1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * f_hid.c -- USB HID function driver
4 *
5 * Copyright (C) 2010 Fabien Chouteau <fabien.chouteau@barco.com>
6 */
7
8 #include <linux/kernel.h>
9 #include <linux/module.h>
10 #include <linux/hid.h>
11 #include <linux/idr.h>
12 #include <linux/cdev.h>
13 #include <linux/mutex.h>
14 #include <linux/poll.h>
15 #include <linux/uaccess.h>
16 #include <linux/wait.h>
17 #include <linux/sched.h>
18 #include <linux/workqueue.h>
19 #include <linux/usb/func_utils.h>
20 #include <linux/usb/g_hid.h>
21 #include <uapi/linux/usb/g_hid.h>
22
23 #include "u_hid.h"
24
25 #define HIDG_MINORS 4
26
27 /*
28 * Most operating systems seem to allow for 5000ms timeout, we will allow
29 * userspace half that time to respond before we return an empty report.
30 */
31 #define GET_REPORT_TIMEOUT_MS 2500
32
33 static int major, minors;
34
35 static const struct class hidg_class = {
36 .name = "hidg",
37 };
38
39 static DEFINE_IDA(hidg_ida);
40 static DEFINE_MUTEX(hidg_ida_lock); /* protects access to hidg_ida */
41
42 struct report_entry {
43 struct usb_hidg_report report_data;
44 struct list_head node;
45 };
46
47 /*-------------------------------------------------------------------------*/
48 /* HID gadget struct */
49
50 struct f_hidg_req_list {
51 struct usb_request *req;
52 unsigned int pos;
53 struct list_head list;
54 };
55
56 struct f_hidg {
57 /* configuration */
58 unsigned char bInterfaceSubClass;
59 unsigned char bInterfaceProtocol;
60 unsigned char protocol;
61 unsigned char idle;
62 unsigned short report_desc_length;
63 char *report_desc;
64 unsigned short report_length;
65 unsigned char interval;
66 bool interval_user_set;
67
68 /*
69 * use_out_ep - if true, the OUT Endpoint (interrupt out method)
70 * will be used to receive reports from the host
71 * using functions with the "intout" suffix.
72 * Otherwise, the OUT Endpoint will not be configured
73 * and the SETUP/SET_REPORT method ("ssreport" suffix)
74 * will be used to receive reports.
75 */
76 bool use_out_ep;
77
78 /* recv report */
79 spinlock_t read_spinlock;
80 wait_queue_head_t read_queue;
81 bool disabled;
82 /* recv report - interrupt out only (use_out_ep == 1) */
83 struct list_head completed_out_req;
84 unsigned int qlen;
85 /* recv report - setup set_report only (use_out_ep == 0) */
86 char *set_report_buf;
87 unsigned int set_report_length;
88
89 /* send report */
90 spinlock_t write_spinlock;
91 bool write_pending;
92 wait_queue_head_t write_queue;
93 struct usb_request *req;
94
95 /* get report */
96 struct usb_request *get_req;
97 struct usb_hidg_report get_report;
98 bool get_report_returned;
99 int get_report_req_report_id;
100 int get_report_req_report_length;
101 spinlock_t get_report_spinlock;
102 wait_queue_head_t get_queue; /* Waiting for userspace response */
103 wait_queue_head_t get_id_queue; /* Get ID came in */
104 struct work_struct work;
105 struct workqueue_struct *workqueue;
106 struct list_head report_list;
107
108 struct device dev;
109 struct cdev *cdev;
110 struct usb_function func;
111
112 struct usb_ep *in_ep;
113 struct usb_ep *out_ep;
114 };
115
func_to_hidg(struct usb_function * f)116 static inline struct f_hidg *func_to_hidg(struct usb_function *f)
117 {
118 return container_of(f, struct f_hidg, func);
119 }
120
hidg_release(struct device * dev)121 static void hidg_release(struct device *dev)
122 {
123 struct f_hidg *hidg = container_of(dev, struct f_hidg, dev);
124
125 kfree(hidg->report_desc);
126 kfree(hidg->set_report_buf);
127 kfree(hidg);
128 }
129
130 /*-------------------------------------------------------------------------*/
131 /* Static descriptors */
132
133 static struct usb_interface_descriptor hidg_interface_desc = {
134 .bLength = sizeof hidg_interface_desc,
135 .bDescriptorType = USB_DT_INTERFACE,
136 /* .bInterfaceNumber = DYNAMIC */
137 .bAlternateSetting = 0,
138 /* .bNumEndpoints = DYNAMIC (depends on use_out_ep) */
139 .bInterfaceClass = USB_CLASS_HID,
140 /* .bInterfaceSubClass = DYNAMIC */
141 /* .bInterfaceProtocol = DYNAMIC */
142 /* .iInterface = DYNAMIC */
143 };
144
145 static struct hid_descriptor hidg_desc = {
146 .bLength = sizeof hidg_desc,
147 .bDescriptorType = HID_DT_HID,
148 .bcdHID = cpu_to_le16(0x0101),
149 .bCountryCode = 0x00,
150 .bNumDescriptors = 0x1,
151 /*.rpt_desc.bDescriptorType = DYNAMIC */
152 /*.rpt_desc.wDescriptorLength = DYNAMIC */
153 };
154
155 /* Super-Speed Support */
156
157 static struct usb_endpoint_descriptor hidg_ss_in_ep_desc = {
158 .bLength = USB_DT_ENDPOINT_SIZE,
159 .bDescriptorType = USB_DT_ENDPOINT,
160 .bEndpointAddress = USB_DIR_IN,
161 .bmAttributes = USB_ENDPOINT_XFER_INT,
162 /*.wMaxPacketSize = DYNAMIC */
163 /*.bInterval = DYNAMIC */
164 };
165
166 static struct usb_ss_ep_comp_descriptor hidg_ss_in_comp_desc = {
167 .bLength = sizeof(hidg_ss_in_comp_desc),
168 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
169
170 /* .bMaxBurst = 0, */
171 /* .bmAttributes = 0, */
172 /* .wBytesPerInterval = DYNAMIC */
173 };
174
175 static struct usb_endpoint_descriptor hidg_ss_out_ep_desc = {
176 .bLength = USB_DT_ENDPOINT_SIZE,
177 .bDescriptorType = USB_DT_ENDPOINT,
178 .bEndpointAddress = USB_DIR_OUT,
179 .bmAttributes = USB_ENDPOINT_XFER_INT,
180 /*.wMaxPacketSize = DYNAMIC */
181 /*.bInterval = DYNAMIC */
182 };
183
184 static struct usb_ss_ep_comp_descriptor hidg_ss_out_comp_desc = {
185 .bLength = sizeof(hidg_ss_out_comp_desc),
186 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
187
188 /* .bMaxBurst = 0, */
189 /* .bmAttributes = 0, */
190 /* .wBytesPerInterval = DYNAMIC */
191 };
192
