1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * f_hid.c -- USB HID function driver 4 * 5 * Copyright (C) 2010 Fabien Chouteau <fabien.chouteau@barco.com> 6 */ 7 8 #include <linux/kernel.h> 9 #include <linux/module.h> 10 #include <linux/hid.h> 11 #include <linux/idr.h> 12 #include <linux/cdev.h> 13 #include <linux/mutex.h> 14 #include <linux/poll.h> 15 #include <linux/uaccess.h> 16 #include <linux/wait.h> 17 #include <linux/sched.h> 18 #include <linux/usb/g_hid.h> 19 20 #include "u_f.h" 21 #include "u_hid.h" 22 23 #define HIDG_MINORS 4 24 25 static int major, minors; 26 static struct class *hidg_class; 27 static DEFINE_IDA(hidg_ida); 28 static DEFINE_MUTEX(hidg_ida_lock); /* protects access to hidg_ida */ 29 30 /*-------------------------------------------------------------------------*/ 31 /* HID gadget struct */ 32 33 struct f_hidg_req_list { 34 struct usb_request *req; 35 unsigned int pos; 36 struct list_head list; 37 }; 38 39 struct f_hidg { 40 /* configuration */ 41 unsigned char bInterfaceSubClass; 42 unsigned char bInterfaceProtocol; 43 unsigned char protocol; 44 unsigned char idle; 45 unsigned short report_desc_length; 46 char *report_desc; 47 unsigned short report_length; 48 /* 49 * use_out_ep - if true, the OUT Endpoint (interrupt out method) 50 * will be used to receive reports from the host 51 * using functions with the "intout" suffix. 52 * Otherwise, the OUT Endpoint will not be configured 53 * and the SETUP/SET_REPORT method ("ssreport" suffix) 54 * will be used to receive reports. 55 */ 56 bool use_out_ep; 57 58 /* recv report */ 59 spinlock_t read_spinlock; 60 wait_queue_head_t read_queue; 61 /* recv report - interrupt out only (use_out_ep == 1) */ 62 struct list_head completed_out_req; 63 unsigned int qlen; 64 /* recv report - setup set_report only (use_out_ep == 0) */ 65 char *set_report_buf; 66 unsigned int set_report_length; 67 68 /* send report */ 69 spinlock_t write_spinlock; 70 bool write_pending; 71 wait_queue_head_t write_queue; 72 struct usb_request *req; 73 74 struct device dev; 75 struct cdev cdev; 76 struct usb_function func; 77 78 struct usb_ep *in_ep; 79 struct usb_ep *out_ep; 80 }; 81 82 static inline struct f_hidg *func_to_hidg(struct usb_function *f) 83 { 84 return container_of(f, struct f_hidg, func); 85 } 86 87 static void hidg_release(struct device *dev) 88 { 89 struct f_hidg *hidg = container_of(dev, struct f_hidg, dev); 90 91 kfree(hidg->set_report_buf); 92 kfree(hidg); 93 } 94 95 /*-------------------------------------------------------------------------*/ 96 /* Static descriptors */ 97 98 static struct usb_interface_descriptor hidg_interface_desc = { 99 .bLength = sizeof hidg_interface_desc, 100 .bDescriptorType = USB_DT_INTERFACE, 101 /* .bInterfaceNumber = DYNAMIC */ 102 .bAlternateSetting = 0, 103 /* .bNumEndpoints = DYNAMIC (depends on use_out_ep) */ 104 .bInterfaceClass = USB_CLASS_HID, 105 /* .bInterfaceSubClass = DYNAMIC */ 106 /* .bInterfaceProtocol = DYNAMIC */ 107 /* .iInterface = DYNAMIC */ 108 }; 109 110 static struct hid_descriptor hidg_desc = { 111 .bLength = sizeof hidg_desc, 112 .bDescriptorType = HID_DT_HID, 113 .bcdHID = cpu_to_le16(0x0101), 114 .bCountryCode = 0x00, 115 .bNumDescriptors = 0x1, 116 /*.desc[0].bDescriptorType = DYNAMIC */ 117 /*.desc[0].wDescriptorLenght = DYNAMIC */ 118 }; 119 120 /* Super-Speed Support */ 121 122 static struct usb_endpoint_descriptor hidg_ss_in_ep_desc = { 123 .bLength = USB_DT_ENDPOINT_SIZE, 124 .bDescriptorType = USB_DT_ENDPOINT, 125 .bEndpointAddress = USB_DIR_IN, 126 .bmAttributes = USB_ENDPOINT_XFER_INT, 127 /*.wMaxPacketSize = DYNAMIC */ 128 .bInterval = 4, /* FIXME: Add this field in the 129 * HID gadget configuration? 130 * (struct hidg_func_descriptor) 131 */ 132 }; 133 134 static struct usb_ss_ep_comp_descriptor hidg_ss_in_comp_desc = { 135 .bLength = sizeof(hidg_ss_in_comp_desc), 136 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 137 138 /* .bMaxBurst = 0, */ 139 /* .bmAttributes = 0, */ 140 /* .wBytesPerInterval = DYNAMIC */ 141 }; 142 143 static struct usb_endpoint_descriptor hidg_ss_out_ep_desc = { 144 .bLength = USB_DT_ENDPOINT_SIZE, 145 .bDescriptorType = USB_DT_ENDPOINT, 146 .bEndpointAddress = USB_DIR_OUT, 147 .bmAttributes = USB_ENDPOINT_XFER_INT, 148 /*.wMaxPacketSize = DYNAMIC */ 149 .bInterval = 4, /* FIXME: Add this field in the 150 * HID gadget configuration? 