1 /* 2 * f_hid.c -- USB HID function driver 3 * 4 * Copyright (C) 2010 Fabien Chouteau <fabien.chouteau@barco.com> 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation; either version 2 of the License, or 9 * (at your option) any later version. 10 */ 11 12 #include <linux/kernel.h> 13 #include <linux/module.h> 14 #include <linux/hid.h> 15 #include <linux/idr.h> 16 #include <linux/cdev.h> 17 #include <linux/mutex.h> 18 #include <linux/poll.h> 19 #include <linux/uaccess.h> 20 #include <linux/wait.h> 21 #include <linux/sched.h> 22 #include <linux/usb/g_hid.h> 23 24 #include "u_f.h" 25 #include "u_hid.h" 26 27 #define HIDG_MINORS 4 28 29 static int major, minors; 30 static struct class *hidg_class; 31 static DEFINE_IDA(hidg_ida); 32 static DEFINE_MUTEX(hidg_ida_lock); /* protects access to hidg_ida */ 33 34 /*-------------------------------------------------------------------------*/ 35 /* HID gadget struct */ 36 37 struct f_hidg_req_list { 38 struct usb_request *req; 39 unsigned int pos; 40 struct list_head list; 41 }; 42 43 struct f_hidg { 44 /* configuration */ 45 unsigned char bInterfaceSubClass; 46 unsigned char bInterfaceProtocol; 47 unsigned short report_desc_length; 48 char *report_desc; 49 unsigned short report_length; 50 51 /* recv report */ 52 struct list_head completed_out_req; 53 spinlock_t read_spinlock; 54 wait_queue_head_t read_queue; 55 unsigned int qlen; 56 57 /* send report */ 58 spinlock_t write_spinlock; 59 bool write_pending; 60 wait_queue_head_t write_queue; 61 struct usb_request *req; 62 63 int minor; 64 struct cdev cdev; 65 struct usb_function func; 66 67 struct usb_ep *in_ep; 68 struct usb_ep *out_ep; 69 }; 70 71 static inline struct f_hidg *func_to_hidg(struct usb_function *f) 72 { 73 return container_of(f, struct f_hidg, func); 74 } 75 76 /*-------------------------------------------------------------------------*/ 77 /* Static descriptors */ 78 79 static struct usb_interface_descriptor hidg_interface_desc = { 80 .bLength = sizeof hidg_interface_desc, 81 .bDescriptorType = USB_DT_INTERFACE, 82 /* .bInterfaceNumber = DYNAMIC */ 83 .bAlternateSetting = 0, 84 .bNumEndpoints = 2, 85 .bInterfaceClass = USB_CLASS_HID, 86 /* .bInterfaceSubClass = DYNAMIC */ 87 /* .bInterfaceProtocol = DYNAMIC */ 88 /* .iInterface = DYNAMIC */ 89 }; 90 91 static struct hid_descriptor hidg_desc = { 92 .bLength = sizeof hidg_desc, 93 .bDescriptorType = HID_DT_HID, 94 .bcdHID = 0x0101, 95 .bCountryCode = 0x00, 96 .bNumDescriptors = 0x1, 97 /*.desc[0].bDescriptorType = DYNAMIC */ 98 /*.desc[0].wDescriptorLenght = DYNAMIC */ 99 }; 100 101 /* Super-Speed Support */ 102 103 static struct usb_endpoint_descriptor hidg_ss_in_ep_desc = { 104 .bLength = USB_DT_ENDPOINT_SIZE, 105 .bDescriptorType = USB_DT_ENDPOINT, 106 .bEndpointAddress = USB_DIR_IN, 107 .bmAttributes = USB_ENDPOINT_XFER_INT, 108 /*.wMaxPacketSize = DYNAMIC */ 109 .bInterval = 4, /* FIXME: Add this field in the 110 * HID gadget configuration? 111 * (struct hidg_func_descriptor) 112 */ 113 }; 114 115 static struct usb_ss_ep_comp_descriptor hidg_ss_in_comp_desc = { 116 .bLength = sizeof(hidg_ss_in_comp_desc), 117 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 118 119 /* .bMaxBurst = 0, */ 120 /* .bmAttributes = 0, */ 121 /* .wBytesPerInterval = DYNAMIC */ 122 }; 123 124 static struct usb_endpoint_descriptor hidg_ss_out_ep_desc = { 125 .bLength = USB_DT_ENDPOINT_SIZE, 126 .bDescriptorType = USB_DT_ENDPOINT, 127 .bEndpointAddress = USB_DIR_OUT, 128 .bmAttributes = USB_ENDPOINT_XFER_INT, 129 /*.wMaxPacketSize = DYNAMIC */ 130 .bInterval = 4, /* FIXME: Add this field in the 131 * HID gadget configuration? 