1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * f_hid.c -- USB HID function driver 4 * 5 * Copyright (C) 2010 Fabien Chouteau <fabien.chouteau@barco.com> 6 */ 7 8 #include <linux/kernel.h> 9 #include <linux/module.h> 10 #include <linux/hid.h> 11 #include <linux/idr.h> 12 #include <linux/cdev.h> 13 #include <linux/mutex.h> 14 #include <linux/poll.h> 15 #include <linux/uaccess.h> 16 #include <linux/wait.h> 17 #include <linux/sched.h> 18 #include <linux/usb/g_hid.h> 19 20 #include "u_f.h" 21 #include "u_hid.h" 22 23 #define HIDG_MINORS 4 24 25 static int major, minors; 26 27 static const struct class hidg_class = { 28 .name = "hidg", 29 }; 30 31 static DEFINE_IDA(hidg_ida); 32 static DEFINE_MUTEX(hidg_ida_lock); /* protects access to hidg_ida */ 33 34 /*-------------------------------------------------------------------------*/ 35 /* HID gadget struct */ 36 37 struct f_hidg_req_list { 38 struct usb_request *req; 39 unsigned int pos; 40 struct list_head list; 41 }; 42 43 struct f_hidg { 44 /* configuration */ 45 unsigned char bInterfaceSubClass; 46 unsigned char bInterfaceProtocol; 47 unsigned char protocol; 48 unsigned char idle; 49 unsigned short report_desc_length; 50 char *report_desc; 51 unsigned short report_length; 52 /* 53 * use_out_ep - if true, the OUT Endpoint (interrupt out method) 54 * will be used to receive reports from the host 55 * using functions with the "intout" suffix. 56 * Otherwise, the OUT Endpoint will not be configured 57 * and the SETUP/SET_REPORT method ("ssreport" suffix) 58 * will be used to receive reports. 59 */ 60 bool use_out_ep; 61 62 /* recv report */ 63 spinlock_t read_spinlock; 64 wait_queue_head_t read_queue; 65 /* recv report - interrupt out only (use_out_ep == 1) */ 66 struct list_head completed_out_req; 67 unsigned int qlen; 68 /* recv report - setup set_report only (use_out_ep == 0) */ 69 char *set_report_buf; 70 unsigned int set_report_length; 71 72 /* send report */ 73 spinlock_t write_spinlock; 74 bool write_pending; 75 wait_queue_head_t write_queue; 76 struct usb_request *req; 77 78 struct device dev; 79 struct cdev cdev; 80 struct usb_function func; 81 82 struct usb_ep *in_ep; 83 struct usb_ep *out_ep; 84 }; 85 86 static inline struct f_hidg *func_to_hidg(struct usb_function *f) 87 { 88 return container_of(f, struct f_hidg, func); 89 } 90 91 static void hidg_release(struct device *dev) 92 { 93 struct f_hidg *hidg = container_of(dev, struct f_hidg, dev); 94 95 kfree(hidg->report_desc); 96 kfree(hidg->set_report_buf); 97 kfree(hidg); 98 } 99 100 /*-------------------------------------------------------------------------*/ 101 /* Static descriptors */ 102 103 static struct usb_interface_descriptor hidg_interface_desc = { 104 .bLength = sizeof hidg_interface_desc, 105 .bDescriptorType = USB_DT_INTERFACE, 106 /* .bInterfaceNumber = DYNAMIC */ 107 .bAlternateSetting = 0, 108 /* .bNumEndpoints = DYNAMIC (depends on use_out_ep) */ 109 .bInterfaceClass = USB_CLASS_HID, 110 /* .bInterfaceSubClass = DYNAMIC */ 111 /* .bInterfaceProtocol = DYNAMIC */ 112 /* .iInterface = DYNAMIC */ 113 }; 114 115 static struct hid_descriptor hidg_desc = { 116 .bLength = sizeof hidg_desc, 117 .bDescriptorType = HID_DT_HID, 118 .bcdHID = cpu_to_le16(0x0101), 119 .bCountryCode = 0x00, 120 .bNumDescriptors = 0x1, 121 /*.desc[0].bDescriptorType = DYNAMIC */ 122 /*.desc[0].wDescriptorLenght = DYNAMIC */ 123 }; 124 125 /* Super-Speed Support */ 126 127 static struct usb_endpoint_descriptor hidg_ss_in_ep_desc = { 128 .bLength = USB_DT_ENDPOINT_SIZE, 129 .bDescriptorType = USB_DT_ENDPOINT, 130 .bEndpointAddress = USB_DIR_IN, 131 .bmAttributes = USB_ENDPOINT_XFER_INT, 132 /*.wMaxPacketSize = DYNAMIC */ 133 .bInterval = 4, /* FIXME: Add this field in the 134 * HID gadget configuration? 135 * (struct hidg_func_descriptor) 136 */ 137 }; 138 139 static struct usb_ss_ep_comp_descriptor hidg_ss_in_comp_desc = { 140 .bLength = sizeof(hidg_ss_in_comp_desc), 141 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 142 143 /* .bMaxBurst = 0, */ 144 /* .bmAttributes = 0, */ 145 /* .wBytesPerInterval = DYNAMIC */ 146 }; 147 148 static struct usb_endpoint_descriptor hidg_ss_out_ep_desc = { 149 .bLength = USB_DT_ENDPOINT_SIZE, 150 .bDescriptorType = USB_DT_ENDPOINT, 151 .bEndpointAddress = USB_DIR_OUT, 152 .bmAttributes = USB_ENDPOINT_XFER_INT, 153 /*.wMaxPacketSize = DYNAMIC */ 154 .bInterval = 4, /* FIXME: Add this field in the 155 * HID gadget configuration? 