1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * f_hid.c -- USB HID function driver 4 * 5 * Copyright (C) 2010 Fabien Chouteau <fabien.chouteau@barco.com> 6 */ 7 8 #include <linux/kernel.h> 9 #include <linux/module.h> 10 #include <linux/hid.h> 11 #include <linux/idr.h> 12 #include <linux/cdev.h> 13 #include <linux/mutex.h> 14 #include <linux/poll.h> 15 #include <linux/uaccess.h> 16 #include <linux/wait.h> 17 #include <linux/sched.h> 18 #include <linux/usb/g_hid.h> 19 20 #include "u_f.h" 21 #include "u_hid.h" 22 23 #define HIDG_MINORS 4 24 25 static int major, minors; 26 static struct class *hidg_class; 27 static DEFINE_IDA(hidg_ida); 28 static DEFINE_MUTEX(hidg_ida_lock); /* protects access to hidg_ida */ 29 30 /*-------------------------------------------------------------------------*/ 31 /* HID gadget struct */ 32 33 struct f_hidg_req_list { 34 struct usb_request *req; 35 unsigned int pos; 36 struct list_head list; 37 }; 38 39 struct f_hidg { 40 /* configuration */ 41 unsigned char bInterfaceSubClass; 42 unsigned char bInterfaceProtocol; 43 unsigned char protocol; 44 unsigned short report_desc_length; 45 char *report_desc; 46 unsigned short report_length; 47 48 /* recv report */ 49 struct list_head completed_out_req; 50 spinlock_t read_spinlock; 51 wait_queue_head_t read_queue; 52 unsigned int qlen; 53 54 /* send report */ 55 spinlock_t write_spinlock; 56 bool write_pending; 57 wait_queue_head_t write_queue; 58 struct usb_request *req; 59 60 int minor; 61 struct cdev cdev; 62 struct usb_function func; 63 64 struct usb_ep *in_ep; 65 struct usb_ep *out_ep; 66 }; 67 68 static inline struct f_hidg *func_to_hidg(struct usb_function *f) 69 { 70 return container_of(f, struct f_hidg, func); 71 } 72 73 /*-------------------------------------------------------------------------*/ 74 /* Static descriptors */ 75 76 static struct usb_interface_descriptor hidg_interface_desc = { 77 .bLength = sizeof hidg_interface_desc, 78 .bDescriptorType = USB_DT_INTERFACE, 79 /* .bInterfaceNumber = DYNAMIC */ 80 .bAlternateSetting = 0, 81 .bNumEndpoints = 2, 82 .bInterfaceClass = USB_CLASS_HID, 83 /* .bInterfaceSubClass = DYNAMIC */ 84 /* .bInterfaceProtocol = DYNAMIC */ 85 /* .iInterface = DYNAMIC */ 86 }; 87 88 static struct hid_descriptor hidg_desc = { 89 .bLength = sizeof hidg_desc, 90 .bDescriptorType = HID_DT_HID, 91 .bcdHID = 0x0101, 92 .bCountryCode = 0x00, 93 .bNumDescriptors = 0x1, 94 /*.desc[0].bDescriptorType = DYNAMIC */ 95 /*.desc[0].wDescriptorLenght = DYNAMIC */ 96 }; 97 98 /* Super-Speed Support */ 99 100 static struct usb_endpoint_descriptor hidg_ss_in_ep_desc = { 101 .bLength = USB_DT_ENDPOINT_SIZE, 102 .bDescriptorType = USB_DT_ENDPOINT, 103 .bEndpointAddress = USB_DIR_IN, 104 .bmAttributes = USB_ENDPOINT_XFER_INT, 105 /*.wMaxPacketSize = DYNAMIC */ 106 .bInterval = 4, /* FIXME: Add this field in the 107 * HID gadget configuration? 108 * (struct hidg_func_descriptor) 109 */ 110 }; 111 112 static struct usb_ss_ep_comp_descriptor hidg_ss_in_comp_desc = { 113 .bLength = sizeof(hidg_ss_in_comp_desc), 114 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 115 116 /* .bMaxBurst = 0, */ 117 /* .bmAttributes = 0, */ 118 /* .wBytesPerInterval = DYNAMIC */ 119 }; 120 121 static struct usb_endpoint_descriptor hidg_ss_out_ep_desc = { 122 .bLength = USB_DT_ENDPOINT_SIZE, 123 .bDescriptorType = USB_DT_ENDPOINT, 124 .bEndpointAddress = USB_DIR_OUT, 125 .bmAttributes = USB_ENDPOINT_XFER_INT, 126 /*.wMaxPacketSize = DYNAMIC */ 127 .bInterval = 4, /* FIXME: Add this field in the 128 * HID gadget configuration? 