1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * f_hid.c -- USB HID function driver 4 * 5 * Copyright (C) 2010 Fabien Chouteau <fabien.chouteau@barco.com> 6 */ 7 8 #include <linux/kernel.h> 9 #include <linux/module.h> 10 #include <linux/hid.h> 11 #include <linux/idr.h> 12 #include <linux/cdev.h> 13 #include <linux/mutex.h> 14 #include <linux/poll.h> 15 #include <linux/uaccess.h> 16 #include <linux/wait.h> 17 #include <linux/sched.h> 18 #include <linux/usb/g_hid.h> 19 20 #include "u_f.h" 21 #include "u_hid.h" 22 23 #define HIDG_MINORS 4 24 25 static int major, minors; 26 static struct class *hidg_class; 27 static DEFINE_IDA(hidg_ida); 28 static DEFINE_MUTEX(hidg_ida_lock); /* protects access to hidg_ida */ 29 30 /*-------------------------------------------------------------------------*/ 31 /* HID gadget struct */ 32 33 struct f_hidg_req_list { 34 struct usb_request *req; 35 unsigned int pos; 36 struct list_head list; 37 }; 38 39 struct f_hidg { 40 /* configuration */ 41 unsigned char bInterfaceSubClass; 42 unsigned char bInterfaceProtocol; 43 unsigned char protocol; 44 unsigned char idle; 45 unsigned short report_desc_length; 46 char *report_desc; 47 unsigned short report_length; 48 /* 49 * use_out_ep - if true, the OUT Endpoint (interrupt out method) 50 * will be used to receive reports from the host 51 * using functions with the "intout" suffix. 52 * Otherwise, the OUT Endpoint will not be configured 53 * and the SETUP/SET_REPORT method ("ssreport" suffix) 54 * will be used to receive reports. 55 */ 56 bool use_out_ep; 57 58 /* recv report */ 59 spinlock_t read_spinlock; 60 wait_queue_head_t read_queue; 61 /* recv report - interrupt out only (use_out_ep == 1) */ 62 struct list_head completed_out_req; 63 unsigned int qlen; 64 /* recv report - setup set_report only (use_out_ep == 0) */ 65 char *set_report_buf; 66 unsigned int set_report_length; 67 68 /* send report */ 69 spinlock_t write_spinlock; 70 bool write_pending; 71 wait_queue_head_t write_queue; 72 struct usb_request *req; 73 74 int minor; 75 struct cdev cdev; 76 struct usb_function func; 77 78 struct usb_ep *in_ep; 79 struct usb_ep *out_ep; 80 }; 81 82 static inline struct f_hidg *func_to_hidg(struct usb_function *f) 83 { 84 return container_of(f, struct f_hidg, func); 85 } 86 87 /*-------------------------------------------------------------------------*/ 88 /* Static descriptors */ 89 90 static struct usb_interface_descriptor hidg_interface_desc = { 91 .bLength = sizeof hidg_interface_desc, 92 .bDescriptorType = USB_DT_INTERFACE, 93 /* .bInterfaceNumber = DYNAMIC */ 94 .bAlternateSetting = 0, 95 /* .bNumEndpoints = DYNAMIC (depends on use_out_ep) */ 96 .bInterfaceClass = USB_CLASS_HID, 97 /* .bInterfaceSubClass = DYNAMIC */ 98 /* .bInterfaceProtocol = DYNAMIC */ 99 /* .iInterface = DYNAMIC */ 100 }; 101 102 static struct hid_descriptor hidg_desc = { 103 .bLength = sizeof hidg_desc, 104 .bDescriptorType = HID_DT_HID, 105 .bcdHID = cpu_to_le16(0x0101), 106 .bCountryCode = 0x00, 107 .bNumDescriptors = 0x1, 108 /*.desc[0].bDescriptorType = DYNAMIC */ 109 /*.desc[0].wDescriptorLenght = DYNAMIC */ 110 }; 111 112 /* Super-Speed Support */ 113 114 static struct usb_endpoint_descriptor hidg_ss_in_ep_desc = { 115 .bLength = USB_DT_ENDPOINT_SIZE, 116 .bDescriptorType = USB_DT_ENDPOINT, 117 .bEndpointAddress = USB_DIR_IN, 118 .bmAttributes = USB_ENDPOINT_XFER_INT, 119 /*.wMaxPacketSize = DYNAMIC */ 120 .bInterval = 4, /* FIXME: Add this field in the 121 * HID gadget configuration? 122 * (struct hidg_func_descriptor) 123 */ 124 }; 125 126 static struct usb_ss_ep_comp_descriptor hidg_ss_in_comp_desc = { 127 .bLength = sizeof(hidg_ss_in_comp_desc), 128 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 129 130 /* .bMaxBurst = 0, */ 131 /* .bmAttributes = 0, */ 132 /* .wBytesPerInterval = DYNAMIC */ 133 }; 134 135 static struct usb_endpoint_descriptor hidg_ss_out_ep_desc = { 136 .bLength = USB_DT_ENDPOINT_SIZE, 137 .bDescriptorType = USB_DT_ENDPOINT, 138 .bEndpointAddress = USB_DIR_OUT, 139 .bmAttributes = USB_ENDPOINT_XFER_INT, 140 /*.wMaxPacketSize = DYNAMIC */ 141 .bInterval = 4, /* FIXME: Add this field in the 142 * HID gadget configuration? 