132 * (struct hidg_func_descriptor) 133 */ 134 }; 135 136 static struct usb_ss_ep_comp_descriptor hidg_ss_out_comp_desc = { 137 .bLength = sizeof(hidg_ss_out_comp_desc), 138 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 139 140 /* .bMaxBurst = 0, */ 141 /* .bmAttributes = 0, */ 142 /* .wBytesPerInterval = DYNAMIC */ 143 }; 144 145 static struct usb_descriptor_header *hidg_ss_descriptors[] = { 146 (struct usb_descriptor_header *)&hidg_interface_desc, 147 (struct usb_descriptor_header *)&hidg_desc, 148 (struct usb_descriptor_header *)&hidg_ss_in_ep_desc, 149 (struct usb_descriptor_header *)&hidg_ss_in_comp_desc, 150 (struct usb_descriptor_header *)&hidg_ss_out_ep_desc, 151 (struct usb_descriptor_header *)&hidg_ss_out_comp_desc, 152 NULL, 153 }; 154 155 /* High-Speed Support */ 156 157 static struct usb_endpoint_descriptor hidg_hs_in_ep_desc = { 158 .bLength = USB_DT_ENDPOINT_SIZE, 159 .bDescriptorType = USB_DT_ENDPOINT, 160 .bEndpointAddress = USB_DIR_IN, 161 .bmAttributes = USB_ENDPOINT_XFER_INT, 162 /*.wMaxPacketSize = DYNAMIC */ 163 .bInterval = 4, /* FIXME: Add this field in the 164 * HID gadget configuration? 165 * (struct hidg_func_descriptor) 166 */ 167 }; 168 169 static struct usb_endpoint_descriptor hidg_hs_out_ep_desc = { 170 .bLength = USB_DT_ENDPOINT_SIZE, 171 .bDescriptorType = USB_DT_ENDPOINT, 172 .bEndpointAddress = USB_DIR_OUT, 173 .bmAttributes = USB_ENDPOINT_XFER_INT, 174 /*.wMaxPacketSize = DYNAMIC */ 175 .bInterval = 4, /* FIXME: Add this field in the 176 * HID gadget configuration? 177 * (struct hidg_func_descriptor) 178 */ 179 }; 180 181 static struct usb_descriptor_header *hidg_hs_descriptors[] = { 182 (struct usb_descriptor_header *)&hidg_interface_desc, 183 (struct usb_descriptor_header *)&hidg_desc, 184 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc, 185 (struct usb_descriptor_header *)&hidg_hs_out_ep_desc, 186 NULL, 187 }; 188 189 /* Full-Speed Support */ 190 191 static struct usb_endpoint_descriptor hidg_fs_in_ep_desc = { 192 .bLength = USB_DT_ENDPOINT_SIZE, 193 .bDescriptorType = USB_DT_ENDPOINT, 194 .bEndpointAddress = USB_DIR_IN, 195 .bmAttributes = USB_ENDPOINT_XFER_INT, 196 /*.wMaxPacketSize = DYNAMIC */ 197 .bInterval = 10, /* FIXME: Add this field in the 198 * HID gadget configuration? 199 * (struct hidg_func_descriptor) 200 */ 201 }; 202 203 static struct usb_endpoint_descriptor hidg_fs_out_ep_desc = { 204 .bLength = USB_DT_ENDPOINT_SIZE, 205 .bDescriptorType = USB_DT_ENDPOINT, 206 .bEndpointAddress = USB_DIR_OUT, 207 .bmAttributes = USB_ENDPOINT_XFER_INT, 208 /*.wMaxPacketSize = DYNAMIC */ 209 .bInterval = 10, /* FIXME: Add this field in the 210 * HID gadget configuration? 211 * (struct hidg_func_descriptor) 212 */ 213 }; 214 215 static struct usb_descriptor_header *hidg_fs_descriptors[] = { 216 (struct usb_descriptor_header *)&hidg_interface_desc, 217 (struct usb_descriptor_header *)&hidg_desc, 218 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc, 219 (struct usb_descriptor_header *)&hidg_fs_out_ep_desc, 220 NULL, 221 }; 222 223 /*-------------------------------------------------------------------------*/ 224 /* Strings */ 225 226 #define CT_FUNC_HID_IDX 0 227 228 static struct usb_string ct_func_string_defs[] = { 229 [CT_FUNC_HID_IDX].s = "HID Interface", 230 {}, /* end of list */ 231 }; 232 233 static struct usb_gadget_strings ct_func_string_table = { 234 .language = 0x0409, /* en-US */ 235 .strings = ct_func_string_defs, 236 }; 237 238 static struct usb_gadget_strings *ct_func_strings[] = { 239 &ct_func_string_table, 240 NULL, 241 }; 242 243 /*-------------------------------------------------------------------------*/ 244 /* Char Device */ 245 246 static ssize_t f_hidg_read(struct file *file, char __user *buffer, 247 size_t count, loff_t *ptr) 248 { 249 struct f_hidg *hidg = file->private_data; 250 struct f_hidg_req_list *list; 251 struct usb_request *req; 252 unsigned long flags; 253 int ret; 254 255 if (!count) 256 return 0; 257 258 if (!access_ok(VERIFY_WRITE, buffer, count)) 259 return -EFAULT; 260 261 spin_lock_irqsave(&hidg->read_spinlock, flags); 262 263 #define READ_COND (!list_empty(&hidg->completed_out_req)) 264 265 /* wait for at least one buffer to complete */ 266 while (!READ_COND) { 267 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 