151 * (struct hidg_func_descriptor) 152 */ 153 }; 154 155 static struct usb_ss_ep_comp_descriptor hidg_ss_out_comp_desc = { 156 .bLength = sizeof(hidg_ss_out_comp_desc), 157 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 158 159 /* .bMaxBurst = 0, */ 160 /* .bmAttributes = 0, */ 161 /* .wBytesPerInterval = DYNAMIC */ 162 }; 163 164 static struct usb_descriptor_header *hidg_ss_descriptors_intout[] = { 165 (struct usb_descriptor_header *)&hidg_interface_desc, 166 (struct usb_descriptor_header *)&hidg_desc, 167 (struct usb_descriptor_header *)&hidg_ss_in_ep_desc, 168 (struct usb_descriptor_header *)&hidg_ss_in_comp_desc, 169 (struct usb_descriptor_header *)&hidg_ss_out_ep_desc, 170 (struct usb_descriptor_header *)&hidg_ss_out_comp_desc, 171 NULL, 172 }; 173 174 static struct usb_descriptor_header *hidg_ss_descriptors_ssreport[] = { 175 (struct usb_descriptor_header *)&hidg_interface_desc, 176 (struct usb_descriptor_header *)&hidg_desc, 177 (struct usb_descriptor_header *)&hidg_ss_in_ep_desc, 178 (struct usb_descriptor_header *)&hidg_ss_in_comp_desc, 179 NULL, 180 }; 181 182 /* High-Speed Support */ 183 184 static struct usb_endpoint_descriptor hidg_hs_in_ep_desc = { 185 .bLength = USB_DT_ENDPOINT_SIZE, 186 .bDescriptorType = USB_DT_ENDPOINT, 187 .bEndpointAddress = USB_DIR_IN, 188 .bmAttributes = USB_ENDPOINT_XFER_INT, 189 /*.wMaxPacketSize = DYNAMIC */ 190 .bInterval = 4, /* FIXME: Add this field in the 191 * HID gadget configuration? 192 * (struct hidg_func_descriptor) 193 */ 194 }; 195 196 static struct usb_endpoint_descriptor hidg_hs_out_ep_desc = { 197 .bLength = USB_DT_ENDPOINT_SIZE, 198 .bDescriptorType = USB_DT_ENDPOINT, 199 .bEndpointAddress = USB_DIR_OUT, 200 .bmAttributes = USB_ENDPOINT_XFER_INT, 201 /*.wMaxPacketSize = DYNAMIC */ 202 .bInterval = 4, /* FIXME: Add this field in the 203 * HID gadget configuration? 204 * (struct hidg_func_descriptor) 205 */ 206 }; 207 208 static struct usb_descriptor_header *hidg_hs_descriptors_intout[] = { 209 (struct usb_descriptor_header *)&hidg_interface_desc, 210 (struct usb_descriptor_header *)&hidg_desc, 211 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc, 212 (struct usb_descriptor_header *)&hidg_hs_out_ep_desc, 213 NULL, 214 }; 215 216 static struct usb_descriptor_header *hidg_hs_descriptors_ssreport[] = { 217 (struct usb_descriptor_header *)&hidg_interface_desc, 218 (struct usb_descriptor_header *)&hidg_desc, 219 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc, 220 NULL, 221 }; 222 223 /* Full-Speed Support */ 224 225 static struct usb_endpoint_descriptor hidg_fs_in_ep_desc = { 226 .bLength = USB_DT_ENDPOINT_SIZE, 227 .bDescriptorType = USB_DT_ENDPOINT, 228 .bEndpointAddress = USB_DIR_IN, 229 .bmAttributes = USB_ENDPOINT_XFER_INT, 230 /*.wMaxPacketSize = DYNAMIC */ 231 .bInterval = 10, /* FIXME: Add this field in the 232 * HID gadget configuration? 233 * (struct hidg_func_descriptor) 234 */ 235 }; 236 237 static struct usb_endpoint_descriptor hidg_fs_out_ep_desc = { 238 .bLength = USB_DT_ENDPOINT_SIZE, 239 .bDescriptorType = USB_DT_ENDPOINT, 240 .bEndpointAddress = USB_DIR_OUT, 241 .bmAttributes = USB_ENDPOINT_XFER_INT, 242 /*.wMaxPacketSize = DYNAMIC */ 243 .bInterval = 10, /* FIXME: Add this field in the 244 * HID gadget configuration? 245 * (struct hidg_func_descriptor) 246 */ 247 }; 248 249 static struct usb_descriptor_header *hidg_fs_descriptors_intout[] = { 250 (struct usb_descriptor_header *)&hidg_interface_desc, 251 (struct usb_descriptor_header *)&hidg_desc, 252 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc, 253 (struct usb_descriptor_header *)&hidg_fs_out_ep_desc, 254 NULL, 255 }; 256 257 static struct usb_descriptor_header *hidg_fs_descriptors_ssreport[] = { 258 (struct usb_descriptor_header *)&hidg_interface_desc, 259 (struct usb_descriptor_header *)&hidg_desc, 260 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc, 261 NULL, 262 }; 263 264 /*-------------------------------------------------------------------------*/ 265 /* Strings */ 266 267 #define CT_FUNC_HID_IDX 0 268 269 static struct usb_string ct_func_string_defs[] = { 270 [CT_FUNC_HID_IDX].s = "HID Interface", 271 {}, /* end of list */ 272 }; 273 274 static struct usb_gadget_strings ct_func_string_table = { 275 .language = 0x0409, /* en-US */ 276 .strings = ct_func_string_defs, 277 }; 278 279 static struct usb_gadget_strings *ct_func_strings[] = { 280 &ct_func_string_table, 281 NULL, 282 }; 283 284 /*-------------------------------------------------------------------------*/ 285 /* Char Device */ 286 287 static ssize_t f_hidg_intout_read(struct file *file, char __user *buffer, 288 size_t count, loff_t *ptr) 289 { 290 struct f_hidg *hidg = file->private_data; 291 struct f_hidg_req_list *list; 292 struct usb_request *req; 293 unsigned long flags; 294 int ret; 295 296 if (!count) 297 return 0; 298 299 spin_lock_irqsave(&hidg->read_spinlock, flags); 300 301 #define READ_COND_INTOUT (!list_empty(&hidg->completed_out_req)) 302 303 /* wait for at least one buffer to complete */ 304 while (!READ_COND_INTOUT) { 305 