1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * f_hid.c -- USB HID function driver 4 * 5 * Copyright (C) 2010 Fabien Chouteau <fabien.chouteau@barco.com> 6 */ 7 8 #include <linux/kernel.h> 9 #include <linux/module.h> 10 #include <linux/hid.h> 11 #include <linux/idr.h> 12 #include <linux/cdev.h> 13 #include <linux/mutex.h> 14 #include <linux/poll.h> 15 #include <linux/uaccess.h> 16 #include <linux/wait.h> 17 #include <linux/sched.h> 18 #include <linux/workqueue.h> 19 #include <linux/usb/func_utils.h> 20 #include <linux/usb/g_hid.h> 21 #include <uapi/linux/usb/g_hid.h> 22 23 #include "u_hid.h" 24 25 #define HIDG_MINORS 4 26 27 /* 28 * Most operating systems seem to allow for 5000ms timeout, we will allow 29 * userspace half that time to respond before we return an empty report. 30 */ 31 #define GET_REPORT_TIMEOUT_MS 2500 32 33 static int major, minors; 34 35 static const struct class hidg_class = { 36 .name = "hidg", 37 }; 38 39 static DEFINE_IDA(hidg_ida); 40 static DEFINE_MUTEX(hidg_ida_lock); /* protects access to hidg_ida */ 41 42 struct report_entry { 43 struct usb_hidg_report report_data; 44 struct list_head node; 45 }; 46 47 /*-------------------------------------------------------------------------*/ 48 /* HID gadget struct */ 49 50 struct f_hidg_req_list { 51 struct usb_request *req; 52 unsigned int pos; 53 struct list_head list; 54 }; 55 56 struct f_hidg { 57 /* configuration */ 58 unsigned char bInterfaceSubClass; 59 unsigned char bInterfaceProtocol; 60 unsigned char protocol; 61 unsigned char idle; 62 unsigned short report_desc_length; 63 char *report_desc; 64 unsigned short report_length; 65 /* 66 * use_out_ep - if true, the OUT Endpoint (interrupt out method) 67 * will be used to receive reports from the host 68 * using functions with the "intout" suffix. 69 * Otherwise, the OUT Endpoint will not be configured 70 * and the SETUP/SET_REPORT method ("ssreport" suffix) 71 * will be used to receive reports. 72 */ 73 bool use_out_ep; 74 75 /* recv report */ 76 spinlock_t read_spinlock; 77 wait_queue_head_t read_queue; 78 /* recv report - interrupt out only (use_out_ep == 1) */ 79 struct list_head completed_out_req; 80 unsigned int qlen; 81 /* recv report - setup set_report only (use_out_ep == 0) */ 82 char *set_report_buf; 83 unsigned int set_report_length; 84 85 /* send report */ 86 spinlock_t write_spinlock; 87 bool write_pending; 88 wait_queue_head_t write_queue; 89 struct usb_request *req; 90 91 /* get report */ 92 struct usb_request *get_req; 93 struct usb_hidg_report get_report; 94 bool get_report_returned; 95 int get_report_req_report_id; 96 int get_report_req_report_length; 97 spinlock_t get_report_spinlock; 98 wait_queue_head_t get_queue; /* Waiting for userspace response */ 99 wait_queue_head_t get_id_queue; /* Get ID came in */ 100 struct work_struct work; 101 struct workqueue_struct *workqueue; 102 struct list_head report_list; 103 104 struct device dev; 105 struct cdev cdev; 106 struct usb_function func; 107 108 struct usb_ep *in_ep; 109 struct usb_ep *out_ep; 110 }; 111 112 static inline struct f_hidg *func_to_hidg(struct usb_function *f) 113 { 114 return container_of(f, struct f_hidg, func); 115 } 116 117 static void hidg_release(struct device *dev) 118 { 119 struct f_hidg *hidg = container_of(dev, struct f_hidg, dev); 120 121 kfree(hidg->report_desc); 122 kfree(hidg->set_report_buf); 123 kfree(hidg); 124 } 125 126 /*-------------------------------------------------------------------------*/ 127 /* Static descriptors */ 128 129 static struct usb_interface_descriptor hidg_interface_desc = { 130 .bLength = sizeof hidg_interface_desc, 131 .bDescriptorType = USB_DT_INTERFACE, 132 /* .bInterfaceNumber = DYNAMIC */ 133 .bAlternateSetting = 0, 134 /* .bNumEndpoints = DYNAMIC (depends on use_out_ep) */ 135 .bInterfaceClass = USB_CLASS_HID, 136 /* .bInterfaceSubClass = DYNAMIC */ 137 /* .bInterfaceProtocol = DYNAMIC */ 138 /* .iInterface = DYNAMIC */ 139 }; 140 141 static struct hid_descriptor hidg_desc = { 142 .bLength = sizeof hidg_desc, 143 .bDescriptorType = HID_DT_HID, 144 .bcdHID = cpu_to_le16(0x0101), 145 .bCountryCode = 0x00, 146 .bNumDescriptors = 0x1, 147 /*.desc[0].bDescriptorType = DYNAMIC */ 148 /*.desc[0].wDescriptorLenght = DYNAMIC */ 149 }; 150 151 /* Super-Speed Support */ 152 153 static struct usb_endpoint_descriptor hidg_ss_in_ep_desc = { 154 .bLength = USB_DT_ENDPOINT_SIZE, 155 .bDescriptorType = USB_DT_ENDPOINT, 156 .bEndpointAddress = USB_DIR_IN, 157 .bmAttributes = USB_ENDPOINT_XFER_INT, 158 /*.wMaxPacketSize = DYNAMIC */ 159 .bInterval = 4, /* FIXME: Add this field in the 160 * HID gadget configuration? 161 * (struct hidg_func_descriptor) 162 */ 163 }; 164 165 static struct usb_ss_ep_comp_descriptor hidg_ss_in_comp_desc = { 166 .bLength = sizeof(hidg_ss_in_comp_desc), 167 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 168 169 /* .bMaxBurst = 0, */ 170 /* .bmAttributes = 0, */ 171 /* .wBytesPerInterval = DYNAMIC */ 172 }; 173 174 static struct usb_endpoint_descriptor hidg_ss_out_ep_desc = { 175 .bLength = USB_DT_ENDPOINT_SIZE, 176 .bDescriptorType = USB_DT_ENDPOINT, 177 .bEndpointAddress = USB_DIR_OUT, 178 .bmAttributes = USB_ENDPOINT_XFER_INT, 179 /*.wMaxPacketSize = DYNAMIC */ 180 .bInterval = 4, /* FIXME: Add this field in the 181 * HID gadget configuration? 