From 9c72758439c44f48f095d9d85e5e20d8050ab93a Mon Sep 17 00:00:00 2001 From: Bandan Das Date: Fri, 23 Feb 2018 11:48:25 -0500 Subject: usb-mtp: Add one more argument when building results The response to a SendObjectInfo consists of the storageid, parent obejct handle and the handle reserved for the new incoming object Signed-off-by: Bandan Das Message-id: 20180223164829.29683-2-bsd@redhat.com Signed-off-by: Gerd Hoffmann --- hw/usb/dev-mtp.c | 50 +++++++++++++++++++++++++++----------------------- 1 file changed, 27 insertions(+), 23 deletions(-) diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c index 94c2e94f10..b55aa8205e 100644 --- a/hw/usb/dev-mtp.c +++ b/hw/usb/dev-mtp.c @@ -765,7 +765,8 @@ static void usb_mtp_add_time(MTPData *data, time_t time) /* ----------------------------------------------------------------------- */ static void usb_mtp_queue_result(MTPState *s, uint16_t code, uint32_t trans, - int argc, uint32_t arg0, uint32_t arg1) + int argc, uint32_t arg0, uint32_t arg1, + uint32_t arg2) { MTPControl *c = g_new0(MTPControl, 1); @@ -778,6 +779,9 @@ static void usb_mtp_queue_result(MTPState *s, uint16_t code, uint32_t trans, if (argc > 1) { c->argv[1] = arg1; } + if (argc > 2) { + c->argv[2] = arg2; + } assert(s->result == NULL); s->result = c; @@ -1119,7 +1123,7 @@ static void usb_mtp_command(MTPState *s, MTPControl *c) /* sanity checks */ if (c->code >= CMD_CLOSE_SESSION && s->session == 0) { usb_mtp_queue_result(s, RES_SESSION_NOT_OPEN, - c->trans, 0, 0, 0); + c->trans, 0, 0, 0, 0); return; } @@ -1131,12 +1135,12 @@ static void usb_mtp_command(MTPState *s, MTPControl *c) case CMD_OPEN_SESSION: if (s->session) { usb_mtp_queue_result(s, RES_SESSION_ALREADY_OPEN, - c->trans, 1, s->session, 0); + c->trans, 1, s->session, 0, 0); return; } if (c->argv[0] == 0) { usb_mtp_queue_result(s, RES_INVALID_PARAMETER, - c->trans, 0, 0, 0); + c->trans, 0, 0, 0, 0); return; } trace_usb_mtp_op_open_session(s->dev.addr); @@ -1165,7 +1169,7 @@ static void usb_mtp_command(MTPState *s, MTPControl *c) if (c->argv[0] != QEMU_STORAGE_ID && c->argv[0] != 0xffffffff) { usb_mtp_queue_result(s, RES_INVALID_STORAGE_ID, - c->trans, 0, 0, 0); + c->trans, 0, 0, 0, 0); return; } data_in = usb_mtp_get_storage_info(s, c); @@ -1175,12 +1179,12 @@ static void usb_mtp_command(MTPState *s, MTPControl *c) if (c->argv[0] != QEMU_STORAGE_ID && c->argv[0] != 0xffffffff) { usb_mtp_queue_result(s, RES_INVALID_STORAGE_ID, - c->trans, 0, 0, 0); + c->trans, 0, 0, 0, 0); return; } if (c->argv[1] != 0x00000000) { usb_mtp_queue_result(s, RES_SPEC_BY_FORMAT_UNSUPPORTED, - c->trans, 0, 0, 0); + c->trans, 0, 0, 0, 0); return; } if (c->argv[2] == 0x00000000 || @@ -1191,12 +1195,12 @@ static void usb_mtp_command(MTPState *s, MTPControl *c) } if (o == NULL) { usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE, - c->trans, 0, 0, 0); + c->trans, 0, 0, 0, 0); return; } if (o->format != FMT_ASSOCIATION) { usb_mtp_queue_result(s, RES_INVALID_PARENT_OBJECT, - c->trans, 0, 0, 0); + c->trans, 0, 0, 0, 0); return; } usb_mtp_object_readdir(s, o); @@ -1212,7 +1216,7 @@ static void usb_mtp_command(MTPState *s, MTPControl *c) o = usb_mtp_object_lookup(s, c->argv[0]); if (o == NULL) { usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE, - c->trans, 0, 0, 0); + c->trans, 0, 0, 0, 0); return; } data_in = usb_mtp_get_object_info(s, c, o); @@ -1221,18 +1225,18 @@ static void usb_mtp_command(MTPState *s, MTPControl *c) o = usb_mtp_object_lookup(s, c->argv[0]); if (o == NULL) { usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE, - c->trans, 0, 0, 0); + c->trans, 0, 0, 0, 0); return; } if (o->format == FMT_ASSOCIATION) { usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE, - c->trans, 0, 0, 0); + c->trans, 0, 0, 0, 0); return; } data_in = usb_mtp_get_object(s, c, o); if (data_in == NULL) { usb_mtp_queue_result(s, RES_GENERAL_ERROR, - c->trans, 0, 0, 0); + c->trans, 0, 0, 0, 0); return; } break; @@ -1240,18 +1244,18 @@ static void usb_mtp_command(MTPState *s, MTPControl *c) o = usb_mtp_object_lookup(s, c->argv[0]); if (o == NULL) { usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE, - c->trans, 0, 0, 0); + c->trans, 0, 0, 0, 0); return; } if (o->format == FMT_ASSOCIATION) { usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE, - c->trans, 0, 0, 0); + c->trans, 0, 0, 0, 0); return; } data_in = usb_mtp_get_partial_object(s, c, o); if (data_in == NULL) { usb_mtp_queue_result(s, RES_GENERAL_ERROR, - c->trans, 0, 0, 0); + c->trans, 0, 0, 0, 0); return; } nres = 1; @@ -1261,7 +1265,7 @@ static void usb_mtp_command(MTPState *s, MTPControl *c) if (c->argv[0] != FMT_UNDEFINED_OBJECT && c->argv[0] != FMT_ASSOCIATION) { usb_mtp_queue_result(s, RES_INVALID_OBJECT_FORMAT_CODE, - c->trans, 0, 0, 0); + c->trans, 0, 0, 0, 0); return; } data_in = usb_mtp_get_object_props_supported(s, c); @@ -1270,13 +1274,13 @@ static void usb_mtp_command(MTPState *s, MTPControl *c) if (c->argv[1] != FMT_UNDEFINED_OBJECT && c->argv[1] != FMT_ASSOCIATION) { usb_mtp_queue_result(s, RES_INVALID_OBJECT_FORMAT_CODE, - c->trans, 0, 0, 0); + c->trans, 0, 0, 0, 0); return; } data_in = usb_mtp_get_object_prop_desc(s, c); if (data_in == NULL) { usb_mtp_queue_result(s, RES_INVALID_OBJECT_PROP_CODE, - c->trans, 0, 0, 0); + c->trans, 0, 0, 0, 0); return; } break; @@ -1284,20 +1288,20 @@ static void usb_mtp_command(MTPState *s, MTPControl *c) o = usb_mtp_object_lookup(s, c->argv[0]); if (o == NULL) { usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE, - c->trans, 0, 0, 0); + c->trans, 0, 0, 0, 0); return; } data_in = usb_mtp_get_object_prop_value(s, c, o); if (data_in == NULL) { usb_mtp_queue_result(s, RES_INVALID_OBJECT_PROP_CODE, - c->trans, 0, 0, 0); + c->trans, 0, 0, 0, 0); return; } break; default: trace_usb_mtp_op_unknown(s->dev.addr, c->code); usb_mtp_queue_result(s, RES_OPERATION_NOT_SUPPORTED, - c->trans, 0, 0, 0); + c->trans, 0, 0, 0, 0); return; } @@ -1306,7 +1310,7 @@ static void usb_mtp_command(MTPState *s, MTPControl *c) assert(s->data_in == NULL); s->data_in = data_in; } - usb_mtp_queue_result(s, RES_OK, c->trans, nres, res0, 0); + usb_mtp_queue_result(s, RES_OK, c->trans, nres, res0, 0, 0); } /* ----------------------------------------------------------------------- */ -- cgit v1.2.3 From 5d13ebeacc22eb854e5d70b18fda1af22a46dc27 Mon Sep 17 00:00:00 2001 From: Bandan Das Date: Fri, 23 Feb 2018 11:48:26 -0500 Subject: usb-mtp: print parent path in IN_IGNORED trace fn Fix a possible null dereference when deleting a folder and its contents. An ignored event might be received for its contents after the parent folder is deleted which will return a null object. Signed-off-by: Bandan Das Message-id: 20180223164829.29683-3-bsd@redhat.com Signed-off-by: Gerd Hoffmann --- hw/usb/dev-mtp.