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 306 if (file->f_flags & O_NONBLOCK) 307 return -EAGAIN; 308 309 if (wait_event_interruptible(hidg->read_queue, READ_COND_INTOUT)) 310 return -ERESTARTSYS; 311 312 spin_lock_irqsave(&hidg->read_spinlock, flags); 313 } 314 315 /* pick the first one */ 316 list = list_first_entry(&hidg->completed_out_req, 317 struct f_hidg_req_list, list); 318 319 /* 320 * Remove this from list to protect it from beign free() 321 * while host disables our function 322 */ 323 list_del(&list->list); 324 325 req = list->req; 326 count = min_t(unsigned int, count, req->actual - list->pos); 327 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 328 329 /* copy to user outside spinlock */ 330 count -= copy_to_user(buffer, req->buf + list->pos, count); 331 list->pos += count; 332 333 /* 334 * if this request is completely handled and transfered to 335 * userspace, remove its entry from the list and requeue it 336 * again. Otherwise, we will revisit it again upon the next 337 * call, taking into account its current read position. 338 */ 339 if (list->pos == req->actual) { 340 kfree(list); 341 342 req->length = hidg->report_length; 343 ret = usb_ep_queue(hidg->out_ep, req, GFP_KERNEL); 344 if (ret < 0) { 345 free_ep_req(hidg->out_ep, req); 346 return ret; 347 } 348 } else { 349 spin_lock_irqsave(&hidg->read_spinlock, flags); 350 list_add(&list->list, &hidg->completed_out_req); 351 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 352 353 wake_up(&hidg->read_queue); 354 } 355 356 return count; 357 } 358 359 #define READ_COND_SSREPORT (hidg->set_report_buf != NULL) 360 361 static ssize_t f_hidg_ssreport_read(struct file *file, char __user *buffer, 362 size_t count, loff_t *ptr) 363 { 364 struct f_hidg *hidg = file->private_data; 365 char *tmp_buf = NULL; 366 unsigned long flags; 367 368 if (!count) 369 return 0; 370 371 spin_lock_irqsave(&hidg->read_spinlock, flags); 372 373 while (!READ_COND_SSREPORT) { 374 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 375 if (file->f_flags & O_NONBLOCK) 376 return -EAGAIN; 377 378 if (wait_event_interruptible(hidg->read_queue, READ_COND_SSREPORT)) 379 return -ERESTARTSYS; 380 381 spin_lock_irqsave(&hidg->read_spinlock, flags); 382 } 383 384 count = min_t(unsigned int, count, hidg->set_report_length); 385 tmp_buf = hidg->set_report_buf; 386 hidg->set_report_buf = NULL; 387 388 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 389 390 if (tmp_buf != NULL) { 391 count -= copy_to_user(buffer, tmp_buf, count); 392 kfree(tmp_buf); 393 } else { 394 count = -ENOMEM; 395 } 396 397 wake_up(&hidg->read_queue); 398 399 return count; 400 } 401 402 static ssize_t f_hidg_read(struct file *file, char __user *buffer, 403 size_t count, loff_t *ptr) 404 { 405 struct f_hidg *hidg = file->private_data; 406 407 if (hidg->use_out_ep) 408 return f_hidg_intout_read(file, buffer, count, ptr); 409 else 410 return f_hidg_ssreport_read(file, buffer, count, ptr); 411 } 412 413 static void f_hidg_req_complete(struct usb_ep *ep, struct usb_request *req) 414 { 415 struct f_hidg *hidg = (struct f_hidg *)ep->driver_data; 416 unsigned long flags; 417 418 if (req->status != 0) { 419 ERROR(hidg->func.config->cdev, 420 "End Point Request ERROR: %d\n", req->status); 421 } 422 423 spin_lock_irqsave(&hidg->write_spinlock, flags); 424 hidg->write_pending = 0; 425 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 426 wake_up(&hidg->write_queue); 427 } 428 429 static ssize_t f_hidg_write(struct file *file, const char __user *buffer, 430 size_t count, loff_t *offp) 431 { 432 struct f_hidg *hidg = file->private_data; 433 struct usb_request *req; 434 unsigned long flags; 435 ssize_t status = -ENOMEM; 436 437 spin_lock_irqsave(&hidg->write_spinlock, flags); 438 439 if (!hidg->req) { 440 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 441 return -ESHUTDOWN; 442 } 443 444 #define WRITE_COND (!hidg->write_pending) 445 try_again: 446 /* write queue */ 447 while (!WRITE_COND) { 448 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 449 if (file->f_flags & O_NONBLOCK) 450 return -EAGAIN; 451 452 if (wait_event_interruptible_exclusive( 453 hidg->write_queue, WRITE_COND)) 454 return -ERESTARTSYS; 455 456 spin_lock_irqsave(&hidg->write_spinlock, flags); 457 } 458 459 hidg->write_pending = 1; 460 req = hidg->req; 461 count = min_t(unsigned, count, hidg->report_length); 462 463 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 464 465 if (!req) { 466 ERROR(hidg->func.config->cdev, "hidg->req is NULL\n"); 467 status = -ESHUTDOWN; 468 goto release_write_pending; 469 } 470 471 status = copy_from_user(req->buf, buffer, count); 472 if (status != 0) { 473 ERROR(hidg->func.config->cdev, 474 "copy_from_user error\n"); 475 