143 * (struct hidg_func_descriptor) 144 */ 145 }; 146 147 static struct usb_ss_ep_comp_descriptor hidg_ss_out_comp_desc = { 148 .bLength = sizeof(hidg_ss_out_comp_desc), 149 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 150 151 /* .bMaxBurst = 0, */ 152 /* .bmAttributes = 0, */ 153 /* .wBytesPerInterval = DYNAMIC */ 154 }; 155 156 static struct usb_descriptor_header *hidg_ss_descriptors_intout[] = { 157 (struct usb_descriptor_header *)&hidg_interface_desc, 158 (struct usb_descriptor_header *)&hidg_desc, 159 (struct usb_descriptor_header *)&hidg_ss_in_ep_desc, 160 (struct usb_descriptor_header *)&hidg_ss_in_comp_desc, 161 (struct usb_descriptor_header *)&hidg_ss_out_ep_desc, 162 (struct usb_descriptor_header *)&hidg_ss_out_comp_desc, 163 NULL, 164 }; 165 166 static struct usb_descriptor_header *hidg_ss_descriptors_ssreport[] = { 167 (struct usb_descriptor_header *)&hidg_interface_desc, 168 (struct usb_descriptor_header *)&hidg_desc, 169 (struct usb_descriptor_header *)&hidg_ss_in_ep_desc, 170 (struct usb_descriptor_header *)&hidg_ss_in_comp_desc, 171 NULL, 172 }; 173 174 /* High-Speed Support */ 175 176 static struct usb_endpoint_descriptor hidg_hs_in_ep_desc = { 177 .bLength = USB_DT_ENDPOINT_SIZE, 178 .bDescriptorType = USB_DT_ENDPOINT, 179 .bEndpointAddress = USB_DIR_IN, 180 .bmAttributes = USB_ENDPOINT_XFER_INT, 181 /*.wMaxPacketSize = DYNAMIC */ 182 .bInterval = 4, /* FIXME: Add this field in the 183 * HID gadget configuration? 184 * (struct hidg_func_descriptor) 185 */ 186 }; 187 188 static struct usb_endpoint_descriptor hidg_hs_out_ep_desc = { 189 .bLength = USB_DT_ENDPOINT_SIZE, 190 .bDescriptorType = USB_DT_ENDPOINT, 191 .bEndpointAddress = USB_DIR_OUT, 192 .bmAttributes = USB_ENDPOINT_XFER_INT, 193 /*.wMaxPacketSize = DYNAMIC */ 194 .bInterval = 4, /* FIXME: Add this field in the 195 * HID gadget configuration? 196 * (struct hidg_func_descriptor) 197 */ 198 }; 199 200 static struct usb_descriptor_header *hidg_hs_descriptors_intout[] = { 201 (struct usb_descriptor_header *)&hidg_interface_desc, 202 (struct usb_descriptor_header *)&hidg_desc, 203 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc, 204 (struct usb_descriptor_header *)&hidg_hs_out_ep_desc, 205 NULL, 206 }; 207 208 static struct usb_descriptor_header *hidg_hs_descriptors_ssreport[] = { 209 (struct usb_descriptor_header *)&hidg_interface_desc, 210 (struct usb_descriptor_header *)&hidg_desc, 211 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc, 212 NULL, 213 }; 214 215 /* Full-Speed Support */ 216 217 static struct usb_endpoint_descriptor hidg_fs_in_ep_desc = { 218 .bLength = USB_DT_ENDPOINT_SIZE, 219 .bDescriptorType = USB_DT_ENDPOINT, 220 .bEndpointAddress = USB_DIR_IN, 221 .bmAttributes = USB_ENDPOINT_XFER_INT, 222 /*.wMaxPacketSize = DYNAMIC */ 223 .bInterval = 10, /* FIXME: Add this field in the 224 * HID gadget configuration? 225 * (struct hidg_func_descriptor) 226 */ 227 }; 228 229 static struct usb_endpoint_descriptor hidg_fs_out_ep_desc = { 230 .bLength = USB_DT_ENDPOINT_SIZE, 231 .bDescriptorType = USB_DT_ENDPOINT, 232 .bEndpointAddress = USB_DIR_OUT, 233 .bmAttributes = USB_ENDPOINT_XFER_INT, 234 /*.wMaxPacketSize = DYNAMIC */ 235 .bInterval = 10, /* FIXME: Add this field in the 236 * HID gadget configuration? 237 * (struct hidg_func_descriptor) 238 */ 239 }; 240 241 static struct usb_descriptor_header *hidg_fs_descriptors_intout[] = { 242 (struct usb_descriptor_header *)&hidg_interface_desc, 243 (struct usb_descriptor_header *)&hidg_desc, 244 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc, 245 (struct usb_descriptor_header *)&hidg_fs_out_ep_desc, 246 NULL, 247 }; 248 249 static struct usb_descriptor_header *hidg_fs_descriptors_ssreport[] = { 250 (struct usb_descriptor_header *)&hidg_interface_desc, 251 (struct usb_descriptor_header *)&hidg_desc, 252 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc, 253 NULL, 254 }; 255 256 /*-------------------------------------------------------------------------*/ 257 /* Strings */ 258 259 #define CT_FUNC_HID_IDX 0 260 261 static struct usb_string ct_func_string_defs[] = { 262 [CT_FUNC_HID_IDX].s = "HID Interface", 263 {}, /* end of list */ 264 }; 265 266 static struct usb_gadget_strings ct_func_string_table = { 267 .language = 0x0409, /* en-US */ 268 .strings = ct_func_string_defs, 269 }; 270 271 static struct usb_gadget_strings *ct_func_strings[] = { 272 &ct_func_string_table, 273 NULL, 274 }; 275 276 /*-------------------------------------------------------------------------*/ 277 /* Char Device */ 278 279 static ssize_t f_hidg_intout_read(struct file *file, char __user *buffer, 280 size_t count, loff_t *ptr) 281 { 282 struct f_hidg *hidg = file->private_data; 283 struct f_hidg_req_list *list; 284 struct usb_request *req; 285 unsigned long flags; 286 int ret; 287 288 if (!count) 289 return 0; 290 291 spin_lock_irqsave(&hidg->read_spinlock, flags); 292 293 #define READ_COND_INTOUT (!list_empty(&hidg->completed_out_req)) 294 295 /* wait for at least one buffer to complete */ 296 while (!READ_COND_INTOUT) { 297 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 298 if (file->f_flags & O_NONBLOCK) 299 return -EAGAIN; 300 301 if (wait_event_interruptible(hidg->read_queue, READ_COND_INTOUT)) 