193 static struct usb_descriptor_header *hidg_ss_descriptors_intout[] = {
194 (struct usb_descriptor_header *)&hidg_interface_desc,
195 (struct usb_descriptor_header *)&hidg_desc,
196 (struct usb_descriptor_header *)&hidg_ss_in_ep_desc,
197 (struct usb_descriptor_header *)&hidg_ss_in_comp_desc,
198 (struct usb_descriptor_header *)&hidg_ss_out_ep_desc,
199 (struct usb_descriptor_header *)&hidg_ss_out_comp_desc,
200 NULL,
201 };
202
203 static struct usb_descriptor_header *hidg_ss_descriptors_ssreport[] = {
204 (struct usb_descriptor_header *)&hidg_interface_desc,
205 (struct usb_descriptor_header *)&hidg_desc,
206 (struct usb_descriptor_header *)&hidg_ss_in_ep_desc,
207 (struct usb_descriptor_header *)&hidg_ss_in_comp_desc,
208 NULL,
209 };
210
211 /* High-Speed Support */
212
213 static struct usb_endpoint_descriptor hidg_hs_in_ep_desc = {
214 .bLength = USB_DT_ENDPOINT_SIZE,
215 .bDescriptorType = USB_DT_ENDPOINT,
216 .bEndpointAddress = USB_DIR_IN,
217 .bmAttributes = USB_ENDPOINT_XFER_INT,
218 /*.wMaxPacketSize = DYNAMIC */
219 /* .bInterval = DYNAMIC */
220 };
221
222 static struct usb_endpoint_descriptor hidg_hs_out_ep_desc = {
223 .bLength = USB_DT_ENDPOINT_SIZE,
224 .bDescriptorType = USB_DT_ENDPOINT,
225 .bEndpointAddress = USB_DIR_OUT,
226 .bmAttributes = USB_ENDPOINT_XFER_INT,
227 /*.wMaxPacketSize = DYNAMIC */
228 /*.bInterval = DYNAMIC */
229 };
230
231 static struct usb_descriptor_header *hidg_hs_descriptors_intout[] = {
232 (struct usb_descriptor_header *)&hidg_interface_desc,
233 (struct usb_descriptor_header *)&hidg_desc,
234 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc,
235 (struct usb_descriptor_header *)&hidg_hs_out_ep_desc,
236 NULL,
237 };
238
239 static struct usb_descriptor_header *hidg_hs_descriptors_ssreport[] = {
240 (struct usb_descriptor_header *)&hidg_interface_desc,
241 (struct usb_descriptor_header *)&hidg_desc,
242 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc,
243 NULL,
244 };
245
246 /* Full-Speed Support */
247
248 static struct usb_endpoint_descriptor hidg_fs_in_ep_desc = {
249 .bLength = USB_DT_ENDPOINT_SIZE,
250 .bDescriptorType = USB_DT_ENDPOINT,
251 .bEndpointAddress = USB_DIR_IN,
252 .bmAttributes = USB_ENDPOINT_XFER_INT,
253 /*.wMaxPacketSize = DYNAMIC */
254 /*.bInterval = DYNAMIC */
255 };
256
257 static struct usb_endpoint_descriptor hidg_fs_out_ep_desc = {
258 .bLength = USB_DT_ENDPOINT_SIZE,
259 .bDescriptorType = USB_DT_ENDPOINT,
260 .bEndpointAddress = USB_DIR_OUT,
261 .bmAttributes = USB_ENDPOINT_XFER_INT,
262 /*.wMaxPacketSize = DYNAMIC */
263 /*.bInterval = DYNAMIC */
264 };
265
266 static struct usb_descriptor_header *hidg_fs_descriptors_intout[] = {
267 (struct usb_descriptor_header *)&hidg_interface_desc,
268 (struct usb_descriptor_header *)&hidg_desc,
269 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc,
270 (struct usb_descriptor_header *)&hidg_fs_out_ep_desc,
271 NULL,
272 };
273
274 static struct usb_descriptor_header *hidg_fs_descriptors_ssreport[] = {
275 (struct usb_descriptor_header *)&hidg_interface_desc,
276 (struct usb_descriptor_header *)&hidg_desc,
277 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc,
278 NULL,
279 };
280
281 /*-------------------------------------------------------------------------*/
282 /* Strings */
283
284 #define CT_FUNC_HID_IDX 0
285
286 static struct usb_string ct_func_string_defs[] = {
287 [CT_FUNC_HID_IDX].s = "HID Interface",
288 {}, /* end of list */
289 };
290
291 static struct usb_gadget_strings ct_func_string_table = {
292 .language = 0x0409, /* en-US */
293 .strings = ct_func_string_defs,
294 };
295
296 static struct usb_gadget_strings *ct_func_strings[] = {
297 &ct_func_string_table,
298 NULL,
299 };
300
301 /*-------------------------------------------------------------------------*/
302 /* Char Device */
303
f_hidg_intout_read(struct file * file,char __user * buffer,size_t count,loff_t * ptr)304 static ssize_t f_hidg_intout_read(struct file *file, char __user *buffer,
305 size_t count, loff_t *ptr)
306 {
307 struct f_hidg *hidg = file->private_data;
308 struct f_hidg_req_list *list;
309 struct usb_request *req;
310 unsigned long flags;
311 int ret;
312
313 if (!count)
314 return 0;
315
316 spin_lock_irqsave(&hidg->read_spinlock, flags);
317
318 #define READ_COND_INTOUT (!list_empty(&hidg->completed_out_req) || hidg->disabled)
319
320 /* wait for at least one buffer to complete */
321 while (!READ_COND_INTOUT) {
322 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
323 if (file->f_flags & O_NONBLOCK)
324 return -EAGAIN;
325
326 if (wait_event_interruptible(hidg->read_queue, READ_COND_INTOUT))
327 return -ERESTARTSYS;
328
329 spin_lock_irqsave(&hidg->read_spinlock, flags);
330 }
331
332 if (hidg->disabled) {
333 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
334 return -ESHUTDOWN;
335 }
336
337 /* pick the first one */
338 list = list_first_entry(&hidg->completed_out_req,
339 struct f_hidg_req_list, list);
340
341 /*
342 * Remove this from list to protect it from beign free()
343 * while host disables our function
344 */
345 list_del(&list->list);
346
347 req = list->req;
348 count = min_t(unsigned int, count, req->actual - list->pos);
349 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
350
351 /* copy to user outside spinlock */
352 count -= copy_to_user(buffer, req->buf + list->pos, count);
353 list->pos += count;
354
355 /*
356 * if this request is completely handled and transfered to
357 * userspace, remove its entry from the list and requeue it
358 * again. Otherwise, we will revisit it again upon the next
359 * call, taking into account its current read position.
