1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * f_hid.c -- USB HID function driver 4 * 5 * Copyright (C) 2010 Fabien Chouteau <fabien.chouteau@barco.com> 6 */ 7 8 #include <linux/kernel.h> 9 #include <linux/module.h> 10 #include <linux/hid.h> 11 #include <linux/idr.h> 12 #include <linux/cdev.h> 13 #include <linux/mutex.h> 14 #include <linux/poll.h> 15 #include <linux/uaccess.h> 16 #include <linux/wait.h> 17 #include <linux/sched.h> 18 #include <linux/workqueue.h> 19 #include <linux/usb/func_utils.h> 20 #include <linux/usb/g_hid.h> 21 #include <uapi/linux/usb/g_hid.h> 22 23 #include "u_hid.h" 24 25 #define HIDG_MINORS 4 26 27 /* 28 * Most operating systems seem to allow for 5000ms timeout, we will allow 29 * userspace half that time to respond before we return an empty report. 30 */ 31 #define GET_REPORT_TIMEOUT_MS 2500 32 33 static int major, minors; 34 35 static const struct class hidg_class = { 36 .name = "hidg", 37 }; 38 39 static DEFINE_IDA(hidg_ida); 40 static DEFINE_MUTEX(hidg_ida_lock); /* protects access to hidg_ida */ 41 42 struct report_entry { 43 struct usb_hidg_report report_data; 44 struct list_head node; 45 }; 46 47 /*-------------------------------------------------------------------------*/ 48 /* HID gadget struct */ 49 50 struct f_hidg_req_list { 51 struct usb_request *req; 52 unsigned int pos; 53 struct list_head list; 54 }; 55 56 struct f_hidg { 57 /* configuration */ 58 unsigned char bInterfaceSubClass; 59 unsigned char bInterfaceProtocol; 60 unsigned char protocol; 61 unsigned char idle; 62 unsigned short report_desc_length; 63 char *report_desc; 64 unsigned short report_length; 65 unsigned char interval; 66 bool interval_user_set; 67 68 /* 69 * use_out_ep - if true, the OUT Endpoint (interrupt out method) 70 * will be used to receive reports from the host 71 * using functions with the "intout" suffix. 72 * Otherwise, the OUT Endpoint will not be configured 73 * and the SETUP/SET_REPORT method ("ssreport" suffix) 74 * will be used to receive reports. 75 */ 76 bool use_out_ep; 77 78 /* recv report */ 79 spinlock_t read_spinlock; 80 wait_queue_head_t read_queue; 81 bool disabled; 82 /* recv report - interrupt out only (use_out_ep == 1) */ 83 struct list_head completed_out_req; 84 unsigned int qlen; 85 /* recv report - setup set_report only (use_out_ep == 0) */ 86 char *set_report_buf; 87 unsigned int set_report_length; 88 89 /* send report */ 90 spinlock_t write_spinlock; 91 bool write_pending; 92 wait_queue_head_t write_queue; 93 struct usb_request *req; 94 95 /* get report */ 96 struct usb_request *get_req; 97 struct usb_hidg_report get_report; 98 bool get_report_returned; 99 int get_report_req_report_id; 100 int get_report_req_report_length; 101 spinlock_t get_report_spinlock; 102 wait_queue_head_t get_queue; /* Waiting for userspace response */ 103 wait_queue_head_t get_id_queue; /* Get ID came in */ 104 struct work_struct work; 105 struct workqueue_struct *workqueue; 106 struct list_head report_list; 107 108 struct device dev; 109 struct cdev *cdev; 110 struct usb_function func; 111 112 struct usb_ep *in_ep; 113 struct usb_ep *out_ep; 114 }; 115 116 static inline struct f_hidg *func_to_hidg(struct usb_function *f) 117 { 118 return container_of(f, struct f_hidg, func); 119 } 120 121 static void hidg_release(struct device *dev) 122 { 123 struct f_hidg *hidg = container_of(dev, struct f_hidg, dev); 124 125 kfree(hidg->report_desc); 126 kfree(hidg->set_report_buf); 127 kfree(hidg); 128 } 129 130 /*-------------------------------------------------------------------------*/ 131 /* Static descriptors */ 132 133 static struct usb_interface_descriptor hidg_interface_desc = { 134 .bLength = sizeof hidg_interface_desc, 135 .bDescriptorType = USB_DT_INTERFACE, 136 /* .bInterfaceNumber = DYNAMIC */ 137 .bAlternateSetting = 0, 138 /* .bNumEndpoints = DYNAMIC (depends on use_out_ep) */ 139 .bInterfaceClass = USB_CLASS_HID, 140 /* .bInterfaceSubClass = DYNAMIC */ 141 /* .bInterfaceProtocol = DYNAMIC */ 142 /* .iInterface = DYNAMIC */ 143 }; 144 145 static struct hid_descriptor hidg_desc = { 146 .bLength = sizeof hidg_desc, 147 .bDescriptorType = HID_DT_HID, 148 .bcdHID = cpu_to_le16(0x0101), 149 .bCountryCode = 0x00, 150 .bNumDescriptors = 0x1, 151 /*.rpt_desc.bDescriptorType = DYNAMIC */ 152 /*.rpt_desc.wDescriptorLength = DYNAMIC */ 153 }; 154 155 /* Super-Speed Support */ 156 157 static struct usb_endpoint_descriptor hidg_ss_in_ep_desc = { 158 .bLength = USB_DT_ENDPOINT_SIZE, 159 .bDescriptorType = USB_DT_ENDPOINT, 160 .bEndpointAddress = USB_DIR_IN, 161 .bmAttributes = USB_ENDPOINT_XFER_INT, 162 /*.wMaxPacketSize = DYNAMIC */ 163 /*.bInterval = DYNAMIC */ 164 }; 165 166 static struct usb_ss_ep_comp_descriptor hidg_ss_in_comp_desc = { 167 .bLength = sizeof(hidg_ss_in_comp_desc), 168 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 169 170 /* .bMaxBurst = 0, */ 171 /* .bmAttributes = 0, */ 172 /* .wBytesPerInterval = DYNAMIC */ 173 }; 174 175 static struct usb_endpoint_descriptor hidg_ss_out_ep_desc = { 176 .bLength = USB_DT_ENDPOINT_SIZE, 177 .bDescriptorType = USB_DT_ENDPOINT, 178 .bEndpointAddress = USB_DIR_OUT, 179 .bmAttributes = USB_ENDPOINT_XFER_INT, 180 /*.wMaxPacketSize = DYNAMIC */ 181 /*.bInterval = DYNAMIC */ 182 }; 183 184 static struct usb_ss_ep_comp_descriptor hidg_ss_out_comp_desc = { 185 .bLength = sizeof(hidg_ss_out_comp_desc), 186 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 187 188 /* .bMaxBurst = 0, */ 189 /* .bmAttributes = 0, */ 190 /* .wBytesPerInterval = DYNAMIC */ 191 }; 192 193 static struct usb_descriptor_header *hidg_ss_descriptors_intout[] = { 194 (struct usb_descriptor_header *)&hidg_interface_desc, 195 (struct usb_descriptor_header *)&hidg_desc, 196 (struct usb_descriptor_header *)&hidg_ss_in_ep_desc, 197 (struct usb_descriptor_header *)&hidg_ss_in_comp_desc, 198 (struct usb_descriptor_header *)&hidg_ss_out_ep_desc, 199 (struct usb_descriptor_header *)&hidg_ss_out_comp_desc, 200 NULL, 201 }; 202 203 static struct usb_descriptor_header *hidg_ss_descriptors_ssreport[] = { 204 (struct usb_descriptor_header *)&hidg_interface_desc, 205 (struct usb_descriptor_header *)&hidg_desc, 206 (struct usb_descriptor_header *)&hidg_ss_in_ep_desc, 207 (struct usb_descriptor_header *)&hidg_ss_in_comp_desc, 208 NULL, 209 }; 210 211 /* High-Speed Support */ 212 213 static struct usb_endpoint_descriptor hidg_hs_in_ep_desc = { 214 .bLength = USB_DT_ENDPOINT_SIZE, 215 .bDescriptorType = USB_DT_ENDPOINT, 216 .bEndpointAddress = USB_DIR_IN, 217 .bmAttributes = USB_ENDPOINT_XFER_INT, 218 /*.wMaxPacketSize = DYNAMIC */ 219 /* .bInterval = DYNAMIC */ 220 }; 221 222 static struct usb_endpoint_descriptor hidg_hs_out_ep_desc = { 223 .bLength = USB_DT_ENDPOINT_SIZE, 224 .bDescriptorType = USB_DT_ENDPOINT, 225 .bEndpointAddress = USB_DIR_OUT, 226 .bmAttributes = USB_ENDPOINT_XFER_INT, 227 /*.wMaxPacketSize = DYNAMIC */ 228 /*.bInterval = DYNAMIC */ 229 }; 230 231 static struct usb_descriptor_header *hidg_hs_descriptors_intout[] = { 232 (struct usb_descriptor_header *)&hidg_interface_desc, 233 (struct usb_descriptor_header *)&hidg_desc, 234 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc, 235 (struct usb_descriptor_header *)&hidg_hs_out_ep_desc, 236 NULL, 237 }; 238 239 static struct usb_descriptor_header *hidg_hs_descriptors_ssreport[] = { 240 (struct usb_descriptor_header *)&hidg_interface_desc, 241 (struct usb_descriptor_header *)&hidg_desc, 242 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc, 243 NULL, 244 }; 245 246 /* Full-Speed Support */ 247 248 static struct usb_endpoint_descriptor hidg_fs_in_ep_desc = { 249 .bLength = USB_DT_ENDPOINT_SIZE, 250 .bDescriptorType = USB_DT_ENDPOINT, 251 .bEndpointAddress = USB_DIR_IN, 252 .bmAttributes = USB_ENDPOINT_XFER_INT, 253 /*.wMaxPacketSize = DYNAMIC */ 254 /*.bInterval = DYNAMIC */ 255 }; 256 257 static struct usb_endpoint_descriptor hidg_fs_out_ep_desc = { 258 .bLength = USB_DT_ENDPOINT_SIZE, 259 .bDescriptorType = USB_DT_ENDPOINT, 260 .bEndpointAddress = USB_DIR_OUT, 261 .bmAttributes = USB_ENDPOINT_XFER_INT, 262 /*.wMaxPacketSize = DYNAMIC */ 263 /*.bInterval = DYNAMIC */ 264 }; 265 266 static struct usb_descriptor_header *hidg_fs_descriptors_intout[] = { 267 (struct usb_descriptor_header *)&hidg_interface_desc, 268 (struct usb_descriptor_header *)&hidg_desc, 269 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc, 270 (struct usb_descriptor_header *)&hidg_fs_out_ep_desc, 271 NULL, 272 }; 273 274 static struct usb_descriptor_header *hidg_fs_descriptors_ssreport[] = { 275 (struct usb_descriptor_header *)&hidg_interface_desc, 276 (struct usb_descriptor_header *)&hidg_desc, 277 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc, 278 NULL, 279 }; 280 281 /*-------------------------------------------------------------------------*/ 282 /* Strings */ 283 284 #define CT_FUNC_HID_IDX 0 285 286 static struct usb_string ct_func_string_defs[] = { 287 [CT_FUNC_HID_IDX].s = "HID Interface", 288 {}, /* end of list */ 289 }; 290 291 static struct usb_gadget_strings ct_func_string_table = { 292 .language = 0x0409, /* en-US */ 293 .strings = ct_func_string_defs, 294 }; 295 296 static struct usb_gadget_strings *ct_func_strings[] = { 297 &ct_func_string_table, 298 NULL, 299 }; 300 301 /*-------------------------------------------------------------------------*/ 302 /* Char Device */ 303 304 static ssize_t f_hidg_intout_read(struct file *file, char __user *buffer, 305 size_t count, loff_t *ptr) 306 { 307 struct f_hidg *hidg = file->private_data; 308 struct f_hidg_req_list *list; 309 struct usb_request *req; 310 unsigned long flags; 311 int ret; 312 313 if (!count) 314 return 0; 315 316 spin_lock_irqsave(&hidg->read_spinlock, flags); 317 318 #define READ_COND_INTOUT (!list_empty(&hidg->completed_out_req) || hidg->disabled) 319 320 /* wait for at least one buffer to complete */ 321 while (!READ_COND_INTOUT) { 322 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 323 if (file->f_flags & O_NONBLOCK) 324 return -EAGAIN; 325 326 if (wait_event_interruptible(hidg->read_queue, READ_COND_INTOUT)) 327 return -ERESTARTSYS; 328 329 spin_lock_irqsave(&hidg->read_spinlock, flags); 330 } 331 332 if (hidg->disabled) { 333 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 334 return -ESHUTDOWN; 335 } 336 337 /* pick the first one */ 338 list = list_first_entry(&hidg->completed_out_req, 339 struct f_hidg_req_list, list); 340 341 /* 342 * Remove this from list to protect it from beign free() 343 * while host disables our function 344 */ 345 list_del(&list->list); 346 347 req = list->req; 348 count = min_t(unsigned int, count, req->actual - list->pos); 349 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 350 351 /* copy to user outside spinlock */ 352 count -= copy_to_user(buffer, req->buf + list->pos, count); 353 list->pos += count; 354 355 /* 356 * if this request is completely handled and transfered to 357 * userspace, remove its entry from the list and requeue it 358 * again. Otherwise, we will revisit it again upon the next 359 * call, taking into account its current read position. 360 */ 361 if (list->pos == req->actual) { 362 kfree(list); 363 364 req->length = hidg->report_length; 365 ret = usb_ep_queue(hidg->out_ep, req, GFP_KERNEL); 366 if (ret < 0) { 367 free_ep_req(hidg->out_ep, req); 368 return ret; 369 } 370 } else { 371 spin_lock_irqsave(&hidg->read_spinlock, flags); 372 list_add(&list->list, &hidg->completed_out_req); 373 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 374 375 wake_up(&hidg->read_queue); 376 } 377 378 return count; 379 } 380 381 #define READ_COND_SSREPORT (hidg->set_report_buf != NULL || hidg->disabled) 382 383 static ssize_t f_hidg_ssreport_read(struct file *file, char __user *buffer, 384 size_t count, loff_t *ptr) 385 { 386 struct f_hidg *hidg = file->private_data; 387 char *tmp_buf = NULL; 388 unsigned long flags; 389 390 if (!count) 391 return 0; 392 393 spin_lock_irqsave(&hidg->read_spinlock, flags); 394 395 while (!READ_COND_SSREPORT) { 396 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 397 if (file->f_flags & O_NONBLOCK) 398 return -EAGAIN; 399 400 if (wait_event_interruptible(hidg->read_queue, READ_COND_SSREPORT)) 