268 if (file->f_flags & O_NONBLOCK) 269 return -EAGAIN; 270 271 if (wait_event_interruptible(hidg->read_queue, READ_COND)) 272 return -ERESTARTSYS; 273 274 spin_lock_irqsave(&hidg->read_spinlock, flags); 275 } 276 277 /* pick the first one */ 278 list = list_first_entry(&hidg->completed_out_req, 279 struct f_hidg_req_list, list); 280 281 /* 282 * Remove this from list to protect it from beign free() 283 * while host disables our function 284 */ 285 list_del(&list->list); 286 287 req = list->req; 288 count = min_t(unsigned int, count, req->actual - list->pos); 289 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 290 291 /* copy to user outside spinlock */ 292 count -= copy_to_user(buffer, req->buf + list->pos, count); 293 list->pos += count; 294 295 /* 296 * if this request is completely handled and transfered to 297 * userspace, remove its entry from the list and requeue it 298 * again. Otherwise, we will revisit it again upon the next 299 * call, taking into account its current read position. 300 */ 301 if (list->pos == req->actual) { 302 kfree(list); 303 304 req->length = hidg->report_length; 305 ret = usb_ep_queue(hidg->out_ep, req, GFP_KERNEL); 306 if (ret < 0) { 307 free_ep_req(hidg->out_ep, req); 308 return ret; 309 } 310 } else { 311 spin_lock_irqsave(&hidg->read_spinlock, flags); 312 list_add(&list->list, &hidg->completed_out_req); 313 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 314 315 wake_up(&hidg->read_queue); 316 } 317 318 return count; 319 } 320 321 static void f_hidg_req_complete(struct usb_ep *ep, struct usb_request *req) 322 { 323 struct f_hidg *hidg = (struct f_hidg *)ep->driver_data; 324 unsigned long flags; 325 326 if (req->status != 0) { 327 ERROR(hidg->func.config->cdev, 328 "End Point Request ERROR: %d\n", req->status); 329 } 330 331 spin_lock_irqsave(&hidg->write_spinlock, flags); 332 hidg->write_pending = 0; 333 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 334 wake_up(&hidg->write_queue); 335 } 336 337 static ssize_t f_hidg_write(struct file *file, const char __user *buffer, 338 size_t count, loff_t *offp) 339 { 340 struct f_hidg *hidg = file->private_data; 341 struct usb_request *req; 342 unsigned long flags; 343 ssize_t status = -ENOMEM; 344 345 if (!access_ok(VERIFY_READ, buffer, count)) 346 return -EFAULT; 347 348 spin_lock_irqsave(&hidg->write_spinlock, flags); 349 350 #define WRITE_COND (!hidg->write_pending) 351 try_again: 352 /* write queue */ 353 while (!WRITE_COND) { 354 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 355 if (file->f_flags & O_NONBLOCK) 356 return -EAGAIN; 357 358 if (wait_event_interruptible_exclusive( 359 hidg->write_queue, WRITE_COND)) 360 return -ERESTARTSYS; 361 362 spin_lock_irqsave(&hidg->write_spinlock, flags); 363 } 364 365 hidg->write_pending = 1; 366 req = hidg->req; 367 count = min_t(unsigned, count, hidg->report_length); 368 369 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 370 status = copy_from_user(req->buf, buffer, count); 371 372 if (status != 0) { 373 ERROR(hidg->func.config->cdev, 374 "copy_from_user error\n"); 375 status = -EINVAL; 376 goto release_write_pending; 377 } 378 379 spin_lock_irqsave(&hidg->write_spinlock, flags); 380 381 /* when our function has been disabled by host */ 382 if (!hidg->req) { 383 free_ep_req(hidg->in_ep, req); 384 /* 385 * TODO 386 * Should we fail with error here? 387 */ 388 goto try_again; 389 } 390 391 req->status = 0; 392 req->zero = 0; 393 req->length = count; 394 req->complete = f_hidg_req_complete; 395 req->context = hidg; 396 397 status = usb_ep_queue(hidg->in_ep, req, GFP_ATOMIC); 398 if (status < 0) { 399 ERROR(hidg->func.config->cdev, 400 "usb_ep_queue error on int endpoint %zd\n", status); 401 goto release_write_pending_unlocked; 402 } else { 403 status = count; 404 } 405 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 406 407 return status; 408 release_write_pending: 409 spin_lock_irqsave(&hidg->write_spinlock, flags); 