1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * f_hid.c -- USB HID function driver 4 * 5 * Copyright (C) 2010 Fabien Chouteau <fabien.chouteau@barco.com> 6 */ 7 8 #include <linux/kernel.h> 9 #include <linux/module.h> 10 #include <linux/hid.h> 11 #include <linux/idr.h> 12 #include <linux/cdev.h> 13 #include <linux/mutex.h> 14 #include <linux/poll.h> 15 #include <linux/uaccess.h> 16 #include <linux/wait.h> 17 #include <linux/sched.h> 18 #include <linux/usb/g_hid.h> 19 20 #include "u_f.h" 21 #include "u_hid.h" 22 23 #define HIDG_MINORS 4 24 25 static int major, minors; 26 27 static const struct class hidg_class = { 28 .name = "hidg", 29 }; 30 31 static DEFINE_IDA(hidg_ida); 32 static DEFINE_MUTEX(hidg_ida_lock); /* protects access to hidg_ida */ 33 34 /*-------------------------------------------------------------------------*/ 35 /* HID gadget struct */ 36 37 struct f_hidg_req_list { 38 struct usb_request *req; 39 unsigned int pos; 40 struct list_head list; 41 }; 42 43 struct f_hidg { 44 /* configuration */ 45 unsigned char bInterfaceSubClass; 46 unsigned char bInterfaceProtocol; 47 unsigned char protocol; 48 unsigned char idle; 49 unsigned short report_desc_length; 50 char *report_desc; 51 unsigned short report_length; 52 /* 53 * use_out_ep - if true, the OUT Endpoint (interrupt out method) 54 * will be used to receive reports from the host 55 * using functions with the "intout" suffix. 56 * Otherwise, the OUT Endpoint will not be configured 57 * and the SETUP/SET_REPORT method ("ssreport" suffix) 58 * will be used to receive reports. 59 */ 60 bool use_out_ep; 61 62 /* recv report */ 63 spinlock_t read_spinlock; 64 wait_queue_head_t read_queue; 65 /* recv report - interrupt out only (use_out_ep == 1) */ 66 struct list_head completed_out_req; 67 unsigned int qlen; 68 /* recv report - setup set_report only (use_out_ep == 0) */ 69 char *set_report_buf; 70 unsigned int set_report_length; 71 72 /* send report */ 73 spinlock_t write_spinlock; 74 bool write_pending; 75 wait_queue_head_t write_queue; 76 struct usb_request *req; 77 78 struct device dev; 79 struct cdev cdev; 80 struct usb_function func; 81 82 struct usb_ep *in_ep; 83 struct usb_ep *out_ep; 84 }; 85 86 static inline struct f_hidg *func_to_hidg(struct usb_function *f) 87 { 88 return container_of(f, struct f_hidg, func); 89 } 90 91 static void hidg_release(struct device *dev) 92 { 93 struct f_hidg *hidg = container_of(dev, struct f_hidg, dev); 94 95 kfree(hidg->set_report_buf); 96 kfree(hidg); 97 } 98 99 /*-------------------------------------------------------------------------*/ 100 /* Static descriptors */ 101 102 static struct usb_interface_descriptor hidg_interface_desc = { 103 .bLength = sizeof hidg_interface_desc, 104 .bDescriptorType = USB_DT_INTERFACE, 105 /* .bInterfaceNumber = DYNAMIC */ 106 .bAlternateSetting = 0, 107 /* .bNumEndpoints = DYNAMIC (depends on use_out_ep) */ 108 .bInterfaceClass = USB_CLASS_HID, 109 /* .bInterfaceSubClass = DYNAMIC */ 110 /* .bInterfaceProtocol = DYNAMIC */ 111 /* .iInterface = DYNAMIC */ 112 }; 113 114 static struct hid_descriptor hidg_desc = { 115 .bLength = sizeof hidg_desc, 116 .bDescriptorType = HID_DT_HID, 117 .bcdHID = cpu_to_le16(0x0101), 118 .bCountryCode = 0x00, 119 .bNumDescriptors = 0x1, 120 /*.desc[0].bDescriptorType = DYNAMIC */ 121 /*.desc[0].wDescriptorLenght = DYNAMIC */ 122 }; 123 124 /* Super-Speed Support */ 125 126 static struct usb_endpoint_descriptor hidg_ss_in_ep_desc = { 127 .bLength = USB_DT_ENDPOINT_SIZE, 128 .bDescriptorType = USB_DT_ENDPOINT, 129 .bEndpointAddress = USB_DIR_IN, 130 .bmAttributes = USB_ENDPOINT_XFER_INT, 131 /*.wMaxPacketSize = DYNAMIC */ 132 .bInterval = 4, /* FIXME: Add this field in the 133 * HID gadget configuration? 134 * (struct hidg_func_descriptor) 135 */ 136 }; 137 138 static struct usb_ss_ep_comp_descriptor hidg_ss_in_comp_desc = { 139 .bLength = sizeof(hidg_ss_in_comp_desc), 140 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 141 142 /* .bMaxBurst = 0, */ 143 /* .bmAttributes = 0, */ 144 /* .wBytesPerInterval = DYNAMIC */ 145 }; 146 147 static struct usb_endpoint_descriptor hidg_ss_out_ep_desc = { 148 .bLength = USB_DT_ENDPOINT_SIZE, 149 .bDescriptorType = USB_DT_ENDPOINT, 150 .bEndpointAddress = USB_DIR_OUT, 151 .bmAttributes = USB_ENDPOINT_XFER_INT, 152 /*.wMaxPacketSize = DYNAMIC */ 153 .bInterval = 4, /* FIXME: Add this field in the 154 * HID gadget configuration? 