182 * (struct hidg_func_descriptor) 183 */ 184 }; 185 186 static struct usb_ss_ep_comp_descriptor hidg_ss_out_comp_desc = { 187 .bLength = sizeof(hidg_ss_out_comp_desc), 188 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 189 190 /* .bMaxBurst = 0, */ 191 /* .bmAttributes = 0, */ 192 /* .wBytesPerInterval = DYNAMIC */ 193 }; 194 195 static struct usb_descriptor_header *hidg_ss_descriptors_intout[] = { 196 (struct usb_descriptor_header *)&hidg_interface_desc, 197 (struct usb_descriptor_header *)&hidg_desc, 198 (struct usb_descriptor_header *)&hidg_ss_in_ep_desc, 199 (struct usb_descriptor_header *)&hidg_ss_in_comp_desc, 200 (struct usb_descriptor_header *)&hidg_ss_out_ep_desc, 201 (struct usb_descriptor_header *)&hidg_ss_out_comp_desc, 202 NULL, 203 }; 204 205 static struct usb_descriptor_header *hidg_ss_descriptors_ssreport[] = { 206 (struct usb_descriptor_header *)&hidg_interface_desc, 207 (struct usb_descriptor_header *)&hidg_desc, 208 (struct usb_descriptor_header *)&hidg_ss_in_ep_desc, 209 (struct usb_descriptor_header *)&hidg_ss_in_comp_desc, 210 NULL, 211 }; 212 213 /* High-Speed Support */ 214 215 static struct usb_endpoint_descriptor hidg_hs_in_ep_desc = { 216 .bLength = USB_DT_ENDPOINT_SIZE, 217 .bDescriptorType = USB_DT_ENDPOINT, 218 .bEndpointAddress = USB_DIR_IN, 219 .bmAttributes = USB_ENDPOINT_XFER_INT, 220 /*.wMaxPacketSize = DYNAMIC */ 221 .bInterval = 4, /* FIXME: Add this field in the 222 * HID gadget configuration? 223 * (struct hidg_func_descriptor) 224 */ 225 }; 226 227 static struct usb_endpoint_descriptor hidg_hs_out_ep_desc = { 228 .bLength = USB_DT_ENDPOINT_SIZE, 229 .bDescriptorType = USB_DT_ENDPOINT, 230 .bEndpointAddress = USB_DIR_OUT, 231 .bmAttributes = USB_ENDPOINT_XFER_INT, 232 /*.wMaxPacketSize = DYNAMIC */ 233 .bInterval = 4, /* FIXME: Add this field in the 234 * HID gadget configuration? 235 * (struct hidg_func_descriptor) 236 */ 237 }; 238 239 static struct usb_descriptor_header *hidg_hs_descriptors_intout[] = { 240 (struct usb_descriptor_header *)&hidg_interface_desc, 241 (struct usb_descriptor_header *)&hidg_desc, 242 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc, 243 (struct usb_descriptor_header *)&hidg_hs_out_ep_desc, 244 NULL, 245 }; 246 247 static struct usb_descriptor_header *hidg_hs_descriptors_ssreport[] = { 248 (struct usb_descriptor_header *)&hidg_interface_desc, 249 (struct usb_descriptor_header *)&hidg_desc, 250 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc, 251 NULL, 252 }; 253 254 /* Full-Speed Support */ 255 256 static struct usb_endpoint_descriptor hidg_fs_in_ep_desc = { 257 .bLength = USB_DT_ENDPOINT_SIZE, 258 .bDescriptorType = USB_DT_ENDPOINT, 259 .bEndpointAddress = USB_DIR_IN, 260 .bmAttributes = USB_ENDPOINT_XFER_INT, 261 /*.wMaxPacketSize = DYNAMIC */ 262 .bInterval = 10, /* FIXME: Add this field in the 263 * HID gadget configuration? 264 * (struct hidg_func_descriptor) 265 */ 266 }; 267 268 static struct usb_endpoint_descriptor hidg_fs_out_ep_desc = { 269 .bLength = USB_DT_ENDPOINT_SIZE, 270 .bDescriptorType = USB_DT_ENDPOINT, 271 .bEndpointAddress = USB_DIR_OUT, 272 .bmAttributes = USB_ENDPOINT_XFER_INT, 273 /*.wMaxPacketSize = DYNAMIC */ 274 .bInterval = 10, /* FIXME: Add this field in the 275 * HID gadget configuration? 276 * (struct hidg_func_descriptor) 277 */ 278 }; 279 280 static struct usb_descriptor_header *hidg_fs_descriptors_intout[] = { 281 (struct usb_descriptor_header *)&hidg_interface_desc, 282 (struct usb_descriptor_header *)&hidg_desc, 283 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc, 284 (struct usb_descriptor_header *)&hidg_fs_out_ep_desc, 285 NULL, 286 }; 287 288 static struct usb_descriptor_header *hidg_fs_descriptors_ssreport[] = { 289 (struct usb_descriptor_header *)&hidg_interface_desc, 290 (struct usb_descriptor_header *)&hidg_desc, 291 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc, 292 NULL, 293 }; 294 295 /*-------------------------------------------------------------------------*/ 296 /* Strings */ 297 298 #define CT_FUNC_HID_IDX 0 299 300 static struct usb_string ct_func_string_defs[] = { 301 [CT_FUNC_HID_IDX].s = "HID Interface", 302 {}, /* end of list */ 303 }; 304 305 static struct usb_gadget_strings ct_func_string_table = { 306 .language = 0x0409, /* en-US */ 307 .strings = ct_func_string_defs, 308 }; 309 310 static struct usb_gadget_strings *ct_func_strings[] = { 311 &ct_func_string_table, 312 NULL, 313 }; 314 315 /*-------------------------------------------------------------------------*/ 316 /* Char Device */ 317 318 static ssize_t f_hidg_intout_read(struct file *file, char __user *buffer, 319 size_t count, loff_t *ptr) 320 { 321 struct f_hidg *hidg = file->private_data; 322 struct f_hidg_req_list *list; 323 struct usb_request *req; 324 unsigned long flags; 325 int ret; 326 327 if (!count) 328 return 0; 329 330 spin_lock_irqsave(&hidg->read_spinlock, flags); 331 332 #define READ_COND_INTOUT (!list_empty(&hidg->completed_out_req)) 333 334 /* wait for at least one buffer to complete */ 335 while (!READ_COND_INTOUT) { 336 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 337 if (file->f_flags & O_NONBLOCK) 338 return -EAGAIN; 339 340 if (wait_event_interruptible(hidg->read_queue, READ_COND_INTOUT)) 341 return -ERESTARTSYS; 342 343 spin_lock_irqsave(&hidg->read_spinlock, flags); 344 } 345 346 /* pick the first one */ 347 list = list_first_entry(&hidg->completed_out_req, 348 struct f_hidg_req_list, list); 349 350 /* 351 * Remove this from list to protect it from beign free() 352 * while host disables our function 353 */ 354 list_del(&list->list); 355 356 req = list->req; 357 count = min_t(unsigned int, count, req->actual - list->pos); 358 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 359 360 /* copy to user outside spinlock */ 361 count -= copy_to_user(buffer, req->buf + list->pos, count); 362 list->pos += count; 363 364 /* 365 * if this request is completely handled and transfered to 366 * userspace, remove its entry from the list and requeue it 367 * again. Otherwise, we will revisit it again upon the next 368 * call, taking into account its current read position. 