401 return -ERESTARTSYS; 402 403 spin_lock_irqsave(&hidg->read_spinlock, flags); 404 } 405 406 count = min_t(unsigned int, count, hidg->set_report_length); 407 tmp_buf = hidg->set_report_buf; 408 hidg->set_report_buf = NULL; 409 410 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 411 412 if (tmp_buf != NULL) { 413 count -= copy_to_user(buffer, tmp_buf, count); 414 kfree(tmp_buf); 415 } else { 416 count = -ENOMEM; 417 } 418 419 wake_up(&hidg->read_queue); 420 421 return count; 422 } 423 424 static ssize_t f_hidg_read(struct file *file, char __user *buffer, 425 size_t count, loff_t *ptr) 426 { 427 struct f_hidg *hidg = file->private_data; 428 429 if (hidg->use_out_ep) 430 return f_hidg_intout_read(file, buffer, count, ptr); 431 else 432 return f_hidg_ssreport_read(file, buffer, count, ptr); 433 } 434 435 static void f_hidg_req_complete(struct usb_ep *ep, struct usb_request *req) 436 { 437 struct f_hidg *hidg = (struct f_hidg *)ep->driver_data; 438 unsigned long flags; 439 440 if (req->status != 0) { 441 ERROR(hidg->func.config->cdev, 442 "End Point Request ERROR: %d\n", req->status); 443 } 444 445 spin_lock_irqsave(&hidg->write_spinlock, flags); 446 hidg->write_pending = 0; 447 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 448 wake_up(&hidg->write_queue); 449 } 450 451 static ssize_t f_hidg_write(struct file *file, const char __user *buffer, 452 size_t count, loff_t *offp) 453 { 454 struct f_hidg *hidg = file->private_data; 455 struct usb_request *req; 456 unsigned long flags; 457 ssize_t status = -ENOMEM; 458 459 spin_lock_irqsave(&hidg->write_spinlock, flags); 460 461 if (!hidg->req) { 462 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 463 return -ESHUTDOWN; 464 } 465 466 #define WRITE_COND (!hidg->write_pending) 467 try_again: 468 /* write queue */ 469 while (!WRITE_COND) { 470 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 471 if (file->f_flags & O_NONBLOCK) 472 return -EAGAIN; 473 474 if (wait_event_interruptible_exclusive( 475 hidg->write_queue, WRITE_COND)) 476 return -ERESTARTSYS; 477 478 spin_lock_irqsave(&hidg->write_spinlock, flags); 479 } 480 481 hidg->write_pending = 1; 482 req = hidg->req; 483 count = min_t(unsigned, count, hidg->report_length); 484 485 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 486 487 if (!req) { 488 ERROR(hidg->func.config->cdev, "hidg->req is NULL\n"); 489 status = -ESHUTDOWN; 490 goto release_write_pending; 491 } 492 493 status = copy_from_user(req->buf, buffer, count); 494 if (status != 0) { 495 ERROR(hidg->func.config->cdev, 496 "copy_from_user error\n"); 497 status = -EINVAL; 498 goto release_write_pending; 499 } 500 501 spin_lock_irqsave(&hidg->write_spinlock, flags); 502 503 /* when our function has been disabled by host */ 504 if (!hidg->req) { 505 free_ep_req(hidg->in_ep, req); 506 /* 507 * TODO 508 * Should we fail with error here? 509 */ 510 goto try_again; 511 } 512 513 req->status = 0; 514 req->zero = 1; 515 req->length = count; 516 req->complete = f_hidg_req_complete; 517 req->context = hidg; 518 519 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 520 521 if (!hidg->in_ep->enabled) { 522 ERROR(hidg->func.config->cdev, "in_ep is disabled\n"); 523 status = -ESHUTDOWN; 524 goto release_write_pending; 525 } 526 527 status = usb_ep_queue(hidg->in_ep, req, GFP_ATOMIC); 528 if (status < 0) 529 goto release_write_pending; 530 else 531 status = count; 532 533 return status; 534 release_write_pending: 535 spin_lock_irqsave(&hidg->write_spinlock, flags); 536 hidg->write_pending = 0; 537 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 538 539 wake_up(&hidg->write_queue); 540 541 return status; 542 } 543 544 static struct report_entry *f_hidg_search_for_report(struct f_hidg *hidg, u8 report_id) 545 { 546 struct list_head *ptr; 547 struct report_entry *entry; 548 549 list_for_each(ptr, &hidg->report_list) { 550 entry = list_entry(ptr, struct report_entry, node); 551 if (entry->report_data.report_id == report_id) 552 return entry; 553 } 554 555 return NULL; 556 } 557 558 static void get_report_workqueue_handler(struct work_struct *work) 559 { 560 struct f_hidg *hidg = container_of(work, struct f_hidg, work); 561 struct usb_composite_dev *cdev = hidg->func.config->cdev; 562 struct usb_request *req; 563 struct report_entry *ptr; 564 unsigned long flags; 565 566 int status = 0; 567 568 spin_lock_irqsave(&hidg->get_report_spinlock, flags); 569 req = hidg->get_req; 570 if (!req) { 571 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 572 return; 573 } 574 575 req->zero = 0; 576 req->length = min_t(unsigned int, min_t(unsigned int, hidg->get_report_req_report_length, 577 hidg->report_length), 578 MAX_REPORT_LENGTH); 579 580 /* Check if there is a response available for immediate response */ 581 ptr = f_hidg_search_for_report(hidg, hidg->get_report_req_report_id); 582 if (ptr && !ptr->report_data.userspace_req) { 583 /* Report exists in list and it is to be used for immediate response */ 584 req->buf = ptr->report_data.data; 585 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); 586 hidg->get_report_returned = true; 587 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 588 } else { 589 /* 590 * Report does not exist in list or should not be immediately sent 591 * i.e. give userspace time to respond 592 */ 593 hidg->get_report_returned = false; 594 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 595 wake_up(&hidg->get_id_queue); 596 #define GET_REPORT_COND (!hidg->get_report_returned) 597 /* Wait until userspace has responded or timeout */ 598 status = wait_event_interruptible_timeout(hidg->get_queue, !GET_REPORT_COND, 599 msecs_to_jiffies(GET_REPORT_TIMEOUT_MS)); 600 spin_lock_irqsave(&hidg->get_report_spinlock, flags); 601 req = hidg->get_req; 602 if (!req) { 603 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 604 return; 605 } 606 if (status == 0 && !hidg->get_report_returned) { 607 /* GET_REPORT request was not serviced by userspace within timeout period */ 608 VDBG(cdev, "get_report : userspace timeout.