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c index b55aa8205e..63f8f3b90b 100644 --- a/hw/usb/dev-mtp.c +++ b/hw/usb/dev-mtp.c @@ -540,9 +540,8 @@ static void inotify_watchfn(void *arg) break; case IN_IGNORED: - o = usb_mtp_object_lookup_name(parent, event->name, event->len); - trace_usb_mtp_inotify_event(s->dev.addr, o->path, - event->mask, "Obj ignored"); + trace_usb_mtp_inotify_event(s->dev.addr, parent->path, + event->mask, "Obj parent dir ignored"); break; default: -- cgit v1.2.3 From ec6206a68f700bd22aec3e3b98877d45b22d5143 Mon Sep 17 00:00:00 2001 From: Bandan Das Date: Fri, 23 Feb 2018 11:48:27 -0500 Subject: usb-mtp: Support delete of mtp objects Write of existing objects by the initiator is acheived by making a temporary buffer with the new changes, deleting the old file and then writing a new file with the same name. Also, add a "readonly" property which needs to be set to false for deletion to work. Signed-off-by: Bandan Das Message-id: 20180223164829.29683-4-bsd@redhat.com Signed-off-by: Gerd Hoffmann --- hw/usb/dev-mtp.c | 123 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 123 insertions(+) diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c index 63f8f3b90b..5ef77f3e9f 100644 --- a/hw/usb/dev-mtp.c +++ b/hw/usb/dev-mtp.c @@ -46,6 +46,7 @@ enum mtp_code { CMD_GET_OBJECT_HANDLES = 0x1007, CMD_GET_OBJECT_INFO = 0x1008, CMD_GET_OBJECT = 0x1009, + CMD_DELETE_OBJECT = 0x100b, CMD_GET_PARTIAL_OBJECT = 0x101b, CMD_GET_OBJECT_PROPS_SUPPORTED = 0x9801, CMD_GET_OBJECT_PROP_DESC = 0x9802, @@ -62,6 +63,8 @@ enum mtp_code { RES_INVALID_STORAGE_ID = 0x2008, RES_INVALID_OBJECT_HANDLE = 0x2009, RES_INVALID_OBJECT_FORMAT_CODE = 0x200b, + RES_STORE_READ_ONLY = 0x200e, + RES_PARTIAL_DELETE = 0x2012, RES_SPEC_BY_FORMAT_UNSUPPORTED = 0x2014, RES_INVALID_PARENT_OBJECT = 0x201a, RES_INVALID_PARAMETER = 0x201d, @@ -172,6 +175,7 @@ struct MTPState { MTPControl *result; uint32_t session; uint32_t next_handle; + bool readonly; QTAILQ_HEAD(, MTPObject) objects; #ifdef CONFIG_INOTIFY1 @@ -799,6 +803,7 @@ static MTPData *usb_mtp_get_device_info(MTPState *s, MTPControl *c) CMD_GET_NUM_OBJECTS, CMD_GET_OBJECT_HANDLES, CMD_GET_OBJECT_INFO, + CMD_DELETE_OBJECT, CMD_GET_OBJECT, CMD_GET_PARTIAL_OBJECT, CMD_GET_OBJECT_PROPS_SUPPORTED, @@ -1113,6 +1118,116 @@ static MTPData *usb_mtp_get_object_prop_value(MTPState *s, MTPControl *c, return d; } +/* Return correct return code for a delete event */ +enum { + ALL_DELETE, + PARTIAL_DELETE, + READ_ONLY, +}; + +/* Assumes that children, if any, have been already freed */ +static void usb_mtp_object_free_one(MTPState *s, MTPObject *o) +{ +#ifndef CONFIG_INOTIFY1 + assert(o->nchildren == 0); + QTAILQ_REMOVE(&s->objects, o, next); + g_free(o->name); + g_free(o->path); + g_free(o); +#endif +} + +static int usb_mtp_deletefn(MTPState *s, MTPObject *o, uint32_t trans) +{ + MTPObject *iter, *iter2; + bool