369 */ 370 if (list->pos == req->actual) { 371 kfree(list); 372 373 req->length = hidg->report_length; 374 ret = usb_ep_queue(hidg->out_ep, req, GFP_KERNEL); 375 if (ret < 0) { 376 free_ep_req(hidg->out_ep, req); 377 return ret; 378 } 379 } else { 380 spin_lock_irqsave(&hidg->read_spinlock, flags); 381 list_add(&list->list, &hidg->completed_out_req); 382 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 383 384 wake_up(&hidg->read_queue); 385 } 386 387 return count; 388 } 389 390 #define READ_COND_SSREPORT (hidg->set_report_buf != NULL) 391 392 static ssize_t f_hidg_ssreport_read(struct file *file, char __user *buffer, 393 size_t count, loff_t *ptr) 394 { 395 struct f_hidg *hidg = file->private_data; 396 char *tmp_buf = NULL; 397 unsigned long flags; 398 399 if (!count) 400 return 0; 401 402 spin_lock_irqsave(&hidg->read_spinlock, flags); 403 404 while (!READ_COND_SSREPORT) { 405 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 406 if (file->f_flags & O_NONBLOCK) 407 return -EAGAIN; 408 409 if (wait_event_interruptible(hidg->read_queue, READ_COND_SSREPORT)) 410 return -ERESTARTSYS; 411 412 spin_lock_irqsave(&hidg->read_spinlock, flags); 413 } 414 415 count = min_t(unsigned int, count, hidg->set_report_length); 416 tmp_buf = hidg->set_report_buf; 417 hidg->set_report_buf = NULL; 418 419 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 420 421 if (tmp_buf != NULL) { 422 count -= copy_to_user(buffer, tmp_buf, count); 423 kfree(tmp_buf); 424 } else { 425 count = -ENOMEM; 426 } 427 428 wake_up(&hidg->read_queue); 429 430 return count; 431 } 432 433 static ssize_t f_hidg_read(struct file *file, char __user *buffer, 434 size_t count, loff_t *ptr) 435 { 436 struct f_hidg *hidg = file->private_data; 437 438 if (hidg->use_out_ep) 439 return f_hidg_intout_read(file, buffer, count, ptr); 440 else 441 return f_hidg_ssreport_read(file, buffer, count, ptr); 442 } 443 444 static void f_hidg_req_complete(struct usb_ep *ep, struct usb_request *req) 445 { 446 struct f_hidg *hidg = (struct f_hidg *)ep->driver_data; 447 unsigned long flags; 448 449 if (req->status != 0) { 450 ERROR(hidg->func.config->cdev, 451 "End Point Request ERROR: %d\n", req->status); 452 } 453 454 spin_lock_irqsave(&hidg->write_spinlock, flags); 455 hidg->write_pending = 0; 456 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 457 wake_up(&hidg->write_queue); 458 } 459 460 static ssize_t f_hidg_write(struct file *file, const char __user *buffer, 461 size_t count, loff_t *offp) 462 { 463 struct f_hidg *hidg = file->private_data; 464 struct usb_request *req; 465 unsigned long flags; 466 ssize_t status = -ENOMEM; 467 468 spin_lock_irqsave(&hidg->write_spinlock, flags); 469 470 if (!hidg->req) { 471 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 472 return -ESHUTDOWN; 473 } 474 475 #define WRITE_COND (!hidg->write_pending) 476 try_again: 477 /* write queue */ 478 while (!WRITE_COND) { 479 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 480 if (file->f_flags & O_NONBLOCK) 481 return -EAGAIN; 482 483 if (wait_event_interruptible_exclusive( 484 hidg->write_queue, WRITE_COND)) 485 return -ERESTARTSYS; 486 487 spin_lock_irqsave(&hidg->write_spinlock, flags); 488 } 489 490 hidg->write_pending = 1; 491 req = hidg->req; 492 count = min_t(unsigned, count, hidg->report_length); 493 494 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 495 496 if (!req) { 497 ERROR(hidg->func.config->cdev, "hidg->req is NULL\n"); 498 status = -ESHUTDOWN; 499 goto release_write_pending; 500 } 501 502 status = copy_from_user(req->buf, buffer, count); 503 if (status != 0) { 504 ERROR(hidg->func.config->cdev, 505 "copy_from_user error\n"); 506 status = -EINVAL; 507 goto release_write_pending; 508 } 509 510 spin_lock_irqsave(&hidg->write_spinlock, flags); 511 512 /* when our function has been disabled by host */ 513 if (!hidg->req) { 514 free_ep_req(hidg->in_ep, req); 515 /* 516 * TODO 517 * Should we fail with error here? 518 */ 519 goto try_again; 520 } 521 522 req->status = 0; 523 req->zero = 0; 524 req->length = count; 525 req->complete = f_hidg_req_complete; 526 req->context = hidg; 527 528 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 529 530 if (!hidg->in_ep->enabled) { 531 ERROR(hidg->func.config->cdev, "in_ep is disabled\n"); 532 status = -ESHUTDOWN; 533 goto release_write_pending; 534 } 535 536 status = usb_ep_queue(hidg->in_ep, req, GFP_ATOMIC); 537 if (status < 0) 538 goto release_write_pending; 539 else 540 status = count; 541 542 return status; 543 release_write_pending: 544 spin_lock_irqsave(&hidg->write_spinlock, flags); 545 hidg->write_pending = 0; 546 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 547 548 wake_up(&hidg->write_queue); 549 550 return status; 551 } 552 553 static struct report_entry *f_hidg_search_for_report(struct f_hidg *hidg, u8 report_id) 554 { 555 struct list_head *ptr; 556 struct report_entry *entry; 557 558 list_for_each(ptr, &hidg->report_list) { 559 entry = list_entry(ptr, struct report_entry, node); 560 if (entry->report_data.report_id == report_id) 561 return entry; 562 } 563 564 return NULL; 565 } 566 567 static void get_report_workqueue_handler(struct work_struct *work) 568 { 569 struct f_hidg *hidg = container_of(work, struct f_hidg, work); 570 struct usb_composite_dev *cdev = hidg->func.config->cdev; 571 struct usb_request *req; 572 struct report_entry *ptr; 573 unsigned long flags; 574 575 int status = 0; 576 577 spin_lock_irqsave(&hidg->get_report_spinlock, flags); 578 req = hidg->get_req; 579 if (!req) { 580 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 581 return; 582 } 583 584 req->zero = 0; 585 req->length = min_t(unsigned int, min_t(unsigned int, hidg->get_report_req_report_length, 586 hidg->report_length), 587 MAX_REPORT_LENGTH); 588 589 /* Check if there is a response available for immediate response */ 590 ptr = f_hidg_search_for_report(hidg, hidg->get_report_req_report_id); 591 if (ptr && !ptr->report_data.userspace_req) { 592 /* Report exists in list and it is to be used for immediate response */ 593 req->buf = ptr->report_data.data; 594 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); 595 hidg->get_report_returned = true; 596 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 597 } else { 598 /* 599 * Report does not exist in list or should not be immediately sent 600 * i.e. give userspace time to respond 601 */ 602 hidg->get_report_returned = false; 603 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 604 wake_up(&hidg->get_id_queue); 605 #define GET_REPORT_COND (!hidg->get_report_returned) 606 /* Wait until userspace has responded or timeout */ 607 status = wait_event_interruptible_timeout(hidg->get_queue, !GET_REPORT_COND, 608 msecs_to_jiffies(GET_REPORT_TIMEOUT_MS)); 609 spin_lock_irqsave(&hidg->get_report_spinlock, flags); 610 req = hidg->get_req; 611 if (!req) { 612 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 613 return; 614 } 615 if (status == 0 && !hidg->get_report_returned) { 616 /* GET_REPORT request was not serviced by userspace within timeout period */ 617 VDBG(cdev, "get_report : userspace timeout.\n"); 618 hidg->get_report_returned = true; 619 } 620 621 /* Search again for report ID in list and respond to GET_REPORT request */ 622 ptr = f_hidg_search_for_report(hidg, hidg->get_report_req_report_id); 623 if (ptr) { 624 /* 625 * Either get an updated response just serviced by userspace 626 * or send the latest response in the list 627 */ 628 req->buf = ptr->report_data.data; 629 } else { 630 /* If there are no prevoiusly sent reports send empty report */ 631 req->buf = hidg->get_report.data; 632 memset(req->buf, 0x0, req->length); 633 } 634 635 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); 636 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 637 } 638 639 if (status < 0) 640 VDBG(cdev, "usb_ep_queue error on ep0 responding to GET_REPORT\n"); 641 } 642 643 static int f_hidg_get_report_id(struct file *file, __u8 __user *buffer) 644 { 645 struct f_hidg *hidg = file->private_data; 646 int ret = 0; 647 648 ret = put_user(hidg->get_report_req_report_id, buffer); 649 650 return ret; 651 } 652 653 static int f_hidg_get_report(struct file *file, struct usb_hidg_report __user *buffer) 654 { 655 struct f_hidg *hidg = file->private_data; 656 struct usb_composite_dev *cdev = hidg->func.config->cdev; 657 unsigned long flags; 658 struct report_entry *entry; 659 struct report_entry *ptr; 660 __u8 report_id; 661 662 entry = kmalloc(sizeof(*entry), GFP_KERNEL); 663 if (!entry) 664 return -ENOMEM; 665 666 if (copy_from_user(&entry->report_data, buffer, 667 sizeof(struct usb_hidg_report))) { 668 ERROR(cdev, "copy_from_user error\n"); 669 kfree(entry); 670 return -EINVAL; 671 } 672 673 report_id = entry->report_data.report_id; 674 675 spin_lock_irqsave(&hidg->get_report_spinlock, flags); 676 ptr = f_hidg_search_for_report(hidg, report_id); 677 678 if (ptr) { 679 /* Report already exists in list - update it */ 680 if (copy_from_user(&ptr->report_data, buffer, 681 sizeof(struct usb_hidg_report))) { 682 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 683 ERROR(cdev, "copy_from_user error\n"); 684 kfree(entry); 685 return -EINVAL; 686 } 687 kfree(entry); 688 } else { 689 /* Report does not exist in list - add it */ 690 list_add_tail(&entry->node, &hidg->report_list); 691 } 692 693 /* If there is no response pending then do nothing further */ 694 if (hidg->get_report_returned) { 695 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 696 return 0; 697 } 698 699 /* If this userspace response serves the current pending report */ 700 if (hidg->get_report_req_report_id == report_id) { 701 hidg->get_report_returned = true; 702 wake_up(&hidg->get_queue); 703 } 704 705 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 706 return 0; 707 } 708 709 static long f_hidg_ioctl(struct file *file, unsigned int code, unsigned long arg) 710 { 711 switch (code) { 712 case GADGET_HID_READ_GET_REPORT_ID: 713 return f_hidg_get_report_id(file, (__u8 __user *)arg); 714 case GADGET_HID_WRITE_GET_REPORT: 715 return f_hidg_get_report(file, (struct usb_hidg_report __user *)arg); 716 default: 717 return -ENOTTY; 718 } 719 } 720 721 static __poll_t f_hidg_poll(struct file *file, poll_table *wait) 722 { 723 struct f_hidg *hidg = file->private_data; 724 __poll_t ret = 0; 725 726 poll_wait(file, &hidg->read_queue, wait); 727 poll_wait(file, &hidg->write_queue, wait); 728 poll_wait(file, &hidg->get_queue, wait); 729 poll_wait(file, &hidg->get_id_queue, wait); 730 731 if (WRITE_COND) 732 ret |= EPOLLOUT | EPOLLWRNORM; 733 734 if (hidg->use_out_ep) { 735 if (READ_COND_INTOUT) 736 ret |= EPOLLIN | EPOLLRDNORM; 737 } else { 738 if (READ_COND_SSREPORT) 739 ret |= EPOLLIN | EPOLLRDNORM; 740 } 741 742 if (GET_REPORT_COND) 743 ret |= EPOLLPRI; 744 745 return ret; 746 } 747 748 #undef WRITE_COND 749 #undef READ_COND_SSREPORT 750 #undef READ_COND_INTOUT 751 #undef GET_REPORT_COND 752 753 static int f_hidg_release(struct inode *inode, struct file *fd) 754 { 755 fd->private_data = NULL; 756 return 0; 757 } 758 759 static int f_hidg_open(struct inode *inode, struct file *fd) 760 { 761 struct f_hidg *hidg = 762 container_of(inode->i_cdev, struct f_hidg, cdev); 763 764 fd->private_data = hidg; 765 766 return 0; 767 } 768 769 /*-------------------------------------------------------------------------*/ 770 /* usb_function */ 771 772 static inline struct usb_request *hidg_alloc_ep_req(struct usb_ep *ep, 773 unsigned length) 774 { 775 return alloc_ep_req(ep, length); 776 } 777 778 static void hidg_intout_complete(struct usb_ep *ep, struct usb_request *req) 779 { 780 struct f_hidg *hidg = (struct f_hidg *) req->context; 781 struct usb_composite_dev *cdev = hidg->func.config->cdev; 782 struct