\n"); 609 hidg->get_report_returned = true; 610 } 611 612 /* Search again for report ID in list and respond to GET_REPORT request */ 613 ptr = f_hidg_search_for_report(hidg, hidg->get_report_req_report_id); 614 if (ptr) { 615 /* 616 * Either get an updated response just serviced by userspace 617 * or send the latest response in the list 618 */ 619 req->buf = ptr->report_data.data; 620 } else { 621 /* If there are no prevoiusly sent reports send empty report */ 622 req->buf = hidg->get_report.data; 623 memset(req->buf, 0x0, req->length); 624 } 625 626 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); 627 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 628 } 629 630 if (status < 0) 631 VDBG(cdev, "usb_ep_queue error on ep0 responding to GET_REPORT\n"); 632 } 633 634 static int f_hidg_get_report_id(struct file *file, __u8 __user *buffer) 635 { 636 struct f_hidg *hidg = file->private_data; 637 int ret = 0; 638 639 ret = put_user(hidg->get_report_req_report_id, buffer); 640 641 return ret; 642 } 643 644 static int f_hidg_get_report(struct file *file, struct usb_hidg_report __user *buffer) 645 { 646 struct f_hidg *hidg = file->private_data; 647 struct usb_composite_dev *cdev = hidg->func.config->cdev; 648 unsigned long flags; 649 struct report_entry *entry; 650 struct report_entry *ptr; 651 __u8 report_id; 652 653 entry = kmalloc_obj(*entry); 654 if (!entry) 655 return -ENOMEM; 656 657 if (copy_from_user(&entry->report_data, buffer, 658 sizeof(struct usb_hidg_report))) { 659 ERROR(cdev, "copy_from_user error\n"); 660 kfree(entry); 661 return -EINVAL; 662 } 663 664 report_id = entry->report_data.report_id; 665 666 spin_lock_irqsave(&hidg->get_report_spinlock, flags); 667 ptr = f_hidg_search_for_report(hidg, report_id); 668 669 if (ptr) { 670 /* Report already exists in list - update it */ 671 if (copy_from_user(&ptr->report_data, buffer, 672 sizeof(struct usb_hidg_report))) { 673 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 674 ERROR(cdev, "copy_from_user error\n"); 675 kfree(entry); 676 return -EINVAL; 677 } 678 kfree(entry); 679 } else { 680 /* Report does not exist in list - add it */ 681 list_add_tail(&entry->node, &hidg->report_list); 682 } 683 684 /* If there is no response pending then do nothing further */ 685 if (hidg->get_report_returned) { 686 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 687 return 0; 688 } 689 690 /* If this userspace response serves the current pending report */ 691 if (hidg->get_report_req_report_id == report_id) { 692 hidg->get_report_returned = true; 693 wake_up(&hidg->get_queue); 694 } 695 696 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 697 return 0; 698 } 699 700 static long f_hidg_ioctl(struct file *file, unsigned int code, unsigned long arg) 701 { 702 switch (code) { 703 case GADGET_HID_READ_GET_REPORT_ID: 704 return f_hidg_get_report_id(file, (__u8 __user *)arg); 705 case GADGET_HID_WRITE_GET_REPORT: 706 return f_hidg_get_report(file, (struct usb_hidg_report __user *)arg); 707 default: 708 return -ENOTTY; 709 } 710 } 711 712 static __poll_t f_hidg_poll(struct file *file, poll_table *wait) 713 { 714 struct f_hidg *hidg = file->private_data; 715 __poll_t ret = 0; 716 717 poll_wait(file, &hidg->read_queue, wait); 718 poll_wait(file, &hidg->write_queue, wait); 719 poll_wait(file, &hidg->get_queue, wait); 720 poll_wait(file, &hidg->get_id_queue, wait); 721 722 if (WRITE_COND) 723 ret |= EPOLLOUT | EPOLLWRNORM; 724 725 if (hidg->use_out_ep) { 726 if (READ_COND_INTOUT) 727 ret |= EPOLLIN | EPOLLRDNORM; 728 } else { 729 if (READ_COND_SSREPORT) 730 ret |= EPOLLIN | EPOLLRDNORM; 731 } 732 733 if (GET_REPORT_COND) 734 ret |= EPOLLPRI; 735 736 return ret; 737 } 738 739 #undef WRITE_COND 740 #undef READ_COND_SSREPORT 741 #undef READ_COND_INTOUT 742 #undef GET_REPORT_COND 743 744 static int f_hidg_release(struct inode *inode, struct file *fd) 745 { 746 fd->private_data = NULL; 747 return 0; 748 } 749 750 static int f_hidg_open(struct inode *inode, struct file *fd) 751 { 752 struct kobject *parent = inode->i_cdev->kobj.parent; 753 struct f_hidg *hidg = 754 container_of(parent, struct f_hidg, dev.kobj); 755 756 fd->private_data = hidg; 757 758 return 0; 759 } 760 761 /*-------------------------------------------------------------------------*/ 762 /* usb_function */ 763 764 static inline struct usb_request *hidg_alloc_ep_req(struct usb_ep *ep, 765 unsigned length) 766 { 767 return alloc_ep_req(ep, length); 768 } 769 770 static void hidg_intout_complete(struct usb_ep *ep, struct usb_request *req) 771 { 772 struct f_hidg *hidg = (struct f_hidg *) req->context; 773 struct usb_composite_dev *cdev = hidg->func.config->cdev; 774 struct f_hidg_req_list *req_list; 775 unsigned long flags; 776 777 switch (req->status) { 778 case 0: 779 req_list = kzalloc_obj(*req_list, GFP_ATOMIC); 780 if (!req_list) { 781 ERROR(cdev, "Unable to allocate mem for req_list\n"); 782 goto free_req; 783 } 784 785 req_list->req = req; 786 787 spin_lock_irqsave(&hidg->read_spinlock, flags); 788 list_add_tail(&req_list->list, &hidg->completed_out_req); 789 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 790 791 wake_up(&hidg->read_queue); 792 break; 793 default: 794 ERROR(cdev, "Set report failed %d\n", req->status); 795 fallthrough; 796 case -ECONNABORTED: /* hardware forced ep reset */ 797 case -ECONNRESET: /* request dequeued */ 798 case -ESHUTDOWN: /* disconnect from host */ 799 free_req: 800 free_ep_req(ep, req); 801 return; 802 } 803 } 804 805 static void hidg_ssreport_complete(struct usb_ep *ep, struct usb_request *req) 806 { 807 struct f_hidg *hidg = (struct f_hidg *)req->context; 808 struct usb_composite_dev *cdev = hidg->func.config->cdev; 809 char *new_buf = NULL; 810 unsigned long flags; 811 812 if (req->status != 0 || req->buf == NULL || req->actual == 0) { 813 ERROR(cdev, 814 "%s FAILED: status=%d, buf=%p, actual=%d\n", 815 __func__, req->status, req->buf, req->actual); 816 return; 817 } 818 819 spin_lock_irqsave(&hidg->read_spinlock, flags); 820 821 new_buf = krealloc(hidg->set_report_buf, req->actual, GFP_ATOMIC); 822 if (new_buf == NULL) { 