status = -EINVAL; 476 goto release_write_pending; 477 } 478 479 spin_lock_irqsave(&hidg->write_spinlock, flags); 480 481 /* when our function has been disabled by host */ 482 if (!hidg->req) { 483 free_ep_req(hidg->in_ep, req); 484 /* 485 * TODO 486 * Should we fail with error here? 487 */ 488 goto try_again; 489 } 490 491 req->status = 0; 492 req->zero = 0; 493 req->length = count; 494 req->complete = f_hidg_req_complete; 495 req->context = hidg; 496 497 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 498 499 if (!hidg->in_ep->enabled) { 500 ERROR(hidg->func.config->cdev, "in_ep is disabled\n"); 501 status = -ESHUTDOWN; 502 goto release_write_pending; 503 } 504 505 status = usb_ep_queue(hidg->in_ep, req, GFP_ATOMIC); 506 if (status < 0) 507 goto release_write_pending; 508 else 509 status = count; 510 511 return status; 512 release_write_pending: 513 spin_lock_irqsave(&hidg->write_spinlock, flags); 514 hidg->write_pending = 0; 515 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 516 517 wake_up(&hidg->write_queue); 518 519 return status; 520 } 521 522 static __poll_t f_hidg_poll(struct file *file, poll_table *wait) 523 { 524 struct f_hidg *hidg = file->private_data; 525 __poll_t ret = 0; 526 527 poll_wait(file, &hidg->read_queue, wait); 528 poll_wait(file, &hidg->write_queue, wait); 529 530 if (WRITE_COND) 531 ret |= EPOLLOUT | EPOLLWRNORM; 532 533 if (hidg->use_out_ep) { 534 if (READ_COND_INTOUT) 535 ret |= EPOLLIN | EPOLLRDNORM; 536 } else { 537 if (READ_COND_SSREPORT) 538 ret |= EPOLLIN | EPOLLRDNORM; 539 } 540 541 return ret; 542 } 543 544 #undef WRITE_COND 545 #undef READ_COND_SSREPORT 546 #undef READ_COND_INTOUT 547 548 static int f_hidg_release(struct inode *inode, struct file *fd) 549 { 550 fd->private_data = NULL; 551 return 0; 552 } 553 554 static int f_hidg_open(struct inode *inode, struct file *fd) 555 { 556 struct f_hidg *hidg = 557 container_of(inode->i_cdev, struct f_hidg, cdev); 558 559 fd->private_data = hidg; 560 561 return 0; 562 } 563 564 /*-------------------------------------------------------------------------*/ 565 /* usb_function */ 566 567 static inline struct usb_request *hidg_alloc_ep_req(struct usb_ep *ep, 568 unsigned length) 569 { 570 return alloc_ep_req(ep, length); 571 } 572 573 static void hidg_intout_complete(struct usb_ep *ep, struct usb_request *req) 574 { 575 struct f_hidg *hidg = (struct f_hidg *) req->context; 576 struct usb_composite_dev *cdev = hidg->func.config->cdev; 577 struct f_hidg_req_list *req_list; 578 unsigned long flags; 579 580 switch (req->status) { 581 case 0: 582 req_list = kzalloc(sizeof(*req_list), GFP_ATOMIC); 583 if (!req_list) { 584 ERROR(cdev, "Unable to allocate mem for req_list\n"); 585 goto free_req; 586 } 587 588 req_list->req = req; 589 590 spin_lock_irqsave(&hidg->read_spinlock, flags); 591 list_add_tail(&req_list->list, &hidg->completed_out_req); 592 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 593 594 wake_up(&hidg->read_queue); 595 break; 596 default: 597 ERROR(cdev, "Set report failed %d\n", req->status); 598 fallthrough; 599 case -ECONNABORTED: /* hardware forced ep reset */ 600 case -ECONNRESET: /* request dequeued */ 601 case -ESHUTDOWN: /* disconnect from host */ 602 free_req: 603 free_ep_req(ep, req); 604 return; 605 } 606 } 607 608 static void hidg_ssreport_complete(struct usb_ep *ep, struct usb_request *req) 609 { 610 struct f_hidg *hidg = (struct f_hidg *)req->context; 611 struct usb_composite_dev *cdev = hidg->func.config->cdev; 612 char *new_buf = NULL; 613 unsigned long flags; 614 615 if (req->status != 0 || req->buf == NULL || req->actual == 0) { 616 ERROR(cdev, 617 "%s FAILED: status=%d, buf=%p, actual=%d\n", 618 __func__, req->status, req->buf, req->actual); 619 return; 620 } 621 622 spin_lock_irqsave(&hidg->read_spinlock, flags); 623 624 new_buf = krealloc(hidg->set_report_buf, req->actual, GFP_ATOMIC); 625 if (new_buf == NULL) { 626 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 627 return; 628 } 629 hidg->set_report_buf = new_buf; 630 631 hidg->set_report_length = req->actual; 632 memcpy(hidg->set_report_buf, req->buf, req->actual); 633 634 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 635 636 wake_up(&hidg->read_queue); 637 } 638 639 static int hidg_setup(struct usb_function *f, 640 const struct usb_ctrlrequest *ctrl) 641 { 642 struct f_hidg *hidg = func_to_hidg(f); 643 struct usb_composite_dev *cdev = f->config->cdev; 644 struct usb_request *req = cdev->req; 645 int status = 0; 646 __u16 value, length; 647 648 value = __le16_to_cpu(ctrl->wValue); 649 length = __le16_to_cpu(ctrl->wLength); 650 651 VDBG(cdev, 652 "%s crtl_request : bRequestType:0x%x bRequest:0x%x Value:0x%x\n", 653 __func__, ctrl->bRequestType, ctrl->bRequest, value); 