partial_delete = false; + bool success = false; + + /* + * TODO: Add support for Protection Status + */ + + QLIST_FOREACH(iter, &o->children, list) { + if (iter->format == FMT_ASSOCIATION) { + QLIST_FOREACH(iter2, &iter->children, list) { + usb_mtp_deletefn(s, iter2, trans); + } + } + } + + if (o->format == FMT_UNDEFINED_OBJECT) { + if (remove(o->path)) { + partial_delete = true; + } else { + usb_mtp_object_free_one(s, o); + success = true; + } + } + + if (o->format == FMT_ASSOCIATION) { + if (rmdir(o->path)) { + partial_delete = true; + } else { + usb_mtp_object_free_one(s, o); + success = true; + } + } + + if (success && partial_delete) { + return PARTIAL_DELETE; + } + if (!success && partial_delete) { + return READ_ONLY; + } + return ALL_DELETE; +} + +static void usb_mtp_object_delete(MTPState *s, uint32_t handle, + uint32_t format_code, uint32_t trans) +{ + MTPObject *o; + int ret; + + /* Return error if store is read-only */ + if (!FLAG_SET(s, MTP_FLAG_WRITABLE)) { + usb_mtp_queue_result(s, RES_STORE_READ_ONLY, + trans, 0, 0, 0, 0); + return; + } + + if (format_code != 0) { + usb_mtp_queue_result(s, RES_SPEC_BY_FORMAT_UNSUPPORTED, + trans, 0, 0, 0, 0); + return; + } + + if (handle == 0xFFFFFFF) { + o = QTAILQ_FIRST(&s->objects); + } else { + o = usb_mtp_object_lookup(s, handle); + } + if (o == NULL) { + usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE, + trans, 0, 0, 0, 0); + return; + } + + ret = usb_mtp_deletefn(s, o, trans); + if (ret == PARTIAL_DELETE) { + usb_mtp_queue_result(s, RES_PARTIAL_DELETE, + trans, 0, 0, 0, 0); + return; + } else if (ret == READ_ONLY) { + usb_mtp_queue_result(s, RES_STORE_READ_ONLY, trans, + 0, 0, 0, 0); + return; + } else { + usb_mtp_queue_result(s, RES_OK, trans, + 0, 0, 0, 0); + return; + } +} + static void usb_mtp_command(MTPState *s, MTPControl *c) { MTPData *data_in = NULL; @@ -1239,6 +1354,9 @@ static void usb_mtp_command(MTPState *s, MTPControl *c) return; } break; + case CMD_DELETE_OBJECT: + usb_mtp_object_delete(s, c->argv[0], c->argv[1], c->trans); + return; case CMD_GET_PARTIAL_OBJECT: o = usb_mtp_object_lookup(s, c->argv[0]); if (o == NULL) { @@ -1545,6 +1663,10 @@ static void usb_mtp_realize(USBDevice *dev, Error **errp) return; } s->desc = strrchr(s->root, '/'); + /* Mark store as RW */ + if (!s->readonly) { + s->flags |= (1 << MTP_FLAG_WRITABLE); + } if (s->desc && s->desc[0]) { s->desc = g_strdup(s->desc + 1); } else { @@ -1567,6 +1689,7 @@ static const VMStateDescription vmstate_usb_mtp = { static Property mtp_properties[] = { DEFINE_PROP_STRING("x-root", MTPState, root), DEFINE_PROP_STRING("desc", MTPState, desc), + DEFINE_PROP_BOOL("readonly", MTPState, readonly, true), DEFINE_PROP_END_OF_LIST(), }; -- cgit v1.2.3 From 88d5f381ecb2d2828fd77676572ff9a99da699fb Mon Sep 17 00:00:00 2001 From: Bandan Das Date: Fri, 23 Feb 2018 11:48:28 -0500 Subject: usb-mtp: Introduce write support for MTP objects Allow write operations on behalf of the initiator. The precursor to write is the sending of the write metadata that consists of the ObjectInfo dataset. This patch introduces a flag that is set when the responder is ready to receive write data based on a previous SendObjectInfo operation by