set_config(common, new_config);
2517 if (common->ep0_req_tag != exception_req_tag)
2519 if (rc != 0) { /* STALL on errors */
2520 DBG(common, "ep0 set halt\n");
2521 usb_ep_set_halt(common->ep0);
2522 } else { /* Complete the status stage */
2527 case FSG_STATE_EXIT:
2528 case FSG_STATE_TERMINATED:
2529 do_set_config(common, 0); /* Free resources */
2530 spin_lock_irq(&common->lock);
2531 common->state = FSG_STATE_TERMINATED; /* Stop the thread */
2532 spin_unlock_irq(&common->lock);
2535 case FSG_STATE_INTERFACE_CHANGE:
2536 case FSG_STATE_DISCONNECT:
2537 case FSG_STATE_COMMAND_PHASE:
2538 case FSG_STATE_DATA_PHASE:
2539 case FSG_STATE_STATUS_PHASE:
2540 case FSG_STATE_IDLE:
2546 /*-------------------------------------------------------------------------*/
2548 static int fsg_main_thread(void *common_)
2550 struct fsg_common *common = common_;
2552 /* Allow the thread to be killed by a signal, but set the signal mask
2553 * to block everything but INT, TERM, KILL, and USR1. */
2554 allow_signal(SIGINT);
2555 allow_signal(SIGTERM);
2556 allow_signal(SIGKILL);
2557 allow_signal(SIGUSR1);
2559 /* Allow the thread to be frozen */
2562 /* Arrange for userspace references to be interpreted as kernel
2563 * pointers. That way we can pass a kernel pointer to a routine
2564 * that expects a __user pointer and it will work okay. */
2568 while (common->state != FSG_STATE_TERMINATED) {
2569 if (exception_in_progress(common) || signal_pending(current)) {
2570 handle_exception(common);
2574 if (!common->running) {
2575 sleep_thread(common);
2579 if (get_next_command(common))
2582 spin_lock_irq(&common->lock);
2583 if (!exception_in_progress(common))
2584 common->state = FSG_STATE_DATA_PHASE;
2585 spin_unlock_irq(&common->lock);
2587 if (do_scsi_command(common) || finish_reply(common))
2590 spin_lock_irq(&common->lock);
2591 if (!exception_in_progress(common))
2592 common->state = FSG_STATE_STATUS_PHASE;
2593 spin_unlock_irq(&common->lock);
2595 if (send_status(common))
2598 spin_lock_irq(&common->lock);
2599 if (!exception_in_progress(common))
2600 common->state = FSG_STATE_IDLE;
2601 spin_unlock_irq(&common->lock);
2604 spin_lock_irq(&common->lock);
2605 common->thread_task = NULL;
2606 spin_unlock_irq(&common->lock);
2609 /* If we are exiting because of a signal, unregister the
2611 /* if (test_and_clear_bit(REGISTERED, &fsg->atomic_bitflags)) */
2612 /* usb_gadget_unregister_driver(&fsg_driver); */
2614 /* Let the unbind and cleanup routines know the thread has exited */
2615 complete_and_exit(&common->thread_notifier, 0);
2619 /*************************** DEVICE ATTRIBUTES ***************************/
2621 /* Write permission is checked per LUN in store_*() functions. */
2622 static DEVICE_ATTR(ro, 0644, fsg_show_ro, fsg_store_ro);
2623 static DEVICE_ATTR(file, 0644, fsg_show_file, fsg_store_file);
2626 /****************************** FSG COMMON ******************************/
2628 static void fsg_common_release(struct kref *ref);
2630 static void fsg_lun_release(struct device *dev)
2632 /* Nothing needs to be done */
2635 static inline void fsg_common_get(struct fsg_common *common)
2637 kref_get(&common->ref);
2640 static inline void fsg_common_put(struct fsg_common *common)
2642 kref_put(&common->ref, fsg_common_release);
2646 static struct fsg_common *fsg_common_init(struct fsg_common *common,
2647 struct usb_composite_dev *cdev,
2648 struct fsg_config *cfg)
