1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * f_hid.c -- USB HID function driver
4 *
5 * Copyright (C) 2010 Fabien Chouteau <fabien.chouteau@barco.com>
6 */
7
8 #include <linux/kernel.h>
9 #include <linux/module.h>
10 #include <linux/hid.h>
11 #include <linux/idr.h>
12 #include <linux/cdev.h>
13 #include <linux/mutex.h>
14 #include <linux/poll.h>
15 #include <linux/uaccess.h>
16 #include <linux/wait.h>
17 #include <linux/sched.h>
18 #include <linux/usb/g_hid.h>
19
20 #include "u_f.h"
21 #include "u_hid.h"
22
23 #define HIDG_MINORS 4
24
25 static int major, minors;
26 static struct class *hidg_class;
27 static DEFINE_IDA(hidg_ida);
28 static DEFINE_MUTEX(hidg_ida_lock); /* protects access to hidg_ida */
29
30 /*-------------------------------------------------------------------------*/
31 /* HID gadget struct */
32
33 struct f_hidg_req_list {
34 struct usb_request *req;
35 unsigned int pos;
36 struct list_head list;
37 };
38
39 struct f_hidg {
40 /* configuration */
41 unsigned char bInterfaceSubClass;
42 unsigned char bInterfaceProtocol;
43 unsigned char protocol;
44 unsigned short report_desc_length;
45 char *report_desc;
46 unsigned short report_length;
47
48 /* recv report */
49 struct list_head completed_out_req;
50 spinlock_t read_spinlock;
51 wait_queue_head_t read_queue;
52 unsigned int qlen;
53
54 /* send report */
55 spinlock_t write_spinlock;
56 bool write_pending;
57 wait_queue_head_t write_queue;
58 struct usb_request *req;
59
60 int minor;
61 struct cdev cdev;
62 struct usb_function func;
63
64 struct usb_ep *in_ep;
65 struct usb_ep *out_ep;
66 };
67
func_to_hidg(struct usb_function * f)68 static inline struct f_hidg *func_to_hidg(struct usb_function *f)
69 {
70 return container_of(f, struct f_hidg, func);
71 }
72
73 /*-------------------------------------------------------------------------*/
74 /* Static descriptors */
75
76 static struct usb_interface_descriptor hidg_interface_desc = {
77 .bLength = sizeof hidg_interface_desc,
78 .bDescriptorType = USB_DT_INTERFACE,
79 /* .bInterfaceNumber = DYNAMIC */
80 .bAlternateSetting = 0,
81 .bNumEndpoints = 2,
82 .bInterfaceClass = USB_CLASS_HID,
83 /* .bInterfaceSubClass = DYNAMIC */
84 /* .bInterfaceProtocol = DYNAMIC */
85 /* .iInterface = DYNAMIC */
86 };
87
88 static struct hid_descriptor hidg_desc = {
89 .bLength = sizeof hidg_desc,
90 .bDescriptorType = HID_DT_HID,
91 .bcdHID = 0x0101,
92 .bCountryCode = 0x00,
93 .bNumDescriptors = 0x1,
94 /*.desc[0].bDescriptorType = DYNAMIC */
95 /*.desc[0].wDescriptorLenght = DYNAMIC */
96 };
97
98 /* Super-Speed Support */
99
100 static struct usb_endpoint_descriptor hidg_ss_in_ep_desc = {
101 .bLength = USB_DT_ENDPOINT_SIZE,
102 .bDescriptorType = USB_DT_ENDPOINT,
103 .bEndpointAddress = USB_DIR_IN,
104 .bmAttributes = USB_ENDPOINT_XFER_INT,
105 /*.wMaxPacketSize = DYNAMIC */
106 .bInterval = 4, /* FIXME: Add this field in the
107 * HID gadget configuration?
108 * (struct hidg_func_descriptor)
109 */
110 };
111
112 static struct usb_ss_ep_comp_descriptor hidg_ss_in_comp_desc = {
113 .bLength = sizeof(hidg_ss_in_comp_desc),
114 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
115
116 /* .bMaxBurst = 0, */
117 /* .bmAttributes = 0, */
118 /* .wBytesPerInterval = DYNAMIC */
119 };
120
121 static struct usb_endpoint_descriptor hidg_ss_out_ep_desc = {
122 .bLength = USB_DT_ENDPOINT_SIZE,
123 .bDescriptorType = USB_DT_ENDPOINT,
124 .bEndpointAddress = USB_DIR_OUT,
125 .bmAttributes = USB_ENDPOINT_XFER_INT,
126 /*.wMaxPacketSize = DYNAMIC */
127 .bInterval = 4, /* FIXME: Add this field in the
128 * HID gadget configuration?