the initiator (The SendObjectInfo implementation is in a later patch) Signed-off-by: Bandan Das Message-id: 20180223164829.29683-5-bsd@redhat.com Signed-off-by: Gerd Hoffmann --- hw/usb/dev-mtp.c | 157 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 155 insertions(+), 2 deletions(-) diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c index 5ef77f3e9f..ecb37828d5 100644 --- a/hw/usb/dev-mtp.c +++ b/hw/usb/dev-mtp.c @@ -47,6 +47,7 @@ enum mtp_code { CMD_GET_OBJECT_INFO = 0x1008, CMD_GET_OBJECT = 0x1009, CMD_DELETE_OBJECT = 0x100b, + CMD_SEND_OBJECT = 0x100d, CMD_GET_PARTIAL_OBJECT = 0x101b, CMD_GET_OBJECT_PROPS_SUPPORTED = 0x9801, CMD_GET_OBJECT_PROP_DESC = 0x9802, @@ -63,9 +64,11 @@ enum mtp_code { RES_INVALID_STORAGE_ID = 0x2008, RES_INVALID_OBJECT_HANDLE = 0x2009, RES_INVALID_OBJECT_FORMAT_CODE = 0x200b, + RES_STORE_FULL = 0x200c, RES_STORE_READ_ONLY = 0x200e, RES_PARTIAL_DELETE = 0x2012, RES_SPEC_BY_FORMAT_UNSUPPORTED = 0x2014, + RES_INVALID_OBJECTINFO = 0x2015, RES_INVALID_PARENT_OBJECT = 0x201a, RES_INVALID_PARAMETER = 0x201d, RES_SESSION_ALREADY_OPEN = 0x201e, @@ -183,6 +186,14 @@ struct MTPState { int inotifyfd; QTAILQ_HEAD(events, MTPMonEntry) events; #endif + /* Responder is expecting a write operation */ + bool write_pending; + struct { + uint32_t parent_handle; + uint16_t format; + uint32_t size; + char *filename; + } dataset; }; #define TYPE_USB_MTP "usb-mtp" @@ -804,6 +815,7 @@ static MTPData *usb_mtp_get_device_info(MTPState *s, MTPControl *c) CMD_GET_OBJECT_HANDLES, CMD_GET_OBJECT_INFO, CMD_DELETE_OBJECT, + CMD_SEND_OBJECT, CMD_GET_OBJECT, CMD_GET_PARTIAL_OBJECT, CMD_GET_OBJECT_PROPS_SUPPORTED, @@ -1378,6 +1390,19 @@ static void usb_mtp_command(MTPState *s, MTPControl *c) nres = 1; res0 = data_in->length; break; + case CMD_SEND_OBJECT: + if (!FLAG_SET(s, MTP_FLAG_WRITABLE)) { + usb_mtp_queue_result(s, RES_STORE_READ_ONLY, + c->trans, 0, 0, 0, 0); + return; + } + if (!s->write_pending) { + usb_mtp_queue_result(s, RES_INVALID_OBJECTINFO, + c->trans, 0, 0, 0, 0); + return; + } + s->data_out = usb_mtp_data_alloc(c); + return; case CMD_GET_OBJECT_PROPS_SUPPORTED: if (c->argv[0] != FMT_UNDEFINED_OBJECT && c->argv[0] != FMT_ASSOCIATION) { @@ -1472,12 +1497,126 @@ static void usb_mtp_cancel_packet(USBDevice *dev, USBPacket *p) fprintf(stderr, "%s\n", __func__); } +static void usb_mtp_write_data(MTPState *s) +{ + MTPData *d = s->data_out; + MTPObject *parent = + usb_mtp_object_lookup(s, s->dataset.parent_handle); + char *path = NULL; + int rc = -1; + mode_t mask = 0644; + + assert(d != NULL); + + if (parent == NULL || !s->write_pending) { + usb_mtp_queue_result(s, RES_INVALID_OBJECTINFO, d->trans, + 0, 0, 0, 0); + return; + } + + if (s->dataset.filename) { + path = g_strdup_printf("%s/%s", parent->path, s->dataset.filename); + if (s->dataset.format == FMT_ASSOCIATION) { + d->fd = mkdir(path, mask); + goto free; + } + if (s->dataset.size < d->length) { + usb_mtp_queue_result(s, RES_STORE_FULL, d->trans, + 0, 0, 0, 0); + goto done; + } + d->fd = open(path, O_CREAT | O_WRONLY, mask); + if (d->fd == -1) { + usb_mtp_queue_result(s, RES_STORE_FULL, d->trans, + 0, 0, 0, 0); + goto done; + } + + /* + * Return success if initiator sent 0 sized data + */ + if (!s->dataset.size) { + goto success; + } + + rc = write(d->fd, d->data, s->dataset.size); + if (rc == -1) { + usb_mtp_queue_result(s, RES_STORE_FULL, d->trans, + 0, 0, 0, 0); + goto done; + } + if (rc != s->dataset.size) { + usb_mtp_queue_result(s, RES_INCOMPLETE_TRANSFER, d->trans, + 0, 0, 0, 0); + goto done; + } + } + +success: + usb_mtp_queue_result(s, RES_OK, d->trans, + 0, 0, 0, 0); + +done: + /* + * The write dataset is kept around and freed only + * on success or if another write request comes in + */ + if (d->fd != -1) { + close(d->fd); + } +free: + g_free(s->dataset.filename); + g_free(path); + s->write_pending = false; +} + +static void usb_mtp_get_data(MTPState *s, mtp_container *container, + USBPacket *p) +{ + MTPData *d = s->data_out; + uint64_t dlen; + uint32_t data_len = p->iov.size; + + if (d->first) { + /* Total length of incoming data */ + d->length = cpu_to_le32(container->length) - sizeof(mtp_container); + /* Length of data in this packet */ + data_len -= sizeof(mtp_container); + usb_mtp_realloc(d, d->length); + d->offset = 0; + d->first = false; + } + + if (d->length - d->offset > data_len) { + dlen = data_len; + } else { + dlen = d->length - d->offset; + } + + switch (d->code) { + case CMD_SEND_OBJECT: + usb_packet_copy(p, d->data + d->offset, dlen); + d->offset += dlen; + if (d->offset == d->length) { + usb_mtp_write_data(s); + usb_mtp_data_free(s->data_out); + s->data_out = NULL; + return; + } + break; + default: + p->status = USB_RET_STALL; + return; + } +} + static void usb_mtp_handle_data(USBDevice *dev, USBPacket *p) { MTPState *s = USB_MTP(dev); MTPControl cmd; mtp_container container; uint32_t params[5]; + uint16_t container_type; int i, rc; switch (p->ep->nr) { @@ -1567,8 +1706,13 @@ static void usb_mtp_handle_data(USBDevice *dev, USBPacket *p) p->status = USB_RET_STALL; return; } - usb_packet_copy(p, &container, sizeof(container)); - switch (le16_to_cpu(container.type)) { + if (s->data_out && !s->data_out->first) { + container_type = TYPE_DATA; + } else { + usb_packet_copy(p, &container, sizeof(container)); + container_type = le16_to_cpu(container.type); + } + switch (container_type) { case TYPE_COMMAND: if (s->data_in || s->data_out || s->result) { trace_usb_mtp_stall(s->dev.addr, "transaction inflight"); @@ -1599,6 +1743,15 @@ static void usb_mtp_handle_data(USBDevice *dev, USBPacket *p) (cmd.argc > 4) ? cmd.argv[4] : 0); usb_mtp_command(s, &cmd); break; + case TYPE_DATA: + /* One of the previous transfers has already errored but the + * responder is still sending data associated with it + */ + if (s->result != NULL) { + return; + } + usb_mtp_get_data(s, &container, p); + break; default: /* not needed as long as the mtp device is read-only */ p->status = USB_RET_STALL; -- cgit v1.2.3 From 53735bef108c5ccddf0f8a65cde4da53a48dbd47 Mon Sep 17 00:00:00 2001 From: Bandan Das Date: Fri, 23 Feb 2018 11:48:29 -0500 Subject: usb-mtp: Advertise SendObjectInfo for write support This patch implements a dummy ObjectInfo structure so that it's easy to typecast the incoming data. If the metadata is valid, write_pending is set. Also, the incoming filename is utf-16, so, instead of depending on external libraries, just implement