823 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 824 return; 825 } 826 hidg->set_report_buf = new_buf; 827 828 hidg->set_report_length = req->actual; 829 memcpy(hidg->set_report_buf, req->buf, req->actual); 830 831 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 832 833 wake_up(&hidg->read_queue); 834 } 835 836 static void hidg_get_report_complete(struct usb_ep *ep, struct usb_request *req) 837 { 838 } 839 840 static int hidg_setup(struct usb_function *f, 841 const struct usb_ctrlrequest *ctrl) 842 { 843 struct f_hidg *hidg = func_to_hidg(f); 844 struct usb_composite_dev *cdev = f->config->cdev; 845 struct usb_request *req = cdev->req; 846 int status = 0; 847 __u16 value, length; 848 unsigned long flags; 849 850 value = __le16_to_cpu(ctrl->wValue); 851 length = __le16_to_cpu(ctrl->wLength); 852 853 VDBG(cdev, 854 "%s crtl_request : bRequestType:0x%x bRequest:0x%x Value:0x%x\n", 855 __func__, ctrl->bRequestType, ctrl->bRequest, value); 856 857 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) { 858 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 859 | HID_REQ_GET_REPORT): 860 VDBG(cdev, "get_report | wLength=%d\n", ctrl->wLength); 861 862 /* 863 * Update GET_REPORT ID so that an ioctl can be used to determine what 864 * GET_REPORT the request was actually for. 865 */ 866 spin_lock_irqsave(&hidg->get_report_spinlock, flags); 867 hidg->get_report_req_report_id = value & 0xff; 868 hidg->get_report_req_report_length = length; 869 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 870 871 queue_work(hidg->workqueue, &hidg->work); 872 873 return status; 874 875 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 876 | HID_REQ_GET_PROTOCOL): 877 VDBG(cdev, "get_protocol\n"); 878 length = min_t(unsigned int, length, 1); 879 ((u8 *) req->buf)[0] = hidg->protocol; 880 goto respond; 881 break; 882 883 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 884 | HID_REQ_GET_IDLE): 885 VDBG(cdev, "get_idle\n"); 886 length = min_t(unsigned int, length, 1); 887 ((u8 *) req->buf)[0] = hidg->idle; 888 goto respond; 889 break; 890 891 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 892 | HID_REQ_SET_REPORT): 893 VDBG(cdev, "set_report | wLength=%d\n", ctrl->wLength); 894 if (hidg->use_out_ep) 895 goto stall; 896 req->complete = hidg_ssreport_complete; 897 req->context = hidg; 898 goto respond; 899 break; 900 901 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 902 | HID_REQ_SET_PROTOCOL): 903 VDBG(cdev, "set_protocol\n"); 904 if (value > HID_REPORT_PROTOCOL) 905 goto stall; 906 length = 0; 907 /* 908 * We assume that programs implementing the Boot protocol 909 * are also compatible with the Report Protocol 910 */ 911 if (hidg->bInterfaceSubClass == USB_INTERFACE_SUBCLASS_BOOT) { 912 hidg->protocol = value; 913 goto respond; 914 } 915 goto stall; 916 break; 917 918 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 919 | HID_REQ_SET_IDLE): 920 VDBG(cdev, "set_idle\n"); 921 length = 0; 922 hidg->idle = value >> 8; 923 goto respond; 924 break; 925 926 case ((USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_INTERFACE) << 8 927 | USB_REQ_GET_DESCRIPTOR): 928 switch (value >> 8) { 929 case HID_DT_HID: 930 { 931 struct hid_descriptor hidg_desc_copy = hidg_desc; 932 933 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n"); 934 hidg_desc_copy.rpt_desc.bDescriptorType = HID_DT_REPORT; 935 hidg_desc_copy.rpt_desc.wDescriptorLength = 936 cpu_to_le16(hidg->report_desc_length); 937 938 length = min_t(unsigned short, length, 939 hidg_desc_copy.bLength); 940 memcpy(req->buf, &hidg_desc_copy, length); 941 goto respond; 942 break; 943 } 944 case HID_DT_REPORT: 945 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: REPORT\n"); 946 length = min_t(unsigned short, length, 947 hidg->report_desc_length); 948 memcpy(req->buf, hidg->report_desc, length); 949 goto respond; 950 break; 951 952 default: 953 VDBG(cdev, "Unknown descriptor request 0x%x\n", 954 value >> 8); 955 goto stall; 956 break; 957 } 958 break; 959 960 default: 961 VDBG(cdev, "Unknown request 0x%x\n", 962 ctrl->bRequest); 963 goto stall; 964 break; 965 } 966 967 stall: 968 return -EOPNOTSUPP; 969 970 respond: 971 req->zero = 1; 972 req->length = length; 973 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); 974 if (status < 0) 975 ERROR(cdev, "usb_ep_queue error on ep0 %d\n", value); 976 return status; 977 } 978 979 static void hidg_disable(struct usb_function *f) 980 { 981 struct f_hidg *hidg = func_to_hidg(f); 982 struct f_hidg_req_list *list, *next; 983 unsigned long flags; 984 985 usb_ep_disable(hidg->in_ep); 986 987 if (hidg->out_ep) { 988 usb_ep_disable(hidg->out_ep); 989 990 spin_lock_irqsave(&hidg->read_spinlock, flags); 991 list_for_each_entry_safe(list, next, &hidg->completed_out_req, list) { 992 free_ep_req(hidg->out_ep, list->req); 993 list_del(&list->list); 994 kfree(list); 995 } 996 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 997 } 998 999 spin_lock_irqsave(&hidg->get_report_spinlock, flags); 1000 if (!hidg->get_report_returned) { 1001 usb_ep_free_request(f->config->cdev->gadget->ep0, hidg->get_req); 1002 hidg->get_req = NULL; 1003 hidg->get_report_returned = true; 1004 } 1005 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 1006 1007 spin_lock_irqsave(&hidg->read_spinlock, flags); 1008 hidg->disabled = true; 1009 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 1010 wake_up(&hidg->read_queue); 1011 1012 spin_lock_irqsave(&hidg->write_spinlock, flags); 1013 if (!hidg->write_pending) { 1014 free_ep_req(hidg->in_ep, hidg->req); 1015 hidg->write_pending = 1; 1016 } 1017 1018 hidg->req = NULL; 1019 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 1020 } 1021 1022 static int hidg_set_alt(struct usb_function *f, unsigned intf, unsigned alt) 1023 { 1024 struct usb_composite_dev *cdev = f->config->cdev; 1025 struct f_hidg *hidg = func_to_hidg(f); 1026 struct usb_request *req_in = NULL; 1027 unsigned long flags; 1028 int i, status = 0; 1029 1030 VDBG(cdev, "hidg_set_alt intf:%d alt:%d\n", intf, alt); 1031 1032 if (hidg->in_ep != NULL) { 1033 /* restart endpoint */ 1034 usb_ep_disable(hidg->in_ep); 1035 1036 status = config_ep_by_speed(f->config->cdev->gadget, f, 1037 hidg->in_ep); 1038 if (status) { 1039 ERROR(cdev, "config_ep_by_speed FAILED!