156 * (struct hidg_func_descriptor) 157 */ 158 }; 159 160 static struct usb_ss_ep_comp_descriptor hidg_ss_out_comp_desc = { 161 .bLength = sizeof(hidg_ss_out_comp_desc), 162 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 163 164 /* .bMaxBurst = 0, */ 165 /* .bmAttributes = 0, */ 166 /* .wBytesPerInterval = DYNAMIC */ 167 }; 168 169 static struct usb_descriptor_header *hidg_ss_descriptors_intout[] = { 170 (struct usb_descriptor_header *)&hidg_interface_desc, 171 (struct usb_descriptor_header *)&hidg_desc, 172 (struct usb_descriptor_header *)&hidg_ss_in_ep_desc, 173 (struct usb_descriptor_header *)&hidg_ss_in_comp_desc, 174 (struct usb_descriptor_header *)&hidg_ss_out_ep_desc, 175 (struct usb_descriptor_header *)&hidg_ss_out_comp_desc, 176 NULL, 177 }; 178 179 static struct usb_descriptor_header *hidg_ss_descriptors_ssreport[] = { 180 (struct usb_descriptor_header *)&hidg_interface_desc, 181 (struct usb_descriptor_header *)&hidg_desc, 182 (struct usb_descriptor_header *)&hidg_ss_in_ep_desc, 183 (struct usb_descriptor_header *)&hidg_ss_in_comp_desc, 184 NULL, 185 }; 186 187 /* High-Speed Support */ 188 189 static struct usb_endpoint_descriptor hidg_hs_in_ep_desc = { 190 .bLength = USB_DT_ENDPOINT_SIZE, 191 .bDescriptorType = USB_DT_ENDPOINT, 192 .bEndpointAddress = USB_DIR_IN, 193 .bmAttributes = USB_ENDPOINT_XFER_INT, 194 /*.wMaxPacketSize = DYNAMIC */ 195 .bInterval = 4, /* FIXME: Add this field in the 196 * HID gadget configuration? 197 * (struct hidg_func_descriptor) 198 */ 199 }; 200 201 static struct usb_endpoint_descriptor hidg_hs_out_ep_desc = { 202 .bLength = USB_DT_ENDPOINT_SIZE, 203 .bDescriptorType = USB_DT_ENDPOINT, 204 .bEndpointAddress = USB_DIR_OUT, 205 .bmAttributes = USB_ENDPOINT_XFER_INT, 206 /*.wMaxPacketSize = DYNAMIC */ 207 .bInterval = 4, /* FIXME: Add this field in the 208 * HID gadget configuration? 209 * (struct hidg_func_descriptor) 210 */ 211 }; 212 213 static struct usb_descriptor_header *hidg_hs_descriptors_intout[] = { 214 (struct usb_descriptor_header *)&hidg_interface_desc, 215 (struct usb_descriptor_header *)&hidg_desc, 216 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc, 217 (struct usb_descriptor_header *)&hidg_hs_out_ep_desc, 218 NULL, 219 }; 220 221 static struct usb_descriptor_header *hidg_hs_descriptors_ssreport[] = { 222 (struct usb_descriptor_header *)&hidg_interface_desc, 223 (struct usb_descriptor_header *)&hidg_desc, 224 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc, 225 NULL, 226 }; 227 228 /* Full-Speed Support */ 229 230 static struct usb_endpoint_descriptor hidg_fs_in_ep_desc = { 231 .bLength = USB_DT_ENDPOINT_SIZE, 232 .bDescriptorType = USB_DT_ENDPOINT, 233 .bEndpointAddress = USB_DIR_IN, 234 .bmAttributes = USB_ENDPOINT_XFER_INT, 235 /*.wMaxPacketSize = DYNAMIC */ 236 .bInterval = 10, /* FIXME: Add this field in the 237 * HID gadget configuration? 238 * (struct hidg_func_descriptor) 239 */ 240 }; 241 242 static struct usb_endpoint_descriptor hidg_fs_out_ep_desc = { 243 .bLength = USB_DT_ENDPOINT_SIZE, 244 .bDescriptorType = USB_DT_ENDPOINT, 245 .bEndpointAddress = USB_DIR_OUT, 246 .bmAttributes = USB_ENDPOINT_XFER_INT, 247 /*.wMaxPacketSize = DYNAMIC */ 248 .bInterval = 10, /* FIXME: Add this field in the 249 * HID gadget configuration? 250 * (struct hidg_func_descriptor) 251 */ 252 }; 253 254 static struct usb_descriptor_header *hidg_fs_descriptors_intout[] = { 255 (struct usb_descriptor_header *)&hidg_interface_desc, 256 (struct usb_descriptor_header *)&hidg_desc, 257 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc, 258 (struct usb_descriptor_header *)&hidg_fs_out_ep_desc, 259 NULL, 260 }; 261 262 static struct usb_descriptor_header *hidg_fs_descriptors_ssreport[] = { 263 (struct usb_descriptor_header *)&hidg_interface_desc, 264 (struct usb_descriptor_header *)&hidg_desc, 265 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc, 266 NULL, 267 }; 268 269 /*-------------------------------------------------------------------------*/ 270 /* Strings */ 271 272 #define CT_FUNC_HID_IDX 0 273 274 static struct usb_string ct_func_string_defs[] = { 275 [CT_FUNC_HID_IDX].s = "HID Interface", 276 {}, /* end of list */ 277 }; 278 279 static struct usb_gadget_strings ct_func_string_table = { 280 .language = 0x0409, /* en-US */ 281 .strings = ct_func_string_defs, 282 }; 283 284 static struct usb_gadget_strings *ct_func_strings[] = { 285 &ct_func_string_table, 286 NULL, 287 }; 288 289 /*-------------------------------------------------------------------------*/ 290 /* Char Device */ 291 292 static ssize_t f_hidg_intout_read(struct file *file, char __user *buffer, 293 size_t count, loff_t *ptr) 294 { 295 struct f_hidg *hidg = file->private_data; 296 struct f_hidg_req_list *list; 297 struct usb_request *req; 298 unsigned long flags; 299 int ret; 300 301 if (!count) 302 return 0; 303 304 spin_lock_irqsave(&hidg->read_spinlock, flags); 305 306 #define READ_COND_INTOUT (!list_empty(&hidg->completed_out_req)) 307 308 /* wait for at