Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / 7aea3853329a1af39519b5e22e06baba7fdfa1bd / . / drivers / usb / gadget / f_mtp.c
blob: 910dd11271810fc4611236f648039ab9215714e3 [file] [log] [blame]
Mike Lockwoodba83b012010-04-16 10:39:22 -0400[diff] [blame]1/*
2 * Gadget Function Driver for MTP
3 *
4 * Copyright (C) 2010 Google, Inc.
5 * Author: Mike Lockwood <lockwood@android.com>
6 *
7 * This software is licensed under the terms of the GNU General Public
8 * License version 2, as published by the Free Software Foundation, and
9 * may be copied, distributed, and modified under those terms.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 */
17
18/* #define DEBUG */
19/* #define VERBOSE_DEBUG */
20
21#include <linux/module.h>
22#include <linux/init.h>
23#include <linux/poll.h>
24#include <linux/delay.h>
25#include <linux/wait.h>
26#include <linux/err.h>
27#include <linux/interrupt.h>
28#include <linux/kthread.h>
29#include <linux/freezer.h>
30
31#include <linux/types.h>
32#include <linux/file.h>
33#include <linux/device.h>
34#include <linux/miscdevice.h>
35
36#include <linux/usb.h>
37#include <linux/usb_usual.h>
38#include <linux/usb/ch9.h>
39#include <linux/usb/android_composite.h>
40#include <linux/usb/f_mtp.h>
41
42#define BULK_BUFFER_SIZE 16384
43
44/* String IDs */
45#define INTERFACE_STRING_INDEX 0
46
47/* values for mtp_dev.state */
48#define STATE_OFFLINE 0 /* initial state, disconnected */
49#define STATE_READY 1 /* ready for userspace calls */
50#define STATE_BUSY 2 /* processing userspace calls */
51#define STATE_CANCELED 3 /* transaction canceled by host */
52#define STATE_ERROR 4 /* error from completion routine */
53
54/* number of tx and rx requests to allocate */
55#define TX_REQ_MAX 4
56#define RX_REQ_MAX 2
57
58/* IO Thread commands */
59#define ANDROID_THREAD_QUIT 1
60#define ANDROID_THREAD_SEND_FILE 2
61#define ANDROID_THREAD_RECEIVE_FILE 3
62
63/* ID for Microsoft MTP OS String */
64#define MTP_OS_STRING_ID 0xEE
65
66/* MTP class reqeusts */
67#define MTP_REQ_CANCEL 0x64
68#define MTP_REQ_GET_EXT_EVENT_DATA 0x65
69#define MTP_REQ_RESET 0x66
70#define MTP_REQ_GET_DEVICE_STATUS 0x67
71
72/* constants for device status */
73#define MTP_RESPONSE_OK 0x2001
74#define MTP_RESPONSE_DEVICE_BUSY 0x2019
75
76static const char shortname[] = "mtp_usb";
77
78struct mtp_dev {
79 struct usb_function function;
80 struct usb_composite_dev *cdev;
81 spinlock_t lock;
82
83 int interface_mode;
84
85 struct usb_ep *ep_in;
86 struct usb_ep *ep_out;
87 struct usb_ep *ep_intr;
88
89 int state;
90
91 atomic_t open_excl;
92
93 struct list_head tx_idle;
94
95 wait_queue_head_t read_wq;
96 wait_queue_head_t write_wq;
97 struct usb_request *rx_req[RX_REQ_MAX];
98 int rx_done;
99
100 /* for our file IO thread */
101 struct task_struct *thread;
102 /* current command for IO thread (or zero for none) */
103 int thread_command;
104 struct file *thread_file;
105 loff_t thread_file_offset;
106 size_t thread_file_length;
107 /* used to wait for thread to complete current command */
108 struct completion thread_wait;
109 /* result from current command */
110 int thread_result;
111};
112
113static struct usb_interface_descriptor mtp_interface_desc = {
114 .bLength = USB_DT_INTERFACE_SIZE,
115 .bDescriptorType = USB_DT_INTERFACE,
116 .bInterfaceNumber = 0,
117 .bNumEndpoints = 3,
118 .bInterfaceClass = USB_CLASS_VENDOR_SPEC,
119 .bInterfaceSubClass = USB_SUBCLASS_VENDOR_SPEC,
120 .bInterfaceProtocol = 0,
121};
122
123static struct usb_interface_descriptor ptp_interface_desc = {
124 .bLength = USB_DT_INTERFACE_SIZE,
125 .bDescriptorType = USB_DT_INTERFACE,
126 .bInterfaceNumber = 0,
127 .bNumEndpoints = 3,
128 .bInterfaceClass = USB_CLASS_STILL_IMAGE,
129 .bInterfaceSubClass = 1,
130 .bInterfaceProtocol = 1,
131};
132
133static struct usb_endpoint_descriptor mtp_highspeed_in_desc = {
134 .bLength = USB_DT_ENDPOINT_SIZE,
135 .bDescriptorType = USB_DT_ENDPOINT,
136 .bEndpointAddress = USB_DIR_IN,
137 .bmAttributes = USB_ENDPOINT_XFER_BULK,
