现从fsg_bind()讲起。
//不失一般性,删掉错误处理和configfs相关代码 static int fsg_bind(struct usb_configuration *c, struct usb_function *f) { struct fsg_dev *fsg = fsg_from_func(f); struct fsg_common *common = fsg->common; struct usb_gadget *gadget = c->cdev->gadget; int i; struct usb_ep *ep; unsigned max_burst; int ret; struct fsg_opts *opts; /* Don't allow to bind if we don't have at least one LUN */ ret = _fsg_common_get_max_lun(common); opts = fsg_opts_from_func_inst(f->fi); if (!common->thread_task) { common->state = FSG_STATE_IDLE; common->thread_task = kthread_create(fsg_main_thread, common, "file-storage"); if (IS_ERR(common->thread_task)) { ... } wake_up_process(common->thread_task); } fsg->gadget = gadget; /* New interface */ i = usb_interface_id(c, f); fsg_intf_desc.bInterfaceNumber = i; fsg->interface_number = i; /* Find all the endpoints we will use */ ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_in_desc); fsg->bulk_in = ep; ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_out_desc); fsg->bulk_out = ep; /* Assume endpoint addresses are the same for both speeds */ fsg_hs_bulk_in_desc.bEndpointAddress = fsg_fs_bulk_in_desc.bEndpointAddress; fsg_hs_bulk_out_desc.bEndpointAddress = fsg_fs_bulk_out_desc.bEndpointAddress; /* Calculate bMaxBurst, we know packet size is 1024 */ max_burst = min_t(unsigned, FSG_BUFLEN / 1024, 15); fsg_ss_bulk_in_desc.bEndpointAddress = fsg_fs_bulk_in_desc.bEndpointAddress; fsg_ss_bulk_in_comp_desc.bMaxBurst = max_burst; fsg_ss_bulk_out_desc.bEndpointAddress = fsg_fs_bulk_out_desc.bEndpointAddress; fsg_ss_bulk_out_comp_desc.bMaxBurst = max_burst; ret = usb_assign_descriptors(f, fsg_fs_function, fsg_hs_function, fsg_ss_function); ... return 0; }可以看到该函数主要是通过kthread_create+wake_up_process的组合创建了一个内核线程fsg_main_thread,名称是"file-storage",通过shell的ps可以看到。另外就是利用usb_interface_id()分配一个接口号,填充进接口描述符,以便在设备枚举时返回给usb host,最后利用composite.c框架所创建的gadget对象对U盘的IN/OUT端点初始化:
//storage_common.c /* * Three full-speed endpoint descriptors: bulk-in, bulk-out, and * interrupt-in. */ struct usb_endpoint_descriptor fsg_fs_bulk_in_desc = { .bLength = USB_DT_ENDPOINT_SIZE, .bDescriptorType = USB_DT_ENDPOINT, .bEndpointAddress = USB_DIR_IN, .bmAttributes = USB_ENDPOINT_XFER_BULK, /* wMaxPacketSize set by autoconfiguration */ }; struct usb_endpoint_descriptor fsg_fs_bulk_out_desc = { .bLength = USB_DT_ENDPOINT_SIZE, .bDescriptorType = USB_DT_ENDPOINT, .bEndpointAddress = USB_DIR_OUT, .bmAttributes = USB_ENDPOINT_XFER_BULK, /* wMaxPacketSize set by autoconfiguration */ }; /* Find all the endpoints we will use */ ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_in_desc); fsg->bulk_in = ep; ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_out_desc); fsg->bulk_out = ep;因为只有端点(fifo)初始化完,未来才可以利用由usb_ep_queue()传输usb数据,而我们的U盘gadget驱动就利用usb_ep_queue()封装而成以下两个函数用于传输U盘数据:
static bool start_in_transfer(struct fsg_common *common, struct fsg_buffhd *bh); static bool start_out_transfer(struct fsg_common *common, struct fsg_buffhd *bh);
当然现在只是初始化,U盘还不能正常工作,毕竟现在连fsg_setup()都没有调用!也就是说还没被usb host枚举到,也没有SetConfiguration()等操作。那究竟什么时候调用fsg_setup()回调??
