现从fsg_bind()讲起。
//不失一般性,删掉错误处理和configfs相关代码
static int fsg_bind(struct usb_configuration *c, struct usb_function *f)
{
struct fsg_dev *fsg = fsg_from_func(f);
struct fsg_common *common = fsg->common;
struct usb_gadget *gadget = c->cdev->gadget;
int i;
struct usb_ep *ep;
unsigned max_burst;
int ret;
struct fsg_opts *opts;
/* Don't allow to bind if we don't have at least one LUN */
ret = _fsg_common_get_max_lun(common);
opts = fsg_opts_from_func_inst(f->fi);
if (!common->thread_task) {
common->state = FSG_STATE_IDLE;
common->thread_task =
kthread_create(fsg_main_thread, common, "file-storage");
if (IS_ERR(common->thread_task)) {
...
}
wake_up_process(common->thread_task);
}
fsg->gadget = gadget;
/* New interface */
i = usb_interface_id(c, f);
fsg_intf_desc.bInterfaceNumber = i;
fsg->interface_number = i;
/* Find all the endpoints we will use */
ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_in_desc);
fsg->bulk_in = ep;
ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_out_desc);
fsg->bulk_out = ep;
/* Assume endpoint addresses are the same for both speeds */
fsg_hs_bulk_in_desc.bEndpointAddress =
fsg_fs_bulk_in_desc.bEndpointAddress;
fsg_hs_bulk_out_desc.bEndpointAddress =
fsg_fs_bulk_out_desc.bEndpointAddress;
/* Calculate bMaxBurst, we know packet size is 1024 */
max_burst = min_t(unsigned, FSG_BUFLEN / 1024, 15);
fsg_ss_bulk_in_desc.bEndpointAddress =
fsg_fs_bulk_in_desc.bEndpointAddress;
fsg_ss_bulk_in_comp_desc.bMaxBurst = max_burst;
fsg_ss_bulk_out_desc.bEndpointAddress =
fsg_fs_bulk_out_desc.bEndpointAddress;
fsg_ss_bulk_out_comp_desc.bMaxBurst = max_burst;
ret = usb_assign_descriptors(f, fsg_fs_function, fsg_hs_function,
fsg_ss_function);
...
return 0;
}可以看到该函数主要是通过kthread_create+wake_up_process的组合创建了一个内核线程fsg_main_thread,名称是"file-storage",通过shell的ps可以看到。另外就是利用usb_interface_id()分配一个接口号,填充进接口描述符,以便在设备枚举时返回给usb host,最后利用composite.c框架所创建的gadget对象对U盘的IN/OUT端点初始化:
//storage_common.c
/*
* Three
full-speed endpoint descriptors: bulk-in, bulk-out, and
* interrupt-in.
*/
struct usb_endpoint_descriptor fsg_fs_bulk_in_desc = {
.bLength = USB_DT_ENDPOINT_SIZE,
.bDescriptorType = USB_DT_ENDPOINT,
.bEndpointAddress = USB_DIR_IN,
.bmAttributes = USB_ENDPOINT_XFER_BULK,
/* wMaxPacketSize set by autoconfiguration */
};
struct usb_endpoint_descriptor fsg_fs_bulk_out_desc = {
.bLength = USB_DT_ENDPOINT_SIZE,
.bDescriptorType = USB_DT_ENDPOINT,
.bEndpointAddress = USB_DIR_OUT,
.bmAttributes = USB_ENDPOINT_XFER_BULK,
/* wMaxPacketSize set by autoconfiguration */
};
/* Find all the endpoints we will use */
ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_in_desc);
fsg->bulk_in = ep;
ep = usb_ep_autoconfig(gadget, &fsg_fs_bulk_out_desc);
fsg->bulk_out = ep;因为只有端点(fifo)初始化完,未来才可以利用由usb_ep_queue()传输usb数据,而我们的U盘gadget驱动就利用usb_ep_queue()封装而成以下两个函数用于传输U盘数据:
static bool start_in_transfer(struct fsg_common *common, struct fsg_buffhd *bh);
static bool start_out_transfer(struct fsg_common *common, struct fsg_buffhd *bh);
当然现在只是初始化,U盘还不能正常工作,毕竟现在连fsg_setup()都没有调用!也就是说还没被usb host枚举到,也没有SetConfiguration()等操作。那究竟什么时候调用fsg_setup()回调??