302 return -ERESTARTSYS; 303 304 spin_lock_irqsave(&hidg->read_spinlock, flags); 305 } 306 307 /* pick the first one */ 308 list = list_first_entry(&hidg->completed_out_req, 309 struct f_hidg_req_list, list); 310 311 /* 312 * Remove this from list to protect it from beign free() 313 * while host disables our function 314 */ 315 list_del(&list->list); 316 317 req = list->req; 318 count = min_t(unsigned int, count, req->actual - list->pos); 319 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 320 321 /* copy to user outside spinlock */ 322 count -= copy_to_user(buffer, req->buf + list->pos, count); 323 list->pos += count; 324 325 /* 326 * if this request is completely handled and transfered to 327 * userspace, remove its entry from the list and requeue it 328 * again. Otherwise, we will revisit it again upon the next 329 * call, taking into account its current read position. 330 */ 331 if (list->pos == req->actual) { 332 kfree(list); 333 334 req->length = hidg->report_length; 335 ret = usb_ep_queue(hidg->out_ep, req, GFP_KERNEL); 336 if (ret < 0) { 337 free_ep_req(hidg->out_ep, req); 338 return ret; 339 } 340 } else { 341 spin_lock_irqsave(&hidg->read_spinlock, flags); 342 list_add(&list->list, &hidg->completed_out_req); 343 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 344 345 wake_up(&hidg->read_queue); 346 } 347 348 return count; 349 } 350 351 #define READ_COND_SSREPORT (hidg->set_report_buf != NULL) 352 353 static ssize_t f_hidg_ssreport_read(struct file *file, char __user *buffer, 354 size_t count, loff_t *ptr) 355 { 356 struct f_hidg *hidg = file->private_data; 357 char *tmp_buf = NULL; 358 unsigned long flags; 359 360 if (!count) 361 return 0; 362 363 spin_lock_irqsave(&hidg->read_spinlock, flags); 364 365 while (!READ_COND_SSREPORT) { 366 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 367 if (file->f_flags & O_NONBLOCK) 368 return -EAGAIN; 369 370 if (wait_event_interruptible(hidg->read_queue, READ_COND_SSREPORT)) 371 return -ERESTARTSYS; 372 373 spin_lock_irqsave(&hidg->read_spinlock, flags); 374 } 375 376 count = min_t(unsigned int, count, hidg->set_report_length); 377 tmp_buf = hidg->set_report_buf; 378 hidg->set_report_buf = NULL; 379 380 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 381 382 if (tmp_buf != NULL) { 383 count -= copy_to_user(buffer, tmp_buf, count); 384 kfree(tmp_buf); 385 } else { 386 count = -ENOMEM; 387 } 388 389 wake_up(&hidg->read_queue); 390 391 return count; 392 } 393 394 static ssize_t f_hidg_read(struct file *file, char __user *buffer, 395 size_t count, loff_t *ptr) 396 { 397 struct f_hidg *hidg = file->private_data; 398 399 if (hidg->use_out_ep) 400 return f_hidg_intout_read(file, buffer, count, ptr); 401 else 402 return f_hidg_ssreport_read(file, buffer, count, ptr); 403 } 404 405 static void f_hidg_req_complete(struct usb_ep *ep, struct usb_request *req) 406 { 407 struct f_hidg *hidg = (struct f_hidg *)ep->driver_data; 408 unsigned long flags; 409 410 if (req->status != 0) { 411 ERROR(hidg->func.config->cdev, 412 "End Point Request ERROR: %d\n", req->status); 413 } 414 415 spin_lock_irqsave(&hidg->write_spinlock, flags); 416 hidg->write_pending = 0; 417 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 418 wake_up(&hidg->write_queue); 419 } 420 421 static ssize_t f_hidg_write(struct file *file, const char __user *buffer, 422 size_t count, loff_t *offp) 423 { 424 struct f_hidg *hidg = file->private_data; 425 struct usb_request *req; 426 unsigned long flags; 427 ssize_t status = -ENOMEM; 428 429 spin_lock_irqsave(&hidg->write_spinlock, flags); 430 431 if (!hidg->req) { 432 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 433 return -ESHUTDOWN; 434 } 435 436 #define WRITE_COND (!hidg->write_pending) 437 try_again: 438 /* write queue */ 439 while (!WRITE_COND) { 440 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 441 if (file->f_flags & O_NONBLOCK) 442 return -EAGAIN; 443 444 if (wait_event_interruptible_exclusive( 445 hidg->write_queue, WRITE_COND)) 446 return -ERESTARTSYS; 447 448 spin_lock_irqsave(&hidg->write_spinlock, flags); 449 } 450 451 hidg->write_pending = 1; 452 req = hidg->req; 453 count = min_t(unsigned, count, hidg->report_length); 454 455 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 456 457 if (!req) { 458 ERROR(hidg->func.config->cdev, "hidg->req is NULL\n"); 459 status = -ESHUTDOWN; 460 goto release_write_pending; 461 } 462 463 status = copy_from_user(req->buf, buffer, count); 464 if (status != 0) { 465 ERROR(hidg->func.config->cdev, 466 "copy_from_user error\n"); 467 status = -EINVAL; 468 goto release_write_pending; 469 } 470 471 spin_lock_irqsave(&hidg->write_spinlock, flags); 472 473 /* when