410 release_write_pending_unlocked: 411 hidg->write_pending = 0; 412 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 413 414 wake_up(&hidg->write_queue); 415 416 return status; 417 } 418 419 static unsigned int f_hidg_poll(struct file *file, poll_table *wait) 420 { 421 struct f_hidg *hidg = file->private_data; 422 unsigned int ret = 0; 423 424 poll_wait(file, &hidg->read_queue, wait); 425 poll_wait(file, &hidg->write_queue, wait); 426 427 if (WRITE_COND) 428 ret |= POLLOUT | POLLWRNORM; 429 430 if (READ_COND) 431 ret |= POLLIN | POLLRDNORM; 432 433 return ret; 434 } 435 436 #undef WRITE_COND 437 #undef READ_COND 438 439 static int f_hidg_release(struct inode *inode, struct file *fd) 440 { 441 fd->private_data = NULL; 442 return 0; 443 } 444 445 static int f_hidg_open(struct inode *inode, struct file *fd) 446 { 447 struct f_hidg *hidg = 448 container_of(inode->i_cdev, struct f_hidg, cdev); 449 450 fd->private_data = hidg; 451 452 return 0; 453 } 454 455 /*-------------------------------------------------------------------------*/ 456 /* usb_function */ 457 458 static inline struct usb_request *hidg_alloc_ep_req(struct usb_ep *ep, 459 unsigned length) 460 { 461 return alloc_ep_req(ep, length); 462 } 463 464 static void hidg_set_report_complete(struct usb_ep *ep, struct usb_request *req) 465 { 466 struct f_hidg *hidg = (struct f_hidg *) req->context; 467 struct usb_composite_dev *cdev = hidg->func.config->cdev; 468 struct f_hidg_req_list *req_list; 469 unsigned long flags; 470 471 switch (req->status) { 472 case 0: 473 req_list = kzalloc(sizeof(*req_list), GFP_ATOMIC); 474 if (!req_list) { 475 ERROR(cdev, "Unable to allocate mem for req_list\n"); 476 goto free_req; 477 } 478 479 req_list->req = req; 480 481 spin_lock_irqsave(&hidg->read_spinlock, flags); 482 list_add_tail(&req_list->list, &hidg->completed_out_req); 483 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 484 485 wake_up(&hidg->read_queue); 486 break; 487 default: 488 ERROR(cdev, "Set report failed %d\n", req->status); 489 /* FALLTHROUGH */ 490 case -ECONNABORTED: /* hardware forced ep reset */ 491 case -ECONNRESET: /* request dequeued */ 492 case -ESHUTDOWN: /* disconnect from host */ 493 free_req: 494 free_ep_req(ep, req); 495 return; 496 } 497 } 498 499 static int hidg_setup(struct usb_function *f, 500 const struct usb_ctrlrequest *ctrl) 501 { 502 struct f_hidg *hidg = func_to_hidg(f); 503 struct usb_composite_dev *cdev = f->config->cdev; 504 struct usb_request *req = cdev->req; 505 int status = 0; 506 __u16 value, length; 507 508 value = __le16_to_cpu(ctrl->wValue); 509 length = __le16_to_cpu(ctrl->wLength); 510 511 VDBG(cdev, 512 "%s crtl_request : bRequestType:0x%x bRequest:0x%x Value:0x%x\n", 513 __func__, ctrl->bRequestType, ctrl->bRequest, value); 514 515 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) { 516 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 517 | HID_REQ_GET_REPORT): 518 VDBG(cdev, "get_report\n"); 519 520 /* send an empty report */ 521 length = min_t(unsigned, length, hidg->report_length); 522 memset(req->buf, 0x0, length); 523 524 goto respond; 525 break; 526 527 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 528 | HID_REQ_GET_PROTOCOL): 529 VDBG(cdev, "get_protocol\n"); 530 goto stall; 531 break; 532 533 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 534 | HID_REQ_SET_REPORT): 535 VDBG(cdev, "set_report | wLength=%d\n", ctrl->wLength); 536 goto stall; 537 break; 538 539 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 540 | HID_REQ_SET_PROTOCOL): 541 VDBG(cdev, "set_protocol\n"); 542 goto stall; 543 break; 544 545 case ((USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_INTERFACE) << 8 546 | USB_REQ_GET_DESCRIPTOR): 547 switch (value >> 8) { 548 case HID_DT_HID: 549 { 550 struct hid_descriptor hidg_desc_copy = hidg_desc; 551 552 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n"); 553 hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT; 