least one buffer to complete */ 309 while (!READ_COND_INTOUT) { 310 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 311 if (file->f_flags & O_NONBLOCK) 312 return -EAGAIN; 313 314 if (wait_event_interruptible(hidg->read_queue, READ_COND_INTOUT)) 315 return -ERESTARTSYS; 316 317 spin_lock_irqsave(&hidg->read_spinlock, flags); 318 } 319 320 /* pick the first one */ 321 list = list_first_entry(&hidg->completed_out_req, 322 struct f_hidg_req_list, list); 323 324 /* 325 * Remove this from list to protect it from beign free() 326 * while host disables our function 327 */ 328 list_del(&list->list); 329 330 req = list->req; 331 count = min_t(unsigned int, count, req->actual - list->pos); 332 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 333 334 /* copy to user outside spinlock */ 335 count -= copy_to_user(buffer, req->buf + list->pos, count); 336 list->pos += count; 337 338 /* 339 * if this request is completely handled and transfered to 340 * userspace, remove its entry from the list and requeue it 341 * again. Otherwise, we will revisit it again upon the next 342 * call, taking into account its current read position. 343 */ 344 if (list->pos == req->actual) { 345 kfree(list); 346 347 req->length = hidg->report_length; 348 ret = usb_ep_queue(hidg->out_ep, req, GFP_KERNEL); 349 if (ret < 0) { 350 free_ep_req(hidg->out_ep, req); 351 return ret; 352 } 353 } else { 354 spin_lock_irqsave(&hidg->read_spinlock, flags); 355 list_add(&list->list, &hidg->completed_out_req); 356 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 357 358 wake_up(&hidg->read_queue); 359 } 360 361 return count; 362 } 363 364 #define READ_COND_SSREPORT (hidg->set_report_buf != NULL) 365 366 static ssize_t f_hidg_ssreport_read(struct file *file, char __user *buffer, 367 size_t count, loff_t *ptr) 368 { 369 struct f_hidg *hidg = file->private_data; 370 char *tmp_buf = NULL; 371 unsigned long flags; 372 373 if (!count) 374 return 0; 375 376 spin_lock_irqsave(&hidg->read_spinlock, flags); 377 378 while (!READ_COND_SSREPORT) { 379 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 380 if (file->f_flags & O_NONBLOCK) 381 return -EAGAIN; 382 383 if (wait_event_interruptible(hidg->read_queue, READ_COND_SSREPORT)) 384 return -ERESTARTSYS; 385 386 spin_lock_irqsave(&hidg->read_spinlock, flags); 387 } 388 389 count = min_t(unsigned int, count, hidg->set_report_length); 390 tmp_buf = hidg->set_report_buf; 391 hidg->set_report_buf = NULL; 392 393 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 394 395 if (tmp_buf != NULL) { 396 count -= copy_to_user(buffer, tmp_buf, count); 397 kfree(tmp_buf); 398 } else { 399 count = -ENOMEM; 400 } 401 402 wake_up(&hidg->read_queue); 403 404 return count; 405 } 406 407 static ssize_t f_hidg_read(struct file *file, char __user *buffer, 408 size_t count, loff_t *ptr) 409 { 410 struct f_hidg *hidg = file->private_data; 411 412 if (hidg->use_out_ep) 413 return f_hidg_intout_read(file, buffer, count, ptr); 414 else 415 return f_hidg_ssreport_read(file, buffer, count, ptr); 416 } 417 418 static void f_hidg_req_complete(struct usb_ep *ep, struct usb_request *req) 419 { 420 struct f_hidg *hidg = (struct f_hidg *)ep->driver_data; 421 unsigned long flags; 422 423 if (req->status != 0) { 424 ERROR(hidg->func.config->cdev, 425 "End Point Request ERROR: %d\n", req->status); 426 } 427 428 spin_lock_irqsave(&hidg->write_spinlock, flags); 429 hidg->write_pending = 0; 430 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 431 wake_up(&hidg->write_queue); 432 } 433 434 static ssize_t f_hidg_write(struct file *file, const char __user *buffer, 435 size_t count, loff_t *offp) 436 { 437 struct f_hidg *hidg = file->private_data; 438 struct usb_request *req; 439 unsigned long flags; 440 ssize_t status = -ENOMEM; 441 442 spin_lock_irqsave(&hidg->write_spinlock, flags); 443 444 if (!hidg->req) { 445 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 446 return -ESHUTDOWN; 447 } 448 449 #define WRITE_COND (!hidg->write_pending) 450 try_again: 451 /* write queue */ 452 while (!WRITE_COND) { 453 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 454 if (file->f_flags & O_NONBLOCK) 455 return -EAGAIN; 456 457 if (wait_event_interruptible_exclusive( 458 hidg->write_queue, WRITE_COND)) 459 return -ERESTARTSYS; 460 461 spin_lock_irqsave(&hidg->write_spinlock, flags); 462 } 463 464 hidg->write_pending = 1; 465 req = hidg->req; 466 count = min_t(unsigned, count, hidg->report_length); 467 468 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 469 470 if (!req) { 471 ERROR(hidg->func.config->cdev, "hidg->req is NULL\n"); 472 status = -ESHUTDOWN; 473 goto release_write_pending; 474 } 475 476 status = copy_from_user(req->buf, buffer, count); 477 