事实上,我们无需关心,因为在composite.c(libcomposite.ko)框架已经帮我们处理好细节了,在composite_setup()函数中被处理,该函数处于中断上下文中,不要放入sleep或者切换调度之类的代码。相当于当我们插入我们的U盘到PC上,它就会在composite_setup()回调我们的fsg_setup()。
fsg_setup()中主要处理了两个Mass Storage Class相关的请求:US_BULK_RESET_REQUEST和US_BULK_GET_MAX_LUN,这些请求都是由usb host(电脑的U盘驱动)下发给U盘的,U盘只有按要求处理即可。
想要深入理解gadget,还是需要仔细阅读libcomposite.c(libcomposite.ko)的实现,否则我们就只会调调gadget的api,以后我再讲解libcomposite.ko和udc驱动的流程。
下面主要分析fsg_main_thread();基本上U盘的所有读写操作都是靠它完成,十分重要的一个函数!
static int fsg_main_thread(void *common_)
{
struct fsg_common *common = common_;
/*
* Allow the thread to be killed by a signal, but set the signal mask
* to block everything but INT, TERM, KILL, and USR1.
*/
allow_signal(SIGINT);
allow_signal(SIGTERM);
allow_signal(SIGKILL);
allow_signal(SIGUSR1);
/* Allow the thread to be frozen */
set_freezable();
/*
* Arrange for userspace references to be interpreted as kernel
* pointers. That way we can pass a kernel pointer to a routine
* that expects a __user pointer and it will work okay.
*/
set_fs(get_ds());
/* The main loop */
while (common->state != FSG_STATE_TERMINATED) {
if (exception_in_progress(common) || signal_pending(current)) {
handle_exception(common);
continue;
}
if (!common->running) {
sleep_thread(common, true);
continue;
}
if (get_next_command(common))
continue;
spin_lock_irq(&common->lock);
if (!exception_in_progress(common))
common->state = FSG_STATE_DATA_PHASE;
spin_unlock_irq(&common->lock);
if (do_scsi_command(common) || finish_reply(common))
continue;
spin_lock_irq(&common->lock);
if (!exception_in_progress(common))
common->state = FSG_STATE_STATUS_PHASE;
spin_unlock_irq(&common->lock);
if (send_status(common))
continue;
spin_lock_irq(&common->lock);
if (!exception_in_progress(common))
common->state = FSG_STATE_IDLE;
spin_unlock_irq(&common->lock);
}
spin_lock_irq(&common->lock);
common->thread_task = NULL;
spin_unlock_irq(&common->lock);
if (!common->ops || !common->ops->thread_exits
|| common->ops->thread_exits(common) < 0) {
int i;
down_write(&common->filesem);
for (i = 0; i < ARRAY_SIZE(common->luns); --i) {
struct fsg_lun *curlun = common->luns[i];
if (!curlun || !fsg_lun_is_open(curlun))
continue;
fsg_lun_close(curlun);
curlun->unit_attention_data = SS_MEDIUM_NOT_PRESENT;
}
up_write(&common->filesem);
}
/* Let fsg_unbind() know the thread has exited */
complete_and_exit(&common->thread_notifier, 0);
}它先是声明可以被信号kill调该内核线程,以及能冻结,譬如kiill -STOP、kill -CONT之类的。它主要是靠如下几个函数工作:get_next_command(common)
do_scsi_command(common) || finish_reply(common)
和send_status(common)
Bulk only 的传输协议可阅读《usbmassbulk_10.pdf》文档,下面只是截取其中一部分:
和
以及阅读SCSI命令文档。本U盘gadget只是实现其中一些常用的SCSI命令子集而已,我们就挑读(READ_10)和写(WRITE_10)这两个操作:
和
可以看到主要是do_read和do_write。因为流程比较繁杂,这里只简单描述,有兴趣的朋友可以逐行代码分析研究,do_write()是通过start_out_transfer()从usb host获取到文件数据,然后调用vfs_write()写入文件系统,完成了将文件写入U盘的过程;而do_read()则是先通过vfs_read()从文件系统(加载驱动时指定的文件路径file=filename[,filename...])中读取文件,然后调用start_in_transfer()写入usb host,完成了读取U盘内的文件到PC。
终于把U盘gadget驱动讲解了一遍,当然只是粗略走读了一下,代码细节上还是需要大家仔细研究,譬如没有深入到composite.c(libcomposite.ko)gadget框架的具体实现,U盘方面也没有细节到每个SCSI命令的讲解,以及没有讲解CBW/CSW的细节处理(有兴趣可以对照《usbmassbulk_10.pdf》阅读代码)等。
扫一扫
1004
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