129 * (struct hidg_func_descriptor)
130 */
131 };
132
133 static struct usb_ss_ep_comp_descriptor hidg_ss_out_comp_desc = {
134 .bLength = sizeof(hidg_ss_out_comp_desc),
135 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
136
137 /* .bMaxBurst = 0, */
138 /* .bmAttributes = 0, */
139 /* .wBytesPerInterval = DYNAMIC */
140 };
141
142 static struct usb_descriptor_header *hidg_ss_descriptors[] = {
143 (struct usb_descriptor_header *)&hidg_interface_desc,
144 (struct usb_descriptor_header *)&hidg_desc,
145 (struct usb_descriptor_header *)&hidg_ss_in_ep_desc,
146 (struct usb_descriptor_header *)&hidg_ss_in_comp_desc,
147 (struct usb_descriptor_header *)&hidg_ss_out_ep_desc,
148 (struct usb_descriptor_header *)&hidg_ss_out_comp_desc,
149 NULL,
150 };
151
152 /* High-Speed Support */
153
154 static struct usb_endpoint_descriptor hidg_hs_in_ep_desc = {
155 .bLength = USB_DT_ENDPOINT_SIZE,
156 .bDescriptorType = USB_DT_ENDPOINT,
157 .bEndpointAddress = USB_DIR_IN,
158 .bmAttributes = USB_ENDPOINT_XFER_INT,
159 /*.wMaxPacketSize = DYNAMIC */
160 .bInterval = 4, /* FIXME: Add this field in the
161 * HID gadget configuration?
162 * (struct hidg_func_descriptor)
163 */
164 };
165
166 static struct usb_endpoint_descriptor hidg_hs_out_ep_desc = {
167 .bLength = USB_DT_ENDPOINT_SIZE,
168 .bDescriptorType = USB_DT_ENDPOINT,
169 .bEndpointAddress = USB_DIR_OUT,
170 .bmAttributes = USB_ENDPOINT_XFER_INT,
171 /*.wMaxPacketSize = DYNAMIC */
172 .bInterval = 4, /* FIXME: Add this field in the
173 * HID gadget configuration?
174 * (struct hidg_func_descriptor)
175 */
176 };
177
178 static struct usb_descriptor_header *hidg_hs_descriptors[] = {
179 (struct usb_descriptor_header *)&hidg_interface_desc,
180 (struct usb_descriptor_header *)&hidg_desc,
181 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc,
182 (struct usb_descriptor_header *)&hidg_hs_out_ep_desc,
183 NULL,
184 };
185
186 /* Full-Speed Support */
187
188 static struct usb_endpoint_descriptor hidg_fs_in_ep_desc = {
189 .bLength = USB_DT_ENDPOINT_SIZE,
190 .bDescriptorType = USB_DT_ENDPOINT,
191 .bEndpointAddress = USB_DIR_IN,
192 .bmAttributes = USB_ENDPOINT_XFER_INT,
193 /*.wMaxPacketSize = DYNAMIC */
194 .bInterval = 10, /* FIXME: Add this field in the
195 * HID gadget configuration?
196 * (struct hidg_func_descriptor)
197 */
198 };
199
200 static struct usb_endpoint_descriptor hidg_fs_out_ep_desc = {
201 .bLength = USB_DT_ENDPOINT_SIZE,
202 .bDescriptorType = USB_DT_ENDPOINT,
203 .bEndpointAddress = USB_DIR_OUT,
204 .bmAttributes = USB_ENDPOINT_XFER_INT,
205 /*.wMaxPacketSize = DYNAMIC */
206 .bInterval = 10, /* FIXME: Add this field in the
207 * HID gadget configuration?
208 * (struct hidg_func_descriptor)
209 */
210 };
211
212 static struct usb_descriptor_header *hidg_fs_descriptors[] = {
213 (struct usb_descriptor_header *)&hidg_interface_desc,
214 (struct usb_descriptor_header *)&hidg_desc,
215 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc,
216 (struct usb_descriptor_header *)&hidg_fs_out_ep_desc,
217 NULL,
218 };
219
220 /*-------------------------------------------------------------------------*/
221 /* Strings */
222
223 #define CT_FUNC_HID_IDX 0
224
225 static struct usb_string ct_func_string_defs[] = {
226 [CT_FUNC_HID_IDX].s = "HID Interface",
227 {}, /* end of list */
228 };
229
230 static struct usb_gadget_strings ct_func_string_table = {
231 .language = 0x0409, /* en-US */
232 .strings = ct_func_string_defs,
233 };
234
235 static struct usb_gadget_strings *ct_func_strings[] = {
236 &ct_func_string_table,
237 NULL,
238 };
239
240 /*-------------------------------------------------------------------------*/
241 /* Char Device */
242
f_hidg_read(struct file * file,char __user * buffer,size_t count,loff_t * ptr)243 static ssize_t f_hidg_read(struct file *file, char __user *buffer,
244 size_t count, loff_t *ptr)
245 {
246 struct f_hidg *hidg = file->private_data;
247 struct f_hidg_req_list *list;
248 struct usb_request *req;
249 unsigned long flags;
250 int ret;
251
252 if (!count)
253 return 0;
254
255 if (!access_ok(VERIFY_WRITE, buffer, count))
256 return -EFAULT;
257
258 spin_lock_irqsave(&hidg->read_spinlock, flags);
259
260 #define READ_COND (!list_empty(&hidg->completed_out_req))
261
262 /* wait for at least one buffer to complete */
263 while (!READ_COND) {
264 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
265 if (file->f_flags & O_NONBLOCK)
266 return -EAGAIN;
267
268 if (wait_event_interruptible(hidg->read_queue, READ_COND))
269 return -ERESTARTSYS;
270
271 spin_lock_irqsave(&hidg->read_spinlock, flags);
272 }
273
274 /* pick the first one */
275 list = list_first_entry(&hidg->completed_out_req,
276 struct f_hidg_req_list, list);
277
278 /*
279 * Remove this from list to protect it from beign free()
280 * while host disables our function
281 */
282 list_del(&list->list);
283
284 req = list->req;
285 count = min_t(unsigned int, count, req->actual - list->pos);
286 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
287
288 /* copy to user outside spinlock */
289 count -= copy_to_user(buffer, req->buf + list->pos, count);
290 list->pos += count;
291
292 /*
293 * if this request is completely handled and transfered to
294 * userspace, remove its entry from the list and requeue it
295 * again. Otherwise, we will revisit it again upon the next
296 * call, taking into account its current read position.