our function has been disabled by host */ 474 if (!hidg->req) { 475 free_ep_req(hidg->in_ep, req); 476 /* 477 * TODO 478 * Should we fail with error here? 479 */ 480 goto try_again; 481 } 482 483 req->status = 0; 484 req->zero = 0; 485 req->length = count; 486 req->complete = f_hidg_req_complete; 487 req->context = hidg; 488 489 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 490 491 if (!hidg->in_ep->enabled) { 492 ERROR(hidg->func.config->cdev, "in_ep is disabled\n"); 493 status = -ESHUTDOWN; 494 goto release_write_pending; 495 } 496 497 status = usb_ep_queue(hidg->in_ep, req, GFP_ATOMIC); 498 if (status < 0) 499 goto release_write_pending; 500 else 501 status = count; 502 503 return status; 504 release_write_pending: 505 spin_lock_irqsave(&hidg->write_spinlock, flags); 506 hidg->write_pending = 0; 507 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 508 509 wake_up(&hidg->write_queue); 510 511 return status; 512 } 513 514 static __poll_t f_hidg_poll(struct file *file, poll_table *wait) 515 { 516 struct f_hidg *hidg = file->private_data; 517 __poll_t ret = 0; 518 519 poll_wait(file, &hidg->read_queue, wait); 520 poll_wait(file, &hidg->write_queue, wait); 521 522 if (WRITE_COND) 523 ret |= EPOLLOUT | EPOLLWRNORM; 524 525 if (hidg->use_out_ep) { 526 if (READ_COND_INTOUT) 527 ret |= EPOLLIN | EPOLLRDNORM; 528 } else { 529 if (READ_COND_SSREPORT) 530 ret |= EPOLLIN | EPOLLRDNORM; 531 } 532 533 return ret; 534 } 535 536 #undef WRITE_COND 537 #undef READ_COND_SSREPORT 538 #undef READ_COND_INTOUT 539 540 static int f_hidg_release(struct inode *inode, struct file *fd) 541 { 542 fd->private_data = NULL; 543 return 0; 544 } 545 546 static int f_hidg_open(struct inode *inode, struct file *fd) 547 { 548 struct f_hidg *hidg = 549 container_of(inode->i_cdev, struct f_hidg, cdev); 550 551 fd->private_data = hidg; 552 553 return 0; 554 } 555 556 /*-------------------------------------------------------------------------*/ 557 /* usb_function */ 558 559 static inline struct usb_request *hidg_alloc_ep_req(struct usb_ep *ep, 560 unsigned length) 561 { 562 return alloc_ep_req(ep, length); 563 } 564 565 static void hidg_intout_complete(struct usb_ep *ep, struct usb_request *req) 566 { 567 struct f_hidg *hidg = (struct f_hidg *) req->context; 568 struct usb_composite_dev *cdev = hidg->func.config->cdev; 569 struct f_hidg_req_list *req_list; 570 unsigned long flags; 571 572 switch (req->status) { 573 case 0: 574 req_list = kzalloc(sizeof(*req_list), GFP_ATOMIC); 575 if (!req_list) { 576 ERROR(cdev, "Unable to allocate mem for req_list\n"); 577 goto free_req; 578 } 579 580 req_list->req = req; 581 582 spin_lock_irqsave(&hidg->read_spinlock, flags); 583 list_add_tail(&req_list->list, &hidg->completed_out_req); 584 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 585 586 wake_up(&hidg->read_queue); 587 break; 588 default: 589 ERROR(cdev, "Set report failed %d\n", req->status); 590 fallthrough; 591 case -ECONNABORTED: /* hardware forced ep reset */ 592 case -ECONNRESET: /* request dequeued */ 593 case -ESHUTDOWN: /* disconnect from host */ 594 free_req: 595 free_ep_req(ep, req); 596 return; 597 } 598 } 599 600 static void hidg_ssreport_complete(struct usb_ep *ep, struct usb_request *req) 601 { 602 struct f_hidg *hidg = (struct f_hidg *)req->context; 603 struct usb_composite_dev *cdev = hidg->func.config->cdev; 604 char *new_buf = NULL; 605 unsigned long flags; 606 607 if (req->status != 0 || req->buf == NULL || req->actual == 0) { 608 ERROR(cdev, 609 "%s FAILED: status=%d, buf=%p, actual=%d\n", 610 __func__, req->status, req->buf, req->actual); 611 return; 612 } 613 614 spin_lock_irqsave(&hidg->read_spinlock, flags); 615 616 new_buf = krealloc(hidg->set_report_buf, req->actual, GFP_ATOMIC); 617 if (new_buf == NULL) { 618 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 619 return; 620 } 621 hidg->set_report_buf = new_buf; 622 623 hidg->set_report_length = req->actual; 624 memcpy(hidg->set_report_buf, req->buf, req->actual); 625 626 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 627 628 wake_up(&hidg->read_queue); 629 } 630 631 static int hidg_setup(struct usb_function *f, 632 const struct usb_ctrlrequest *ctrl) 633 { 634 struct f_hidg *hidg = func_to_hidg(f); 635 struct usb_composite_dev *cdev = f->config->cdev; 636 struct usb_request *req = cdev->req; 637 int status = 0; 638 __u16 value, length; 639 640 value = __le16_to_cpu(ctrl->wValue); 641 length = __le16_to_cpu(ctrl->wLength); 642 643 VDBG(cdev, 644 "%s crtl_request : bRequestType:0x%x bRequest:0x%x Value:0x%x\n", 645 __func__, ctrl->bRequestType, ctrl->bRequest, value); 646 647 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) { 648 