129 * (struct hidg_func_descriptor) 130 */ 131 }; 132 133 static struct usb_ss_ep_comp_descriptor hidg_ss_out_comp_desc = { 134 .bLength = sizeof(hidg_ss_out_comp_desc), 135 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 136 137 /* .bMaxBurst = 0, */ 138 /* .bmAttributes = 0, */ 139 /* .wBytesPerInterval = DYNAMIC */ 140 }; 141 142 static struct usb_descriptor_header *hidg_ss_descriptors[] = { 143 (struct usb_descriptor_header *)&hidg_interface_desc, 144 (struct usb_descriptor_header *)&hidg_desc, 145 (struct usb_descriptor_header *)&hidg_ss_in_ep_desc, 146 (struct usb_descriptor_header *)&hidg_ss_in_comp_desc, 147 (struct usb_descriptor_header *)&hidg_ss_out_ep_desc, 148 (struct usb_descriptor_header *)&hidg_ss_out_comp_desc, 149 NULL, 150 }; 151 152 /* High-Speed Support */ 153 154 static struct usb_endpoint_descriptor hidg_hs_in_ep_desc = { 155 .bLength = USB_DT_ENDPOINT_SIZE, 156 .bDescriptorType = USB_DT_ENDPOINT, 157 .bEndpointAddress = USB_DIR_IN, 158 .bmAttributes = USB_ENDPOINT_XFER_INT, 159 /*.wMaxPacketSize = DYNAMIC */ 160 .bInterval = 4, /* FIXME: Add this field in the 161 * HID gadget configuration? 162 * (struct hidg_func_descriptor) 163 */ 164 }; 165 166 static struct usb_endpoint_descriptor hidg_hs_out_ep_desc = { 167 .bLength = USB_DT_ENDPOINT_SIZE, 168 .bDescriptorType = USB_DT_ENDPOINT, 169 .bEndpointAddress = USB_DIR_OUT, 170 .bmAttributes = USB_ENDPOINT_XFER_INT, 171 /*.wMaxPacketSize = DYNAMIC */ 172 .bInterval = 4, /* FIXME: Add this field in the 173 * HID gadget configuration? 174 * (struct hidg_func_descriptor) 175 */ 176 }; 177 178 static struct usb_descriptor_header *hidg_hs_descriptors[] = { 179 (struct usb_descriptor_header *)&hidg_interface_desc, 180 (struct usb_descriptor_header *)&hidg_desc, 181 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc, 182 (struct usb_descriptor_header *)&hidg_hs_out_ep_desc, 183 NULL, 184 }; 185 186 /* Full-Speed Support */ 187 188 static struct usb_endpoint_descriptor hidg_fs_in_ep_desc = { 189 .bLength = USB_DT_ENDPOINT_SIZE, 190 .bDescriptorType = USB_DT_ENDPOINT, 191 .bEndpointAddress = USB_DIR_IN, 192 .bmAttributes = USB_ENDPOINT_XFER_INT, 193 /*.wMaxPacketSize = DYNAMIC */ 194 .bInterval = 10, /* FIXME: Add this field in the 195 * HID gadget configuration? 196 * (struct hidg_func_descriptor) 197 */ 198 }; 199 200 static struct usb_endpoint_descriptor hidg_fs_out_ep_desc = { 201 .bLength = USB_DT_ENDPOINT_SIZE, 202 .bDescriptorType = USB_DT_ENDPOINT, 203 .bEndpointAddress = USB_DIR_OUT, 204 .bmAttributes = USB_ENDPOINT_XFER_INT, 205 /*.wMaxPacketSize = DYNAMIC */ 206 .bInterval = 10, /* FIXME: Add this field in the 207 * HID gadget configuration? 208 * (struct hidg_func_descriptor) 209 */ 210 }; 211 212 static struct usb_descriptor_header *hidg_fs_descriptors[] = { 213 (struct usb_descriptor_header *)&hidg_interface_desc, 214 (struct usb_descriptor_header *)&hidg_desc, 215 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc, 216 (struct usb_descriptor_header *)&hidg_fs_out_ep_desc, 217 NULL, 218 }; 219 220 /*-------------------------------------------------------------------------*/ 221 /* Strings */ 222 223 #define CT_FUNC_HID_IDX 0 224 225 static struct usb_string ct_func_string_defs[] = { 226 [CT_FUNC_HID_IDX].s = "HID Interface", 227 {}, /* end of list */ 228 }; 229 230 static struct usb_gadget_strings ct_func_string_table = { 231 .language = 0x0409, /* en-US */ 232 .strings = ct_func_string_defs, 233 }; 234 235 static struct usb_gadget_strings *ct_func_strings[] = { 236 &ct_func_string_table, 237 NULL, 238 }; 239 240 /*-------------------------------------------------------------------------*/ 241 /* Char Device */ 242 243 static ssize_t f_hidg_read(struct file *file, char __user *buffer, 244 size_t count, loff_t *ptr) 245 { 246 struct f_hidg *hidg = file->private_data; 247 struct f_hidg_req_list *list; 