297 */
298 if (list->pos == req->actual) {
299 kfree(list);
300
301 req->length = hidg->report_length;
302 ret = usb_ep_queue(hidg->out_ep, req, GFP_KERNEL);
303 if (ret < 0) {
304 free_ep_req(hidg->out_ep, req);
305 return ret;
306 }
307 } else {
308 spin_lock_irqsave(&hidg->read_spinlock, flags);
309 list_add(&list->list, &hidg->completed_out_req);
310 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
311
312 wake_up(&hidg->read_queue);
313 }
314
315 return count;
316 }
317
f_hidg_req_complete(struct usb_ep * ep,struct usb_request * req)318 static void f_hidg_req_complete(struct usb_ep *ep, struct usb_request *req)
319 {
320 struct f_hidg *hidg = (struct f_hidg *)ep->driver_data;
321 unsigned long flags;
322
323 if (req->status != 0) {
324 ERROR(hidg->func.config->cdev,
325 "End Point Request ERROR: %d\n", req->status);
326 }
327
328 spin_lock_irqsave(&hidg->write_spinlock, flags);
329 hidg->write_pending = 0;
330 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
331 wake_up(&hidg->write_queue);
332 }
333
f_hidg_write(struct file * file,const char __user * buffer,size_t count,loff_t * offp)334 static ssize_t f_hidg_write(struct file *file, const char __user *buffer,
335 size_t count, loff_t *offp)
336 {
337 struct f_hidg *hidg = file->private_data;
338 struct usb_request *req;
339 unsigned long flags;
340 ssize_t status = -ENOMEM;
341
342 if (!access_ok(VERIFY_READ, buffer, count))
343 return -EFAULT;
344
345 spin_lock_irqsave(&hidg->write_spinlock, flags);
346
347 #define WRITE_COND (!hidg->write_pending)
348 try_again:
349 /* write queue */
350 while (!WRITE_COND) {
351 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
352 if (file->f_flags & O_NONBLOCK)
353 return -EAGAIN;
354
355 if (wait_event_interruptible_exclusive(
356 hidg->write_queue, WRITE_COND))
357 return -ERESTARTSYS;
358
359 spin_lock_irqsave(&hidg->write_spinlock, flags);
360 }
361
362 hidg->write_pending = 1;
363 req = hidg->req;
364 count = min_t(unsigned, count, hidg->report_length);
365
366 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
367 status = copy_from_user(req->buf, buffer, count);
368
369 if (status != 0) {
370 ERROR(hidg->func.config->cdev,
371 "copy_from_user error\n");
372 status = -EINVAL;
373 goto release_write_pending;
374 }
375
376 spin_lock_irqsave(&hidg->write_spinlock, flags);
377
378 /* when our function has been disabled by host */
379 if (!hidg->req) {
380 free_ep_req(hidg->in_ep, req);
381 /*
382 * TODO
383 * Should we fail with error here?
