1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  * composite.c - infrastructure for Composite USB Gadgets
4  *
5  * Copyright (C) 2006-2008 David Brownell
6  */
7 
8 /* #define VERBOSE_DEBUG */
9 
10 #include <linux/kallsyms.h>
11 #include <linux/kernel.h>
12 #include <linux/slab.h>
13 #include <linux/module.h>
14 #include <linux/device.h>
15 #include <linux/utsname.h>
16 #include <linux/bitfield.h>
17 #include <linux/uuid.h>
18 
19 #include <linux/usb/composite.h>
20 #include <linux/usb/otg.h>
21 #include <linux/usb/webusb.h>
22 #include <linux/unaligned.h>
23 
24 #include "u_os_desc.h"
25 
26 /**
27  * struct usb_os_string - represents OS String to be reported by a gadget
28  * @bLength: total length of the entire descritor, always 0x12
29  * @bDescriptorType: USB_DT_STRING
30  * @qwSignature: the OS String proper
31  * @bMS_VendorCode: code used by the host for subsequent requests
32  * @bPad: not used, must be zero
33  */
34 struct usb_os_string {
35 	__u8	bLength;
36 	__u8	bDescriptorType;
37 	__u8	qwSignature[OS_STRING_QW_SIGN_LEN];
38 	__u8	bMS_VendorCode;
39 	__u8	bPad;
40 } __packed;
41 
42 /*
43  * The code in this file is utility code, used to build a gadget driver
44  * from one or more "function" drivers, one or more "configuration"
45  * objects, and a "usb_composite_driver" by gluing them together along
46  * with the relevant device-wide data.
47  */
48 
get_containers_gs(struct usb_gadget_string_container * uc)49 static struct usb_gadget_strings **get_containers_gs(
50 		struct usb_gadget_string_container *uc)
51 {
52 	return (struct usb_gadget_strings **)uc->stash;
53 }
54 
55 /**
56  * function_descriptors() - get function descriptors for speed
57  * @f: the function
58  * @speed: the speed
59  *
60  * Returns the descriptors or NULL if not set.
61  */
62 static struct usb_descriptor_header **
function_descriptors(struct usb_function * f,enum usb_device_speed speed)63 function_descriptors(struct usb_function *f,
64 		     enum usb_device_speed speed)
65 {
66 	struct usb_descriptor_header **descriptors;
67 
68 	/*
69 	 * NOTE: we try to help gadget drivers which might not be setting
70 	 * max_speed appropriately.
71 	 */
72 
73 	switch (speed) {
74 	case USB_SPEED_SUPER_PLUS:
75 		descriptors = f->ssp_descriptors;
76 		if (descriptors)
77 			break;
78 		fallthrough;
79 	case USB_SPEED_SUPER:
80 		descriptors = f->ss_descriptors;
81 		if (descriptors)
82 			break;
83 		fallthrough;
84 	case USB_SPEED_HIGH:
85 		descriptors = f->hs_descriptors;
86 		if (descriptors)
87 			break;
88 		fallthrough;
89 	default:
90 		descriptors = f->fs_descriptors;
91 	}
92 
93 	/*
94 	 * if we can't find any descriptors at all, then this gadget deserves to
95 	 * Oops with a NULL pointer dereference
96 	 */
97 
98 	return descriptors;
99 }
100 
101 /**
102  * next_desc() - advance to the next desc_type descriptor
103  * @t: currect pointer within descriptor array
104  * @desc_type: descriptor type
105  *
106  * Return: next desc_type descriptor or NULL
107  *
108  * Iterate over @t until either desc_type descriptor found or
109  * NULL (that indicates end of list) encountered
110  */
111 static struct usb_descriptor_header**
next_desc(struct usb_descriptor_header ** t,u8 desc_type)112 next_desc(struct usb_descriptor_header **t, u8 desc_type)
113 {
114 	for (; *t; t++) {
115 		if ((*t)->bDescriptorType == desc_type)
116 			return t;
117 	}
118 	return NULL;
119 }
120 
121 /*
122  * for_each_desc() - iterate over desc_type descriptors in the
123  * descriptors list
124  * @start: pointer within descriptor array.
125  * @iter_desc: desc_type descriptor to use as the loop cursor
126  * @desc_type: wanted descriptr type
127  */
128 #define for_each_desc(start, iter_desc, desc_type) \
129 	for (iter_desc = next_desc(start, desc_type); \
130 	     iter_desc; iter_desc = next_desc(iter_desc + 1, desc_type))
131 
132 /**
133  * config_ep_by_speed_and_alt() - configures the given endpoint
134  * according to gadget speed.
135  * @g: pointer to the gadget
136  * @f: usb function
137  * @_ep: the endpoint to configure
138  * @alt: alternate setting number
139  *
140  * Return: error code, 0 on success
141  *
142  * This function chooses the right descriptors for a given
143  * endpoint according to gadget speed and saves it in the
144  * endpoint desc field. If the endpoint already has a descriptor
145  * assigned to it - overwrites it with currently corresponding
146  * descriptor. The endpoint maxpacket field is updated according
147  * to the chosen descriptor.
148  * Note: the supplied function should hold all the descriptors
149  * for supported speeds
150  */
config_ep_by_speed_and_alt(struct usb_gadget * g,struct usb_function * f,struct usb_ep * _ep,u8 alt)151 int config_ep_by_speed_and_alt(struct usb_gadget *g,
152 				struct usb_function *f,
153 				struct usb_ep *_ep,
154 				u8 alt)
155 {
156 	struct usb_endpoint_descriptor *chosen_desc = NULL;
157 	struct usb_interface_descriptor *int_desc = NULL;
158 	struct usb_descriptor_header **speed_desc = NULL;
159 
160 	struct usb_ss_ep_comp_descriptor *comp_desc = NULL;
161 	int want_comp_desc = 0;
162 
163 	struct usb_descriptor_header **d_spd; /* cursor for speed desc */
164 	struct usb_composite_dev *cdev;
165 	bool incomplete_desc = false;
166 
167 	if (!g || !f || !_ep)
168 		return -EIO;
169 
170 	/* select desired speed */
171 	switch (g->speed) {
172 	case USB_SPEED_SUPER_PLUS:
173 		if (f->ssp_descriptors) {
174 			speed_desc = f->ssp_descriptors;
175 			want_comp_desc = 1;
176 			break;
177 		}
178 		incomplete_desc = true;
179 		fallthrough;
180 	case USB_SPEED_SUPER:
181 		if (f->ss_descriptors) {
182 			speed_desc = f->ss_descriptors;
183 			want_comp_desc = 1;
184 			break;
185 		}
186 		incomplete_desc = true;
187 		fallthrough;
188 	case USB_SPEED_HIGH:
189 		if (f->hs_descriptors) {
190 			speed_desc = f->hs_descriptors;
191 			break;
192 		}
193 		incomplete_desc = true;
194 		fallthrough;
195 	default:
196 		speed_desc = f->fs_descriptors;
197 	}
198 
199 	cdev = get_gadget_data(g);
200 	if (incomplete_desc)
201 		WARNING(cdev,
202 			"%s doesn't hold the descriptors for current speed\n",
203 			f->name);
204 
205 	/* find correct alternate setting descriptor */
206 	for_each_desc(speed_desc, d_spd, USB_DT_INTERFACE) {
207 		int_desc = (struct usb_interface_descriptor *)*d_spd;
208 
209 		if (int_desc->bAlternateSetting == alt) {
210 			speed_desc = d_spd;
211 			goto intf_found;
212 		}
213 	}
214 	return -EIO;
215 
216 intf_found:
217 	/* find descriptors */
218 	for_each_desc(speed_desc, d_spd, USB_DT_ENDPOINT) {
219 		chosen_desc = (struct usb_endpoint_descriptor *)*d_spd;
220 		if (chosen_desc->bEndpointAddress == _ep->address)
221 			goto ep_found;
222 	}
223 	return -EIO;
224 
225 ep_found:
226 	/* commit results */
227 	_ep->maxpacket = usb_endpoint_maxp(chosen_desc);
228 	_ep->desc = chosen_desc;
229 	_ep->comp_desc = NULL;
230 	_ep->maxburst = 0;
231 	_ep->mult = 1;
232 
233 	if (g->speed == USB_SPEED_HIGH && (usb_endpoint_xfer_isoc(_ep->desc) ||
234 				usb_endpoint_xfer_int(_ep->desc)))
235 		_ep->mult = usb_endpoint_maxp_mult(_ep->desc);
236 
237 	if (!want_comp_desc)
238 		return 0;
239 
240 	/*
241 	 * Companion descriptor should follow EP descriptor
242 	 * USB 3.0 spec, #9.6.7
243 	 */
244 	comp_desc = (struct usb_ss_ep_comp_descriptor *)*(++d_spd);
245 	if (!comp_desc ||
246 	    (comp_desc->bDescriptorType != USB_DT_SS_ENDPOINT_COMP))
247 		return -EIO;
248 	_ep->comp_desc = comp_desc;
249 	if (g->speed >= USB_SPEED_SUPER) {
250 		switch (usb_endpoint_type(_ep->desc)) {
251 		case USB_ENDPOINT_XFER_ISOC:
252 			/* mult: bits 1:0 of bmAttributes */
253 			_ep->mult = (comp_desc->bmAttributes & 0x3) + 1;
254 			fallthrough;
255 		case USB_ENDPOINT_XFER_BULK:
256 		case USB_ENDPOINT_XFER_INT:
257 			_ep->maxburst = comp_desc->bMaxBurst + 1;
258 			break;
259 		default:
260 			if (comp_desc->bMaxBurst != 0)
261 				ERROR(cdev, "ep0 bMaxBurst must be 0\n");
262 			_ep->maxburst = 1;
263 			break;
264 		}
265 	}
266 	return 0;
267 }
268 EXPORT_SYMBOL_GPL(config_ep_by_speed_and_alt);
269 
270 /**
271  * config_ep_by_speed() - configures the given endpoint
272  * according to gadget speed.
273  * @g: pointer to the gadget
274  * @f: usb function
275  * @_ep: the endpoint to configure
276  *
277  * Return: error code, 0 on success
278  *
279  * This function chooses the right descriptors for a given
280  * endpoint according to gadget speed and saves it in the
281  * endpoint desc field. If the endpoint already has a descriptor
282  * assigned to it - overwrites it with currently corresponding
283  * descriptor. The endpoint maxpacket field is updated according
284  * to the chosen descriptor.
285  * Note: the supplied function should hold all the descriptors
286  * for supported speeds
287  */
config_ep_by_speed(struct usb_gadget * g,struct usb_function * f,struct usb_ep * _ep)288 int config_ep_by_speed(struct usb_gadget *g,
289 			struct usb_function *f,
290 			struct usb_ep *_ep)
291 {
292 	return config_ep_by_speed_and_alt(g, f, _ep, 0);
293 }
294 EXPORT_SYMBOL_GPL(config_ep_by_speed);
295 
296 /**
297  * usb_add_function() - add a function to a configuration
298  * @config: the configuration
299  * @function: the function being added
300  * Context: single threaded during gadget setup
301  *
302  * After initialization, each configuration must have one or more
303  * functions added to it.  Adding a function involves calling its @bind()
304  * method to allocate resources such as interface and string identifiers
305  * and endpoints.
306  *
307  * This function returns the value of the function's bind(), which is
308  * zero for success else a negative errno value.
309  */
usb_add_function(struct usb_configuration * config,struct usb_function * function)310 int usb_add_function(struct usb_configuration *config,
311 		struct usb_function *function)
312 {
313 	int	value = -EINVAL;
314 
315 	DBG(config->cdev, "adding '%s'/%p to config '%s'/%p\n",
316 			function->name, function,
317 			config->label, config);
318 
319 	if (!function->set_alt || !function->disable)
320 		goto done;
321 
322 	function->config = config;
323 	list_add_tail(&function->list, &config->functions);
324 
325 	if (function->bind_deactivated) {
326 		value = usb_function_deactivate(function);
327 		if (value)
328 			goto done;
329 	}
330 
331 	/* REVISIT *require* function->bind? */
332 	if (function->bind) {
333 		value = function->bind(config, function);
334 		if (value < 0) {
335 			list_del(&function->list);
336 			function->config = NULL;
337 		}
338 	} else
339 		value = 0;
340 
341 	/* We allow configurations that don't work at both speeds.
342 	 * If we run into a lowspeed Linux system, treat it the same
343 	 * as full speed ... it's the function drivers that will need
344 	 * to avoid bulk and ISO transfers.
345 	 */
346 	if (!config->fullspeed && function->fs_descriptors)
347 		config->fullspeed = true;
348 	if (!config->highspeed && function->hs_descriptors)
349 		config->highspeed = true;
350 	if (!config->superspeed && function->ss_descriptors)
351 		config->superspeed = true;
352 	if (!config->superspeed_plus && function->ssp_descriptors)
353 		config->superspeed_plus = true;
354 
355 done:
356 	if (value)
357 		DBG(config->cdev, "adding '%s'/%p --> %d\n",
358 				function->name, function, value);
359 	return value;
360 }
361 EXPORT_SYMBOL_GPL(usb_add_function);
362 
usb_remove_function(struct usb_configuration * c,struct usb_function * f)363 void usb_remove_function(struct usb_configuration *c, struct usb_function *f)
364 {
365 	if (f->disable)
366 		f->disable(f);
367 
368 	bitmap_zero(f->endpoints, 32);
369 	list_del(&f->list);
370 	if (f->unbind)
371 		f->unbind(c, f);
372 
373 	if (f->bind_deactivated)
374 		usb_function_activate(f);
375 }
376 EXPORT_SYMBOL_GPL(usb_remove_function);
377 
378 /**
379  * usb_function_deactivate - prevent function and gadget enumeration
380  * @function: the function that isn't yet ready to respond
381  *
382  * Blocks response of the gadget driver to host enumeration by
383  * preventing the data line pullup from being activated.  This is
384  * normally called during @bind() processing to change from the
385  * initial "ready to respond" state, or when a required resource
386  * becomes available.
387  *
388  * For example, drivers that serve as a passthrough to a userspace
389  * daemon can block enumeration unless that daemon (such as an OBEX,
390  * MTP, or print server) is ready to handle host requests.
391  *
392  * Not all systems support software control of their USB peripheral
393  * data pullups.
394  *
395  * Returns zero on success, else negative errno.