\n"); 1040 goto fail; 1041 } 1042 status = usb_ep_enable(hidg->in_ep); 1043 if (status < 0) { 1044 ERROR(cdev, "Enable IN endpoint FAILED!\n"); 1045 goto fail; 1046 } 1047 hidg->in_ep->driver_data = hidg; 1048 1049 req_in = hidg_alloc_ep_req(hidg->in_ep, hidg->report_length); 1050 if (!req_in) { 1051 status = -ENOMEM; 1052 goto disable_ep_in; 1053 } 1054 } 1055 1056 if (hidg->use_out_ep && hidg->out_ep != NULL) { 1057 /* restart endpoint */ 1058 usb_ep_disable(hidg->out_ep); 1059 1060 status = config_ep_by_speed(f->config->cdev->gadget, f, 1061 hidg->out_ep); 1062 if (status) { 1063 ERROR(cdev, "config_ep_by_speed FAILED!\n"); 1064 goto free_req_in; 1065 } 1066 status = usb_ep_enable(hidg->out_ep); 1067 if (status < 0) { 1068 ERROR(cdev, "Enable OUT endpoint FAILED!\n"); 1069 goto free_req_in; 1070 } 1071 hidg->out_ep->driver_data = hidg; 1072 1073 /* 1074 * allocate a bunch of read buffers and queue them all at once. 1075 */ 1076 for (i = 0; i < hidg->qlen && status == 0; i++) { 1077 struct usb_request *req = 1078 hidg_alloc_ep_req(hidg->out_ep, 1079 hidg->report_length); 1080 if (req) { 1081 req->complete = hidg_intout_complete; 1082 req->context = hidg; 1083 status = usb_ep_queue(hidg->out_ep, req, 1084 GFP_ATOMIC); 1085 if (status) { 1086 ERROR(cdev, "%s queue req --> %d\n", 1087 hidg->out_ep->name, status); 1088 free_ep_req(hidg->out_ep, req); 1089 } 1090 } else { 1091 status = -ENOMEM; 1092 goto disable_out_ep; 1093 } 1094 } 1095 } 1096 1097 spin_lock_irqsave(&hidg->read_spinlock, flags); 1098 hidg->disabled = false; 1099 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 1100 1101 if (hidg->in_ep != NULL) { 1102 spin_lock_irqsave(&hidg->write_spinlock, flags); 1103 hidg->req = req_in; 1104 hidg->write_pending = 0; 1105 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 1106 1107 wake_up(&hidg->write_queue); 1108 } 1109 return 0; 1110 disable_out_ep: 1111 if (hidg->out_ep) 1112 usb_ep_disable(hidg->out_ep); 1113 free_req_in: 1114 if (req_in) 1115 free_ep_req(hidg->in_ep, req_in); 1116 1117 disable_ep_in: 1118 if (hidg->in_ep) 1119 usb_ep_disable(hidg->in_ep); 1120 1121 fail: 1122 return status; 1123 } 1124 1125 #ifdef CONFIG_COMPAT 1126 static long f_hidg_compat_ioctl(struct file *file, unsigned int code, 1127 unsigned long value) 1128 { 1129 return f_hidg_ioctl(file, code, value); 1130 } 1131 #endif 1132 1133 static const struct file_operations f_hidg_fops = { 1134 .owner = THIS_MODULE, 1135 .open = f_hidg_open, 1136 .release = f_hidg_release, 1137 .write = f_hidg_write, 1138 .read = f_hidg_read, 1139 .poll = f_hidg_poll, 1140 .unlocked_ioctl = f_hidg_ioctl, 1141 #ifdef CONFIG_COMPAT 1142 .compat_ioctl = f_hidg_compat_ioctl, 1143 #endif 1144 .llseek = noop_llseek, 1145 }; 1146 1147 static int hidg_bind(struct usb_configuration *c, struct usb_function *f) 1148 { 1149 struct usb_ep *ep; 1150 struct f_hidg *hidg = func_to_hidg(f); 1151 struct usb_string *us; 1152 int status; 1153 1154 hidg->get_req = usb_ep_alloc_request(c->cdev->gadget->ep0, GFP_ATOMIC); 1155 if (!hidg->get_req) 1156 return -ENOMEM; 1157 1158 hidg->get_req->zero = 0; 1159 hidg->get_req->complete = hidg_get_report_complete; 1160 hidg->get_req->context = hidg; 1161 hidg->get_report_returned = true; 1162 1163 /* maybe allocate device-global string IDs, and patch descriptors */ 1164 us = usb_gstrings_attach(c->cdev, ct_func_strings, 1165 ARRAY_SIZE(ct_func_string_defs)); 1166 if (IS_ERR(us)) 1167 return PTR_ERR(us); 1168 hidg_interface_desc.iInterface = us[CT_FUNC_HID_IDX].id; 1169 1170 /* allocate instance-specific interface IDs, and patch descriptors */ 1171 status = usb_interface_id(c, f); 1172 if (status < 0) 1173 goto fail; 1174 hidg_interface_desc.bInterfaceNumber = status; 1175 1176 /* allocate instance-specific endpoints */ 1177 status = -ENODEV; 1178 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_in_ep_desc); 1179 if (!ep) 1180 goto fail; 1181 hidg->in_ep = ep; 1182 1183 hidg->out_ep = NULL; 1184 if (hidg->use_out_ep) { 1185 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_out_ep_desc); 1186 if (!ep) 1187 goto fail; 1188 hidg->out_ep = ep; 1189 } 1190 1191 /* used only if use_out_ep == 1 */ 1192 hidg->set_report_buf = NULL; 1193 1194 /* set descriptor dynamic values */ 1195 hidg_interface_desc.bInterfaceSubClass = hidg->bInterfaceSubClass; 1196 hidg_interface_desc.bInterfaceProtocol = hidg->bInterfaceProtocol; 1197 hidg_interface_desc.bNumEndpoints = hidg->use_out_ep ? 2 : 1; 1198 hidg->protocol = HID_REPORT_PROTOCOL; 1199 hidg->idle = 1; 1200 hidg_ss_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 1201 hidg_ss_in_comp_desc.wBytesPerInterval = 1202 cpu_to_le16(hidg->report_length); 1203 hidg_hs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 1204 hidg_fs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 1205 hidg_ss_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 1206 1207 /* IN endpoints: FS default=10ms, HS default=4µ-frame; user override if set */ 1208 if (!hidg->interval_user_set) { 1209 hidg_fs_in_ep_desc.bInterval = 10; 1210 hidg_hs_in_ep_desc.bInterval = 4; 1211 hidg_ss_in_ep_desc.bInterval = 4; 1212 } else { 1213 hidg_fs_in_ep_desc.bInterval = hidg->interval; 1214 hidg_hs_in_ep_desc.bInterval = hidg->interval; 1215 hidg_ss_in_ep_desc.bInterval = hidg->interval; 1216 } 1217 1218 hidg_ss_out_comp_desc.wBytesPerInterval = 1219 cpu_to_le16(hidg->report_length); 1220 hidg_hs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 1221 hidg_fs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 1222 /* 1223 * We can use hidg_desc struct here but we should not relay 1224 * that its content won't change after returning from this function. 