f_hidg_req_list *req_list; 783 unsigned long flags; 784 785 switch (req->status) { 786 case 0: 787 req_list = kzalloc(sizeof(*req_list), GFP_ATOMIC); 788 if (!req_list) { 789 ERROR(cdev, "Unable to allocate mem for req_list\n"); 790 goto free_req; 791 } 792 793 req_list->req = req; 794 795 spin_lock_irqsave(&hidg->read_spinlock, flags); 796 list_add_tail(&req_list->list, &hidg->completed_out_req); 797 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 798 799 wake_up(&hidg->read_queue); 800 break; 801 default: 802 ERROR(cdev, "Set report failed %d\n", req->status); 803 fallthrough; 804 case -ECONNABORTED: /* hardware forced ep reset */ 805 case -ECONNRESET: /* request dequeued */ 806 case -ESHUTDOWN: /* disconnect from host */ 807 free_req: 808 free_ep_req(ep, req); 809 return; 810 } 811 } 812 813 static void hidg_ssreport_complete(struct usb_ep *ep, struct usb_request *req) 814 { 815 struct f_hidg *hidg = (struct f_hidg *)req->context; 816 struct usb_composite_dev *cdev = hidg->func.config->cdev; 817 char *new_buf = NULL; 818 unsigned long flags; 819 820 if (req->status != 0 || req->buf == NULL || req->actual == 0) { 821 ERROR(cdev, 822 "%s FAILED: status=%d, buf=%p, actual=%d\n", 823 __func__, req->status, req->buf, req->actual); 824 return; 825 } 826 827 spin_lock_irqsave(&hidg->read_spinlock, flags); 828 829 new_buf = krealloc(hidg->set_report_buf, req->actual, GFP_ATOMIC); 830 if (new_buf == NULL) { 831 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 832 return; 833 } 834 hidg->set_report_buf = new_buf; 835 836 hidg->set_report_length = req->actual; 837 memcpy(hidg->set_report_buf, req->buf, req->actual); 838 839 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 840 841 wake_up(&hidg->read_queue); 842 } 843 844 static void hidg_get_report_complete(struct usb_ep *ep, struct usb_request *req) 845 { 846 } 847 848 static int hidg_setup(struct usb_function *f, 849 const struct usb_ctrlrequest *ctrl) 850 { 851 struct f_hidg *hidg = func_to_hidg(f); 852 struct usb_composite_dev *cdev = f->config->cdev; 853 struct usb_request *req = cdev->req; 854 int status = 0; 855 __u16 value, length; 856 unsigned long flags; 857 858 value = __le16_to_cpu(ctrl->wValue); 859 length = __le16_to_cpu(ctrl->wLength); 860 861 VDBG(cdev, 862 "%s crtl_request : bRequestType:0x%x bRequest:0x%x Value:0x%x\n", 863 __func__, ctrl->bRequestType, ctrl->bRequest, value); 864 865 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) { 866 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 867 | HID_REQ_GET_REPORT): 868 VDBG(cdev, "get_report | wLength=%d\n", ctrl->wLength); 869 870 /* 871 * Update GET_REPORT ID so that an ioctl can be used to determine what 872 * GET_REPORT the request was actually for. 873 */ 874 spin_lock_irqsave(&hidg->get_report_spinlock, flags); 875 hidg->get_report_req_report_id = value & 0xff; 876 hidg->get_report_req_report_length = length; 877 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 878 879 queue_work(hidg->workqueue, &hidg->work); 880 881 return status; 882 883 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 884 | HID_REQ_GET_PROTOCOL): 885 VDBG(cdev, "get_protocol\n"); 886 length = min_t(unsigned int, length, 1); 887 ((u8 *) req->buf)[0] = hidg->protocol; 888 goto respond; 889 break; 890 891 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 892 | HID_REQ_GET_IDLE): 893 VDBG(cdev, "get_idle\n"); 894 length = min_t(unsigned int, length, 1); 895 ((u8 *) req->buf)[0] = hidg->idle; 896 goto respond; 897 break; 898 899 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 900 | HID_REQ_SET_REPORT): 901 VDBG(cdev, "set_report | wLength=%d\n", ctrl->wLength); 902 if (hidg->use_out_ep) 903 goto stall; 904 req->complete = hidg_ssreport_complete; 905 req->context = hidg; 906 goto respond; 907 break; 908 909 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 910 | HID_REQ_SET_PROTOCOL): 911 VDBG(cdev, "set_protocol\n"); 912 if (value > HID_REPORT_PROTOCOL) 913 goto stall; 914 length = 0; 915 /* 916 * We assume that programs implementing the Boot protocol 917 * are also compatible with the Report Protocol 918 */ 919 if (hidg->bInterfaceSubClass == USB_INTERFACE_SUBCLASS_BOOT) { 920 hidg->protocol = value; 921 goto respond; 922 } 923 goto stall; 924 break; 925 926 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 927 | HID_REQ_SET_IDLE): 928 VDBG(cdev, "set_idle\n"); 929 length = 0; 930 hidg->idle = value >> 8; 931 goto respond; 932 break; 933 934 case ((USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_INTERFACE) << 8 935 | USB_REQ_GET_DESCRIPTOR): 936 switch (value >> 8) { 937 case HID_DT_HID: 938 { 939 struct hid_descriptor hidg_desc_copy = hidg_desc; 940 941 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n"); 942 hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT; 943 hidg_desc_copy.desc[0].wDescriptorLength = 944 cpu_to_le16(hidg->report_desc_length); 945 946 length = min_t(unsigned short, length, 947 hidg_desc_copy.bLength); 948 memcpy(req->buf, &hidg_desc_copy, length); 949 goto respond; 950 break; 951 } 952 case HID_DT_REPORT: 953 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: REPORT\n"); 954 length = min_t(unsigned short, length, 955 hidg->report_desc_length); 956 memcpy(req->buf, hidg->report_desc, length); 957 goto respond; 958 break; 959 960 default: 961 VDBG(cdev, "Unknown descriptor request 0x%x\n", 962 value >> 8); 963 goto stall; 964 break; 965 } 966 break; 967 968 default: 969 VDBG(cdev, "Unknown request 0x%x\n", 970 ctrl->bRequest); 971 goto stall; 972 break; 973 } 974 975 stall: 976 return -EOPNOTSUPP; 977 978 respond: 979 req->zero = 0; 980 req->length = length; 981 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); 982 if (status < 0) 983 ERROR(cdev, "usb_ep_queue error on ep0 %d\n", value); 984 return