248 struct usb_request *req; 249 unsigned long flags; 250 int ret; 251 252 if (!count) 253 return 0; 254 255 if (!access_ok(buffer, count)) 256 return -EFAULT; 257 258 spin_lock_irqsave(&hidg->read_spinlock, flags); 259 260 #define READ_COND (!list_empty(&hidg->completed_out_req)) 261 262 /* wait for at least one buffer to complete */ 263 while (!READ_COND) { 264 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 265 if (file->f_flags & O_NONBLOCK) 266 return -EAGAIN; 267 268 if (wait_event_interruptible(hidg->read_queue, READ_COND)) 269 return -ERESTARTSYS; 270 271 spin_lock_irqsave(&hidg->read_spinlock, flags); 272 } 273 274 /* pick the first one */ 275 list = list_first_entry(&hidg->completed_out_req, 276 struct f_hidg_req_list, list); 277 278 /* 279 * Remove this from list to protect it from beign free() 280 * while host disables our function 281 */ 282 list_del(&list->list); 283 284 req = list->req; 285 count = min_t(unsigned int, count, req->actual - list->pos); 286 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 287 288 /* copy to user outside spinlock */ 289 count -= copy_to_user(buffer, req->buf + list->pos, count); 290 list->pos += count; 291 292 /* 293 * if this request is completely handled and transfered to 294 * userspace, remove its entry from the list and requeue it 295 * again. Otherwise, we will revisit it again upon the next 296 * call, taking into account its current read position. 297 */ 298 if (list->pos == req->actual) { 299 kfree(list); 300 301 req->length = hidg->report_length; 302 ret = usb_ep_queue(hidg->out_ep, req, GFP_KERNEL); 303 if (ret < 0) { 304 free_ep_req(hidg->out_ep, req); 305 return ret; 306 } 307 } else { 308 spin_lock_irqsave(&hidg->read_spinlock, flags); 309 list_add(&list->list, &hidg->completed_out_req); 310 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 311 312 wake_up(&hidg->read_queue); 313 } 314 315 return count; 316 } 317 318 static void f_hidg_req_complete(struct usb_ep *ep, struct usb_request *req) 319 { 320 struct f_hidg *hidg = (struct f_hidg *)ep->driver_data; 321 unsigned long flags; 322 323 if (req->status != 0) { 324 ERROR(hidg->func.config->cdev, 325 "End Point Request ERROR: %d\n", req->status); 326 } 327 328 spin_lock_irqsave(&hidg->write_spinlock, flags); 329 hidg->write_pending = 0; 330 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 331 wake_up(&hidg->write_queue); 332 } 333 334 static ssize_t f_hidg_write(struct file *file, const char __user *buffer, 335 size_t count, loff_t *offp) 336 { 337 struct f_hidg *hidg = file->private_data; 338 struct usb_request *req; 339 unsigned long flags; 340 ssize_t status = -ENOMEM; 341 342 if (!access_ok(buffer, count)) 343 return -EFAULT; 344 345 spin_lock_irqsave(&hidg->write_spinlock, flags); 346 347 #define WRITE_COND (!hidg->write_pending) 348 try_again: 349 /* write queue */ 350 while (!WRITE_COND) { 351 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 352 if (file->f_flags & O_NONBLOCK) 353 return -EAGAIN; 354 355 if (wait_event_interruptible_exclusive( 356 hidg->write_queue, WRITE_COND)) 357 return -ERESTARTSYS; 358 359 spin_lock_irqsave(&hidg->write_spinlock, flags); 360 } 361 362 hidg->write_pending = 1; 363 req = hidg->req; 364 count = min_t(unsigned, count, hidg->report_length); 365 366 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 367 status = copy_from_user(req->buf, buffer, count); 368 369 if (status != 0) { 370 ERROR(hidg->func.config->cdev, 371 "copy_from_user error\n"); 372 status = -EINVAL; 373 goto release_write_pending; 374 } 375 376 spin_lock_irqsave(&hidg->write_spinlock, flags); 377 378 /* when our function has been disabled by host */ 379 if (!hidg->req) { 380 free_ep_req(hidg->in_ep, req); 