2 * drivers/usb/gadget/f_mass_storage.c
4 * Function Driver for USB Mass Storage
6 * Copyright (C) 2008 Google, Inc.
7 * Author: Mike Lockwood <lockwood@android.com>
9 * Based heavily on the file_storage gadget driver in
10 * drivers/usb/gadget/file_storage.c and licensed under the same terms:
12 * Copyright (C) 2003-2007 Alan Stern
13 * All rights reserved.
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions, and the following disclaimer,
20 * without modification.
21 * 2. Redistributions in binary form must reproduce the above copyright
22 * notice, this list of conditions and the following disclaimer in the
23 * documentation and/or other materials provided with the distribution.
24 * 3. The names of the above-listed copyright holders may not be used
25 * to endorse or promote products derived from this software without
26 * specific prior written permission.
28 * ALTERNATIVELY, this software may be distributed under the terms of the
29 * GNU General Public License ("GPL") as published by the Free Software
30 * Foundation, either version 2 of that License or (at your option) any
33 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
34 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
35 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
36 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
37 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
38 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
39 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
40 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
41 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
42 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
43 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
47 /* #define VERBOSE_DEBUG */
48 /* #define DUMP_MSGS */
51 #include <linux/blkdev.h>
52 #include <linux/completion.h>
53 #include <linux/dcache.h>
54 #include <linux/delay.h>
55 #include <linux/device.h>
56 #include <linux/fcntl.h>
57 #include <linux/file.h>
59 #include <linux/kref.h>
60 #include <linux/kthread.h>
61 #include <linux/limits.h>
62 #include <linux/rwsem.h>
63 #include <linux/slab.h>
64 #include <linux/spinlock.h>
65 #include <linux/string.h>
66 #include <linux/switch.h>
67 #include <linux/freezer.h>
68 #include <linux/utsname.h>
69 #include <linux/wakelock.h>
70 #include <linux/platform_device.h>
72 #include <linux/usb_usual.h>
73 #include <linux/usb/ch9.h>
74 #include <linux/usb/composite.h>
75 #include <linux/usb/gadget.h>
76 #include <linux/usb/android.h>
78 #include "f_mass_storage.h"
79 #include "gadget_chips.h"
82 #define BULK_BUFFER_SIZE 4096
84 /*-------------------------------------------------------------------------*/
86 #define DRIVER_NAME "usb_mass_storage"
89 static const char shortname[] = DRIVER_NAME;
92 #define LDBG(lun, fmt, args...) \
93 dev_dbg(&(lun)->dev , fmt , ## args)
94 #define MDBG(fmt,args...) \
95 printk(KERN_DEBUG DRIVER_NAME ": " fmt , ## args)
97 #define LDBG(lun, fmt, args...) \
99 #define MDBG(fmt,args...) \
108 #define VLDBG(lun, fmt, args...) \
110 #endif /* VERBOSE_DEBUG */
112 #define LERROR(lun, fmt, args...) \
113 dev_err(&(lun)->dev , fmt , ## args)
114 #define LWARN(lun, fmt, args...) \
115 dev_warn(&(lun)->dev , fmt , ## args)
116 #define LINFO(lun, fmt, args...) \
117 dev_info(&(lun)->dev , fmt , ## args)
119 #define MINFO(fmt,args...) \
120 printk(KERN_INFO DRIVER_NAME ": " fmt , ## args)
127 #define DBG(d, fmt, args...) \
128 dev_dbg(&(d)->cdev->gadget->dev , fmt , ## args)
129 #define VDBG(d, fmt, args...) \
130 dev_vdbg(&(d)->cdev->gadget->dev , fmt , ## args)
131 #define ERROR(d, fmt, args...) \
132 dev_err(&(d)->cdev->gadget->dev , fmt , ## args)
133 #define WARNING(d, fmt, args...) \
134 dev_warn(&(d)->cdev->gadget->dev , fmt , ## args)
135 #define INFO(d, fmt, args...) \
136 dev_info(&(d)->cdev->gadget->dev , fmt , ## args)
139 /*-------------------------------------------------------------------------*/
141 /* Bulk-only data structures */
143 /* Command Block Wrapper */
144 struct bulk_cb_wrap {
145 __le32 Signature; /* Contains 'USBC' */
146 u32 Tag; /* Unique per command id */
147 __le32 DataTransferLength; /* Size of the data */
148 u8 Flags; /* Direction in bit 7 */
149 u8 Lun; /* LUN (normally 0) */
150 u8 Length; /* Of the CDB, <= MAX_COMMAND_SIZE */
151 u8 CDB[16]; /* Command Data Block */
154 #define USB_BULK_CB_WRAP_LEN 31
155 #define USB_BULK_CB_SIG 0x43425355 /* Spells out USBC */
156 #define USB_BULK_IN_FLAG 0x80
158 /* Command Status Wrapper */
159 struct bulk_cs_wrap {
160 __le32 Signature; /* Should = 'USBS' */
161 u32 Tag; /* Same as original command */
162 __le32 Residue; /* Amount not transferred */
163 u8 Status; /* See below */
166 #define USB_BULK_CS_WRAP_LEN 13
167 #define USB_BULK_CS_SIG 0x53425355 /* Spells out 'USBS' */
168 #define USB_STATUS_PASS 0
169 #define USB_STATUS_FAIL 1
170 #define USB_STATUS_PHASE_ERROR 2
172 /* Bulk-only class specific requests */
173 #define USB_BULK_RESET_REQUEST 0xff
174 #define USB_BULK_GET_MAX_LUN_REQUEST 0xfe
176 /* Length of a SCSI Command Data Block */
177 #define MAX_COMMAND_SIZE 16
179 /* SCSI commands that we recognize */
180 #define SC_FORMAT_UNIT 0x04
181 #define SC_INQUIRY 0x12
182 #define SC_MODE_SELECT_6 0x15
183 #define SC_MODE_SELECT_10 0x55
184 #define SC_MODE_SENSE_6 0x1a
185 #define SC_MODE_SENSE_10 0x5a
186 #define SC_PREVENT_ALLOW_MEDIUM_REMOVAL 0x1e
187 #define SC_READ_6 0x08
188 #define SC_READ_10 0x28
189 #define SC_READ_12 0xa8
190 #define SC_READ_CAPACITY 0x25
191 #define SC_READ_FORMAT_CAPACITIES 0x23
192 #define SC_RELEASE 0x17
193 #define SC_REQUEST_SENSE 0x03
194 #define SC_RESERVE 0x16
195 #define SC_SEND_DIAGNOSTIC 0x1d
196 #define SC_START_STOP_UNIT 0x1b
197 #define SC_SYNCHRONIZE_CACHE 0x35
198 #define SC_TEST_UNIT_READY 0x00
199 #define SC_VERIFY 0x2f
200 #define SC_WRITE_6 0x0a
201 #define SC_WRITE_10 0x2a
202 #define SC_WRITE_12 0xaa
204 /* SCSI Sense Key/Additional Sense Code/ASC Qualifier values */
205 #define SS_NO_SENSE 0
206 #define SS_COMMUNICATION_FAILURE 0x040800
207 #define SS_INVALID_COMMAND 0x052000
208 #define SS_INVALID_FIELD_IN_CDB 0x052400
209 #define SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE 0x052100
210 #define SS_LOGICAL_UNIT_NOT_SUPPORTED 0x052500
211 #define SS_MEDIUM_NOT_PRESENT 0x023a00
212 #define SS_MEDIUM_REMOVAL_PREVENTED 0x055302
213 #define SS_NOT_READY_TO_READY_TRANSITION 0x062800
214 #define SS_RESET_OCCURRED 0x062900
215 #define SS_SAVING_PARAMETERS_NOT_SUPPORTED 0x053900
216 #define SS_UNRECOVERED_READ_ERROR 0x031100
217 #define SS_WRITE_ERROR 0x030c02
218 #define SS_WRITE_PROTECTED 0x072700
220 #define SK(x) ((u8) ((x) >> 16)) /* Sense Key byte, etc. */
221 #define ASC(x) ((u8) ((x) >> 8))
222 #define ASCQ(x) ((u8) (x))
225 /*-------------------------------------------------------------------------*/
233 unsigned int prevent_medium_removal : 1;
234 unsigned int registered : 1;
235 unsigned int info_valid : 1;
239 u32 unit_attention_data;
244 #define backing_file_is_open(curlun) ((curlun)->filp != NULL)
247 static struct lun *dev_to_lun(struct device *dev)
249 return container_of(dev, struct lun, dev);
252 /* Big enough to hold our biggest descriptor */
253 #define EP0_BUFSIZE 256
255 /* Number of buffers we will use. 2 is enough for double-buffering */
256 #define NUM_BUFFERS 2
258 enum fsg_buffer_state {
266 enum fsg_buffer_state state;
267 struct fsg_buffhd *next;
269 /* The NetChip 2280 is faster, and handles some protocol faults
270 * better, if we don't submit any short bulk-out read requests.
271 * So we will record the intended request length here. */
272 unsigned int bulk_out_intended_length;
274 struct usb_request *inreq;
276 struct usb_request *outreq;
281 /* This one isn't used anywhere */
282 FSG_STATE_COMMAND_PHASE = -10,
284 FSG_STATE_DATA_PHASE,
285 FSG_STATE_STATUS_PHASE,
288 FSG_STATE_ABORT_BULK_OUT,
290 FSG_STATE_CONFIG_CHANGE,
295 enum data_direction {
296 DATA_DIR_UNKNOWN = 0,
303 struct usb_function function;
304 struct usb_composite_dev *cdev;
306 /* optional "usb_mass_storage" platform device */
307 struct platform_device *pdev;
309 /* lock protects: state and all the req_busy's */
312 /* filesem protects: backing files in use */
313 struct rw_semaphore filesem;
315 /* reference counting: wait until all LUNs are released */
318 unsigned int bulk_out_maxpacket;
319 enum fsg_state state; /* For exception handling */
321 u8 config, new_config;
323 unsigned int running : 1;
324 unsigned int bulk_in_enabled : 1;
325 unsigned int bulk_out_enabled : 1;
326 unsigned int phase_error : 1;
327 unsigned int short_packet_received : 1;
328 unsigned int bad_lun_okay : 1;
330 unsigned long atomic_bitflags;
332 #define CLEAR_BULK_HALTS 1
335 struct usb_ep *bulk_in;
336 struct usb_ep *bulk_out;
338 struct fsg_buffhd *next_buffhd_to_fill;
339 struct fsg_buffhd *next_buffhd_to_drain;
340 struct fsg_buffhd buffhds[NUM_BUFFERS];
342 int thread_wakeup_needed;
343 struct completion thread_notifier;
344 struct task_struct *thread_task;
347 u8 cmnd[MAX_COMMAND_SIZE];
348 enum data_direction data_dir;
350 u32 data_size_from_cmnd;
365 struct switch_dev sdev;
367 struct wake_lock wake_lock;
370 static inline struct fsg_dev *func_to_dev(struct usb_function *f)
372 return container_of(f, struct fsg_dev, function);
375 static int exception_in_progress(struct fsg_dev *fsg)
377 return (fsg->state > FSG_STATE_IDLE);
380 /* Make bulk-out requests be divisible by the maxpacket size */
381 static void set_bulk_out_req_length(struct fsg_dev *fsg,
382 struct fsg_buffhd *bh, unsigned int length)
386 bh->bulk_out_intended_length = length;
387 rem = length % fsg->bulk_out_maxpacket;
389 length += fsg->bulk_out_maxpacket - rem;
390 bh->outreq->length = length;
393 static struct fsg_dev *the_fsg;
395 static void close_backing_file(struct fsg_dev *fsg, struct lun *curlun);
396 static void close_all_backing_files(struct fsg_dev *fsg);
399 /*-------------------------------------------------------------------------*/
403 static void dump_msg(struct fsg_dev *fsg, const char *label,
404 const u8 *buf, unsigned int length)
407 DBG(fsg, "%s, length %u:\n", label, length);
408 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET,
409 16, 1, buf, length, 0);
413 static void dump_cdb(struct fsg_dev *fsg)
418 static void dump_msg(struct fsg_dev *fsg, const char *label,
419 const u8 *buf, unsigned int length)
424 static void dump_cdb(struct fsg_dev *fsg)
426 print_hex_dump(KERN_DEBUG, "SCSI CDB: ", DUMP_PREFIX_NONE,
427 16, 1, fsg->cmnd, fsg->cmnd_size, 0);
432 static void dump_cdb(struct fsg_dev *fsg)
435 #endif /* VERBOSE_DEBUG */
436 #endif /* DUMP_MSGS */
439 /*-------------------------------------------------------------------------*/
441 /* Routines for unaligned data access */
443 static u16 get_be16(u8 *buf)
445 return ((u16) buf[0] << 8) | ((u16) buf[1]);
448 static u32 get_be32(u8 *buf)
450 return ((u32) buf[0] << 24) | ((u32) buf[1] << 16) |
451 ((u32) buf[2] << 8) | ((u32) buf[3]);
454 static void put_be16(u8 *buf, u16 val)
460 static void put_be32(u8 *buf, u32 val)
468 /*-------------------------------------------------------------------------*/
471 * DESCRIPTORS ... most are static, but strings and (full) configuration
472 * descriptors are built on demand. Also the (static) config and interface
473 * descriptors are adjusted during fsg_bind().