360 */
361 if (list->pos == req->actual) {
362 kfree(list);
363
364 req->length = hidg->report_length;
365 ret = usb_ep_queue(hidg->out_ep, req, GFP_KERNEL);
366 if (ret < 0) {
367 free_ep_req(hidg->out_ep, req);
368 return ret;
369 }
370 } else {
371 spin_lock_irqsave(&hidg->read_spinlock, flags);
372 list_add(&list->list, &hidg->completed_out_req);
373 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
374
375 wake_up(&hidg->read_queue);
376 }
377
378 return count;
379 }
380
381 #define READ_COND_SSREPORT (hidg->set_report_buf != NULL || hidg->disabled)
382
f_hidg_ssreport_read(struct file * file,char __user * buffer,size_t count,loff_t * ptr)383 static ssize_t f_hidg_ssreport_read(struct file *file, char __user *buffer,
384 size_t count, loff_t *ptr)
385 {
386 struct f_hidg *hidg = file->private_data;
387 char *tmp_buf = NULL;
388 unsigned long flags;
389
390 if (!count)
391 return 0;
392
393 spin_lock_irqsave(&hidg->read_spinlock, flags);
394
395 while (!READ_COND_SSREPORT) {
396 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
397 if (file->f_flags & O_NONBLOCK)
398 return -EAGAIN;
399
400 if (wait_event_interruptible(hidg->read_queue, READ_COND_SSREPORT))
401 return -ERESTARTSYS;
402
403 spin_lock_irqsave(&hidg->read_spinlock, flags);
404 }
405
406 count = min_t(unsigned int, count, hidg->set_report_length);
407 tmp_buf = hidg->set_report_buf;
408 hidg->set_report_buf = NULL;
409
410 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
411
412 if (tmp_buf != NULL) {
413 count -= copy_to_user(buffer, tmp_buf, count);
414 kfree(tmp_buf);
415 } else {
416 count = -ENOMEM;
417 }
418
419 wake_up(&hidg->read_queue);
420
421 return count;
422 }
423
f_hidg_read(struct file * file,char __user * buffer,size_t count,loff_t * ptr)424 static ssize_t f_hidg_read(struct file *file, char __user *buffer,
425 size_t count, loff_t *ptr)
426 {
427 struct f_hidg *hidg = file->private_data;
428
429 if (hidg->use_out_ep)
430 return f_hidg_intout_read(file, buffer, count, ptr);
431 else
432 return f_hidg_ssreport_read(file, buffer, count, ptr);
433 }
434
f_hidg_req_complete(struct usb_ep * ep,struct usb_request * req)435 static void f_hidg_req_complete(struct usb_ep *ep, struct usb_request *req)
436 {
437 struct f_hidg *hidg = (struct f_hidg *)ep->driver_data;
438 unsigned long flags;
439
440 if (req->status != 0) {
441 ERROR(hidg->func.config->cdev,
442 "End Point Request ERROR: %d\n", req->status);
443 }
444
445 spin_lock_irqsave(&hidg->write_spinlock, flags);
446 hidg->write_pending = 0;
447 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
448 wake_up(&hidg->write_queue);
449 }
450
f_hidg_write(struct file * file,const char __user * buffer,size_t count,loff_t * offp)451 static ssize_t f_hidg_write(struct file *file, const char __user *buffer,
452 size_t count, loff_t *offp)
453 {
454 struct f_hidg *hidg = file->private_data;
455 struct usb_request *req;
456 unsigned long flags;
457 ssize_t status = -ENOMEM;
458
459 spin_lock_irqsave(&hidg->write_spinlock, flags);
460
461 if (!hidg->req) {
462 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
463 return -ESHUTDOWN;
464 }
465
466 #define WRITE_COND (!hidg->write_pending)
467 try_again:
468 /* write queue */
469 while (!WRITE_COND) {
470 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
471 if (file->f_flags & O_NONBLOCK)
472 return -EAGAIN;
473
474 if (wait_event_interruptible_exclusive(
475 hidg->write_queue, WRITE_COND))
476 return -ERESTARTSYS;
477
478 spin_lock_irqsave(&hidg->write_spinlock, flags);
479 }
480
481 hidg->write_pending = 1;
482 req = hidg->req;
483 count = min_t(unsigned, count, hidg->report_length);
484
485 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
486
487 if (!req) {
488 ERROR(hidg->func.config->cdev, "hidg->req is NULL\n");
489 status = -ESHUTDOWN;
490 goto release_write_pending;
491 }
492
493 status = copy_from_user(req->buf, buffer, count);
494 if (status != 0) {
495 ERROR(hidg->func.config->cdev,
496 "copy_from_user error\n");
497 status = -EINVAL;
498 goto release_write_pending;
499 }
500
501 spin_lock_irqsave(&hidg->write_spinlock, flags);
502
503 /* when our function has been disabled by host */
504 if (!hidg->req) {
505 free_ep_req(hidg->in_ep, req);
506 /*
507 * TODO
508 * Should we fail with error here?
509 */
510 goto try_again;
511 }
512
513 req->status = 0;
514 req->zero = 1;
515 req->length = count;
516 req->complete = f_hidg_req_complete;
517 req->context = hidg;
518
519 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
520
521 if (!hidg->in_ep->enabled) {
522 ERROR(hidg->func.config->cdev, "in_ep is disabled\n");
523 status = -ESHUTDOWN;
524 goto release_write_pending;
525 }
526
527 status = usb_ep_queue(hidg->in_ep, req, GFP_ATOMIC);
528 if (status < 0)
529 goto release_write_pending;
530 else
531 status = count;
532
533 return status;
534 release_write_pending:
535 spin_lock_irqsave(&hidg->write_spinlock, flags);
536 hidg->write_pending = 0;
537 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
538
539 wake_up(&hidg->write_queue);
540
541 return status;
542 }
543
f_hidg_search_for_report(struct f_hidg * hidg,u8 report_id)544 static struct report_entry *f_hidg_search_for_report(struct f_hidg *hidg, u8 report_id)
545 {
546 struct list_head *ptr;
547 struct report_entry *entry;
548
549 list_for_each(ptr, &hidg->report_list) {
550 entry = list_entry(ptr, struct report_entry, node);
551 if (entry->report_data.report_id == report_id)
552 return entry;
553 }
554
555 return NULL;
556 }
557
get_report_workqueue_handler(struct work_struct * work)558 static void get_report_workqueue_handler(struct work_struct *work)
559 {
560 struct f_hidg *hidg = container_of(work, struct f_hidg, work);
561 struct usb_composite_dev *cdev = hidg->func.config->cdev;
562 struct usb_request *req;
563 struct report_entry *ptr;
564 unsigned long flags;
565
566 int status = 0;
567
568 spin_lock_irqsave(&hidg->get_report_spinlock, flags);
569 req = hidg->get_req;
570 if (!req) {
571 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
572 return;
573 }
574
575 req->zero = 0;
576 req->length = min_t(unsigned int, min_t(unsigned int, hidg->get_report_req_report_length,
577 hidg->report_length),
578 MAX_REPORT_LENGTH);
579
580 /* Check if there is a response available for immediate response */
581 ptr = f_hidg_search_for_report(hidg, hidg->get_report_req_report_id);
582 if (ptr && !ptr->report_data.userspace_req) {
583 /* Report exists in list and it is to be used for immediate response */
584 req->buf = ptr->report_data.data;
585 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC);
586 hidg->get_report_returned = true;
587 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
588 } else {
589 /*
590 * Report does not exist in list or should not be immediately sent
591 * i.e. give userspace time to respond
592 */
593 hidg->get_report_returned = false;
594 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
595 wake_up(&hidg->get_id_queue);
596 #define GET_REPORT_COND (!hidg->get_report_returned)
597 /* Wait until userspace has responded or timeout */
598 status = wait_event_interruptible_timeout(hidg->get_queue, !GET_REPORT_COND,
599 msecs_to_jiffies(GET_REPORT_TIMEOUT_MS));
600 spin_lock_irqsave(&hidg->get_report_spinlock, flags);
601 req = hidg->get_req;
602 if (!req) {
603 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
604 return;
605 }
606 if (status == 0 && !hidg->get_report_returned) {
607 /* GET_REPORT request was not serviced by userspace within timeout period */
608 VDBG(cdev, "get_report : userspace timeout.\n");
609 hidg->get_report_returned = true;
610 }
611
612 /* Search again for report ID in list and respond to GET_REPORT request */
613 ptr = f_hidg_search_for_report(hidg, hidg->get_report_req_report_id);
614 if (ptr) {
615 /*
616 * Either get an updated response just serviced by userspace