155 * (struct hidg_func_descriptor) 156 */ 157 }; 158 159 static struct usb_ss_ep_comp_descriptor hidg_ss_out_comp_desc = { 160 .bLength = sizeof(hidg_ss_out_comp_desc), 161 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 162 163 /* .bMaxBurst = 0, */ 164 /* .bmAttributes = 0, */ 165 /* .wBytesPerInterval = DYNAMIC */ 166 }; 167 168 static struct usb_descriptor_header *hidg_ss_descriptors_intout[] = { 169 (struct usb_descriptor_header *)&hidg_interface_desc, 170 (struct usb_descriptor_header *)&hidg_desc, 171 (struct usb_descriptor_header *)&hidg_ss_in_ep_desc, 172 (struct usb_descriptor_header *)&hidg_ss_in_comp_desc, 173 (struct usb_descriptor_header *)&hidg_ss_out_ep_desc, 174 (struct usb_descriptor_header *)&hidg_ss_out_comp_desc, 175 NULL, 176 }; 177 178 static struct usb_descriptor_header *hidg_ss_descriptors_ssreport[] = { 179 (struct usb_descriptor_header *)&hidg_interface_desc, 180 (struct usb_descriptor_header *)&hidg_desc, 181 (struct usb_descriptor_header *)&hidg_ss_in_ep_desc, 182 (struct usb_descriptor_header *)&hidg_ss_in_comp_desc, 183 NULL, 184 }; 185 186 /* High-Speed Support */ 187 188 static struct usb_endpoint_descriptor hidg_hs_in_ep_desc = { 189 .bLength = USB_DT_ENDPOINT_SIZE, 190 .bDescriptorType = USB_DT_ENDPOINT, 191 .bEndpointAddress = USB_DIR_IN, 192 .bmAttributes = USB_ENDPOINT_XFER_INT, 193 /*.wMaxPacketSize = DYNAMIC */ 194 .bInterval = 4, /* FIXME: Add this field in the 195 * HID gadget configuration? 196 * (struct hidg_func_descriptor) 197 */ 198 }; 199 200 static struct usb_endpoint_descriptor hidg_hs_out_ep_desc = { 201 .bLength = USB_DT_ENDPOINT_SIZE, 202 .bDescriptorType = USB_DT_ENDPOINT, 203 .bEndpointAddress = USB_DIR_OUT, 204 .bmAttributes = USB_ENDPOINT_XFER_INT, 205 /*.wMaxPacketSize = DYNAMIC */ 206 .bInterval = 4, /* FIXME: Add this field in the 207 * HID gadget configuration? 208 * (struct hidg_func_descriptor) 209 */ 210 }; 211 212 static struct usb_descriptor_header *hidg_hs_descriptors_intout[] = { 213 (struct usb_descriptor_header *)&hidg_interface_desc, 214 (struct usb_descriptor_header *)&hidg_desc, 215 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc, 216 (struct usb_descriptor_header *)&hidg_hs_out_ep_desc, 217 NULL, 218 }; 219 220 static struct usb_descriptor_header *hidg_hs_descriptors_ssreport[] = { 221 (struct usb_descriptor_header *)&hidg_interface_desc, 222 (struct usb_descriptor_header *)&hidg_desc, 223 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc, 224 NULL, 225 }; 226 227 /* Full-Speed Support */ 228 229 static struct usb_endpoint_descriptor hidg_fs_in_ep_desc = { 230 .bLength = USB_DT_ENDPOINT_SIZE, 231 .bDescriptorType = USB_DT_ENDPOINT, 232 .bEndpointAddress = USB_DIR_IN, 233 .bmAttributes = USB_ENDPOINT_XFER_INT, 234 /*.wMaxPacketSize = DYNAMIC */ 235 .bInterval = 10, /* FIXME: Add this field in the 236 * HID gadget configuration? 237 * (struct hidg_func_descriptor) 238 */ 239 }; 240 241 static struct usb_endpoint_descriptor hidg_fs_out_ep_desc = { 242 .bLength = USB_DT_ENDPOINT_SIZE, 243 .bDescriptorType = USB_DT_ENDPOINT, 244 .bEndpointAddress = USB_DIR_OUT, 245 .bmAttributes = USB_ENDPOINT_XFER_INT, 246 /*.wMaxPacketSize = DYNAMIC */ 247 .bInterval = 10, /* FIXME: Add this field in the 248 * HID gadget configuration? 249 * (struct hidg_func_descriptor) 250 */ 251 }; 252 253 static struct usb_descriptor_header *hidg_fs_descriptors_intout[] = { 254 (struct usb_descriptor_header *)&hidg_interface_desc, 255 (struct usb_descriptor_header *)&hidg_desc, 256 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc, 257 (struct usb_descriptor_header *)&hidg_fs_out_ep_desc, 258 NULL, 259 }; 260 261 static struct usb_descriptor_header *hidg_fs_descriptors_ssreport[] = { 262 (struct usb_descriptor_header *)&hidg_interface_desc, 263 (struct usb_descriptor_header *)&hidg_desc, 264 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc, 265 NULL, 266 }; 267 268 /*-------------------------------------------------------------------------*/ 269 /* Strings */ 270 271 #define CT_FUNC_HID_IDX 0 272 273 static struct usb_string ct_func_string_defs[] = { 274 [CT_FUNC_HID_IDX].s = "HID Interface", 275 {}, /* end of list */ 276 }; 277 278 static struct usb_gadget_strings ct_func_string_table = { 279 .language = 0x0409, /* en-US */ 280 .strings = ct_func_string_defs, 281 }; 282 283 static struct usb_gadget_strings *ct_func_strings[] = { 284 &ct_func_string_table, 285 NULL, 286 }; 287 288 /*-------------------------------------------------------------------------*/ 289 /* Char Device */ 290 291 static ssize_t f_hidg_intout_read(struct file *file, char __user *buffer, 292 size_t count, loff_t *ptr) 293 { 294 struct f_hidg *hidg = file->private_data; 295 struct f_hidg_req_list *list; 296 struct usb_request *req; 297 unsigned long flags; 298 int ret; 299 300 if (!count) 301 return 0; 302 303 spin_lock_irqsave(&hidg->read_spinlock, flags); 304 305 #define READ_COND_INTOUT (!list_empty(&hidg->completed_out_req)) 306 307 /* wait for at least one buffer to