138 .wMaxPacketSize = __constant_cpu_to_le16(512),
139};
140
141static struct usb_endpoint_descriptor mtp_highspeed_out_desc = {
142 .bLength = USB_DT_ENDPOINT_SIZE,
143 .bDescriptorType = USB_DT_ENDPOINT,
144 .bEndpointAddress = USB_DIR_OUT,
145 .bmAttributes = USB_ENDPOINT_XFER_BULK,
146 .wMaxPacketSize = __constant_cpu_to_le16(512),
147};
148
149static struct usb_endpoint_descriptor mtp_fullspeed_in_desc = {
150 .bLength = USB_DT_ENDPOINT_SIZE,
151 .bDescriptorType = USB_DT_ENDPOINT,
152 .bEndpointAddress = USB_DIR_IN,
153 .bmAttributes = USB_ENDPOINT_XFER_BULK,
154};
155
156static struct usb_endpoint_descriptor mtp_fullspeed_out_desc = {
157 .bLength = USB_DT_ENDPOINT_SIZE,
158 .bDescriptorType = USB_DT_ENDPOINT,
159 .bEndpointAddress = USB_DIR_OUT,
160 .bmAttributes = USB_ENDPOINT_XFER_BULK,
161};
162
163static struct usb_endpoint_descriptor mtp_intr_desc = {
164 .bLength = USB_DT_ENDPOINT_SIZE,
165 .bDescriptorType = USB_DT_ENDPOINT,
166 .bEndpointAddress = USB_DIR_IN,
167 .bmAttributes = USB_ENDPOINT_XFER_INT,
168 .wMaxPacketSize = __constant_cpu_to_le16(8),
169 .bInterval = 6,
170};
171
172static struct usb_descriptor_header *fs_mtp_descs[] = {
173 (struct usb_descriptor_header *) &mtp_interface_desc,
174 (struct usb_descriptor_header *) &mtp_fullspeed_in_desc,
175 (struct usb_descriptor_header *) &mtp_fullspeed_out_desc,
176 (struct usb_descriptor_header *) &mtp_intr_desc,
177 NULL,
178};
179
180static struct usb_descriptor_header *hs_mtp_descs[] = {
181 (struct usb_descriptor_header *) &mtp_interface_desc,
182 (struct usb_descriptor_header *) &mtp_highspeed_in_desc,
183 (struct usb_descriptor_header *) &mtp_highspeed_out_desc,
184 (struct usb_descriptor_header *) &mtp_intr_desc,
185 NULL,
186};
187
188static struct usb_descriptor_header *fs_ptp_descs[] = {
189 (struct usb_descriptor_header *) &ptp_interface_desc,
190 (struct usb_descriptor_header *) &mtp_fullspeed_in_desc,
191 (struct usb_descriptor_header *) &mtp_fullspeed_out_desc,
192 (struct usb_descriptor_header *) &mtp_intr_desc,
193 NULL,
194};
195
196static struct usb_descriptor_header *hs_ptp_descs[] = {
197 (struct usb_descriptor_header *) &ptp_interface_desc,
198 (struct usb_descriptor_header *) &mtp_highspeed_in_desc,
199 (struct usb_descriptor_header *) &mtp_highspeed_out_desc,
200 (struct usb_descriptor_header *) &mtp_intr_desc,
201 NULL,
202};
203
204static struct usb_string mtp_string_defs[] = {
205 /* Naming interface "MTP" so libmtp will recognize us */
206 [INTERFACE_STRING_INDEX].s = "MTP",
207 { }, /* end of list */
208};
209
210static struct usb_gadget_strings mtp_string_table = {
211 .language = 0x0409, /* en-US */
212 .strings = mtp_string_defs,
213};
214
215static struct usb_gadget_strings *mtp_strings[] = {
216 &mtp_string_table,
217 NULL,
218};
219
220/* Microsoft MTP OS String */
221static u8 mtp_os_string[] = {
222 18, /* sizeof(mtp_os_string) */
223 USB_DT_STRING,
224 /* Signature field: "MSFT100" */
225 'M', 0, 'S', 0, 'F', 0, 'T', 0, '1', 0, '0', 0, '0', 0,
226 /* vendor code */
227 1,
228 /* padding */
229 0
230};
231
232/* Microsoft Extended Configuration Descriptor Header Section */
233struct mtp_ext_config_desc_header {
234 __le32 dwLength;
235 __u16 bcdVersion;
236 __le16 wIndex;
237 __u8 bCount;
238 __u8 reserved[7];
239};
240
241/* Microsoft Extended Configuration Descriptor Function Section */
242struct mtp_ext_config_desc_function {
243 __u8 bFirstInterfaceNumber;
244 __u8 bInterfaceCount;
245 __u8 compatibleID[8];
246 __u8 subCompatibleID[8];
247 __u8 reserved[6];
248};
249
250/* MTP Extended Configuration Descriptor */
251struct {
252 struct mtp_ext_config_desc_header header;
253 struct mtp_ext_config_desc_function function;
254} mtp_ext_config_desc = {
255 .header = {
256 .dwLength = __constant_cpu_to_le32(sizeof(mtp_ext_config_desc)),
257 .bcdVersion = __constant_cpu_to_le16(0x0100),
258 .wIndex = __constant_cpu_to_le16(4),
259 .bCount = __constant_cpu_to_le16(1),
260 },
261 .function = {