381 /* 382 * TODO 383 * Should we fail with error here? 384 */ 385 goto try_again; 386 } 387 388 req->status = 0; 389 req->zero = 0; 390 req->length = count; 391 req->complete = f_hidg_req_complete; 392 req->context = hidg; 393 394 status = usb_ep_queue(hidg->in_ep, req, GFP_ATOMIC); 395 if (status < 0) { 396 ERROR(hidg->func.config->cdev, 397 "usb_ep_queue error on int endpoint %zd\n", status); 398 goto release_write_pending_unlocked; 399 } else { 400 status = count; 401 } 402 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 403 404 return status; 405 release_write_pending: 406 spin_lock_irqsave(&hidg->write_spinlock, flags); 407 release_write_pending_unlocked: 408 hidg->write_pending = 0; 409 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 410 411 wake_up(&hidg->write_queue); 412 413 return status; 414 } 415 416 static __poll_t f_hidg_poll(struct file *file, poll_table *wait) 417 { 418 struct f_hidg *hidg = file->private_data; 419 __poll_t ret = 0; 420 421 poll_wait(file, &hidg->read_queue, wait); 422 poll_wait(file, &hidg->write_queue, wait); 423 424 if (WRITE_COND) 425 ret |= EPOLLOUT | EPOLLWRNORM; 426 427 if (READ_COND) 428 ret |= EPOLLIN | EPOLLRDNORM; 429 430 return ret; 431 } 432 433 #undef WRITE_COND 434 #undef READ_COND 435 436 static int f_hidg_release(struct inode *inode, struct file *fd) 437 { 438 fd->private_data = NULL; 439 return 0; 440 } 441 442 static int f_hidg_open(struct inode *inode, struct file *fd) 443 { 444 struct f_hidg *hidg = 445 container_of(inode->i_cdev, struct f_hidg, cdev); 446 447 fd->private_data = hidg; 448 449 return 0; 450 } 451 452 /*-------------------------------------------------------------------------*/ 453 /* usb_function */ 454 455 static inline struct usb_request *hidg_alloc_ep_req(struct usb_ep *ep, 456 unsigned length) 457 { 458 return alloc_ep_req(ep, length); 459 } 460 461 static void hidg_set_report_complete(struct usb_ep *ep, struct usb_request *req) 462 { 463 struct f_hidg *hidg = (struct f_hidg *) req->context; 464 struct usb_composite_dev *cdev = hidg->func.config->cdev; 465 struct f_hidg_req_list *req_list; 466 unsigned long flags; 467 468 switch (req->status) { 469 case 0: 470 req_list = kzalloc(sizeof(*req_list), GFP_ATOMIC); 471 if (!req_list) { 472 ERROR(cdev, "Unable to allocate mem for req_list\n"); 473 goto free_req; 474 } 475 476 req_list->req = req; 477 478 spin_lock_irqsave(&hidg->read_spinlock, flags); 479 list_add_tail(&req_list->list, &hidg->completed_out_req); 480 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 481 482 wake_up(&hidg->read_queue); 483 break; 484 default: 485 ERROR(cdev, "Set report failed %d\n", req->status); 486 /* FALLTHROUGH */ 487 case -ECONNABORTED: /* hardware forced ep reset */ 488 case -ECONNRESET: /* request dequeued */ 489 case -ESHUTDOWN: /* disconnect from host */ 490 free_req: 491 free_ep_req(ep, req); 492 return; 493 } 494 } 495 496 static int hidg_setup(struct usb_function *f, 497 const struct usb_ctrlrequest *ctrl) 498 { 499 struct f_hidg *hidg = func_to_hidg(f); 500 struct usb_composite_dev *cdev = f->config->cdev; 501 struct usb_request *req = cdev->req; 502 int status = 0; 503 __u16 value, length; 504 505 value = __le16_to_cpu(ctrl->wValue); 506 length = __le16_to_cpu(ctrl->wLength); 507 508 VDBG(cdev, 509 "%s crtl_request : bRequestType:0x%x bRequest:0x%x Value:0x%x\n", 510 __func__, ctrl->bRequestType, ctrl->bRequest, value); 511 512 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) { 513 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 514 | HID_REQ_GET_REPORT): 515 VDBG(cdev, "get_report\n"); 516 517 /* send an empty report */ 518 length = min_t(unsigned, length, hidg->report_length); 519 memset(req->buf, 