384 */
385 goto try_again;
386 }
387
388 req->status = 0;
389 req->zero = 0;
390 req->length = count;
391 req->complete = f_hidg_req_complete;
392 req->context = hidg;
393
394 status = usb_ep_queue(hidg->in_ep, req, GFP_ATOMIC);
395 if (status < 0) {
396 ERROR(hidg->func.config->cdev,
397 "usb_ep_queue error on int endpoint %zd\n", status);
398 goto release_write_pending_unlocked;
399 } else {
400 status = count;
401 }
402 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
403
404 return status;
405 release_write_pending:
406 spin_lock_irqsave(&hidg->write_spinlock, flags);
407 release_write_pending_unlocked:
408 hidg->write_pending = 0;
409 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
410
411 wake_up(&hidg->write_queue);
412
413 return status;
414 }
415
f_hidg_poll(struct file * file,poll_table * wait)416 static __poll_t f_hidg_poll(struct file *file, poll_table *wait)
417 {
418 struct f_hidg *hidg = file->private_data;
419 __poll_t ret = 0;
420
421 poll_wait(file, &hidg->read_queue, wait);
422 poll_wait(file, &hidg->write_queue, wait);
423
424 if (WRITE_COND)
425 ret |= EPOLLOUT | EPOLLWRNORM;
426
427 if (READ_COND)
428 ret |= EPOLLIN | EPOLLRDNORM;
429
430 return ret;
431 }
432
433 #undef WRITE_COND
434 #undef READ_COND
435
f_hidg_release(struct inode * inode,struct file * fd)436 static int f_hidg_release(struct inode *inode, struct file *fd)
437 {
438 fd->private_data = NULL;
439 return 0;
440 }
441
f_hidg_open(struct inode * inode,struct file * fd)442 static int f_hidg_open(struct inode *inode, struct file *fd)
443 {
444 struct f_hidg *hidg =
445 container_of(inode->i_cdev, struct f_hidg, cdev);
446
447 fd->private_data = hidg;
448
449 return 0;
450 }
451
452 /*-------------------------------------------------------------------------*/
453 /* usb_function */
454
hidg_alloc_ep_req(struct usb_ep * ep,unsigned length)455 static inline struct usb_request *hidg_alloc_ep_req(struct usb_ep *ep,
456 unsigned length)
457 {
458 return alloc_ep_req(ep, length);
459 }
460
hidg_set_report_complete(struct usb_ep * ep,struct usb_request * req)461 static void hidg_set_report_complete(struct usb_ep *ep, struct usb_request *req)
462 {
463 struct f_hidg *hidg = (struct f_hidg *) req->context;
464 struct usb_composite_dev *cdev = hidg->func.config->cdev;
465 struct f_hidg_req_list *req_list;
466 unsigned long flags;
467
468 switch (req->status) {
469 case 0:
470 req_list = kzalloc(sizeof(*req_list), GFP_ATOMIC);
471 if (!req_list) {
472 ERROR(cdev, "Unable to allocate mem for req_list\n");
473 goto free_req;
474 }
475
476 req_list->req = req;
477
478 spin_lock_irqsave(&hidg->read_spinlock, flags);
479 list_add_tail(&req_list->list, &hidg->completed_out_req);
480 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
481
482 wake_up(&hidg->read_queue);
483 break;
484 default:
485 ERROR(cdev, "Set report failed %d\n", req->status);
486 /* FALLTHROUGH */
487 case -ECONNABORTED: /* hardware forced ep reset */
488 case -ECONNRESET: /* request dequeued */
489 case -ESHUTDOWN: /* disconnect from host */
490 free_req:
491 free_ep_req(ep, req);
492 return;
493 }
494 }
495
hidg_setup(struct usb_function * f,const struct usb_ctrlrequest * ctrl)496 static int hidg_setup(struct usb_function *f,
497 const struct usb_ctrlrequest *ctrl)
498 {
499 struct f_hidg *hidg = func_to_hidg(f);
500 struct usb_composite_dev *cdev = f->config->cdev;
501 struct usb_request *req = cdev->req;
502 int status = 0;
503 __u16 value, length;
504
505 value = __le16_to_cpu(ctrl->wValue);
506 length = __le16_to_cpu(ctrl->wLength);
507
508 VDBG(cdev,
509 "%s crtl_request : bRequestType:0x%x bRequest:0x%x Value:0x%x\n",
510 __func__, ctrl->bRequestType, ctrl->bRequest, value);
511
512 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) {
513 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
514 | HID_REQ_GET_REPORT):
515 VDBG(cdev, "get_report\n");
516
517 /* send an empty report */
518 length = min_t(unsigned, length, hidg->report_length);
519 memset(req->buf, 0x0, length);
520
521 goto respond;
522 break;
523
524 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
525 | HID_REQ_GET_PROTOCOL):
526 VDBG(cdev, "get_protocol\n");
527 length = min_t(unsigned int, length, 1);
528 ((u8 *) req->buf)[0] = hidg->protocol;
529 goto respond;
530 break;
531
532 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
533 | HID_REQ_SET_REPORT):