262 .bFirstInterfaceNumber = 0,
263 .bInterfaceCount = 1,
264 .compatibleID = { 'M', 'T', 'P' },
265 },
266};
267
268struct mtp_device_status {
269 __le16 wLength;
270 __le16 wCode;
271};
272
273/* temporary variable used between mtp_open() and mtp_gadget_bind() */
274static struct mtp_dev *_mtp_dev;
275
276static inline struct mtp_dev *func_to_dev(struct usb_function *f)
277{
278 return container_of(f, struct mtp_dev, function);
279}
280
281static struct usb_request *mtp_request_new(struct usb_ep *ep, int buffer_size)
282{
283 struct usb_request *req = usb_ep_alloc_request(ep, GFP_KERNEL);
284 if (!req)
285 return NULL;
286
287 /* now allocate buffers for the requests */
288 req->buf = kmalloc(buffer_size, GFP_KERNEL);
289 if (!req->buf) {
290 usb_ep_free_request(ep, req);
291 return NULL;
292 }
293
294 return req;
295}
296
297static void mtp_request_free(struct usb_request *req, struct usb_ep *ep)
298{
299 if (req) {
300 kfree(req->buf);
301 usb_ep_free_request(ep, req);
302 }
303}
304
305static inline int _lock(atomic_t *excl)
306{
307 if (atomic_inc_return(excl) == 1) {
308 return 0;
309 } else {
310 atomic_dec(excl);
311 return -1;
312 }
313}
314
315static inline void _unlock(atomic_t *excl)
316{
317 atomic_dec(excl);
318}
319
320/* add a request to the tail of a list */
321static void req_put(struct mtp_dev *dev, struct list_head *head,
322 struct usb_request *req)
323{
324 unsigned long flags;
325
326 spin_lock_irqsave(&dev->lock, flags);
327 list_add_tail(&req->list, head);
328 spin_unlock_irqrestore(&dev->lock, flags);
329}
330
331/* remove a request from the head of a list */
332static struct usb_request *req_get(struct mtp_dev *dev, struct list_head *head)
333{
334 unsigned long flags;
335 struct usb_request *req;
336
337 spin_lock_irqsave(&dev->lock, flags);
338 if (list_empty(head)) {
339 req = 0;
340 } else {
341 req = list_first_entry(head, struct usb_request, list);
342 list_del(&req->list);
343 }
344 spin_unlock_irqrestore(&dev->lock, flags);
345 return req;
346}
347
348static void mtp_complete_in(struct usb_ep *ep, struct usb_request *req)
349{
350 struct mtp_dev *dev = _mtp_dev;
351
352 if (req->status != 0)
353 dev->state = STATE_ERROR;
354
355 req_put(dev, &dev->tx_idle, req);
356
357 wake_up(&dev->write_wq);
358}
359
360static void mtp_complete_out(struct usb_ep *ep, struct usb_request *req)
361{
362 struct mtp_dev *dev = _mtp_dev;
363
364 dev->rx_done = 1;
365 if (req->status != 0)
366 dev->state = STATE_ERROR;
367
368 wake_up(&dev->read_wq);
369}
370
371static int __init create_bulk_endpoints(struct mtp_dev *dev,
372 struct usb_endpoint_descriptor *in_desc,
373 struct usb_endpoint_descriptor *out_desc,
374 struct usb_endpoint_descriptor *intr_desc)
375{
376 struct usb_composite_dev *cdev = dev->cdev;
377 struct usb_request *req;
378 struct usb_ep *ep;
379 int i;
380
381 DBG(cdev, "create_bulk_endpoints dev: %p\n", dev);
382
383 ep = usb_ep_autoconfig(cdev->gadget, in_desc);
384 if (!ep) {
385 DBG(cdev, "usb_ep_autoconfig for ep_in failed\n");
386 return -ENODEV;
387 }
388 DBG(cdev, "usb_ep_autoconfig for ep_in got %s\n", ep->name);
389 ep->driver_data = dev; /* claim the endpoint */
390 dev->ep_in = ep;
391
392 ep = usb_ep_autoconfig(cdev->gadget, out_desc);
393 if (!ep) {
394 DBG(cdev, "usb_ep_autoconfig for ep_out failed\n");
395 return -ENODEV;
396 }
397 DBG(cdev, "usb_ep_autoconfig for mtp ep_out got %s\n", ep->name);
398 ep->driver_data = dev; /* claim the endpoint */
399 dev->ep_out = ep;
400
401 ep = usb_ep_autoconfig(cdev->gadget, out_desc);
402 if (!ep) {
403 DBG(cdev, "usb_ep_autoconfig for ep_out failed\n");
404 return -ENODEV;
405 }
406 DBG(cdev, "usb_ep_autoconfig for mtp ep_out got %s\n", ep->name);
407 ep->driver_data = dev; /* claim the endpoint */
408 dev->ep_out = ep;
409
410 ep = usb_ep_autoconfig(cdev->gadget, intr_desc);
411 if (!ep) {
412 DBG(cdev, "usb_ep_autoconfig for ep_intr failed\n");
413 return -ENODEV;
414 }
415 DBG(cdev, "usb_ep_autoconfig for mtp ep_intr got %s\n", ep->name);