if (status != 0) { 478 ERROR(hidg->func.config->cdev, 479 "copy_from_user error\n"); 480 status = -EINVAL; 481 goto release_write_pending; 482 } 483 484 spin_lock_irqsave(&hidg->write_spinlock, flags); 485 486 /* when our function has been disabled by host */ 487 if (!hidg->req) { 488 free_ep_req(hidg->in_ep, req); 489 /* 490 * TODO 491 * Should we fail with error here? 492 */ 493 goto try_again; 494 } 495 496 req->status = 0; 497 req->zero = 0; 498 req->length = count; 499 req->complete = f_hidg_req_complete; 500 req->context = hidg; 501 502 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 503 504 if (!hidg->in_ep->enabled) { 505 ERROR(hidg->func.config->cdev, "in_ep is disabled\n"); 506 status = -ESHUTDOWN; 507 goto release_write_pending; 508 } 509 510 status = usb_ep_queue(hidg->in_ep, req, GFP_ATOMIC); 511 if (status < 0) 512 goto release_write_pending; 513 else 514 status = count; 515 516 return status; 517 release_write_pending: 518 spin_lock_irqsave(&hidg->write_spinlock, flags); 519 hidg->write_pending = 0; 520 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 521 522 wake_up(&hidg->write_queue); 523 524 return status; 525 } 526 527 static __poll_t f_hidg_poll(struct file *file, poll_table *wait) 528 { 529 struct f_hidg *hidg = file->private_data; 530 __poll_t ret = 0; 531 532 poll_wait(file, &hidg->read_queue, wait); 533 poll_wait(file, &hidg->write_queue, wait); 534 535 if (WRITE_COND) 536 ret |= EPOLLOUT | EPOLLWRNORM; 537 538 if (hidg->use_out_ep) { 539 if (READ_COND_INTOUT) 540 ret |= EPOLLIN | EPOLLRDNORM; 541 } else { 542 if (READ_COND_SSREPORT) 543 ret |= EPOLLIN | EPOLLRDNORM; 544 } 545 546 return ret; 547 } 548 549 #undef WRITE_COND 550 #undef READ_COND_SSREPORT 551 #undef READ_COND_INTOUT 552 553 static int f_hidg_release(struct inode *inode, struct file *fd) 554 { 555 fd->private_data = NULL; 556 return 0; 557 } 558 559 static int f_hidg_open(struct inode *inode, struct file *fd) 560 { 561 struct f_hidg *hidg = 562 container_of(inode->i_cdev, struct f_hidg, cdev); 563 564 fd->private_data = hidg; 565 566 return 0; 567 } 568 569 /*-------------------------------------------------------------------------*/ 570 /* usb_function */ 571 572 static inline struct usb_request *hidg_alloc_ep_req(struct usb_ep *ep, 573 unsigned length) 574 { 575 return alloc_ep_req(ep, length); 576 } 577 578 static void hidg_intout_complete(struct usb_ep *ep, struct usb_request *req) 579 { 580 struct f_hidg *hidg = (struct f_hidg *) req->context; 581 struct usb_composite_dev *cdev = hidg->func.config->cdev; 582 struct f_hidg_req_list *req_list; 583 unsigned long flags; 584 585 switch (req->status) { 586 case 0: 587 req_list = kzalloc(sizeof(*req_list), GFP_ATOMIC); 588 if (!req_list) { 589 ERROR(cdev, "Unable to allocate mem for req_list\n"); 590 goto free_req; 591 } 592 593 req_list->req = req; 594 595 spin_lock_irqsave(&hidg->read_spinlock, flags); 596 list_add_tail(&req_list->list, &hidg->completed_out_req); 597 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 598 599 wake_up(&hidg->read_queue); 600 break; 601 default: 602 ERROR(cdev, "Set report failed %d\n", req->status); 603 fallthrough; 604 case -ECONNABORTED: /* hardware forced ep reset */ 605 case -ECONNRESET: /* request dequeued */ 606 case -ESHUTDOWN: /* disconnect from host */ 607 free_req: 608 free_ep_req(ep, req); 609 return; 610 } 611 } 612 613 static void hidg_ssreport_complete(struct usb_ep *ep, struct usb_request *req) 614 { 615 struct f_hidg *hidg = (struct f_hidg *)req->context; 616 struct usb_composite_dev *cdev = hidg->func.config->cdev; 617 char *new_buf = NULL; 618 unsigned long flags; 619 620 if (req->status != 0 || req->buf == NULL || req->actual == 0) { 621 ERROR(cdev, 622 "%s FAILED: status=%d, buf=%p, actual=%d\n", 623 __func__, req->status, req->buf, req->actual); 624 return; 625 } 626 627 spin_lock_irqsave(&hidg->read_spinlock, flags); 628 629 new_buf = krealloc(hidg->set_report_buf, req->actual, GFP_ATOMIC); 630 if (new_buf == NULL) { 631 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 632 return; 633 } 634 hidg->set_report_buf = new_buf; 635 636 hidg->set_report_length = req->actual; 637 memcpy(hidg->set_report_buf, req->buf, req->actual); 638 639 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 640 641 wake_up(&hidg->read_queue); 642 } 643 644 static int hidg_setup(struct usb_function *f, 645 const struct usb_ctrlrequest *ctrl) 646 { 647 struct f_hidg *hidg = func_to_hidg(f); 648 struct usb_composite_dev *cdev = f->config->cdev; 649 struct usb_request *req = cdev->req; 650 int status = 0; 651 __u16 value, length; 652 653 value = __le16_to_cpu(ctrl->wValue); 654 length = __le16_to_cpu(ctrl->wLength); 655 656 VDBG(cdev, 657 "%s