476 /* There is only one interface. */
478 static struct usb_interface_descriptor
480 .bLength = sizeof intf_desc,
481 .bDescriptorType = USB_DT_INTERFACE,
483 .bNumEndpoints = 2, /* Adjusted during fsg_bind() */
484 .bInterfaceClass = USB_CLASS_MASS_STORAGE,
485 .bInterfaceSubClass = US_SC_SCSI,
486 .bInterfaceProtocol = US_PR_BULK,
489 /* Three full-speed endpoint descriptors: bulk-in, bulk-out,
490 * and interrupt-in. */
492 static struct usb_endpoint_descriptor
494 .bLength = USB_DT_ENDPOINT_SIZE,
495 .bDescriptorType = USB_DT_ENDPOINT,
497 .bEndpointAddress = USB_DIR_IN,
498 .bmAttributes = USB_ENDPOINT_XFER_BULK,
499 /* wMaxPacketSize set by autoconfiguration */
502 static struct usb_endpoint_descriptor
504 .bLength = USB_DT_ENDPOINT_SIZE,
505 .bDescriptorType = USB_DT_ENDPOINT,
507 .bEndpointAddress = USB_DIR_OUT,
508 .bmAttributes = USB_ENDPOINT_XFER_BULK,
509 /* wMaxPacketSize set by autoconfiguration */
512 static struct usb_descriptor_header *fs_function[] = {
513 (struct usb_descriptor_header *) &intf_desc,
514 (struct usb_descriptor_header *) &fs_bulk_in_desc,
515 (struct usb_descriptor_header *) &fs_bulk_out_desc,
518 #define FS_FUNCTION_PRE_EP_ENTRIES 2
521 static struct usb_endpoint_descriptor
523 .bLength = USB_DT_ENDPOINT_SIZE,
524 .bDescriptorType = USB_DT_ENDPOINT,
526 /* bEndpointAddress copied from fs_bulk_in_desc during fsg_bind() */
527 .bmAttributes = USB_ENDPOINT_XFER_BULK,
528 .wMaxPacketSize = __constant_cpu_to_le16(512),
531 static struct usb_endpoint_descriptor
533 .bLength = USB_DT_ENDPOINT_SIZE,
534 .bDescriptorType = USB_DT_ENDPOINT,
536 /* bEndpointAddress copied from fs_bulk_out_desc during fsg_bind() */
537 .bmAttributes = USB_ENDPOINT_XFER_BULK,
538 .wMaxPacketSize = __constant_cpu_to_le16(512),
539 .bInterval = 1, /* NAK every 1 uframe */
543 static struct usb_descriptor_header *hs_function[] = {
544 (struct usb_descriptor_header *) &intf_desc,
545 (struct usb_descriptor_header *) &hs_bulk_in_desc,
546 (struct usb_descriptor_header *) &hs_bulk_out_desc,
550 /* Maxpacket and other transfer characteristics vary by speed. */
551 static struct usb_endpoint_descriptor *
552 ep_desc(struct usb_gadget *g, struct usb_endpoint_descriptor *fs,
553 struct usb_endpoint_descriptor *hs)
555 if (gadget_is_dualspeed(g) && g->speed == USB_SPEED_HIGH)
560 /*-------------------------------------------------------------------------*/
562 /* These routines may be called in process context or in_irq */
564 /* Caller must hold fsg->lock */
565 static void wakeup_thread(struct fsg_dev *fsg)
567 /* Tell the main thread that something has happened */
568 fsg->thread_wakeup_needed = 1;
569 if (fsg->thread_task)
570 wake_up_process(fsg->thread_task);
574 static void raise_exception(struct fsg_dev *fsg, enum fsg_state new_state)
578 DBG(fsg, "raise_exception %d\n", (int)new_state);
579 /* Do nothing if a higher-priority exception is already in progress.
580 * If a lower-or-equal priority exception is in progress, preempt it
581 * and notify the main thread by sending it a signal. */
582 spin_lock_irqsave(&fsg->lock, flags);
583 if (fsg->state <= new_state) {
584 fsg->state = new_state;
585 if (fsg->thread_task)
586 send_sig_info(SIGUSR1, SEND_SIG_FORCED,
589 spin_unlock_irqrestore(&fsg->lock, flags);
593 /*-------------------------------------------------------------------------*/
595 /* Bulk and interrupt endpoint completion handlers.
596 * These always run in_irq. */
598 static void bulk_in_complete(struct usb_ep *ep, struct usb_request *req)
600 struct fsg_dev *fsg = ep->driver_data;
601 struct fsg_buffhd *bh = req->context;
603 if (req->status || req->actual != req->length)
604 DBG(fsg, "%s --> %d, %u/%u\n", __func__,
605 req->status, req->actual, req->length);
607 /* Hold the lock while we update the request and buffer states */
609 spin_lock(&fsg->lock);
611 bh->state = BUF_STATE_EMPTY;
613 spin_unlock(&fsg->lock);
616 static void bulk_out_complete(struct usb_ep *ep, struct usb_request *req)
618 struct fsg_dev *fsg = ep->driver_data;
619 struct fsg_buffhd *bh = req->context;
621 dump_msg(fsg, "bulk-out", req->buf, req->actual);
622 if (req->status || req->actual != bh->bulk_out_intended_length)
623 DBG(fsg, "%s --> %d, %u/%u\n", __func__,
624 req->status, req->actual,
625 bh->bulk_out_intended_length);
627 /* Hold the lock while we update the request and buffer states */
629 spin_lock(&fsg->lock);
631 bh->state = BUF_STATE_FULL;
633 spin_unlock(&fsg->lock);
636 static int fsg_function_setup(struct usb_function *f,
637 const struct usb_ctrlrequest *ctrl)
639 struct fsg_dev *fsg = func_to_dev(f);
640 struct usb_composite_dev *cdev = fsg->cdev;
641 int value = -EOPNOTSUPP;
642 u16 w_index = le16_to_cpu(ctrl->wIndex);
643 u16 w_value = le16_to_cpu(ctrl->wValue);
644 u16 w_length = le16_to_cpu(ctrl->wLength);
646 DBG(fsg, "fsg_function_setup\n");
647 /* Handle Bulk-only class-specific requests */
648 if ((ctrl->bRequestType & USB_TYPE_MASK) == USB_TYPE_CLASS) {
649 DBG(fsg, "USB_TYPE_CLASS\n");
650 switch (ctrl->bRequest) {
651 case USB_BULK_RESET_REQUEST:
652 if (ctrl->bRequestType != (USB_DIR_OUT |
653 USB_TYPE_CLASS | USB_RECIP_INTERFACE))
655 if (w_index != 0 || w_value != 0) {
660 /* Raise an exception to stop the current operation
661 * and reinitialize our state. */
662 DBG(fsg, "bulk reset request\n");
663 raise_exception(fsg, FSG_STATE_RESET);
667 case USB_BULK_GET_MAX_LUN_REQUEST:
668 if (ctrl->bRequestType != (USB_DIR_IN |
669 USB_TYPE_CLASS | USB_RECIP_INTERFACE))
671 if (w_index != 0 || w_value != 0) {
675 VDBG(fsg, "get max LUN\n");
676 *(u8 *)cdev->req->buf = fsg->nluns - 1;
682 /* respond with data transfer or status phase? */
685 cdev->req->zero = value < w_length;
686 cdev->req->length = value;
687 rc = usb_ep_queue(cdev->gadget->ep0, cdev->req, GFP_ATOMIC);
689 printk("%s setup response queue error\n", __func__);
692 if (value == -EOPNOTSUPP)
694 "unknown class-specific control req "
695 "%02x.%02x v%04x i%04x l%u\n",
696 ctrl->bRequestType, ctrl->bRequest,
697 le16_to_cpu(ctrl->wValue), w_index, w_length);
701 /*-------------------------------------------------------------------------*/
703 /* All the following routines run in process context */
706 /* Use this for bulk or interrupt transfers, not ep0 */
707 static void start_transfer(struct fsg_dev *fsg, struct usb_ep *ep,
708 struct usb_request *req, int *pbusy,
709 enum fsg_buffer_state *state)
713 DBG(fsg, "start_transfer req: %p, req->buf: %p\n", req, req->buf);
714 if (ep == fsg->bulk_in)
715 dump_msg(fsg, "bulk-in", req->buf, req->length);
717 spin_lock_irq(&fsg->lock);
719 *state = BUF_STATE_BUSY;
720 spin_unlock_irq(&fsg->lock);
721 rc = usb_ep_queue(ep, req, GFP_KERNEL);
724 *state = BUF_STATE_EMPTY;
726 /* We can't do much more than wait for a reset */
728 /* Note: currently the net2280 driver fails zero-length
729 * submissions if DMA is enabled. */
730 if (rc != -ESHUTDOWN && !(rc == -EOPNOTSUPP &&
732 WARN(fsg, "error in submission: %s --> %d\n",
733 (ep == fsg->bulk_in ? "bulk-in" : "bulk-out"),
739 static int sleep_thread(struct fsg_dev *fsg)
743 /* Wait until a signal arrives or we are woken up */
746 set_current_state(TASK_INTERRUPTIBLE);
747 if (signal_pending(current)) {
751 if (fsg->thread_wakeup_needed)
755 __set_current_state(TASK_RUNNING);
756 fsg->thread_wakeup_needed = 0;
761 /*-------------------------------------------------------------------------*/
763 static int do_read(struct fsg_dev *fsg)
765 struct lun *curlun = fsg->curlun;
767 struct fsg_buffhd *bh;
770 loff_t file_offset, file_offset_tmp;
772 unsigned int partial_page;
775 /* Get the starting Logical Block Address and check that it's
777 if (fsg->cmnd[0] == SC_READ_6)
778 lba = (fsg->cmnd[1] << 16) | get_be16(&fsg->cmnd[2]);
780 lba = get_be32(&fsg->cmnd[2]);
782 /* We allow DPO (Disable Page Out = don't save data in the
783 * cache) and FUA (Force Unit Access = don't read from the
784 * cache), but we don't implement them. */
785 if ((fsg->cmnd[1] & ~0x18) != 0) {
786 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
790 if (lba >= curlun->num_sectors) {
791 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
794 file_offset = ((loff_t) lba) << 9;
796 /* Carry out the file reads */
797 amount_left = fsg->data_size_from_cmnd;
798 if (unlikely(amount_left == 0))
799 return -EIO; /* No default reply */
803 /* Figure out how much we need to read:
804 * Try to read the remaining amount.