complete */ 308 while (!READ_COND_INTOUT) { 309 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 310 if (file->f_flags & O_NONBLOCK) 311 return -EAGAIN; 312 313 if (wait_event_interruptible(hidg->read_queue, READ_COND_INTOUT)) 314 return -ERESTARTSYS; 315 316 spin_lock_irqsave(&hidg->read_spinlock, flags); 317 } 318 319 /* pick the first one */ 320 list = list_first_entry(&hidg->completed_out_req, 321 struct f_hidg_req_list, list); 322 323 /* 324 * Remove this from list to protect it from beign free() 325 * while host disables our function 326 */ 327 list_del(&list->list); 328 329 req = list->req; 330 count = min_t(unsigned int, count, req->actual - list->pos); 331 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 332 333 /* copy to user outside spinlock */ 334 count -= copy_to_user(buffer, req->buf + list->pos, count); 335 list->pos += count; 336 337 /* 338 * if this request is completely handled and transfered to 339 * userspace, remove its entry from the list and requeue it 340 * again. Otherwise, we will revisit it again upon the next 341 * call, taking into account its current read position. 342 */ 343 if (list->pos == req->actual) { 344 kfree(list); 345 346 req->length = hidg->report_length; 347 ret = usb_ep_queue(hidg->out_ep, req, GFP_KERNEL); 348 if (ret < 0) { 349 free_ep_req(hidg->out_ep, req); 350 return ret; 351 } 352 } else { 353 spin_lock_irqsave(&hidg->read_spinlock, flags); 354 list_add(&list->list, &hidg->completed_out_req); 355 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 356 357 wake_up(&hidg->read_queue); 358 } 359 360 return count; 361 } 362 363 #define READ_COND_SSREPORT (hidg->set_report_buf != NULL) 364 365 static ssize_t f_hidg_ssreport_read(struct file *file, char __user *buffer, 366 size_t count, loff_t *ptr) 367 { 368 struct f_hidg *hidg = file->private_data; 369 char *tmp_buf = NULL; 370 unsigned long flags; 371 372 if (!count) 373 return 0; 374 375 spin_lock_irqsave(&hidg->read_spinlock, flags); 376 377 while (!READ_COND_SSREPORT) { 378 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 379 if (file->f_flags & O_NONBLOCK) 380 return -EAGAIN; 381 382 if (wait_event_interruptible(hidg->read_queue, READ_COND_SSREPORT)) 383 return -ERESTARTSYS; 384 385 spin_lock_irqsave(&hidg->read_spinlock, flags); 386 } 387 388 count = min_t(unsigned int, count, hidg->set_report_length); 389 tmp_buf = hidg->set_report_buf; 390 hidg->set_report_buf = NULL; 391 392 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 393 394 if (tmp_buf != NULL) { 395 count -= copy_to_user(buffer, tmp_buf, count); 396 kfree(tmp_buf); 397 } else { 398 count = -ENOMEM; 399 } 400 401 wake_up(&hidg->read_queue); 402 403 return count; 404 } 405 406 static ssize_t f_hidg_read(struct file *file, char __user *buffer, 407 size_t count, loff_t *ptr) 408 { 409 struct f_hidg *hidg = file->private_data; 410 411 if (hidg->use_out_ep) 412 return f_hidg_intout_read(file, buffer, count, ptr); 413 else 414 return f_hidg_ssreport_read(file, buffer, count, ptr); 415 } 416 417 static void f_hidg_req_complete(struct usb_ep *ep, struct usb_request *req) 418 { 419 struct f_hidg *hidg = (struct f_hidg *)ep->driver_data; 420 unsigned long flags; 421 422 if (req->status != 0) { 423 ERROR(hidg->func.config->cdev, 424 "End Point Request ERROR: %d\n", req->status); 425 } 426 427 spin_lock_irqsave(&hidg->write_spinlock, flags); 428 hidg->write_pending = 0; 429 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 430 wake_up(&hidg->write_queue); 431 } 432 433 static ssize_t f_hidg_write(struct file *file, const char __user *buffer, 434 size_t count, loff_t *offp) 435 { 436 struct f_hidg *hidg = file->private_data; 437 struct usb_request *req; 438 unsigned long flags; 439 ssize_t status = -ENOMEM; 440 441 spin_lock_irqsave(&hidg->write_spinlock, flags); 442 443 if (!hidg->req) { 444 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 445 return -ESHUTDOWN; 446 } 447 448 #define WRITE_COND (!hidg->write_pending) 449 try_again: 450 /* write queue */ 451 while (!WRITE_COND) { 452 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 453 if (file->f_flags & O_NONBLOCK) 454 return -EAGAIN; 455 456 if (wait_event_interruptible_exclusive( 457 hidg->write_queue, WRITE_COND)) 458 return -ERESTARTSYS; 459 460 spin_lock_irqsave(&hidg->write_spinlock, flags); 461 } 462 463 hidg->write_pending = 1; 464 req = hidg->req; 465 count = min_t(unsigned, count, hidg->report_length); 466 467 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 468 469 if (!req) { 470 ERROR(hidg->func.config->cdev, "hidg->req is NULL\n"); 471 status = -ESHUTDOWN; 472 goto release_write_pending; 473 } 474 475 status = copy_from_user(req->buf, buffer, count); 476 if (status != 0) { 