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 649 | HID_REQ_GET_REPORT): 650 VDBG(cdev, "get_report\n"); 651 652 /* send an empty report */ 653 length = min_t(unsigned, length, hidg->report_length); 654 memset(req->buf, 0x0, length); 655 656 goto respond; 657 break; 658 659 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 660 | HID_REQ_GET_PROTOCOL): 661 VDBG(cdev, "get_protocol\n"); 662 length = min_t(unsigned int, length, 1); 663 ((u8 *) req->buf)[0] = hidg->protocol; 664 goto respond; 665 break; 666 667 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 668 | HID_REQ_GET_IDLE): 669 VDBG(cdev, "get_idle\n"); 670 length = min_t(unsigned int, length, 1); 671 ((u8 *) req->buf)[0] = hidg->idle; 672 goto respond; 673 break; 674 675 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 676 | HID_REQ_SET_REPORT): 677 VDBG(cdev, "set_report | wLength=%d\n", ctrl->wLength); 678 if (hidg->use_out_ep) 679 goto stall; 680 req->complete = hidg_ssreport_complete; 681 req->context = hidg; 682 goto respond; 683 break; 684 685 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 686 | HID_REQ_SET_PROTOCOL): 687 VDBG(cdev, "set_protocol\n"); 688 if (value > HID_REPORT_PROTOCOL) 689 goto stall; 690 length = 0; 691 /* 692 * We assume that programs implementing the Boot protocol 693 * are also compatible with the Report Protocol 694 */ 695 if (hidg->bInterfaceSubClass == USB_INTERFACE_SUBCLASS_BOOT) { 696 hidg->protocol = value; 697 goto respond; 698 } 699 goto stall; 700 break; 701 702 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 703 | HID_REQ_SET_IDLE): 704 VDBG(cdev, "set_idle\n"); 705 length = 0; 706 hidg->idle = value >> 8; 707 goto respond; 708 break; 709 710 case ((USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_INTERFACE) << 8 711 | USB_REQ_GET_DESCRIPTOR): 712 switch (value >> 8) { 713 case HID_DT_HID: 714 { 715 struct hid_descriptor hidg_desc_copy = hidg_desc; 716 717 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n"); 718 hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT; 719 hidg_desc_copy.desc[0].wDescriptorLength = 720 cpu_to_le16(hidg->report_desc_length); 721 722 length = min_t(unsigned short, length, 723 hidg_desc_copy.bLength); 724 memcpy(req->buf, &hidg_desc_copy, length); 725 goto respond; 726 break; 727 } 728 case HID_DT_REPORT: 729 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: REPORT\n"); 730 length = min_t(unsigned short, length, 731 hidg->report_desc_length); 732 memcpy(req->buf, hidg->report_desc, length); 733 goto respond; 734 break; 735 736 default: 737 VDBG(cdev, "Unknown descriptor request 0x%x\n", 738 value >> 8); 739 goto stall; 740 break; 741 } 742 break; 743 744 default: 745 VDBG(cdev, "Unknown request 0x%x\n", 746 ctrl->bRequest); 747 goto stall; 748 break; 749 } 750 751 stall: 752 return -EOPNOTSUPP; 753 754 respond: 755 req->zero = 0; 756 req->length = length; 757 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); 758 if (status < 0) 759 ERROR(cdev, "usb_ep_queue error on ep0 %d\n", value); 760 return status; 761 } 762 763 static void hidg_disable(struct usb_function *f) 764 { 765 struct f_hidg *hidg = func_to_hidg(f); 766 struct f_hidg_req_list *list, *next; 767 unsigned long flags; 768 769 usb_ep_disable(hidg->in_ep); 770 771 if (hidg->out_ep) { 772 usb_ep_disable(hidg->out_ep); 773 774 spin_lock_irqsave(&hidg->read_spinlock, flags); 775 list_for_each_entry_safe(list, next, &hidg->completed_out_req, list) { 776 free_ep_req(hidg->out_ep, list->req); 777 list_del(&list->list); 778 kfree(list); 779 } 780 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 781 } 782 783 spin_lock_irqsave(&hidg->write_spinlock, flags); 784 if (!hidg->write_pending) { 785 free_ep_req(hidg->in_ep, hidg->req); 786 hidg->write_pending = 1; 787 } 788 789 hidg->req = NULL; 790 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 791 } 792 793 static int hidg_set_alt(struct usb_function *f, unsigned intf, unsigned alt) 794 { 795 struct usb_composite_dev *cdev = f->config->cdev; 796 struct f_hidg *hidg = func_to_hidg(f); 797 struct usb_request *req_in = NULL; 798 unsigned long flags; 799 int i, status = 0; 800 801 VDBG(cdev, "hidg_set_alt intf:%d alt:%d\n", intf, alt); 802 803 if (hidg->in_ep != NULL) { 804 /* restart endpoint */ 805 usb_ep_disable(hidg->in_ep); 806 807 status = config_ep_by_speed(f->config->cdev->gadget, f, 808 hidg->in_ep); 809 if (status) { 810 ERROR(cdev, "config_ep_by_speed FAILED!\n"); 811 goto fail; 812 } 813 status = usb_ep_enable(hidg->in_ep); 814 if (status < 0) { 815 ERROR(cdev, "Enable IN endpoint FAILED!