0x0, length); 520 521 goto respond; 522 break; 523 524 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 525 | HID_REQ_GET_PROTOCOL): 526 VDBG(cdev, "get_protocol\n"); 527 length = min_t(unsigned int, length, 1); 528 ((u8 *) req->buf)[0] = hidg->protocol; 529 goto respond; 530 break; 531 532 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 533 | HID_REQ_SET_REPORT): 534 VDBG(cdev, "set_report | wLength=%d\n", ctrl->wLength); 535 goto stall; 536 break; 537 538 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 539 | HID_REQ_SET_PROTOCOL): 540 VDBG(cdev, "set_protocol\n"); 541 if (value > HID_REPORT_PROTOCOL) 542 goto stall; 543 length = 0; 544 /* 545 * We assume that programs implementing the Boot protocol 546 * are also compatible with the Report Protocol 547 */ 548 if (hidg->bInterfaceSubClass == USB_INTERFACE_SUBCLASS_BOOT) { 549 hidg->protocol = value; 550 goto respond; 551 } 552 goto stall; 553 break; 554 555 case ((USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_INTERFACE) << 8 556 | USB_REQ_GET_DESCRIPTOR): 557 switch (value >> 8) { 558 case HID_DT_HID: 559 { 560 struct hid_descriptor hidg_desc_copy = hidg_desc; 561 562 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n"); 563 hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT; 564 hidg_desc_copy.desc[0].wDescriptorLength = 565 cpu_to_le16(hidg->report_desc_length); 566 567 length = min_t(unsigned short, length, 568 hidg_desc_copy.bLength); 569 memcpy(req->buf, &hidg_desc_copy, length); 570 goto respond; 571 break; 572 } 573 case HID_DT_REPORT: 574 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: REPORT\n"); 575 length = min_t(unsigned short, length, 576 hidg->report_desc_length); 577 memcpy(req->buf, hidg->report_desc, length); 578 goto respond; 579 break; 580 581 default: 582 VDBG(cdev, "Unknown descriptor request 0x%x\n", 583 value >> 8); 584 goto stall; 585 break; 586 } 587 break; 588 589 default: 590 VDBG(cdev, "Unknown request 0x%x\n", 591 ctrl->bRequest); 592 goto stall; 593 break; 594 } 595 596 stall: 597 return -EOPNOTSUPP; 598 599 respond: 600 req->zero = 0; 601 req->length = length; 602 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); 603 if (status < 0) 604 ERROR(cdev, "usb_ep_queue error on ep0 %d\n", value); 605 return status; 606 } 607 608 static void hidg_disable(struct usb_function *f) 609 { 610 struct f_hidg *hidg = func_to_hidg(f); 611 struct f_hidg_req_list *list, *next; 612 unsigned long flags; 613 614 usb_ep_disable(hidg->in_ep); 615 usb_ep_disable(hidg->out_ep); 616 617 spin_lock_irqsave(&hidg->read_spinlock, flags); 618 list_for_each_entry_safe(list, next, &hidg->completed_out_req, list) { 619 free_ep_req(hidg->out_ep, list->req); 620 list_del(&list->list); 621 kfree(list); 622 } 623 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 624 625 spin_lock_irqsave(&hidg->write_spinlock, flags); 626 if (!hidg->write_pending) { 627 free_ep_req(hidg->in_ep, hidg->req); 628 hidg->write_pending = 1; 629 } 630 631 hidg->req = NULL; 632 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 633 } 634 635 static int hidg_set_alt(struct usb_function *f, unsigned intf, unsigned alt) 636 { 637 struct usb_composite_dev *cdev = f->config->cdev; 638 struct f_hidg *hidg = func_to_hidg(f); 639 struct usb_request *req_in = NULL; 640 unsigned long flags; 641 int i, status = 0; 642 643 VDBG(cdev, "hidg_set_alt intf:%d alt:%d\n", intf, alt); 644 645 if (hidg->in_ep != NULL) { 646 /* restart endpoint */ 647 usb_ep_disable(hidg->in_ep); 648 649 status = config_ep_by_speed(f->config->cdev->gadget, f, 650 hidg->in_ep); 651 if (status) { 652 ERROR(cdev, "config_ep_by_speed FAILED!\n"); 653 goto fail; 654 } 655 status = usb_ep_enable(hidg->in_ep); 656 if (status < 0) { 657 ERROR(cdev, "Enable IN endpoint FAILED!