396  */
usb_function_deactivate(struct usb_function * function)397 int usb_function_deactivate(struct usb_function *function)
398 {
399 	struct usb_composite_dev	*cdev = function->config->cdev;
400 	unsigned long			flags;
401 	int				status = 0;
402 
403 	spin_lock_irqsave(&cdev->lock, flags);
404 
405 	if (cdev->deactivations == 0) {
406 		spin_unlock_irqrestore(&cdev->lock, flags);
407 		status = usb_gadget_deactivate(cdev->gadget);
408 		spin_lock_irqsave(&cdev->lock, flags);
409 	}
410 	if (status == 0)
411 		cdev->deactivations++;
412 
413 	spin_unlock_irqrestore(&cdev->lock, flags);
414 	return status;
415 }
416 EXPORT_SYMBOL_GPL(usb_function_deactivate);
417 
418 /**
419  * usb_function_activate - allow function and gadget enumeration
420  * @function: function on which usb_function_activate() was called
421  *
422  * Reverses effect of usb_function_deactivate().  If no more functions
423  * are delaying their activation, the gadget driver will respond to
424  * host enumeration procedures.
425  *
426  * Returns zero on success, else negative errno.
427  */
usb_function_activate(struct usb_function * function)428 int usb_function_activate(struct usb_function *function)
429 {
430 	struct usb_composite_dev	*cdev = function->config->cdev;
431 	unsigned long			flags;
432 	int				status = 0;
433 
434 	spin_lock_irqsave(&cdev->lock, flags);
435 
436 	if (WARN_ON(cdev->deactivations == 0))
437 		status = -EINVAL;
438 	else {
439 		cdev->deactivations--;
440 		if (cdev->deactivations == 0) {
441 			spin_unlock_irqrestore(&cdev->lock, flags);
442 			status = usb_gadget_activate(cdev->gadget);
443 			spin_lock_irqsave(&cdev->lock, flags);
444 		}
445 	}
446 
447 	spin_unlock_irqrestore(&cdev->lock, flags);
448 	return status;
449 }
450 EXPORT_SYMBOL_GPL(usb_function_activate);
451 
452 /**
453  * usb_interface_id() - allocate an unused interface ID
454  * @config: configuration associated with the interface
455  * @function: function handling the interface
456  * Context: single threaded during gadget setup
457  *
458  * usb_interface_id() is called from usb_function.bind() callbacks to
459  * allocate new interface IDs.  The function driver will then store that
460  * ID in interface, association, CDC union, and other descriptors.  It
461  * will also handle any control requests targeted at that interface,
462  * particularly changing its altsetting via set_alt().  There may
463  * also be class-specific or vendor-specific requests to handle.
464  *
465  * All interface identifier should be allocated using this routine, to
466  * ensure that for example different functions don't wrongly assign
467  * different meanings to the same identifier.  Note that since interface
468  * identifiers are configuration-specific, functions used in more than
469  * one configuration (or more than once in a given configuration) need
470  * multiple versions of the relevant descriptors.
471  *
472  * Returns the interface ID which was allocated; or -ENODEV if no
473  * more interface IDs can be allocated.
474  */
usb_interface_id(struct usb_configuration * config,struct usb_function * function)475 int usb_interface_id(struct usb_configuration *config,
476 		struct usb_function *function)
477 {
478 	unsigned id = config->next_interface_id;
479 
480 	if (id < MAX_CONFIG_INTERFACES) {
481 		config->interface[id] = function;
482 		config->next_interface_id = id + 1;
483 		return id;
484 	}
485 	return -ENODEV;
486 }
487 EXPORT_SYMBOL_GPL(usb_interface_id);
488 
489 /**
490  * usb_func_wakeup - sends function wake notification to the host.
491  * @func: function that sends the remote wakeup notification.
492  *
493  * Applicable to devices operating at enhanced superspeed when usb
494  * functions are put in function suspend state and armed for function
495  * remote wakeup. On completion, function wake notification is sent. If
496  * the device is in low power state it tries to bring the device to active
497  * state before sending the wake notification. Since it is a synchronous
498  * call, caller must take care of not calling it in interrupt context.
499  * For devices operating at lower speeds  returns negative errno.
500  *
501  * Returns zero on success, else negative errno.
502  */
usb_func_wakeup(struct usb_function * func)503 int usb_func_wakeup(struct usb_function *func)
504 {
505 	struct usb_gadget	*gadget = func->config->cdev->gadget;
506 	int			id;
507 
508 	if (!gadget->ops->func_wakeup)
509 		return -EOPNOTSUPP;
510 
511 	if (!func->func_wakeup_armed) {
512 		ERROR(func->config->cdev, "not armed for func remote wakeup\n");
513 		return -EINVAL;
514 	}
515 
516 	for (id = 0; id < MAX_CONFIG_INTERFACES; id++)
517 		if (func->config->interface[id] == func)
518 			break;
519 
520 	if (id == MAX_CONFIG_INTERFACES) {
521 		ERROR(func->config->cdev, "Invalid function\n");
522 		return -EINVAL;
523 	}
524 
525 	return gadget->ops->func_wakeup(gadget, id);
526 }
527 EXPORT_SYMBOL_GPL(usb_func_wakeup);
528 
encode_bMaxPower(enum usb_device_speed speed,struct usb_configuration * c)529 static u8 encode_bMaxPower(enum usb_device_speed speed,
530 		struct usb_configuration *c)
531 {
532 	unsigned val;
533 
534 	if (c->MaxPower || (c->bmAttributes & USB_CONFIG_ATT_SELFPOWER))
535 		val = c->MaxPower;
536 	else
537 		val = CONFIG_USB_GADGET_VBUS_DRAW;
538 	if (!val)
539 		return 0;
540 	if (speed < USB_SPEED_SUPER)
541 		return min(val, 500U) / 2;
542 	else
543 		/*
544 		 * USB 3.x supports up to 900mA, but since 900 isn't divisible
545 		 * by 8 the integral division will effectively cap to 896mA.
546 		 */
547 		return min(val, 900U) / 8;
548 }
549 
check_remote_wakeup_config(struct usb_gadget * g,struct usb_configuration * c)550 void check_remote_wakeup_config(struct usb_gadget *g,
551 				struct usb_configuration *c)
552 {
553 	if (USB_CONFIG_ATT_WAKEUP & c->bmAttributes) {
554 		/* Reset the rw bit if gadget is not capable of it */
555 		if (!g->wakeup_capable && g->ops->set_remote_wakeup) {
556 			WARN(c->cdev, "Clearing wakeup bit for config c.%d\n",
557 			     c->bConfigurationValue);
558 			c->bmAttributes &= ~USB_CONFIG_ATT_WAKEUP;
559 		}
560 	}
561 }
562 
config_buf(struct usb_configuration * config,enum usb_device_speed speed,void * buf,u8 type)563 static int config_buf(struct usb_configuration *config,
564 		enum usb_device_speed speed, void *buf, u8 type)
565 {
566 	struct usb_config_descriptor	*c = buf;
567 	void				*next = buf + USB_DT_CONFIG_SIZE;
568 	int				len;
569 	struct usb_function		*f;
570 	int				status;
571 
572 	len = USB_COMP_EP0_BUFSIZ - USB_DT_CONFIG_SIZE;
573 	/* write the config descriptor */
574 	c = buf;
575 	c->bLength = USB_DT_CONFIG_SIZE;
576 	c->bDescriptorType = type;
577 	/* wTotalLength is written later */
578 	c->bNumInterfaces = config->next_interface_id;
579 	c->bConfigurationValue = config->bConfigurationValue;
580 	c->iConfiguration = config->iConfiguration;
581 	c->bmAttributes = USB_CONFIG_ATT_ONE | config->bmAttributes;
582 	c->bMaxPower = encode_bMaxPower(speed, config);
583 
584 	/* There may be e.g. OTG descriptors */
585 	if (config->descriptors) {
586 		status = usb_descriptor_fillbuf(next, len,
587 				config->descriptors);
588 		if (status < 0)
589 			return status;
590 		len -= status;
591 		next += status;
592 	}
593 
594 	/* add each function's descriptors */
595 	list_for_each_entry(f, &config->functions, list) {
596 		struct usb_descriptor_header **descriptors;
597 
598 		descriptors = function_descriptors(f, speed);
599 		if (!descriptors)
600 			continue;
601 		status = usb_descriptor_fillbuf(next, len,
602 			(const struct usb_descriptor_header **) descriptors);
603 		if (status < 0)
604 			return status;
605 		len -= status;
606 		next += status;
607 	}
608 
609 	len = next - buf;
610 	c->wTotalLength = cpu_to_le16(len);
611 	return len;
612 }
613 
config_desc(struct usb_composite_dev * cdev,unsigned w_value)614 static int config_desc(struct usb_composite_dev *cdev, unsigned w_value)
615 {
616 	struct usb_gadget		*gadget = cdev->gadget;
617 	struct usb_configuration	*c;
618 	struct list_head		*pos;
619 	u8				type = w_value >> 8;
620 	enum usb_device_speed		speed = USB_SPEED_UNKNOWN;
621 
622 	if (gadget->speed >= USB_SPEED_SUPER)
623 		speed = gadget->speed;
624 	else if (gadget_is_dualspeed(gadget)) {
625 		int	hs = 0;
626 		if (gadget->speed == USB_SPEED_HIGH)
627 			hs = 1;
628 		if (type == USB_DT_OTHER_SPEED_CONFIG)
629 			hs = !hs;
630 		if (hs)
631 			speed = USB_SPEED_HIGH;
632 
633 	}
634 
635 	/* This is a lookup by config *INDEX* */
636 	w_value &= 0xff;
637 
638 	pos = &cdev->configs;
639 	c = cdev->os_desc_config;
640 	if (c)
641 		goto check_config;
642 
643 	while ((pos = pos->next) !=  &cdev->configs) {
644 		c = list_entry(pos, typeof(*c), list);
645 
646 		/* skip OS Descriptors config which is handled separately */
647 		if (c == cdev->os_desc_config)
648 			continue;
649 
650 check_config:
651 		/* ignore configs that won't work at this speed */
652 		switch (speed) {
653 		case USB_SPEED_SUPER_PLUS:
654 			if (!c->superspeed_plus)
655 				continue;
656 			break;
657 		case USB_SPEED_SUPER:
658 			if (!c->superspeed)
659 				continue;
660 			break;
661 		case USB_SPEED_HIGH:
662 			if (!c->highspeed)
663 				continue;
664 			break;
665 		default:
666 			if (!c->fullspeed)
667 				continue;
668 		}
669 
670 		if (w_value == 0)
671 			return config_buf(c, speed, cdev->req->buf, type);
672 		w_value--;
673 	}
674 	return -EINVAL;
675 }
676 
count_configs(struct usb_composite_dev * cdev,unsigned type)677 static int count_configs(struct usb_composite_dev *cdev, unsigned type)
678 {
679 	struct usb_gadget		*gadget = cdev->gadget;
680 	struct usb_configuration	*c;
681 	unsigned			count = 0;
682 	int				hs = 0;
683 	int				ss = 0;
684 	int				ssp = 0;
685 
686 	if (gadget_is_dualspeed(gadget)) {
687 		if (gadget->speed == USB_SPEED_HIGH)
688 			hs = 1;
689 		if (gadget->speed == USB_SPEED_SUPER)
690 			ss = 1;
691 		if (gadget->speed == USB_SPEED_SUPER_PLUS)
692 			ssp = 1;
693 		if (type == USB_DT_DEVICE_QUALIFIER)
694 			hs = !hs;
695 	}
696 	list_for_each_entry(c, &cdev->configs, list) {
697 		/* ignore configs that won't work at this speed */
698 		if (ssp) {
699 			if (!c->superspeed_plus)
700 				continue;
701 		} else if (ss) {
702 			if (!c->superspeed)
703 				continue;
704 		} else if (hs) {
705 			if (!c->highspeed)
706 				continue;
707 		} else {
708 			if (!c->fullspeed)
709 				continue;
710 		}
711 		count++;
712 	}
713 	return count;
714 }
715 
716 /**
717  * bos_desc() - prepares the BOS descriptor.
718  * @cdev: pointer to usb_composite device to generate the bos
719  *	descriptor for
720  *
721  * This function generates the BOS (Binary Device Object)
722  * descriptor and its device capabilities descriptors. The BOS
723  * descriptor should be supported by a SuperSpeed device.
724  */
bos_desc(struct usb_composite_dev * cdev)725 static int bos_desc(struct usb_composite_dev *cdev)
726 {
727 	struct usb_ext_cap_descriptor	*usb_ext;
728 	struct usb_dcd_config_params	dcd_config_params;
729 	struct usb_bos_descriptor	*bos = cdev->req->buf;
730 	unsigned int			besl = 0;
731 
732 	bos->bLength = USB_DT_BOS_SIZE;
733 	bos->bDescriptorType = USB_DT_BOS;
734 
735 	bos->wTotalLength = cpu_to_le16(USB_DT_BOS_SIZE);
736 	bos->bNumDeviceCaps = 0;
737 
738 	/* Get Controller configuration */
739 	if (cdev->gadget->ops->get_config_params) {
740 		cdev->gadget->ops->get_config_params(cdev->gadget,
741 						     &dcd_config_params);
742 	} else {
743 		dcd_config_params.besl_baseline =
744 			USB_DEFAULT_BESL_UNSPECIFIED;
745 		dcd_config_params.besl_deep =
746 			USB_DEFAULT_BESL_UNSPECIFIED;
747 		dcd_config_params.bU1devExitLat =
748 			USB_DEFAULT_U1_DEV_EXIT_LAT;
749 		dcd_config_params.bU2DevExitLat =
750 			cpu_to_le16(USB_DEFAULT_U2_DEV_EXIT_LAT);
751 	}
752 
753 	if (dcd_config_params.besl_baseline != USB_DEFAULT_BESL_UNSPECIFIED)
754 		besl = USB_BESL_BASELINE_VALID |
755 			USB_SET_BESL_BASELINE(dcd_config_params.besl_baseline);
756 
757 	if (dcd_config_params.besl_deep != USB_DEFAULT_BESL_UNSPECIFIED)
758 		besl |= USB_BESL_DEEP_VALID |
759 			USB_SET_BESL_DEEP(dcd_config_params.besl_deep);
760 
761 	/*
762 	 * A SuperSpeed device shall include the USB2.0 extension descriptor
763 	 * and shall support LPM when operating in USB2.0 HS mode.