a simple function to get the filename Signed-off-by: Bandan Das Message-id: 20180223164829.29683-6-bsd@redhat.com Signed-off-by: Gerd Hoffmann --- hw/usb/dev-mtp.c | 136 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 134 insertions(+), 2 deletions(-) diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c index ecb37828d5..6ecf70a79b 100644 --- a/hw/usb/dev-mtp.c +++ b/hw/usb/dev-mtp.c @@ -47,6 +47,7 @@ enum mtp_code { CMD_GET_OBJECT_INFO = 0x1008, CMD_GET_OBJECT = 0x1009, CMD_DELETE_OBJECT = 0x100b, + CMD_SEND_OBJECT_INFO = 0x100c, CMD_SEND_OBJECT = 0x100d, CMD_GET_PARTIAL_OBJECT = 0x101b, CMD_GET_OBJECT_PROPS_SUPPORTED = 0x9801, @@ -67,8 +68,10 @@ enum mtp_code { RES_STORE_FULL = 0x200c, RES_STORE_READ_ONLY = 0x200e, RES_PARTIAL_DELETE = 0x2012, + RES_STORE_NOT_AVAILABLE = 0x2013, RES_SPEC_BY_FORMAT_UNSUPPORTED = 0x2014, RES_INVALID_OBJECTINFO = 0x2015, + RES_DESTINATION_UNSUPPORTED = 0x2020, RES_INVALID_PARENT_OBJECT = 0x201a, RES_INVALID_PARAMETER = 0x201d, RES_SESSION_ALREADY_OPEN = 0x201e, @@ -196,6 +199,34 @@ struct MTPState { } dataset; }; +/* + * ObjectInfo dataset received from initiator + * Fields we don't care about are ignored + */ +typedef struct { + uint32_t storage_id; /*unused*/ + uint16_t format; + uint16_t protection_status; /*unused*/ + uint32_t size; + uint16_t thumb_format; /*unused*/ + uint32_t thumb_comp_sz; /*unused*/ + uint32_t thumb_pix_width; /*unused*/ + uint32_t thumb_pix_height; /*unused*/ + uint32_t image_pix_width; /*unused*/ + uint32_t image_pix_height; /*unused*/ + uint32_t image_bit_depth; /*unused*/ + uint32_t parent; /*unused*/ + uint16_t assoc_type; + uint32_t assoc_desc; + uint32_t seq_no; /*unused*/ + uint8_t length; /*part of filename field*/ + uint16_t filename[0]; + char date_created[0]; /*unused*/ + char date_modified[0]; /*unused*/ + char keywords[0]; /*unused*/ + /* string and other data follows */ +} QEMU_PACKED ObjectInfo; + #define TYPE_USB_MTP "usb-mtp" #define USB_MTP(obj) OBJECT_CHECK(MTPState, (obj), TYPE_USB_MTP) @@ -437,7 +468,6 @@ static MTPObject *usb_mtp_add_child(MTPState *s, MTPObject *o, return child; } -#ifdef CONFIG_INOTIFY1 static MTPObject *usb_mtp_object_lookup_name(MTPObject *parent, char *name, int len) { @@ -452,6 +482,7 @@ static MTPObject *usb_mtp_object_lookup_name(MTPObject *parent, return NULL; } +#ifdef CONFIG_INOTIFY1 static MTPObject *usb_mtp_object_lookup_wd(MTPState *s, int wd) { MTPObject *iter; @@ -815,6 +846,7 @@ static MTPData *usb_mtp_get_device_info(MTPState *s, MTPControl *c) CMD_GET_OBJECT_HANDLES, CMD_GET_OBJECT_INFO, CMD_DELETE_OBJECT, + CMD_SEND_OBJECT_INFO, CMD_SEND_OBJECT, CMD_GET_OBJECT, CMD_GET_PARTIAL_OBJECT, @@ -1243,7 +1275,7 @@ static void usb_mtp_object_delete(MTPState *s, uint32_t handle, static void usb_mtp_command(MTPState *s, MTPControl *c) { MTPData *data_in = NULL; - MTPObject *o; + MTPObject *o = NULL; uint32_t nres = 0, res0 = 0; /* sanity checks */ @@ -1390,6 +1422,41 @@ static void usb_mtp_command(MTPState *s, MTPControl *c) nres = 1; res0 = data_in->length; break; + case CMD_SEND_OBJECT_INFO: + /* Return error if store is read-only */ + if (!FLAG_SET(s, MTP_FLAG_WRITABLE)) { + usb_mtp_queue_result(s, RES_STORE_READ_ONLY, + c->trans, 