2650 struct usb_gadget *gadget = cdev->gadget;
2651 struct fsg_buffhd *bh;
2652 struct fsg_lun *curlun;
2653 struct fsg_lun_config *lcfg;
2657 /* Find out how many LUNs there should be */
2659 if (nluns < 1 || nluns > FSG_MAX_LUNS) {
2660 dev_err(&gadget->dev, "invalid number of LUNs: %u\n", nluns);
2661 return ERR_PTR(-EINVAL);
2666 common = kzalloc(sizeof *common, GFP_KERNEL);
2668 return ERR_PTR(-ENOMEM);
2669 common->free_storage_on_release = 1;
2671 memset(common, 0, sizeof common);
2672 common->free_storage_on_release = 0;
2675 common->gadget = gadget;
2676 common->ep0 = gadget->ep0;
2677 common->ep0req = cdev->req;
2679 /* Maybe allocate device-global string IDs, and patch descriptors */
2680 if (fsg_strings[FSG_STRING_INTERFACE].id == 0) {
2681 rc = usb_string_id(cdev);
2686 fsg_strings[FSG_STRING_INTERFACE].id = rc;
2687 fsg_intf_desc.iInterface = rc;
2690 /* Create the LUNs, open their backing files, and register the
2691 * LUN devices in sysfs. */
2692 curlun = kzalloc(nluns * sizeof *curlun, GFP_KERNEL);
2695 return ERR_PTR(-ENOMEM);
2697 common->luns = curlun;
2699 init_rwsem(&common->filesem);
2701 for (i = 0, lcfg = cfg->luns; i < nluns; ++i, ++curlun, ++lcfg) {
2702 curlun->cdrom = !!lcfg->cdrom;
2703 curlun->ro = lcfg->cdrom || lcfg->ro;
2704 curlun->removable = lcfg->removable;
2705 curlun->dev.release = fsg_lun_release;
2706 curlun->dev.parent = &gadget->dev;
2707 /* curlun->dev.driver = &fsg_driver.driver; XXX */
2708 dev_set_drvdata(&curlun->dev, &common->filesem);
2709 dev_set_name(&curlun->dev,
2710 cfg->lun_name_format
2711 ? cfg->lun_name_format
2715 rc = device_register(&curlun->dev);
2717 INFO(common, "failed to register LUN%d: %d\n", i, rc);
2722 rc = device_create_file(&curlun->dev, &dev_attr_ro);
2725 rc = device_create_file(&curlun->dev, &dev_attr_file);
2729 if (lcfg->filename) {
2730 rc = fsg_lun_open(curlun, lcfg->filename);
2733 } else if (!curlun->removable) {
2734 ERROR(common, "no file given for LUN%d\n", i);
2739 common->nluns = nluns;
2742 /* Data buffers cyclic list */
2743 /* Buffers in buffhds are static -- no need for additional
2745 bh = common->buffhds;
2746 i = FSG_NUM_BUFFERS - 1;
2749 } while (++bh, --i);
2750 bh->next = common->buffhds;
2753 /* Prepare inquiryString */
2754 if (cfg->release != 0xffff) {
2757 /* The sa1100 controller is not supported */
2758 i = gadget_is_sa1100(gadget)
2760 : usb_gadget_controller_number(gadget);
2764 WARNING(common, "controller '%s' not recognized\n",
2769 #define OR(x, y) ((x) ? (x) : (y))
2770 snprintf(common->inquiry_string, sizeof common->inquiry_string,
2772 OR(cfg->vendor_name, "Linux "),
2773 /* Assume product name dependent on the first LUN */
2774 OR(cfg->product_name, common->luns->cdrom
2775 ? "File-Stor Gadget"
2776 : "File-CD Gadget "),
2780 /* Some peripheral controllers are known not to be able to
2781 * halt bulk endpoints correctly. If one of them is present,
2784 common->can_stall = cfg->can_stall &&
2785 !(gadget_is_sh(common->gadget) ||
2786 gadget_is_at91(common->gadget));
2789 spin_lock_init(&common->lock);
2790 kref_init(&common->ref);
2793 /* Tell the thread to start working */
2794 common->thread_task =
2795 kthread_create(fsg_main_thread, common,
2796 OR(cfg->thread_name, "file-storage"));
2797 if (IS_ERR(common->thread_task)) {
2798 rc = PTR_ERR(common->thread_task);
2801 init_completion(&common->thread_notifier);