416 ep->driver_data = dev; /* claim the endpoint */
417 dev->ep_intr = ep;
418
419 /* now allocate requests for our endpoints */
420 for (i = 0; i < TX_REQ_MAX; i++) {
421 req = mtp_request_new(dev->ep_in, BULK_BUFFER_SIZE);
422 if (!req)
423 goto fail;
424 req->complete = mtp_complete_in;
425 req_put(dev, &dev->tx_idle, req);
426 }
427 for (i = 0; i < RX_REQ_MAX; i++) {
428 req = mtp_request_new(dev->ep_out, BULK_BUFFER_SIZE);
429 if (!req)
430 goto fail;
431 req->complete = mtp_complete_out;
432 dev->rx_req[i] = req;
433 }
434
435 return 0;
436
437fail:
438 printk(KERN_ERR "mtp_bind() could not allocate requests\n");
439 return -1;
440}
441
442static ssize_t mtp_read(struct file *fp, char __user *buf,
443 size_t count, loff_t *pos)
444{
445 struct mtp_dev *dev = fp->private_data;
446 struct usb_composite_dev *cdev = dev->cdev;
447 struct usb_request *req;
448 int r = count, xfer;
449 int ret = 0;
450
451 DBG(cdev, "mtp_read(%d)\n", count);
452
453 if (count > BULK_BUFFER_SIZE)
454 return -EINVAL;
455
456 /* we will block until we're online */
457 DBG(cdev, "mtp_read: waiting for online state\n");
458 ret = wait_event_interruptible(dev->read_wq,
459 dev->state != STATE_OFFLINE);
460 if (ret < 0) {
461 r = ret;
462 goto done;
463 }
464 spin_lock_irq(&dev->lock);
465 if (dev->state == STATE_CANCELED) {
466 /* report cancelation to userspace */
467 dev->state = STATE_READY;
468 spin_unlock_irq(&dev->lock);
469 return -ECANCELED;
470 }
471 dev->state = STATE_BUSY;
472 spin_unlock_irq(&dev->lock);
473
474requeue_req:
475 /* queue a request */
476 req = dev->rx_req[0];
477 req->length = count;
478 dev->rx_done = 0;
479 ret = usb_ep_queue(dev->ep_out, req, GFP_ATOMIC);
480 if (ret < 0) {
481 r = -EIO;
482 goto done;
483 } else {
484 DBG(cdev, "rx %p queue\n", req);
485 }
486
487 /* wait for a request to complete */
488 ret = wait_event_interruptible(dev->read_wq, dev->rx_done);
489 if (ret < 0) {
490 r = ret;
491 goto done;
492 }
493 if (dev->state == STATE_BUSY) {
494 /* If we got a 0-len packet, throw it back and try again. */
495 if (req->actual == 0)
496 goto requeue_req;
497
498 DBG(cdev, "rx %p %d\n", req, req->actual);
499 xfer = (req->actual < count) ? req->actual : count;
500 r = xfer;
501 if (copy_to_user(buf, req->buf, xfer))
502 r = -EFAULT;
503 } else
504 r = -EIO;
505
506done:
507 spin_lock_irq(&dev->lock);
508 if (dev->state == STATE_CANCELED)
509 r = -ECANCELED;
510 else if (dev->state != STATE_OFFLINE)
511 dev->state = STATE_READY;
512 spin_unlock_irq(&dev->lock);
513
514 DBG(cdev, "mtp_read returning %d\n", r);
515 return r;
516}
517
518static ssize_t mtp_write(struct file *fp, const char __user *buf,
519 size_t count, loff_t *pos)
520{
521 struct mtp_dev *dev = fp->private_data;
522 struct usb_composite_dev *cdev = dev->cdev;
523 struct usb_request *req = 0;
524 int r = count, xfer;
525 int ret;
526
527 DBG(cdev, "mtp_write(%d)\n", count);
528
529 spin_lock_irq(&dev->lock);
530 if (dev->state == STATE_CANCELED) {
531 /* report cancelation to userspace */
532 dev->state = STATE_READY;
533 spin_unlock_irq(&dev->lock);
534 return -ECANCELED;
535 }
536 if (dev->state == STATE_OFFLINE) {
537 spin_unlock_irq(&dev->lock);
538 return -ENODEV;
539 }
540 dev->state = STATE_BUSY;
541 spin_unlock_irq(&dev->lock);
542
543 while (count > 0) {
544 if (dev->state != STATE_BUSY) {
545 DBG(cdev, "mtp_write dev->error\n");
546 r = -EIO;
547 break;
548 }
549
550 /* get an idle tx request to use */
551 req = 0;
552 ret = wait_event_interruptible(dev->write_wq,
553 ((req = req_get(dev, &dev->tx_idle))
554 || dev->state != STATE_BUSY));
555 if (!req) {
556 r = ret;
557 break;
558 }
559
560 if (count > BULK_BUFFER_SIZE)
561 xfer = BULK_BUFFER_SIZE;
562 else
563 xfer = count;
564 if (copy_from_user(req->buf, buf, xfer)) {
565 r = -EFAULT;
566 break;
567 }
568
569 req->length = xfer;
570 ret = usb_ep_queue(dev->ep_in, req, GFP_ATOMIC);
571 if (ret < 0) {
572 DBG(cdev, "mtp_write: xfer error %d\n", ret);
573 r = -EIO;
574 break;