1225 */ 1226 hidg_desc.rpt_desc.bDescriptorType = HID_DT_REPORT; 1227 hidg_desc.rpt_desc.wDescriptorLength = 1228 cpu_to_le16(hidg->report_desc_length); 1229 1230 hidg_hs_in_ep_desc.bEndpointAddress = 1231 hidg_fs_in_ep_desc.bEndpointAddress; 1232 hidg_hs_out_ep_desc.bEndpointAddress = 1233 hidg_fs_out_ep_desc.bEndpointAddress; 1234 1235 hidg_ss_in_ep_desc.bEndpointAddress = 1236 hidg_fs_in_ep_desc.bEndpointAddress; 1237 hidg_ss_out_ep_desc.bEndpointAddress = 1238 hidg_fs_out_ep_desc.bEndpointAddress; 1239 1240 if (hidg->use_out_ep) { 1241 /* OUT endpoints: same defaults (FS=10, HS=4) unless user set */ 1242 if (!hidg->interval_user_set) { 1243 hidg_fs_out_ep_desc.bInterval = 10; 1244 hidg_hs_out_ep_desc.bInterval = 4; 1245 hidg_ss_out_ep_desc.bInterval = 4; 1246 } else { 1247 hidg_fs_out_ep_desc.bInterval = hidg->interval; 1248 hidg_hs_out_ep_desc.bInterval = hidg->interval; 1249 hidg_ss_out_ep_desc.bInterval = hidg->interval; 1250 } 1251 status = usb_assign_descriptors(f, 1252 hidg_fs_descriptors_intout, 1253 hidg_hs_descriptors_intout, 1254 hidg_ss_descriptors_intout, 1255 hidg_ss_descriptors_intout); 1256 } else { 1257 status = usb_assign_descriptors(f, 1258 hidg_fs_descriptors_ssreport, 1259 hidg_hs_descriptors_ssreport, 1260 hidg_ss_descriptors_ssreport, 1261 hidg_ss_descriptors_ssreport); 1262 } 1263 if (status) 1264 goto fail; 1265 1266 hidg->write_pending = 1; 1267 hidg->req = NULL; 1268 1269 INIT_WORK(&hidg->work, get_report_workqueue_handler); 1270 hidg->workqueue = alloc_workqueue("report_work", 1271 WQ_FREEZABLE | WQ_MEM_RECLAIM | WQ_PERCPU, 1272 1); 1273 1274 if (!hidg->workqueue) { 1275 status = -ENOMEM; 1276 goto fail_free_descs; 1277 } 1278 1279 /* create char device */ 1280 hidg->cdev = cdev_alloc(); 1281 if (!hidg->cdev) { 1282 status = -ENOMEM; 1283 goto fail_free_all; 1284 } 1285 hidg->cdev->ops = &f_hidg_fops; 1286 1287 status = cdev_device_add(hidg->cdev, &hidg->dev); 1288 if (status) 1289 goto fail_free_all; 1290 1291 return 0; 1292 fail_free_all: 1293 destroy_workqueue(hidg->workqueue); 1294 fail_free_descs: 1295 usb_free_all_descriptors(f); 1296 fail: 1297 ERROR(f->config->cdev, "hidg_bind FAILED\n"); 1298 if (hidg->req != NULL) 1299 free_ep_req(hidg->in_ep, hidg->req); 1300 1301 usb_ep_free_request(c->cdev->gadget->ep0, hidg->get_req); 1302 hidg->get_req = NULL; 1303 1304 return status; 1305 } 1306 1307 static inline int hidg_get_minor(void) 1308 { 1309 int ret; 1310 1311 ret = ida_alloc(&hidg_ida, GFP_KERNEL); 1312 if (ret >= HIDG_MINORS) { 1313 ida_free(&hidg_ida, ret); 1314 ret = -ENODEV; 1315 } 1316 1317 return ret; 1318 } 1319 1320 static inline struct f_hid_opts *to_f_hid_opts(struct config_item *item) 1321 { 1322 return container_of(to_config_group(item), struct f_hid_opts, 1323 func_inst.group); 1324 } 1325 1326 static void hid_attr_release(struct config_item *item) 1327 { 1328 struct f_hid_opts *opts = to_f_hid_opts(item); 1329 1330 usb_put_function_instance(&opts->func_inst); 1331 } 1332 1333 static const struct configfs_item_operations hidg_item_ops = { 1334 .release = hid_attr_release, 1335 }; 1336 1337 #define F_HID_OPT(name, prec, limit) \ 1338 static ssize_t f_hid_opts_##name##_show(struct config_item *item, char *page)\ 1339 { \ 1340 struct f_hid_opts *opts = to_f_hid_opts(item); \ 1341 int result; \ 1342 \ 1343 mutex_lock(&opts->lock); \ 1344 result = sprintf(page, "%d\n", opts->name); \ 1345 mutex_unlock(&opts->lock); \ 1346 \ 1347 return result; \ 1348 } \ 1349 \ 1350 static ssize_t f_hid_opts_##name##_store(struct config_item *item, \ 1351 const char *page, size_t len) \ 1352 { \ 1353 struct f_hid_opts *opts = to_f_hid_opts(item); \ 1354 int ret; \ 1355 u##prec num; \ 1356 \ 1357 mutex_lock(&opts->lock); \ 1358 if (opts->refcnt) { \ 1359 ret = -EBUSY; \ 1360 goto end; \ 1361 } \ 1362 \ 1363 ret = kstrtou##prec(page, 0, &num); \ 1364 if (ret) \ 1365 goto end; \ 1366 \ 1367 if (num > limit) { \ 1368 ret = -EINVAL; \ 1369 goto end; \ 1370 } \ 1371 opts->name = num; \ 1372 ret = len; \ 1373 \ 1374 end: \ 1375 mutex_unlock(&opts->lock); \ 1376 return ret; \ 1377 } \ 1378 \ 1379 CONFIGFS_ATTR(f_hid_opts_, name) 1380 1381 F_HID_OPT(subclass, 8, 255); 1382 F_HID_OPT(protocol, 8, 255); 1383 F_HID_OPT(no_out_endpoint, 8, 1); 1384 F_HID_OPT(report_length, 16, 65535); 1385 1386 static ssize_t f_hid_opts_report_desc_show(struct config_item *item, char *page) 1387 { 1388 struct f_hid_opts *opts = to_f_hid_opts(item); 1389 int result; 1390 1391 mutex_lock(&opts->lock); 1392 result = opts->report_desc_length; 1393 memcpy(page, opts->report_desc, opts->report_desc_length); 1394 mutex_unlock(&opts->lock); 1395 1396 return result; 1397 } 1398 1399 static ssize_t f_hid_opts_report_desc_store(struct config_item *item, 1400 const char *page, size_t len) 1401 { 1402 struct f_hid_opts *opts = to_f_hid_opts(item); 1403 int ret = -EBUSY; 1404 char *d; 1405 1406 mutex_lock(&opts->lock); 1407 1408 if (opts->refcnt) 1409 goto end; 1410 if (len > PAGE_SIZE) { 1411 ret = -ENOSPC; 1412 goto end; 1413 } 1414 d = kmemdup(page, len, GFP_KERNEL); 1415 if (!d) { 1416 ret = -ENOMEM; 1417 goto end; 1418 } 1419 kfree(opts->report_desc); 1420 opts->report_desc = d; 1421 opts->report_desc_length = len; 1422 opts->report_desc_alloc = true; 1423 ret = len; 1424 end: 1425 mutex_unlock(&opts->lock); 1426 return ret; 1427 } 1428 1429 CONFIGFS_ATTR(f_hid_opts_, report_desc); 1430 1431 static ssize_t f_hid_opts_interval_show(struct config_item *item, char *page) 1432 { 1433 struct f_hid_opts *opts = to_f_hid_opts(item); 1434 int result; 1435 1436 mutex_lock(&opts->lock); 1437 result = sprintf(page, "%d\n", opts->interval); 1438 mutex_unlock(&opts->lock); 1439 1440 return result; 1441 } 1442 1443 static ssize_t f_hid_opts_interval_store(struct config_item *item, 1444 const char *page, size_t len) 1445 { 1446 struct f_hid_opts *opts = to_f_hid_opts(item); 1447 int ret; 1448 unsigned int tmp; 1449 1450 mutex_lock(&opts->lock); 1451 if (opts->refcnt) { 1452 ret = -EBUSY; 1453 goto end; 1454 } 1455 1456 /* parse into a wider type first */ 1457 ret = kstrtouint(page, 0, &tmp); 1458 if (ret) 1459 goto end; 1460 1461 /* range-check against unsigned char max */ 1462 if (tmp > 255) { 1463 ret = -EINVAL; 1464 goto end; 1465 } 1466 1467 opts->interval = (unsigned char)tmp; 1468 