764 	 */
765 	if (cdev->gadget->lpm_capable) {
766 		usb_ext = cdev->req->buf + le16_to_cpu(bos->wTotalLength);
767 		bos->bNumDeviceCaps++;
768 		le16_add_cpu(&bos->wTotalLength, USB_DT_USB_EXT_CAP_SIZE);
769 		usb_ext->bLength = USB_DT_USB_EXT_CAP_SIZE;
770 		usb_ext->bDescriptorType = USB_DT_DEVICE_CAPABILITY;
771 		usb_ext->bDevCapabilityType = USB_CAP_TYPE_EXT;
772 		usb_ext->bmAttributes = cpu_to_le32(USB_LPM_SUPPORT |
773 							USB_BESL_SUPPORT | besl);
774 	}
775 
776 	/*
777 	 * The Superspeed USB Capability descriptor shall be implemented by all
778 	 * SuperSpeed devices.
779 	 */
780 	if (gadget_is_superspeed(cdev->gadget)) {
781 		struct usb_ss_cap_descriptor *ss_cap;
782 
783 		ss_cap = cdev->req->buf + le16_to_cpu(bos->wTotalLength);
784 		bos->bNumDeviceCaps++;
785 		le16_add_cpu(&bos->wTotalLength, USB_DT_USB_SS_CAP_SIZE);
786 		ss_cap->bLength = USB_DT_USB_SS_CAP_SIZE;
787 		ss_cap->bDescriptorType = USB_DT_DEVICE_CAPABILITY;
788 		ss_cap->bDevCapabilityType = USB_SS_CAP_TYPE;
789 		ss_cap->bmAttributes = 0; /* LTM is not supported yet */
790 		ss_cap->wSpeedSupported = cpu_to_le16(USB_LOW_SPEED_OPERATION |
791 						      USB_FULL_SPEED_OPERATION |
792 						      USB_HIGH_SPEED_OPERATION |
793 						      USB_5GBPS_OPERATION);
794 		ss_cap->bFunctionalitySupport = USB_LOW_SPEED_OPERATION;
795 		ss_cap->bU1devExitLat = dcd_config_params.bU1devExitLat;
796 		ss_cap->bU2DevExitLat = dcd_config_params.bU2DevExitLat;
797 	}
798 
799 	/* The SuperSpeedPlus USB Device Capability descriptor */
800 	if (gadget_is_superspeed_plus(cdev->gadget)) {
801 		struct usb_ssp_cap_descriptor *ssp_cap;
802 		u8 ssac = 1;
803 		u8 ssic;
804 		int i;
805 
806 		if (cdev->gadget->max_ssp_rate == USB_SSP_GEN_2x2)
807 			ssac = 3;
808 
809 		/*
810 		 * Paired RX and TX sublink speed attributes share
811 		 * the same SSID.
812 		 */
813 		ssic = (ssac + 1) / 2 - 1;
814 
815 		ssp_cap = cdev->req->buf + le16_to_cpu(bos->wTotalLength);
816 		bos->bNumDeviceCaps++;
817 
818 		le16_add_cpu(&bos->wTotalLength, USB_DT_USB_SSP_CAP_SIZE(ssac));
819 		ssp_cap->bLength = USB_DT_USB_SSP_CAP_SIZE(ssac);
820 		ssp_cap->bDescriptorType = USB_DT_DEVICE_CAPABILITY;
821 		ssp_cap->bDevCapabilityType = USB_SSP_CAP_TYPE;
822 		ssp_cap->bReserved = 0;
823 		ssp_cap->wReserved = 0;
824 
825 		ssp_cap->bmAttributes =
826 			cpu_to_le32(FIELD_PREP(USB_SSP_SUBLINK_SPEED_ATTRIBS, ssac) |
827 				    FIELD_PREP(USB_SSP_SUBLINK_SPEED_IDS, ssic));
828 
829 		ssp_cap->wFunctionalitySupport =
830 			cpu_to_le16(FIELD_PREP(USB_SSP_MIN_SUBLINK_SPEED_ATTRIBUTE_ID, 0) |
831 				    FIELD_PREP(USB_SSP_MIN_RX_LANE_COUNT, 1) |
832 				    FIELD_PREP(USB_SSP_MIN_TX_LANE_COUNT, 1));
833 
834 		/*
835 		 * Use 1 SSID if the gadget supports up to gen2x1 or not
836 		 * specified:
837 		 * - SSID 0 for symmetric RX/TX sublink speed of 10 Gbps.
838 		 *
839 		 * Use 1 SSID if the gadget supports up to gen1x2:
840 		 * - SSID 0 for symmetric RX/TX sublink speed of 5 Gbps.
841 		 *
842 		 * Use 2 SSIDs if the gadget supports up to gen2x2:
843 		 * - SSID 0 for symmetric RX/TX sublink speed of 5 Gbps.
844 		 * - SSID 1 for symmetric RX/TX sublink speed of 10 Gbps.
845 		 */
846 		for (i = 0; i < ssac + 1; i++) {
847 			u8 ssid;
848 			u8 mantissa;
849 			u8 type;
850 
851 			ssid = i >> 1;
852 
853 			if (cdev->gadget->max_ssp_rate == USB_SSP_GEN_2x1 ||
854 			    cdev->gadget->max_ssp_rate == USB_SSP_GEN_UNKNOWN)
855 				mantissa = 10;
856 			else
857 				mantissa = 5 << ssid;
858 
859 			if (i % 2)
860 				type = USB_SSP_SUBLINK_SPEED_ST_SYM_TX;
861 			else
862 				type = USB_SSP_SUBLINK_SPEED_ST_SYM_RX;
863 
864 			ssp_cap->bmSublinkSpeedAttr[i] =
865 				cpu_to_le32(FIELD_PREP(USB_SSP_SUBLINK_SPEED_SSID, ssid) |
866 					    FIELD_PREP(USB_SSP_SUBLINK_SPEED_LSE,
867 						       USB_SSP_SUBLINK_SPEED_LSE_GBPS) |
868 					    FIELD_PREP(USB_SSP_SUBLINK_SPEED_ST, type) |
869 					    FIELD_PREP(USB_SSP_SUBLINK_SPEED_LP,
870 						       USB_SSP_SUBLINK_SPEED_LP_SSP) |
871 					    FIELD_PREP(USB_SSP_SUBLINK_SPEED_LSM, mantissa));
872 		}
873 	}
874 
875 	/* The WebUSB Platform Capability descriptor */
876 	if (cdev->use_webusb) {
877 		struct usb_plat_dev_cap_descriptor *webusb_cap;
878 		struct usb_webusb_cap_data *webusb_cap_data;
879 		guid_t webusb_uuid = WEBUSB_UUID;
880 
881 		webusb_cap = cdev->req->buf + le16_to_cpu(bos->wTotalLength);
882 		webusb_cap_data = (struct usb_webusb_cap_data *) webusb_cap->CapabilityData;
883 		bos->bNumDeviceCaps++;
884 		le16_add_cpu(&bos->wTotalLength,
885 			USB_DT_USB_PLAT_DEV_CAP_SIZE(USB_WEBUSB_CAP_DATA_SIZE));
886 
887 		webusb_cap->bLength = USB_DT_USB_PLAT_DEV_CAP_SIZE(USB_WEBUSB_CAP_DATA_SIZE);
888 		webusb_cap->bDescriptorType = USB_DT_DEVICE_CAPABILITY;
889 		webusb_cap->bDevCapabilityType = USB_PLAT_DEV_CAP_TYPE;
890 		webusb_cap->bReserved = 0;
891 		export_guid(webusb_cap->UUID, &webusb_uuid);
892 
893 		if (cdev->bcd_webusb_version != 0)
894 			webusb_cap_data->bcdVersion = cpu_to_le16(cdev->bcd_webusb_version);
895 		else
896 			webusb_cap_data->bcdVersion = WEBUSB_VERSION_1_00;
897 
898 		webusb_cap_data->bVendorCode = cdev->b_webusb_vendor_code;
899 
900 		if (strnlen(cdev->landing_page, sizeof(cdev->landing_page)) > 0)
901 			webusb_cap_data->iLandingPage = WEBUSB_LANDING_PAGE_PRESENT;
902 		else
903 			webusb_cap_data->iLandingPage = WEBUSB_LANDING_PAGE_NOT_PRESENT;
904 	}
905 
906 	return le16_to_cpu(bos->wTotalLength);
907 }
908 
device_qual(struct usb_composite_dev * cdev)909 static void device_qual(struct usb_composite_dev *cdev)
910 {
911 	struct usb_qualifier_descriptor	*qual = cdev->req->buf;
912 
913 	qual->bLength = sizeof(*qual);
914 	qual->bDescriptorType = USB_DT_DEVICE_QUALIFIER;
915 	/* POLICY: same bcdUSB and device type info at both speeds */
916 	qual->bcdUSB = cdev->desc.bcdUSB;
917 	qual->bDeviceClass = cdev->desc.bDeviceClass;
918 	qual->bDeviceSubClass = cdev->desc.bDeviceSubClass;
919 	qual->bDeviceProtocol = cdev->desc.bDeviceProtocol;
920 	/* ASSUME same EP0 fifo size at both speeds */
921 	qual->bMaxPacketSize0 = cdev->gadget->ep0->maxpacket;
922 	qual->bNumConfigurations = count_configs(cdev, USB_DT_DEVICE_QUALIFIER);
923 	qual->bRESERVED = 0;
924 }
925 
926 /*-------------------------------------------------------------------------*/
927 
reset_config(struct usb_composite_dev * cdev)928 static void reset_config(struct usb_composite_dev *cdev)
929 {
930 	struct usb_function		*f;
931 
932 	DBG(cdev, "reset config\n");
933 
934 	list_for_each_entry(f, &cdev->config->functions, list) {
935 		if (f->disable)
936 			f->disable(f);
937 
938 		/* Section 9.1.1.6, disable remote wakeup when device is reset */
939 		f->func_wakeup_armed = false;
940 
941 		bitmap_zero(f->endpoints, 32);
942 	}
943 	cdev->config = NULL;
944 	cdev->delayed_status = 0;
945 }
946 
set_config(struct usb_composite_dev * cdev,const struct usb_ctrlrequest * ctrl,unsigned number)947 static int set_config(struct usb_composite_dev *cdev,
948 		const struct usb_ctrlrequest *ctrl, unsigned number)
949 {
950 	struct usb_gadget	*gadget = cdev->gadget;
951 	struct usb_configuration *c = NULL, *iter;
952 	int			result = -EINVAL;
953 	unsigned		power = gadget_is_otg(gadget) ? 8 : 100;
954 	int			tmp;
955 
956 	if (number) {
957 		list_for_each_entry(iter, &cdev->configs, list) {
958 			if (iter->bConfigurationValue != number)
959 				continue;
960 			/*
961 			 * We disable the FDs of the previous
962 			 * configuration only if the new configuration
963 			 * is a valid one
964 			 */
965 			if (cdev->config)
966 				reset_config(cdev);
967 			c = iter;
968 			result = 0;
969 			break;
970 		}
971 		if (result < 0)
972 			goto done;
973 	} else { /* Zero configuration value - need to reset the config */
974 		if (cdev->config)
975 			reset_config(cdev);
976 		result = 0;
977 	}
978 
979 	DBG(cdev, "%s config #%d: %s\n",
980 	    usb_speed_string(gadget->speed),
981 	    number, c ? c->label : "unconfigured");
982 
983 	if (!c)
984 		goto done;
985 
986 	usb_gadget_set_state(gadget, USB_STATE_CONFIGURED);
987 	cdev->config = c;
988 
989 	/* Initialize all interfaces by setting them to altsetting zero. */
990 	for (tmp = 0; tmp < MAX_CONFIG_INTERFACES; tmp++) {
991 		struct usb_function	*f = c->interface[tmp];
992 		struct usb_descriptor_header **descriptors;
993 
994 		if (!f)
995 			break;
996 
997 		/*
998 		 * Record which endpoints are used by the function. This is used
999 		 * to dispatch control requests targeted at that endpoint to the
1000 		 * function's setup callback instead of the current
1001 		 * configuration's setup callback.
1002 		 */
1003 		descriptors = function_descriptors(f, gadget->speed);
1004 
1005 		for (; *descriptors; ++descriptors) {
1006 			struct usb_endpoint_descriptor *ep;
1007 			int addr;
1008 
1009 			if ((*descriptors)->bDescriptorType != USB_DT_ENDPOINT)
1010 				continue;
1011 
1012 			ep = (struct usb_endpoint_descriptor *)*descriptors;
1013 			addr = ((ep->bEndpointAddress & 0x80) >> 3)
1014 			     |  (ep->bEndpointAddress & 0x0f);
1015 			set_bit(addr, f->endpoints);
1016 		}
1017 
1018 		result = f->set_alt(f, tmp, 0);
1019 		if (result < 0) {
1020 			DBG(cdev, "interface %d (%s/%p) alt 0 --> %d\n",
1021 					tmp, f->name, f, result);
1022 
1023 			reset_config(cdev);
1024 			goto done;
1025 		}
1026 
1027 		if (result == USB_GADGET_DELAYED_STATUS) {
1028 			DBG(cdev,
1029 			 "%s: interface %d (%s) requested delayed status\n",
1030 					__func__, tmp, f->name);
1031 			cdev->delayed_status++;
1032 			DBG(cdev, "delayed_status count %d\n",
1033 					cdev->delayed_status);
1034 		}
1035 	}
1036 
1037 	/* when we return, be sure our power usage is valid */
1038 	if (c->MaxPower || (c->bmAttributes & USB_CONFIG_ATT_SELFPOWER))
1039 		power = c->MaxPower;
1040 	else
1041 		power = CONFIG_USB_GADGET_VBUS_DRAW;
1042 
1043 	if (gadget->speed < USB_SPEED_SUPER)
1044 		power = min(power, 500U);
1045 	else
1046 		power = min(power, 900U);
1047 
1048 	if (USB_CONFIG_ATT_WAKEUP & c->bmAttributes)
1049 		usb_gadget_set_remote_wakeup(gadget, 1);
1050 	else
1051 		usb_gadget_set_remote_wakeup(gadget, 0);
1052 done:
1053 	if (power <= USB_SELF_POWER_VBUS_MAX_DRAW)
1054 		usb_gadget_set_selfpowered(gadget);
1055 	else
1056 		usb_gadget_clear_selfpowered(gadget);
1057 
1058 	usb_gadget_vbus_draw(gadget, power);
1059 	if (result >= 0 && cdev->delayed_status)
1060 		result = USB_GADGET_DELAYED_STATUS;
1061 	return result;
1062 }
1063 
usb_add_config_only(struct usb_composite_dev * cdev,struct usb_configuration * config)1064 int usb_add_config_only(struct usb_composite_dev *cdev,
1065 		struct usb_configuration *config)
1066 {
1067 	struct usb_configuration *c;
1068 
1069 	if (!config->bConfigurationValue)
1070 		return -EINVAL;
1071 
1072 	/* Prevent duplicate configuration identifiers */
1073 	list_for_each_entry(c, &cdev->configs, list) {
1074 		if (c->bConfigurationValue == config->bConfigurationValue)
1075 			return -EBUSY;
1076 	}
1077 
1078 	config->cdev = cdev;
1079 	list_add_tail(&config->list, &cdev->configs);
1080 
1081 	INIT_LIST_HEAD(&config->functions);
1082 	config->next_interface_id = 0;
1083 	memset(config->interface, 0, sizeof(config->interface));
1084 
1085 	return 0;
1086 }
1087 EXPORT_SYMBOL_GPL(usb_add_config_only);
1088 
1089 /**
1090  * usb_add_config() - add a configuration to a device.