\n"); 658 goto fail; 659 } 660 hidg->in_ep->driver_data = hidg; 661 662 req_in = hidg_alloc_ep_req(hidg->in_ep, hidg->report_length); 663 if (!req_in) { 664 status = -ENOMEM; 665 goto disable_ep_in; 666 } 667 } 668 669 670 if (hidg->out_ep != NULL) { 671 /* restart endpoint */ 672 usb_ep_disable(hidg->out_ep); 673 674 status = config_ep_by_speed(f->config->cdev->gadget, f, 675 hidg->out_ep); 676 if (status) { 677 ERROR(cdev, "config_ep_by_speed FAILED!\n"); 678 goto free_req_in; 679 } 680 status = usb_ep_enable(hidg->out_ep); 681 if (status < 0) { 682 ERROR(cdev, "Enable OUT endpoint FAILED!\n"); 683 goto free_req_in; 684 } 685 hidg->out_ep->driver_data = hidg; 686 687 /* 688 * allocate a bunch of read buffers and queue them all at once. 689 */ 690 for (i = 0; i < hidg->qlen && status == 0; i++) { 691 struct usb_request *req = 692 hidg_alloc_ep_req(hidg->out_ep, 693 hidg->report_length); 694 if (req) { 695 req->complete = hidg_set_report_complete; 696 req->context = hidg; 697 status = usb_ep_queue(hidg->out_ep, req, 698 GFP_ATOMIC); 699 if (status) { 700 ERROR(cdev, "%s queue req --> %d\n", 701 hidg->out_ep->name, status); 702 free_ep_req(hidg->out_ep, req); 703 } 704 } else { 705 status = -ENOMEM; 706 goto disable_out_ep; 707 } 708 } 709 } 710 711 if (hidg->in_ep != NULL) { 712 spin_lock_irqsave(&hidg->write_spinlock, flags); 713 hidg->req = req_in; 714 hidg->write_pending = 0; 715 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 716 717 wake_up(&hidg->write_queue); 718 } 719 return 0; 720 disable_out_ep: 721 usb_ep_disable(hidg->out_ep); 722 free_req_in: 723 if (req_in) 724 free_ep_req(hidg->in_ep, req_in); 725 726 disable_ep_in: 727 if (hidg->in_ep) 728 usb_ep_disable(hidg->in_ep); 729 730 fail: 731 return status; 732 } 733 734 static const struct file_operations f_hidg_fops = { 735 .owner = THIS_MODULE, 736 .open = f_hidg_open, 737 .release = f_hidg_release, 738 .write = f_hidg_write, 739 .read = f_hidg_read, 740 .poll = f_hidg_poll, 741 .llseek = noop_llseek, 742 }; 743 744 static int hidg_bind(struct usb_configuration *c, struct usb_function *f) 745 { 746 struct usb_ep *ep; 747 struct f_hidg *hidg = func_to_hidg(f); 748 struct usb_string *us; 749 struct device *device; 750 int status; 751 dev_t dev; 752 753 /* maybe allocate device-global string IDs, and patch descriptors */ 754 us = usb_gstrings_attach(c->cdev, ct_func_strings, 755 ARRAY_SIZE(ct_func_string_defs)); 756 if (IS_ERR(us)) 757 return PTR_ERR(us); 758 hidg_interface_desc.iInterface = us[CT_FUNC_HID_IDX].id; 759 760 /* allocate instance-specific interface IDs, and patch descriptors */ 761 status = usb_interface_id(c, f); 762 if (status < 0) 763 goto fail; 764 hidg_interface_desc.bInterfaceNumber = status; 765 766 /* allocate instance-specific endpoints */ 767 status = -ENODEV; 768 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_in_ep_desc); 769 if (!ep) 770 goto fail; 771 hidg->in_ep = ep; 772 773 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_out_ep_desc); 774 if (!ep) 775 goto fail; 776 hidg->out_ep = ep; 777 778 /* set descriptor dynamic values */ 779 hidg_interface_desc.bInterfaceSubClass = hidg->bInterfaceSubClass; 780 hidg_interface_desc.bInterfaceProtocol = hidg->bInterfaceProtocol; 781 hidg->protocol = HID_REPORT_PROTOCOL; 782 hidg_ss_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 783 hidg_ss_in_comp_desc.wBytesPerInterval = 784 cpu_to_le16(hidg->report_length); 785 hidg_hs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 786 hidg_fs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 787 hidg_ss_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 788 hidg_ss_out_comp_desc.wBytesPerInterval = 789 cpu_to_le16(hidg->report_length); 790 hidg_hs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 791 hidg_fs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 792 /* 793 * We can use hidg_desc struct here but we should not relay 794 * that its content won't change after returning from this function. 