554 hidg_desc_copy.desc[0].wDescriptorLength = 555 cpu_to_le16(hidg->report_desc_length); 556 557 length = min_t(unsigned short, length, 558 hidg_desc_copy.bLength); 559 memcpy(req->buf, &hidg_desc_copy, length); 560 goto respond; 561 break; 562 } 563 case HID_DT_REPORT: 564 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: REPORT\n"); 565 length = min_t(unsigned short, length, 566 hidg->report_desc_length); 567 memcpy(req->buf, hidg->report_desc, length); 568 goto respond; 569 break; 570 571 default: 572 VDBG(cdev, "Unknown descriptor request 0x%x\n", 573 value >> 8); 574 goto stall; 575 break; 576 } 577 break; 578 579 default: 580 VDBG(cdev, "Unknown request 0x%x\n", 581 ctrl->bRequest); 582 goto stall; 583 break; 584 } 585 586 stall: 587 return -EOPNOTSUPP; 588 589 respond: 590 req->zero = 0; 591 req->length = length; 592 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); 593 if (status < 0) 594 ERROR(cdev, "usb_ep_queue error on ep0 %d\n", value); 595 return status; 596 } 597 598 static void hidg_disable(struct usb_function *f) 599 { 600 struct f_hidg *hidg = func_to_hidg(f); 601 struct f_hidg_req_list *list, *next; 602 unsigned long flags; 603 604 usb_ep_disable(hidg->in_ep); 605 usb_ep_disable(hidg->out_ep); 606 607 spin_lock_irqsave(&hidg->read_spinlock, flags); 608 list_for_each_entry_safe(list, next, &hidg->completed_out_req, list) { 609 free_ep_req(hidg->out_ep, list->req); 610 list_del(&list->list); 611 kfree(list); 612 } 613 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 614 615 spin_lock_irqsave(&hidg->write_spinlock, flags); 616 if (!hidg->write_pending) { 617 free_ep_req(hidg->in_ep, hidg->req); 618 hidg->write_pending = 1; 619 } 620 621 hidg->req = NULL; 622 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 623 } 624 625 static int hidg_set_alt(struct usb_function *f, unsigned intf, unsigned alt) 626 { 627 struct usb_composite_dev *cdev = f->config->cdev; 628 struct f_hidg *hidg = func_to_hidg(f); 629 struct usb_request *req_in = NULL; 630 unsigned long flags; 631 int i, status = 0; 632 633 VDBG(cdev, "hidg_set_alt intf:%d alt:%d\n", intf, alt); 634 635 if (hidg->in_ep != NULL) { 636 /* restart endpoint */ 637 usb_ep_disable(hidg->in_ep); 638 639 status = config_ep_by_speed(f->config->cdev->gadget, f, 640 hidg->in_ep); 641 if (status) { 642 ERROR(cdev, "config_ep_by_speed FAILED!\n"); 643 goto fail; 644 } 645 status = usb_ep_enable(hidg->in_ep); 646 if (status < 0) { 647 ERROR(cdev, "Enable IN endpoint FAILED!\n"); 648 goto fail; 649 } 650 hidg->in_ep->driver_data = hidg; 651 652 req_in = hidg_alloc_ep_req(hidg->in_ep, hidg->report_length); 653 if (!req_in) { 654 status = -ENOMEM; 655 goto disable_ep_in; 656 } 657 } 658 659 660 if (hidg->out_ep != NULL) { 661 /* restart endpoint */ 662 usb_ep_disable(hidg->out_ep); 663 664 status = config_ep_by_speed(f->config->cdev->gadget, f, 665 hidg->out_ep); 666 if (status) { 667 ERROR(cdev, "config_ep_by_speed FAILED!\n"); 668 goto free_req_in; 669 } 670 status = usb_ep_enable(hidg->out_ep); 671 if (status < 0) { 672 ERROR(cdev, "Enable OUT endpoint FAILED!\n"); 673 goto free_req_in; 674 } 675 hidg->out_ep->driver_data = hidg; 676 677 /* 678 * allocate a bunch of read buffers and queue them all at once. 679 */ 680 for (i = 0; i < hidg->qlen && status == 0; i++) { 681 struct usb_request *req = 682 hidg_alloc_ep_req(hidg->out_ep, 683 hidg->report_length); 684 if (req) { 685 req->complete = hidg_set_report_complete; 686 req->context = hidg; 687 status = usb_ep_queue(hidg->out_ep, req, 688 GFP_ATOMIC); 689 if (status) { 690 ERROR(cdev, "%s queue req --> %d\n", 691 hidg->out_ep->name, status); 692 free_ep_req(hidg->out_ep, req); 693 } 694 } else { 695 status = -ENOMEM; 696 goto disable_out_ep; 697 } 698 } 699 } 700 701 if (hidg->in_ep != NULL) { 702 spin_lock_irqsave(&hidg->write_spinlock, flags); 703 hidg->req = req_in; 704 hidg->write_pending = 0; 705 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 