crtl_request : bRequestType:0x%x bRequest:0x%x Value:0x%x\n", 658 __func__, ctrl->bRequestType, ctrl->bRequest, value); 659 660 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) { 661 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 662 | HID_REQ_GET_REPORT): 663 VDBG(cdev, "get_report\n"); 664 665 /* send an empty report */ 666 length = min_t(unsigned, length, hidg->report_length); 667 memset(req->buf, 0x0, length); 668 669 goto respond; 670 break; 671 672 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 673 | HID_REQ_GET_PROTOCOL): 674 VDBG(cdev, "get_protocol\n"); 675 length = min_t(unsigned int, length, 1); 676 ((u8 *) req->buf)[0] = hidg->protocol; 677 goto respond; 678 break; 679 680 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 681 | HID_REQ_GET_IDLE): 682 VDBG(cdev, "get_idle\n"); 683 length = min_t(unsigned int, length, 1); 684 ((u8 *) req->buf)[0] = hidg->idle; 685 goto respond; 686 break; 687 688 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 689 | HID_REQ_SET_REPORT): 690 VDBG(cdev, "set_report | wLength=%d\n", ctrl->wLength); 691 if (hidg->use_out_ep) 692 goto stall; 693 req->complete = hidg_ssreport_complete; 694 req->context = hidg; 695 goto respond; 696 break; 697 698 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 699 | HID_REQ_SET_PROTOCOL): 700 VDBG(cdev, "set_protocol\n"); 701 if (value > HID_REPORT_PROTOCOL) 702 goto stall; 703 length = 0; 704 /* 705 * We assume that programs implementing the Boot protocol 706 * are also compatible with the Report Protocol 707 */ 708 if (hidg->bInterfaceSubClass == USB_INTERFACE_SUBCLASS_BOOT) { 709 hidg->protocol = value; 710 goto respond; 711 } 712 goto stall; 713 break; 714 715 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 716 | HID_REQ_SET_IDLE): 717 VDBG(cdev, "set_idle\n"); 718 length = 0; 719 hidg->idle = value >> 8; 720 goto respond; 721 break; 722 723 case ((USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_INTERFACE) << 8 724 | USB_REQ_GET_DESCRIPTOR): 725 switch (value >> 8) { 726 case HID_DT_HID: 727 { 728 struct hid_descriptor hidg_desc_copy = hidg_desc; 729 730 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n"); 731 hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT; 732 hidg_desc_copy.desc[0].wDescriptorLength = 733 cpu_to_le16(hidg->report_desc_length); 734 735 length = min_t(unsigned short, length, 736 hidg_desc_copy.bLength); 737 memcpy(req->buf, &hidg_desc_copy, length); 738 goto respond; 739 break; 740 } 741 case HID_DT_REPORT: 742 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: REPORT\n"); 743 length = min_t(unsigned short, length, 744 hidg->report_desc_length); 745 memcpy(req->buf, hidg->report_desc, length); 746 goto respond; 747 break; 748 749 default: 750 VDBG(cdev, "Unknown descriptor request 0x%x\n", 751 value >> 8); 752 goto stall; 753 break; 754 } 755 break; 756 757 default: 758 VDBG(cdev, "Unknown request 0x%x\n", 759 ctrl->bRequest); 760 goto stall; 761 break; 762 } 763 764 stall: 765 return -EOPNOTSUPP; 766 767 respond: 768 req->zero = 0; 769 req->length = length; 770 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); 771 if (status < 0) 772 ERROR(cdev, "usb_ep_queue error on ep0 %d\n", value); 773 return status; 774 } 775 776 static void hidg_disable(struct usb_function *f) 777 { 778 struct f_hidg *hidg = func_to_hidg(f); 779 struct f_hidg_req_list *list, *next; 780 unsigned long flags; 781 782 usb_ep_disable(hidg->in_ep); 783 784 if (hidg->out_ep) { 785 usb_ep_disable(hidg->out_ep); 786 787 spin_lock_irqsave(&hidg->read_spinlock, flags); 788 list_for_each_entry_safe(list, next, &hidg->completed_out_req, list) { 789 free_ep_req(hidg->out_ep, list->req); 790 list_del(&list->list); 791 kfree(list); 792 } 793 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 794 } 795 796 spin_lock_irqsave(&hidg->write_spinlock, flags); 797 if (!hidg->write_pending) { 798 free_ep_req(hidg->in_ep, hidg->req); 799 hidg->write_pending = 1; 800 } 801 802 hidg->req = NULL; 803 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 804 } 805 806 static int hidg_set_alt(struct usb_function *f, unsigned intf, unsigned alt) 807 { 808 struct usb_composite_dev *cdev = f->config->cdev; 809 struct f_hidg *hidg = func_to_hidg(f); 810 struct usb_request *req_in = NULL; 811 unsigned long flags; 812 int i, status = 0; 813 814 VDBG(cdev, "hidg_set_alt intf:%d alt:%d\n", intf, alt); 815 816 if (hidg->in_ep != NULL) { 817 /* restart endpoint */ 818 usb_ep_disable(hidg->in_ep); 819 820 status = config_ep_by_speed(f->config->cdev->gadget, f, 821 hidg->in_ep); 822 if (status) { 823 ERROR(cdev, "config_ep_by_speed FAILED!\n"); 824 goto fail; 825 } 826 status = usb_ep_enable(hidg->in_ep); 827 if (status < 0) { 828 ERROR(cdev, "Enable IN endpoint FAILED!