575 }
576
577 buf += xfer;
578 count -= xfer;
579
580 /* zero this so we don't try to free it on error exit */
581 req = 0;
582 }
583
584 if (req)
585 req_put(dev, &dev->tx_idle, req);
586
587 spin_lock_irq(&dev->lock);
588 if (dev->state == STATE_CANCELED)
589 r = -ECANCELED;
590 else if (dev->state != STATE_OFFLINE)
591 dev->state = STATE_READY;
592 spin_unlock_irq(&dev->lock);
593
594 DBG(cdev, "mtp_write returning %d\n", r);
595 return r;
596}
597
598static int mtp_send_file(struct mtp_dev *dev, struct file *filp,
599 loff_t offset, size_t count)
600{
601 struct usb_composite_dev *cdev = dev->cdev;
602 struct usb_request *req = 0;
603 int r = count, xfer, ret;
604
605 DBG(cdev, "mtp_send_file(%lld %d)\n", offset, count);
606
607 while (count > 0) {
608 /* get an idle tx request to use */
609 req = 0;
610 ret = wait_event_interruptible(dev->write_wq,
611 (req = req_get(dev, &dev->tx_idle))
612 || dev->state != STATE_BUSY);
613 if (!req) {
614 r = ret;
615 break;
616 }
617
618 if (count > BULK_BUFFER_SIZE)
619 xfer = BULK_BUFFER_SIZE;
620 else
621 xfer = count;
622 ret = vfs_read(filp, req->buf, xfer, &offset);
623 if (ret < 0) {
624 r = ret;
625 break;
626 }
627 xfer = ret;
628
629 req->length = xfer;
630 ret = usb_ep_queue(dev->ep_in, req, GFP_ATOMIC);
631 if (ret < 0) {
632 DBG(cdev, "mtp_write: xfer error %d\n", ret);
633 dev->state = STATE_ERROR;
634 r = -EIO;
635 break;
636 }
637
638 count -= xfer;
639
640 /* zero this so we don't try to free it on error exit */
641 req = 0;
642 }
643
644 if (req)
645 req_put(dev, &dev->tx_idle, req);
646
647 DBG(cdev, "mtp_write returning %d\n", r);
648 return r;
649}
650
651static int mtp_receive_file(struct mtp_dev *dev, struct file *filp,
652 loff_t offset, size_t count)
653{
654 struct usb_composite_dev *cdev = dev->cdev;
655 struct usb_request *read_req = NULL, *write_req = NULL;
656 int r = count;
657 int ret;
658 int cur_buf = 0;
659
660 DBG(cdev, "mtp_receive_file(%d)\n", count);
661
662 while (count > 0 || write_req) {
663 if (count > 0) {
664 /* queue a request */
665 read_req = dev->rx_req[cur_buf];
666 cur_buf = (cur_buf + 1) % RX_REQ_MAX;
667
668 read_req->length = (count > BULK_BUFFER_SIZE
669 ? BULK_BUFFER_SIZE : count);
670 dev->rx_done = 0;
671 ret = usb_ep_queue(dev->ep_out, read_req, GFP_ATOMIC);
672 if (ret < 0) {
673 r = -EIO;
674 dev->state = STATE_ERROR;
675 break;
676 }
677 count -= ret;
678 }
679
680 if (write_req) {
681 DBG(cdev, "rx %p %d\n", write_req, write_req->actual);
682 ret = vfs_write(filp, write_req->buf, write_req->actual,
683 &offset);
684 DBG(cdev, "vfs_write %d\n", ret);
685 if (ret != write_req->actual) {
686 r = -EIO;
687 dev->state = STATE_ERROR;
688 break;
689 }
690 write_req = NULL;
691 }
692
693 if (read_req) {
694 /* wait for our last read to complete */
695 ret = wait_event_interruptible(dev->read_wq,
696 dev->rx_done || dev->state != STATE_BUSY);
697 if (ret < 0 || dev->state != STATE_BUSY) {
698 r = ret;
699 break;
700 }
701 count -= read_req->actual;
702 write_req = read_req;
703 read_req = NULL;
704 }
705 }
706
707 DBG(cdev, "mtp_read returning %d\n", r);
708 return r;
709}
710
711/* Kernel thread for handling file IO operations */
712static int mtp_thread(void *data)
713{
714 struct mtp_dev *dev = (struct mtp_dev *)data;
715 struct usb_composite_dev *cdev = dev->cdev;
716 int flags;
717
718 DBG(cdev, "mtp_thread started\n");
719
720 while (1) {
721 /* wait for a command */
722 while (1) {
723 try_to_freeze();
724 set_current_state(TASK_INTERRUPTIBLE);
725 if (dev->thread_command != 0)
726 break;
727 schedule();
728 }
729 __set_current_state(TASK_RUNNING);
730
731 if (dev->thread_command == ANDROID_THREAD_QUIT) {
732 DBG(cdev, "ANDROID_THREAD_QUIT\n");
733 dev->thread_result = 0;
734 goto done;
735 }
736
737 if (dev->thread_command == ANDROID_THREAD_SEND_FILE)
738 flags = O_RDONLY | O_LARGEFILE;
739 else
740 flags = O_WRONLY | O_LARGEFILE | O_CREAT;
741
742 if (dev->thread_command == ANDROID_THREAD_SEND_FILE) {