617 * or send the latest response in the list
618 */
619 req->buf = ptr->report_data.data;
620 } else {
621 /* If there are no prevoiusly sent reports send empty report */
622 req->buf = hidg->get_report.data;
623 memset(req->buf, 0x0, req->length);
624 }
625
626 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC);
627 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
628 }
629
630 if (status < 0)
631 VDBG(cdev, "usb_ep_queue error on ep0 responding to GET_REPORT\n");
632 }
633
f_hidg_get_report_id(struct file * file,__u8 __user * buffer)634 static int f_hidg_get_report_id(struct file *file, __u8 __user *buffer)
635 {
636 struct f_hidg *hidg = file->private_data;
637 int ret = 0;
638
639 ret = put_user(hidg->get_report_req_report_id, buffer);
640
641 return ret;
642 }
643
f_hidg_get_report(struct file * file,struct usb_hidg_report __user * buffer)644 static int f_hidg_get_report(struct file *file, struct usb_hidg_report __user *buffer)
645 {
646 struct f_hidg *hidg = file->private_data;
647 struct usb_composite_dev *cdev = hidg->func.config->cdev;
648 unsigned long flags;
649 struct report_entry *entry;
650 struct report_entry *ptr;
651 __u8 report_id;
652
653 entry = kmalloc_obj(*entry);
654 if (!entry)
655 return -ENOMEM;
656
657 if (copy_from_user(&entry->report_data, buffer,
658 sizeof(struct usb_hidg_report))) {
659 ERROR(cdev, "copy_from_user error\n");
660 kfree(entry);
661 return -EINVAL;
662 }
663
664 report_id = entry->report_data.report_id;
665
666 spin_lock_irqsave(&hidg->get_report_spinlock, flags);
667 ptr = f_hidg_search_for_report(hidg, report_id);
668
669 if (ptr) {
670 /* Report already exists in list - update it */
671 if (copy_from_user(&ptr->report_data, buffer,
672 sizeof(struct usb_hidg_report))) {
673 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
674 ERROR(cdev, "copy_from_user error\n");
675 kfree(entry);
676 return -EINVAL;
677 }
678 kfree(entry);
679 } else {
680 /* Report does not exist in list - add it */
681 list_add_tail(&entry->node, &hidg->report_list);
682 }
683
684 /* If there is no response pending then do nothing further */
685 if (hidg->get_report_returned) {
686 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
687 return 0;
688 }
689
690 /* If this userspace response serves the current pending report */
691 if (hidg->get_report_req_report_id == report_id) {
692 hidg->get_report_returned = true;
693 wake_up(&hidg->get_queue);
694 }
695
696 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
697 return 0;
698 }
699
f_hidg_ioctl(struct file * file,unsigned int code,unsigned long arg)700 static long f_hidg_ioctl(struct file *file, unsigned int code, unsigned long arg)
701 {
702 switch (code) {
703 case GADGET_HID_READ_GET_REPORT_ID:
704 return f_hidg_get_report_id(file, (__u8 __user *)arg);
705 case GADGET_HID_WRITE_GET_REPORT:
706 return f_hidg_get_report(file, (struct usb_hidg_report __user *)arg);
707 default:
708 return -ENOTTY;
709 }
710 }
711
f_hidg_poll(struct file * file,poll_table * wait)712 static __poll_t f_hidg_poll(struct file *file, poll_table *wait)
713 {
714 struct f_hidg *hidg = file->private_data;
715 __poll_t ret = 0;
716
717 poll_wait(file, &hidg->read_queue, wait);
718 poll_wait(file, &hidg->write_queue, wait);
719 poll_wait(file, &hidg->get_queue, wait);
720 poll_wait(file, &hidg->get_id_queue, wait);
721
722 if (WRITE_COND)
723 ret |= EPOLLOUT | EPOLLWRNORM;
724
725 if (hidg->use_out_ep) {
726 if (READ_COND_INTOUT)
727 ret |= EPOLLIN | EPOLLRDNORM;
728 } else {
729 if (READ_COND_SSREPORT)
730 ret |= EPOLLIN | EPOLLRDNORM;
731 }
732
733 if (GET_REPORT_COND)
734 ret |= EPOLLPRI;
735
736 return ret;
737 }
738
739 #undef WRITE_COND
740 #undef READ_COND_SSREPORT
741 #undef READ_COND_INTOUT
742 #undef GET_REPORT_COND
743
f_hidg_release(struct inode * inode,struct file * fd)744 static int f_hidg_release(struct inode *inode, struct file *fd)
745 {
746 fd->private_data = NULL;
747 return 0;
748 }
749
f_hidg_open(struct inode * inode,struct file * fd)750 static int f_hidg_open(struct inode *inode, struct file *fd)
751 {
752 struct kobject *parent = inode->i_cdev->kobj.parent;
753 struct f_hidg *hidg =
754 container_of(parent, struct f_hidg, dev.kobj);
755
756 fd->private_data = hidg;
757
758 return 0;
759 }
760
761 /*-------------------------------------------------------------------------*/
762 /* usb_function */
763
hidg_alloc_ep_req(struct usb_ep * ep,unsigned length)764 static inline struct usb_request *hidg_alloc_ep_req(struct usb_ep *ep,
765 unsigned length)
766 {
767 return alloc_ep_req(ep, length);
768 }
769
hidg_intout_complete(struct usb_ep * ep,struct usb_request * req)770 static void hidg_intout_complete(struct usb_ep *ep, struct usb_request *req)
771 {
772 struct f_hidg *hidg = (struct f_hidg *) req->context;
773 struct usb_composite_dev *cdev = hidg->func.config->cdev;
774 struct f_hidg_req_list *req_list;
775 unsigned long flags;
776
777 switch (req->status) {
778 case 0:
779 req_list = kzalloc_obj(*req_list, GFP_ATOMIC);
780 if (!req_list) {
781 ERROR(cdev, "Unable to allocate mem for req_list\n");
782 goto free_req;
783 }
784
785 req_list->req = req;
786
787 spin_lock_irqsave(&hidg->read_spinlock, flags);
788 list_add_tail(&req_list->list, &hidg->completed_out_req);
789 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
790
791 wake_up(&hidg->read_queue);
792 break;
793 default:
794 ERROR(cdev, "Set report failed %d\n", req->status);
795 fallthrough;
796 case -ECONNABORTED: /* hardware forced ep reset */
797 case -ECONNRESET: /* request dequeued */
798 case -ESHUTDOWN: /* disconnect from host */
799 free_req:
800 free_ep_req(ep, req);
801 return;
802 }
803 }
804
hidg_ssreport_complete(struct usb_ep * ep,struct usb_request * req)805 static void hidg_ssreport_complete(struct usb_ep *ep, struct usb_request *req)
806 {
807 struct f_hidg *hidg = (struct f_hidg *)req->context;
808 struct usb_composite_dev *cdev = hidg->func.config->cdev;
809 char *new_buf = NULL;
810 unsigned long flags;
811
812 if (req->status != 0 || req->buf == NULL || req->actual == 0) {
813 ERROR(cdev,
814 "%s FAILED: status=%d, buf=%p, actual=%d\n",
815 __func__, req->status, req->buf, req->actual);
816 return;
817 }
818
819 spin_lock_irqsave(&hidg->read_spinlock, flags);
820
821 new_buf = krealloc(hidg->set_report_buf, req->actual, GFP_ATOMIC);
822 if (new_buf == NULL) {
823 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
824 return;
825 }
826 hidg->set_report_buf = new_buf;
827
828 hidg->set_report_length = req->actual;
829 memcpy(hidg->set_report_buf, req->buf, req->actual);
830
831 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
832
833 wake_up(&hidg->read_queue);
834 }
835
hidg_get_report_complete(struct usb_ep * ep,struct usb_request * req)836 static void hidg_get_report_complete(struct usb_ep *ep, struct usb_request *req)
837 {
838 }
839
hidg_setup(struct usb_function * f,const struct usb_ctrlrequest * ctrl)840 static int hidg_setup(struct usb_function *f,
841 const struct usb_ctrlrequest *ctrl)
842 {
843 struct f_hidg *hidg = func_to_hidg(f);
844 struct usb_composite_dev *cdev = f->config->cdev;
845 struct usb_request *req = cdev->req;
846 int status = 0;
847 __u16 value, length;
848 unsigned long flags;
849
850 value = __le16_to_cpu(ctrl->wValue);
851 length = __le16_to_cpu(ctrl->wLength);
852
853 VDBG(cdev,
854 "%s crtl_request : bRequestType:0x%x bRequest:0x%x Value:0x%x\n",
855 __func__, ctrl->bRequestType, ctrl->bRequest, value);
856
857 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) {
858 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
859 | HID_REQ_GET_REPORT):
860 VDBG(cdev, "get_report | wLength=%d\n", ctrl->wLength);
861
862 /*
863 * Update GET_REPORT ID so that an ioctl can be used to determine what
864 * GET_REPORT the request was actually for.