0, 0, 0, 0); + } else if (c->argv[0] && (c->argv[0] != QEMU_STORAGE_ID)) { + /* First parameter points to storage id or is 0 */ + usb_mtp_queue_result(s, RES_STORE_NOT_AVAILABLE, c->trans, + 0, 0, 0, 0); + } else if (c->argv[1] && !c->argv[0]) { + /* If second parameter is specified, first must also be specified */ + usb_mtp_queue_result(s, RES_DESTINATION_UNSUPPORTED, c->trans, + 0, 0, 0, 0); + } else { + uint32_t handle = c->argv[1]; + if (handle == 0xFFFFFFFF || handle == 0) { + /* root object */ + o = QTAILQ_FIRST(&s->objects); + } else { + o = usb_mtp_object_lookup(s, handle); + } + if (o == NULL) { + usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE, c->trans, + 0, 0, 0, 0); + } + if (o->format != FMT_ASSOCIATION) { + usb_mtp_queue_result(s, RES_INVALID_PARENT_OBJECT, c->trans, + 0, 0, 0, 0); + } + } + if (o) { + s->dataset.parent_handle = o->handle; + } + s->data_out = usb_mtp_data_alloc(c); + return; case CMD_SEND_OBJECT: if (!FLAG_SET(s, MTP_FLAG_WRITABLE)) { usb_mtp_queue_result(s, RES_STORE_READ_ONLY, @@ -1497,6 +1564,19 @@ static void usb_mtp_cancel_packet(USBDevice *dev, USBPacket *p) fprintf(stderr, "%s\n", __func__); } +static void utf16_to_str(uint8_t len, uint16_t *arr, char *name) +{ + int count; + wchar_t *wstr = g_new0(wchar_t, len); + + for (count = 0; count < len; count++) { + wstr[count] = (wchar_t)arr[count]; + } + + wcstombs(name, wstr, len); + g_free(wstr); +} + static void usb_mtp_write_data(MTPState *s) { MTPData *d = s->data_out; @@ -1570,6 +1650,45 @@ free: s->write_pending = false; } +static void usb_mtp_write_metadata(MTPState *s) +{ + MTPData *d = s->data_out; + ObjectInfo *dataset = (ObjectInfo *)d->data; + char *filename = g_new0(char, dataset->length); + MTPObject *o; + MTPObject *p = usb_mtp_object_lookup(s, s->dataset.parent_handle); + uint32_t next_handle = s->next_handle; + + assert(!s->write_pending); + + utf16_to_str(dataset->length, dataset->filename, filename); + + o = usb_mtp_object_lookup_name(p, filename, dataset->length); + if (o != NULL) { + next_handle = o->handle; + } + + s->dataset.filename = filename; + s->dataset.format = dataset->format; + s->dataset.size = dataset->size; + s->dataset.filename = filename; + s->write_pending = true; + + if (s->dataset.format == FMT_ASSOCIATION) { + usb_mtp_write_data(s); + /* next_handle will be allocated to the newly created dir */ + if (d->fd == -1) { + usb_mtp_queue_result(s, RES_STORE_FULL, d->trans, + 0, 0, 0, 0); + return; + } + d->fd = -1; + } + + usb_mtp_queue_result(s, RES_OK, d->trans, 3, QEMU_STORAGE_ID, + s->dataset.parent_handle, next_handle); +} + static void usb_mtp_get_data(MTPState *s, mtp_container *container, USBPacket *p) { @@ -1594,6 +1713,19 @@ static void usb_mtp_get_data(MTPState *s, mtp_container *container, } switch (d->code) { + case CMD_SEND_OBJECT_INFO: + usb_packet_copy(p, d->data + d->offset, dlen); + d->offset += dlen; + if (d->offset == d->length) { + /* The operation might have already failed */ + if (!s->result) { + usb_mtp_write_metadata(s); + } + usb_mtp_data_free(s->data_out); + s->data_out = NULL; + return; + } + break; case CMD_SEND_OBJECT: usb_packet_copy(p, d->data + d->offset, dlen); d->offset += dlen; -- cgit v1.2.3