status; 985 } 986 987 static void hidg_disable(struct usb_function *f) 988 { 989 struct f_hidg *hidg = func_to_hidg(f); 990 struct f_hidg_req_list *list, *next; 991 unsigned long flags; 992 993 usb_ep_disable(hidg->in_ep); 994 995 if (hidg->out_ep) { 996 usb_ep_disable(hidg->out_ep); 997 998 spin_lock_irqsave(&hidg->read_spinlock, flags); 999 list_for_each_entry_safe(list, next, &hidg->completed_out_req, list) { 1000 free_ep_req(hidg->out_ep, list->req); 1001 list_del(&list->list); 1002 kfree(list); 1003 } 1004 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 1005 } 1006 1007 spin_lock_irqsave(&hidg->get_report_spinlock, flags); 1008 if (!hidg->get_report_returned) { 1009 usb_ep_free_request(f->config->cdev->gadget->ep0, hidg->get_req); 1010 hidg->get_req = NULL; 1011 hidg->get_report_returned = true; 1012 } 1013 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 1014 1015 spin_lock_irqsave(&hidg->write_spinlock, flags); 1016 if (!hidg->write_pending) { 1017 free_ep_req(hidg->in_ep, hidg->req); 1018 hidg->write_pending = 1; 1019 } 1020 1021 hidg->req = NULL; 1022 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 1023 } 1024 1025 static int hidg_set_alt(struct usb_function *f, unsigned intf, unsigned alt) 1026 { 1027 struct usb_composite_dev *cdev = f->config->cdev; 1028 struct f_hidg *hidg = func_to_hidg(f); 1029 struct usb_request *req_in = NULL; 1030 unsigned long flags; 1031 int i, status = 0; 1032 1033 VDBG(cdev, "hidg_set_alt intf:%d alt:%d\n", intf, alt); 1034 1035 if (hidg->in_ep != NULL) { 1036 /* restart endpoint */ 1037 usb_ep_disable(hidg->in_ep); 1038 1039 status = config_ep_by_speed(f->config->cdev->gadget, f, 1040 hidg->in_ep); 1041 if (status) { 1042 ERROR(cdev, "config_ep_by_speed FAILED!\n"); 1043 goto fail; 1044 } 1045 status = usb_ep_enable(hidg->in_ep); 1046 if (status < 0) { 1047 ERROR(cdev, "Enable IN endpoint FAILED!\n"); 1048 goto fail; 1049 } 1050 hidg->in_ep->driver_data = hidg; 1051 1052 req_in = hidg_alloc_ep_req(hidg->in_ep, hidg->report_length); 1053 if (!req_in) { 1054 status = -ENOMEM; 1055 goto disable_ep_in; 1056 } 1057 } 1058 1059 if (hidg->use_out_ep && hidg->out_ep != NULL) { 1060 /* restart endpoint */ 1061 usb_ep_disable(hidg->out_ep); 1062 1063 status = config_ep_by_speed(f->config->cdev->gadget, f, 1064 hidg->out_ep); 1065 if (status) { 1066 ERROR(cdev, "config_ep_by_speed FAILED!\n"); 1067 goto free_req_in; 1068 } 1069 status = usb_ep_enable(hidg->out_ep); 1070 if (status < 0) { 1071 ERROR(cdev, "Enable OUT endpoint FAILED!\n"); 1072 goto free_req_in; 1073 } 1074 hidg->out_ep->driver_data = hidg; 1075 1076 /* 1077 * allocate a bunch of read buffers and queue them all at once. 1078 */ 1079 for (i = 0; i < hidg->qlen && status == 0; i++) { 1080 struct usb_request *req = 1081 hidg_alloc_ep_req(hidg->out_ep, 1082 hidg->report_length); 1083 if (req) { 1084 req->complete = hidg_intout_complete; 1085 req->context = hidg; 1086 status = usb_ep_queue(hidg->out_ep, req, 1087 GFP_ATOMIC); 1088 if (status) { 1089 ERROR(cdev, "%s queue req --> %d\n", 1090 hidg->out_ep->name, status); 1091 free_ep_req(hidg->out_ep, req); 1092 } 1093 } else { 1094 status = -ENOMEM; 1095 goto disable_out_ep; 1096 } 1097 } 1098 } 1099 1100 if (hidg->in_ep != NULL) { 1101 spin_lock_irqsave(&hidg->write_spinlock, flags); 1102 hidg->req = req_in; 1103 hidg->write_pending = 0; 1104 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 1105 1106 wake_up(&hidg->write_queue); 1107 } 1108 return 0; 1109 disable_out_ep: 1110 if (hidg->out_ep) 1111 usb_ep_disable(hidg->out_ep); 1112 free_req_in: 1113 if (req_in) 1114 free_ep_req(hidg->in_ep, req_in); 1115 1116 disable_ep_in: 1117 if (hidg->in_ep) 1118 usb_ep_disable(hidg->in_ep); 1119 1120 fail: 1121 return status; 1122 } 1123 1124 #ifdef CONFIG_COMPAT 1125 static long f_hidg_compat_ioctl(struct file *file, unsigned int code, 1126 unsigned long value) 1127 { 1128 return f_hidg_ioctl(file, code, value); 1129 } 1130 #endif 1131 1132 static const struct file_operations f_hidg_fops = { 1133 .owner = THIS_MODULE, 1134 .open = f_hidg_open, 1135 .release = f_hidg_release, 1136 .write = f_hidg_write, 1137 .read = f_hidg_read, 1138 .poll = f_hidg_poll, 1139 .unlocked_ioctl = f_hidg_ioctl, 1140 #ifdef CONFIG_COMPAT 1141 .compat_ioctl = f_hidg_compat_ioctl, 1142 #endif 1143 .llseek = noop_llseek, 1144 }; 1145 1146 static int hidg_bind(struct usb_configuration *c, struct usb_function *f) 1147 { 1148 struct usb_ep *ep; 1149 struct f_hidg *hidg = func_to_hidg(f); 1150 struct usb_string *us; 1151 int status; 1152 1153 hidg->get_req = usb_ep_alloc_request(c->cdev->gadget->ep0, GFP_ATOMIC); 1154 if (!hidg->get_req) 1155 return -ENOMEM; 1156 1157 hidg->get_req->zero = 0; 1158 hidg->get_req->complete = hidg_get_report_complete; 1159 hidg->get_req->context = hidg; 1160 hidg->get_report_returned = true; 1161 1162 /* maybe allocate device-global string IDs, and patch descriptors */ 1163 us = usb_gstrings_attach(c->cdev, ct_func_strings, 1164 ARRAY_SIZE(ct_func_string_defs)); 1165 if (IS_ERR(us)) 1166 return PTR_ERR(us); 1167 hidg_interface_desc.iInterface = us[CT_FUNC_HID_IDX].id; 1168 1169 /* allocate instance-specific interface IDs, and patch descriptors */ 1170 status = usb_interface_id(c, f); 1171 if (status < 0) 1172 goto fail; 1173 hidg_interface_desc.bInterfaceNumber = status; 1174 1175 /* allocate instance-specific endpoints */ 1176 status = -ENODEV; 1177 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_in_ep_desc); 1178 if (!ep) 1179 goto fail; 1180 hidg->in_ep = ep; 1181 1182 hidg->out_ep = NULL; 1183 if (hidg->use_out_ep) { 1184 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_out_ep_desc); 1185 if (!ep) 1186 goto fail; 1187 hidg->out_ep = ep; 1188 } 1189 1190 /* used only if use_out_ep == 1 */ 1191 hidg->set_report_buf = NULL; 1192 1193 /* set descriptor dynamic values */ 1194 hidg_interface_desc.bInterfaceSubClass = hidg->bInterfaceSubClass; 1195 hidg_interface_desc.bInterfaceProtocol = hidg->bInterfaceProtocol; 1196 hidg_interface_desc.bNumEndpoints = hidg->use_out_ep ? 