865 */
866 spin_lock_irqsave(&hidg->get_report_spinlock, flags);
867 hidg->get_report_req_report_id = value & 0xff;
868 hidg->get_report_req_report_length = length;
869 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
870
871 queue_work(hidg->workqueue, &hidg->work);
872
873 return status;
874
875 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
876 | HID_REQ_GET_PROTOCOL):
877 VDBG(cdev, "get_protocol\n");
878 length = min_t(unsigned int, length, 1);
879 ((u8 *) req->buf)[0] = hidg->protocol;
880 goto respond;
881 break;
882
883 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
884 | HID_REQ_GET_IDLE):
885 VDBG(cdev, "get_idle\n");
886 length = min_t(unsigned int, length, 1);
887 ((u8 *) req->buf)[0] = hidg->idle;
888 goto respond;
889 break;
890
891 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
892 | HID_REQ_SET_REPORT):
893 VDBG(cdev, "set_report | wLength=%d\n", ctrl->wLength);
894 if (hidg->use_out_ep)
895 goto stall;
896 req->complete = hidg_ssreport_complete;
897 req->context = hidg;
898 goto respond;
899 break;
900
901 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
902 | HID_REQ_SET_PROTOCOL):
903 VDBG(cdev, "set_protocol\n");
904 if (value > HID_REPORT_PROTOCOL)
905 goto stall;
906 length = 0;
907 /*
908 * We assume that programs implementing the Boot protocol
909 * are also compatible with the Report Protocol
910 */
911 if (hidg->bInterfaceSubClass == USB_INTERFACE_SUBCLASS_BOOT) {
912 hidg->protocol = value;
913 goto respond;
914 }
915 goto stall;
916 break;
917
918 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
919 | HID_REQ_SET_IDLE):
920 VDBG(cdev, "set_idle\n");
921 length = 0;
922 hidg->idle = value >> 8;
923 goto respond;
924 break;
925
926 case ((USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_INTERFACE) << 8
927 | USB_REQ_GET_DESCRIPTOR):
928 switch (value >> 8) {
929 case HID_DT_HID:
930 {
931 struct hid_descriptor hidg_desc_copy = hidg_desc;
932
933 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n");
934 hidg_desc_copy.rpt_desc.bDescriptorType = HID_DT_REPORT;
935 hidg_desc_copy.rpt_desc.wDescriptorLength =
936 cpu_to_le16(hidg->report_desc_length);
937
938 length = min_t(unsigned short, length,
939 hidg_desc_copy.bLength);
940 memcpy(req->buf, &hidg_desc_copy, length);
941 goto respond;
942 break;
943 }
944 case HID_DT_REPORT:
945 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: REPORT\n");
946 length = min_t(unsigned short, length,
947 hidg->report_desc_length);
948 memcpy(req->buf, hidg->report_desc, length);
949 goto respond;
950 break;
951
952 default:
953 VDBG(cdev, "Unknown descriptor request 0x%x\n",
954 value >> 8);
955 goto stall;
956 break;
957 }
958 break;
959
960 default:
961 VDBG(cdev, "Unknown request 0x%x\n",
962 ctrl->bRequest);
963 goto stall;
964 break;
965 }
966
967 stall:
968 return -EOPNOTSUPP;
969
970 respond:
971 req->zero = 1;
972 req->length = length;
973 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC);
974 if (status < 0)
975 ERROR(cdev, "usb_ep_queue error on ep0 %d\n", value);
976 return status;
977 }
978
hidg_disable(struct usb_function * f)979 static void hidg_disable(struct usb_function *f)
980 {
981 struct f_hidg *hidg = func_to_hidg(f);
982 struct f_hidg_req_list *list, *next;
983 unsigned long flags;
984
985 usb_ep_disable(hidg->in_ep);
986
987 if (hidg->out_ep) {
988 usb_ep_disable(hidg->out_ep);
989
990 spin_lock_irqsave(&hidg->read_spinlock, flags);
991 list_for_each_entry_safe(list, next, &hidg->completed_out_req, list) {
992 free_ep_req(hidg->out_ep, list->req);
993 list_del(&list->list);
994 kfree(list);
995 }
996 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
997 }
998
999 spin_lock_irqsave(&hidg->get_report_spinlock, flags);
1000 if (!hidg->get_report_returned) {
1001 usb_ep_free_request(f->config->cdev->gadget->ep0, hidg->get_req);
1002 hidg->get_req = NULL;
1003 hidg->get_report_returned = true;
1004 }
1005 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
1006
1007 spin_lock_irqsave(&hidg->read_spinlock, flags);
1008 hidg->disabled = true;
1009 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
1010 wake_up(&hidg->read_queue);
1011
1012 spin_lock_irqsave(&hidg->write_spinlock, flags);
1013 if (!hidg->write_pending) {
1014 free_ep_req(hidg->in_ep, hidg->req);
1015 hidg->write_pending = 1;
1016 }
1017
1018 hidg->req = NULL;
1019 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
1020 }
1021
hidg_set_alt(struct usb_function * f,unsigned intf,unsigned alt)1022 static int hidg_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
1023 {
1024 struct usb_composite_dev *cdev = f->config->cdev;
1025 struct f_hidg *hidg = func_to_hidg(f);
1026 struct usb_request *req_in = NULL;
1027 unsigned long flags;
1028 int i, status = 0;
1029
1030 VDBG(cdev, "hidg_set_alt intf:%d alt:%d\n", intf, alt);
1031
1032 if (hidg->in_ep != NULL) {
1033 /* restart endpoint */
1034 usb_ep_disable(hidg->in_ep);
1035
1036 status = config_ep_by_speed(f->config->cdev->gadget, f,
1037 hidg->in_ep);
1038 if (status) {
1039 ERROR(cdev, "config_ep_by_speed FAILED!\n");
1040 goto fail;
1041 }
1042 status = usb_ep_enable(hidg->in_ep);
1043 if (status < 0) {
1044 ERROR(cdev, "Enable IN endpoint FAILED!\n");
1045 goto fail;
1046 }
1047 hidg->in_ep->driver_data = hidg;
1048
1049 req_in = hidg_alloc_ep_req(hidg->in_ep, hidg->report_length);
1050 if (!req_in) {
1051 status = -ENOMEM;
1052 goto disable_ep_in;
1053 }
1054 }
1055
1056 if (hidg->use_out_ep && hidg->out_ep != NULL) {
1057 /* restart endpoint */
1058 usb_ep_disable(hidg->out_ep);
1059
1060 status = config_ep_by_speed(f->config->cdev->gadget, f,
1061 hidg->out_ep);
1062 if (status) {
1063 ERROR(cdev, "config_ep_by_speed FAILED!\n");
1064 goto free_req_in;
1065 }
1066 status = usb_ep_enable(hidg->out_ep);
1067 if (status < 0) {
1068 ERROR(cdev, "Enable OUT endpoint FAILED!\n");
1069 goto free_req_in;
1070 }
1071 hidg->out_ep->driver_data = hidg;
1072
1073 /*
1074 * allocate a bunch of read buffers and queue them all at once.