534 VDBG(cdev, "set_report | wLength=%d\n", ctrl->wLength);
535 goto stall;
536 break;
537
538 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
539 | HID_REQ_SET_PROTOCOL):
540 VDBG(cdev, "set_protocol\n");
541 if (value > HID_REPORT_PROTOCOL)
542 goto stall;
543 length = 0;
544 /*
545 * We assume that programs implementing the Boot protocol
546 * are also compatible with the Report Protocol
547 */
548 if (hidg->bInterfaceSubClass == USB_INTERFACE_SUBCLASS_BOOT) {
549 hidg->protocol = value;
550 goto respond;
551 }
552 goto stall;
553 break;
554
555 case ((USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_INTERFACE) << 8
556 | USB_REQ_GET_DESCRIPTOR):
557 switch (value >> 8) {
558 case HID_DT_HID:
559 {
560 struct hid_descriptor hidg_desc_copy = hidg_desc;
561
562 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n");
563 hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT;
564 hidg_desc_copy.desc[0].wDescriptorLength =
565 cpu_to_le16(hidg->report_desc_length);
566
567 length = min_t(unsigned short, length,
568 hidg_desc_copy.bLength);
569 memcpy(req->buf, &hidg_desc_copy, length);
570 goto respond;
571 break;
572 }
573 case HID_DT_REPORT:
574 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: REPORT\n");
575 length = min_t(unsigned short, length,
576 hidg->report_desc_length);
577 memcpy(req->buf, hidg->report_desc, length);
578 goto respond;
579 break;
580
581 default:
582 VDBG(cdev, "Unknown descriptor request 0x%x\n",
583 value >> 8);
584 goto stall;
585 break;
586 }
587 break;
588
589 default:
590 VDBG(cdev, "Unknown request 0x%x\n",
591 ctrl->bRequest);
592 goto stall;
593 break;
594 }
595
596 stall:
597 return -EOPNOTSUPP;
598
599 respond:
600 req->zero = 0;
601 req->length = length;
602 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC);
603 if (status < 0)
604 ERROR(cdev, "usb_ep_queue error on ep0 %d\n", value);
605 return status;
606 }
607
hidg_disable(struct usb_function * f)608 static void hidg_disable(struct usb_function *f)
609 {
610 struct f_hidg *hidg = func_to_hidg(f);
611 struct f_hidg_req_list *list, *next;
612 unsigned long flags;
613
614 usb_ep_disable(hidg->in_ep);
615 usb_ep_disable(hidg->out_ep);
616
617 spin_lock_irqsave(&hidg->read_spinlock, flags);
618 list_for_each_entry_safe(list, next, &hidg->completed_out_req, list) {
619 free_ep_req(hidg->out_ep, list->req);
620 list_del(&list->list);
621 kfree(list);
622 }
623 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
624
625 spin_lock_irqsave(&hidg->write_spinlock, flags);
626 if (!hidg->write_pending) {
627 free_ep_req(hidg->in_ep, hidg->req);
628 hidg->write_pending = 1;
629 }
630
631 hidg->req = NULL;
632 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
633 }
634
hidg_set_alt(struct usb_function * f,unsigned intf,unsigned alt)635 static int hidg_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
636 {
637 struct usb_composite_dev *cdev = f->config->cdev;
638 struct f_hidg *hidg = func_to_hidg(f);
639 struct usb_request *req_in = NULL;
640 unsigned long flags;
641 int i, status = 0;
642
643 VDBG(cdev, "hidg_set_alt intf:%d alt:%d\n", intf, alt);
644
645 if (hidg->in_ep != NULL) {
646 /* restart endpoint */
647 usb_ep_disable(hidg->in_ep);
648
649 status = config_ep_by_speed(f->config->cdev->gadget, f,
650 hidg->in_ep);
651 if (status) {
652 ERROR(cdev, "config_ep_by_speed FAILED!\n");
653 goto fail;
654 }
655 status = usb_ep_enable(hidg->in_ep);
656 if (status < 0) {
657 ERROR(cdev, "Enable IN endpoint FAILED!\n");
658 goto fail;
659 }
660 hidg->in_ep->driver_data = hidg;
661
662 req_in = hidg_alloc_ep_req(hidg->in_ep, hidg->report_length);
663 if (!req_in) {
664 status = -ENOMEM;
665 goto disable_ep_in;
666 }
667 }
668
669
670 if (hidg->out_ep != NULL) {
671 /* restart endpoint */
672 usb_ep_disable(hidg->out_ep);
673
674 status = config_ep_by_speed(f->config->cdev->gadget, f,
675 hidg->out_ep);
676 if (status) {
677 ERROR(cdev, "config_ep_by_speed FAILED!\n");
678 goto free_req_in;
679 }
680 status = usb_ep_enable(hidg->out_ep);
681 if (status < 0) {
682 ERROR(cdev, "Enable OUT endpoint FAILED!\n");
683 goto free_req_in;
684 }
685 hidg->out_ep->driver_data = hidg;
686
687 /*
688 * allocate a bunch of read buffers and queue them all at once.
689 */
690 for (i = 0; i < hidg->qlen && status == 0; i++) {
691 struct usb_request *req =
692 hidg_alloc_ep_req(hidg->out_ep,
693 hidg->report_length);