2 : 1; 1197 hidg->protocol = HID_REPORT_PROTOCOL; 1198 hidg->idle = 1; 1199 hidg_ss_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 1200 hidg_ss_in_comp_desc.wBytesPerInterval = 1201 cpu_to_le16(hidg->report_length); 1202 hidg_hs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 1203 hidg_fs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 1204 hidg_ss_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 1205 hidg_ss_out_comp_desc.wBytesPerInterval = 1206 cpu_to_le16(hidg->report_length); 1207 hidg_hs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 1208 hidg_fs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 1209 /* 1210 * We can use hidg_desc struct here but we should not relay 1211 * that its content won't change after returning from this function. 1212 */ 1213 hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT; 1214 hidg_desc.desc[0].wDescriptorLength = 1215 cpu_to_le16(hidg->report_desc_length); 1216 1217 hidg_hs_in_ep_desc.bEndpointAddress = 1218 hidg_fs_in_ep_desc.bEndpointAddress; 1219 hidg_hs_out_ep_desc.bEndpointAddress = 1220 hidg_fs_out_ep_desc.bEndpointAddress; 1221 1222 hidg_ss_in_ep_desc.bEndpointAddress = 1223 hidg_fs_in_ep_desc.bEndpointAddress; 1224 hidg_ss_out_ep_desc.bEndpointAddress = 1225 hidg_fs_out_ep_desc.bEndpointAddress; 1226 1227 if (hidg->use_out_ep) 1228 status = usb_assign_descriptors(f, 1229 hidg_fs_descriptors_intout, 1230 hidg_hs_descriptors_intout, 1231 hidg_ss_descriptors_intout, 1232 hidg_ss_descriptors_intout); 1233 else 1234 status = usb_assign_descriptors(f, 1235 hidg_fs_descriptors_ssreport, 1236 hidg_hs_descriptors_ssreport, 1237 hidg_ss_descriptors_ssreport, 1238 hidg_ss_descriptors_ssreport); 1239 1240 if (status) 1241 goto fail; 1242 1243 spin_lock_init(&hidg->write_spinlock); 1244 hidg->write_pending = 1; 1245 hidg->req = NULL; 1246 spin_lock_init(&hidg->read_spinlock); 1247 spin_lock_init(&hidg->get_report_spinlock); 1248 init_waitqueue_head(&hidg->write_queue); 1249 init_waitqueue_head(&hidg->read_queue); 1250 init_waitqueue_head(&hidg->get_queue); 1251 init_waitqueue_head(&hidg->get_id_queue); 1252 INIT_LIST_HEAD(&hidg->completed_out_req); 1253 INIT_LIST_HEAD(&hidg->report_list); 1254 1255 INIT_WORK(&hidg->work, get_report_workqueue_handler); 1256 hidg->workqueue = alloc_workqueue("report_work", 1257 WQ_FREEZABLE | 1258 WQ_MEM_RECLAIM, 1259 1); 1260 1261 if (!hidg->workqueue) { 1262 status = -ENOMEM; 1263 goto fail; 1264 } 1265 1266 /* create char device */ 1267 cdev_init(&hidg->cdev, &f_hidg_fops); 1268 status = cdev_device_add(&hidg->cdev, &hidg->dev); 1269 if (status) 1270 goto fail_free_descs; 1271 1272 return 0; 1273 fail_free_descs: 1274 destroy_workqueue(hidg->workqueue); 1275 usb_free_all_descriptors(f); 1276 fail: 1277 ERROR(f->config->cdev, "hidg_bind FAILED\n"); 1278 if (hidg->req != NULL) 1279 free_ep_req(hidg->in_ep, hidg->req); 1280 1281 usb_ep_free_request(c->cdev->gadget->ep0, hidg->get_req); 1282 hidg->get_req = NULL; 1283 1284 return status; 1285 } 1286 1287 static inline int hidg_get_minor(void) 1288 { 1289 int ret; 1290 1291 ret = ida_alloc(&hidg_ida, GFP_KERNEL); 1292 if (ret >= HIDG_MINORS) { 1293 ida_free(&hidg_ida, ret); 1294 ret = -ENODEV; 1295 } 1296 1297 return ret; 1298 } 1299 1300 static inline struct f_hid_opts *to_f_hid_opts(struct config_item *item) 1301 { 1302 return container_of(to_config_group(item), struct f_hid_opts, 1303 func_inst.group); 1304 } 1305 1306 static void hid_attr_release(struct config_item *item) 1307 { 1308 struct f_hid_opts *opts = to_f_hid_opts(item); 1309 1310 usb_put_function_instance(&opts->func_inst); 1311 } 1312 1313 static struct configfs_item_operations hidg_item_ops = { 1314 .release = hid_attr_release, 1315 }; 1316 1317 #define F_HID_OPT(name, prec, limit) \ 1318 static ssize_t f_hid_opts_##name##_show(struct config_item *item, char *page)\ 1319 { \ 1320 struct f_hid_opts *opts = to_f_hid_opts(item); \ 1321 int result; \ 1322 \ 1323 mutex_lock(&opts->lock); \ 1324 result = sprintf(page, "%d\n", opts->name); \ 1325 mutex_unlock(&opts->lock); \ 1326 \ 1327 return result; \ 1328 } \ 1329 \ 1330 static ssize_t f_hid_opts_##name##_store(struct config_item *item, \ 1331 const char *page, size_t len) \ 1332 { \ 1333 struct f_hid_opts *opts = to_f_hid_opts(item); \ 1334 int ret; \ 1335 u##prec num; \ 1336 \ 1337 mutex_lock(&opts->lock); \ 1338 if (opts->refcnt) { \ 1339 ret = -EBUSY; \ 1340 goto end; \ 1341 } \ 1342 \ 1343 ret = kstrtou##prec(page, 0, &num); \ 1344 if (ret) \ 1345 goto end; \ 1346 \ 1347 if (num > limit) { \ 1348 ret = -EINVAL; \ 1349 goto end; \ 1350 } \ 1351 opts->name = num; \ 1352 ret = len; \ 1353 \ 1354 end: \ 1355 mutex_unlock(&opts->lock); \ 1356 return ret; \ 1357 } \ 1358 \ 1359 CONFIGFS_ATTR(f_hid_opts_, name) 1360 1361 F_HID_OPT(subclass, 8, 255); 1362 F_HID_OPT(protocol, 8, 255); 1363 F_HID_OPT(no_out_endpoint, 8, 1); 1364 F_HID_OPT(report_length, 16, 65535); 1365 1366 static ssize_t f_hid_opts_report_desc_show(struct config_item *item, char *page) 1367 { 1368 struct f_hid_opts *opts = to_f_hid_opts(item); 1369 int result; 1370 1371 mutex_lock(&opts->lock); 1372 result = opts->report_desc_length; 1373 memcpy(page, opts->report_desc, opts->report_desc_length); 1374 mutex_unlock(&opts->lock); 1375 1376 return result; 1377 } 1378 1379 static ssize_t f_hid_opts_report_desc_store(struct config_item *item, 1380 const char *page, size_t len) 1381 { 1382 struct f_hid_opts *opts = to_f_hid_opts(item); 1383 int ret = -EBUSY; 1384 char *d; 1385 1386 mutex_lock(&opts->lock); 1387 1388 if (opts->refcnt) 1389 goto end; 1390 if (len > PAGE_SIZE) { 1391 ret = -ENOSPC; 1392 goto end; 1393 } 1394 d = kmemdup(page, len, GFP_KERNEL); 1395 if (!d) { 1396 ret = -ENOMEM; 1397 goto end; 1398 } 1399 kfree(opts->report_desc); 1400 opts->report_desc = d; 1401 opts->report_desc_length = len; 1402 opts->report_desc_alloc = true; 1403 ret = len; 1404 end: 1405 mutex_unlock(&opts->lock); 1406 return ret; 1407 } 1408 1409 CONFIGFS_ATTR(f_hid_opts_, report_desc); 1410 1411 static ssize_t f_hid_opts_dev_show(struct config_item *item, char *page) 1412 { 1413 struct f_hid_opts *opts = to_f_hid_opts(item); 1414 1415 return sprintf(page, "%d:%d\n", major, opts->minor); 1416 } 1417 1418 CONFIGFS_ATTR_RO(f_hid_opts_, dev); 1419 1420 static struct configfs_attribute *hid_attrs[] = { 1421 &f_hid_opts_attr_subclass, 1422 &f_hid_opts_attr_protocol, 1423 &f_hid_opts_attr_no_out_endpoint, 1424 &f_hid_opts_attr_report_length, 1425 &f_hid_opts_attr_report_desc, 1426 &f_hid_opts_attr_dev, 1427 NULL, 1428 }; 1429 1430 static const struct config_item_type hid_func_type = { 1431 .ct_item_ops = &hidg_item_ops, 1432 .ct_attrs = hid_attrs, 1433 .ct_owner = THIS_MODULE, 1434 }; 1435 1436 static inline void hidg_put_minor(int minor) 1437 { 1438 ida_free(&hidg_ida, minor); 1439 } 1440 1441 static void hidg_free_inst(struct usb_function_instance *f) 1442 { 1443 struct f_hid_opts *opts; 1444 1445 opts = container_of(f, struct f_hid_opts, func_inst); 1446 1447 mutex_lock(&hidg_ida_lock); 1448 1449 hidg_put_minor(opts->minor); 1450 if (ida_is_empty(&hidg_ida)) 1451 ghid_cleanup(); 1452 1453 mutex_unlock(&hidg_ida_lock); 1454 1455 if (opts->report_desc_alloc) 1456 kfree(opts->report_desc); 1457 1458 kfree(opts); 1459 } 1460 1461 static struct usb_function_instance *hidg_alloc_inst(void) 1462 { 1463 struct f_hid_opts *opts; 1464 struct usb_function_instance *ret; 1465 int status = 0; 1466 1467 opts = kzalloc(sizeof(*opts), GFP_KERNEL); 1468 if (!opts) 1469 return ERR_PTR(-ENOMEM); 1470 mutex_init(&opts->lock); 1471 opts->func_inst.free_func_inst = hidg_free_inst; 1472 ret = &opts->func_inst; 1473 1474 mutex_lock(&hidg_ida_lock); 1475 1476 if (ida_is_empty(&hidg_ida)) { 1477 status = ghid_setup(NULL, HIDG_MINORS); 1478 if (status) { 1479 ret = ERR_PTR(status); 1480 kfree(opts); 1481 goto unlock; 1482 } 1483 } 1484 1485 opts->minor = hidg_get_minor(); 1486 if (opts->minor < 0) { 1487 ret = ERR_PTR(opts->minor); 1488 kfree(opts); 1489 if (ida_is_empty(&hidg_ida)) 1490 ghid_cleanup(); 1491 goto unlock; 1492 } 1493 config_group_init_type_name(&opts->func_inst.group, "", &hid_func_type); 1494 1495 unlock: 1496 mutex_unlock(&hidg_ida_lock); 1497 return ret; 1498 } 1499 1500 static void hidg_free(struct usb_function *f) 1501 { 1502 struct f_hidg *hidg; 1503 struct f_hid_opts *opts; 1504 1505 hidg = func_to_hidg(f); 1506 opts = container_of(f->fi, struct f_hid_opts, func_inst); 1507 put_device(&hidg->dev); 1508 mutex_lock(&opts->lock); 1509 --opts->refcnt; 1510 mutex_unlock(&opts->lock); 1511 } 1512 1513 static void hidg_unbind(struct usb_configuration *c, struct usb_function *f) 1514 { 1515 struct f_hidg *hidg = func_to_hidg(f); 1516 1517 cdev_device_del(&hidg->cdev, &hidg->dev); 1518 destroy_workqueue(hidg->workqueue); 1519 usb_free_all_descriptors(f); 1520 } 1521 1522 static struct usb_function *hidg_alloc(struct usb_function_instance *fi) 1523 { 1524 struct f_hidg *hidg; 1525 struct f_hid_opts *opts; 1526 int ret; 1527 1528 /* allocate and initialize one new instance */ 1529 hidg = kzalloc(sizeof(*hidg), GFP_KERNEL); 1530 if (!hidg) 1531 return ERR_PTR(-ENOMEM); 1532 1533 opts = container_of(fi, struct f_hid_opts, func_inst); 1534 1535 mutex_lock(&opts->lock); 1536 1537 device_initialize(&hidg->dev); 1538 hidg->dev.release = hidg_release; 1539 hidg->dev.class = &hidg_class; 1540 hidg->dev.devt = MKDEV(major, opts->minor); 1541 ret = dev_set_name(&hidg->dev, "hidg%d", opts->minor); 1542 if (ret) 1543 goto err_unlock; 1544 1545 hidg->bInterfaceSubClass = opts->subclass; 1546 hidg->bInterfaceProtocol = opts->protocol; 1547 hidg->report_length = opts->report_length; 1548 hidg->report_desc_length = opts->report_desc_length; 1549 if (opts->report_desc) { 1550 hidg->report_desc = kmemdup(opts->report_desc, 1551 opts->report_desc_length, 1552 GFP_KERNEL); 1553 if (!hidg->report_desc) { 1554 ret = -ENOMEM; 1555 goto err_put_device; 1556 } 1557 } 1558 hidg->use_out_ep = !opts->no_out_endpoint; 1559 1560 ++opts->refcnt; 1561 mutex_unlock(&opts->lock); 1562 1563 hidg->func.name = "hid"; 1564 hidg->func.bind = hidg_bind; 1565 hidg->func.unbind = hidg_unbind; 1566 hidg->func.set_alt = hidg_set_alt; 1567 hidg->func.disable = hidg_disable; 1568 hidg->func.setup = hidg_setup; 1569 hidg->func.free_func = hidg_free; 1570 1571 /* this could be made configurable at some point */ 1572 hidg->qlen = 4; 1573 1574 return &hidg->func; 1575 1576 err_put_device: 1577 put_device(&hidg->dev); 1578 err_unlock: 1579 mutex_unlock(&opts->lock); 1580 return ERR_PTR(ret); 1581 } 1582 1583 DECLARE_USB_FUNCTION_INIT(hid, hidg_alloc_inst, hidg_alloc); 1584 MODULE_DESCRIPTION("USB HID function driver"); 1585 MODULE_LICENSE("GPL"); 1586 MODULE_AUTHOR("Fabien Chouteau"); 1587 1588 int ghid_setup(struct usb_gadget *g, int count) 1589 { 1590 int status; 1591 dev_t dev; 1592 1593 status = class_register(&hidg_class); 1594 if (status) 1595 return status; 1596 1597 status = alloc_chrdev_region(&dev, 0, count, "hidg"); 1598 if (status) { 1599 class_unregister(&hidg_class); 1600 return status; 1601 } 1602 1603 major = MAJOR(dev); 1604 minors = count; 1605 1606 return 0; 1607 } 1608 1609 void ghid_cleanup(void) 1610 { 1611 if (major) { 1612 unregister_chrdev_region(MKDEV(major, 0), minors); 1613 major = minors = 0; 1614 } 1615 1616 class_unregister(&hidg_class); 1617 } 1618