1075 */
1076 for (i = 0; i < hidg->qlen && status == 0; i++) {
1077 struct usb_request *req =
1078 hidg_alloc_ep_req(hidg->out_ep,
1079 hidg->report_length);
1080 if (req) {
1081 req->complete = hidg_intout_complete;
1082 req->context = hidg;
1083 status = usb_ep_queue(hidg->out_ep, req,
1084 GFP_ATOMIC);
1085 if (status) {
1086 ERROR(cdev, "%s queue req --> %d\n",
1087 hidg->out_ep->name, status);
1088 free_ep_req(hidg->out_ep, req);
1089 }
1090 } else {
1091 status = -ENOMEM;
1092 goto disable_out_ep;
1093 }
1094 }
1095 }
1096
1097 spin_lock_irqsave(&hidg->read_spinlock, flags);
1098 hidg->disabled = false;
1099 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
1100
1101 if (hidg->in_ep != NULL) {
1102 spin_lock_irqsave(&hidg->write_spinlock, flags);
1103 hidg->req = req_in;
1104 hidg->write_pending = 0;
1105 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
1106
1107 wake_up(&hidg->write_queue);
1108 }
1109 return 0;
1110 disable_out_ep:
1111 if (hidg->out_ep)
1112 usb_ep_disable(hidg->out_ep);
1113 free_req_in:
1114 if (req_in)
1115 free_ep_req(hidg->in_ep, req_in);
1116
1117 disable_ep_in:
1118 if (hidg->in_ep)
1119 usb_ep_disable(hidg->in_ep);
1120
1121 fail:
1122 return status;
1123 }
1124
1125 #ifdef CONFIG_COMPAT
f_hidg_compat_ioctl(struct file * file,unsigned int code,unsigned long value)1126 static long f_hidg_compat_ioctl(struct file *file, unsigned int code,
1127 unsigned long value)
1128 {
1129 return f_hidg_ioctl(file, code, value);
1130 }
1131 #endif
1132
1133 static const struct file_operations f_hidg_fops = {
1134 .owner = THIS_MODULE,
1135 .open = f_hidg_open,
1136 .release = f_hidg_release,
1137 .write = f_hidg_write,
1138 .read = f_hidg_read,
1139 .poll = f_hidg_poll,
1140 .unlocked_ioctl = f_hidg_ioctl,
1141 #ifdef CONFIG_COMPAT
1142 .compat_ioctl = f_hidg_compat_ioctl,
1143 #endif
1144 .llseek = noop_llseek,
1145 };
1146
hidg_bind(struct usb_configuration * c,struct usb_function * f)1147 static int hidg_bind(struct usb_configuration *c, struct usb_function *f)
1148 {
1149 struct usb_ep *ep;
1150 struct f_hidg *hidg = func_to_hidg(f);
1151 struct usb_string *us;
1152 int status;
1153
1154 hidg->get_req = usb_ep_alloc_request(c->cdev->gadget->ep0, GFP_ATOMIC);
1155 if (!hidg->get_req)
1156 return -ENOMEM;
1157
1158 hidg->get_req->zero = 0;
1159 hidg->get_req->complete = hidg_get_report_complete;
1160 hidg->get_req->context = hidg;
1161 hidg->get_report_returned = true;
1162
1163 /* maybe allocate device-global string IDs, and patch descriptors */
1164 us = usb_gstrings_attach(c->cdev, ct_func_strings,
1165 ARRAY_SIZE(ct_func_string_defs));
1166 if (IS_ERR(us))
1167 return PTR_ERR(us);
1168 hidg_interface_desc.iInterface = us[CT_FUNC_HID_IDX].id;
1169
1170 /* allocate instance-specific interface IDs, and patch descriptors */
1171 status = usb_interface_id(c, f);
1172 if (status < 0)
1173 goto fail;
1174 hidg_interface_desc.bInterfaceNumber = status;
1175
1176 /* allocate instance-specific endpoints */
1177 status = -ENODEV;
1178 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_in_ep_desc);
1179 if (!ep)
1180 goto fail;
1181 hidg->in_ep = ep;
1182
1183 hidg->out_ep = NULL;
1184 if (hidg->use_out_ep) {
1185 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_out_ep_desc);
1186 if (!ep)
1187 goto fail;
1188 hidg->out_ep = ep;
1189 }
1190
1191 /* used only if use_out_ep == 1 */
1192 hidg->set_report_buf = NULL;
1193
1194 /* set descriptor dynamic values */
1195 hidg_interface_desc.bInterfaceSubClass = hidg->bInterfaceSubClass;
1196 hidg_interface_desc.bInterfaceProtocol = hidg->bInterfaceProtocol;
1197 hidg_interface_desc.bNumEndpoints = hidg->use_out_ep ? 2 : 1;
1198 hidg->protocol = HID_REPORT_PROTOCOL;
1199 hidg->idle = 1;
1200 hidg_ss_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
1201 hidg_ss_in_comp_desc.wBytesPerInterval =
1202 cpu_to_le16(hidg->report_length);
1203 hidg_hs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
1204 hidg_fs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
1205 hidg_ss_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
1206
1207 /* IN endpoints: FS default=10ms, HS default=4µ-frame; user override if set */
1208 if (!hidg->interval_user_set) {
1209 hidg_fs_in_ep_desc.bInterval = 10;
1210 hidg_hs_in_ep_desc.bInterval = 4;
1211 hidg_ss_in_ep_desc.bInterval = 4;
1212 } else {
1213 hidg_fs_in_ep_desc.bInterval = hidg->interval;
1214 hidg_hs_in_ep_desc.bInterval = hidg->interval;
1215 hidg_ss_in_ep_desc.bInterval = hidg->interval;
1216 }
1217
1218 hidg_ss_out_comp_desc.wBytesPerInterval =
1219 cpu_to_le16(hidg->report_length);
1220 hidg_hs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
1221 hidg_fs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
1222 /*
1223 * We can use hidg_desc struct here but we should not relay
1224 * that its content won't change after returning from this function.