694 if (req) {
695 req->complete = hidg_set_report_complete;
696 req->context = hidg;
697 status = usb_ep_queue(hidg->out_ep, req,
698 GFP_ATOMIC);
699 if (status) {
700 ERROR(cdev, "%s queue req --> %d\n",
701 hidg->out_ep->name, status);
702 free_ep_req(hidg->out_ep, req);
703 }
704 } else {
705 status = -ENOMEM;
706 goto disable_out_ep;
707 }
708 }
709 }
710
711 if (hidg->in_ep != NULL) {
712 spin_lock_irqsave(&hidg->write_spinlock, flags);
713 hidg->req = req_in;
714 hidg->write_pending = 0;
715 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
716
717 wake_up(&hidg->write_queue);
718 }
719 return 0;
720 disable_out_ep:
721 usb_ep_disable(hidg->out_ep);
722 free_req_in:
723 if (req_in)
724 free_ep_req(hidg->in_ep, req_in);
725
726 disable_ep_in:
727 if (hidg->in_ep)
728 usb_ep_disable(hidg->in_ep);
729
730 fail:
731 return status;
732 }
733
734 static const struct file_operations f_hidg_fops = {
735 .owner = THIS_MODULE,
736 .open = f_hidg_open,
737 .release = f_hidg_release,
738 .write = f_hidg_write,
739 .read = f_hidg_read,
740 .poll = f_hidg_poll,
741 .llseek = noop_llseek,
742 };
743
hidg_bind(struct usb_configuration * c,struct usb_function * f)744 static int hidg_bind(struct usb_configuration *c, struct usb_function *f)
745 {
746 struct usb_ep *ep;
747 struct f_hidg *hidg = func_to_hidg(f);
748 struct usb_string *us;
749 struct device *device;
750 int status;
751 dev_t dev;
752
753 /* maybe allocate device-global string IDs, and patch descriptors */
754 us = usb_gstrings_attach(c->cdev, ct_func_strings,
755 ARRAY_SIZE(ct_func_string_defs));
756 if (IS_ERR(us))
757 return PTR_ERR(us);
758 hidg_interface_desc.iInterface = us[CT_FUNC_HID_IDX].id;
759
760 /* allocate instance-specific interface IDs, and patch descriptors */
761 status = usb_interface_id(c, f);
762 if (status < 0)
763 goto fail;
764 hidg_interface_desc.bInterfaceNumber = status;
765
766 /* allocate instance-specific endpoints */
767 status = -ENODEV;
768 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_in_ep_desc);
769 if (!ep)
770 goto fail;
771 hidg->in_ep = ep;
772
773 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_out_ep_desc);
774 if (!ep)
775 goto fail;
776 hidg->out_ep = ep;
777
778 /* set descriptor dynamic values */
779 hidg_interface_desc.bInterfaceSubClass = hidg->bInterfaceSubClass;
780 hidg_interface_desc.bInterfaceProtocol = hidg->bInterfaceProtocol;
781 hidg->protocol = HID_REPORT_PROTOCOL;
782 hidg_ss_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
783 hidg_ss_in_comp_desc.wBytesPerInterval =
784 cpu_to_le16(hidg->report_length);
785 hidg_hs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
786 hidg_fs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
787 hidg_ss_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
788 hidg_ss_out_comp_desc.wBytesPerInterval =
789 cpu_to_le16(hidg->report_length);
790 hidg_hs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
791 hidg_fs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
792 /*
793 * We can use hidg_desc struct here but we should not relay
794 * that its content won't change after returning from this function.
795 */
796 hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT;
797 hidg_desc.desc[0].wDescriptorLength =
798 cpu_to_le16(hidg->report_desc_length);
799
800 hidg_hs_in_ep_desc.bEndpointAddress =
801 hidg_fs_in_ep_desc.bEndpointAddress;
802 hidg_hs_out_ep_desc.bEndpointAddress =
803 hidg_fs_out_ep_desc.bEndpointAddress;
804
805 hidg_ss_in_ep_desc.bEndpointAddress =
806 hidg_fs_in_ep_desc.bEndpointAddress;
807 hidg_ss_out_ep_desc.bEndpointAddress =
808 hidg_fs_out_ep_desc.bEndpointAddress;
809
810 status = usb_assign_descriptors(f, hidg_fs_descriptors,
811 hidg_hs_descriptors, hidg_ss_descriptors, NULL);
812 if (status)
813 goto fail;
814
815 spin_lock_init(&hidg->write_spinlock);
816 hidg->write_pending = 1;
817 hidg->req = NULL;
818 spin_lock_init(&hidg->read_spinlock);
819 init_waitqueue_head(&hidg->write_queue);
820 init_waitqueue_head(&hidg->read_queue);
821 INIT_LIST_HEAD(&hidg->completed_out_req);
822
823 /* create char device */
824 cdev_init(&hidg->cdev, &f_hidg_fops);
825 dev = MKDEV(major, hidg->minor);
826 status = cdev_add(&hidg->cdev, dev, 1);
827 if (status)
828 goto fail_free_descs;
829
830 device = device_create(hidg_class, NULL, dev, NULL,
831 "%s%d", "hidg", hidg->minor);
832 if (IS_ERR(device)) {