1091  * @cdev: wraps the USB gadget
1092  * @config: the configuration, with bConfigurationValue assigned
1093  * @bind: the configuration's bind function
1094  * Context: single threaded during gadget setup
1095  *
1096  * One of the main tasks of a composite @bind() routine is to
1097  * add each of the configurations it supports, using this routine.
1098  *
1099  * This function returns the value of the configuration's @bind(), which
1100  * is zero for success else a negative errno value.  Binding configurations
1101  * assigns global resources including string IDs, and per-configuration
1102  * resources such as interface IDs and endpoints.
1103  */
usb_add_config(struct usb_composite_dev * cdev,struct usb_configuration * config,int (* bind)(struct usb_configuration *))1104 int usb_add_config(struct usb_composite_dev *cdev,
1105 		struct usb_configuration *config,
1106 		int (*bind)(struct usb_configuration *))
1107 {
1108 	int				status = -EINVAL;
1109 
1110 	if (!bind)
1111 		goto done;
1112 
1113 	DBG(cdev, "adding config #%u '%s'/%p\n",
1114 			config->bConfigurationValue,
1115 			config->label, config);
1116 
1117 	status = usb_add_config_only(cdev, config);
1118 	if (status)
1119 		goto done;
1120 
1121 	status = bind(config);
1122 
1123 	if (status == 0)
1124 		status = usb_gadget_check_config(cdev->gadget);
1125 
1126 	if (status < 0) {
1127 		while (!list_empty(&config->functions)) {
1128 			struct usb_function		*f;
1129 
1130 			f = list_first_entry(&config->functions,
1131 					struct usb_function, list);
1132 			list_del(&f->list);
1133 			if (f->unbind) {
1134 				DBG(cdev, "unbind function '%s'/%p\n",
1135 					f->name, f);
1136 				f->unbind(config, f);
1137 				/* may free memory for "f" */
1138 			}
1139 		}
1140 		list_del(&config->list);
1141 		config->cdev = NULL;
1142 	} else {
1143 		unsigned	i;
1144 
1145 		DBG(cdev, "cfg %d/%p speeds:%s%s%s%s\n",
1146 			config->bConfigurationValue, config,
1147 			config->superspeed_plus ? " superplus" : "",
1148 			config->superspeed ? " super" : "",
1149 			config->highspeed ? " high" : "",
1150 			config->fullspeed
1151 				? (gadget_is_dualspeed(cdev->gadget)
1152 					? " full"
1153 					: " full/low")
1154 				: "");
1155 
1156 		for (i = 0; i < MAX_CONFIG_INTERFACES; i++) {
1157 			struct usb_function	*f = config->interface[i];
1158 
1159 			if (!f)
1160 				continue;
1161 			DBG(cdev, "  interface %d = %s/%p\n",
1162 				i, f->name, f);
1163 		}
1164 	}
1165 
1166 	/* set_alt(), or next bind(), sets up ep->claimed as needed */
1167 	usb_ep_autoconfig_reset(cdev->gadget);
1168 
1169 done:
1170 	if (status)
1171 		DBG(cdev, "added config '%s'/%u --> %d\n", config->label,
1172 				config->bConfigurationValue, status);
1173 	return status;
1174 }
1175 EXPORT_SYMBOL_GPL(usb_add_config);
1176 
remove_config(struct usb_composite_dev * cdev,struct usb_configuration * config)1177 static void remove_config(struct usb_composite_dev *cdev,
1178 			      struct usb_configuration *config)
1179 {
1180 	while (!list_empty(&config->functions)) {
1181 		struct usb_function		*f;
1182 
1183 		f = list_first_entry(&config->functions,
1184 				struct usb_function, list);
1185 
1186 		usb_remove_function(config, f);
1187 	}
1188 	list_del(&config->list);
1189 	if (config->unbind) {
1190 		DBG(cdev, "unbind config '%s'/%p\n", config->label, config);
1191 		config->unbind(config);
1192 			/* may free memory for "c" */
1193 	}
1194 }
1195 
1196 /**
1197  * usb_remove_config() - remove a configuration from a device.
1198  * @cdev: wraps the USB gadget
1199  * @config: the configuration
1200  *
1201  * Drivers must call usb_gadget_disconnect before calling this function
1202  * to disconnect the device from the host and make sure the host will not
1203  * try to enumerate the device while we are changing the config list.
1204  */
usb_remove_config(struct usb_composite_dev * cdev,struct usb_configuration * config)1205 void usb_remove_config(struct usb_composite_dev *cdev,
1206 		      struct usb_configuration *config)
1207 {
1208 	unsigned long flags;
1209 
1210 	spin_lock_irqsave(&cdev->lock, flags);
1211 
1212 	if (cdev->config == config)
1213 		reset_config(cdev);
1214 
1215 	spin_unlock_irqrestore(&cdev->lock, flags);
1216 
1217 	remove_config(cdev, config);
1218 }
1219 
1220 /*-------------------------------------------------------------------------*/
1221 
1222 /* We support strings in multiple languages ... string descriptor zero
1223  * says which languages are supported.  The typical case will be that
1224  * only one language (probably English) is used, with i18n handled on
1225  * the host side.
1226  */
1227 
collect_langs(struct usb_gadget_strings ** sp,__le16 * buf)1228 static void collect_langs(struct usb_gadget_strings **sp, __le16 *buf)
1229 {
1230 	const struct usb_gadget_strings	*s;
1231 	__le16				language;
1232 	__le16				*tmp;
1233 
1234 	while (*sp) {
1235 		s = *sp;
1236 		language = cpu_to_le16(s->language);
1237 		for (tmp = buf; *tmp && tmp < &buf[USB_MAX_STRING_LEN]; tmp++) {
1238 			if (*tmp == language)
1239 				goto repeat;
1240 		}
1241 		*tmp++ = language;
1242 repeat:
1243 		sp++;
1244 	}
1245 }
1246 
lookup_string(struct usb_gadget_strings ** sp,void * buf,u16 language,int id)1247 static int lookup_string(
1248 	struct usb_gadget_strings	**sp,
1249 	void				*buf,
1250 	u16				language,
1251 	int				id
1252 )
1253 {
1254 	struct usb_gadget_strings	*s;
1255 	int				value;
1256 
1257 	while (*sp) {
1258 		s = *sp++;
1259 		if (s->language != language)
1260 			continue;
1261 		value = usb_gadget_get_string(s, id, buf);
1262 		if (value > 0)
1263 			return value;
1264 	}
1265 	return -EINVAL;
1266 }
1267 
get_string(struct usb_composite_dev * cdev,void * buf,u16 language,int id)1268 static int get_string(struct usb_composite_dev *cdev,
1269 		void *buf, u16 language, int id)
1270 {
1271 	struct usb_composite_driver	*composite = cdev->driver;
1272 	struct usb_gadget_string_container *uc;
1273 	struct usb_configuration	*c;
1274 	struct usb_function		*f;
1275 	int				len;
1276 
1277 	/* Yes, not only is USB's i18n support probably more than most
1278 	 * folk will ever care about ... also, it's all supported here.
1279 	 * (Except for UTF8 support for Unicode's "Astral Planes".)
1280 	 */
1281 
1282 	/* 0 == report all available language codes */
1283 	if (id == 0) {
1284 		struct usb_string_descriptor	*s = buf;
1285 		struct usb_gadget_strings	**sp;
1286 
1287 		memset(s, 0, 256);
1288 		s->bDescriptorType = USB_DT_STRING;
1289 
1290 		sp = composite->strings;
1291 		if (sp)
1292 			collect_langs(sp, s->wData);
1293 
1294 		list_for_each_entry(c, &cdev->configs, list) {
1295 			sp = c->strings;
1296 			if (sp)
1297 				collect_langs(sp, s->wData);
1298 
1299 			list_for_each_entry(f, &c->functions, list) {
1300 				sp = f->strings;
1301 				if (sp)
1302 					collect_langs(sp, s->wData);
1303 			}
1304 		}
1305 		list_for_each_entry(uc, &cdev->gstrings, list) {
1306 			struct usb_gadget_strings **sp;
1307 
1308 			sp = get_containers_gs(uc);
1309 			collect_langs(sp, s->wData);
1310 		}
1311 
1312 		for (len = 0; len <= USB_MAX_STRING_LEN && s->wData[len]; len++)
1313 			continue;
1314 		if (!len)
1315 			return -EINVAL;
1316 
1317 		s->bLength = 2 * (len + 1);
1318 		return s->bLength;
1319 	}
1320 
1321 	if (cdev->use_os_string && language == 0 && id == OS_STRING_IDX) {
1322 		struct usb_os_string *b = buf;
1323 		b->bLength = sizeof(*b);
1324 		b->bDescriptorType = USB_DT_STRING;
1325 		compiletime_assert(
1326 			sizeof(b->qwSignature) == sizeof(cdev->qw_sign),
1327 			"qwSignature size must be equal to qw_sign");
1328 		memcpy(&b->qwSignature, cdev->qw_sign, sizeof(b->qwSignature));
1329 		b->bMS_VendorCode = cdev->b_vendor_code;
1330 		b->bPad = 0;
1331 		return sizeof(*b);
1332 	}
1333 
1334 	list_for_each_entry(uc, &cdev->gstrings, list) {
1335 		struct usb_gadget_strings **sp;
1336 
1337 		sp = get_containers_gs(uc);
1338 		len = lookup_string(sp, buf, language, id);
1339 		if (len > 0)
1340 			return len;
1341 	}
1342 
1343 	/* String IDs are device-scoped, so we look up each string
1344 	 * table we're told about.  These lookups are infrequent;
1345 	 * simpler-is-better here.
1346 	 */
1347 	if (composite->strings) {
1348 		len = lookup_string(composite->strings, buf, language, id);
1349 		if (len > 0)
1350 			return len;
1351 	}
1352 	list_for_each_entry(c, &cdev->configs, list) {
1353 		if (c->strings) {
1354 			len = lookup_string(c->strings, buf, language, id);
1355 			if (len > 0)
1356 				return len;
1357 		}
1358 		list_for_each_entry(f, &c->functions, list) {
1359 			if (!f->strings)
1360 				continue;
1361 			len = lookup_string(f->strings, buf, language, id);
1362 			if (len > 0)
1363 				return len;
1364 		}
1365 	}
1366 	return -EINVAL;
1367 }
1368 
1369 /**
1370  * usb_string_id() - allocate an unused string ID
1371  * @cdev: the device whose string descriptor IDs are being allocated
1372  * Context: single threaded during gadget setup
1373  *
1374  * @usb_string_id() is called from bind() callbacks to allocate
1375  * string IDs.  Drivers for functions, configurations, or gadgets will
1376  * then store that ID in the appropriate descriptors and string table.
1377  *
1378  * All string identifier should be allocated using this,
1379  * @usb_string_ids_tab() or @usb_string_ids_n() routine, to ensure
1380  * that for example different functions don't wrongly assign different
1381  * meanings to the same identifier.
1382  */
usb_string_id(struct usb_composite_dev * cdev)1383 int usb_string_id(struct usb_composite_dev *cdev)
1384 {
1385 	if (cdev->next_string_id < 254) {
1386 		/* string id 0 is reserved by USB spec for list of
1387 		 * supported languages */
1388 		/* 255 reserved as well? -- mina86 */
1389 		cdev->next_string_id++;
1390 		return cdev->next_string_id;
1391 	}
1392 	return -ENODEV;
1393 }
1394 EXPORT_SYMBOL_GPL(usb_string_id);
1395 
1396 /**
1397  * usb_string_ids_tab() - allocate unused string IDs in batch
1398  * @cdev: the device whose string descriptor IDs are being allocated
1399  * @str: an array of usb_string objects to assign numbers to
1400  * Context: single threaded during gadget setup
1401  *
1402  * @usb_string_ids() is called from bind() callbacks to allocate
1403  * string IDs.  Drivers for functions, configurations, or gadgets will
1404  * then copy IDs from the string table to the appropriate descriptors
1405  * and string table for other languages.
1406  *
1407  * All string identifier should be allocated using this,
1408  * @usb_string_id() or @usb_string_ids_n() routine, to ensure that for
1409  * example different functions don't wrongly assign different meanings
1410  * to the same identifier.