805 * But don't read more than the buffer size.
806 * And don't try to read past the end of the file.
807 * Finally, if we're not at a page boundary, don't read past
809 * If this means reading 0 then we were asked to read past
810 * the end of file. */
811 amount = min((unsigned int) amount_left,
812 (unsigned int)fsg->buf_size);
813 amount = min((loff_t) amount,
814 curlun->file_length - file_offset);
815 partial_page = file_offset & (PAGE_CACHE_SIZE - 1);
816 if (partial_page > 0)
817 amount = min(amount, (unsigned int) PAGE_CACHE_SIZE -
820 /* Wait for the next buffer to become available */
821 bh = fsg->next_buffhd_to_fill;
822 while (bh->state != BUF_STATE_EMPTY) {
823 rc = sleep_thread(fsg);
828 /* If we were asked to read past the end of file,
829 * end with an empty buffer. */
832 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
833 curlun->sense_data_info = file_offset >> 9;
834 curlun->info_valid = 1;
835 bh->inreq->length = 0;
836 bh->state = BUF_STATE_FULL;
840 /* Perform the read */
841 file_offset_tmp = file_offset;
842 nread = vfs_read(curlun->filp,
843 (char __user *) bh->buf,
844 amount, &file_offset_tmp);
845 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount,
846 (unsigned long long) file_offset,
848 if (signal_pending(current))
852 LDBG(curlun, "error in file read: %d\n",
855 } else if (nread < amount) {
856 LDBG(curlun, "partial file read: %d/%u\n",
857 (int) nread, amount);
858 nread -= (nread & 511); /* Round down to a block */
860 file_offset += nread;
861 amount_left -= nread;
862 fsg->residue -= nread;
863 bh->inreq->length = nread;
864 bh->state = BUF_STATE_FULL;
866 /* If an error occurred, report it and its position */
867 if (nread < amount) {
868 curlun->sense_data = SS_UNRECOVERED_READ_ERROR;
869 curlun->sense_data_info = file_offset >> 9;
870 curlun->info_valid = 1;
874 if (amount_left == 0)
875 break; /* No more left to read */
877 /* Send this buffer and go read some more */
878 start_transfer(fsg, fsg->bulk_in, bh->inreq,
879 &bh->inreq_busy, &bh->state);
880 fsg->next_buffhd_to_fill = bh->next;
883 return -EIO; /* No default reply */
887 /*-------------------------------------------------------------------------*/
889 static int do_write(struct fsg_dev *fsg)
891 struct lun *curlun = fsg->curlun;
893 struct fsg_buffhd *bh;
895 u32 amount_left_to_req, amount_left_to_write;
896 loff_t usb_offset, file_offset, file_offset_tmp;
898 unsigned int partial_page;
903 curlun->sense_data = SS_WRITE_PROTECTED;
906 curlun->filp->f_flags &= ~O_SYNC; /* Default is not to wait */
908 /* Get the starting Logical Block Address and check that it's
910 if (fsg->cmnd[0] == SC_WRITE_6)
911 lba = (fsg->cmnd[1] << 16) | get_be16(&fsg->cmnd[2]);
913 lba = get_be32(&fsg->cmnd[2]);
915 /* We allow DPO (Disable Page Out = don't save data in the
916 * cache) and FUA (Force Unit Access = write directly to the
917 * medium). We don't implement DPO; we implement FUA by
918 * performing synchronous output. */
919 if ((fsg->cmnd[1] & ~0x18) != 0) {
920 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
923 if (fsg->cmnd[1] & 0x08) /* FUA */
924 curlun->filp->f_flags |= O_SYNC;
926 if (lba >= curlun->num_sectors) {
927 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
931 /* Carry out the file writes */
933 file_offset = usb_offset = ((loff_t) lba) << 9;
934 amount_left_to_req = amount_left_to_write = fsg->data_size_from_cmnd;
936 while (amount_left_to_write > 0) {
938 /* Queue a request for more data from the host */
939 bh = fsg->next_buffhd_to_fill;
940 if (bh->state == BUF_STATE_EMPTY && get_some_more) {
942 /* Figure out how much we want to get:
943 * Try to get the remaining amount.
944 * But don't get more than the buffer size.
945 * And don't try to go past the end of the file.
946 * If we're not at a page boundary,
947 * don't go past the next page.
948 * If this means getting 0, then we were asked
949 * to write past the end of file.
950 * Finally, round down to a block boundary. */
951 amount = min(amount_left_to_req, (u32)fsg->buf_size);
952 amount = min((loff_t) amount, curlun->file_length -
954 partial_page = usb_offset & (PAGE_CACHE_SIZE - 1);
955 if (partial_page > 0)
957 (unsigned int) PAGE_CACHE_SIZE - partial_page);
962 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
963 curlun->sense_data_info = usb_offset >> 9;
964 curlun->info_valid = 1;
967 amount -= (amount & 511);
970 /* Why were we were asked to transfer a
976 /* Get the next buffer */
977 usb_offset += amount;
978 fsg->usb_amount_left -= amount;
979 amount_left_to_req -= amount;
980 if (amount_left_to_req == 0)
983 /* amount is always divisible by 512, hence by
984 * the bulk-out maxpacket size */
985 bh->outreq->length = bh->bulk_out_intended_length =
987 start_transfer(fsg, fsg->bulk_out, bh->outreq,
988 &bh->outreq_busy, &bh->state);
989 fsg->next_buffhd_to_fill = bh->next;
993 /* Write the received data to the backing file */
994 bh = fsg->next_buffhd_to_drain;
995 if (bh->state == BUF_STATE_EMPTY && !get_some_more)
996 break; /* We stopped early */
997 if (bh->state == BUF_STATE_FULL) {
999 fsg->next_buffhd_to_drain = bh->next;
1000 bh->state = BUF_STATE_EMPTY;
1002 /* Did something go wrong with the transfer? */
1003 if (bh->outreq->status != 0) {
1004 curlun->sense_data = SS_COMMUNICATION_FAILURE;
1005 curlun->sense_data_info = file_offset >> 9;
1006 curlun->info_valid = 1;
1010 amount = bh->outreq->actual;
1011 if (curlun->file_length - file_offset < amount) {
1013 "write %u @ %llu beyond end %llu\n",
1014 amount, (unsigned long long) file_offset,
1015 (unsigned long long) curlun->file_length);
1016 amount = curlun->file_length - file_offset;
1019 /* Perform the write */
1020 file_offset_tmp = file_offset;
1021 nwritten = vfs_write(curlun->filp,
1022 (char __user *) bh->buf,
1023 amount, &file_offset_tmp);
1024 VLDBG(curlun, "file write %u @ %llu -> %d\n", amount,
1025 (unsigned long long) file_offset,
1027 if (signal_pending(current))
1028 return -EINTR; /* Interrupted! */
1031 LDBG(curlun, "error in file write: %d\n",
1034 } else if (nwritten < amount) {
1035 LDBG(curlun, "partial file write: %d/%u\n",
1036 (int) nwritten, amount);
1037 nwritten -= (nwritten & 511);
1038 /* Round down to a block */
1040 file_offset += nwritten;
1041 amount_left_to_write -= nwritten;
1042 fsg->residue -= nwritten;
1044 /* If an error occurred, report it and its position */
1045 if (nwritten < amount) {
1046 curlun->sense_data = SS_WRITE_ERROR;
1047 curlun->sense_data_info = file_offset >> 9;
1048 curlun->info_valid = 1;
1052 /* Did the host decide to stop early? */
1053 if (bh->outreq->actual != bh->outreq->length) {
1054 fsg->short_packet_received = 1;
1060 /* Wait for something to happen */
1061 rc = sleep_thread(fsg);
1066 return -EIO; /* No default reply */
1070 /*-------------------------------------------------------------------------*/
1072 /* Sync the file data, don't bother with the metadata.
1073 * The caller must own fsg->filesem.
1074 * This code was copied from fs/buffer.c:sys_fdatasync(). */
1075 static int fsync_sub(struct lun *curlun)
1077 struct file *filp = curlun->filp;
1078 struct inode *inode;
1081 if (curlun->ro || !filp)
1083 if (!filp->f_op->fsync)
1086 inode = filp->f_path.dentry->d_inode;
1087 mutex_lock(&inode->i_mutex);
1088 rc = filemap_fdatawrite(inode->i_mapping);
1089 err = filp->f_op->fsync(filp, filp->f_path.dentry, 1);
1092 err = filemap_fdatawait(inode->i_mapping);
1095 mutex_unlock(&inode->i_mutex);
1096 VLDBG(curlun, "fdatasync -> %d\n", rc);
1100 static void fsync_all(struct fsg_dev *fsg)
1104 for (i = 0; i < fsg->nluns; ++i)
1105 fsync_sub(&fsg->luns[i]);
1108 static int do_synchronize_cache(struct fsg_dev *fsg)
1110 struct lun *curlun = fsg->curlun;
1113 /* We ignore the requested LBA and write out all file's
1114 * dirty data buffers. */
1115 rc = fsync_sub(curlun);
1117 curlun->sense_data = SS_WRITE_ERROR;
1122 /*-------------------------------------------------------------------------*/
1124 static void invalidate_sub(struct lun *curlun)
1126 struct file *filp = curlun->filp;
1127 struct inode *inode = filp->f_path.dentry->d_inode;
1130 rc = invalidate_mapping_pages(inode->i_mapping, 0, -1);
1131 VLDBG(curlun, "invalidate_inode_pages -> %ld\n", rc);
1134 static int do_verify(struct fsg_dev *fsg)
1136 struct lun *curlun = fsg->curlun;
1138 u32 verification_length;
1139 struct fsg_buffhd *bh = fsg->next_buffhd_to_fill;
1140 loff_t file_offset, file_offset_tmp;
1142 unsigned int amount;
1145 /* Get the starting Logical Block Address and check that it's
1147 lba = get_be32(&fsg->cmnd[2]);
1148 if (lba >= curlun->num_sectors) {
1149 curlun->sense_data = SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1153 /* We allow DPO (Disable Page Out = don't save data in the
1154 * cache) but we don't implement it. */
1155 if ((fsg->cmnd[1] & ~0x10) != 0) {
1156 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1160 verification_length = get_be16(&fsg->cmnd[7]);
1161 if (unlikely(verification_length == 0))
1162 return -EIO; /* No default reply */
1164 /* Prepare to carry out the file verify */
1165 amount_left = verification_length << 9;
1166 file_offset = ((loff_t) lba) << 9;
1168 /* Write out all the dirty buffers before invalidating them */
1170 if (signal_pending(current))
1173 invalidate_sub(curlun);
1174 if (signal_pending(current))
1177 /* Just try to read the requested blocks */
1178 while (amount_left > 0) {
1180 /* Figure out how much we need to read:
1181 * Try to read the remaining amount, but not more than
1183 * And don't try to read past the end of the file.