795 */ 796 hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT; 797 hidg_desc.desc[0].wDescriptorLength = 798 cpu_to_le16(hidg->report_desc_length); 799 800 hidg_hs_in_ep_desc.bEndpointAddress = 801 hidg_fs_in_ep_desc.bEndpointAddress; 802 hidg_hs_out_ep_desc.bEndpointAddress = 803 hidg_fs_out_ep_desc.bEndpointAddress; 804 805 hidg_ss_in_ep_desc.bEndpointAddress = 806 hidg_fs_in_ep_desc.bEndpointAddress; 807 hidg_ss_out_ep_desc.bEndpointAddress = 808 hidg_fs_out_ep_desc.bEndpointAddress; 809 810 status = usb_assign_descriptors(f, hidg_fs_descriptors, 811 hidg_hs_descriptors, hidg_ss_descriptors, NULL); 812 if (status) 813 goto fail; 814 815 spin_lock_init(&hidg->write_spinlock); 816 hidg->write_pending = 1; 817 hidg->req = NULL; 818 spin_lock_init(&hidg->read_spinlock); 819 init_waitqueue_head(&hidg->write_queue); 820 init_waitqueue_head(&hidg->read_queue); 821 INIT_LIST_HEAD(&hidg->completed_out_req); 822 823 /* create char device */ 824 cdev_init(&hidg->cdev, &f_hidg_fops); 825 dev = MKDEV(major, hidg->minor); 826 status = cdev_add(&hidg->cdev, dev, 1); 827 if (status) 828 goto fail_free_descs; 829 830 device = device_create(hidg_class, NULL, dev, NULL, 831 "%s%d", "hidg", hidg->minor); 832 if (IS_ERR(device)) { 833 status = PTR_ERR(device); 834 goto del; 835 } 836 837 return 0; 838 del: 839 cdev_del(&hidg->cdev); 840 fail_free_descs: 841 usb_free_all_descriptors(f); 842 fail: 843 ERROR(f->config->cdev, "hidg_bind FAILED\n"); 844 if (hidg->req != NULL) 845 free_ep_req(hidg->in_ep, hidg->req); 846 847 return status; 848 } 849 850 static inline int hidg_get_minor(void) 851 { 852 int ret; 853 854 ret = ida_simple_get(&hidg_ida, 0, 0, GFP_KERNEL); 855 if (ret >= HIDG_MINORS) { 856 ida_simple_remove(&hidg_ida, ret); 857 ret = -ENODEV; 858 } 859 860 return ret; 861 } 862 863 static inline struct f_hid_opts *to_f_hid_opts(struct config_item *item) 864 { 865 return container_of(to_config_group(item), struct f_hid_opts, 866 func_inst.group); 867 } 868 869 static void hid_attr_release(struct config_item *item) 870 { 871 struct f_hid_opts *opts = to_f_hid_opts(item); 872 873 usb_put_function_instance(&opts->func_inst); 874 } 875 876 static struct configfs_item_operations hidg_item_ops = { 877 .release = hid_attr_release, 878 }; 879 880 #define F_HID_OPT(name, prec, limit) \ 881 static ssize_t f_hid_opts_##name##_show(struct config_item *item, char *page)\ 882 { \ 883 struct f_hid_opts *opts = to_f_hid_opts(item); \ 884 int result; \ 885 \ 886 mutex_lock(&opts->lock); \ 887 result = sprintf(page, "%d\n", opts->name); \ 888 mutex_unlock(&opts->lock); \ 889 \ 890 return result; \ 891 } \ 892 \ 893 static ssize_t f_hid_opts_##name##_store(struct config_item *item, \ 894 const char *page, size_t len) \ 895 { \ 896 struct f_hid_opts *opts = to_f_hid_opts(item); \ 897 int ret; \ 898 u##prec num; \ 899 \ 900 mutex_lock(&opts->lock); \ 901 if (opts->refcnt) { \ 902 ret = -EBUSY; \ 903 goto end; \ 904 } \ 905 \ 906 ret = kstrtou##prec(page, 0, &num); \ 907 if (ret) \ 908 goto end; \ 909 \ 910 if (num > limit) { \ 911 ret = -EINVAL; \ 912 goto end; \ 913 } \ 914 opts->name = num; \ 915 ret = len; \ 916 \ 917 end: \ 918 mutex_unlock(&opts->lock); \ 919 return ret; \ 920 } \ 921 \ 922 CONFIGFS_ATTR(f_hid_opts_, name) 923 924 F_HID_OPT(subclass, 8, 255); 925 F_HID_OPT(protocol, 8, 255); 926 F_HID_OPT(report_length, 16, 65535); 927 928 static ssize_t