706 707 wake_up(&hidg->write_queue); 708 } 709 return 0; 710 disable_out_ep: 711 usb_ep_disable(hidg->out_ep); 712 free_req_in: 713 if (req_in) 714 free_ep_req(hidg->in_ep, req_in); 715 716 disable_ep_in: 717 if (hidg->in_ep) 718 usb_ep_disable(hidg->in_ep); 719 720 fail: 721 return status; 722 } 723 724 static const struct file_operations f_hidg_fops = { 725 .owner = THIS_MODULE, 726 .open = f_hidg_open, 727 .release = f_hidg_release, 728 .write = f_hidg_write, 729 .read = f_hidg_read, 730 .poll = f_hidg_poll, 731 .llseek = noop_llseek, 732 }; 733 734 static int hidg_bind(struct usb_configuration *c, struct usb_function *f) 735 { 736 struct usb_ep *ep; 737 struct f_hidg *hidg = func_to_hidg(f); 738 struct usb_string *us; 739 struct device *device; 740 int status; 741 dev_t dev; 742 743 /* maybe allocate device-global string IDs, and patch descriptors */ 744 us = usb_gstrings_attach(c->cdev, ct_func_strings, 745 ARRAY_SIZE(ct_func_string_defs)); 746 if (IS_ERR(us)) 747 return PTR_ERR(us); 748 hidg_interface_desc.iInterface = us[CT_FUNC_HID_IDX].id; 749 750 /* allocate instance-specific interface IDs, and patch descriptors */ 751 status = usb_interface_id(c, f); 752 if (status < 0) 753 goto fail; 754 hidg_interface_desc.bInterfaceNumber = status; 755 756 /* allocate instance-specific endpoints */ 757 status = -ENODEV; 758 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_in_ep_desc); 759 if (!ep) 760 goto fail; 761 hidg->in_ep = ep; 762 763 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_out_ep_desc); 764 if (!ep) 765 goto fail; 766 hidg->out_ep = ep; 767 768 /* set descriptor dynamic values */ 769 hidg_interface_desc.bInterfaceSubClass = hidg->bInterfaceSubClass; 770 hidg_interface_desc.bInterfaceProtocol = hidg->bInterfaceProtocol; 771 hidg_ss_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 772 hidg_ss_in_comp_desc.wBytesPerInterval = 773 cpu_to_le16(hidg->report_length); 774 hidg_hs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 775 hidg_fs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 776 hidg_ss_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 777 hidg_ss_out_comp_desc.wBytesPerInterval = 778 cpu_to_le16(hidg->report_length); 779 hidg_hs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 780 hidg_fs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 781 /* 782 * We can use hidg_desc struct here but we should not relay 783 * that its content won't change after returning from this function. 784 */ 785 hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT; 786 hidg_desc.desc[0].wDescriptorLength = 787 cpu_to_le16(hidg->report_desc_length); 788 789 hidg_hs_in_ep_desc.bEndpointAddress = 790 hidg_fs_in_ep_desc.bEndpointAddress; 791 hidg_hs_out_ep_desc.bEndpointAddress = 792 hidg_fs_out_ep_desc.bEndpointAddress; 793 794 hidg_ss_in_ep_desc.bEndpointAddress = 795 hidg_fs_in_ep_desc.bEndpointAddress; 796 hidg_ss_out_ep_desc.bEndpointAddress = 797 hidg_fs_out_ep_desc.bEndpointAddress; 798 799 status = usb_assign_descriptors(f, hidg_fs_descriptors, 800 hidg_hs_descriptors, hidg_ss_descriptors, NULL); 801 if (status) 802 goto fail; 803 804 spin_lock_init(&hidg->write_spinlock); 805 hidg->write_pending = 1; 806 hidg->req = NULL; 807 spin_lock_init(&hidg->read_spinlock); 808 init_waitqueue_head(&hidg->write_queue); 809 init_waitqueue_head(&hidg->read_queue); 810 INIT_LIST_HEAD(&hidg->completed_out_req); 811 812 /* create char device */ 813 cdev_init(&hidg->cdev, &f_hidg_fops); 814 dev = MKDEV(major, hidg->minor); 815 status = cdev_add(&hidg->cdev, dev, 1); 816 if (status) 817 goto fail_free_descs; 818 819 device = device_create(hidg_class, NULL, dev, NULL, 820 "%s%d", "hidg", hidg->minor); 821 if (IS_ERR(device)) { 822 status = PTR_ERR(device); 823 goto del; 824 } 825 826 return 0; 827 del: 828 cdev_del(&hidg->cdev); 829 fail_free_descs: 830 usb_free_all_descriptors(f); 831 fail: 832 ERROR(f->config->cdev, "hidg_bind FAILED\n"); 833 if (hidg->req != NULL) 