\n"); 816 goto fail; 817 } 818 hidg->in_ep->driver_data = hidg; 819 820 req_in = hidg_alloc_ep_req(hidg->in_ep, hidg->report_length); 821 if (!req_in) { 822 status = -ENOMEM; 823 goto disable_ep_in; 824 } 825 } 826 827 if (hidg->use_out_ep && hidg->out_ep != NULL) { 828 /* restart endpoint */ 829 usb_ep_disable(hidg->out_ep); 830 831 status = config_ep_by_speed(f->config->cdev->gadget, f, 832 hidg->out_ep); 833 if (status) { 834 ERROR(cdev, "config_ep_by_speed FAILED!\n"); 835 goto free_req_in; 836 } 837 status = usb_ep_enable(hidg->out_ep); 838 if (status < 0) { 839 ERROR(cdev, "Enable OUT endpoint FAILED!\n"); 840 goto free_req_in; 841 } 842 hidg->out_ep->driver_data = hidg; 843 844 /* 845 * allocate a bunch of read buffers and queue them all at once. 846 */ 847 for (i = 0; i < hidg->qlen && status == 0; i++) { 848 struct usb_request *req = 849 hidg_alloc_ep_req(hidg->out_ep, 850 hidg->report_length); 851 if (req) { 852 req->complete = hidg_intout_complete; 853 req->context = hidg; 854 status = usb_ep_queue(hidg->out_ep, req, 855 GFP_ATOMIC); 856 if (status) { 857 ERROR(cdev, "%s queue req --> %d\n", 858 hidg->out_ep->name, status); 859 free_ep_req(hidg->out_ep, req); 860 } 861 } else { 862 status = -ENOMEM; 863 goto disable_out_ep; 864 } 865 } 866 } 867 868 if (hidg->in_ep != NULL) { 869 spin_lock_irqsave(&hidg->write_spinlock, flags); 870 hidg->req = req_in; 871 hidg->write_pending = 0; 872 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 873 874 wake_up(&hidg->write_queue); 875 } 876 return 0; 877 disable_out_ep: 878 if (hidg->out_ep) 879 usb_ep_disable(hidg->out_ep); 880 free_req_in: 881 if (req_in) 882 free_ep_req(hidg->in_ep, req_in); 883 884 disable_ep_in: 885 if (hidg->in_ep) 886 usb_ep_disable(hidg->in_ep); 887 888 fail: 889 return status; 890 } 891 892 static const struct file_operations f_hidg_fops = { 893 .owner = THIS_MODULE, 894 .open = f_hidg_open, 895 .release = f_hidg_release, 896 .write = f_hidg_write, 897 .read = f_hidg_read, 898 .poll = f_hidg_poll, 899 .llseek = noop_llseek, 900 }; 901 902 static int hidg_bind(struct usb_configuration *c, struct usb_function *f) 903 { 904 struct usb_ep *ep; 905 struct f_hidg *hidg = func_to_hidg(f); 906 struct usb_string *us; 907 struct device *device; 908 int status; 909 dev_t dev; 910 911 /* maybe allocate device-global string IDs, and patch descriptors */ 912 us = usb_gstrings_attach(c->cdev, ct_func_strings, 913 ARRAY_SIZE(ct_func_string_defs)); 914 if (IS_ERR(us)) 915 return PTR_ERR(us); 916 hidg_interface_desc.iInterface = us[CT_FUNC_HID_IDX].id; 917 918 /* allocate instance-specific interface IDs, and patch descriptors */ 919 status = usb_interface_id(c, f); 920 if (status < 0) 921 goto fail; 922 hidg_interface_desc.bInterfaceNumber = status; 923 924 /* allocate instance-specific endpoints */ 925 status = -ENODEV; 926 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_in_ep_desc); 927 if (!ep) 928 goto fail; 929 hidg->in_ep = ep; 930 931 hidg->out_ep = NULL; 932 if (hidg->use_out_ep) { 933 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_out_ep_desc); 934 if (!ep) 935 goto fail; 936 hidg->out_ep = ep; 937 } 938 939 /* used only if use_out_ep == 1 */ 940 hidg->set_report_buf = NULL; 941 942 /* set descriptor dynamic values */ 943 hidg_interface_desc.bInterfaceSubClass = hidg->bInterfaceSubClass; 944 hidg_interface_desc.bInterfaceProtocol = hidg->bInterfaceProtocol; 945 hidg_interface_desc.bNumEndpoints = hidg->use_out_ep ? 2 : 1; 946 hidg->protocol = HID_REPORT_PROTOCOL; 947 hidg->idle = 1; 948 hidg_ss_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 949 hidg_ss_in_comp_desc.wBytesPerInterval = 950 cpu_to_le16(hidg->report_length); 951 hidg_hs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 952 hidg_fs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 953 hidg_ss_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 954 hidg_ss_out_comp_desc.wBytesPerInterval = 955 cpu_to_le16(hidg->report_length); 956 hidg_hs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 957 hidg_fs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 958 /* 959 * We can use hidg_desc struct here but we should not relay 960 * that its content won't change after returning from this function. 