833 status = PTR_ERR(device);
834 goto del;
835 }
836
837 return 0;
838 del:
839 cdev_del(&hidg->cdev);
840 fail_free_descs:
841 usb_free_all_descriptors(f);
842 fail:
843 ERROR(f->config->cdev, "hidg_bind FAILED\n");
844 if (hidg->req != NULL)
845 free_ep_req(hidg->in_ep, hidg->req);
846
847 return status;
848 }
849
hidg_get_minor(void)850 static inline int hidg_get_minor(void)
851 {
852 int ret;
853
854 ret = ida_simple_get(&hidg_ida, 0, 0, GFP_KERNEL);
855 if (ret >= HIDG_MINORS) {
856 ida_simple_remove(&hidg_ida, ret);
857 ret = -ENODEV;
858 }
859
860 return ret;
861 }
862
to_f_hid_opts(struct config_item * item)863 static inline struct f_hid_opts *to_f_hid_opts(struct config_item *item)
864 {
865 return container_of(to_config_group(item), struct f_hid_opts,
866 func_inst.group);
867 }
868
hid_attr_release(struct config_item * item)869 static void hid_attr_release(struct config_item *item)
870 {
871 struct f_hid_opts *opts = to_f_hid_opts(item);
872
873 usb_put_function_instance(&opts->func_inst);
874 }
875
876 static struct configfs_item_operations hidg_item_ops = {
877 .release = hid_attr_release,
878 };
879
880 #define F_HID_OPT(name, prec, limit) \
881 static ssize_t f_hid_opts_##name##_show(struct config_item *item, char *page)\
882 { \
883 struct f_hid_opts *opts = to_f_hid_opts(item); \
884 int result; \
885 \
886 mutex_lock(&opts->lock); \
887 result = sprintf(page, "%d\n", opts->name); \
888 mutex_unlock(&opts->lock); \
889 \
890 return result; \
891 } \
892 \
893 static ssize_t f_hid_opts_##name##_store(struct config_item *item, \
894 const char *page, size_t len) \
895 { \
896 struct f_hid_opts *opts = to_f_hid_opts(item); \
897 int ret; \
898 u##prec num; \
899 \
900 mutex_lock(&opts->lock); \
901 if (opts->refcnt) { \
902 ret = -EBUSY; \
903 goto end; \
904 } \
905 \
906 ret = kstrtou##prec(page, 0, &num); \
907 if (ret) \
908 goto end; \
909 \
910 if (num > limit) { \
911 ret = -EINVAL; \
912 goto end; \
913 } \
914 opts->name = num; \
915 ret = len; \
916 \
917 end: \
918 mutex_unlock(&opts->lock); \
919 return ret; \
920 } \
921 \
922 CONFIGFS_ATTR(f_hid_opts_, name)
923
924 F_HID_OPT(subclass, 8, 255);
925 F_HID_OPT(protocol, 8, 255);
926 F_HID_OPT(report_length, 16, 65535);
927
f_hid_opts_report_desc_show(struct config_item * item,char * page)928 static ssize_t f_hid_opts_report_desc_show(struct config_item *item, char *page)
929 {
930 struct f_hid_opts *opts = to_f_hid_opts(item);
931 int result;
932
933 mutex_lock(&opts->lock);
934 result = opts->report_desc_length;
935 memcpy(page, opts->report_desc, opts->report_desc_length);
936 mutex_unlock(&opts->lock);
937
938 return result;
939 }
940
f_hid_opts_report_desc_store(struct config_item * item,const char * page,size_t len)941 static ssize_t f_hid_opts_report_desc_store(struct config_item *item,
942 const char *page, size_t len)
943 {
944 struct f_hid_opts *opts = to_f_hid_opts(item);
945 int ret = -EBUSY;
946 char *d;
947
948 mutex_lock(&opts->lock);
949
950 if (opts->refcnt)
951 goto end;
952 if (len > PAGE_SIZE) {
953 ret = -ENOSPC;
954 goto end;
955 }
956 d = kmemdup(page, len, GFP_KERNEL);
957 if (!d) {
958 ret = -ENOMEM;
959 goto end;
960 }
961 kfree(opts->report_desc);
962 opts->report_desc = d;
963 opts->report_desc_length = len;
964 opts->report_desc_alloc = true;
965 ret = len;
966 end:
967 mutex_unlock(&opts->lock);
968 return ret;
969 }
970
971 CONFIGFS_ATTR(f_hid_opts_, report_desc);
972
f_hid_opts_dev_show(struct config_item * item,char * page)973 static ssize_t f_hid_opts_dev_show(struct config_item *item, char *page)
974 {
975 struct f_hid_opts *opts = to_f_hid_opts(item);
976
977 return sprintf(page, "%d:%d\n", major, opts->minor);
978 }
979
980 CONFIGFS_ATTR_RO(f_hid_opts_, dev);
981
982 static struct configfs_attribute *hid_attrs[] = {
983 &f_hid_opts_attr_subclass,
984 &f_hid_opts_attr_protocol,
985 &f_hid_opts_attr_report_length,
986 &f_hid_opts_attr_report_desc,
987 &f_hid_opts_attr_dev,
988 NULL,
989 };
990
991 static const struct config_item_type hid_func_type = {
992 .ct_item_ops = &hidg_item_ops,
993 .ct_attrs = hid_attrs,
994 .ct_owner = THIS_MODULE,
995 };
996
hidg_put_minor(int minor)997 static inline void hidg_put_minor(int minor)
998 {
999 ida_simple_remove(&hidg_ida, minor);
1000 }
1001
hidg_free_inst(struct usb_function_instance * f)1002 static void hidg_free_inst(struct usb_function_instance *f)
1003 {