477 ERROR(hidg->func.config->cdev, 478 "copy_from_user error\n"); 479 status = -EINVAL; 480 goto release_write_pending; 481 } 482 483 spin_lock_irqsave(&hidg->write_spinlock, flags); 484 485 /* when our function has been disabled by host */ 486 if (!hidg->req) { 487 free_ep_req(hidg->in_ep, req); 488 /* 489 * TODO 490 * Should we fail with error here? 491 */ 492 goto try_again; 493 } 494 495 req->status = 0; 496 req->zero = 0; 497 req->length = count; 498 req->complete = f_hidg_req_complete; 499 req->context = hidg; 500 501 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 502 503 if (!hidg->in_ep->enabled) { 504 ERROR(hidg->func.config->cdev, "in_ep is disabled\n"); 505 status = -ESHUTDOWN; 506 goto release_write_pending; 507 } 508 509 status = usb_ep_queue(hidg->in_ep, req, GFP_ATOMIC); 510 if (status < 0) 511 goto release_write_pending; 512 else 513 status = count; 514 515 return status; 516 release_write_pending: 517 spin_lock_irqsave(&hidg->write_spinlock, flags); 518 hidg->write_pending = 0; 519 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 520 521 wake_up(&hidg->write_queue); 522 523 return status; 524 } 525 526 static __poll_t f_hidg_poll(struct file *file, poll_table *wait) 527 { 528 struct f_hidg *hidg = file->private_data; 529 __poll_t ret = 0; 530 531 poll_wait(file, &hidg->read_queue, wait); 532 poll_wait(file, &hidg->write_queue, wait); 533 534 if (WRITE_COND) 535 ret |= EPOLLOUT | EPOLLWRNORM; 536 537 if (hidg->use_out_ep) { 538 if (READ_COND_INTOUT) 539 ret |= EPOLLIN | EPOLLRDNORM; 540 } else { 541 if (READ_COND_SSREPORT) 542 ret |= EPOLLIN | EPOLLRDNORM; 543 } 544 545 return ret; 546 } 547 548 #undef WRITE_COND 549 #undef READ_COND_SSREPORT 550 #undef READ_COND_INTOUT 551 552 static int f_hidg_release(struct inode *inode, struct file *fd) 553 { 554 fd->private_data = NULL; 555 return 0; 556 } 557 558 static int f_hidg_open(struct inode *inode, struct file *fd) 559 { 560 struct f_hidg *hidg = 561 container_of(inode->i_cdev, struct f_hidg, cdev); 562 563 fd->private_data = hidg; 564 565 return 0; 566 } 567 568 /*-------------------------------------------------------------------------*/ 569 /* usb_function */ 570 571 static inline struct usb_request *hidg_alloc_ep_req(struct usb_ep *ep, 572 unsigned length) 573 { 574 return alloc_ep_req(ep, length); 575 } 576 577 static void hidg_intout_complete(struct usb_ep *ep, struct usb_request *req) 578 { 579 struct f_hidg *hidg = (struct f_hidg *) req->context; 580 struct usb_composite_dev *cdev = hidg->func.config->cdev; 581 struct f_hidg_req_list *req_list; 582 unsigned long flags; 583 584 switch (req->status) { 585 case 0: 586 req_list = kzalloc(sizeof(*req_list), GFP_ATOMIC); 587 if (!req_list) { 588 ERROR(cdev, "Unable to allocate mem for req_list\n"); 589 goto free_req; 590 } 591 592 req_list->req = req; 593 594 spin_lock_irqsave(&hidg->read_spinlock, flags); 595 list_add_tail(&req_list->list, &hidg->completed_out_req); 596 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 597 598 wake_up(&hidg->read_queue); 599 break; 600 default: 601 ERROR(cdev, "Set report failed %d\n", req->status); 602 fallthrough; 603 case -ECONNABORTED: /* hardware forced ep reset */ 604 case -ECONNRESET: /* request dequeued */ 605 case -ESHUTDOWN: /* disconnect from host */ 606 free_req: 607 free_ep_req(ep, req); 608 return; 609 } 610 } 611 612 static void hidg_ssreport_complete(struct usb_ep *ep, struct usb_request *req) 613 { 614 struct f_hidg *hidg = (struct f_hidg *)req->context; 615 struct usb_composite_dev *cdev = hidg->func.config->cdev; 616 char *new_buf = NULL; 617 unsigned long flags; 618 619 if (req->status != 0 || req->buf == NULL || req->actual == 0) { 620 ERROR(cdev, 621 "%s FAILED: status=%d, buf=%p, actual=%d\n", 622 __func__, req->status, req->buf, req->actual); 623 return; 624 } 625 626 spin_lock_irqsave(&hidg->read_spinlock, flags); 627 628 new_buf = krealloc(hidg->set_report_buf, req->actual, GFP_ATOMIC); 629 if (new_buf == NULL) { 630 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 631 return; 632 } 633 hidg->set_report_buf = new_buf; 634 635 hidg->set_report_length = req->actual; 636 memcpy(hidg->set_report_buf, req->buf, req->actual); 637 638 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 639 640 wake_up(&hidg->read_queue); 641 } 642 643 static int hidg_setup(struct usb_function *f, 644 const struct usb_ctrlrequest *ctrl) 645 { 646 struct f_hidg *hidg = func_to_hidg(f); 647 struct usb_composite_dev *cdev = f->config->cdev; 648 struct usb_request *req = cdev->req; 649 int status = 0; 650 __u16 value, length; 651 652 value = __le16_to_cpu(ctrl->wValue); 653 length = __le16_to_cpu(ctrl->wLength); 654 655 VDBG(cdev, 656 "%s crtl_request : bRequestType:0x%x bRequest:0x%x Value:0x%x\n", 657 __func__, ctrl->bRequestType, ctrl->bRequest, value); 658 659 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) { 660 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 661 | HID_REQ_GET_REPORT): 662 VDBG(cdev, "get_report\n"); 663 664 /* send an empty report */ 665 length = min_t(unsigned, length, hidg->report_length); 666 memset(req->buf, 0x0, length); 667 668 goto respond; 669 break; 670 671 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 672 | HID_REQ_GET_PROTOCOL): 673 VDBG(cdev, "get_protocol\n"); 674 length = min_t(unsigned int, length, 1); 675 ((u8 *) req->buf)[0] = hidg->protocol; 676 goto respond; 677 break; 678 679 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 680 | HID_REQ_GET_IDLE): 681 VDBG(cdev, "get_idle\n"); 682 length = min_t(unsigned int, length, 1); 683 ((u8 *) req->buf)[0] = hidg->idle; 684 goto respond; 685 break; 686 687 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 688 | HID_REQ_SET_REPORT): 689 VDBG(cdev, "set_report | wLength=%d\n", ctrl->wLength); 690 if (hidg->use_out_ep) 691 goto stall; 692 req->complete = hidg_ssreport_complete; 693 req->context = hidg; 694 goto respond; 695 break; 696 697 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 698 | HID_REQ_SET_PROTOCOL): 699 VDBG(cdev, "set_protocol\n"); 700 if (value > HID_REPORT_PROTOCOL) 701 goto stall; 702 length = 0; 703 /* 704 * We assume that programs implementing the Boot protocol 705 * are also compatible with the Report Protocol 706 */ 707 if (hidg->bInterfaceSubClass == USB_INTERFACE_SUBCLASS_BOOT) { 708 hidg->protocol = value; 709 goto respond; 710 } 711 goto stall; 712 break; 713 714 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 715 | HID_REQ_SET_IDLE): 716 VDBG(cdev, "set_idle\n"); 717 length = 0; 718 hidg->idle = value >> 8; 719 goto respond; 720 break; 721 722 case ((USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_INTERFACE) << 8 723 | USB_REQ_GET_DESCRIPTOR): 724 switch (value >> 8) { 725 case HID_DT_HID: 726 { 727 struct hid_descriptor hidg_desc_copy = hidg_desc; 728 729 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n"); 730 hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT; 731 hidg_desc_copy.desc[0].wDescriptorLength = 732 cpu_to_le16(hidg->report_desc_length); 733 734 length = min_t(unsigned short, length, 735 hidg_desc_copy.bLength); 736 memcpy(req->buf, &hidg_desc_copy, length); 737 goto respond; 738 break; 739 } 740 case HID_DT_REPORT: 741 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: REPORT\n"); 742 length = min_t(unsigned short, length, 743 hidg->report_desc_length); 744 memcpy(req->buf, hidg->report_desc, length); 745 goto respond; 746 break; 747 748 default: 749 VDBG(cdev, "Unknown descriptor request 0x%x\n", 750 value >> 8); 751 goto stall; 752 break; 753 } 754 break; 755 756 default: 757 VDBG(cdev, "Unknown request 0x%x\n", 758 ctrl->bRequest); 759 goto stall; 760 break; 761 } 762 763 stall: 764 return -EOPNOTSUPP; 765 766 respond: 767 req->zero = 0; 768 req->length = length; 769 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); 770 if (status < 0) 771 ERROR(cdev, "usb_ep_queue error on ep0 %d\n", value); 772 return status; 773 } 774 775 static void hidg_disable(struct usb_function *f) 776 { 777 struct f_hidg *hidg = func_to_hidg(f); 778 struct f_hidg_req_list *list, *next; 779 unsigned long flags; 780 781 usb_ep_disable(hidg->in_ep); 782 783 if (hidg->out_ep) { 784 usb_ep_disable(hidg->out_ep); 785 786 spin_lock_irqsave(&hidg->read_spinlock, flags); 787 list_for_each_entry_safe(list, next, &hidg->completed_out_req, list) { 788 free_ep_req(hidg->out_ep, list->req); 789 list_del(&list->list); 790 kfree(list); 791 } 792 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 793 } 794 795 spin_lock_irqsave(&hidg->write_spinlock, flags); 796 if (!hidg->write_pending) { 797 free_ep_req(hidg->in_ep, hidg->req); 798 hidg->write_pending = 1; 799 } 800 801 hidg->req = NULL; 802 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 803 } 804 805 static int hidg_set_alt(struct usb_function *f, unsigned intf, unsigned alt) 806 { 807 struct usb_composite_dev *cdev = f->config->cdev; 808 struct f_hidg *hidg = func_to_hidg(f); 809 struct usb_request *req_in = NULL; 810 unsigned long flags; 811 int i, status = 0; 812 813 VDBG(cdev, "hidg_set_alt intf:%d alt:%d\n", intf, alt); 814 815 if (hidg->in_ep != NULL) { 816 /* restart endpoint */ 817 usb_ep_disable(hidg->in_ep); 818 819 status = config_ep_by_speed(f->config->cdev->gadget, f, 820 hidg->in_ep); 821 if (status) { 822 ERROR(cdev, "config_ep_by_speed FAILED!\n"); 823 goto fail; 824 } 825 status = usb_ep_enable(hidg->in_ep); 826 if (status < 0) { 827 ERROR(cdev, "Enable IN endpoint FAILED!