2806 INFO(common, FSG_DRIVER_DESC ", version: " FSG_DRIVER_VERSION "\n");
2807 INFO(common, "Number of LUNs=%d\n", common->nluns);
2809 pathbuf = kmalloc(PATH_MAX, GFP_KERNEL);
2810 for (i = 0, nluns = common->nluns, curlun = common->luns;
2813 char *p = "(no medium)";
2814 if (fsg_lun_is_open(curlun)) {
2817 p = d_path(&curlun->filp->f_path,
2823 LINFO(curlun, "LUN: %s%s%sfile: %s\n",
2824 curlun->removable ? "removable " : "",
2825 curlun->ro ? "read only " : "",
2826 curlun->cdrom ? "CD-ROM " : "",
2831 DBG(common, "I/O thread pid: %d\n", task_pid_nr(common->thread_task));
2833 wake_up_process(common->thread_task);
2839 common->nluns = i + 1;
2841 common->state = FSG_STATE_TERMINATED; /* The thread is dead */
2842 /* Call fsg_common_release() directly, ref might be not
2844 fsg_common_release(&common->ref);
2845 complete(&common->thread_notifier);
2850 static void fsg_common_release(struct kref *ref)
2852 struct fsg_common *common =
2853 container_of(ref, struct fsg_common, ref);
2854 unsigned i = common->nluns;
2855 struct fsg_lun *lun = common->luns;
2857 /* If the thread isn't already dead, tell it to exit now */
2858 if (common->state != FSG_STATE_TERMINATED) {
2859 raise_exception(common, FSG_STATE_EXIT);
2860 wait_for_completion(&common->thread_notifier);
2862 /* The cleanup routine waits for this completion also */
2863 complete(&common->thread_notifier);
2866 /* Beware tempting for -> do-while optimization: when in error
2867 * recovery nluns may be zero. */
2869 for (; i; --i, ++lun) {
2870 device_remove_file(&lun->dev, &dev_attr_ro);
2871 device_remove_file(&lun->dev, &dev_attr_file);
2873 device_unregister(&lun->dev);
2876 kfree(common->luns);
2877 if (common->free_storage_on_release)
2882 /*-------------------------------------------------------------------------*/
2885 static void fsg_unbind(struct usb_configuration *c, struct usb_function *f)
2887 struct fsg_dev *fsg = fsg_from_func(f);
2889 DBG(fsg, "unbind\n");
2890 fsg_common_put(fsg->common);
2895 static int fsg_bind(struct usb_configuration *c, struct usb_function *f)
2897 struct fsg_dev *fsg = fsg_from_func(f);
2898 struct usb_gadget *gadget = c->cdev->gadget;
2903 fsg->gadget = gadget;
2906 i = usb_interface_id(c, f);
2909 fsg_intf_desc.bInterfaceNumber = i;
2910 fsg->interface_number = i;
2912 /* Find all the endpoints we will use */
2913 ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_in_desc);
2916 ep->driver_data = fsg->common; /* claim the endpoint */
2919 ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_out_desc);
2922 ep->driver_data = fsg->common; /* claim the endpoint */
2925 if (gadget_is_dualspeed(gadget)) {
2926 /* Assume endpoint addresses are the same for both speeds */
2927 fsg_hs_bulk_in_desc.bEndpointAddress =
2928 fsg_fs_bulk_in_desc.bEndpointAddress;
2929 fsg_hs_bulk_out_desc.bEndpointAddress =
2930 fsg_fs_bulk_out_desc.bEndpointAddress;
2931 f->hs_descriptors = fsg_hs_function;
2937 ERROR(fsg, "unable to autoconfigure all endpoints\n");
2944 /****************************** ADD FUNCTION ******************************/
2946 static struct usb_gadget_strings *fsg_strings_array[] = {
2951 static int fsg_add(struct usb_composite_dev *cdev,
2952 struct usb_configuration *c,
2953 struct fsg_common *common)
2955 struct fsg_dev *fsg;
2958 fsg = kzalloc(sizeof *fsg, GFP_KERNEL);
2962 fsg->function.name = FSG_DRIVER_DESC;
2963 fsg->function.strings = fsg_strings_array;