1184 * If this means reading 0 then we were asked to read
1185 * past the end of file. */
1186 amount = min((unsigned int) amount_left,
1187 (unsigned int)fsg->buf_size);
1188 amount = min((loff_t) amount,
1189 curlun->file_length - file_offset);
1191 curlun->sense_data =
1192 SS_LOGICAL_BLOCK_ADDRESS_OUT_OF_RANGE;
1193 curlun->sense_data_info = file_offset >> 9;
1194 curlun->info_valid = 1;
1198 /* Perform the read */
1199 file_offset_tmp = file_offset;
1200 nread = vfs_read(curlun->filp,
1201 (char __user *) bh->buf,
1202 amount, &file_offset_tmp);
1203 VLDBG(curlun, "file read %u @ %llu -> %d\n", amount,
1204 (unsigned long long) file_offset,
1206 if (signal_pending(current))
1210 LDBG(curlun, "error in file verify: %d\n",
1213 } else if (nread < amount) {
1214 LDBG(curlun, "partial file verify: %d/%u\n",
1215 (int) nread, amount);
1216 nread -= (nread & 511); /* Round down to a sector */
1219 curlun->sense_data = SS_UNRECOVERED_READ_ERROR;
1220 curlun->sense_data_info = file_offset >> 9;
1221 curlun->info_valid = 1;
1224 file_offset += nread;
1225 amount_left -= nread;
1231 /*-------------------------------------------------------------------------*/
1233 static int do_inquiry(struct fsg_dev *fsg, struct fsg_buffhd *bh)
1235 u8 *buf = (u8 *) bh->buf;
1237 if (!fsg->curlun) { /* Unsupported LUNs are okay */
1238 fsg->bad_lun_okay = 1;
1240 buf[0] = 0x7f; /* Unsupported, no device-type */
1244 memset(buf, 0, 8); /* Non-removable, direct-access device */
1246 buf[1] = 0x80; /* set removable bit */
1247 buf[2] = 2; /* ANSI SCSI level 2 */
1248 buf[3] = 2; /* SCSI-2 INQUIRY data format */
1249 buf[4] = 31; /* Additional length */
1250 /* No special options */
1251 sprintf(buf + 8, "%-8s%-16s%04x", fsg->vendor,
1252 fsg->product, fsg->release);
1257 static int do_request_sense(struct fsg_dev *fsg, struct fsg_buffhd *bh)
1259 struct lun *curlun = fsg->curlun;
1260 u8 *buf = (u8 *) bh->buf;
1265 * From the SCSI-2 spec., section 7.9 (Unit attention condition):
1267 * If a REQUEST SENSE command is received from an initiator
1268 * with a pending unit attention condition (before the target
1269 * generates the contingent allegiance condition), then the
1270 * target shall either:
1271 * a) report any pending sense data and preserve the unit
1272 * attention condition on the logical unit, or,
1273 * b) report the unit attention condition, may discard any
1274 * pending sense data, and clear the unit attention
1275 * condition on the logical unit for that initiator.
1277 * FSG normally uses option a); enable this code to use option b).
1280 if (curlun && curlun->unit_attention_data != SS_NO_SENSE) {
1281 curlun->sense_data = curlun->unit_attention_data;
1282 curlun->unit_attention_data = SS_NO_SENSE;
1286 if (!curlun) { /* Unsupported LUNs are okay */
1287 fsg->bad_lun_okay = 1;
1288 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
1292 sd = curlun->sense_data;
1293 sdinfo = curlun->sense_data_info;
1294 valid = curlun->info_valid << 7;
1295 curlun->sense_data = SS_NO_SENSE;
1296 curlun->sense_data_info = 0;
1297 curlun->info_valid = 0;
1301 buf[0] = valid | 0x70; /* Valid, current error */
1303 put_be32(&buf[3], sdinfo); /* Sense information */
1304 buf[7] = 18 - 8; /* Additional sense length */
1311 static int do_read_capacity(struct fsg_dev *fsg, struct fsg_buffhd *bh)
1313 struct lun *curlun = fsg->curlun;
1314 u32 lba = get_be32(&fsg->cmnd[2]);
1315 int pmi = fsg->cmnd[8];
1316 u8 *buf = (u8 *) bh->buf;
1318 /* Check the PMI and LBA fields */
1319 if (pmi > 1 || (pmi == 0 && lba != 0)) {
1320 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1324 put_be32(&buf[0], curlun->num_sectors - 1); /* Max logical block */
1325 put_be32(&buf[4], 512); /* Block length */
1330 static int do_mode_sense(struct fsg_dev *fsg, struct fsg_buffhd *bh)
1332 struct lun *curlun = fsg->curlun;
1333 int mscmnd = fsg->cmnd[0];
1334 u8 *buf = (u8 *) bh->buf;
1337 int changeable_values, all_pages;
1341 if ((fsg->cmnd[1] & ~0x08) != 0) { /* Mask away DBD */
1342 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1345 pc = fsg->cmnd[2] >> 6;
1346 page_code = fsg->cmnd[2] & 0x3f;
1348 curlun->sense_data = SS_SAVING_PARAMETERS_NOT_SUPPORTED;
1351 changeable_values = (pc == 1);
1352 all_pages = (page_code == 0x3f);
1354 /* Write the mode parameter header. Fixed values are: default
1355 * medium type, no cache control (DPOFUA), and no block descriptors.
1356 * The only variable value is the WriteProtect bit. We will fill in
1357 * the mode data length later. */
1359 if (mscmnd == SC_MODE_SENSE_6) {
1360 buf[2] = (curlun->ro ? 0x80 : 0x00); /* WP, DPOFUA */
1363 } else { /* SC_MODE_SENSE_10 */
1364 buf[3] = (curlun->ro ? 0x80 : 0x00); /* WP, DPOFUA */
1369 /* No block descriptors */
1371 /* Disabled to workaround USB reset problems with a Vista host.
1374 /* The mode pages, in numerical order. The only page we support
1375 * is the Caching page. */
1376 if (page_code == 0x08 || all_pages) {
1378 buf[0] = 0x08; /* Page code */
1379 buf[1] = 10; /* Page length */
1380 memset(buf+2, 0, 10); /* None of the fields are changeable */
1382 if (!changeable_values) {
1383 buf[2] = 0x04; /* Write cache enable, */
1384 /* Read cache not disabled */
1385 /* No cache retention priorities */
1386 put_be16(&buf[4], 0xffff); /* Don't disable prefetch */
1387 /* Minimum prefetch = 0 */
1388 put_be16(&buf[8], 0xffff); /* Maximum prefetch */
1389 /* Maximum prefetch ceiling */
1390 put_be16(&buf[10], 0xffff);
1398 /* Check that a valid page was requested and the mode data length
1399 * isn't too long. */
1401 if (!valid_page || len > limit) {
1402 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1406 /* Store the mode data length */
1407 if (mscmnd == SC_MODE_SENSE_6)
1410 put_be16(buf0, len - 2);
1414 static int do_start_stop(struct fsg_dev *fsg)
1416 struct lun *curlun = fsg->curlun;
1419 /* int immed = fsg->cmnd[1] & 0x01; */
1420 loej = fsg->cmnd[4] & 0x02;
1421 start = fsg->cmnd[4] & 0x01;
1424 /* eject request from the host */
1425 if (backing_file_is_open(curlun)) {
1426 close_backing_file(fsg, curlun);
1427 curlun->unit_attention_data = SS_MEDIUM_NOT_PRESENT;
1434 static int do_prevent_allow(struct fsg_dev *fsg)
1436 struct lun *curlun = fsg->curlun;
1439 prevent = fsg->cmnd[4] & 0x01;
1440 if ((fsg->cmnd[4] & ~0x01) != 0) { /* Mask away Prevent */
1441 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1445 if (curlun->prevent_medium_removal && !prevent)
1447 curlun->prevent_medium_removal = prevent;
1452 static int do_read_format_capacities(struct fsg_dev *fsg,
1453 struct fsg_buffhd *bh)
1455 struct lun *curlun = fsg->curlun;
1456 u8 *buf = (u8 *) bh->buf;
1458 buf[0] = buf[1] = buf[2] = 0;
1459 buf[3] = 8; /* Only the Current/Maximum Capacity Descriptor */
1462 put_be32(&buf[0], curlun->num_sectors); /* Number of blocks */
1463 put_be32(&buf[4], 512); /* Block length */
1464 buf[4] = 0x02; /* Current capacity */
1469 static int do_mode_select(struct fsg_dev *fsg, struct fsg_buffhd *bh)
1471 struct lun *curlun = fsg->curlun;
1473 /* We don't support MODE SELECT */
1474 curlun->sense_data = SS_INVALID_COMMAND;
1479 /*-------------------------------------------------------------------------*/
1481 static int write_zero(struct fsg_dev *fsg)
1483 struct fsg_buffhd *bh;
1486 DBG(fsg, "write_zero\n");
1487 /* Wait for the next buffer to become available */
1488 bh = fsg->next_buffhd_to_fill;
1489 while (bh->state != BUF_STATE_EMPTY) {
1490 rc = sleep_thread(fsg);
1495 bh->inreq->length = 0;
1496 start_transfer(fsg, fsg->bulk_in, bh->inreq,
1497 &bh->inreq_busy, &bh->state);
1499 fsg->next_buffhd_to_fill = bh->next;
1504 static int throw_away_data(struct fsg_dev *fsg)
1506 struct fsg_buffhd *bh;
1510 DBG(fsg, "throw_away_data\n");
1511 while ((bh = fsg->next_buffhd_to_drain)->state != BUF_STATE_EMPTY ||
1512 fsg->usb_amount_left > 0) {
1514 /* Throw away the data in a filled buffer */
1515 if (bh->state == BUF_STATE_FULL) {
1517 bh->state = BUF_STATE_EMPTY;
1518 fsg->next_buffhd_to_drain = bh->next;
1520 /* A short packet or an error ends everything */
1521 if (bh->outreq->actual != bh->outreq->length ||
1522 bh->outreq->status != 0) {
1523 raise_exception(fsg, FSG_STATE_ABORT_BULK_OUT);
1529 /* Try to submit another request if we need one */
1530 bh = fsg->next_buffhd_to_fill;
1531 if (bh->state == BUF_STATE_EMPTY && fsg->usb_amount_left > 0) {
1532 amount = min(fsg->usb_amount_left, (u32) fsg->buf_size);
1534 /* amount is always divisible by 512, hence by
1535 * the bulk-out maxpacket size */
1536 bh->outreq->length = bh->bulk_out_intended_length =
1538 start_transfer(fsg, fsg->bulk_out, bh->outreq,
1539 &bh->outreq_busy, &bh->state);
1540 fsg->next_buffhd_to_fill = bh->next;
1541 fsg->usb_amount_left -= amount;
1545 /* Otherwise wait for something to happen */
1546 rc = sleep_thread(fsg);
1554 static int finish_reply(struct fsg_dev *fsg)
1556 struct fsg_buffhd *bh = fsg->next_buffhd_to_fill;
1559 switch (fsg->data_dir) {
1561 break; /* Nothing to send */
1563 case DATA_DIR_UNKNOWN:
1567 /* All but the last buffer of data must have already been sent */
1568 case DATA_DIR_TO_HOST:
1569 if (fsg->data_size == 0)
1570 ; /* Nothing to send */
1572 /* If there's no residue, simply send the last buffer */
1573 else if (fsg->residue == 0) {
1574 start_transfer(fsg, fsg->bulk_in, bh->inreq,
1575 &bh->inreq_busy, &bh->state);
1576 fsg->next_buffhd_to_fill = bh->next;
1578 start_transfer(fsg, fsg->bulk_in, bh->inreq,
1579 &bh->inreq_busy, &bh->state);
1580 fsg->next_buffhd_to_fill = bh->next;
1582 /* this is unnecessary, and was causing problems with MacOS */
1583 if (bh->inreq->length > 0)
1589 /* We have processed all we want from the data the host has sent.