743 dev->thread_result = mtp_send_file(dev,
744 dev->thread_file,
745 dev->thread_file_offset,
746 dev->thread_file_length);
747 } else {
748 dev->thread_result = mtp_receive_file(dev,
749 dev->thread_file,
750 dev->thread_file_offset,
751 dev->thread_file_length);
752 }
753
754 if (dev->thread_file) {
755 fput(dev->thread_file);
756 dev->thread_file = NULL;
757 }
758 dev->thread_command = 0;
759 complete(&dev->thread_wait);
760 }
761
762done:
763 DBG(cdev, "android_thread done\n");
764 complete_and_exit(&dev->thread_wait, 0);
765}
766
767static long mtp_ioctl(struct file *fp, unsigned code, unsigned long value)
768{
769 struct mtp_dev *dev = fp->private_data;
770 struct file *filp = NULL;
771 int ret = -EINVAL;
772
773 switch (code) {
774 case MTP_SEND_FILE:
775 case MTP_RECEIVE_FILE:
776 {
777 struct mtp_file_range mfr;
778
779 spin_lock_irq(&dev->lock);
780 if (dev->state == STATE_CANCELED) {
781 /* report cancelation to userspace */
782 dev->state = STATE_READY;
783 spin_unlock_irq(&dev->lock);
784 return -ECANCELED;
785 }
786 if (dev->state == STATE_OFFLINE) {
787 spin_unlock_irq(&dev->lock);
788 return -ENODEV;
789 }
790 dev->state = STATE_BUSY;
791 spin_unlock_irq(&dev->lock);
792
793 if (copy_from_user(&mfr, (void __user *)value, sizeof(mfr))) {
794 ret = -EFAULT;
795 goto fail;
796 }
797 filp = fget(mfr.fd);
798 if (!filp) {
799 ret = -EBADF;
800 goto fail;
801 }
802
803 dev->thread_file = filp;
804 dev->thread_file_offset = mfr.offset;
805 dev->thread_file_length = mfr.length;
806
807 if (code == MTP_SEND_FILE)
808 dev->thread_command = ANDROID_THREAD_SEND_FILE;
809 else
810 dev->thread_command = ANDROID_THREAD_RECEIVE_FILE;
811
812 /* wake up the thread */
813 init_completion(&dev->thread_wait);
814 wake_up_process(dev->thread);
815
816 /* wait for the thread to complete the command */
817 wait_for_completion(&dev->thread_wait);
818 ret = dev->thread_result;
819 DBG(dev->cdev, "thread returned %d\n", ret);
820 break;
821 }
822 case MTP_SET_INTERFACE_MODE:
823 if (value == MTP_INTERFACE_MODE_MTP ||
824 value == MTP_INTERFACE_MODE_PTP) {
825 dev->interface_mode = value;
826 if (value == MTP_INTERFACE_MODE_PTP) {
827 dev->function.descriptors = fs_ptp_descs;
828 dev->function.hs_descriptors = hs_ptp_descs;
829 } else {
830 dev->function.descriptors = fs_mtp_descs;
831 dev->function.hs_descriptors = hs_mtp_descs;
832 }
833 ret = 0;
834 }
835 break;
836 }
837
838fail:
839 if (filp)
840 fput(filp);
841 spin_lock_irq(&dev->lock);
842 if (dev->state == STATE_CANCELED)
843 ret = -ECANCELED;
844 else if (dev->state != STATE_OFFLINE)
845 dev->state = STATE_READY;
846 spin_unlock_irq(&dev->lock);
847 DBG(dev->cdev, "ioctl returning %d\n", ret);
848 return ret;
849}
850
851static int mtp_open(struct inode *ip, struct file *fp)
852{
853 printk(KERN_INFO "mtp_open\n");
854 if (_lock(&_mtp_dev->open_excl))
855 return -EBUSY;
856
857 _mtp_dev->thread = kthread_create(mtp_thread, _mtp_dev, "f_mtp");
858 if (IS_ERR(_mtp_dev->thread))
859 return -ENOMEM;
860
861 /* clear any error condition */
862 if (_mtp_dev->state != STATE_OFFLINE)
863 _mtp_dev->state = STATE_READY;
864
865 fp->private_data = _mtp_dev;
866 return 0;
867}
868
869static int mtp_release(struct inode *ip, struct file *fp)
870{
871 printk(KERN_INFO "mtp_release\n");
872
873 /* tell the thread to quit */
874 if (_mtp_dev->thread) {
875 _mtp_dev->thread_command = ANDROID_THREAD_QUIT;
876 init_completion(&_mtp_dev->thread_wait);
877 wake_up_process(_mtp_dev->thread);
878 wait_for_completion(&_mtp_dev->thread_wait);
879 }
880
881 _unlock(&_mtp_dev->open_excl);
882 return 0;
883}
884
885/* file operations for /dev/mtp_usb */
886static const struct file_operations mtp_fops = {
887 .owner = THIS_MODULE,
888 .read = mtp_read,
889 .write = mtp_write,
890 .unlocked_ioctl = mtp_ioctl,
891 .open = mtp_open,
892 .release = mtp_release,
893};
894
895static struct miscdevice mtp_device = {
896 .minor = MISC_DYNAMIC_MINOR,
897 .name = shortname,
898 .fops = &mtp_fops,
899};
900
901static int