\n"); 828 goto fail; 829 } 830 hidg->in_ep->driver_data = hidg; 831 832 req_in = hidg_alloc_ep_req(hidg->in_ep, hidg->report_length); 833 if (!req_in) { 834 status = -ENOMEM; 835 goto disable_ep_in; 836 } 837 } 838 839 if (hidg->use_out_ep && hidg->out_ep != NULL) { 840 /* restart endpoint */ 841 usb_ep_disable(hidg->out_ep); 842 843 status = config_ep_by_speed(f->config->cdev->gadget, f, 844 hidg->out_ep); 845 if (status) { 846 ERROR(cdev, "config_ep_by_speed FAILED!\n"); 847 goto free_req_in; 848 } 849 status = usb_ep_enable(hidg->out_ep); 850 if (status < 0) { 851 ERROR(cdev, "Enable OUT endpoint FAILED!\n"); 852 goto free_req_in; 853 } 854 hidg->out_ep->driver_data = hidg; 855 856 /* 857 * allocate a bunch of read buffers and queue them all at once. 858 */ 859 for (i = 0; i < hidg->qlen && status == 0; i++) { 860 struct usb_request *req = 861 hidg_alloc_ep_req(hidg->out_ep, 862 hidg->report_length); 863 if (req) { 864 req->complete = hidg_intout_complete; 865 req->context = hidg; 866 status = usb_ep_queue(hidg->out_ep, req, 867 GFP_ATOMIC); 868 if (status) { 869 ERROR(cdev, "%s queue req --> %d\n", 870 hidg->out_ep->name, status); 871 free_ep_req(hidg->out_ep, req); 872 } 873 } else { 874 status = -ENOMEM; 875 goto disable_out_ep; 876 } 877 } 878 } 879 880 if (hidg->in_ep != NULL) { 881 spin_lock_irqsave(&hidg->write_spinlock, flags); 882 hidg->req = req_in; 883 hidg->write_pending = 0; 884 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 885 886 wake_up(&hidg->write_queue); 887 } 888 return 0; 889 disable_out_ep: 890 if (hidg->out_ep) 891 usb_ep_disable(hidg->out_ep); 892 free_req_in: 893 if (req_in) 894 free_ep_req(hidg->in_ep, req_in); 895 896 disable_ep_in: 897 if (hidg->in_ep) 898 usb_ep_disable(hidg->in_ep); 899 900 fail: 901 return status; 902 } 903 904 static const struct file_operations f_hidg_fops = { 905 .owner = THIS_MODULE, 906 .open = f_hidg_open, 907 .release = f_hidg_release, 908 .write = f_hidg_write, 909 .read = f_hidg_read, 910 .poll = f_hidg_poll, 911 .llseek = noop_llseek, 912 }; 913 914 static int hidg_bind(struct usb_configuration *c, struct usb_function *f) 915 { 916 struct usb_ep *ep; 917 struct f_hidg *hidg = func_to_hidg(f); 918 struct usb_string *us; 919 int status; 920 921 /* maybe allocate device-global string IDs, and patch descriptors */ 922 us = usb_gstrings_attach(c->cdev, ct_func_strings, 923 ARRAY_SIZE(ct_func_string_defs)); 924 if (IS_ERR(us)) 925 return PTR_ERR(us); 926 hidg_interface_desc.iInterface = us[CT_FUNC_HID_IDX].id; 927 928 /* allocate instance-specific interface IDs, and patch descriptors */ 929 status = usb_interface_id(c, f); 930 if (status < 0) 931 goto fail; 932 hidg_interface_desc.bInterfaceNumber = status; 933 934 /* allocate instance-specific endpoints */ 935 status = -ENODEV; 936 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_in_ep_desc); 937 if (!ep) 938 goto fail; 939 hidg->in_ep = ep; 940 941 hidg->out_ep = NULL; 942 if (hidg->use_out_ep) { 943 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_out_ep_desc); 944 if (!ep) 945 goto fail; 946 hidg->out_ep = ep; 947 } 948 949 /* used only if use_out_ep == 1 */ 950 hidg->set_report_buf = NULL; 951 952 /* set descriptor dynamic values */ 953 hidg_interface_desc.bInterfaceSubClass = hidg->bInterfaceSubClass; 954 hidg_interface_desc.bInterfaceProtocol = hidg->bInterfaceProtocol; 955 hidg_interface_desc.bNumEndpoints = hidg->use_out_ep ? 2 : 1; 956 hidg->protocol = HID_REPORT_PROTOCOL; 957 hidg->idle = 1; 958 hidg_ss_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 959 hidg_ss_in_comp_desc.wBytesPerInterval = 960 cpu_to_le16(hidg->report_length); 961 hidg_hs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 962 hidg_fs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 963 hidg_ss_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 964 hidg_ss_out_comp_desc.wBytesPerInterval = 965 cpu_to_le16(hidg->report_length); 966 hidg_hs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 967 hidg_fs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 968 /* 969 * We can use hidg_desc struct here but we should not relay 970 * that its content won't change after returning from this function. 