1590 * There may still be outstanding bulk-out requests. */
1591 case DATA_DIR_FROM_HOST:
1592 if (fsg->residue == 0)
1593 ; /* Nothing to receive */
1595 /* Did the host stop sending unexpectedly early? */
1596 else if (fsg->short_packet_received) {
1597 raise_exception(fsg, FSG_STATE_ABORT_BULK_OUT);
1601 /* We haven't processed all the incoming data. Even though
1602 * we may be allowed to stall, doing so would cause a race.
1603 * The controller may already have ACK'ed all the remaining
1604 * bulk-out packets, in which case the host wouldn't see a
1605 * STALL. Not realizing the endpoint was halted, it wouldn't
1606 * clear the halt -- leading to problems later on. */
1608 fsg_set_halt(fsg, fsg->bulk_out);
1609 raise_exception(fsg, FSG_STATE_ABORT_BULK_OUT);
1613 /* We can't stall. Read in the excess data and throw it
1616 rc = throw_away_data(fsg);
1623 static int send_status(struct fsg_dev *fsg)
1625 struct lun *curlun = fsg->curlun;
1626 struct fsg_buffhd *bh;
1628 u8 status = USB_STATUS_PASS;
1630 struct bulk_cs_wrap *csw;
1632 DBG(fsg, "send_status\n");
1633 /* Wait for the next buffer to become available */
1634 bh = fsg->next_buffhd_to_fill;
1635 while (bh->state != BUF_STATE_EMPTY) {
1636 rc = sleep_thread(fsg);
1642 sd = curlun->sense_data;
1643 sdinfo = curlun->sense_data_info;
1644 } else if (fsg->bad_lun_okay)
1647 sd = SS_LOGICAL_UNIT_NOT_SUPPORTED;
1649 if (fsg->phase_error) {
1650 DBG(fsg, "sending phase-error status\n");
1651 status = USB_STATUS_PHASE_ERROR;
1652 sd = SS_INVALID_COMMAND;
1653 } else if (sd != SS_NO_SENSE) {
1654 DBG(fsg, "sending command-failure status\n");
1655 status = USB_STATUS_FAIL;
1656 VDBG(fsg, " sense data: SK x%02x, ASC x%02x, ASCQ x%02x;"
1658 SK(sd), ASC(sd), ASCQ(sd), sdinfo);
1663 /* Store and send the Bulk-only CSW */
1664 csw->Signature = __constant_cpu_to_le32(USB_BULK_CS_SIG);
1665 csw->Tag = fsg->tag;
1666 csw->Residue = cpu_to_le32(fsg->residue);
1667 csw->Status = status;
1669 bh->inreq->length = USB_BULK_CS_WRAP_LEN;
1670 start_transfer(fsg, fsg->bulk_in, bh->inreq,
1671 &bh->inreq_busy, &bh->state);
1673 fsg->next_buffhd_to_fill = bh->next;
1678 /*-------------------------------------------------------------------------*/
1680 /* Check whether the command is properly formed and whether its data size
1681 * and direction agree with the values we already have. */
1682 static int check_command(struct fsg_dev *fsg, int cmnd_size,
1683 enum data_direction data_dir, unsigned int mask,
1684 int needs_medium, const char *name)
1687 int lun = fsg->cmnd[1] >> 5;
1688 static const char dirletter[4] = {'u', 'o', 'i', 'n'};
1693 if (fsg->data_dir != DATA_DIR_UNKNOWN)
1694 sprintf(hdlen, ", H%c=%u", dirletter[(int) fsg->data_dir],
1696 VDBG(fsg, "SCSI command: %s; Dc=%d, D%c=%u; Hc=%d%s\n",
1697 name, cmnd_size, dirletter[(int) data_dir],
1698 fsg->data_size_from_cmnd, fsg->cmnd_size, hdlen);
1700 /* We can't reply at all until we know the correct data direction
1702 if (fsg->data_size_from_cmnd == 0)
1703 data_dir = DATA_DIR_NONE;
1704 if (fsg->data_dir == DATA_DIR_UNKNOWN) { /* CB or CBI */
1705 fsg->data_dir = data_dir;
1706 fsg->data_size = fsg->data_size_from_cmnd;
1708 } else { /* Bulk-only */
1709 if (fsg->data_size < fsg->data_size_from_cmnd) {
1711 /* Host data size < Device data size is a phase error.
1712 * Carry out the command, but only transfer as much
1713 * as we are allowed. */
1714 DBG(fsg, "phase error 1\n");
1715 fsg->data_size_from_cmnd = fsg->data_size;
1716 fsg->phase_error = 1;
1719 fsg->residue = fsg->usb_amount_left = fsg->data_size;
1721 /* Conflicting data directions is a phase error */
1722 if (fsg->data_dir != data_dir && fsg->data_size_from_cmnd > 0) {
1723 fsg->phase_error = 1;
1724 DBG(fsg, "phase error 2\n");
1728 /* Verify the length of the command itself */
1729 if (cmnd_size != fsg->cmnd_size) {
1731 /* Special case workaround: MS-Windows issues REQUEST SENSE
1732 * with cbw->Length == 12 (it should be 6). */
1733 if (fsg->cmnd[0] == SC_REQUEST_SENSE && fsg->cmnd_size == 12)
1734 cmnd_size = fsg->cmnd_size;
1736 fsg->phase_error = 1;
1741 /* Check that the LUN values are consistent */
1742 if (fsg->lun != lun)
1743 DBG(fsg, "using LUN %d from CBW, "
1744 "not LUN %d from CDB\n",
1748 if (fsg->lun >= 0 && fsg->lun < fsg->nluns) {
1749 fsg->curlun = curlun = &fsg->luns[fsg->lun];
1750 if (fsg->cmnd[0] != SC_REQUEST_SENSE) {
1751 curlun->sense_data = SS_NO_SENSE;
1752 curlun->sense_data_info = 0;
1753 curlun->info_valid = 0;
1756 fsg->curlun = curlun = NULL;
1757 fsg->bad_lun_okay = 0;
1759 /* INQUIRY and REQUEST SENSE commands are explicitly allowed
1760 * to use unsupported LUNs; all others may not. */
1761 if (fsg->cmnd[0] != SC_INQUIRY &&
1762 fsg->cmnd[0] != SC_REQUEST_SENSE) {
1763 DBG(fsg, "unsupported LUN %d\n", fsg->lun);
1768 /* If a unit attention condition exists, only INQUIRY and
1769 * REQUEST SENSE commands are allowed; anything else must fail. */
1770 if (curlun && curlun->unit_attention_data != SS_NO_SENSE &&
1771 fsg->cmnd[0] != SC_INQUIRY &&
1772 fsg->cmnd[0] != SC_REQUEST_SENSE) {
1773 curlun->sense_data = curlun->unit_attention_data;
1774 curlun->unit_attention_data = SS_NO_SENSE;
1778 /* Check that only command bytes listed in the mask are non-zero */
1779 fsg->cmnd[1] &= 0x1f; /* Mask away the LUN */
1780 for (i = 1; i < cmnd_size; ++i) {
1781 if (fsg->cmnd[i] && !(mask & (1 << i))) {
1783 curlun->sense_data = SS_INVALID_FIELD_IN_CDB;
1784 DBG(fsg, "SS_INVALID_FIELD_IN_CDB\n");
1789 /* If the medium isn't mounted and the command needs to access
1790 * it, return an error. */
1791 if (curlun && !backing_file_is_open(curlun) && needs_medium) {
1792 curlun->sense_data = SS_MEDIUM_NOT_PRESENT;
1793 DBG(fsg, "SS_MEDIUM_NOT_PRESENT\n");
1801 static int do_scsi_command(struct fsg_dev *fsg)
1803 struct fsg_buffhd *bh;
1805 int reply = -EINVAL;
1807 static char unknown[16];
1811 /* Wait for the next buffer to become available for data or status */
1812 bh = fsg->next_buffhd_to_drain = fsg->next_buffhd_to_fill;
1813 while (bh->state != BUF_STATE_EMPTY) {
1814 rc = sleep_thread(fsg);
1818 fsg->phase_error = 0;
1819 fsg->short_packet_received = 0;
1821 down_read(&fsg->filesem); /* We're using the backing file */
1822 switch (fsg->cmnd[0]) {
1825 fsg->data_size_from_cmnd = fsg->cmnd[4];
1826 if ((reply = check_command(fsg, 6, DATA_DIR_TO_HOST,
1829 reply = do_inquiry(fsg, bh);
1832 case SC_MODE_SELECT_6:
1833 fsg->data_size_from_cmnd = fsg->cmnd[4];
1834 if ((reply = check_command(fsg, 6, DATA_DIR_FROM_HOST,
1836 "MODE SELECT(6)")) == 0)
1837 reply = do_mode_select(fsg, bh);
1840 case SC_MODE_SELECT_10:
1841 fsg->data_size_from_cmnd = get_be16(&fsg->cmnd[7]);
1842 if ((reply = check_command(fsg, 10, DATA_DIR_FROM_HOST,
1844 "MODE SELECT(10)")) == 0)
1845 reply = do_mode_select(fsg, bh);
1848 case SC_MODE_SENSE_6:
1849 fsg->data_size_from_cmnd = fsg->cmnd[4];
1850 if ((reply = check_command(fsg, 6, DATA_DIR_TO_HOST,
1851 (1<<1) | (1<<2) | (1<<4), 0,
1852 "MODE SENSE(6)")) == 0)
1853 reply = do_mode_sense(fsg, bh);
1856 case SC_MODE_SENSE_10:
1857 fsg->data_size_from_cmnd = get_be16(&fsg->cmnd[7]);
1858 if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST,
1859 (1<<1) | (1<<2) | (3<<7), 0,
1860 "MODE SENSE(10)")) == 0)
1861 reply = do_mode_sense(fsg, bh);
1864 case SC_PREVENT_ALLOW_MEDIUM_REMOVAL:
1865 fsg->data_size_from_cmnd = 0;
1866 if ((reply = check_command(fsg, 6, DATA_DIR_NONE,
1868 "PREVENT-ALLOW MEDIUM REMOVAL")) == 0)
1869 reply = do_prevent_allow(fsg);
1874 fsg->data_size_from_cmnd = (i == 0 ? 256 : i) << 9;
1875 if ((reply = check_command(fsg, 6, DATA_DIR_TO_HOST,
1878 reply = do_read(fsg);
1882 fsg->data_size_from_cmnd = get_be16(&fsg->cmnd[7]) << 9;
1883 if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST,
1884 (1<<1) | (0xf<<2) | (3<<7), 1,
1886 reply = do_read(fsg);
1890 fsg->data_size_from_cmnd = get_be32(&fsg->cmnd[6]) << 9;
1891 if ((reply = check_command(fsg, 12, DATA_DIR_TO_HOST,
1892 (1<<1) | (0xf<<2) | (0xf<<6), 1,
1894 reply = do_read(fsg);
1897 case SC_READ_CAPACITY:
1898 fsg->data_size_from_cmnd = 8;
1899 if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST,