654 655 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) { 656 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 657 | HID_REQ_GET_REPORT): 658 VDBG(cdev, "get_report\n"); 659 660 /* send an empty report */ 661 length = min_t(unsigned, length, hidg->report_length); 662 memset(req->buf, 0x0, length); 663 664 goto respond; 665 break; 666 667 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 668 | HID_REQ_GET_PROTOCOL): 669 VDBG(cdev, "get_protocol\n"); 670 length = min_t(unsigned int, length, 1); 671 ((u8 *) req->buf)[0] = hidg->protocol; 672 goto respond; 673 break; 674 675 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 676 | HID_REQ_GET_IDLE): 677 VDBG(cdev, "get_idle\n"); 678 length = min_t(unsigned int, length, 1); 679 ((u8 *) req->buf)[0] = hidg->idle; 680 goto respond; 681 break; 682 683 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 684 | HID_REQ_SET_REPORT): 685 VDBG(cdev, "set_report | wLength=%d\n", ctrl->wLength); 686 if (hidg->use_out_ep) 687 goto stall; 688 req->complete = hidg_ssreport_complete; 689 req->context = hidg; 690 goto respond; 691 break; 692 693 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 694 | HID_REQ_SET_PROTOCOL): 695 VDBG(cdev, "set_protocol\n"); 696 if (value > HID_REPORT_PROTOCOL) 697 goto stall; 698 length = 0; 699 /* 700 * We assume that programs implementing the Boot protocol 701 * are also compatible with the Report Protocol 702 */ 703 if (hidg->bInterfaceSubClass == USB_INTERFACE_SUBCLASS_BOOT) { 704 hidg->protocol = value; 705 goto respond; 706 } 707 goto stall; 708 break; 709 710 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 711 | HID_REQ_SET_IDLE): 712 VDBG(cdev, "set_idle\n"); 713 length = 0; 714 hidg->idle = value >> 8; 715 goto respond; 716 break; 717 718 case ((USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_INTERFACE) << 8 719 | USB_REQ_GET_DESCRIPTOR): 720 switch (value >> 8) { 721 case HID_DT_HID: 722 { 723 struct hid_descriptor hidg_desc_copy = hidg_desc; 724 725 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n"); 726 hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT; 727 hidg_desc_copy.desc[0].wDescriptorLength = 728 cpu_to_le16(hidg->report_desc_length); 729 730 length = min_t(unsigned short, length, 731 hidg_desc_copy.bLength); 732 memcpy(req->buf, &hidg_desc_copy, length); 733 goto respond; 734 break; 735 } 736 case HID_DT_REPORT: 737 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: REPORT\n"); 738 length = min_t(unsigned short, length, 739 hidg->report_desc_length); 740 memcpy(req->buf, hidg->report_desc, length); 741 goto respond; 742 break; 743 744 default: 745 VDBG(cdev, "Unknown descriptor request 0x%x\n", 746 value >> 8); 747 goto stall; 748 break; 749 } 750 break; 751 752 default: 753 VDBG(cdev, "Unknown request 0x%x\n", 754 ctrl->bRequest); 755 goto stall; 756 break; 757 } 758 759 stall: 760 return -EOPNOTSUPP; 761 762 respond: 763 req->zero = 0; 764 req->length = length; 765 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); 766 if (status < 0) 767 ERROR(cdev, "usb_ep_queue error on ep0 %d\n", value); 768 return status; 769 } 770 771 static void hidg_disable(struct usb_function *f) 772 { 773 struct f_hidg *hidg = func_to_hidg(f); 774 struct f_hidg_req_list *list, *next; 775 unsigned long flags; 776 777 usb_ep_disable(hidg->in_ep); 778 779 if (hidg->out_ep) { 780 usb_ep_disable(hidg->out_ep); 781 782 spin_lock_irqsave(&hidg->read_spinlock, flags); 783 list_for_each_entry_safe(list, next, &hidg->completed_out_req, list) { 784 free_ep_req(hidg->out_ep, list->req); 785 list_del(&list->list); 786 kfree(list); 787 } 788 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 789 } 790 791 spin_lock_irqsave(&hidg->write_spinlock, flags); 792 if (!hidg->write_pending) { 793 free_ep_req(hidg->in_ep, hidg->req); 794 hidg->write_pending = 1; 795 } 796 797 hidg->req = NULL; 798 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 799 } 800 801 static int hidg_set_alt(struct usb_function *f, unsigned intf, unsigned alt) 802 { 803 struct usb_composite_dev *cdev = f->config->cdev; 804 struct f_hidg *hidg = func_to_hidg(f); 805 struct usb_request *req_in = NULL; 806 unsigned long flags; 807 int i, status = 0; 808 809 VDBG(cdev, "hidg_set_alt intf:%d alt:%d\n", intf, alt); 810 811 if (hidg->in_ep != NULL) { 812 /* restart endpoint */ 813 usb_ep_disable(hidg->in_ep); 814 815 status = config_ep_by_speed(f->config->cdev->gadget, f, 816 hidg->in_ep); 817 if (status) { 818 ERROR(cdev, "config_ep_by_speed FAILED!\n"); 819 goto fail; 820 } 821 status = usb_ep_enable(hidg->in_ep); 822 if (status < 0) { 823 ERROR(cdev, "Enable IN endpoint FAILED!