971 */ 972 hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT; 973 hidg_desc.desc[0].wDescriptorLength = 974 cpu_to_le16(hidg->report_desc_length); 975 976 hidg_hs_in_ep_desc.bEndpointAddress = 977 hidg_fs_in_ep_desc.bEndpointAddress; 978 hidg_hs_out_ep_desc.bEndpointAddress = 979 hidg_fs_out_ep_desc.bEndpointAddress; 980 981 hidg_ss_in_ep_desc.bEndpointAddress = 982 hidg_fs_in_ep_desc.bEndpointAddress; 983 hidg_ss_out_ep_desc.bEndpointAddress = 984 hidg_fs_out_ep_desc.bEndpointAddress; 985 986 if (hidg->use_out_ep) 987 status = usb_assign_descriptors(f, 988 hidg_fs_descriptors_intout, 989 hidg_hs_descriptors_intout, 990 hidg_ss_descriptors_intout, 991 hidg_ss_descriptors_intout); 992 else 993 status = usb_assign_descriptors(f, 994 hidg_fs_descriptors_ssreport, 995 hidg_hs_descriptors_ssreport, 996 hidg_ss_descriptors_ssreport, 997 hidg_ss_descriptors_ssreport); 998 999 if (status) 1000 goto fail; 1001 1002 spin_lock_init(&hidg->write_spinlock); 1003 hidg->write_pending = 1; 1004 hidg->req = NULL; 1005 spin_lock_init(&hidg->read_spinlock); 1006 init_waitqueue_head(&hidg->write_queue); 1007 init_waitqueue_head(&hidg->read_queue); 1008 INIT_LIST_HEAD(&hidg->completed_out_req); 1009 1010 /* create char device */ 1011 cdev_init(&hidg->cdev, &f_hidg_fops); 1012 status = cdev_device_add(&hidg->cdev, &hidg->dev); 1013 if (status) 1014 goto fail_free_descs; 1015 1016 return 0; 1017 fail_free_descs: 1018 usb_free_all_descriptors(f); 1019 fail: 1020 ERROR(f->config->cdev, "hidg_bind FAILED\n"); 1021 if (hidg->req != NULL) 1022 free_ep_req(hidg->in_ep, hidg->req); 1023 1024 return status; 1025 } 1026 1027 static inline int hidg_get_minor(void) 1028 { 1029 int ret; 1030 1031 ret = ida_simple_get(&hidg_ida, 0, 0, GFP_KERNEL); 1032 if (ret >= HIDG_MINORS) { 1033 ida_simple_remove(&hidg_ida, ret); 1034 ret = -ENODEV; 1035 } 1036 1037 return ret; 1038 } 1039 1040 static inline struct f_hid_opts *to_f_hid_opts(struct config_item *item) 1041 { 1042 return container_of(to_config_group(item), struct f_hid_opts, 1043 func_inst.group); 1044 } 1045 1046 static void hid_attr_release(struct config_item *item) 1047 { 1048 struct f_hid_opts *opts = to_f_hid_opts(item); 1049 1050 usb_put_function_instance(&opts->func_inst); 1051 } 1052 1053 static struct configfs_item_operations hidg_item_ops = { 1054 .release = hid_attr_release, 1055 }; 1056 1057 #define F_HID_OPT(name, prec, limit) \ 1058 static ssize_t f_hid_opts_##name##_show(struct config_item *item, char *page)\ 1059 { \ 1060 struct f_hid_opts *opts = to_f_hid_opts(item); \ 1061 int result; \ 1062 \ 1063 mutex_lock(&opts->lock); \ 1064 result = sprintf(page, "%d\n", opts->name); \ 1065 mutex_unlock(&opts->lock); \ 1066 \ 1067 return result; \ 1068 } \ 1069 \ 1070 static ssize_t f_hid_opts_##name##_store(struct config_item *item, \ 1071 const char *page, size_t len) \ 1072 { \ 1073 struct f_hid_opts *opts = to_f_hid_opts(item); \ 1074 int ret; \ 1075 u##prec num; \ 1076 \ 1077 mutex_lock(&opts->lock); \ 1078 if (opts->refcnt) { \ 1079 ret = -EBUSY; \ 1080 goto end; \ 1081 } \ 1082 \ 1083 ret = kstrtou##prec(page, 0, &num); \ 1084 if (ret) \ 1085 goto end; \ 1086 \ 1087 if (num > limit) { \ 1088 ret = -EINVAL; \ 1089 goto end; \ 1090 } \ 1091 opts->name = num; \ 1092 ret = len; \ 1093 \ 1094 end: \ 1095 mutex_unlock(&opts->lock); \ 1096 return ret; \ 1097 } \ 1098 \ 1099 CONFIGFS_ATTR(f_hid_opts_, name) 1100 1101 F_HID_OPT(subclass, 8, 255); 1102 F_HID_OPT(protocol, 8, 255); 1103 F_HID_OPT(no_out_endpoint, 8, 1); 1104 F_HID_OPT(report_length, 16, 65535); 1105 1106 static ssize_t f_hid_opts_report_desc_show(struct config_item *item, char *page) 1107 { 1108 struct f_hid_opts *opts = to_f_hid_opts(item); 1109 int result; 1110 1111 mutex_lock(&opts->lock); 1112 result = opts->report_desc_length; 1113 memcpy(page, opts->report_desc, opts->report_desc_length); 1114 mutex_unlock(&opts->lock); 1115 1116 return result; 1117 } 1118 1119 static ssize_t f_hid_opts_report_desc_store(struct config_item *item, 1120 const char *page, size_t len) 1121 { 1122 struct f_hid_opts *opts = to_f_hid_opts(item); 1123 int ret = -EBUSY; 1124 char *d; 1125 1126 mutex_lock(&opts->lock); 1127 1128 if (opts->refcnt) 1129 goto end; 1130 if (len > PAGE_SIZE) { 1131 ret = -ENOSPC; 1132 goto end; 1133 } 1134 d = kmemdup(page, len, GFP_KERNEL); 1135 if (!d) { 1136 ret = -ENOMEM; 1137 goto end; 1138 } 1139 kfree(opts->report_desc); 1140 opts->report_desc = d; 1141 opts->report_desc_length = len; 1142 opts->report_desc_alloc = true; 1143 ret = len; 1144 end: 1145 mutex_unlock(&opts->lock); 1146 return ret; 1147 } 1148 1149 CONFIGFS_ATTR(f_hid_opts_, report_desc); 1150 1151 static ssize_t f_hid_opts_dev_show(struct config_item *item, char *page) 1152 { 1153 struct f_hid_opts *opts = to_f_hid_opts(item); 1154 1155 return sprintf(page, "%d:%d\n", major, opts->minor); 1156 } 1157 1158 CONFIGFS_ATTR_RO(f_hid_opts_, dev); 1159 1160 static struct configfs_attribute *hid_attrs[] = { 1161 &f_hid_opts_attr_subclass, 1162 &f_hid_opts_attr_protocol, 1163 &f_hid_opts_attr_no_out_endpoint, 1164 &f_hid_opts_attr_report_length, 1165 &f_hid_opts_attr_report_desc, 1166 &f_hid_opts_attr_dev, 1167 NULL, 1168 }; 1169 1170 static