902mtp_function_bind(struct usb_configuration *c, struct usb_function *f)
903{
904 struct usb_composite_dev *cdev = c->cdev;
905 struct mtp_dev *dev = func_to_dev(f);
906 int id;
907 int ret;
908
909 dev->cdev = cdev;
910 DBG(cdev, "mtp_function_bind dev: %p\n", dev);
911
912 /* allocate interface ID(s) */
913 id = usb_interface_id(c, f);
914 if (id < 0)
915 return id;
916 mtp_interface_desc.bInterfaceNumber = id;
917
918 /* allocate endpoints */
919 ret = create_bulk_endpoints(dev, &mtp_fullspeed_in_desc,
920 &mtp_fullspeed_out_desc, &mtp_intr_desc);
921 if (ret)
922 return ret;
923
924 /* support high speed hardware */
925 if (gadget_is_dualspeed(c->cdev->gadget)) {
926 mtp_highspeed_in_desc.bEndpointAddress =
927 mtp_fullspeed_in_desc.bEndpointAddress;
928 mtp_highspeed_out_desc.bEndpointAddress =
929 mtp_fullspeed_out_desc.bEndpointAddress;
930 }
931
932 DBG(cdev, "%s speed %s: IN/%s, OUT/%s\n",
933 gadget_is_dualspeed(c->cdev->gadget) ? "dual" : "full",
934 f->name, dev->ep_in->name, dev->ep_out->name);
935 return 0;
936}
937
938static void
939mtp_function_unbind(struct usb_configuration *c, struct usb_function *f)
940{
941 struct mtp_dev *dev = func_to_dev(f);
942 struct usb_request *req;
943 int i;
944
945 spin_lock_irq(&dev->lock);
946 while ((req = req_get(dev, &dev->tx_idle)))
947 mtp_request_free(req, dev->ep_in);
948 for (i = 0; i < RX_REQ_MAX; i++)
949 mtp_request_free(dev->rx_req[i], dev->ep_out);
950 dev->state = STATE_OFFLINE;
951 spin_unlock_irq(&dev->lock);
952
953 misc_deregister(&mtp_device);
954 kfree(_mtp_dev);
955 _mtp_dev = NULL;
956}
957
958static int mtp_function_setup(struct usb_function *f,
959 const struct usb_ctrlrequest *ctrl)
960{
961 struct mtp_dev *dev = func_to_dev(f);
962 struct usb_composite_dev *cdev = dev->cdev;
963 int value = -EOPNOTSUPP;
964 u16 w_index = le16_to_cpu(ctrl->wIndex);
965 u16 w_value = le16_to_cpu(ctrl->wValue);
966 u16 w_length = le16_to_cpu(ctrl->wLength);
967 unsigned long flags;
968
969 /* do nothing if we are disabled */
970 if (dev->function.disabled)
971 return value;
972
973 VDBG(cdev, "mtp_function_setup "
974 "%02x.%02x v%04x i%04x l%u\n",
975 ctrl->bRequestType, ctrl->bRequest,
976 w_value, w_index, w_length);
977
978 /* Handle MTP OS string */
979 if (dev->interface_mode == MTP_INTERFACE_MODE_MTP
980 && ctrl->bRequestType ==
981 (USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_DEVICE)
982 && ctrl->bRequest == USB_REQ_GET_DESCRIPTOR
983 && (w_value >> 8) == USB_DT_STRING
984 && (w_value & 0xFF) == MTP_OS_STRING_ID) {
985 value = (w_length < sizeof(mtp_os_string)
986 ? w_length : sizeof(mtp_os_string));
987 memcpy(cdev->req->buf, mtp_os_string, value);
988 /* return here since composite.c will send for us */
989 return value;
990 }
991 if ((ctrl->bRequestType & USB_TYPE_MASK) == USB_TYPE_VENDOR) {
992 /* Handle MTP OS descriptor */
993 DBG(cdev, "vendor request: %d index: %d value: %d length: %d\n",
994 ctrl->bRequest, w_index, w_value, w_length);
995
996 if (dev->interface_mode == MTP_INTERFACE_MODE_MTP
997 && ctrl->bRequest == 1
998 && (ctrl->bRequestType & USB_DIR_IN)
999 && (w_index == 4 || w_index == 5)) {
1000 value = (w_length < sizeof(mtp_ext_config_desc) ?
1001 w_length : sizeof(mtp_ext_config_desc));
1002 memcpy(cdev->req->buf, &mtp_ext_config_desc, value);
1003 }
1004 }
1005 if ((ctrl->bRequestType & USB_TYPE_MASK) == USB_TYPE_CLASS) {
1006 DBG(cdev, "class request: %d index: %d value: %d length: %d\n",
1007 ctrl->bRequest, w_index, w_value, w_length);
1008
1009 if (ctrl->bRequest == MTP_REQ_CANCEL && w_index == 0
1010 && w_value == 0) {
1011 DBG(cdev, "MTP_REQ_CANCEL\n");
1012
1013 spin_lock_irqsave(&dev->lock, flags);
1014 if (dev->state == STATE_BUSY) {
1015 dev->state = STATE_CANCELED;
1016 wake_up(&dev->read_wq);
1017 wake_up(&dev->write_wq);
1018 }
1019 spin_unlock_irqrestore(&dev->lock, flags);
1020
1021 /* We need to queue a request to read the remaining
1022 * bytes, but we don't actually need to look at
1023 * the contents.