1900 (0xf<<2) | (1<<8), 1,
1901 "READ CAPACITY")) == 0)
1902 reply = do_read_capacity(fsg, bh);
1905 case SC_READ_FORMAT_CAPACITIES:
1906 fsg->data_size_from_cmnd = get_be16(&fsg->cmnd[7]);
1907 if ((reply = check_command(fsg, 10, DATA_DIR_TO_HOST,
1909 "READ FORMAT CAPACITIES")) == 0)
1910 reply = do_read_format_capacities(fsg, bh);
1913 case SC_REQUEST_SENSE:
1914 fsg->data_size_from_cmnd = fsg->cmnd[4];
1915 if ((reply = check_command(fsg, 6, DATA_DIR_TO_HOST,
1917 "REQUEST SENSE")) == 0)
1918 reply = do_request_sense(fsg, bh);
1921 case SC_START_STOP_UNIT:
1922 fsg->data_size_from_cmnd = 0;
1923 if ((reply = check_command(fsg, 6, DATA_DIR_NONE,
1925 "START-STOP UNIT")) == 0)
1926 reply = do_start_stop(fsg);
1929 case SC_SYNCHRONIZE_CACHE:
1930 fsg->data_size_from_cmnd = 0;
1931 if ((reply = check_command(fsg, 10, DATA_DIR_NONE,
1932 (0xf<<2) | (3<<7), 1,
1933 "SYNCHRONIZE CACHE")) == 0)
1934 reply = do_synchronize_cache(fsg);
1937 case SC_TEST_UNIT_READY:
1938 fsg->data_size_from_cmnd = 0;
1939 reply = check_command(fsg, 6, DATA_DIR_NONE,
1944 /* Although optional, this command is used by MS-Windows. We
1945 * support a minimal version: BytChk must be 0. */
1947 fsg->data_size_from_cmnd = 0;
1948 if ((reply = check_command(fsg, 10, DATA_DIR_NONE,
1949 (1<<1) | (0xf<<2) | (3<<7), 1,
1951 reply = do_verify(fsg);
1956 fsg->data_size_from_cmnd = (i == 0 ? 256 : i) << 9;
1957 if ((reply = check_command(fsg, 6, DATA_DIR_FROM_HOST,
1960 reply = do_write(fsg);
1964 fsg->data_size_from_cmnd = get_be16(&fsg->cmnd[7]) << 9;
1965 if ((reply = check_command(fsg, 10, DATA_DIR_FROM_HOST,
1966 (1<<1) | (0xf<<2) | (3<<7), 1,
1968 reply = do_write(fsg);
1972 fsg->data_size_from_cmnd = get_be32(&fsg->cmnd[6]) << 9;
1973 if ((reply = check_command(fsg, 12, DATA_DIR_FROM_HOST,
1974 (1<<1) | (0xf<<2) | (0xf<<6), 1,
1976 reply = do_write(fsg);
1979 /* Some mandatory commands that we recognize but don't implement.
1980 * They don't mean much in this setting. It's left as an exercise
1981 * for anyone interested to implement RESERVE and RELEASE in terms
1982 * of Posix locks. */
1983 case SC_FORMAT_UNIT:
1986 case SC_SEND_DIAGNOSTIC:
1990 fsg->data_size_from_cmnd = 0;
1991 sprintf(unknown, "Unknown x%02x", fsg->cmnd[0]);
1992 if ((reply = check_command(fsg, fsg->cmnd_size,
1993 DATA_DIR_UNKNOWN, 0xff, 0, unknown)) == 0) {
1994 fsg->curlun->sense_data = SS_INVALID_COMMAND;
1999 up_read(&fsg->filesem);
2001 VDBG(fsg, "reply: %d, fsg->data_size_from_cmnd: %d\n",
2002 reply, fsg->data_size_from_cmnd);
2003 if (reply == -EINTR || signal_pending(current))
2006 /* Set up the single reply buffer for finish_reply() */
2007 if (reply == -EINVAL)
2008 reply = 0; /* Error reply length */
2009 if (reply >= 0 && fsg->data_dir == DATA_DIR_TO_HOST) {
2010 reply = min((u32) reply, fsg->data_size_from_cmnd);
2011 bh->inreq->length = reply;
2012 bh->state = BUF_STATE_FULL;
2013 fsg->residue -= reply;
2014 } /* Otherwise it's already set */
2020 /*-------------------------------------------------------------------------*/
2022 static int received_cbw(struct fsg_dev *fsg, struct fsg_buffhd *bh)
2024 struct usb_request *req = bh->outreq;
2025 struct bulk_cb_wrap *cbw = req->buf;
2027 /* Was this a real packet? */
2031 /* Is the CBW valid? */
2032 if (req->actual != USB_BULK_CB_WRAP_LEN ||
2033 cbw->Signature != __constant_cpu_to_le32(
2035 DBG(fsg, "invalid CBW: len %u sig 0x%x\n",
2037 le32_to_cpu(cbw->Signature));
2041 /* Is the CBW meaningful? */
2042 if (cbw->Lun >= MAX_LUNS || cbw->Flags & ~USB_BULK_IN_FLAG ||
2043 cbw->Length <= 0 || cbw->Length > MAX_COMMAND_SIZE) {
2044 DBG(fsg, "non-meaningful CBW: lun = %u, flags = 0x%x, "
2046 cbw->Lun, cbw->Flags, cbw->Length);
2050 /* Save the command for later */
2051 fsg->cmnd_size = cbw->Length;
2052 memcpy(fsg->cmnd, cbw->CDB, fsg->cmnd_size);
2053 if (cbw->Flags & USB_BULK_IN_FLAG)
2054 fsg->data_dir = DATA_DIR_TO_HOST;
2056 fsg->data_dir = DATA_DIR_FROM_HOST;
2057 fsg->data_size = le32_to_cpu(cbw->DataTransferLength);
2058 if (fsg->data_size == 0)
2059 fsg->data_dir = DATA_DIR_NONE;
2060 fsg->lun = cbw->Lun;
2061 fsg->tag = cbw->Tag;
2066 static int get_next_command(struct fsg_dev *fsg)
2068 struct fsg_buffhd *bh;
2071 /* Wait for the next buffer to become available */
2072 bh = fsg->next_buffhd_to_fill;
2073 while (bh->state != BUF_STATE_EMPTY) {
2074 rc = sleep_thread(fsg);
2076 usb_ep_dequeue(fsg->bulk_out, bh->outreq);
2077 bh->outreq_busy = 0;
2078 bh->state = BUF_STATE_EMPTY;
2083 /* Queue a request to read a Bulk-only CBW */
2084 set_bulk_out_req_length(fsg, bh, USB_BULK_CB_WRAP_LEN);
2085 start_transfer(fsg, fsg->bulk_out, bh->outreq,
2086 &bh->outreq_busy, &bh->state);
2088 /* We will drain the buffer in software, which means we
2089 * can reuse it for the next filling. No need to advance
2090 * next_buffhd_to_fill. */
2092 /* Wait for the CBW to arrive */
2093 while (bh->state != BUF_STATE_FULL) {
2094 rc = sleep_thread(fsg);
2096 usb_ep_dequeue(fsg->bulk_out, bh->outreq);
2097 bh->outreq_busy = 0;
2098 bh->state = BUF_STATE_EMPTY;
2103 rc = received_cbw(fsg, bh);
2104 bh->state = BUF_STATE_EMPTY;
2110 /*-------------------------------------------------------------------------*/
2112 static int enable_endpoint(struct fsg_dev *fsg, struct usb_ep *ep,
2113 const struct usb_endpoint_descriptor *d)
2117 DBG(fsg, "usb_ep_enable %s\n", ep->name);
2118 ep->driver_data = fsg;
2119 rc = usb_ep_enable(ep, d);
2121 ERROR(fsg, "can't enable %s, result %d\n", ep->name, rc);
2125 static int alloc_request(struct fsg_dev *fsg, struct usb_ep *ep,
2126 struct usb_request **preq)
2128 *preq = usb_ep_alloc_request(ep, GFP_ATOMIC);
2131 ERROR(fsg, "can't allocate request for %s\n", ep->name);
2136 * Reset interface setting and re-init endpoint state (toggle etc).
2137 * Call with altsetting < 0 to disable the interface. The only other
2138 * available altsetting is 0, which enables the interface.
2140 static int do_set_interface(struct fsg_dev *fsg, int altsetting)
2142 struct usb_composite_dev *cdev = fsg->cdev;
2145 const struct usb_endpoint_descriptor *d;
2148 DBG(fsg, "reset interface\n");
2150 /* Disable the endpoints */
2151 if (fsg->bulk_in_enabled) {
2152 DBG(fsg, "usb_ep_disable %s\n", fsg->bulk_in->name);
2153 usb_ep_disable(fsg->bulk_in);
2154 fsg->bulk_in_enabled = 0;
2156 if (fsg->bulk_out_enabled) {
2157 DBG(fsg, "usb_ep_disable %s\n", fsg->bulk_out->name);
2158 usb_ep_disable(fsg->bulk_out);
2159 fsg->bulk_out_enabled = 0;
2162 /* Deallocate the requests */
2163 for (i = 0; i < NUM_BUFFERS; ++i) {
2164 struct fsg_buffhd *bh = &fsg->buffhds[i];
2166 usb_ep_free_request(fsg->bulk_in, bh->inreq);
2170 usb_ep_free_request(fsg->bulk_out, bh->outreq);
2177 if (altsetting < 0 || rc != 0)
2180 DBG(fsg, "set interface %d\n", altsetting);
2182 /* Enable the endpoints */
2183 d = ep_desc(cdev->gadget, &fs_bulk_in_desc, &hs_bulk_in_desc);
2184 if ((rc = enable_endpoint(fsg, fsg->bulk_in, d)) != 0)
2186 fsg->bulk_in_enabled = 1;
2188 d = ep_desc(cdev->gadget, &fs_bulk_out_desc, &hs_bulk_out_desc);
2189 if ((rc = enable_endpoint(fsg, fsg->bulk_out, d)) != 0)
2191 fsg->bulk_out_enabled = 1;
2192 fsg->bulk_out_maxpacket = le16_to_cpu(d->wMaxPacketSize);
2194 /* Allocate the requests */
2195 for (i = 0; i < NUM_BUFFERS; ++i) {
2196 struct fsg_buffhd *bh = &fsg->buffhds[i];
2198 rc = alloc_request(fsg, fsg->bulk_in, &bh->inreq);
2201 rc = alloc_request(fsg, fsg->bulk_out, &bh->outreq);
2204 bh->inreq->buf = bh->outreq->buf = bh->buf;
2205 bh->inreq->context = bh->outreq->context = bh;
2206 bh->inreq->complete = bulk_in_complete;
2207 bh->outreq->complete = bulk_out_complete;
2211 for (i = 0; i < fsg->nluns; ++i)
2212 fsg->luns[i].unit_attention_data = SS_RESET_OCCURRED;
2217 static void adjust_wake_lock(struct fsg_dev *fsg)
2222 spin_lock_irq(&fsg->lock);
2225 for (i = 0; i < fsg->nluns; ++i) {
2226 if (backing_file_is_open(&fsg->luns[i]))
2232 wake_lock(&fsg->wake_lock);
2234 wake_unlock(&fsg->wake_lock);
2236 spin_unlock_irq(&fsg->lock);
2240 * Change our operational configuration. This code must agree with the code
2241 * that returns config descriptors, and with interface altsetting code.