1225 */
1226 hidg_desc.rpt_desc.bDescriptorType = HID_DT_REPORT;
1227 hidg_desc.rpt_desc.wDescriptorLength =
1228 cpu_to_le16(hidg->report_desc_length);
1229
1230 hidg_hs_in_ep_desc.bEndpointAddress =
1231 hidg_fs_in_ep_desc.bEndpointAddress;
1232 hidg_hs_out_ep_desc.bEndpointAddress =
1233 hidg_fs_out_ep_desc.bEndpointAddress;
1234
1235 hidg_ss_in_ep_desc.bEndpointAddress =
1236 hidg_fs_in_ep_desc.bEndpointAddress;
1237 hidg_ss_out_ep_desc.bEndpointAddress =
1238 hidg_fs_out_ep_desc.bEndpointAddress;
1239
1240 if (hidg->use_out_ep) {
1241 /* OUT endpoints: same defaults (FS=10, HS=4) unless user set */
1242 if (!hidg->interval_user_set) {
1243 hidg_fs_out_ep_desc.bInterval = 10;
1244 hidg_hs_out_ep_desc.bInterval = 4;
1245 hidg_ss_out_ep_desc.bInterval = 4;
1246 } else {
1247 hidg_fs_out_ep_desc.bInterval = hidg->interval;
1248 hidg_hs_out_ep_desc.bInterval = hidg->interval;
1249 hidg_ss_out_ep_desc.bInterval = hidg->interval;
1250 }
1251 status = usb_assign_descriptors(f,
1252 hidg_fs_descriptors_intout,
1253 hidg_hs_descriptors_intout,
1254 hidg_ss_descriptors_intout,
1255 hidg_ss_descriptors_intout);
1256 } else {
1257 status = usb_assign_descriptors(f,
1258 hidg_fs_descriptors_ssreport,
1259 hidg_hs_descriptors_ssreport,
1260 hidg_ss_descriptors_ssreport,
1261 hidg_ss_descriptors_ssreport);
1262 }
1263 if (status)
1264 goto fail;
1265
1266 hidg->write_pending = 1;
1267 hidg->req = NULL;
1268
1269 INIT_WORK(&hidg->work, get_report_workqueue_handler);
1270 hidg->workqueue = alloc_workqueue("report_work",
1271 WQ_FREEZABLE | WQ_MEM_RECLAIM | WQ_PERCPU,
1272 1);
1273
1274 if (!hidg->workqueue) {
1275 status = -ENOMEM;
1276 goto fail_free_descs;
1277 }
1278
1279 /* create char device */
1280 hidg->cdev = cdev_alloc();
1281 if (!hidg->cdev) {
1282 status = -ENOMEM;
1283 goto fail_free_all;
1284 }
1285 hidg->cdev->ops = &f_hidg_fops;
1286
1287 status = cdev_device_add(hidg->cdev, &hidg->dev);
1288 if (status)
1289 goto fail_free_all;
1290
1291 return 0;
1292 fail_free_all:
1293 destroy_workqueue(hidg->workqueue);
1294 fail_free_descs:
1295 usb_free_all_descriptors(f);
1296 fail:
1297 ERROR(f->config->cdev, "hidg_bind FAILED\n");
1298 if (hidg->req != NULL)
1299 free_ep_req(hidg->in_ep, hidg->req);
1300
1301 usb_ep_free_request(c->cdev->gadget->ep0, hidg->get_req);
1302 hidg->get_req = NULL;
1303
1304 return status;
1305 }
1306
hidg_get_minor(void)1307 static inline int hidg_get_minor(void)
1308 {
1309 int ret;
1310
1311 ret = ida_alloc(&hidg_ida, GFP_KERNEL);
1312 if (ret >= HIDG_MINORS) {
1313 ida_free(&hidg_ida, ret);
1314 ret = -ENODEV;
1315 }
1316
1317 return ret;
1318 }
1319
to_f_hid_opts(struct config_item * item)1320 static inline struct f_hid_opts *to_f_hid_opts(struct config_item *item)
1321 {
1322 return container_of(to_config_group(item), struct f_hid_opts,
1323 func_inst.group);
1324 }
1325
hid_attr_release(struct config_item * item)1326 static void hid_attr_release(struct config_item *item)
1327 {
1328 struct f_hid_opts *opts = to_f_hid_opts(item);
1329
1330 usb_put_function_instance(&opts->func_inst);
1331 }
1332
1333 static const struct configfs_item_operations hidg_item_ops = {
1334 .release = hid_attr_release,
1335 };
1336
1337 #define F_HID_OPT(name, prec, limit) \
1338 static ssize_t f_hid_opts_##name##_show(struct config_item *item, char *page)\
1339 { \
1340 struct f_hid_opts *opts = to_f_hid_opts(item); \
1341 int result; \
1342 \
1343 mutex_lock(&opts->lock); \
1344 result = sprintf(page, "%d\n", opts->name); \
1345 mutex_unlock(&opts->lock); \
1346 \
1347 return result; \
1348 } \
1349 \
1350 static ssize_t f_hid_opts_##name##_store(struct config_item *item, \
1351 const char *page, size_t len) \
1352 { \
1353 struct f_hid_opts *opts = to_f_hid_opts(item); \
1354 int ret; \
1355 u##prec num; \
1356 \
1357 mutex_lock(&opts->lock); \
1358 if (opts->refcnt) { \
1359 ret = -EBUSY; \
1360 goto end; \
1361 } \
1362 \
1363 ret = kstrtou##prec(page, 0, &num); \
1364 if (ret) \
1365 goto end; \
1366 \
1367 if (num > limit) { \
1368 ret = -EINVAL; \
1369 goto end; \
1370 } \
1371 opts->name = num; \
1372 ret = len; \
1373 \
1374 end: \
1375 mutex_unlock(&opts->lock); \
1376 return ret; \
1377 } \
1378 \
1379 CONFIGFS_ATTR(f_hid_opts_, name)
1380
1381 F_HID_OPT(subclass, 8, 255);
1382 F_HID_OPT(protocol, 8, 255);
1383 F_HID_OPT(no_out_endpoint, 8, 1);
1384 F_HID_OPT(report_length, 16, 65535);
1385
f_hid_opts_report_desc_show(struct config_item * item,char * page)1386 static ssize_t f_hid_opts_report_desc_show(struct config_item *item, char *page)
1387 {
1388 struct f_hid_opts *opts = to_f_hid_opts(item);
1389 int result;
1390
1391 mutex_lock(&opts->lock);
1392 result = opts->report_desc_length;
1393 memcpy(page, opts->report_desc, opts->report_desc_length);
1394 mutex_unlock(&opts->lock);
1395
1396 return result;
1397 }
1398
f_hid_opts_report_desc_store(struct config_item * item,const char * page,size_t len)1399 static ssize_t f_hid_opts_report_desc_store(struct config_item *item,
1400 const char *page, size_t len)
1401 {
1402 struct f_hid_opts *opts = to_f_hid_opts(item);
1403 int ret = -EBUSY;
1404 char *d;
1405
1406 mutex_lock(&opts->lock);
1407
1408 if (opts->refcnt)
1409 goto end;
1410 if (len > PAGE_SIZE) {
1411 ret = -ENOSPC;
1412 goto end;
1413 }
1414 d = kmemdup(page, len, GFP_KERNEL);
1415 if (!d) {
1416 ret = -ENOMEM;
1417 goto end;
1418 }
1419 kfree(opts->report_desc);
1420 opts->report_desc = d;
1421 opts->report_desc_length = len;
1422 opts->report_desc_alloc = true;
1423 ret = len;
1424 end:
1425 mutex_unlock(&opts->lock);
1426 return ret;
1427 }
1428
1429 CONFIGFS_ATTR(f_hid_opts_, report_desc);
1430
f_hid_opts_interval_show(struct config_item * item,char * page)1431 static ssize_t f_hid_opts_interval_show(struct config_item *item, char *page)
1432 {
1433 struct f_hid_opts *opts = to_f_hid_opts(item);
1434 int result;
1435
1436 mutex_lock(&opts->lock);
1437 result = sprintf(page, "%d\n", opts->interval);
1438 mutex_unlock(&opts->lock);
1439
1440 return result;
1441 }
1442
f_hid_opts_interval_store(struct config_item * item,const char * page,size_t len)1443 static ssize_t f_hid_opts_interval_store(struct config_item *item,
1444 const char *page, size_t len)
1445 {
1446 struct f_hid_opts *opts = to_f_hid_opts(item);
1447 int ret;
1448 unsigned int tmp;
1449
1450 mutex_lock(&opts->lock);
1451 if (opts->refcnt) {
1452 ret = -EBUSY;
1453 goto end;
1454 }
1455
1456 /* parse into a wider type first */
1457 ret = kstrtouint(page, 0, &tmp);
1458 if (ret)
1459 goto end;
1460
1461 /* range-check against unsigned char max */