1411  */
usb_string_ids_tab(struct usb_composite_dev * cdev,struct usb_string * str)1412 int usb_string_ids_tab(struct usb_composite_dev *cdev, struct usb_string *str)
1413 {
1414 	int next = cdev->next_string_id;
1415 
1416 	for (; str->s; ++str) {
1417 		if (unlikely(next >= 254))
1418 			return -ENODEV;
1419 		str->id = ++next;
1420 	}
1421 
1422 	cdev->next_string_id = next;
1423 
1424 	return 0;
1425 }
1426 EXPORT_SYMBOL_GPL(usb_string_ids_tab);
1427 
copy_gadget_strings(struct usb_gadget_strings ** sp,unsigned n_gstrings,unsigned n_strings)1428 static struct usb_gadget_string_container *copy_gadget_strings(
1429 		struct usb_gadget_strings **sp, unsigned n_gstrings,
1430 		unsigned n_strings)
1431 {
1432 	struct usb_gadget_string_container *uc;
1433 	struct usb_gadget_strings **gs_array;
1434 	struct usb_gadget_strings *gs;
1435 	struct usb_string *s;
1436 	unsigned mem;
1437 	unsigned n_gs;
1438 	unsigned n_s;
1439 	void *stash;
1440 
1441 	mem = sizeof(*uc);
1442 	mem += sizeof(void *) * (n_gstrings + 1);
1443 	mem += sizeof(struct usb_gadget_strings) * n_gstrings;
1444 	mem += sizeof(struct usb_string) * (n_strings + 1) * (n_gstrings);
1445 	uc = kmalloc(mem, GFP_KERNEL);
1446 	if (!uc)
1447 		return ERR_PTR(-ENOMEM);
1448 	gs_array = get_containers_gs(uc);
1449 	stash = uc->stash;
1450 	stash += sizeof(void *) * (n_gstrings + 1);
1451 	for (n_gs = 0; n_gs < n_gstrings; n_gs++) {
1452 		struct usb_string *org_s;
1453 
1454 		gs_array[n_gs] = stash;
1455 		gs = gs_array[n_gs];
1456 		stash += sizeof(struct usb_gadget_strings);
1457 		gs->language = sp[n_gs]->language;
1458 		gs->strings = stash;
1459 		org_s = sp[n_gs]->strings;
1460 
1461 		for (n_s = 0; n_s < n_strings; n_s++) {
1462 			s = stash;
1463 			stash += sizeof(struct usb_string);
1464 			if (org_s->s)
1465 				s->s = org_s->s;
1466 			else
1467 				s->s = "";
1468 			org_s++;
1469 		}
1470 		s = stash;
1471 		s->s = NULL;
1472 		stash += sizeof(struct usb_string);
1473 
1474 	}
1475 	gs_array[n_gs] = NULL;
1476 	return uc;
1477 }
1478 
1479 /**
1480  * usb_gstrings_attach() - attach gadget strings to a cdev and assign ids
1481  * @cdev: the device whose string descriptor IDs are being allocated
1482  * and attached.
1483  * @sp: an array of usb_gadget_strings to attach.
1484  * @n_strings: number of entries in each usb_strings array (sp[]->strings)
1485  *
1486  * This function will create a deep copy of usb_gadget_strings and usb_string
1487  * and attach it to the cdev. The actual string (usb_string.s) will not be
1488  * copied but only a referenced will be made. The struct usb_gadget_strings
1489  * array may contain multiple languages and should be NULL terminated.
1490  * The ->language pointer of each struct usb_gadget_strings has to contain the
1491  * same amount of entries.
1492  * For instance: sp[0] is en-US, sp[1] is es-ES. It is expected that the first
1493  * usb_string entry of es-ES contains the translation of the first usb_string
1494  * entry of en-US. Therefore both entries become the same id assign.
1495  */
usb_gstrings_attach(struct usb_composite_dev * cdev,struct usb_gadget_strings ** sp,unsigned n_strings)1496 struct usb_string *usb_gstrings_attach(struct usb_composite_dev *cdev,
1497 		struct usb_gadget_strings **sp, unsigned n_strings)
1498 {
1499 	struct usb_gadget_string_container *uc;
1500 	struct usb_gadget_strings **n_gs;
1501 	unsigned n_gstrings = 0;
1502 	unsigned i;
1503 	int ret;
1504 
1505 	for (i = 0; sp[i]; i++)
1506 		n_gstrings++;
1507 
1508 	if (!n_gstrings)
1509 		return ERR_PTR(-EINVAL);
1510 
1511 	uc = copy_gadget_strings(sp, n_gstrings, n_strings);
1512 	if (IS_ERR(uc))
1513 		return ERR_CAST(uc);
1514 
1515 	n_gs = get_containers_gs(uc);
1516 	ret = usb_string_ids_tab(cdev, n_gs[0]->strings);
1517 	if (ret)
1518 		goto err;
1519 
1520 	for (i = 1; i < n_gstrings; i++) {
1521 		struct usb_string *m_s;
1522 		struct usb_string *s;
1523 		unsigned n;
1524 
1525 		m_s = n_gs[0]->strings;
1526 		s = n_gs[i]->strings;
1527 		for (n = 0; n < n_strings; n++) {
1528 			s->id = m_s->id;
1529 			s++;
1530 			m_s++;
1531 		}
1532 	}
1533 	list_add_tail(&uc->list, &cdev->gstrings);
1534 	return n_gs[0]->strings;
1535 err:
1536 	kfree(uc);
1537 	return ERR_PTR(ret);
1538 }
1539 EXPORT_SYMBOL_GPL(usb_gstrings_attach);
1540 
1541 /**
1542  * usb_string_ids_n() - allocate unused string IDs in batch
1543  * @c: the device whose string descriptor IDs are being allocated
1544  * @n: number of string IDs to allocate
1545  * Context: single threaded during gadget setup
1546  *
1547  * Returns the first requested ID.  This ID and next @n-1 IDs are now
1548  * valid IDs.  At least provided that @n is non-zero because if it
1549  * is, returns last requested ID which is now very useful information.
1550  *
1551  * @usb_string_ids_n() is called from bind() callbacks to allocate
1552  * string IDs.  Drivers for functions, configurations, or gadgets will
1553  * then store that ID in the appropriate descriptors and string table.
1554  *
1555  * All string identifier should be allocated using this,
1556  * @usb_string_id() or @usb_string_ids_n() routine, to ensure that for
1557  * example different functions don't wrongly assign different meanings
1558  * to the same identifier.
1559  */
usb_string_ids_n(struct usb_composite_dev * c,unsigned n)1560 int usb_string_ids_n(struct usb_composite_dev *c, unsigned n)
1561 {
1562 	unsigned next = c->next_string_id;
1563 	if (unlikely(n > 254 || (unsigned)next + n > 254))
1564 		return -ENODEV;
1565 	c->next_string_id += n;
1566 	return next + 1;
1567 }
1568 EXPORT_SYMBOL_GPL(usb_string_ids_n);
1569 
1570 /*-------------------------------------------------------------------------*/
1571 
composite_setup_complete(struct usb_ep * ep,struct usb_request * req)1572 static void composite_setup_complete(struct usb_ep *ep, struct usb_request *req)
1573 {
1574 	struct usb_composite_dev *cdev;
1575 
1576 	if (req->status || req->actual != req->length)
1577 		DBG((struct usb_composite_dev *) ep->driver_data,
1578 				"setup complete --> %d, %d/%d\n",
1579 				req->status, req->actual, req->length);
1580 
1581 	/*
1582 	 * REVIST The same ep0 requests are shared with function drivers
1583 	 * so they don't have to maintain the same ->complete() stubs.
1584 	 *
1585 	 * Because of that, we need to check for the validity of ->context
1586 	 * here, even though we know we've set it to something useful.
1587 	 */
1588 	if (!req->context)
1589 		return;
1590 
1591 	cdev = req->context;
1592 
1593 	if (cdev->req == req)
1594 		cdev->setup_pending = false;
1595 	else if (cdev->os_desc_req == req)
1596 		cdev->os_desc_pending = false;
1597 	else
1598 		WARN(1, "unknown request %p\n", req);
1599 }
1600 
composite_ep0_queue(struct usb_composite_dev * cdev,struct usb_request * req,gfp_t gfp_flags)1601 static int composite_ep0_queue(struct usb_composite_dev *cdev,
1602 		struct usb_request *req, gfp_t gfp_flags)
1603 {
1604 	int ret;
1605 
1606 	ret = usb_ep_queue(cdev->gadget->ep0, req, gfp_flags);
1607 	if (ret == 0) {
1608 		if (cdev->req == req)
1609 			cdev->setup_pending = true;
1610 		else if (cdev->os_desc_req == req)
1611 			cdev->os_desc_pending = true;
1612 		else
1613 			WARN(1, "unknown request %p\n", req);
1614 	}
1615 
1616 	return ret;
1617 }
1618 
count_ext_compat(struct usb_configuration * c)1619 static int count_ext_compat(struct usb_configuration *c)
1620 {
1621 	int i, res;
1622 
1623 	res = 0;
1624 	for (i = 0; i < c->next_interface_id; ++i) {
1625 		struct usb_function *f;
1626 		int j;
1627 
1628 		f = c->interface[i];
1629 		for (j = 0; j < f->os_desc_n; ++j) {
1630 			struct usb_os_desc *d;
1631 
1632 			if (i != f->os_desc_table[j].if_id)
1633 				continue;
1634 			d = f->os_desc_table[j].os_desc;
1635 			if (d && d->ext_compat_id)
1636 				++res;
1637 		}
1638 	}
1639 	BUG_ON(res > 255);
1640 	return res;
1641 }
1642 
fill_ext_compat(struct usb_configuration * c,u8 * buf)1643 static int fill_ext_compat(struct usb_configuration *c, u8 *buf)
1644 {
1645 	int i, count;
1646 
1647 	count = 16;
1648 	buf += 16;
1649 	for (i = 0; i < c->next_interface_id; ++i) {
1650 		struct usb_function *f;
1651 		int j;
1652 
1653 		f = c->interface[i];
1654 		for (j = 0; j < f->os_desc_n; ++j) {
1655 			struct usb_os_desc *d;
1656 
1657 			if (i != f->os_desc_table[j].if_id)
1658 				continue;
1659 			d = f->os_desc_table[j].os_desc;
1660 			if (d && d->ext_compat_id) {
1661 				*buf++ = i;
1662 				*buf++ = 0x01;
1663 				memcpy(buf, d->ext_compat_id, 16);
1664 				buf += 22;
1665 			} else {
1666 				++buf;
1667 				*buf = 0x01;
1668 				buf += 23;
1669 			}
1670 			count += 24;
1671 			if (count + 24 >= USB_COMP_EP0_OS_DESC_BUFSIZ)
1672 				return count;
1673 		}
1674 	}
1675 
1676 	return count;
1677 }
1678 
count_ext_prop(struct usb_configuration * c,int interface)1679 static int count_ext_prop(struct usb_configuration *c, int interface)
1680 {
1681 	struct usb_function *f;
1682 	int j;
1683 
1684 	f = c->interface[interface];
1685 	for (j = 0; j < f->os_desc_n; ++j) {
1686 		struct usb_os_desc *d;
1687 
1688 		if (interface != f->os_desc_table[j].if_id)
1689 			continue;
1690 		d = f->os_desc_table[j].os_desc;
1691 		if (d && d->ext_compat_id)
1692 			return d->ext_prop_count;
1693 	}
1694 	return 0;
1695 }
1696 
len_ext_prop(struct usb_configuration * c,int interface)1697 static int len_ext_prop(struct usb_configuration *c, int interface)
1698 {
1699 	struct usb_function *f;
1700 	struct usb_os_desc *d;
1701 	int j, res;
1702 
1703 	res = 10; /* header length */
1704 	f = c->interface[interface];
1705 	for (j = 0; j < f->os_desc_n; ++j) {
1706 		if (interface != f->os_desc_table[j].if_id)
1707 			continue;
1708 		d = f->os_desc_table[j].os_desc;
1709 		if (d)
1710 			return min(res + d->ext_prop_len, 4096);
1711 	}
1712 	return res;
1713 }
1714 
fill_ext_prop(struct usb_configuration * c,int interface,u8 * buf)1715 static int fill_ext_prop(struct usb_configuration *c, int interface, u8 *buf)
1716 {
1717 	struct usb_function *f;
1718 	struct usb_os_desc *d;
1719 	struct usb_os_desc_ext_prop *ext_prop;
1720 	int j, count, n, ret;
1721 
1722 	f = c->interface[interface];
1723 	count = 10; /* header length */
1724 	buf += 10;
1725 	for (j = 0; j < f->os_desc_n; ++j) {
1726 		if (interface != f->os_desc_table[j].if_id)
1727 			continue;
1728 		d = f->os_desc_table[j].os_desc;
1729 		if (d)
1730 			list_for_each_entry(ext_prop, &d->ext_prop, entry) {
1731 				n = ext_prop->data_len +
1732 					ext_prop->name_len + 14;
1733 				if (count + n >= USB_COMP_EP0_OS_DESC_BUFSIZ)
1734 					return count;
1735 				usb_ext_prop_put_size(buf, n);
1736 				usb_ext_prop_put_type(buf, ext_prop->type);
1737 				ret = usb_ext_prop_put_name(buf, ext_prop->name,
1738 							    ext_prop->name_len);
1739 				if (ret < 0)
1740 					return ret;
1741 				switch (ext_prop->type) {
1742 				case USB_EXT_PROP_UNICODE:
1743 				case USB_EXT_PROP_UNICODE_ENV:
1744 				case USB_EXT_PROP_UNICODE_LINK:
1745 					usb_ext_prop_put_unicode(buf, ret,
1746 							 ext_prop->data,
1747 							 ext_prop->data_len);
1748 					break;
1749 				case USB_EXT_PROP_BINARY:
1750 					usb_ext_prop_put_binary(buf, ret,
1751 							ext_prop->data,
1752 							ext_prop->data_len);
1753 					break;
1754 				case USB_EXT_PROP_LE32:
1755 					/* not implemented */
1756 				case USB_EXT_PROP_BE32:
1757 					/* not implemented */
1758 				default:
1759 					return -EINVAL;
1760 				}
1761 				buf += n;
1762 				count += n;
1763 			}
1764 	}
1765 
1766 	return count;
1767 }
1768 
1769 /*
1770  * The setup() callback implements all the ep0 functionality that's
1771  * not handled lower down, in hardware or the hardware driver(like
1772  * device and endpoint feature flags, and their status).  It's all
1773  * housekeeping for the gadget function we're implementing.  Most of
1774  * the work is in config and function specific setup.