2243 * It's also responsible for power management interactions. Some
2244 * configurations might not work with our current power sources.
2245 * For now we just assume the gadget is always self-powered.
2247 static int do_set_config(struct fsg_dev *fsg, u8 new_config)
2251 if (new_config == fsg->config)
2254 /* Disable the single interface */
2255 if (fsg->config != 0) {
2256 DBG(fsg, "reset config\n");
2260 /* Enable the interface */
2261 if (new_config != 0)
2262 fsg->config = new_config;
2264 switch_set_state(&fsg->sdev, new_config);
2265 adjust_wake_lock(fsg);
2270 /*-------------------------------------------------------------------------*/
2272 static void handle_exception(struct fsg_dev *fsg)
2277 struct fsg_buffhd *bh;
2278 enum fsg_state old_state;
2283 DBG(fsg, "handle_exception state: %d\n", (int)fsg->state);
2284 /* Clear the existing signals. Anything but SIGUSR1 is converted
2285 * into a high-priority EXIT exception. */
2287 sig = dequeue_signal_lock(current, ¤t->blocked, &info);
2290 if (sig != SIGUSR1) {
2291 if (fsg->state < FSG_STATE_EXIT)
2292 DBG(fsg, "Main thread exiting on signal\n");
2293 raise_exception(fsg, FSG_STATE_EXIT);
2298 * Do NOT flush the fifo after set_interface()
2299 * Otherwise, it results in some data being lost
2301 if ((fsg->state != FSG_STATE_CONFIG_CHANGE) ||
2302 (fsg->new_config != 1)) {
2303 /* Clear out the controller's fifos */
2304 if (fsg->bulk_in_enabled)
2305 usb_ep_fifo_flush(fsg->bulk_in);
2306 if (fsg->bulk_out_enabled)
2307 usb_ep_fifo_flush(fsg->bulk_out);
2309 /* Reset the I/O buffer states and pointers, the SCSI
2310 * state, and the exception. Then invoke the handler. */
2311 spin_lock_irq(&fsg->lock);
2313 for (i = 0; i < NUM_BUFFERS; ++i) {
2314 bh = &fsg->buffhds[i];
2315 bh->state = BUF_STATE_EMPTY;
2317 fsg->next_buffhd_to_fill = fsg->next_buffhd_to_drain =
2320 new_config = fsg->new_config;
2321 old_state = fsg->state;
2323 if (old_state == FSG_STATE_ABORT_BULK_OUT)
2324 fsg->state = FSG_STATE_STATUS_PHASE;
2326 for (i = 0; i < fsg->nluns; ++i) {
2327 curlun = &fsg->luns[i];
2328 curlun->prevent_medium_removal = 0;
2329 curlun->sense_data = curlun->unit_attention_data =
2331 curlun->sense_data_info = 0;
2332 curlun->info_valid = 0;
2334 fsg->state = FSG_STATE_IDLE;
2336 spin_unlock_irq(&fsg->lock);
2338 /* Carry out any extra actions required for the exception */
2339 switch (old_state) {
2343 case FSG_STATE_ABORT_BULK_OUT:
2344 DBG(fsg, "FSG_STATE_ABORT_BULK_OUT\n");
2345 spin_lock_irq(&fsg->lock);
2346 if (fsg->state == FSG_STATE_STATUS_PHASE)
2347 fsg->state = FSG_STATE_IDLE;
2348 spin_unlock_irq(&fsg->lock);
2351 case FSG_STATE_RESET:
2352 /* really not much to do here */
2355 case FSG_STATE_CONFIG_CHANGE:
2356 rc = do_set_config(fsg, new_config);
2357 if (new_config == 0) {
2358 /* We're using the backing file */
2359 down_read(&fsg->filesem);
2361 up_read(&fsg->filesem);
2365 case FSG_STATE_EXIT:
2366 case FSG_STATE_TERMINATED:
2368 fsg->new_config = 0;
2369 do_set_interface(fsg, -1);
2371 do_set_config(fsg, 0); /* Free resources */
2372 spin_lock_irq(&fsg->lock);
2373 fsg->state = FSG_STATE_TERMINATED; /* Stop the thread */
2374 spin_unlock_irq(&fsg->lock);
2380 /*-------------------------------------------------------------------------*/
2382 static int fsg_main_thread(void *fsg_)
2384 struct fsg_dev *fsg = fsg_;
2386 /* Allow the thread to be killed by a signal, but set the signal mask
2387 * to block everything but INT, TERM, KILL, and USR1. */
2388 allow_signal(SIGINT);
2389 allow_signal(SIGTERM);
2390 allow_signal(SIGKILL);
2391 allow_signal(SIGUSR1);
2393 /* Allow the thread to be frozen */
2396 /* Arrange for userspace references to be interpreted as kernel
2397 * pointers. That way we can pass a kernel pointer to a routine
2398 * that expects a __user pointer and it will work okay. */
2402 while (fsg->state != FSG_STATE_TERMINATED) {
2403 if (exception_in_progress(fsg) || signal_pending(current)) {
2404 handle_exception(fsg);
2408 if (!fsg->running) {
2413 if (get_next_command(fsg))
2416 spin_lock_irq(&fsg->lock);
2417 if (!exception_in_progress(fsg))
2418 fsg->state = FSG_STATE_DATA_PHASE;
2419 spin_unlock_irq(&fsg->lock);
2421 if (do_scsi_command(fsg) || finish_reply(fsg))
2424 spin_lock_irq(&fsg->lock);
2425 if (!exception_in_progress(fsg))
2426 fsg->state = FSG_STATE_STATUS_PHASE;
2427 spin_unlock_irq(&fsg->lock);
2429 if (send_status(fsg))
2432 spin_lock_irq(&fsg->lock);
2433 if (!exception_in_progress(fsg))
2434 fsg->state = FSG_STATE_IDLE;
2435 spin_unlock_irq(&fsg->lock);
2438 spin_lock_irq(&fsg->lock);
2439 fsg->thread_task = NULL;
2440 spin_unlock_irq(&fsg->lock);
2442 /* In case we are exiting because of a signal, unregister the
2443 * gadget driver and close the backing file. */
2444 if (test_and_clear_bit(REGISTERED, &fsg->atomic_bitflags))
2445 close_all_backing_files(fsg);
2447 /* Let the unbind and cleanup routines know the thread has exited */
2448 complete_and_exit(&fsg->thread_notifier, 0);
2452 /*-------------------------------------------------------------------------*/
2454 /* If the next two routines are called while the gadget is registered,
2455 * the caller must own fsg->filesem for writing. */
2457 static int open_backing_file(struct fsg_dev *fsg, struct lun *curlun,
2458 const char *filename)
2461 struct file *filp = NULL;
2463 struct inode *inode = NULL;
2467 /* R/W if we can, R/O if we must */
2470 filp = filp_open(filename, O_RDWR | O_LARGEFILE, 0);
2471 if (-EROFS == PTR_ERR(filp))
2475 filp = filp_open(filename, O_RDONLY | O_LARGEFILE, 0);
2477 LINFO(curlun, "unable to open backing file: %s\n", filename);
2478 return PTR_ERR(filp);
2481 if (!(filp->f_mode & FMODE_WRITE))
2484 if (filp->f_path.dentry)
2485 inode = filp->f_path.dentry->d_inode;
2486 if (inode && S_ISBLK(inode->i_mode)) {
2487 if (bdev_read_only(inode->i_bdev))
2489 } else if (!inode || !S_ISREG(inode->i_mode)) {
2490 LINFO(curlun, "invalid file type: %s\n", filename);
2494 /* If we can't read the file, it's no good.
2495 * If we can't write the file, use it read-only. */
2496 if (!filp->f_op || !(filp->f_op->read || filp->f_op->aio_read)) {
2497 LINFO(curlun, "file not readable: %s\n", filename);
2500 if (!(filp->f_op->write || filp->f_op->aio_write))
2503 size = i_size_read(inode->i_mapping->host);
2505 LINFO(curlun, "unable to find file size: %s\n", filename);
2509 num_sectors = size >> 9; /* File size in 512-byte sectors */
2510 if (num_sectors == 0) {
2511 LINFO(curlun, "file too small: %s\n", filename);
2518 curlun->filp = filp;
2519 curlun->file_length = size;
2520 curlun->num_sectors = num_sectors;
2521 LDBG(curlun, "open backing file: %s size: %lld num_sectors: %lld\n",
2522 filename, size, num_sectors);
2524 adjust_wake_lock(fsg);
2527 filp_close(filp, current->files);
2532 static void close_backing_file(struct fsg_dev *fsg, struct lun *curlun)
2538 * XXX: San: Ugly hack here added to ensure that
2539 * our pages get synced to disk.