\n"); 824 goto fail; 825 } 826 hidg->in_ep->driver_data = hidg; 827 828 req_in = hidg_alloc_ep_req(hidg->in_ep, hidg->report_length); 829 if (!req_in) { 830 status = -ENOMEM; 831 goto disable_ep_in; 832 } 833 } 834 835 if (hidg->use_out_ep && hidg->out_ep != NULL) { 836 /* restart endpoint */ 837 usb_ep_disable(hidg->out_ep); 838 839 status = config_ep_by_speed(f->config->cdev->gadget, f, 840 hidg->out_ep); 841 if (status) { 842 ERROR(cdev, "config_ep_by_speed FAILED!\n"); 843 goto free_req_in; 844 } 845 status = usb_ep_enable(hidg->out_ep); 846 if (status < 0) { 847 ERROR(cdev, "Enable OUT endpoint FAILED!\n"); 848 goto free_req_in; 849 } 850 hidg->out_ep->driver_data = hidg; 851 852 /* 853 * allocate a bunch of read buffers and queue them all at once. 854 */ 855 for (i = 0; i < hidg->qlen && status == 0; i++) { 856 struct usb_request *req = 857 hidg_alloc_ep_req(hidg->out_ep, 858 hidg->report_length); 859 if (req) { 860 req->complete = hidg_intout_complete; 861 req->context = hidg; 862 status = usb_ep_queue(hidg->out_ep, req, 863 GFP_ATOMIC); 864 if (status) { 865 ERROR(cdev, "%s queue req --> %d\n", 866 hidg->out_ep->name, status); 867 free_ep_req(hidg->out_ep, req); 868 } 869 } else { 870 status = -ENOMEM; 871 goto disable_out_ep; 872 } 873 } 874 } 875 876 if (hidg->in_ep != NULL) { 877 spin_lock_irqsave(&hidg->write_spinlock, flags); 878 hidg->req = req_in; 879 hidg->write_pending = 0; 880 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 881 882 wake_up(&hidg->write_queue); 883 } 884 return 0; 885 disable_out_ep: 886 if (hidg->out_ep) 887 usb_ep_disable(hidg->out_ep); 888 free_req_in: 889 if (req_in) 890 free_ep_req(hidg->in_ep, req_in); 891 892 disable_ep_in: 893 if (hidg->in_ep) 894 usb_ep_disable(hidg->in_ep); 895 896 fail: 897 return status; 898 } 899 900 static const struct file_operations f_hidg_fops = { 901 .owner = THIS_MODULE, 902 .open = f_hidg_open, 903 .release = f_hidg_release, 904 .write = f_hidg_write, 905 .read = f_hidg_read, 906 .poll = f_hidg_poll, 907 .llseek = noop_llseek, 908 }; 909 910 static int hidg_bind(struct usb_configuration *c, struct usb_function *f) 911 { 912 struct usb_ep *ep; 913 struct f_hidg *hidg = func_to_hidg(f); 914 struct usb_string *us; 915 int status; 916 917 /* maybe allocate device-global string IDs, and patch descriptors */ 918 us = usb_gstrings_attach(c->cdev, ct_func_strings, 919 ARRAY_SIZE(ct_func_string_defs)); 920 if (IS_ERR(us)) 921 return PTR_ERR(us); 922 hidg_interface_desc.iInterface = us[CT_FUNC_HID_IDX].id; 923 924 /* allocate instance-specific interface IDs, and patch descriptors */ 925 status = usb_interface_id(c, f); 926 if (status < 0) 927 goto fail; 928 hidg_interface_desc.bInterfaceNumber = status; 929 930 /* allocate instance-specific endpoints */ 931 status = -ENODEV; 932 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_in_ep_desc); 933 if (!ep) 934 goto fail; 935 hidg->in_ep = ep; 936 937 hidg->out_ep = NULL; 938 if (hidg->use_out_ep) { 939 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_out_ep_desc); 940 if (!ep) 941 goto fail; 942 hidg->out_ep = ep; 943 } 944 945 /* used only if use_out_ep == 1 */ 946 hidg->set_report_buf = NULL; 947 948 /* set descriptor dynamic values */ 949 hidg_interface_desc.bInterfaceSubClass = hidg->bInterfaceSubClass; 950 hidg_interface_desc.bInterfaceProtocol = hidg->bInterfaceProtocol; 951 hidg_interface_desc.bNumEndpoints = hidg->use_out_ep ? 2 : 1; 952 hidg->protocol = HID_REPORT_PROTOCOL; 953 hidg->idle = 1; 954 hidg_ss_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 955 hidg_ss_in_comp_desc.wBytesPerInterval = 956 cpu_to_le16(hidg->report_length); 957 hidg_hs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 958 hidg_fs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 959 hidg_ss_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 960 hidg_ss_out_comp_desc.wBytesPerInterval = 961 cpu_to_le16(hidg->report_length); 962 hidg_hs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 963 hidg_fs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 964 /* 965 * We can use hidg_desc struct here but we should not relay 966 * that its content won't change after returning from this function. 