1775  */
1776 int
composite_setup(struct usb_gadget * gadget,const struct usb_ctrlrequest * ctrl)1777 composite_setup(struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl)
1778 {
1779 	struct usb_composite_dev	*cdev = get_gadget_data(gadget);
1780 	struct usb_request		*req = cdev->req;
1781 	int				value = -EOPNOTSUPP;
1782 	int				status = 0;
1783 	u16				w_index = le16_to_cpu(ctrl->wIndex);
1784 	u8				intf = w_index & 0xFF;
1785 	u16				w_value = le16_to_cpu(ctrl->wValue);
1786 	u16				w_length = le16_to_cpu(ctrl->wLength);
1787 	struct usb_function		*f = NULL;
1788 	struct usb_function		*iter;
1789 	u8				endp;
1790 
1791 	if (w_length > USB_COMP_EP0_BUFSIZ) {
1792 		if (ctrl->bRequestType & USB_DIR_IN) {
1793 			/* Cast away the const, we are going to overwrite on purpose. */
1794 			__le16 *temp = (__le16 *)&ctrl->wLength;
1795 
1796 			*temp = cpu_to_le16(USB_COMP_EP0_BUFSIZ);
1797 			w_length = USB_COMP_EP0_BUFSIZ;
1798 		} else {
1799 			goto done;
1800 		}
1801 	}
1802 
1803 	/* partial re-init of the response message; the function or the
1804 	 * gadget might need to intercept e.g. a control-OUT completion
1805 	 * when we delegate to it.
1806 	 */
1807 	req->zero = 0;
1808 	req->context = cdev;
1809 	req->complete = composite_setup_complete;
1810 	req->length = 0;
1811 	gadget->ep0->driver_data = cdev;
1812 
1813 	/*
1814 	 * Don't let non-standard requests match any of the cases below
1815 	 * by accident.
1816 	 */
1817 	if ((ctrl->bRequestType & USB_TYPE_MASK) != USB_TYPE_STANDARD)
1818 		goto unknown;
1819 
1820 	switch (ctrl->bRequest) {
1821 
1822 	/* we handle all standard USB descriptors */
1823 	case USB_REQ_GET_DESCRIPTOR:
1824 		if (ctrl->bRequestType != USB_DIR_IN)
1825 			goto unknown;
1826 		switch (w_value >> 8) {
1827 
1828 		case USB_DT_DEVICE:
1829 			cdev->desc.bNumConfigurations =
1830 				count_configs(cdev, USB_DT_DEVICE);
1831 			cdev->desc.bMaxPacketSize0 =
1832 				cdev->gadget->ep0->maxpacket;
1833 			if (gadget_is_superspeed(gadget)) {
1834 				if (gadget->speed >= USB_SPEED_SUPER) {
1835 					cdev->desc.bcdUSB = cpu_to_le16(0x0320);
1836 					cdev->desc.bMaxPacketSize0 = 9;
1837 				} else {
1838 					cdev->desc.bcdUSB = cpu_to_le16(0x0210);
1839 				}
1840 			} else {
1841 				if (gadget->lpm_capable || cdev->use_webusb)
1842 					cdev->desc.bcdUSB = cpu_to_le16(0x0201);
1843 				else
1844 					cdev->desc.bcdUSB = cpu_to_le16(0x0200);
1845 			}
1846 
1847 			value = min(w_length, (u16) sizeof cdev->desc);
1848 			memcpy(req->buf, &cdev->desc, value);
1849 			break;
1850 		case USB_DT_DEVICE_QUALIFIER:
1851 			if (!gadget_is_dualspeed(gadget) ||
1852 			    gadget->speed >= USB_SPEED_SUPER)
1853 				break;
1854 			device_qual(cdev);
1855 			value = min_t(int, w_length,
1856 				sizeof(struct usb_qualifier_descriptor));
1857 			break;
1858 		case USB_DT_OTHER_SPEED_CONFIG:
1859 			if (!gadget_is_dualspeed(gadget) ||
1860 			    gadget->speed >= USB_SPEED_SUPER)
1861 				break;
1862 			fallthrough;
1863 		case USB_DT_CONFIG:
1864 			value = config_desc(cdev, w_value);
1865 			if (value >= 0)
1866 				value = min(w_length, (u16) value);
1867 			break;
1868 		case USB_DT_STRING:
1869 			value = get_string(cdev, req->buf,
1870 					w_index, w_value & 0xff);
1871 			if (value >= 0)
1872 				value = min(w_length, (u16) value);
1873 			break;
1874 		case USB_DT_BOS:
1875 			if (gadget_is_superspeed(gadget) ||
1876 			    gadget->lpm_capable || cdev->use_webusb) {
1877 				value = bos_desc(cdev);
1878 				value = min(w_length, (u16) value);
1879 			}
1880 			break;
1881 		case USB_DT_OTG:
1882 			if (gadget_is_otg(gadget)) {
1883 				struct usb_configuration *config;
1884 				int otg_desc_len = 0;
1885 
1886 				if (cdev->config)
1887 					config = cdev->config;
1888 				else
1889 					config = list_first_entry(
1890 							&cdev->configs,
1891 						struct usb_configuration, list);
1892 				if (!config)
1893 					goto done;
1894 
1895 				if (gadget->otg_caps &&
1896 					(gadget->otg_caps->otg_rev >= 0x0200))
1897 					otg_desc_len += sizeof(
1898 						struct usb_otg20_descriptor);
1899 				else
1900 					otg_desc_len += sizeof(
1901 						struct usb_otg_descriptor);
1902 
1903 				value = min_t(int, w_length, otg_desc_len);
1904 				memcpy(req->buf, config->descriptors[0], value);
1905 			}
1906 			break;
1907 		}
1908 		break;
1909 
1910 	/* any number of configs can work */
1911 	case USB_REQ_SET_CONFIGURATION:
1912 		if (ctrl->bRequestType != 0)
1913 			goto unknown;
1914 		if (gadget_is_otg(gadget)) {
1915 			if (gadget->a_hnp_support)
1916 				DBG(cdev, "HNP available\n");
1917 			else if (gadget->a_alt_hnp_support)
1918 				DBG(cdev, "HNP on another port\n");
1919 			else
1920 				VDBG(cdev, "HNP inactive\n");
1921 		}
1922 		spin_lock(&cdev->lock);
1923 		value = set_config(cdev, ctrl, w_value);
1924 		spin_unlock(&cdev->lock);
1925 		break;
1926 	case USB_REQ_GET_CONFIGURATION:
1927 		if (ctrl->bRequestType != USB_DIR_IN)
1928 			goto unknown;
1929 		if (cdev->config)
1930 			*(u8 *)req->buf = cdev->config->bConfigurationValue;
1931 		else
1932 			*(u8 *)req->buf = 0;
1933 		value = min(w_length, (u16) 1);
1934 		break;
1935 
1936 	/* function drivers must handle get/set altsetting */
1937 	case USB_REQ_SET_INTERFACE:
1938 		if (ctrl->bRequestType != USB_RECIP_INTERFACE)
1939 			goto unknown;
1940 		if (!cdev->config || intf >= MAX_CONFIG_INTERFACES)
1941 			break;
1942 		f = cdev->config->interface[intf];
1943 		if (!f)
1944 			break;
1945 
1946 		/*
1947 		 * If there's no get_alt() method, we know only altsetting zero
1948 		 * works. There is no need to check if set_alt() is not NULL
1949 		 * as we check this in usb_add_function().
1950 		 */
1951 		if (w_value && !f->get_alt)
1952 			break;
1953 
1954 		spin_lock(&cdev->lock);
1955 		value = f->set_alt(f, w_index, w_value);
1956 		if (value == USB_GADGET_DELAYED_STATUS) {
1957 			DBG(cdev,
1958 			 "%s: interface %d (%s) requested delayed status\n",
1959 					__func__, intf, f->name);
1960 			cdev->delayed_status++;
1961 			DBG(cdev, "delayed_status count %d\n",
1962 					cdev->delayed_status);
1963 		}
1964 		spin_unlock(&cdev->lock);
1965 		break;
1966 	case USB_REQ_GET_INTERFACE:
1967 		if (ctrl->bRequestType != (USB_DIR_IN|USB_RECIP_INTERFACE))
1968 			goto unknown;
1969 		if (!cdev->config || intf >= MAX_CONFIG_INTERFACES)
1970 			break;
1971 		f = cdev->config->interface[intf];
1972 		if (!f)
1973 			break;
1974 		/* lots of interfaces only need altsetting zero... */
1975 		value = f->get_alt ? f->get_alt(f, w_index) : 0;
1976 		if (value < 0)
1977 			break;
1978 		*((u8 *)req->buf) = value;
1979 		value = min(w_length, (u16) 1);
1980 		break;
1981 	case USB_REQ_GET_STATUS:
1982 		if (gadget_is_otg(gadget) && gadget->hnp_polling_support &&
1983 						(w_index == OTG_STS_SELECTOR)) {
1984 			if (ctrl->bRequestType != (USB_DIR_IN |
1985 							USB_RECIP_DEVICE))
1986 				goto unknown;
1987 			*((u8 *)req->buf) = gadget->host_request_flag;
1988 			value = 1;
1989 			break;
1990 		}
1991 
1992 		/*
1993 		 * USB 3.0 additions:
1994 		 * Function driver should handle get_status request. If such cb
1995 		 * wasn't supplied we respond with default value = 0
1996 		 * Note: function driver should supply such cb only for the
1997 		 * first interface of the function
1998 		 */
1999 		if (!gadget_is_superspeed(gadget))
2000 			goto unknown;
2001 		if (ctrl->bRequestType != (USB_DIR_IN | USB_RECIP_INTERFACE))
2002 			goto unknown;
2003 		value = 2;	/* This is the length of the get_status reply */
2004 		put_unaligned_le16(0, req->buf);
2005 		if (!cdev->config || intf >= MAX_CONFIG_INTERFACES)
2006 			break;
2007 		f = cdev->config->interface[intf];
2008 		if (!f)
2009 			break;
2010 
2011 		if (f->get_status) {
2012 			status = f->get_status(f);
2013 			if (status < 0)
2014 				break;
2015 		} else {
2016 			/* Set D0 and D1 bits based on func wakeup capability */
2017 			if (f->config->bmAttributes & USB_CONFIG_ATT_WAKEUP) {
2018 				status |= USB_INTRF_STAT_FUNC_RW_CAP;
2019 				if (f->func_wakeup_armed)
2020 					status |= USB_INTRF_STAT_FUNC_RW;
2021 			}
2022 		}
2023 
2024 		put_unaligned_le16(status & 0x0000ffff, req->buf);
2025 		break;
2026 	/*
2027 	 * Function drivers should handle SetFeature/ClearFeature
2028 	 * (FUNCTION_SUSPEND) request. function_suspend cb should be supplied
2029 	 * only for the first interface of the function
2030 	 */
2031 	case USB_REQ_CLEAR_FEATURE:
2032 	case USB_REQ_SET_FEATURE:
2033 		if (!gadget_is_superspeed(gadget))
2034 			goto unknown;
2035 		if (ctrl->bRequestType != (USB_DIR_OUT | USB_RECIP_INTERFACE))
2036 			goto unknown;
2037 		switch (w_value) {
2038 		case USB_INTRF_FUNC_SUSPEND:
2039 			if (!cdev->config || intf >= MAX_CONFIG_INTERFACES)
2040 				break;
2041 			f = cdev->config->interface[intf];
2042 			if (!f)
2043 				break;
2044 			value = 0;
2045 			if (f->func_suspend) {
2046 				value = f->func_suspend(f, w_index >> 8);
2047 			/* SetFeature(FUNCTION_SUSPEND) */
2048 			} else if (ctrl->bRequest == USB_REQ_SET_FEATURE) {
2049 				if (!(f->config->bmAttributes &
2050 				      USB_CONFIG_ATT_WAKEUP) &&
2051 				     (w_index & USB_INTRF_FUNC_SUSPEND_RW))
2052 					break;
2053 
2054 				f->func_wakeup_armed = !!(w_index &
2055 							  USB_INTRF_FUNC_SUSPEND_RW);
2056 
2057 				if (w_index & USB_INTRF_FUNC_SUSPEND_LP) {
2058 					if (f->suspend && !f->func_suspended) {
2059 						f->suspend(f);
2060 						f->func_suspended = true;
2061 					}
2062 				/*
2063 				 * Handle cases where host sends function resume
2064 				 * through SetFeature(FUNCTION_SUSPEND) but low power
2065 				 * bit reset
2066 				 */
2067 				} else {
2068 					if (f->resume && f->func_suspended) {
2069 						f->resume(f);
2070 						f->func_suspended = false;
2071 					}
2072 				}
2073 			/* ClearFeature(FUNCTION_SUSPEND) */
2074 			} else if (ctrl->bRequest == USB_REQ_CLEAR_FEATURE) {
2075 				f->func_wakeup_armed = false;
2076 
2077 				if (f->resume && f->func_suspended) {
2078 					f->resume(f);
2079 					f->func_suspended = false;
2080 				}
2081 			}
2082 
2083 			if (value < 0) {
2084 				ERROR(cdev,
2085 				      "func_suspend() returned error %d\n",
2086 				      value);
2087 				value = 0;
2088 			}
2089 			break;
2090 		}
2091 		break;
2092 	default:
2093 unknown:
2094 		/*
2095 		 * OS descriptors handling
2096 		 */
2097 		if (cdev->use_os_string && cdev->os_desc_config &&
2098 		    (ctrl->bRequestType & USB_TYPE_VENDOR) &&
2099 		    ctrl->bRequest == cdev->b_vendor_code) {
2100 			struct usb_configuration	*os_desc_cfg;
2101 			u8				*buf;
2102 			int				interface;
2103 			int				count = 0;
2104 
2105 			req = cdev->os_desc_req;
2106 			req->context = cdev;
2107 			req->complete = composite_setup_complete;
2108 			buf = req->buf;
2109 			os_desc_cfg = cdev->os_desc_config;
2110 			w_length = min_t(u16, w_length, USB_COMP_EP0_OS_DESC_BUFSIZ);
2111 			memset(buf, 0, w_length);
2112 			buf[5] = 0x01;
2113 			switch (ctrl->bRequestType & USB_RECIP_MASK) {
2114 			case USB_RECIP_DEVICE:
2115 				if (w_index != 0x4 || (w_value & 0xff))
2116 					break;
2117 				buf[6] = w_index;
2118 				/* Number of ext compat interfaces */
2119 				count = count_ext_compat(os_desc_cfg);
2120 				buf[8] = count;
2121 				count *= 24; /* 24 B/ext compat desc */
2122 				count += 16; /* header */
2123 				put_unaligned_le32(count, buf);
2124 				value = w_length;
2125 				if (w_length > 0x10) {
2126 					value = fill_ext_compat(os_desc_cfg, buf);
2127 					value = min_t(u16, w_length, value);
2128 				}
2129 				break;
2130 			case USB_RECIP_INTERFACE:
2131 				if (w_index != 0x5 || (w_value & 0xff))
2132 					break;
2133 				interface = w_value >> 8;
2134 				if (interface >= MAX_CONFIG_INTERFACES ||
2135 				    !os_desc_cfg->interface[interface])
2136 					break;
2137 				buf[6] = w_index;
2138 				count = count_ext_prop(os_desc_cfg,
2139 					interface);
2140 				put_unaligned_le16(count, buf + 8);
2141 				count = len_ext_prop(os_desc_cfg,
2142 					interface);
2143 				put_unaligned_le32(count, buf);
2144 				value = w_length;
2145 				if (w_length > 0x0A) {
2146 					value = fill_ext_prop(os_desc_cfg,
2147 							      interface, buf);
2148 					if (value >= 0)
2149 						value = min_t(u16, w_length, value);
2150 				}
2151 				break;
2152 			}
2153 
2154 			goto check_value;
2155 		}
2156 
2157 		/*
2158 		 * WebUSB URL descriptor handling, following:
2159 		 * https://wicg.github.io/webusb/#device-requests
2160 		 */
2161 		if (cdev->use_webusb &&
2162 		    ctrl->bRequestType == (USB_DIR_IN | USB_TYPE_VENDOR) &&
2163 		    w_index == WEBUSB_GET_URL &&
2164 		    w_value == WEBUSB_LANDING_PAGE_PRESENT &&
2165 		    ctrl->bRequest == cdev->b_webusb_vendor_code) {
2166 			unsigned int	landing_page_length;
2167 			unsigned int	landing_page_offset;
2168 			struct webusb_url_descriptor *url_descriptor =
2169 					(struct webusb_url_descriptor *)cdev->req->buf;
2170 
2171 			url_descriptor->bDescriptorType = WEBUSB_URL_DESCRIPTOR_TYPE;
2172 
2173 			if (strncasecmp(cdev->landing_page, "https://",  8) == 0) {
2174 				landing_page_offset = 8;
2175 				url_descriptor->bScheme = WEBUSB_URL_SCHEME_HTTPS;
2176 			} else if (strncasecmp(cdev->landing_page, "http://", 7) == 0) {
2177 				landing_page_offset = 7;
2178 				url_descriptor->bScheme = WEBUSB_URL_SCHEME_HTTP;
2179 			} else {
2180 				landing_page_offset = 0;
2181 				url_descriptor->bScheme = WEBUSB_URL_SCHEME_NONE;
2182 			}
2183 
2184 			landing_page_length = strnlen(cdev->landing_page,
2185 				sizeof(url_descriptor->URL)
2186 				- WEBUSB_URL_DESCRIPTOR_HEADER_LENGTH + landing_page_offset);
2187 
2188 			if (w_length < WEBUSB_URL_DESCRIPTOR_HEADER_LENGTH + landing_page_length)
2189 				landing_page_length = w_length
2190 				- WEBUSB_URL_DESCRIPTOR_HEADER_LENGTH + landing_page_offset;
2191 
2192 			memcpy(url_descriptor->URL,
2193 				cdev->landing_page + landing_page_offset,
2194 				landing_page_length - landing_page_offset);
2195 			url_descriptor->bLength = landing_page_length
2196 				- landing_page_offset + WEBUSB_URL_DESCRIPTOR_HEADER_LENGTH;
2197 
2198 			value = url_descriptor->bLength;
2199 
2200 			goto check_value;
2201 		}
2202 
2203 		VDBG(cdev,
2204 			"non-core control req%02x.%02x v%04x i%04x l%d\n",
2205 			ctrl->bRequestType, ctrl->bRequest,
2206 			w_value, w_index, w_length);
2207 
2208 		/* functions always handle their interfaces and endpoints...