1462 if (tmp > 255) {
1463 ret = -EINVAL;
1464 goto end;
1465 }
1466
1467 opts->interval = (unsigned char)tmp;
1468 opts->interval_user_set = true;
1469 ret = len;
1470
1471 end:
1472 mutex_unlock(&opts->lock);
1473 return ret;
1474 }
1475
1476 CONFIGFS_ATTR(f_hid_opts_, interval);
1477
f_hid_opts_dev_show(struct config_item * item,char * page)1478 static ssize_t f_hid_opts_dev_show(struct config_item *item, char *page)
1479 {
1480 struct f_hid_opts *opts = to_f_hid_opts(item);
1481
1482 return sprintf(page, "%d:%d\n", major, opts->minor);
1483 }
1484
1485 CONFIGFS_ATTR_RO(f_hid_opts_, dev);
1486
1487 static struct configfs_attribute *hid_attrs[] = {
1488 &f_hid_opts_attr_subclass,
1489 &f_hid_opts_attr_protocol,
1490 &f_hid_opts_attr_no_out_endpoint,
1491 &f_hid_opts_attr_report_length,
1492 &f_hid_opts_attr_interval,
1493 &f_hid_opts_attr_report_desc,
1494 &f_hid_opts_attr_dev,
1495 NULL,
1496 };
1497
1498 static const struct config_item_type hid_func_type = {
1499 .ct_item_ops = &hidg_item_ops,
1500 .ct_attrs = hid_attrs,
1501 .ct_owner = THIS_MODULE,
1502 };
1503
hidg_put_minor(int minor)1504 static inline void hidg_put_minor(int minor)
1505 {
1506 ida_free(&hidg_ida, minor);
1507 }
1508
hidg_free_inst(struct usb_function_instance * f)1509 static void hidg_free_inst(struct usb_function_instance *f)
1510 {
1511 struct f_hid_opts *opts;
1512
1513 opts = container_of(f, struct f_hid_opts, func_inst);
1514
1515 mutex_lock(&hidg_ida_lock);
1516
1517 hidg_put_minor(opts->minor);
1518 if (ida_is_empty(&hidg_ida))
1519 ghid_cleanup();
1520
1521 mutex_unlock(&hidg_ida_lock);
1522
1523 if (opts->report_desc_alloc)
1524 kfree(opts->report_desc);
1525
1526 kfree(opts);
1527 }
1528
hidg_alloc_inst(void)1529 static struct usb_function_instance *hidg_alloc_inst(void)
1530 {
1531 struct f_hid_opts *opts;
1532 struct usb_function_instance *ret;
1533 int status = 0;
1534
1535 opts = kzalloc_obj(*opts);
1536 if (!opts)
1537 return ERR_PTR(-ENOMEM);
1538 mutex_init(&opts->lock);
1539
1540 opts->interval = 4;
1541 opts->interval_user_set = false;
1542
1543 opts->func_inst.free_func_inst = hidg_free_inst;
1544 ret = &opts->func_inst;
1545
1546 mutex_lock(&hidg_ida_lock);
1547
1548 if (ida_is_empty(&hidg_ida)) {
1549 status = ghid_setup(NULL, HIDG_MINORS);
1550 if (status) {
1551 ret = ERR_PTR(status);
1552 kfree(opts);
1553 goto unlock;
1554 }
1555 }
1556
1557 opts->minor = hidg_get_minor();
1558 if (opts->minor < 0) {
1559 ret = ERR_PTR(opts->minor);
1560 kfree(opts);
1561 if (ida_is_empty(&hidg_ida))
1562 ghid_cleanup();
1563 goto unlock;
1564 }
1565 config_group_init_type_name(&opts->func_inst.group, "", &hid_func_type);
1566
1567 unlock:
1568 mutex_unlock(&hidg_ida_lock);
1569 return ret;
1570 }
1571
hidg_free(struct usb_function * f)1572 static void hidg_free(struct usb_function *f)
1573 {
1574 struct f_hidg *hidg;
1575 struct f_hid_opts *opts;
1576
1577 hidg = func_to_hidg(f);
1578 opts = container_of(f->fi, struct f_hid_opts, func_inst);
1579 put_device(&hidg->dev);
1580 mutex_lock(&opts->lock);
1581 --opts->refcnt;
1582 mutex_unlock(&opts->lock);
1583 }
1584
hidg_unbind(struct usb_configuration * c,struct usb_function * f)1585 static void hidg_unbind(struct usb_configuration *c, struct usb_function *f)
1586 {
1587 struct f_hidg *hidg = func_to_hidg(f);
1588
1589 cdev_device_del(hidg->cdev, &hidg->dev);
1590 destroy_workqueue(hidg->workqueue);
1591 usb_free_all_descriptors(f);
1592 }
1593
hidg_alloc(struct usb_function_instance * fi)1594 static struct usb_function *hidg_alloc(struct usb_function_instance *fi)
1595 {
1596 struct f_hidg *hidg;
1597 struct f_hid_opts *opts;
1598 int ret;
1599
1600 /* allocate and initialize one new instance */
1601 hidg = kzalloc_obj(*hidg);
1602 if (!hidg)
1603 return ERR_PTR(-ENOMEM);
1604
1605 opts = container_of(fi, struct f_hid_opts, func_inst);
1606
1607 mutex_lock(&opts->lock);
1608
1609 spin_lock_init(&hidg->write_spinlock);
1610 spin_lock_init(&hidg->read_spinlock);
1611 spin_lock_init(&hidg->get_report_spinlock);
1612 init_waitqueue_head(&hidg->write_queue);
1613 init_waitqueue_head(&hidg->read_queue);
1614 init_waitqueue_head(&hidg->get_queue);
1615 init_waitqueue_head(&hidg->get_id_queue);
1616 INIT_LIST_HEAD(&hidg->completed_out_req);
1617 INIT_LIST_HEAD(&hidg->report_list);
1618
1619 device_initialize(&hidg->dev);
1620 hidg->dev.release = hidg_release;
1621 hidg->dev.class = &hidg_class;
1622 hidg->dev.devt = MKDEV(major, opts->minor);
1623 ret = dev_set_name(&hidg->dev, "hidg%d", opts->minor);
1624 if (ret)
1625 goto err_unlock;
1626
1627 hidg->bInterfaceSubClass = opts->subclass;
1628 hidg->bInterfaceProtocol = opts->protocol;
1629 hidg->report_length = opts->report_length;
1630 hidg->report_desc_length = opts->report_desc_length;
1631 hidg->interval = opts->interval;
1632 hidg->interval_user_set = opts->interval_user_set;
1633 if (opts->report_desc) {
1634 hidg->report_desc = kmemdup(opts->report_desc,
1635 opts->report_desc_length,
1636 GFP_KERNEL);
1637 if (!hidg->report_desc) {
1638 ret = -ENOMEM;
1639 goto err_put_device;
1640 }
1641 }
1642 hidg->use_out_ep = !opts->no_out_endpoint;
1643
1644 ++opts->refcnt;
1645 mutex_unlock(&opts->lock);
1646
1647 hidg->func.name = "hid";
1648 hidg->func.bind = hidg_bind;
1649 hidg->func.unbind = hidg_unbind;
1650 hidg->func.set_alt = hidg_set_alt;
1651 hidg->func.disable = hidg_disable;
1652 hidg->func.setup = hidg_setup;
1653 hidg->func.free_func = hidg_free;
1654
1655 /* this could be made configurable at some point */
1656 hidg->qlen = 4;
1657
1658 return &hidg->func;
1659
1660 err_put_device:
1661 put_device(&hidg->dev);
1662 err_unlock:
1663 mutex_unlock(&opts->lock);
1664 return ERR_PTR(ret);
1665 }
1666
1667 DECLARE_USB_FUNCTION_INIT(hid, hidg_alloc_inst, hidg_alloc);
1668 MODULE_DESCRIPTION("USB HID function driver");
1669 MODULE_LICENSE("GPL");
1670 MODULE_AUTHOR("Fabien Chouteau");
1671
ghid_setup(struct usb_gadget * g,int count)1672 int ghid_setup(struct usb_gadget *g, int count)
1673 {
1674 int status;
1675 dev_t dev;
1676
1677 status = class_register(&hidg_class);
1678 if (status)
1679 return status;
1680
1681 status = alloc_chrdev_region(&dev, 0, count, "hidg");
1682 if (status) {
1683 class_unregister(&hidg_class);
1684 return status;
1685 }
1686
1687 major = MAJOR(dev);
1688 minors = count;
1689
1690 return 0;
1691 }
1692
ghid_cleanup(void)1693 void ghid_cleanup(void)
1694 {
1695 if (major) {
1696 unregister_chrdev_region(MKDEV(major, 0), minors);
1697 major = minors = 0;
1698 }
1699
1700 class_unregister(&hidg_class);
1701 }
1702