\n"); 829 goto fail; 830 } 831 hidg->in_ep->driver_data = hidg; 832 833 req_in = hidg_alloc_ep_req(hidg->in_ep, hidg->report_length); 834 if (!req_in) { 835 status = -ENOMEM; 836 goto disable_ep_in; 837 } 838 } 839 840 if (hidg->use_out_ep && hidg->out_ep != NULL) { 841 /* restart endpoint */ 842 usb_ep_disable(hidg->out_ep); 843 844 status = config_ep_by_speed(f->config->cdev->gadget, f, 845 hidg->out_ep); 846 if (status) { 847 ERROR(cdev, "config_ep_by_speed FAILED!\n"); 848 goto free_req_in; 849 } 850 status = usb_ep_enable(hidg->out_ep); 851 if (status < 0) { 852 ERROR(cdev, "Enable OUT endpoint FAILED!\n"); 853 goto free_req_in; 854 } 855 hidg->out_ep->driver_data = hidg; 856 857 /* 858 * allocate a bunch of read buffers and queue them all at once. 859 */ 860 for (i = 0; i < hidg->qlen && status == 0; i++) { 861 struct usb_request *req = 862 hidg_alloc_ep_req(hidg->out_ep, 863 hidg->report_length); 864 if (req) { 865 req->complete = hidg_intout_complete; 866 req->context = hidg; 867 status = usb_ep_queue(hidg->out_ep, req, 868 GFP_ATOMIC); 869 if (status) { 870 ERROR(cdev, "%s queue req --> %d\n", 871 hidg->out_ep->name, status); 872 free_ep_req(hidg->out_ep, req); 873 } 874 } else { 875 status = -ENOMEM; 876 goto disable_out_ep; 877 } 878 } 879 } 880 881 if (hidg->in_ep != NULL) { 882 spin_lock_irqsave(&hidg->write_spinlock, flags); 883 hidg->req = req_in; 884 hidg->write_pending = 0; 885 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 886 887 wake_up(&hidg->write_queue); 888 } 889 return 0; 890 disable_out_ep: 891 if (hidg->out_ep) 892 usb_ep_disable(hidg->out_ep); 893 free_req_in: 894 if (req_in) 895 free_ep_req(hidg->in_ep, req_in); 896 897 disable_ep_in: 898 if (hidg->in_ep) 899 usb_ep_disable(hidg->in_ep); 900 901 fail: 902 return status; 903 } 904 905 static const struct file_operations f_hidg_fops = { 906 .owner = THIS_MODULE, 907 .open = f_hidg_open, 908 .release = f_hidg_release, 909 .write = f_hidg_write, 910 .read = f_hidg_read, 911 .poll = f_hidg_poll, 912 .llseek = noop_llseek, 913 }; 914 915 static int hidg_bind(struct usb_configuration *c, struct usb_function *f) 916 { 917 struct usb_ep *ep; 918 struct f_hidg *hidg = func_to_hidg(f); 919 struct usb_string *us; 920 int status; 921 922 /* maybe allocate device-global string IDs, and patch descriptors */ 923 us = usb_gstrings_attach(c->cdev, ct_func_strings, 924 ARRAY_SIZE(ct_func_string_defs)); 925 if (IS_ERR(us)) 926 return PTR_ERR(us); 927 hidg_interface_desc.iInterface = us[CT_FUNC_HID_IDX].id; 928 929 /* allocate instance-specific interface IDs, and patch descriptors */ 930 status = usb_interface_id(c, f); 931 if (status < 0) 932 goto fail; 933 hidg_interface_desc.bInterfaceNumber = status; 934 935 /* allocate instance-specific endpoints */ 936 status = -ENODEV; 937 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_in_ep_desc); 938 if (!ep) 939 goto fail; 940 hidg->in_ep = ep; 941 942 hidg->out_ep = NULL; 943 if (hidg->use_out_ep) { 944 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_out_ep_desc); 945 if (!ep) 946 goto fail; 947 hidg->out_ep = ep; 948 } 949 950 /* used only if use_out_ep == 1 */ 951 hidg->set_report_buf = NULL; 952 953 /* set descriptor dynamic values */ 954 hidg_interface_desc.bInterfaceSubClass = hidg->bInterfaceSubClass; 955 hidg_interface_desc.bInterfaceProtocol = hidg->bInterfaceProtocol; 956 hidg_interface_desc.bNumEndpoints = hidg->use_out_ep ? 2 : 1; 957 hidg->protocol = HID_REPORT_PROTOCOL; 958 hidg->idle = 1; 959 hidg_ss_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 960 hidg_ss_in_comp_desc.wBytesPerInterval = 961 cpu_to_le16(hidg->report_length); 962 hidg_hs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 963 hidg_fs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 964 hidg_ss_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 965 hidg_ss_out_comp_desc.wBytesPerInterval = 966 cpu_to_le16(hidg->report_length); 967 hidg_hs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 968 hidg_fs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 969 /* 970 * We can use hidg_desc struct here but we should not relay 971 * that its content won't change after returning from this function. 