834 free_ep_req(hidg->in_ep, hidg->req); 835 836 return status; 837 } 838 839 static inline int hidg_get_minor(void) 840 { 841 int ret; 842 843 ret = ida_simple_get(&hidg_ida, 0, 0, GFP_KERNEL); 844 if (ret >= HIDG_MINORS) { 845 ida_simple_remove(&hidg_ida, ret); 846 ret = -ENODEV; 847 } 848 849 return ret; 850 } 851 852 static inline struct f_hid_opts *to_f_hid_opts(struct config_item *item) 853 { 854 return container_of(to_config_group(item), struct f_hid_opts, 855 func_inst.group); 856 } 857 858 static void hid_attr_release(struct config_item *item) 859 { 860 struct f_hid_opts *opts = to_f_hid_opts(item); 861 862 usb_put_function_instance(&opts->func_inst); 863 } 864 865 static struct configfs_item_operations hidg_item_ops = { 866 .release = hid_attr_release, 867 }; 868 869 #define F_HID_OPT(name, prec, limit) \ 870 static ssize_t f_hid_opts_##name##_show(struct config_item *item, char *page)\ 871 { \ 872 struct f_hid_opts *opts = to_f_hid_opts(item); \ 873 int result; \ 874 \ 875 mutex_lock(&opts->lock); \ 876 result = sprintf(page, "%d\n", opts->name); \ 877 mutex_unlock(&opts->lock); \ 878 \ 879 return result; \ 880 } \ 881 \ 882 static ssize_t f_hid_opts_##name##_store(struct config_item *item, \ 883 const char *page, size_t len) \ 884 { \ 885 struct f_hid_opts *opts = to_f_hid_opts(item); \ 886 int ret; \ 887 u##prec num; \ 888 \ 889 mutex_lock(&opts->lock); \ 890 if (opts->refcnt) { \ 891 ret = -EBUSY; \ 892 goto end; \ 893 } \ 894 \ 895 ret = kstrtou##prec(page, 0, &num); \ 896 if (ret) \ 897 goto end; \ 898 \ 899 if (num > limit) { \ 900 ret = -EINVAL; \ 901 goto end; \ 902 } \ 903 opts->name = num; \ 904 ret = len; \ 905 \ 906 end: \ 907 mutex_unlock(&opts->lock); \ 908 return ret; \ 909 } \ 910 \ 911 CONFIGFS_ATTR(f_hid_opts_, name) 912 913 F_HID_OPT(subclass, 8, 255); 914 F_HID_OPT(protocol, 8, 255); 915 F_HID_OPT(report_length, 16, 65535); 916 917 static ssize_t f_hid_opts_report_desc_show(struct config_item *item, char *page) 918 { 919 struct f_hid_opts *opts = to_f_hid_opts(item); 920 int result; 921 922 mutex_lock(&opts->lock); 923 result = opts->report_desc_length; 924 memcpy(page, opts->report_desc, opts->report_desc_length); 925 mutex_unlock(&opts->lock); 926 927 return result; 928 } 929 930 static ssize_t f_hid_opts_report_desc_store(struct config_item *item, 931 const char *page, size_t len) 932 { 933 struct f_hid_opts *opts = to_f_hid_opts(item); 934 int ret = -EBUSY; 935 char *d; 936 937 mutex_lock(&opts->lock); 938 939 if (opts->refcnt) 940 goto end; 941 if (len > PAGE_SIZE) { 942 ret = -ENOSPC; 943 goto end; 944 } 945 d = kmemdup(page, len, GFP_KERNEL); 946 if (!d) { 947 ret = -ENOMEM; 948 goto end; 949 } 950 kfree(opts->report_desc); 951 opts->report_desc = d; 952 opts->report_desc_length = len; 953 opts->report_desc_alloc = true; 954 ret = len; 955 end: 956 mutex_unlock(&opts->lock); 957 return ret; 958 } 959 960 CONFIGFS_ATTR(f_hid_opts_, report_desc); 961 962 static ssize_t f_hid_opts_dev_show(struct config_item *item, char *page) 963 { 964 struct f_hid_opts *opts = to_f_hid_opts(item); 965 966 return sprintf(page, "%d:%d\n", major, opts->minor); 967 } 968 969 CONFIGFS_ATTR_RO(f_hid_opts_, dev); 970 971 static struct configfs_attribute *hid_attrs[] = { 972 &f_hid_opts_attr_subclass, 973 &f_hid_opts_attr_protocol, 974 &f_hid_opts_attr_report_length, 975 &f_hid_opts_attr_report_desc, 976 &f_hid_opts_attr_dev, 977 NULL, 978 }; 979 980 static struct config_item_type hid_func_type = { 981 .ct_item_ops = &hidg_item_ops, 982 .ct_attrs = hid_attrs, 983 .ct_owner = THIS_MODULE, 984 }; 985 986 static inline void hidg_put_minor(int minor) 987 { 988 ida_simple_remove(&hidg_ida, minor); 989 } 990 991 static void hidg_free_inst(struct usb_function_instance *f) 992 { 993 struct f_hid_opts *opts; 994 995 opts = container_of(f, struct f_hid_opts, func_inst); 996 997 mutex_lock(&hidg_ida_lock); 998 999 hidg_put_minor(opts->minor); 1000 if (ida_is_empty(&hidg_ida)) 