2540 * Also drop caches here just to be extra-safe
2542 rc = vfs_fsync(curlun->filp, curlun->filp->f_path.dentry, 1);
2544 printk(KERN_ERR "ums: Error syncing data (%d)\n", rc);
2545 /* drop_pagecache and drop_slab are no longer available */
2546 /* drop_pagecache(); */
2549 LDBG(curlun, "close backing file\n");
2551 curlun->filp = NULL;
2552 adjust_wake_lock(fsg);
2556 static void close_all_backing_files(struct fsg_dev *fsg)
2560 for (i = 0; i < fsg->nluns; ++i)
2561 close_backing_file(fsg, &fsg->luns[i]);
2564 static ssize_t show_file(struct device *dev, struct device_attribute *attr,
2567 struct lun *curlun = dev_to_lun(dev);
2568 struct fsg_dev *fsg = dev_get_drvdata(dev);
2572 down_read(&fsg->filesem);
2573 if (backing_file_is_open(curlun)) { /* Get the complete pathname */
2574 p = d_path(&curlun->filp->f_path, buf, PAGE_SIZE - 1);
2579 memmove(buf, p, rc);
2580 buf[rc] = '\n'; /* Add a newline */
2583 } else { /* No file, return 0 bytes */
2587 up_read(&fsg->filesem);
2591 static ssize_t store_file(struct device *dev, struct device_attribute *attr,
2592 const char *buf, size_t count)
2594 struct lun *curlun = dev_to_lun(dev);
2595 struct fsg_dev *fsg = dev_get_drvdata(dev);
2598 DBG(fsg, "store_file: \"%s\"\n", buf);
2600 /* disabled because we need to allow closing the backing file if the media was removed */
2601 if (curlun->prevent_medium_removal && backing_file_is_open(curlun)) {
2602 LDBG(curlun, "eject attempt prevented\n");
2603 return -EBUSY; /* "Door is locked" */
2607 /* Remove a trailing newline */
2608 if (count > 0 && buf[count-1] == '\n')
2609 ((char *) buf)[count-1] = 0;
2611 /* Eject current medium */
2612 down_write(&fsg->filesem);
2613 if (backing_file_is_open(curlun)) {
2614 close_backing_file(fsg, curlun);
2615 curlun->unit_attention_data = SS_MEDIUM_NOT_PRESENT;
2618 /* Load new medium */
2619 if (count > 0 && buf[0]) {
2620 rc = open_backing_file(fsg, curlun, buf);
2622 curlun->unit_attention_data =
2623 SS_NOT_READY_TO_READY_TRANSITION;
2625 up_write(&fsg->filesem);
2626 return (rc < 0 ? rc : count);
2630 static DEVICE_ATTR(file, 0444, show_file, store_file);
2632 /*-------------------------------------------------------------------------*/
2634 static void fsg_release(struct kref *ref)
2636 struct fsg_dev *fsg = container_of(ref, struct fsg_dev, ref);
2642 static void lun_release(struct device *dev)
2644 struct fsg_dev *fsg = dev_get_drvdata(dev);
2646 kref_put(&fsg->ref, fsg_release);
2650 /*-------------------------------------------------------------------------*/
2652 static int __init fsg_alloc(void)
2654 struct fsg_dev *fsg;
2656 fsg = kzalloc(sizeof *fsg, GFP_KERNEL);
2659 spin_lock_init(&fsg->lock);
2660 init_rwsem(&fsg->filesem);
2661 kref_init(&fsg->ref);
2662 init_completion(&fsg->thread_notifier);
2668 static ssize_t print_switch_name(struct switch_dev *sdev, char *buf)
2670 return sprintf(buf, "%s\n", DRIVER_NAME);
2673 static ssize_t print_switch_state(struct switch_dev *sdev, char *buf)
2675 struct fsg_dev *fsg = container_of(sdev, struct fsg_dev, sdev);
2676 return sprintf(buf, "%s\n", (fsg->config ? "online" : "offline"));
2680 fsg_function_unbind(struct usb_configuration *c, struct usb_function *f)
2682 struct fsg_dev *fsg = func_to_dev(f);
2686 DBG(fsg, "fsg_function_unbind\n");
2687 clear_bit(REGISTERED, &fsg->atomic_bitflags);
2689 /* Unregister the sysfs attribute files and the LUNs */
2690 for (i = 0; i < fsg->nluns; ++i) {
2691 curlun = &fsg->luns[i];
2692 if (curlun->registered) {
2693 device_remove_file(&curlun->dev, &dev_attr_file);
2694 device_unregister(&curlun->dev);
2695 curlun->registered = 0;
2699 /* If the thread isn't already dead, tell it to exit now */
2700 if (fsg->state != FSG_STATE_TERMINATED) {
2701 raise_exception(fsg, FSG_STATE_EXIT);
2702 wait_for_completion(&fsg->thread_notifier);
2704 /* The cleanup routine waits for this completion also */
2705 complete(&fsg->thread_notifier);
2708 /* Free the data buffers */
2709 for (i = 0; i < NUM_BUFFERS; ++i)
2710 kfree(fsg->buffhds[i].buf);
2711 switch_dev_unregister(&fsg->sdev);
2715 fsg_function_bind(struct usb_configuration *c, struct usb_function *f)
2717 struct usb_composite_dev *cdev = c->cdev;
2718 struct fsg_dev *fsg = func_to_dev(f);
2727 DBG(fsg, "fsg_function_bind\n");
2729 dev_attr_file.attr.mode = 0644;
2731 /* Find out how many LUNs there should be */
2736 ERROR(fsg, "invalid number of LUNs: %d\n", i);
2741 /* Create the LUNs, open their backing files, and register the
2742 * LUN devices in sysfs. */
2743 fsg->luns = kzalloc(i * sizeof(struct lun), GFP_KERNEL);
2750 for (i = 0; i < fsg->nluns; ++i) {
2751 curlun = &fsg->luns[i];
2753 curlun->dev.release = lun_release;
2754 /* use "usb_mass_storage" platform device as parent if available */
2756 curlun->dev.parent = &fsg->pdev->dev;
2758 curlun->dev.parent = &cdev->gadget->dev;
2759 dev_set_drvdata(&curlun->dev, fsg);
2760 snprintf(curlun->dev.bus_id, BUS_ID_SIZE,
2763 rc = device_register(&curlun->dev);
2765 INFO(fsg, "failed to register LUN%d: %d\n", i, rc);
2768 rc = device_create_file(&curlun->dev, &dev_attr_file);
2770 ERROR(fsg, "device_create_file failed: %d\n", rc);
2771 device_unregister(&curlun->dev);
2774 curlun->registered = 1;
2775 kref_get(&fsg->ref);
2778 /* allocate interface ID(s) */
2779 id = usb_interface_id(c, f);
2782 intf_desc.bInterfaceNumber = id;
2784 ep = usb_ep_autoconfig(cdev->gadget, &fs_bulk_in_desc);
2787 ep->driver_data = fsg; /* claim the endpoint */
2790 ep = usb_ep_autoconfig(cdev->gadget, &fs_bulk_out_desc);
2793 ep->driver_data = fsg; /* claim the endpoint */
2798 if (gadget_is_dualspeed(cdev->gadget)) {
2799 /* Assume endpoint addresses are the same for both speeds */
2800 hs_bulk_in_desc.bEndpointAddress =
2801 fs_bulk_in_desc.bEndpointAddress;
2802 hs_bulk_out_desc.bEndpointAddress =
2803 fs_bulk_out_desc.bEndpointAddress;
2805 f->hs_descriptors = hs_function;
2808 /* Allocate the data buffers */
2809 for (i = 0; i < NUM_BUFFERS; ++i) {
2810 struct fsg_buffhd *bh = &fsg->buffhds[i];
2812 /* Allocate for the bulk-in endpoint. We assume that
2813 * the buffer will also work with the bulk-out (and
2814 * interrupt-in) endpoint. */
2815 bh->buf = kmalloc(fsg->buf_size, GFP_KERNEL);
2820 fsg->buffhds[NUM_BUFFERS - 1].next = &fsg->buffhds[0];
2822 fsg->thread_task = kthread_create(fsg_main_thread, fsg,
2824 if (IS_ERR(fsg->thread_task)) {
2825 rc = PTR_ERR(fsg->thread_task);
2826 ERROR(fsg, "kthread_create failed: %d\n", rc);
2830 INFO(fsg, "Number of LUNs=%d\n", fsg->nluns);
2832 pathbuf = kmalloc(PATH_MAX, GFP_KERNEL);
2833 for (i = 0; i < fsg->nluns; ++i) {
2834 curlun = &fsg->luns[i];
2835 if (backing_file_is_open(curlun)) {
2838 p = d_path(&curlun->filp->f_path,
2843 LINFO(curlun, "ro=%d, file: %s\n",
2844 curlun->ro, (p ? p : "(error)"));
2849 set_bit(REGISTERED, &fsg->atomic_bitflags);
2851 /* Tell the thread to start working */
2852 wake_up_process(fsg->thread_task);
2856 ERROR(fsg, "unable to autoconfigure all endpoints\n");
2860 DBG(fsg, "fsg_function_bind failed: %d\n", rc);
2861 fsg->state = FSG_STATE_TERMINATED; /* The thread is dead */
2862 fsg_function_unbind(c, f);
2863 close_all_backing_files(fsg);
2867 static int fsg_function_set_alt(struct usb_function *f,
2868 unsigned intf, unsigned alt)
2870 struct fsg_dev *fsg = func_to_dev(f);
2871 DBG(fsg, "fsg_function_set_alt intf: %d alt: %d\n", intf, alt);
2872 fsg->new_config = 1;
2873 do_set_interface(fsg, 0);
2874 raise_exception(fsg, FSG_STATE_CONFIG_CHANGE);
2878 static void fsg_function_disable(struct usb_function *f)
2880 struct fsg_dev *fsg = func_to_dev(f);
2881 DBG(fsg, "fsg_function_disable\n");
2882 if (fsg->new_config)
2883 do_set_interface(fsg, -1);
2884 fsg->new_config = 0;
2885 raise_exception(fsg, FSG_STATE_CONFIG_CHANGE);
2888 static int __init fsg_probe(struct platform_device *pdev)
2890 struct usb_mass_storage_platform_data *pdata = pdev->dev.platform_data;
2891 struct fsg_dev *fsg = the_fsg;
2894 printk(KERN_INFO "fsg_probe pdata: %p\n", pdata);
2898 fsg->vendor = pdata->vendor;
2901 fsg->product = pdata->product;
2904 fsg->release = pdata->release;
2910 static struct platform_driver fsg_platform_driver = {
2911 .driver = { .name = "usb_mass_storage", },
2915 int __init mass_storage_function_add(struct usb_composite_dev *cdev,
2916 struct usb_configuration *c, int nluns)
2919 struct fsg_dev *fsg;
2921 printk(KERN_INFO "mass_storage_function_add\n");
2928 spin_lock_init(&fsg->lock);
2929 init_rwsem(&fsg->filesem);
2930 kref_init(&fsg->ref);
2931 init_completion(&fsg->thread_notifier);
2933 the_fsg->buf_size = BULK_BUFFER_SIZE;
2934 the_fsg->sdev.name = DRIVER_NAME;
2935 the_fsg->sdev.print_name = print_switch_name;
2936 the_fsg->sdev.print_state = print_switch_state;
2937 rc = switch_dev_register(&the_fsg->sdev);
2939 goto err_switch_dev_register;
2941 rc = platform_driver_register(&fsg_platform_driver);
2943 goto err_platform_driver_register;
2945 wake_lock_init(&the_fsg->wake_lock, WAKE_LOCK_SUSPEND,
2946 "usb_mass_storage");
2949 fsg->function.name = shortname;
2950 fsg->function.descriptors = fs_function;
2951 fsg->function.bind = fsg_function_bind;
2952 fsg->function.unbind = fsg_function_unbind;
2953 fsg->function.setup = fsg_function_setup;
2954 fsg->function.set_alt = fsg_function_set_alt;
2955 fsg->function.disable = fsg_function_disable;
2957 rc = usb_add_function(c, &fsg->function);
2959 goto err_usb_add_function;
2964 err_usb_add_function:
2965 platform_driver_unregister(&fsg_platform_driver);
2966 err_platform_driver_register:
2967 switch_dev_unregister(&the_fsg->sdev);
2968 err_switch_dev_register:
2969 kref_put(&the_fsg->ref, fsg_release);