opts->interval_user_set = true; 1469 ret = len; 1470 1471 end: 1472 mutex_unlock(&opts->lock); 1473 return ret; 1474 } 1475 1476 CONFIGFS_ATTR(f_hid_opts_, interval); 1477 1478 static ssize_t f_hid_opts_dev_show(struct config_item *item, char *page) 1479 { 1480 struct f_hid_opts *opts = to_f_hid_opts(item); 1481 1482 return sprintf(page, "%d:%d\n", major, opts->minor); 1483 } 1484 1485 CONFIGFS_ATTR_RO(f_hid_opts_, dev); 1486 1487 static struct configfs_attribute *hid_attrs[] = { 1488 &f_hid_opts_attr_subclass, 1489 &f_hid_opts_attr_protocol, 1490 &f_hid_opts_attr_no_out_endpoint, 1491 &f_hid_opts_attr_report_length, 1492 &f_hid_opts_attr_interval, 1493 &f_hid_opts_attr_report_desc, 1494 &f_hid_opts_attr_dev, 1495 NULL, 1496 }; 1497 1498 static const struct config_item_type hid_func_type = { 1499 .ct_item_ops = &hidg_item_ops, 1500 .ct_attrs = hid_attrs, 1501 .ct_owner = THIS_MODULE, 1502 }; 1503 1504 static inline void hidg_put_minor(int minor) 1505 { 1506 ida_free(&hidg_ida, minor); 1507 } 1508 1509 static void hidg_free_inst(struct usb_function_instance *f) 1510 { 1511 struct f_hid_opts *opts; 1512 1513 opts = container_of(f, struct f_hid_opts, func_inst); 1514 1515 mutex_lock(&hidg_ida_lock); 1516 1517 hidg_put_minor(opts->minor); 1518 if (ida_is_empty(&hidg_ida)) 1519 ghid_cleanup(); 1520 1521 mutex_unlock(&hidg_ida_lock); 1522 1523 if (opts->report_desc_alloc) 1524 kfree(opts->report_desc); 1525 1526 kfree(opts); 1527 } 1528 1529 static struct usb_function_instance *hidg_alloc_inst(void) 1530 { 1531 struct f_hid_opts *opts; 1532 struct usb_function_instance *ret; 1533 int status = 0; 1534 1535 opts = kzalloc_obj(*opts); 1536 if (!opts) 1537 return ERR_PTR(-ENOMEM); 1538 mutex_init(&opts->lock); 1539 1540 opts->interval = 4; 1541 opts->interval_user_set = false; 1542 1543 opts->func_inst.free_func_inst = hidg_free_inst; 1544 ret = &opts->func_inst; 1545 1546 mutex_lock(&hidg_ida_lock); 1547 1548 if (ida_is_empty(&hidg_ida)) { 1549 status = ghid_setup(NULL, HIDG_MINORS); 1550 if (status) { 1551 ret = ERR_PTR(status); 1552 kfree(opts); 1553 goto unlock; 1554 } 1555 } 1556 1557 opts->minor = hidg_get_minor(); 1558 if (opts->minor < 0) { 1559 ret = ERR_PTR(opts->minor); 1560 kfree(opts); 1561 if (ida_is_empty(&hidg_ida)) 1562 ghid_cleanup(); 1563 goto unlock; 1564 } 1565 config_group_init_type_name(&opts->func_inst.group, "", &hid_func_type); 1566 1567 unlock: 1568 mutex_unlock(&hidg_ida_lock); 1569 return ret; 1570 } 1571 1572 static void hidg_free(struct usb_function *f) 1573 { 1574 struct f_hidg *hidg; 1575 struct f_hid_opts *opts; 1576 1577 hidg = func_to_hidg(f); 1578 opts = container_of(f->fi, struct f_hid_opts, func_inst); 1579 put_device(&hidg->dev); 1580 mutex_lock(&opts->lock); 1581 --opts->refcnt; 1582 mutex_unlock(&opts->lock); 1583 } 1584 1585 static void hidg_unbind(struct usb_configuration *c, struct usb_function *f) 1586 { 1587 struct f_hidg *hidg = func_to_hidg(f); 1588 1589 cdev_device_del(hidg->cdev, &hidg->dev); 1590 destroy_workqueue(hidg->workqueue); 1591 usb_free_all_descriptors(f); 1592 } 1593 1594 static struct usb_function *hidg_alloc(struct usb_function_instance *fi) 1595 { 1596 struct f_hidg *hidg; 1597 struct f_hid_opts *opts; 1598 int ret; 1599 1600 /* allocate and initialize one new instance */ 1601 hidg = kzalloc_obj(*hidg); 1602 if (!hidg) 1603 return ERR_PTR(-ENOMEM); 1604 1605 opts = container_of(fi, struct f_hid_opts, func_inst); 1606 1607 mutex_lock(&opts->lock); 1608 1609 spin_lock_init(&hidg->write_spinlock); 1610 spin_lock_init(&hidg->read_spinlock); 1611 spin_lock_init(&hidg->get_report_spinlock); 1612 init_waitqueue_head(&hidg->write_queue); 1613 init_waitqueue_head(&hidg->read_queue); 1614 init_waitqueue_head(&hidg->get_queue); 1615 init_waitqueue_head(&hidg->get_id_queue); 1616 INIT_LIST_HEAD(&hidg->completed_out_req); 1617 INIT_LIST_HEAD(&hidg->report_list); 1618 1619 device_initialize(&hidg->dev); 1620 hidg->dev.release = hidg_release; 1621 hidg->dev.class = &hidg_class; 1622 hidg->dev.devt = MKDEV(major, opts->minor); 1623 ret = dev_set_name(&hidg->dev, "hidg%d", opts->minor); 1624 if (ret) 1625 goto err_unlock; 1626 1627 hidg->bInterfaceSubClass = opts->subclass; 1628 hidg->bInterfaceProtocol = opts->protocol; 1629 hidg->report_length = opts->report_length; 1630 hidg->report_desc_length = opts->report_desc_length; 1631 hidg->interval = opts->interval; 1632 hidg->interval_user_set = opts->interval_user_set; 1633 if (opts->report_desc) { 1634 hidg->report_desc = kmemdup(opts->report_desc, 1635 opts->report_desc_length, 1636 GFP_KERNEL); 1637 if (!hidg->report_desc) { 1638 ret = -ENOMEM; 1639 goto err_put_device; 1640 } 1641 } 1642 hidg->use_out_ep = !opts->no_out_endpoint; 1643 1644 ++opts->refcnt; 1645 mutex_unlock(&opts->lock); 1646 1647 hidg->func.name = "hid"; 1648 hidg->func.bind = hidg_bind; 1649 hidg->func.unbind = hidg_unbind; 1650 hidg->func.set_alt = hidg_set_alt; 1651 hidg->func.disable = hidg_disable; 1652 hidg->func.setup = hidg_setup; 1653 hidg->func.free_func = hidg_free; 1654 1655 /* this could be made configurable at some point */ 1656 hidg->qlen = 4; 1657 1658 return &hidg->func; 1659 1660 err_put_device: 1661 put_device(&hidg->dev); 1662 err_unlock: 1663 mutex_unlock(&opts->lock); 1664 return ERR_PTR(ret); 1665 } 1666 1667 DECLARE_USB_FUNCTION_INIT(hid, hidg_alloc_inst, hidg_alloc); 1668 MODULE_DESCRIPTION("USB HID function driver"); 1669 MODULE_LICENSE("GPL"); 1670 MODULE_AUTHOR("Fabien Chouteau"); 1671 1672 int ghid_setup(struct usb_gadget *g, int count) 1673 { 1674 int status; 1675 dev_t dev; 1676 1677 status = class_register(&hidg_class); 1678 if (status) 1679 return status; 1680 1681 status = alloc_chrdev_region(&dev, 0, count, "hidg"); 1682 if (status) { 1683 class_unregister(&hidg_class); 1684 return status; 1685 } 1686 1687 major = MAJOR(dev); 1688 minors = count; 1689 1690 return 0; 1691 } 1692 1693 void ghid_cleanup(void) 1694 { 1695 if (major) { 1696 unregister_chrdev_region(MKDEV(major, 0), minors); 1697 major = minors = 0; 1698 } 1699 1700 class_unregister(&hidg_class); 1701 } 1702