967 */ 968 hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT; 969 hidg_desc.desc[0].wDescriptorLength = 970 cpu_to_le16(hidg->report_desc_length); 971 972 hidg_hs_in_ep_desc.bEndpointAddress = 973 hidg_fs_in_ep_desc.bEndpointAddress; 974 hidg_hs_out_ep_desc.bEndpointAddress = 975 hidg_fs_out_ep_desc.bEndpointAddress; 976 977 hidg_ss_in_ep_desc.bEndpointAddress = 978 hidg_fs_in_ep_desc.bEndpointAddress; 979 hidg_ss_out_ep_desc.bEndpointAddress = 980 hidg_fs_out_ep_desc.bEndpointAddress; 981 982 if (hidg->use_out_ep) 983 status = usb_assign_descriptors(f, 984 hidg_fs_descriptors_intout, 985 hidg_hs_descriptors_intout, 986 hidg_ss_descriptors_intout, 987 hidg_ss_descriptors_intout); 988 else 989 status = usb_assign_descriptors(f, 990 hidg_fs_descriptors_ssreport, 991 hidg_hs_descriptors_ssreport, 992 hidg_ss_descriptors_ssreport, 993 hidg_ss_descriptors_ssreport); 994 995 if (status) 996 goto fail; 997 998 spin_lock_init(&hidg->write_spinlock); 999 hidg->write_pending = 1; 1000 hidg->req = NULL; 1001 spin_lock_init(&hidg->read_spinlock); 1002 init_waitqueue_head(&hidg->write_queue); 1003 init_waitqueue_head(&hidg->read_queue); 1004 INIT_LIST_HEAD(&hidg->completed_out_req); 1005 1006 /* create char device */ 1007 cdev_init(&hidg->cdev, &f_hidg_fops); 1008 status = cdev_device_add(&hidg->cdev, &hidg->dev); 1009 if (status) 1010 goto fail_free_descs; 1011 1012 return 0; 1013 fail_free_descs: 1014 usb_free_all_descriptors(f); 1015 fail: 1016 ERROR(f->config->cdev, "hidg_bind FAILED\n"); 1017 if (hidg->req != NULL) 1018 free_ep_req(hidg->in_ep, hidg->req); 1019 1020 return status; 1021 } 1022 1023 static inline int hidg_get_minor(void) 1024 { 1025 int ret; 1026 1027 ret = ida_simple_get(&hidg_ida, 0, 0, GFP_KERNEL); 1028 if (ret >= HIDG_MINORS) { 1029 ida_simple_remove(&hidg_ida, ret); 1030 ret = -ENODEV; 1031 } 1032 1033 return ret; 1034 } 1035 1036 static inline struct f_hid_opts *to_f_hid_opts(struct config_item *item) 1037 { 1038 return container_of(to_config_group(item), struct f_hid_opts, 1039 func_inst.group); 1040 } 1041 1042 static void hid_attr_release(struct config_item *item) 1043 { 1044 struct f_hid_opts *opts = to_f_hid_opts(item); 1045 1046 usb_put_function_instance(&opts->func_inst); 1047 } 1048 1049 static struct configfs_item_operations hidg_item_ops = { 1050 .release = hid_attr_release, 1051 }; 1052 1053 #define F_HID_OPT(name, prec, limit) \ 1054 static ssize_t f_hid_opts_##name##_show(struct config_item *item, char *page)\ 1055 { \ 1056 struct f_hid_opts *opts = to_f_hid_opts(item); \ 1057 int result; \ 1058 \ 1059 mutex_lock(&opts->lock); \ 1060 result = sprintf(page, "%d\n", opts->name); \ 1061 mutex_unlock(&opts->lock); \ 1062 \ 1063 return result; \ 1064 } \ 1065 \ 1066 static ssize_t f_hid_opts_##name##_store(struct config_item *item, \ 1067 const char *page, size_t len) \ 1068 { \ 1069 struct f_hid_opts *opts = to_f_hid_opts(item); \ 1070 int ret; \ 1071 u##prec num; \ 1072 \ 1073 mutex_lock(&opts->lock); \ 1074 if (opts->refcnt) { \ 1075 ret = -EBUSY; \ 1076 goto end; \ 1077 } \ 1078 \ 1079 ret = kstrtou##prec(page, 0, &num); \ 1080 if (ret) \ 1081 goto end; \ 1082 \ 1083 if (num > limit) { \ 1084 ret = -EINVAL; \ 1085 goto end; \ 1086 } \ 1087 opts->name = num; \ 1088 ret = len; \ 1089 \ 1090 end: \ 1091 mutex_unlock(&opts->lock); \ 1092 return ret; \ 1093 } \ 1094 \ 1095 CONFIGFS_ATTR(f_hid_opts_, name) 1096 1097 F_HID_OPT(subclass, 8, 255); 1098 F_HID_OPT(protocol, 8, 255); 1099 F_HID_OPT(no_out_endpoint, 8, 1); 1100 F_HID_OPT(report_length, 16, 65535); 1101 1102 static ssize_t f_hid_opts_report_desc_show(struct config_item *item, char *page) 1103 { 1104 struct f_hid_opts *opts = to_f_hid_opts(item); 1105 int result; 1106 1107 mutex_lock(&opts->lock); 1108 result = opts->report_desc_length; 1109 memcpy(page, opts->report_desc, opts->report_desc_length); 1110 mutex_unlock(&opts->lock); 1111 1112 return result; 1113 } 1114 1115 static ssize_t f_hid_opts_report_desc_store(struct config_item *item, 1116 const char *page, size_t len) 1117 { 1118 struct f_hid_opts *opts = to_f_hid_opts(item); 1119 int ret = -EBUSY; 1120 char *d; 1121 1122 mutex_lock(&opts->lock); 1123 1124 if (opts->refcnt) 1125 goto end; 1126 if (len > PAGE_SIZE) { 1127 ret = -ENOSPC; 1128 goto end; 1129 } 1130 d = kmemdup(page, len, GFP_KERNEL); 1131 if (!d) { 1132 ret = -ENOMEM; 1133 goto end; 1134 } 1135 kfree(opts->report_desc); 1136 opts->report_desc = d; 1137 opts->report_desc_length = len; 1138 opts->report_desc_alloc = true; 1139 ret = len; 1140 end: 1141 mutex_unlock(&opts->lock); 1142 return ret; 1143 } 1144 1145 CONFIGFS_ATTR(f_hid_opts_, report_desc); 1146 1147 static ssize_t f_hid_opts_dev_show(struct config_item *item, char *page) 1148 { 1149 struct f_hid_opts *opts = to_f_hid_opts(item); 1150 1151 return sprintf(page, "%d:%d\n", major, opts->minor); 1152 } 1153 1154 CONFIGFS_ATTR_RO(f_hid_opts_, dev); 1155 1156 static struct configfs_attribute *hid_attrs[] = { 1157 &f_hid_opts_attr_subclass, 1158 &f_hid_opts_attr_protocol, 1159 &f_hid_opts_attr_no_out_endpoint, 1160 &f_hid_opts_attr_report_length, 1161 &f_hid_opts_attr_report_desc, 1162 &f_hid_opts_attr_dev, 1163 NULL, 1164 }; 1165 1166 static const struct config_item_type hid_func_type = { 1167 .ct_item_ops = &hidg_item_ops, 1168 .ct_attrs = hid_attrs, 1169 .ct_owner = THIS_MODULE, 1170 }; 1171 1172 static inline void hidg_put_minor(int minor) 1173 { 1174 ida_simple_remove(&hidg_ida, minor); 1175 } 1176 1177 static void hidg_free_inst(struct usb_function_instance *f) 1178 { 1179 struct f_hid_opts *opts; 1180 1181 opts = container_of(f, struct f_hid_opts, func_inst); 1182 1183 mutex_lock(&hidg_ida_lock); 1184 1185 hidg_put_minor(opts->minor); 1186 if (ida_is_empty(&hidg_ida)) 1187 ghid_cleanup(); 1188 1189 mutex_unlock(&hidg_ida_lock); 1190 1191 if (opts->report_desc_alloc) 1192 kfree(opts->report_desc); 1193 1194 kfree(opts); 1195 } 1196 1197 static struct usb_function_instance *hidg_alloc_inst(void) 1198 { 1199 struct f_hid_opts *opts; 1200 struct usb_function_instance *ret; 1201 int status = 0; 1202 1203 opts = kzalloc(sizeof(*opts), GFP_KERNEL); 1204 if (!opts) 1205 return ERR_PTR(-ENOMEM); 1206 mutex_init(&opts->lock); 1207 opts->func_inst.free_func_inst = hidg_free_inst; 1208 ret = &opts->func_inst; 1209 1210 mutex_lock(&hidg_ida_lock); 1211 1212 if (ida_is_empty(&hidg_ida)) { 1213 status = ghid_setup(NULL, HIDG_MINORS); 1214 if (status) { 1215 ret = ERR_PTR(status); 1216 kfree(opts); 1217 goto unlock; 1218 } 1219 } 1220 1221 opts->minor = hidg_get_minor(); 1222 if (opts->minor < 0) { 1223 ret = ERR_PTR(opts->minor); 1224 kfree(opts); 1225 if (ida_is_empty(&hidg_ida)) 1226 ghid_cleanup(); 1227 goto unlock; 1228 } 1229 config_group_init_type_name(&opts->func_inst.group, "", &hid_func_type); 1230 1231 unlock: 1232 mutex_unlock(&hidg_ida_lock); 1233 return ret; 1234 } 1235 1236 static void hidg_free(struct usb_function *f) 1237 { 1238 struct f_hidg *hidg; 1239 struct f_hid_opts *opts; 1240 1241 hidg = func_to_hidg(f); 1242 opts = container_of(f->fi, struct f_hid_opts, func_inst); 1243 put_device(&hidg->dev); 1244 mutex_lock(&opts->lock); 1245 --opts->refcnt; 1246 mutex_unlock(&opts->lock); 1247 } 1248 1249 static void hidg_unbind(struct usb_configuration *c, struct usb_function *f) 1250 { 1251 struct f_hidg *hidg = func_to_hidg(f); 1252 1253 cdev_device_del(&hidg->cdev, &hidg->dev); 1254 1255 usb_free_all_descriptors(f); 1256 } 1257 1258 static struct usb_function *hidg_alloc(struct usb_function_instance *fi) 1259 { 1260 struct f_hidg *hidg; 1261 struct f_hid_opts *opts; 1262 int ret; 1263 1264 /* allocate and initialize one new instance */ 1265 hidg = kzalloc(sizeof(*hidg), GFP_KERNEL); 1266 if (!hidg) 1267 return ERR_PTR(-ENOMEM); 1268 1269 opts = container_of(fi, struct f_hid_opts, func_inst); 1270 1271 mutex_lock(&opts->lock); 1272 1273 device_initialize(&hidg->dev); 1274 hidg->dev.release = hidg_release; 1275 hidg->dev.class = hidg_class; 1276 hidg->dev.devt = MKDEV(major, opts->minor); 1277 ret = dev_set_name(&hidg->dev, "hidg%d", opts->minor); 1278 if (ret) 1279 goto err_unlock; 1280 1281 hidg->bInterfaceSubClass = opts->subclass; 1282 hidg->bInterfaceProtocol = opts->protocol; 1283 hidg->report_length = opts->report_length; 1284 hidg->report_desc_length = opts->report_desc_length; 1285 if (opts->report_desc) { 1286 hidg->report_desc = devm_kmemdup(&hidg->dev, opts->report_desc, 1287 opts->report_desc_length, 1288 GFP_KERNEL); 1289 if (!hidg->report_desc) { 1290 ret = -ENOMEM; 1291 goto err_put_device; 1292 } 1293 } 1294 hidg->use_out_ep = !opts->no_out_endpoint; 1295 1296 ++opts->refcnt; 1297 mutex_unlock(&opts->lock); 1298 1299 hidg->func.name = "hid"; 1300 hidg->func.bind = hidg_bind; 1301 hidg->func.unbind = hidg_unbind; 1302 hidg->func.set_alt = hidg_set_alt; 1303 hidg->func.disable = hidg_disable; 1304 hidg->func.setup = hidg_setup; 1305 hidg->func.free_func = hidg_free; 1306 1307 /* this could be made configurable at some point */ 1308 hidg->qlen = 4; 1309 1310 return &hidg->func; 1311 1312 err_put_device: 1313 put_device(&hidg->dev); 1314 err_unlock: 1315 mutex_unlock(&opts->lock); 1316 return ERR_PTR(ret); 1317 } 1318 1319 DECLARE_USB_FUNCTION_INIT(hid, hidg_alloc_inst, hidg_alloc); 1320 MODULE_LICENSE("GPL"); 1321 MODULE_AUTHOR("Fabien Chouteau"); 1322 1323 int ghid_setup(struct usb_gadget *g, int count) 1324 { 1325 int status; 1326 dev_t dev; 1327 1328 hidg_class = class_create(THIS_MODULE, "hidg"); 1329 if (IS_ERR(hidg_class)) { 1330 status = PTR_ERR(hidg_class); 1331 hidg_class = NULL; 1332 return status; 1333 } 1334 1335 status = alloc_chrdev_region(&dev, 0, count, "hidg"); 1336 if (status) { 1337 class_destroy(hidg_class); 1338 hidg_class = NULL; 1339 return status; 1340 } 1341 1342 major = MAJOR(dev); 1343 minors = count; 1344 1345 return 0; 1346 } 1347 1348 void ghid_cleanup(void) 1349 { 1350 if (major) { 1351 unregister_chrdev_region(MKDEV(major, 0), minors); 1352 major = minors = 0; 1353 } 1354 1355 class_destroy(hidg_class); 1356 hidg_class = NULL; 1357 } 1358