2209 		 * punt other recipients (other, WUSB, ...) to the current
2210 		 * configuration code.
2211 		 */
2212 		if (cdev->config) {
2213 			list_for_each_entry(f, &cdev->config->functions, list)
2214 				if (f->req_match &&
2215 				    f->req_match(f, ctrl, false))
2216 					goto try_fun_setup;
2217 		} else {
2218 			struct usb_configuration *c;
2219 			list_for_each_entry(c, &cdev->configs, list)
2220 				list_for_each_entry(f, &c->functions, list)
2221 					if (f->req_match &&
2222 					    f->req_match(f, ctrl, true))
2223 						goto try_fun_setup;
2224 		}
2225 		f = NULL;
2226 
2227 		switch (ctrl->bRequestType & USB_RECIP_MASK) {
2228 		case USB_RECIP_INTERFACE:
2229 			if (!cdev->config || intf >= MAX_CONFIG_INTERFACES)
2230 				break;
2231 			f = cdev->config->interface[intf];
2232 			break;
2233 
2234 		case USB_RECIP_ENDPOINT:
2235 			if (!cdev->config)
2236 				break;
2237 			endp = ((w_index & 0x80) >> 3) | (w_index & 0x0f);
2238 			list_for_each_entry(iter, &cdev->config->functions, list) {
2239 				if (test_bit(endp, iter->endpoints)) {
2240 					f = iter;
2241 					break;
2242 				}
2243 			}
2244 			break;
2245 		}
2246 try_fun_setup:
2247 		if (f && f->setup)
2248 			value = f->setup(f, ctrl);
2249 		else {
2250 			struct usb_configuration	*c;
2251 
2252 			c = cdev->config;
2253 			if (!c)
2254 				goto done;
2255 
2256 			/* try current config's setup */
2257 			if (c->setup) {
2258 				value = c->setup(c, ctrl);
2259 				goto done;
2260 			}
2261 
2262 			/* try the only function in the current config */
2263 			if (!list_is_singular(&c->functions))
2264 				goto done;
2265 			f = list_first_entry(&c->functions, struct usb_function,
2266 					     list);
2267 			if (f->setup)
2268 				value = f->setup(f, ctrl);
2269 		}
2270 
2271 		goto done;
2272 	}
2273 
2274 check_value:
2275 	/* respond with data transfer before status phase? */
2276 	if (value >= 0 && value != USB_GADGET_DELAYED_STATUS) {
2277 		req->length = value;
2278 		req->context = cdev;
2279 		req->zero = value < w_length;
2280 		value = composite_ep0_queue(cdev, req, GFP_ATOMIC);
2281 		if (value < 0) {
2282 			DBG(cdev, "ep_queue --> %d\n", value);
2283 			req->status = 0;
2284 			composite_setup_complete(gadget->ep0, req);
2285 		}
2286 	} else if (value == USB_GADGET_DELAYED_STATUS && w_length != 0) {
2287 		WARN(cdev,
2288 			"%s: Delayed status not supported for w_length != 0",
2289 			__func__);
2290 	}
2291 
2292 done:
2293 	/* device either stalls (value < 0) or reports success */
2294 	return value;
2295 }
2296 
__composite_disconnect(struct usb_gadget * gadget)2297 static void __composite_disconnect(struct usb_gadget *gadget)
2298 {
2299 	struct usb_composite_dev	*cdev = get_gadget_data(gadget);
2300 	unsigned long			flags;
2301 
2302 	/* REVISIT:  should we have config and device level
2303 	 * disconnect callbacks?
2304 	 */
2305 	spin_lock_irqsave(&cdev->lock, flags);
2306 	cdev->suspended = 0;
2307 	if (cdev->config)
2308 		reset_config(cdev);
2309 	if (cdev->driver->disconnect)
2310 		cdev->driver->disconnect(cdev);
2311 	spin_unlock_irqrestore(&cdev->lock, flags);
2312 }
2313 
composite_disconnect(struct usb_gadget * gadget)2314 void composite_disconnect(struct usb_gadget *gadget)
2315 {
2316 	usb_gadget_vbus_draw(gadget, 0);
2317 	__composite_disconnect(gadget);
2318 }
2319 
composite_reset(struct usb_gadget * gadget)2320 void composite_reset(struct usb_gadget *gadget)
2321 {
2322 	/*
2323 	 * Section 1.4.13 Standard Downstream Port of the USB battery charging
2324 	 * specification v1.2 states that a device connected on a SDP shall only
2325 	 * draw at max 100mA while in a connected, but unconfigured state.
2326 	 */
2327 	usb_gadget_vbus_draw(gadget, 100);
2328 	__composite_disconnect(gadget);
2329 }
2330 
2331 /*-------------------------------------------------------------------------*/
2332 
suspended_show(struct device * dev,struct device_attribute * attr,char * buf)2333 static ssize_t suspended_show(struct device *dev, struct device_attribute *attr,
2334 			      char *buf)
2335 {
2336 	struct usb_gadget *gadget = dev_to_usb_gadget(dev);
2337 	struct usb_composite_dev *cdev = get_gadget_data(gadget);
2338 
2339 	return sprintf(buf, "%d\n", cdev->suspended);
2340 }
2341 static DEVICE_ATTR_RO(suspended);
2342 
__composite_unbind(struct usb_gadget * gadget,bool unbind_driver)2343 static void __composite_unbind(struct usb_gadget *gadget, bool unbind_driver)
2344 {
2345 	struct usb_composite_dev	*cdev = get_gadget_data(gadget);
2346 	struct usb_gadget_strings	*gstr = cdev->driver->strings[0];
2347 	struct usb_string		*dev_str = gstr->strings;
2348 
2349 	/* composite_disconnect() must already have been called
2350 	 * by the underlying peripheral controller driver!
2351 	 * so there's no i/o concurrency that could affect the
2352 	 * state protected by cdev->lock.
2353 	 */
2354 	WARN_ON(cdev->config);
2355 
2356 	while (!list_empty(&cdev->configs)) {
2357 		struct usb_configuration	*c;
2358 		c = list_first_entry(&cdev->configs,
2359 				struct usb_configuration, list);
2360 		remove_config(cdev, c);
2361 	}
2362 	if (cdev->driver->unbind && unbind_driver)
2363 		cdev->driver->unbind(cdev);
2364 
2365 	composite_dev_cleanup(cdev);
2366 
2367 	if (dev_str[USB_GADGET_MANUFACTURER_IDX].s == cdev->def_manufacturer)
2368 		dev_str[USB_GADGET_MANUFACTURER_IDX].s = "";
2369 
2370 	kfree(cdev->def_manufacturer);
2371 	kfree(cdev);
2372 	set_gadget_data(gadget, NULL);
2373 }
2374 
composite_unbind(struct usb_gadget * gadget)2375 static void composite_unbind(struct usb_gadget *gadget)
2376 {
2377 	__composite_unbind(gadget, true);
2378 }
2379 
update_unchanged_dev_desc(struct usb_device_descriptor * new,const struct usb_device_descriptor * old)2380 static void update_unchanged_dev_desc(struct usb_device_descriptor *new,
2381 		const struct usb_device_descriptor *old)
2382 {
2383 	__le16 idVendor;
2384 	__le16 idProduct;
2385 	__le16 bcdDevice;
2386 	u8 iSerialNumber;
2387 	u8 iManufacturer;
2388 	u8 iProduct;
2389 
2390 	/*
2391 	 * these variables may have been set in
2392 	 * usb_composite_overwrite_options()
2393 	 */
2394 	idVendor = new->idVendor;
2395 	idProduct = new->idProduct;
2396 	bcdDevice = new->bcdDevice;
2397 	iSerialNumber = new->iSerialNumber;
2398 	iManufacturer = new->iManufacturer;
2399 	iProduct = new->iProduct;
2400 
2401 	*new = *old;
2402 	if (idVendor)
2403 		new->idVendor = idVendor;
2404 	if (idProduct)
2405 		new->idProduct = idProduct;
2406 	if (bcdDevice)
2407 		new->bcdDevice = bcdDevice;
2408 	else
2409 		new->bcdDevice = cpu_to_le16(get_default_bcdDevice());
2410 	if (iSerialNumber)
2411 		new->iSerialNumber = iSerialNumber;
2412 	if (iManufacturer)
2413 		new->iManufacturer = iManufacturer;
2414 	if (iProduct)
2415 		new->iProduct = iProduct;
2416 }
2417 
composite_dev_prepare(struct usb_composite_driver * composite,struct usb_composite_dev * cdev)2418 int composite_dev_prepare(struct usb_composite_driver *composite,
2419 		struct usb_composite_dev *cdev)
2420 {
2421 	struct usb_gadget *gadget = cdev->gadget;
2422 	int ret = -ENOMEM;
2423 
2424 	/* preallocate control response and buffer */
2425 	cdev->req = usb_ep_alloc_request(gadget->ep0, GFP_KERNEL);
2426 	if (!cdev->req)
2427 		return -ENOMEM;
2428 
2429 	cdev->req->buf = kzalloc(USB_COMP_EP0_BUFSIZ, GFP_KERNEL);
2430 	if (!cdev->req->buf)
2431 		goto fail;
2432 
2433 	ret = device_create_file(&gadget->dev, &dev_attr_suspended);
2434 	if (ret)
2435 		goto fail_dev;
2436 
2437 	cdev->req->complete = composite_setup_complete;
2438 	cdev->req->context = cdev;
2439 	gadget->ep0->driver_data = cdev;
2440 
2441 	cdev->driver = composite;
2442 
2443 	/*
2444 	 * As per USB compliance update, a device that is actively drawing
2445 	 * more than 100mA from USB must report itself as bus-powered in
2446 	 * the GetStatus(DEVICE) call.
2447 	 */
2448 	if (CONFIG_USB_GADGET_VBUS_DRAW <= USB_SELF_POWER_VBUS_MAX_DRAW)
2449 		usb_gadget_set_selfpowered(gadget);
2450 
2451 	/* interface and string IDs start at zero via kzalloc.
2452 	 * we force endpoints to start unassigned; few controller
2453 	 * drivers will zero ep->driver_data.