1004 struct f_hid_opts *opts;
1005
1006 opts = container_of(f, struct f_hid_opts, func_inst);
1007
1008 mutex_lock(&hidg_ida_lock);
1009
1010 hidg_put_minor(opts->minor);
1011 if (ida_is_empty(&hidg_ida))
1012 ghid_cleanup();
1013
1014 mutex_unlock(&hidg_ida_lock);
1015
1016 if (opts->report_desc_alloc)
1017 kfree(opts->report_desc);
1018
1019 kfree(opts);
1020 }
1021
hidg_alloc_inst(void)1022 static struct usb_function_instance *hidg_alloc_inst(void)
1023 {
1024 struct f_hid_opts *opts;
1025 struct usb_function_instance *ret;
1026 int status = 0;
1027
1028 opts = kzalloc(sizeof(*opts), GFP_KERNEL);
1029 if (!opts)
1030 return ERR_PTR(-ENOMEM);
1031 mutex_init(&opts->lock);
1032 opts->func_inst.free_func_inst = hidg_free_inst;
1033 ret = &opts->func_inst;
1034
1035 mutex_lock(&hidg_ida_lock);
1036
1037 if (ida_is_empty(&hidg_ida)) {
1038 status = ghid_setup(NULL, HIDG_MINORS);
1039 if (status) {
1040 ret = ERR_PTR(status);
1041 kfree(opts);
1042 goto unlock;
1043 }
1044 }
1045
1046 opts->minor = hidg_get_minor();
1047 if (opts->minor < 0) {
1048 ret = ERR_PTR(opts->minor);
1049 kfree(opts);
1050 if (ida_is_empty(&hidg_ida))
1051 ghid_cleanup();
1052 goto unlock;
1053 }
1054 config_group_init_type_name(&opts->func_inst.group, "", &hid_func_type);
1055
1056 unlock:
1057 mutex_unlock(&hidg_ida_lock);
1058 return ret;
1059 }
1060
hidg_free(struct usb_function * f)1061 static void hidg_free(struct usb_function *f)
1062 {
1063 struct f_hidg *hidg;
1064 struct f_hid_opts *opts;
1065
1066 hidg = func_to_hidg(f);
1067 opts = container_of(f->fi, struct f_hid_opts, func_inst);
1068 kfree(hidg->report_desc);
1069 kfree(hidg);
1070 mutex_lock(&opts->lock);
1071 --opts->refcnt;
1072 mutex_unlock(&opts->lock);
1073 }
1074
hidg_unbind(struct usb_configuration * c,struct usb_function * f)1075 static void hidg_unbind(struct usb_configuration *c, struct usb_function *f)
1076 {
1077 struct f_hidg *hidg = func_to_hidg(f);
1078
1079 device_destroy(hidg_class, MKDEV(major, hidg->minor));
1080 cdev_del(&hidg->cdev);
1081
1082 usb_free_all_descriptors(f);
1083 }
1084
hidg_alloc(struct usb_function_instance * fi)1085 static struct usb_function *hidg_alloc(struct usb_function_instance *fi)
1086 {
1087 struct f_hidg *hidg;
1088 struct f_hid_opts *opts;
1089
1090 /* allocate and initialize one new instance */
1091 hidg = kzalloc(sizeof(*hidg), GFP_KERNEL);
1092 if (!hidg)
1093 return ERR_PTR(-ENOMEM);
1094
1095 opts = container_of(fi, struct f_hid_opts, func_inst);
1096
1097 mutex_lock(&opts->lock);
1098 ++opts->refcnt;
1099
1100 hidg->minor = opts->minor;
1101 hidg->bInterfaceSubClass = opts->subclass;
1102 hidg->bInterfaceProtocol = opts->protocol;
1103 hidg->report_length = opts->report_length;
1104 hidg->report_desc_length = opts->report_desc_length;
1105 if (opts->report_desc) {
1106 hidg->report_desc = kmemdup(opts->report_desc,
1107 opts->report_desc_length,
1108 GFP_KERNEL);
1109 if (!hidg->report_desc) {
1110 kfree(hidg);
1111 mutex_unlock(&opts->lock);
1112 return ERR_PTR(-ENOMEM);
1113 }
1114 }
1115
1116 mutex_unlock(&opts->lock);
1117
1118 hidg->func.name = "hid";
1119 hidg->func.bind = hidg_bind;
1120 hidg->func.unbind = hidg_unbind;
1121 hidg->func.set_alt = hidg_set_alt;
1122 hidg->func.disable = hidg_disable;
1123 hidg->func.setup = hidg_setup;
1124 hidg->func.free_func = hidg_free;
1125
1126 /* this could me made configurable at some point */
1127 hidg->qlen = 4;
1128
1129 return &hidg->func;
1130 }
1131
1132 DECLARE_USB_FUNCTION_INIT(hid, hidg_alloc_inst, hidg_alloc);
1133 MODULE_LICENSE("GPL");
1134 MODULE_AUTHOR("Fabien Chouteau");
1135
ghid_setup(struct usb_gadget * g,int count)1136 int ghid_setup(struct usb_gadget *g, int count)
1137 {
1138 int status;
1139 dev_t dev;
1140
1141 hidg_class = class_create(THIS_MODULE, "hidg");
1142 if (IS_ERR(hidg_class)) {
1143 status = PTR_ERR(hidg_class);
1144 hidg_class = NULL;
1145 return status;
1146 }
1147
1148 status = alloc_chrdev_region(&dev, 0, count, "hidg");
1149 if (status) {
1150 class_destroy(hidg_class);
1151 hidg_class = NULL;
1152 return status;
1153 }
1154
1155 major = MAJOR(dev);
1156 minors = count;
1157
1158 return 0;
1159 }
1160
ghid_cleanup(void)1161 void ghid_cleanup(void)
1162 {
1163 if (major) {
1164 unregister_chrdev_region(MKDEV(major, 0), minors);
1165 major = minors = 0;
1166 }
1167
1168 class_destroy(hidg_class);
1169 hidg_class = NULL;
1170 }
1171