1001 ghid_cleanup(); 1002 1003 mutex_unlock(&hidg_ida_lock); 1004 1005 if (opts->report_desc_alloc) 1006 kfree(opts->report_desc); 1007 1008 kfree(opts); 1009 } 1010 1011 static struct usb_function_instance *hidg_alloc_inst(void) 1012 { 1013 struct f_hid_opts *opts; 1014 struct usb_function_instance *ret; 1015 int status = 0; 1016 1017 opts = kzalloc(sizeof(*opts), GFP_KERNEL); 1018 if (!opts) 1019 return ERR_PTR(-ENOMEM); 1020 mutex_init(&opts->lock); 1021 opts->func_inst.free_func_inst = hidg_free_inst; 1022 ret = &opts->func_inst; 1023 1024 mutex_lock(&hidg_ida_lock); 1025 1026 if (ida_is_empty(&hidg_ida)) { 1027 status = ghid_setup(NULL, HIDG_MINORS); 1028 if (status) { 1029 ret = ERR_PTR(status); 1030 kfree(opts); 1031 goto unlock; 1032 } 1033 } 1034 1035 opts->minor = hidg_get_minor(); 1036 if (opts->minor < 0) { 1037 ret = ERR_PTR(opts->minor); 1038 kfree(opts); 1039 if (ida_is_empty(&hidg_ida)) 1040 ghid_cleanup(); 1041 goto unlock; 1042 } 1043 config_group_init_type_name(&opts->func_inst.group, "", &hid_func_type); 1044 1045 unlock: 1046 mutex_unlock(&hidg_ida_lock); 1047 return ret; 1048 } 1049 1050 static void hidg_free(struct usb_function *f) 1051 { 1052 struct f_hidg *hidg; 1053 struct f_hid_opts *opts; 1054 1055 hidg = func_to_hidg(f); 1056 opts = container_of(f->fi, struct f_hid_opts, func_inst); 1057 kfree(hidg->report_desc); 1058 kfree(hidg); 1059 mutex_lock(&opts->lock); 1060 --opts->refcnt; 1061 mutex_unlock(&opts->lock); 1062 } 1063 1064 static void hidg_unbind(struct usb_configuration *c, struct usb_function *f) 1065 { 1066 struct f_hidg *hidg = func_to_hidg(f); 1067 1068 device_destroy(hidg_class, MKDEV(major, hidg->minor)); 1069 cdev_del(&hidg->cdev); 1070 1071 usb_free_all_descriptors(f); 1072 } 1073 1074 static struct usb_function *hidg_alloc(struct usb_function_instance *fi) 1075 { 1076 struct f_hidg *hidg; 1077 struct f_hid_opts *opts; 1078 1079 /* allocate and initialize one new instance */ 1080 hidg = kzalloc(sizeof(*hidg), GFP_KERNEL); 1081 if (!hidg) 1082 return ERR_PTR(-ENOMEM); 1083 1084 opts = container_of(fi, struct f_hid_opts, func_inst); 1085 1086 mutex_lock(&opts->lock); 1087 ++opts->refcnt; 1088 1089 hidg->minor = opts->minor; 1090 hidg->bInterfaceSubClass = opts->subclass; 1091 hidg->bInterfaceProtocol = opts->protocol; 1092 hidg->report_length = opts->report_length; 1093 hidg->report_desc_length = opts->report_desc_length; 1094 if (opts->report_desc) { 1095 hidg->report_desc = kmemdup(opts->report_desc, 1096 opts->report_desc_length, 1097 GFP_KERNEL); 1098 if (!hidg->report_desc) { 1099 kfree(hidg); 1100 mutex_unlock(&opts->lock); 1101 return ERR_PTR(-ENOMEM); 1102 } 1103 } 1104 1105 mutex_unlock(&opts->lock); 1106 1107 hidg->func.name = "hid"; 1108 hidg->func.bind = hidg_bind; 1109 hidg->func.unbind = hidg_unbind; 1110 hidg->func.set_alt = hidg_set_alt; 1111 hidg->func.disable = hidg_disable; 1112 hidg->func.setup = hidg_setup; 1113 hidg->func.free_func = hidg_free; 1114 1115 /* this could me made configurable at some point */ 1116 hidg->qlen = 4; 1117 1118 return &hidg->func; 1119 } 1120 1121 DECLARE_USB_FUNCTION_INIT(hid, hidg_alloc_inst, hidg_alloc); 1122 MODULE_LICENSE("GPL"); 1123 MODULE_AUTHOR("Fabien Chouteau"); 1124 1125 int ghid_setup(struct usb_gadget *g, int count) 1126 { 1127 int status; 1128 dev_t dev; 1129 1130 hidg_class = class_create(THIS_MODULE, "hidg"); 1131 if (IS_ERR(hidg_class)) { 1132 status = PTR_ERR(hidg_class); 1133 hidg_class = NULL; 1134 return status; 1135 } 1136 1137 status = alloc_chrdev_region(&dev, 0, count, "hidg"); 1138 if (status) { 1139 class_destroy(hidg_class); 1140 hidg_class = NULL; 1141 return status; 1142 } 1143 1144 major = MAJOR(dev); 1145 minors = count; 1146 1147 return 0; 1148 } 1149 1150 void ghid_cleanup(void) 1151 { 1152 if (major) { 1153 unregister_chrdev_region(MKDEV(major, 0), minors); 1154 major = minors = 0; 1155 } 1156 1157 class_destroy(hidg_class); 1158 hidg_class = NULL; 1159 } 1160