1024 */
1025 value = w_length;
1026 } else if (ctrl->bRequest == MTP_REQ_GET_DEVICE_STATUS
1027 && w_index == 0 && w_value == 0) {
1028 struct mtp_device_status *status = cdev->req->buf;
1029 status->wLength =
1030 __constant_cpu_to_le16(sizeof(*status));
1031
1032 DBG(cdev, "MTP_REQ_GET_DEVICE_STATUS\n");
1033 spin_lock_irqsave(&dev->lock, flags);
1034 /* device status is "busy" until we report
1035 * the cancelation to userspace
1036 */
1037 if (dev->state == STATE_BUSY
1038 || dev->state == STATE_CANCELED)
1039 status->wCode =
1040 __cpu_to_le16(MTP_RESPONSE_DEVICE_BUSY);
1041 else
1042 status->wCode =
1043 __cpu_to_le16(MTP_RESPONSE_OK);
1044 spin_unlock_irqrestore(&dev->lock, flags);
1045 value = sizeof(*status);
1046 }
1047 }
1048
1049 /* respond with data transfer or status phase? */
1050 if (value >= 0) {
1051 int rc;
1052 cdev->req->zero = value < w_length;
1053 cdev->req->length = value;
1054 rc = usb_ep_queue(cdev->gadget->ep0, cdev->req, GFP_ATOMIC);
1055 if (rc < 0)
1056 ERROR(cdev, "%s setup response queue error\n", __func__);
1057 }
1058
1059 if (value == -EOPNOTSUPP)
1060 VDBG(cdev,
1061 "unknown class-specific control req "
1062 "%02x.%02x v%04x i%04x l%u\n",
1063 ctrl->bRequestType, ctrl->bRequest,
1064 w_value, w_index, w_length);
1065 return value;
1066}
1067
1068static int mtp_function_set_alt(struct usb_function *f,
1069 unsigned intf, unsigned alt)
1070{
1071 struct mtp_dev *dev = func_to_dev(f);
1072 struct usb_composite_dev *cdev = f->config->cdev;
1073 int ret;
1074
1075 DBG(cdev, "mtp_function_set_alt intf: %d alt: %d\n", intf, alt);
1076 ret = usb_ep_enable(dev->ep_in,
1077 ep_choose(cdev->gadget,
1078 &mtp_highspeed_in_desc,
1079 &mtp_fullspeed_in_desc));
1080 if (ret)
1081 return ret;
1082 ret = usb_ep_enable(dev->ep_out,
1083 ep_choose(cdev->gadget,
1084 &mtp_highspeed_out_desc,
1085 &mtp_fullspeed_out_desc));
1086 if (ret) {
1087 usb_ep_disable(dev->ep_in);
1088 return ret;
1089 }
1090 ret = usb_ep_enable(dev->ep_intr, &mtp_intr_desc);
1091 if (ret) {
1092 usb_ep_disable(dev->ep_out);
1093 usb_ep_disable(dev->ep_in);
1094 return ret;
1095 }
1096 dev->state = STATE_READY;
1097
1098 /* readers may be blocked waiting for us to go online */
1099 wake_up(&dev->read_wq);
1100 return 0;
1101}
1102
1103static void mtp_function_disable(struct usb_function *f)
1104{
1105 struct mtp_dev *dev = func_to_dev(f);
1106 struct usb_composite_dev *cdev = dev->cdev;
1107
1108 DBG(cdev, "mtp_function_disable\n");
1109 dev->state = STATE_OFFLINE;
1110 usb_ep_disable(dev->ep_in);
1111 usb_ep_disable(dev->ep_out);
1112 usb_ep_disable(dev->ep_intr);
1113
1114 /* readers may be blocked waiting for us to go online */
1115 wake_up(&dev->read_wq);
1116
1117 VDBG(cdev, "%s disabled\n", dev->function.name);
1118}
1119
1120static int mtp_bind_config(struct usb_configuration *c)
1121{
1122 struct mtp_dev *dev;
1123 int ret;
1124
1125 printk(KERN_INFO "mtp_bind_config\n");
1126
1127 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
1128 if (!dev)
1129 return -ENOMEM;
1130
1131 /* allocate a string ID for our interface */
1132 if (mtp_string_defs[INTERFACE_STRING_INDEX].id == 0) {
1133 ret = usb_string_id(c->cdev);
1134 if (ret < 0)
1135 return ret;
1136 mtp_string_defs[INTERFACE_STRING_INDEX].id = ret;
1137 mtp_interface_desc.iInterface = ret;
1138 }
1139
1140 spin_lock_init(&dev->lock);
1141 init_completion(&dev->thread_wait);
1142 init_waitqueue_head(&dev->read_wq);
1143 init_waitqueue_head(&dev->write_wq);
1144 atomic_set(&dev->open_excl, 0);
1145 INIT_LIST_HEAD(&dev->tx_idle);
1146
1147 dev->cdev = c->cdev;
1148 dev->function.name = "mtp";
1149 dev->function.strings = mtp_strings,
1150 dev->function.descriptors = fs_mtp_descs;
1151 dev->function.hs_descriptors = hs_mtp_descs;
1152 dev->function.bind = mtp_function_bind;
1153 dev->function.unbind = mtp_function_unbind;
1154 dev->function.setup = mtp_function_setup;
1155 dev->function.set_alt = mtp_function_set_alt;
1156 dev->function.disable = mtp_function_disable;
1157
1158 /* MTP mode by default */
1159 dev->interface_mode = MTP_INTERFACE_MODE_MTP;
1160
1161 /* _mtp_dev must be set before calling usb_gadget_register_driver */
1162 _mtp_dev = dev;
1163
1164 ret = misc_register(&mtp_device);
1165 if (ret)
1166 goto err1;
1167
1168 ret = usb_add_function(c, &dev->function);
1169 if (ret)
1170 goto err2;
1171
1172 return 0;
1173
1174err2:
1175 misc_deregister(&mtp_device);
1176err1:
1177 kfree(dev);
1178 printk(KERN_ERR "mtp gadget driver failed to initialize\n");
1179 return ret;
1180}
1181
1182static struct android_usb_function mtp_function = {
1183 .name = "mtp",
1184 .bind_config = mtp_bind_config,
1185};
1186
1187static int __init init(void)
1188{
1189 printk(KERN_INFO "f_mtp init\n");
1190 android_register_function(&mtp_function);
1191 return 0;
1192}
1193module_init(init);