961 */ 962 hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT; 963 hidg_desc.desc[0].wDescriptorLength = 964 cpu_to_le16(hidg->report_desc_length); 965 966 hidg_hs_in_ep_desc.bEndpointAddress = 967 hidg_fs_in_ep_desc.bEndpointAddress; 968 hidg_hs_out_ep_desc.bEndpointAddress = 969 hidg_fs_out_ep_desc.bEndpointAddress; 970 971 hidg_ss_in_ep_desc.bEndpointAddress = 972 hidg_fs_in_ep_desc.bEndpointAddress; 973 hidg_ss_out_ep_desc.bEndpointAddress = 974 hidg_fs_out_ep_desc.bEndpointAddress; 975 976 if (hidg->use_out_ep) 977 status = usb_assign_descriptors(f, 978 hidg_fs_descriptors_intout, 979 hidg_hs_descriptors_intout, 980 hidg_ss_descriptors_intout, 981 hidg_ss_descriptors_intout); 982 else 983 status = usb_assign_descriptors(f, 984 hidg_fs_descriptors_ssreport, 985 hidg_hs_descriptors_ssreport, 986 hidg_ss_descriptors_ssreport, 987 hidg_ss_descriptors_ssreport); 988 989 if (status) 990 goto fail; 991 992 spin_lock_init(&hidg->write_spinlock); 993 hidg->write_pending = 1; 994 hidg->req = NULL; 995 spin_lock_init(&hidg->read_spinlock); 996 init_waitqueue_head(&hidg->write_queue); 997 init_waitqueue_head(&hidg->read_queue); 998 INIT_LIST_HEAD(&hidg->completed_out_req); 999 1000 /* create char device */ 1001 cdev_init(&hidg->cdev, &f_hidg_fops); 1002 dev = MKDEV(major, hidg->minor); 1003 status = cdev_add(&hidg->cdev, dev, 1); 1004 if (status) 1005 goto fail_free_descs; 1006 1007 device = device_create(hidg_class, NULL, dev, NULL, 1008 "%s%d", "hidg", hidg->minor); 1009 if (IS_ERR(device)) { 1010 status = PTR_ERR(device); 1011 goto del; 1012 } 1013 1014 return 0; 1015 del: 1016 cdev_del(&hidg->cdev); 1017 fail_free_descs: 1018 usb_free_all_descriptors(f); 1019 fail: 1020 ERROR(f->config->cdev, "hidg_bind FAILED\n"); 1021 if (hidg->req != NULL) 1022 free_ep_req(hidg->in_ep, hidg->req); 1023 1024 return status; 1025 } 1026 1027 static inline int hidg_get_minor(void) 1028 { 1029 int ret; 1030 1031 ret = ida_simple_get(&hidg_ida, 0, 0, GFP_KERNEL); 1032 if (ret >= HIDG_MINORS) { 1033 ida_simple_remove(&hidg_ida, ret); 1034 ret = -ENODEV; 1035 } 1036 1037 return ret; 1038 } 1039 1040 static inline struct f_hid_opts *to_f_hid_opts(struct config_item *item) 1041 { 1042 return container_of(to_config_group(item), struct f_hid_opts, 1043 func_inst.group); 1044 } 1045 1046 static void hid_attr_release(struct config_item *item) 1047 { 1048 struct f_hid_opts *opts = to_f_hid_opts(item); 1049 1050 usb_put_function_instance(&opts->func_inst); 1051 } 1052 1053 static struct configfs_item_operations hidg_item_ops = { 1054 .release = hid_attr_release, 1055 }; 1056 1057 #define F_HID_OPT(name, prec, limit) \ 1058 static ssize_t f_hid_opts_##name##_show(struct config_item *item, char *page)\ 1059 { \ 1060 struct f_hid_opts *opts = to_f_hid_opts(item); \ 1061 int result; \ 1062 \ 1063 mutex_lock(&opts->lock); \ 1064 result = sprintf(page, "%d\n", opts->name); \ 1065 mutex_unlock(&opts->lock); \ 1066 \ 1067 return result; \ 1068 } \ 1069 \ 1070 static ssize_t f_hid_opts_##name##_store(struct config_item *item, \ 1071 const char *page, size_t len) \ 1072 { \ 1073 struct f_hid_opts *opts = to_f_hid_opts(item); \ 1074 int ret; \ 1075 u##prec num; \ 1076 \ 1077 mutex_lock(&opts->lock); \ 1078 if (opts->refcnt) { \ 1079 ret = -EBUSY; \ 1080 goto end; \ 1081 } \ 1082 \ 1083 ret = kstrtou##prec(page, 0, &num); \ 1084 if (ret) \ 1085 goto end; \ 1086 \ 1087 if (num > limit) { \ 1088 ret = -EINVAL; \ 1089 goto end; \ 1090 } \ 1091 opts->name = num; \ 1092 ret = len; \ 1093 \ 1094 end: \ 1095 mutex_unlock(&opts->lock); \ 1096 return ret; \ 1097 } \ 1098 \ 1099 CONFIGFS_ATTR(f_hid_opts_, name) 1100 1101 F_HID_OPT(subclass, 8, 255); 1102 F_HID_OPT(protocol, 8, 255); 1103 F_HID_OPT(no_out_endpoint, 8, 1); 1104 F_HID_OPT(report_length, 16, 65535); 1105 1106 static ssize_t f_hid_opts_report_desc_show(struct config_item *item, char *page) 1107 { 1108 struct f_hid_opts *opts = to_f_hid_opts(item); 1109 int result; 1110 1111 mutex_lock(&opts->lock); 1112 result = opts->report_desc_length; 1113 memcpy(page, opts->report_desc, opts->report_desc_length); 1114 mutex_unlock(&opts->lock); 1115 1116 return result; 1117 } 1118 1119 static ssize_t f_hid_opts_report_desc_store(struct config_item *item, 1120 const char *page, size_t len) 1121 { 1122 struct f_hid_opts *opts = to_f_hid_opts(item); 1123 int ret = -EBUSY; 1124 char *d; 1125 1126 mutex_lock(&opts->lock); 1127 1128 if (opts->refcnt) 1129 goto end; 1130 if (len > PAGE_SIZE) { 1131 ret = -ENOSPC; 1132 goto end; 1133 } 1134 d = kmemdup(page, len, GFP_KERNEL); 1135 if (!d) { 1136 ret = -ENOMEM; 1137 goto end; 1138 } 1139 kfree(opts->report_desc); 1140 opts->report_desc = d; 1141 opts->report_desc_length = len; 1142 opts->report_desc_alloc = true; 1143 ret = len; 1144 end: 1145 mutex_unlock(&opts->lock); 1146 return ret; 1147 } 1148 1149 CONFIGFS_ATTR(f_hid_opts_, report_desc); 1150 1151 static ssize_t f_hid_opts_dev_show(struct config_item *item, char *page) 1152 { 1153 struct f_hid_opts *opts = to_f_hid_opts(item); 1154 1155 return sprintf(page, "%d:%d\n", major, opts->minor); 1156 } 1157 1158 CONFIGFS_ATTR_RO(f_hid_opts_, dev); 1159 1160 static struct configfs_attribute *hid_attrs[] = { 1161 &f_hid_opts_attr_subclass, 1162 &f_hid_opts_attr_protocol, 1163 &f_hid_opts_attr_no_out_endpoint, 1164 &f_hid_opts_attr_report_length, 1165 &f_hid_opts_attr_report_desc, 1166 &f_hid_opts_attr_dev, 1167 NULL, 1168 }; 1169 1170 static const struct config_item_type hid_func_type = { 1171 .ct_item_ops = &hidg_item_ops, 1172 .ct_attrs = hid_attrs, 1173 .ct_owner = THIS_MODULE, 1174 }; 1175 1176 static inline void hidg_put_minor(int minor) 1177 { 1178 ida_simple_remove(&hidg_ida, minor); 1179 } 1180 1181 static void hidg_free_inst(struct usb_function_instance *f) 1182 { 1183 struct f_hid_opts *opts; 1184 1185 opts = container_of(f, struct f_hid_opts, func_inst); 1186 1187 mutex_lock(&hidg_ida_lock); 1188 1189 hidg_put_minor(opts->minor); 1190 if (ida_is_empty(&hidg_ida)) 1191 ghid_cleanup(); 1192 1193 mutex_unlock(&hidg_ida_lock); 1194 1195 if (opts->report_desc_alloc) 1196 kfree(opts->report_desc); 1197 1198 kfree(opts); 1199 } 1200 1201 static struct usb_function_instance *hidg_alloc_inst(void) 1202 { 1203 struct f_hid_opts *opts; 1204 struct usb_function_instance *ret; 1205 int status = 0; 1206 1207 opts = kzalloc(sizeof(*opts), GFP_KERNEL); 1208 if (!opts) 1209 return ERR_PTR(-ENOMEM); 1210 mutex_init(&opts->lock); 1211 opts->func_inst.free_func_inst = hidg_free_inst; 1212 ret = &opts->func_inst; 1213 1214 mutex_lock(&hidg_ida_lock); 1215 1216 if (ida_is_empty(&hidg_ida)) { 1217 status = ghid_setup(NULL, HIDG_MINORS); 1218 if (status) { 1219 ret = ERR_PTR(status); 1220 kfree(opts); 1221 goto unlock; 1222 } 1223 } 1224 1225 opts->minor = hidg_get_minor(); 1226 if (opts->minor < 0) { 1227 ret = ERR_PTR(opts->minor); 1228 kfree(opts); 1229 if (ida_is_empty(&hidg_ida)) 1230 ghid_cleanup(); 1231 goto unlock; 1232 } 1233 config_group_init_type_name(&opts->func_inst.group, "", &hid_func_type); 1234 1235 unlock: 1236 mutex_unlock(&hidg_ida_lock); 1237 return ret; 1238 } 1239 1240 static void hidg_free(struct usb_function *f) 1241 { 1242 struct f_hidg *hidg; 1243 struct f_hid_opts *opts; 1244 1245 hidg = func_to_hidg(f); 1246 opts = container_of(f->fi, struct f_hid_opts, func_inst); 1247 kfree(hidg->report_desc); 1248 kfree(hidg->set_report_buf); 1249 kfree(hidg); 1250 mutex_lock(&opts->lock); 1251 --opts->refcnt; 1252 mutex_unlock(&opts->lock); 1253 } 1254 1255 static void hidg_unbind(struct usb_configuration *c, struct usb_function *f) 1256 { 1257 struct f_hidg *hidg = func_to_hidg(f); 1258 1259 device_destroy(hidg_class, MKDEV(major, hidg->minor)); 1260 cdev_del(&hidg->cdev); 1261 1262 usb_free_all_descriptors(f); 1263 } 1264 1265 static struct usb_function *hidg_alloc(struct usb_function_instance *fi) 1266 { 1267 struct f_hidg *hidg; 1268 struct f_hid_opts *opts; 1269 1270 /* allocate and initialize one new instance */ 1271 hidg = kzalloc(sizeof(*hidg), GFP_KERNEL); 1272 if (!hidg) 1273 return ERR_PTR(-ENOMEM); 1274 1275 opts = container_of(fi, struct f_hid_opts, func_inst); 1276 1277 mutex_lock(&opts->lock); 1278 ++opts->refcnt; 1279 1280 hidg->minor = opts->minor; 1281 hidg->bInterfaceSubClass = opts->subclass; 1282 hidg->bInterfaceProtocol = opts->protocol; 1283 hidg->report_length = opts->report_length; 1284 hidg->report_desc_length = opts->report_desc_length; 1285 if (opts->report_desc) { 1286 hidg->report_desc = kmemdup(opts->report_desc, 1287 opts->report_desc_length, 1288 GFP_KERNEL); 1289 if (!hidg->report_desc) { 1290 kfree(hidg); 1291 mutex_unlock(&opts->lock); 1292 return ERR_PTR(-ENOMEM); 1293 } 1294 } 1295 hidg->use_out_ep = !opts->no_out_endpoint; 1296 1297 mutex_unlock(&opts->lock); 1298 1299 hidg->func.name = "hid"; 1300 hidg->func.bind = hidg_bind; 1301 hidg->func.unbind = hidg_unbind; 1302 hidg->func.set_alt = hidg_set_alt; 1303 hidg->func.disable = hidg_disable; 1304 hidg->func.setup = hidg_setup; 1305 hidg->func.free_func = hidg_free; 1306 1307 /* this could be made configurable at some point */ 1308 hidg->qlen = 4; 1309 1310 return &hidg->func; 1311 } 1312 1313 DECLARE_USB_FUNCTION_INIT(hid, hidg_alloc_inst, hidg_alloc); 1314 MODULE_LICENSE("GPL"); 1315 MODULE_AUTHOR("Fabien Chouteau"); 1316 1317 int ghid_setup(struct usb_gadget *g, int count) 1318 { 1319 int status; 1320 dev_t dev; 1321 1322 hidg_class = class_create(THIS_MODULE, "hidg"); 1323 if (IS_ERR(hidg_class)) { 1324 status = PTR_ERR(hidg_class); 1325 hidg_class = NULL; 1326 return status; 1327 } 1328 1329 status = alloc_chrdev_region(&dev, 0, count, "hidg"); 1330 if (status) { 1331 class_destroy(hidg_class); 1332 hidg_class = NULL; 1333 return status; 1334 } 1335 1336 major = MAJOR(dev); 1337 minors = count; 1338 1339 return 0; 1340 } 1341 1342 void ghid_cleanup(void) 1343 { 1344 if (major) { 1345 unregister_chrdev_region(MKDEV(major, 0), minors); 1346 major = minors = 0; 1347 } 1348 1349 class_destroy(hidg_class); 1350 hidg_class = NULL; 1351 } 1352