972 */ 973 hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT; 974 hidg_desc.desc[0].wDescriptorLength = 975 cpu_to_le16(hidg->report_desc_length); 976 977 hidg_hs_in_ep_desc.bEndpointAddress = 978 hidg_fs_in_ep_desc.bEndpointAddress; 979 hidg_hs_out_ep_desc.bEndpointAddress = 980 hidg_fs_out_ep_desc.bEndpointAddress; 981 982 hidg_ss_in_ep_desc.bEndpointAddress = 983 hidg_fs_in_ep_desc.bEndpointAddress; 984 hidg_ss_out_ep_desc.bEndpointAddress = 985 hidg_fs_out_ep_desc.bEndpointAddress; 986 987 if (hidg->use_out_ep) 988 status = usb_assign_descriptors(f, 989 hidg_fs_descriptors_intout, 990 hidg_hs_descriptors_intout, 991 hidg_ss_descriptors_intout, 992 hidg_ss_descriptors_intout); 993 else 994 status = usb_assign_descriptors(f, 995 hidg_fs_descriptors_ssreport, 996 hidg_hs_descriptors_ssreport, 997 hidg_ss_descriptors_ssreport, 998 hidg_ss_descriptors_ssreport); 999 1000 if (status) 1001 goto fail; 1002 1003 spin_lock_init(&hidg->write_spinlock); 1004 hidg->write_pending = 1; 1005 hidg->req = NULL; 1006 spin_lock_init(&hidg->read_spinlock); 1007 init_waitqueue_head(&hidg->write_queue); 1008 init_waitqueue_head(&hidg->read_queue); 1009 INIT_LIST_HEAD(&hidg->completed_out_req); 1010 1011 /* create char device */ 1012 cdev_init(&hidg->cdev, &f_hidg_fops); 1013 status = cdev_device_add(&hidg->cdev, &hidg->dev); 1014 if (status) 1015 goto fail_free_descs; 1016 1017 return 0; 1018 fail_free_descs: 1019 usb_free_all_descriptors(f); 1020 fail: 1021 ERROR(f->config->cdev, "hidg_bind FAILED\n"); 1022 if (hidg->req != NULL) 1023 free_ep_req(hidg->in_ep, hidg->req); 1024 1025 return status; 1026 } 1027 1028 static inline int hidg_get_minor(void) 1029 { 1030 int ret; 1031 1032 ret = ida_alloc(&hidg_ida, GFP_KERNEL); 1033 if (ret >= HIDG_MINORS) { 1034 ida_free(&hidg_ida, ret); 1035 ret = -ENODEV; 1036 } 1037 1038 return ret; 1039 } 1040 1041 static inline struct f_hid_opts *to_f_hid_opts(struct config_item *item) 1042 { 1043 return container_of(to_config_group(item), struct f_hid_opts, 1044 func_inst.group); 1045 } 1046 1047 static void hid_attr_release(struct config_item *item) 1048 { 1049 struct f_hid_opts *opts = to_f_hid_opts(item); 1050 1051 usb_put_function_instance(&opts->func_inst); 1052 } 1053 1054 static struct configfs_item_operations hidg_item_ops = { 1055 .release = hid_attr_release, 1056 }; 1057 1058 #define F_HID_OPT(name, prec, limit) \ 1059 static ssize_t f_hid_opts_##name##_show(struct config_item *item, char *page)\ 1060 { \ 1061 struct f_hid_opts *opts = to_f_hid_opts(item); \ 1062 int result; \ 1063 \ 1064 mutex_lock(&opts->lock); \ 1065 result = sprintf(page, "%d\n", opts->name); \ 1066 mutex_unlock(&opts->lock); \ 1067 \ 1068 return result; \ 1069 } \ 1070 \ 1071 static ssize_t f_hid_opts_##name##_store(struct config_item *item, \ 1072 const char *page, size_t len) \ 1073 { \ 1074 struct f_hid_opts *opts = to_f_hid_opts(item); \ 1075 int ret; \ 1076 u##prec num; \ 1077 \ 1078 mutex_lock(&opts->lock); \ 1079 if (opts->refcnt) { \ 1080 ret = -EBUSY; \ 1081 goto end; \ 1082 } \ 1083 \ 1084 ret = kstrtou##prec(page, 0, &num); \ 1085 if (ret) \ 1086 goto end; \ 1087 \ 1088 if (num > limit) { \ 1089 ret = -EINVAL; \ 1090 goto end; \ 1091 } \ 1092 opts->name = num; \ 1093 ret = len; \ 1094 \ 1095 end: \ 1096 mutex_unlock(&opts->lock); \ 1097 return ret; \ 1098 } \ 1099 \ 1100 CONFIGFS_ATTR(f_hid_opts_, name) 1101 1102 F_HID_OPT(subclass, 8, 255); 1103 F_HID_OPT(protocol, 8, 255); 1104 F_HID_OPT(no_out_endpoint, 8, 1); 1105 F_HID_OPT(report_length, 16, 65535); 1106 1107 static ssize_t f_hid_opts_report_desc_show(struct config_item *item, char *page) 1108 { 1109 struct f_hid_opts *opts = to_f_hid_opts(item); 1110 int result; 1111 1112 mutex_lock(&opts->lock); 1113 result = opts->report_desc_length; 1114 memcpy(page, opts->report_desc, opts->report_desc_length); 1115 mutex_unlock(&opts->lock); 1116 1117 return result; 1118 } 1119 1120 static ssize_t f_hid_opts_report_desc_store(struct config_item *item, 1121 const char *page, size_t len) 1122 { 1123 struct f_hid_opts *opts = to_f_hid_opts(item); 1124 int ret = -EBUSY; 1125 char *d; 1126 1127 mutex_lock(&opts->lock); 1128 1129 if (opts->refcnt) 1130 goto end; 1131 if (len > PAGE_SIZE) { 1132 ret = -ENOSPC; 1133 goto end; 1134 } 1135 d = kmemdup(page, len, GFP_KERNEL); 1136 if (!d) { 1137 ret = -ENOMEM; 1138 goto end; 1139 } 1140 kfree(opts->report_desc); 1141 opts->report_desc = d; 1142 opts->report_desc_length = len; 1143 opts->report_desc_alloc = true; 1144 ret = len; 1145 end: 1146 mutex_unlock(&opts->lock); 1147 return ret; 1148 } 1149 1150 CONFIGFS_ATTR(f_hid_opts_, report_desc); 1151 1152 static ssize_t f_hid_opts_dev_show(struct config_item *item, char *page) 1153 { 1154 struct f_hid_opts *opts = to_f_hid_opts(item); 1155 1156 return sprintf(page, "%d:%d\n", major, opts->minor); 1157 } 1158 1159 CONFIGFS_ATTR_RO(f_hid_opts_, dev); 1160 1161 static struct configfs_attribute *hid_attrs[] = { 1162 &f_hid_opts_attr_subclass, 1163 &f_hid_opts_attr_protocol, 1164 &f_hid_opts_attr_no_out_endpoint, 1165 &f_hid_opts_attr_report_length, 1166 &f_hid_opts_attr_report_desc, 1167 &f_hid_opts_attr_dev, 1168 NULL, 1169 }; 1170 1171 static const struct