2964 fsg->function.descriptors = fsg_fs_function;
2965 fsg->function.bind = fsg_bind;
2966 fsg->function.unbind = fsg_unbind;
2967 fsg->function.setup = fsg_setup;
2968 fsg->function.set_alt = fsg_set_alt;
2969 fsg->function.disable = fsg_disable;
2971 fsg->common = common;
2972 /* Our caller holds a reference to common structure so we
2973 * don't have to be worry about it being freed until we return
2974 * from this function. So instead of incrementing counter now
2975 * and decrement in error recovery we increment it only when
2976 * call to usb_add_function() was successful. */
2978 rc = usb_add_function(c, &fsg->function);
2980 if (likely(rc == 0))
2981 fsg_common_get(fsg->common);
2990 /************************* Module parameters *************************/
2993 struct fsg_module_parameters {
2994 char *file[FSG_MAX_LUNS];
2995 int ro[FSG_MAX_LUNS];
2996 int removable[FSG_MAX_LUNS];
2997 int cdrom[FSG_MAX_LUNS];
2999 unsigned int file_count, ro_count, removable_count, cdrom_count;
3000 unsigned int luns; /* nluns */
3001 int stall; /* can_stall */
3005 #define _FSG_MODULE_PARAM_ARRAY(prefix, params, name, type, desc) \
3006 module_param_array_named(prefix ## name, params.name, type, \
3007 &prefix ## params.name ## _count, \
3009 MODULE_PARM_DESC(prefix ## name, desc)
3011 #define _FSG_MODULE_PARAM(prefix, params, name, type, desc) \
3012 module_param_named(prefix ## name, params.name, type, \
3014 MODULE_PARM_DESC(prefix ## name, desc)
3016 #define FSG_MODULE_PARAMETERS(prefix, params) \
3017 _FSG_MODULE_PARAM_ARRAY(prefix, params, file, charp, \
3018 "names of backing files or devices"); \
3019 _FSG_MODULE_PARAM_ARRAY(prefix, params, ro, bool, \
3020 "true to force read-only"); \
3021 _FSG_MODULE_PARAM_ARRAY(prefix, params, removable, bool, \
3022 "true to simulate removable media"); \
3023 _FSG_MODULE_PARAM_ARRAY(prefix, params, cdrom, bool, \
3024 "true to simulate CD-ROM instead of disk"); \
3025 _FSG_MODULE_PARAM(prefix, params, luns, uint, \
3026 "number of LUNs"); \
3027 _FSG_MODULE_PARAM(prefix, params, stall, bool, \
3028 "false to prevent bulk stalls")
3032 fsg_config_from_params(struct fsg_config *cfg,
3033 const struct fsg_module_parameters *params)
3035 struct fsg_lun_config *lun;
3038 /* Configure LUNs */
3040 min(params->luns ?: (params->file_count ?: 1u),
3041 (unsigned)FSG_MAX_LUNS);
3042 for (i = 0, lun = cfg->luns; i < cfg->nluns; ++i, ++lun) {
3043 lun->ro = !!params->ro[i];
3044 lun->cdrom = !!params->cdrom[i];
3045 lun->removable = /* Removable by default */
3046 params->removable_count <= i || params->removable[i];
3048 params->file_count > i && params->file[i][0]
3053 /* Let MSF use defaults */
3054 cfg->lun_name_format = 0;
3055 cfg->thread_name = 0;
3056 cfg->vendor_name = 0;
3057 cfg->product_name = 0;
3058 cfg->release = 0xffff;
3061 cfg->can_stall = params->stall;
3064 static inline struct fsg_common *
3065 fsg_common_from_params(struct fsg_common *common,
3066 struct usb_composite_dev *cdev,
3067 const struct fsg_module_parameters *params)
3068 __attribute__((unused));
3069 static inline struct fsg_common *
3070 fsg_common_from_params(struct fsg_common *common,
3071 struct usb_composite_dev *cdev,
3072 const struct fsg_module_parameters *params)
3074 struct fsg_config cfg;
3075 fsg_config_from_params(&cfg, params);
3076 return fsg_common_init(common, cdev, &cfg);
Code Review / linux-2.6.git / blob