2454 	 */
2455 	usb_ep_autoconfig_reset(gadget);
2456 	return 0;
2457 fail_dev:
2458 	kfree(cdev->req->buf);
2459 fail:
2460 	usb_ep_free_request(gadget->ep0, cdev->req);
2461 	cdev->req = NULL;
2462 	return ret;
2463 }
2464 
composite_os_desc_req_prepare(struct usb_composite_dev * cdev,struct usb_ep * ep0)2465 int composite_os_desc_req_prepare(struct usb_composite_dev *cdev,
2466 				  struct usb_ep *ep0)
2467 {
2468 	int ret = 0;
2469 
2470 	cdev->os_desc_req = usb_ep_alloc_request(ep0, GFP_KERNEL);
2471 	if (!cdev->os_desc_req) {
2472 		ret = -ENOMEM;
2473 		goto end;
2474 	}
2475 
2476 	cdev->os_desc_req->buf = kmalloc(USB_COMP_EP0_OS_DESC_BUFSIZ,
2477 					 GFP_KERNEL);
2478 	if (!cdev->os_desc_req->buf) {
2479 		ret = -ENOMEM;
2480 		usb_ep_free_request(ep0, cdev->os_desc_req);
2481 		goto end;
2482 	}
2483 	cdev->os_desc_req->context = cdev;
2484 	cdev->os_desc_req->complete = composite_setup_complete;
2485 end:
2486 	return ret;
2487 }
2488 
composite_dev_cleanup(struct usb_composite_dev * cdev)2489 void composite_dev_cleanup(struct usb_composite_dev *cdev)
2490 {
2491 	struct usb_gadget_string_container *uc, *tmp;
2492 	struct usb_ep			   *ep, *tmp_ep;
2493 
2494 	list_for_each_entry_safe(uc, tmp, &cdev->gstrings, list) {
2495 		list_del(&uc->list);
2496 		kfree(uc);
2497 	}
2498 	if (cdev->os_desc_req) {
2499 		if (cdev->os_desc_pending)
2500 			usb_ep_dequeue(cdev->gadget->ep0, cdev->os_desc_req);
2501 
2502 		kfree(cdev->os_desc_req->buf);
2503 		cdev->os_desc_req->buf = NULL;
2504 		usb_ep_free_request(cdev->gadget->ep0, cdev->os_desc_req);
2505 		cdev->os_desc_req = NULL;
2506 	}
2507 	if (cdev->req) {
2508 		if (cdev->setup_pending)
2509 			usb_ep_dequeue(cdev->gadget->ep0, cdev->req);
2510 
2511 		kfree(cdev->req->buf);
2512 		cdev->req->buf = NULL;
2513 		usb_ep_free_request(cdev->gadget->ep0, cdev->req);
2514 		cdev->req = NULL;
2515 	}
2516 	cdev->next_string_id = 0;
2517 	device_remove_file(&cdev->gadget->dev, &dev_attr_suspended);
2518 
2519 	/*
2520 	 * Some UDC backends have a dynamic EP allocation scheme.
2521 	 *
2522 	 * In that case, the dispose() callback is used to notify the
2523 	 * backend that the EPs are no longer in use.
2524 	 *
2525 	 * Note: The UDC backend can remove the EP from the ep_list as
2526 	 *	 a result, so we need to use the _safe list iterator.
2527 	 */
2528 	list_for_each_entry_safe(ep, tmp_ep,
2529 				 &cdev->gadget->ep_list, ep_list) {
2530 		if (ep->ops->dispose)
2531 			ep->ops->dispose(ep);
2532 	}
2533 }
2534 
composite_bind(struct usb_gadget * gadget,struct usb_gadget_driver * gdriver)2535 static int composite_bind(struct usb_gadget *gadget,
2536 		struct usb_gadget_driver *gdriver)
2537 {
2538 	struct usb_composite_dev	*cdev;
2539 	struct usb_composite_driver	*composite = to_cdriver(gdriver);
2540 	int				status = -ENOMEM;
2541 
2542 	cdev = kzalloc(sizeof *cdev, GFP_KERNEL);
2543 	if (!cdev)
2544 		return status;
2545 
2546 	spin_lock_init(&cdev->lock);
2547 	cdev->gadget = gadget;
2548 	set_gadget_data(gadget, cdev);
2549 	INIT_LIST_HEAD(&cdev->configs);
2550 	INIT_LIST_HEAD(&cdev->gstrings);
2551 
2552 	status = composite_dev_prepare(composite, cdev);
2553 	if (status)
2554 		goto fail;
2555 
2556 	/* composite gadget needs to assign strings for whole device (like
2557 	 * serial number), register function drivers, potentially update
2558 	 * power state and consumption, etc
2559 	 */
2560 	status = composite->bind(cdev);
2561 	if (status < 0)
2562 		goto fail;
2563 
2564 	if (cdev->use_os_string) {
2565 		status = composite_os_desc_req_prepare(cdev, gadget->ep0);
2566 		if (status)
2567 			goto fail;
2568 	}
2569 
2570 	update_unchanged_dev_desc(&cdev->desc, composite->dev);
2571 
2572 	/* has userspace failed to provide a serial number? */
2573 	if (composite->needs_serial && !cdev->desc.iSerialNumber)
2574 		WARNING(cdev, "userspace failed to provide iSerialNumber\n");
2575 
2576 	INFO(cdev, "%s ready\n", composite->name);
2577 	return 0;
2578 
2579 fail:
2580 	__composite_unbind(gadget, false);
2581 	return status;
2582 }
2583 
2584 /*-------------------------------------------------------------------------*/
2585 
composite_suspend(struct usb_gadget * gadget)2586 void composite_suspend(struct usb_gadget *gadget)
2587 {
2588 	struct usb_composite_dev	*cdev = get_gadget_data(gadget);
2589 	struct usb_function		*f;
2590 
2591 	/* REVISIT:  should we have config level
2592 	 * suspend/resume callbacks?
2593 	 */
2594 	DBG(cdev, "suspend\n");
2595 	if (cdev->config) {
2596 		list_for_each_entry(f, &cdev->config->functions, list) {
2597 			if (f->suspend)
2598 				f->suspend(f);
2599 		}
2600 	}
2601 	if (cdev->driver->suspend)
2602 		cdev->driver->suspend(cdev);
2603 
2604 	cdev->suspended = 1;
2605 
2606 	usb_gadget_set_selfpowered(gadget);
2607 	usb_gadget_vbus_draw(gadget, 2);
2608 }
2609 
composite_resume(struct usb_gadget * gadget)2610 void composite_resume(struct usb_gadget *gadget)
2611 {
2612 	struct usb_composite_dev	*cdev = get_gadget_data(gadget);
2613 	struct usb_function		*f;
2614 	unsigned			maxpower;
2615 
2616 	/* REVISIT:  should we have config level
2617 	 * suspend/resume callbacks?
2618 	 */
2619 	DBG(cdev, "resume\n");
2620 	if (cdev->driver->resume)
2621 		cdev->driver->resume(cdev);
2622 	if (cdev->config) {
2623 		list_for_each_entry(f, &cdev->config->functions, list) {
2624 			/*
2625 			 * Check for func_suspended flag to see if the function is
2626 			 * in USB3 FUNCTION_SUSPEND state. In this case resume is
2627 			 * done via FUNCTION_SUSPEND feature selector.
2628 			 */
2629 			if (f->resume && !f->func_suspended)
2630 				f->resume(f);
2631 		}
2632 
2633 		maxpower = cdev->config->MaxPower ?
2634 			cdev->config->MaxPower : CONFIG_USB_GADGET_VBUS_DRAW;
2635 		if (gadget->speed < USB_SPEED_SUPER)
2636 			maxpower = min(maxpower, 500U);
2637 		else
2638 			maxpower = min(maxpower, 900U);
2639 
2640 		if (maxpower > USB_SELF_POWER_VBUS_MAX_DRAW)
2641 			usb_gadget_clear_selfpowered(gadget);
2642 
2643 		usb_gadget_vbus_draw(gadget, maxpower);
2644 	} else {
2645 		maxpower = CONFIG_USB_GADGET_VBUS_DRAW;
2646 		maxpower = min(maxpower, 100U);
2647 		usb_gadget_vbus_draw(gadget, maxpower);
2648 	}
2649 
2650 	cdev->suspended = 0;
2651 }
2652 
2653 /*-------------------------------------------------------------------------*/
2654 
2655 static const struct usb_gadget_driver composite_driver_template = {
2656 	.bind		= composite_bind,
2657 	.unbind		= composite_unbind,
2658 
2659 	.setup		= composite_setup,
2660 	.reset		= composite_reset,
2661 	.disconnect	= composite_disconnect,
2662 
2663 	.suspend	= composite_suspend,
2664 	.resume		= composite_resume,
2665 
2666 	.driver	= {
2667 		.owner		= THIS_MODULE,
2668 	},
2669 };
2670 
2671 /**
2672  * usb_composite_probe() - register a composite driver
2673  * @driver: the driver to register
2674  *
2675  * Context: single threaded during gadget setup
2676  *
2677  * This function is used to register drivers using the composite driver
2678  * framework.  The return value is zero, or a negative errno value.
2679  * Those values normally come from the driver's @bind method, which does
2680  * all the work of setting up the driver to match the hardware.
2681  *
2682  * On successful return, the gadget is ready to respond to requests from
2683  * the host, unless one of its components invokes usb_gadget_disconnect()
2684  * while it was binding.  That would usually be done in order to wait for
2685  * some userspace participation.
2686  */
usb_composite_probe(struct usb_composite_driver * driver)2687 int usb_composite_probe(struct usb_composite_driver *driver)
2688 {
2689 	struct usb_gadget_driver *gadget_driver;
2690 
2691 	if (!driver || !driver->dev || !driver->bind)
2692 		return -EINVAL;
2693 
2694 	if (!driver->name)
2695 		driver->name = "composite";
2696 
2697 	driver->gadget_driver = composite_driver_template;
2698 	gadget_driver = &driver->gadget_driver;
2699 
2700 	gadget_driver->function =  (char *) driver->name;
2701 	gadget_driver->driver.name = driver->name;
2702 	gadget_driver->max_speed = driver->max_speed;
2703 
2704 	return usb_gadget_register_driver(gadget_driver);
2705 }
2706 EXPORT_SYMBOL_GPL(usb_composite_probe);
2707 
2708 /**
2709  * usb_composite_unregister() - unregister a composite driver
2710  * @driver: the driver to unregister
2711  *
2712  * This function is used to unregister drivers using the composite
2713  * driver framework.
2714  */
usb_composite_unregister(struct usb_composite_driver * driver)2715 void usb_composite_unregister(struct usb_composite_driver *driver)
2716 {
2717 	usb_gadget_unregister_driver(&driver->gadget_driver);
2718 }
2719 EXPORT_SYMBOL_GPL(usb_composite_unregister);
2720 
2721 /**
2722  * usb_composite_setup_continue() - Continue with the control transfer
2723  * @cdev: the composite device who's control transfer was kept waiting
2724  *
2725  * This function must be called by the USB function driver to continue
2726  * with the control transfer's data/status stage in case it had requested to
2727  * delay the data/status stages. A USB function's setup handler (e.g. set_alt())
2728  * can request the composite framework to delay the setup request's data/status
2729  * stages by returning USB_GADGET_DELAYED_STATUS.
2730  */
usb_composite_setup_continue(struct usb_composite_dev * cdev)2731 void usb_composite_setup_continue(struct usb_composite_dev *cdev)
2732 {
2733 	int			value;
2734 	struct usb_request	*req = cdev->req;
2735 	unsigned long		flags;
2736 
2737 	DBG(cdev, "%s\n", __func__);
2738 	spin_lock_irqsave(&cdev->lock, flags);
2739 
2740 	if (cdev->delayed_status == 0) {
2741 		WARN(cdev, "%s: Unexpected call\n", __func__);
2742 
2743 	} else if (--cdev->delayed_status == 0) {
2744 		DBG(cdev, "%s: Completing delayed status\n", __func__);
2745 		req->length = 0;
2746 		req->context = cdev;
2747 		value = composite_ep0_queue(cdev, req, GFP_ATOMIC);
2748 		if (value < 0) {
2749 			DBG(cdev, "ep_queue --> %d\n", value);
2750 			req->status = 0;
2751 			composite_setup_complete(cdev->gadget->ep0, req);
2752 		}
2753 	}
2754 
2755 	spin_unlock_irqrestore(&cdev->lock, flags);
2756 }
2757 EXPORT_SYMBOL_GPL(usb_composite_setup_continue);
2758 
composite_default_mfr(struct usb_gadget * gadget)2759 static char *composite_default_mfr(struct usb_gadget *gadget)
2760 {
2761 	return kasprintf(GFP_KERNEL, "%s %s with %s", init_utsname()->sysname,
2762 			 init_utsname()->release, gadget->name);
2763 }
2764 
usb_composite_overwrite_options(struct usb_composite_dev * cdev,struct usb_composite_overwrite * covr)2765 void usb_composite_overwrite_options(struct usb_composite_dev *cdev,
2766 		struct usb_composite_overwrite *covr)
2767 {
2768 	struct usb_device_descriptor	*desc = &cdev->desc;
2769 	struct usb_gadget_strings	*gstr = cdev->driver->strings[0];
2770 	struct usb_string		*dev_str = gstr->strings;
2771 
2772 	if (covr->idVendor)
2773 		desc->idVendor = cpu_to_le16(covr->idVendor);
2774 
2775 	if (covr->idProduct)
2776 		desc->idProduct = cpu_to_le16(covr->idProduct);
2777 
2778 	if (covr->bcdDevice)
2779 		desc->bcdDevice = cpu_to_le16(covr->bcdDevice);
2780 
2781 	if (covr->serial_number) {
2782 		desc->iSerialNumber = dev_str[USB_GADGET_SERIAL_IDX].id;
2783 		dev_str[USB_GADGET_SERIAL_IDX].s = covr->serial_number;
2784 	}
2785 	if (covr->manufacturer) {
2786 		desc->iManufacturer = dev_str[USB_GADGET_MANUFACTURER_IDX].id;
2787 		dev_str[USB_GADGET_MANUFACTURER_IDX].s = covr->manufacturer;
2788 
2789 	} else if (!strlen(dev_str[USB_GADGET_MANUFACTURER_IDX].s)) {
2790 		desc->iManufacturer = dev_str[USB_GADGET_MANUFACTURER_IDX].id;
2791 		cdev->def_manufacturer = composite_default_mfr(cdev->gadget);
2792 		dev_str[USB_GADGET_MANUFACTURER_IDX].s = cdev->def_manufacturer;
2793 	}
2794 
2795 	if (covr->product) {
2796 		desc->iProduct = dev_str[USB_GADGET_PRODUCT_IDX].id;
2797 		dev_str[USB_GADGET_PRODUCT_IDX].s = covr->product;
2798 	}
2799 }
2800 EXPORT_SYMBOL_GPL(usb_composite_overwrite_options);
2801 
2802 MODULE_DESCRIPTION("infrastructure for Composite USB Gadgets");
2803 MODULE_LICENSE("GPL");
2804 MODULE_AUTHOR("David Brownell");
2805