config_item_type hid_func_type = { 1172 .ct_item_ops = &hidg_item_ops, 1173 .ct_attrs = hid_attrs, 1174 .ct_owner = THIS_MODULE, 1175 }; 1176 1177 static inline void hidg_put_minor(int minor) 1178 { 1179 ida_free(&hidg_ida, minor); 1180 } 1181 1182 static void hidg_free_inst(struct usb_function_instance *f) 1183 { 1184 struct f_hid_opts *opts; 1185 1186 opts = container_of(f, struct f_hid_opts, func_inst); 1187 1188 mutex_lock(&hidg_ida_lock); 1189 1190 hidg_put_minor(opts->minor); 1191 if (ida_is_empty(&hidg_ida)) 1192 ghid_cleanup(); 1193 1194 mutex_unlock(&hidg_ida_lock); 1195 1196 if (opts->report_desc_alloc) 1197 kfree(opts->report_desc); 1198 1199 kfree(opts); 1200 } 1201 1202 static struct usb_function_instance *hidg_alloc_inst(void) 1203 { 1204 struct f_hid_opts *opts; 1205 struct usb_function_instance *ret; 1206 int status = 0; 1207 1208 opts = kzalloc(sizeof(*opts), GFP_KERNEL); 1209 if (!opts) 1210 return ERR_PTR(-ENOMEM); 1211 mutex_init(&opts->lock); 1212 opts->func_inst.free_func_inst = hidg_free_inst; 1213 ret = &opts->func_inst; 1214 1215 mutex_lock(&hidg_ida_lock); 1216 1217 if (ida_is_empty(&hidg_ida)) { 1218 status = ghid_setup(NULL, HIDG_MINORS); 1219 if (status) { 1220 ret = ERR_PTR(status); 1221 kfree(opts); 1222 goto unlock; 1223 } 1224 } 1225 1226 opts->minor = hidg_get_minor(); 1227 if (opts->minor < 0) { 1228 ret = ERR_PTR(opts->minor); 1229 kfree(opts); 1230 if (ida_is_empty(&hidg_ida)) 1231 ghid_cleanup(); 1232 goto unlock; 1233 } 1234 config_group_init_type_name(&opts->func_inst.group, "", &hid_func_type); 1235 1236 unlock: 1237 mutex_unlock(&hidg_ida_lock); 1238 return ret; 1239 } 1240 1241 static void hidg_free(struct usb_function *f) 1242 { 1243 struct f_hidg *hidg; 1244 struct f_hid_opts *opts; 1245 1246 hidg = func_to_hidg(f); 1247 opts = container_of(f->fi, struct f_hid_opts, func_inst); 1248 put_device(&hidg->dev); 1249 mutex_lock(&opts->lock); 1250 --opts->refcnt; 1251 mutex_unlock(&opts->lock); 1252 } 1253 1254 static void hidg_unbind(struct usb_configuration *c, struct usb_function *f) 1255 { 1256 struct f_hidg *hidg = func_to_hidg(f); 1257 1258 cdev_device_del(&hidg->cdev, &hidg->dev); 1259 1260 usb_free_all_descriptors(f); 1261 } 1262 1263 static struct usb_function *hidg_alloc(struct usb_function_instance *fi) 1264 { 1265 struct f_hidg *hidg; 1266 struct f_hid_opts *opts; 1267 int ret; 1268 1269 /* allocate and initialize one new instance */ 1270 hidg = kzalloc(sizeof(*hidg), GFP_KERNEL); 1271 if (!hidg) 1272 return ERR_PTR(-ENOMEM); 1273 1274 opts = container_of(fi, struct f_hid_opts, func_inst); 1275 1276 mutex_lock(&opts->lock); 1277 1278 device_initialize(&hidg->dev); 1279 hidg->dev.release = hidg_release; 1280 hidg->dev.class = &hidg_class; 1281 hidg->dev.devt = MKDEV(major, opts->minor); 1282 ret = dev_set_name(&hidg->dev, "hidg%d", opts->minor); 1283 if (ret) 1284 goto err_unlock; 1285 1286 hidg->bInterfaceSubClass = opts->subclass; 1287 hidg->bInterfaceProtocol = opts->protocol; 1288 hidg->report_length = opts->report_length; 1289 hidg->report_desc_length = opts->report_desc_length; 1290 if (opts->report_desc) { 1291 hidg->report_desc = kmemdup(opts->report_desc, 1292 opts->report_desc_length, 1293 GFP_KERNEL); 1294 if (!hidg->report_desc) { 1295 ret = -ENOMEM; 1296 goto err_put_device; 1297 } 1298 } 1299 hidg->use_out_ep = !opts->no_out_endpoint; 1300 1301 ++opts->refcnt; 1302 mutex_unlock(&opts->lock); 1303 1304 hidg->func.name = "hid"; 1305 hidg->func.bind = hidg_bind; 1306 hidg->func.unbind = hidg_unbind; 1307 hidg->func.set_alt = hidg_set_alt; 1308 hidg->func.disable = hidg_disable; 1309 hidg->func.setup = hidg_setup; 1310 hidg->func.free_func = hidg_free; 1311 1312 /* this could be made configurable at some point */ 1313 hidg->qlen = 4; 1314 1315 return &hidg->func; 1316 1317 err_put_device: 1318 put_device(&hidg->dev); 1319 err_unlock: 1320 mutex_unlock(&opts->lock); 1321 return ERR_PTR(ret); 1322 } 1323 1324 DECLARE_USB_FUNCTION_INIT(hid, hidg_alloc_inst, hidg_alloc); 1325 MODULE_DESCRIPTION("USB HID function driver"); 1326 MODULE_LICENSE("GPL"); 1327 MODULE_AUTHOR("Fabien Chouteau"); 1328 1329 int ghid_setup(struct usb_gadget *g, int count) 1330 { 1331 int status; 1332 dev_t dev; 1333 1334 status = class_register(&hidg_class); 1335 if (status) 1336 return status; 1337 1338 status = alloc_chrdev_region(&dev, 0, count, "hidg"); 1339 if (status) { 1340 class_unregister(&hidg_class); 1341 return status; 1342 } 1343 1344 major = MAJOR(dev); 1345 minors = count; 1346 1347 return 0; 1348 } 1349 1350 void ghid_cleanup(void) 1351 { 1352 if (major) { 1353 unregister_chrdev_region(MKDEV(major, 0), minors); 1354 major = minors = 0; 1355 } 1356 1357 class_unregister(&hidg_class); 1358 } 1359