const struct config_item_type hid_func_type = { 1171 .ct_item_ops = &hidg_item_ops, 1172 .ct_attrs = hid_attrs, 1173 .ct_owner = THIS_MODULE, 1174 }; 1175 1176 static inline void hidg_put_minor(int minor) 1177 { 1178 ida_simple_remove(&hidg_ida, minor); 1179 } 1180 1181 static void hidg_free_inst(struct usb_function_instance *f) 1182 { 1183 struct f_hid_opts *opts; 1184 1185 opts = container_of(f, struct f_hid_opts, func_inst); 1186 1187 mutex_lock(&hidg_ida_lock); 1188 1189 hidg_put_minor(opts->minor); 1190 if (ida_is_empty(&hidg_ida)) 1191 ghid_cleanup(); 1192 1193 mutex_unlock(&hidg_ida_lock); 1194 1195 if (opts->report_desc_alloc) 1196 kfree(opts->report_desc); 1197 1198 kfree(opts); 1199 } 1200 1201 static struct usb_function_instance *hidg_alloc_inst(void) 1202 { 1203 struct f_hid_opts *opts; 1204 struct usb_function_instance *ret; 1205 int status = 0; 1206 1207 opts = kzalloc(sizeof(*opts), GFP_KERNEL); 1208 if (!opts) 1209 return ERR_PTR(-ENOMEM); 1210 mutex_init(&opts->lock); 1211 opts->func_inst.free_func_inst = hidg_free_inst; 1212 ret = &opts->func_inst; 1213 1214 mutex_lock(&hidg_ida_lock); 1215 1216 if (ida_is_empty(&hidg_ida)) { 1217 status = ghid_setup(NULL, HIDG_MINORS); 1218 if (status) { 1219 ret = ERR_PTR(status); 1220 kfree(opts); 1221 goto unlock; 1222 } 1223 } 1224 1225 opts->minor = hidg_get_minor(); 1226 if (opts->minor < 0) { 1227 ret = ERR_PTR(opts->minor); 1228 kfree(opts); 1229 if (ida_is_empty(&hidg_ida)) 1230 ghid_cleanup(); 1231 goto unlock; 1232 } 1233 config_group_init_type_name(&opts->func_inst.group, "", &hid_func_type); 1234 1235 unlock: 1236 mutex_unlock(&hidg_ida_lock); 1237 return ret; 1238 } 1239 1240 static void hidg_free(struct usb_function *f) 1241 { 1242 struct f_hidg *hidg; 1243 struct f_hid_opts *opts; 1244 1245 hidg = func_to_hidg(f); 1246 opts = container_of(f->fi, struct f_hid_opts, func_inst); 1247 put_device(&hidg->dev); 1248 mutex_lock(&opts->lock); 1249 --opts->refcnt; 1250 mutex_unlock(&opts->lock); 1251 } 1252 1253 static void hidg_unbind(struct usb_configuration *c, struct usb_function *f) 1254 { 1255 struct f_hidg *hidg = func_to_hidg(f); 1256 1257 cdev_device_del(&hidg->cdev, &hidg->dev); 1258 1259 usb_free_all_descriptors(f); 1260 } 1261 1262 static struct usb_function *hidg_alloc(struct usb_function_instance *fi) 1263 { 1264 struct f_hidg *hidg; 1265 struct f_hid_opts *opts; 1266 int ret; 1267 1268 /* allocate and initialize one new instance */ 1269 hidg = kzalloc(sizeof(*hidg), GFP_KERNEL); 1270 if (!hidg) 1271 return ERR_PTR(-ENOMEM); 1272 1273 opts = container_of(fi, struct f_hid_opts, func_inst); 1274 1275 mutex_lock(&opts->lock); 1276 1277 device_initialize(&hidg->dev); 1278 hidg->dev.release = hidg_release; 1279 hidg->dev.class = &hidg_class; 1280 hidg->dev.devt = MKDEV(major, opts->minor); 1281 ret = dev_set_name(&hidg->dev, "hidg%d", opts->minor); 1282 if (ret) 1283 goto err_unlock; 1284 1285 hidg->bInterfaceSubClass = opts->subclass; 1286 hidg->bInterfaceProtocol = opts->protocol; 1287 hidg->report_length = opts->report_length; 1288 hidg->report_desc_length = opts->report_desc_length; 1289 if (opts->report_desc) { 1290 hidg->report_desc = devm_kmemdup(&hidg->dev, opts->report_desc, 1291 opts->report_desc_length, 1292 GFP_KERNEL); 1293 if (!hidg->report_desc) { 1294 ret = -ENOMEM; 1295 goto err_put_device; 1296 } 1297 } 1298 hidg->use_out_ep = !opts->no_out_endpoint; 1299 1300 ++opts->refcnt; 1301 mutex_unlock(&opts->lock); 1302 1303 hidg->func.name = "hid"; 1304 hidg->func.bind = hidg_bind; 1305 hidg->func.unbind = hidg_unbind; 1306 hidg->func.set_alt = hidg_set_alt; 1307 hidg->func.disable = hidg_disable; 1308 hidg->func.setup = hidg_setup; 1309 hidg->func.free_func = hidg_free; 1310 1311 /* this could be made configurable at some point */ 1312 hidg->qlen = 4; 1313 1314 return &hidg->func; 1315 1316 err_put_device: 1317 put_device(&hidg->dev); 1318 err_unlock: 1319 mutex_unlock(&opts->lock); 1320 return ERR_PTR(ret); 1321 } 1322 1323 DECLARE_USB_FUNCTION_INIT(hid, hidg_alloc_inst, hidg_alloc); 1324 MODULE_LICENSE("GPL"); 1325 MODULE_AUTHOR("Fabien Chouteau"); 1326 1327 int ghid_setup(struct usb_gadget *g, int count) 1328 { 1329 int status; 1330 dev_t dev; 1331 1332 status = class_register(&hidg_class); 1333 if (status) 1334 return status; 1335 1336 status = alloc_chrdev_region(&dev, 0, count, "hidg"); 1337 if (status) { 1338 class_unregister(&hidg_class); 1339 return status; 1340 } 1341 1342 major = MAJOR(dev); 1343 minors = count; 1344 1345 return 0; 1346 } 1347 1348 void ghid_cleanup(void) 1349 { 1350 if (major) { 1351 unregister_chrdev_region(MKDEV(major, 0), minors); 1352 major = minors = 0; 1353 } 1354 1355 class_unregister(&hidg_class); 1356 } 1357