事实上,我们无需关心,因为在composite.c(libcomposite.ko)框架已经帮我们处理好细节了,在composite_setup()函数中被处理,该函数处于中断上下文中,不要放入sleep或者切换调度之类的代码。相当于当我们插入我们的U盘到PC上,它就会在composite_setup()回调我们的fsg_setup()。
fsg_setup()中主要处理了两个Mass Storage Class相关的请求:US_BULK_RESET_REQUEST和US_BULK_GET_MAX_LUN,这些请求都是由usb host(电脑的U盘驱动)下发给U盘的,U盘只有按要求处理即可。
想要深入理解gadget,还是需要仔细阅读libcomposite.c(libcomposite.ko)的实现,否则我们就只会调调gadget的api,以后我再讲解libcomposite.ko和udc驱动的流程。
下面主要分析fsg_main_thread();基本上U盘的所有读写操作都是靠它完成,十分重要的一个函数!
static int fsg_main_thread(void *common_) { struct fsg_common *common = common_; /* * Allow the thread to be killed by a signal, but set the signal mask * to block everything but INT, TERM, KILL, and USR1. */ allow_signal(SIGINT); allow_signal(SIGTERM); allow_signal(SIGKILL); allow_signal(SIGUSR1); /* Allow the thread to be frozen */ set_freezable(); /* * Arrange for userspace references to be interpreted as kernel * pointers. That way we can pass a kernel pointer to a routine * that expects a __user pointer and it will work okay. */ set_fs(get_ds()); /* The main loop */ while (common->state != FSG_STATE_TERMINATED) { if (exception_in_progress(common) || signal_pending(current)) { handle_exception(common); continue; } if (!common->running) { sleep_thread(common, true); continue; } if (get_next_command(common)) continue; spin_lock_irq(&common->lock); if (!exception_in_progress(common)) common->state = FSG_STATE_DATA_PHASE; spin_unlock_irq(&common->lock); if (do_scsi_command(common) || finish_reply(common)) continue; spin_lock_irq(&common->lock); if (!exception_in_progress(common)) common->state = FSG_STATE_STATUS_PHASE; spin_unlock_irq(&common->lock); if (send_status(common)) continue; spin_lock_irq(&common->lock); if (!exception_in_progress(common)) common->state = FSG_STATE_IDLE; spin_unlock_irq(&common->lock); } spin_lock_irq(&common->lock); common->thread_task = NULL; spin_unlock_irq(&common->lock); if (!common->ops || !common->ops->thread_exits || common->ops->thread_exits(common) < 0) { int i; down_write(&common->filesem); for (i = 0; i < ARRAY_SIZE(common->luns); --i) { struct fsg_lun *curlun = common->luns[i]; if (!curlun || !fsg_lun_is_open(curlun)) continue; fsg_lun_close(curlun); curlun->unit_attention_data = SS_MEDIUM_NOT_PRESENT; } up_write(&common->filesem); } /* Let fsg_unbind() know the thread has exited */ complete_and_exit(&common->thread_notifier, 0); }它先是声明可以被信号kill调该内核线程,以及能冻结,譬如kiill -STOP、kill -CONT之类的。它主要是靠如下几个函数工作:get_next_command(common)
do_scsi_command(common) || finish_reply(common)
和send_status(common)
Bulk only 的传输协议可阅读《usbmassbulk_10.pdf》文档,下面只是截取其中一部分:
和
以及阅读SCSI命令文档。本U盘gadget只是实现其中一些常用的SCSI命令子集而已,我们就挑读(READ_10)和写(WRITE_10)这两个操作:
和
可以看到主要是do_read和do_write。因为流程比较繁杂,这里只简单描述,有兴趣的朋友可以逐行代码分析研究,do_write()是通过start_out_transfer()从usb host获取到文件数据,然后调用vfs_write()写入文件系统,完成了将文件写入U盘的过程;而do_read()则是先通过vfs_read()从文件系统(加载驱动时指定的文件路径file=filename[,filename...])中读取文件,然后调用start_in_transfer()写入usb host,完成了读取U盘内的文件到PC。
终于把U盘gadget驱动讲解了一遍,当然只是粗略走读了一下,代码细节上还是需要大家仔细研究,譬如没有深入到composite.c(libcomposite.ko)gadget框架的具体实现,U盘方面也没有细节到每个SCSI命令的讲解,以及没有讲解CBW/CSW的细节处理(有兴趣可以对照《usbmassbulk_10.pdf》阅读代码)等。