f_hid_opts_report_desc_show(struct config_item *item, char *page) 929 { 930 struct f_hid_opts *opts = to_f_hid_opts(item); 931 int result; 932 933 mutex_lock(&opts->lock); 934 result = opts->report_desc_length; 935 memcpy(page, opts->report_desc, opts->report_desc_length); 936 mutex_unlock(&opts->lock); 937 938 return result; 939 } 940 941 static ssize_t f_hid_opts_report_desc_store(struct config_item *item, 942 const char *page, size_t len) 943 { 944 struct f_hid_opts *opts = to_f_hid_opts(item); 945 int ret = -EBUSY; 946 char *d; 947 948 mutex_lock(&opts->lock); 949 950 if (opts->refcnt) 951 goto end; 952 if (len > PAGE_SIZE) { 953 ret = -ENOSPC; 954 goto end; 955 } 956 d = kmemdup(page, len, GFP_KERNEL); 957 if (!d) { 958 ret = -ENOMEM; 959 goto end; 960 } 961 kfree(opts->report_desc); 962 opts->report_desc = d; 963 opts->report_desc_length = len; 964 opts->report_desc_alloc = true; 965 ret = len; 966 end: 967 mutex_unlock(&opts->lock); 968 return ret; 969 } 970 971 CONFIGFS_ATTR(f_hid_opts_, report_desc); 972 973 static ssize_t f_hid_opts_dev_show(struct config_item *item, char *page) 974 { 975 struct f_hid_opts *opts = to_f_hid_opts(item); 976 977 return sprintf(page, "%d:%d\n", major, opts->minor); 978 } 979 980 CONFIGFS_ATTR_RO(f_hid_opts_, dev); 981 982 static struct configfs_attribute *hid_attrs[] = { 983 &f_hid_opts_attr_subclass, 984 &f_hid_opts_attr_protocol, 985 &f_hid_opts_attr_report_length, 986 &f_hid_opts_attr_report_desc, 987 &f_hid_opts_attr_dev, 988 NULL, 989 }; 990 991 static const struct config_item_type hid_func_type = { 992 .ct_item_ops = &hidg_item_ops, 993 .ct_attrs = hid_attrs, 994 .ct_owner = THIS_MODULE, 995 }; 996 997 static inline void hidg_put_minor(int minor) 998 { 999 ida_simple_remove(&hidg_ida, minor); 1000 } 1001 1002 static void hidg_free_inst(struct usb_function_instance *f) 1003 { 1004 struct f_hid_opts *opts; 1005 1006 opts = container_of(f, struct f_hid_opts, func_inst); 1007 1008 mutex_lock(&hidg_ida_lock); 1009 1010 hidg_put_minor(opts->minor); 1011 if (ida_is_empty(&hidg_ida)) 1012 ghid_cleanup(); 1013 1014 mutex_unlock(&hidg_ida_lock); 1015 1016 if (opts->report_desc_alloc) 1017 kfree(opts->report_desc); 1018 1019 kfree(opts); 1020 } 1021 1022 static struct usb_function_instance *hidg_alloc_inst(void) 1023 { 1024 struct f_hid_opts *opts; 1025 struct usb_function_instance *ret; 1026 int status = 0; 1027 1028 opts = kzalloc(sizeof(*opts), GFP_KERNEL); 1029 if (!opts) 1030 return ERR_PTR(-ENOMEM); 1031 mutex_init(&opts->lock); 1032 opts->func_inst.free_func_inst = hidg_free_inst; 1033 ret = &opts->func_inst; 1034 1035 mutex_lock(&hidg_ida_lock); 1036 1037 if (ida_is_empty(&hidg_ida)) { 1038 status = ghid_setup(NULL, HIDG_MINORS); 1039 if (status) { 1040 ret = ERR_PTR(status); 1041 kfree(opts); 1042 goto unlock; 1043 } 1044 } 1045 1046 opts->minor = hidg_get_minor(); 1047 if (opts->minor < 0) { 1048 ret = ERR_PTR(opts->minor); 1049 kfree(opts); 1050 if (ida_is_empty(&hidg_ida)) 1051 ghid_cleanup(); 1052 goto unlock; 1053 } 1054 config_group_init_type_name(&opts->func_inst.group, "", &hid_func_type); 1055 1056 unlock: 1057 mutex_unlock(&hidg_ida_lock); 1058 return ret; 1059 } 1060 1061 static void hidg_free(struct usb_function *f) 1062 { 1063 struct f_hidg *hidg; 1064 struct f_hid_opts *opts; 1065 1066 hidg = func_to_hidg(f); 1067 opts = container_of(f->fi, struct f_hid_opts, func_inst); 1068 kfree(hidg->report_desc); 1069 kfree(hidg); 1070 mutex_lock(&opts->lock); 1071 --opts->refcnt; 1072 mutex_unlock(&opts->lock); 1073 } 1074 1075 static void hidg_unbind(struct usb_configuration *c, struct usb_function *f) 1076 { 1077 struct f_hidg *hidg = func_to_hidg(f); 1078 1079 device_destroy(hidg_class, MKDEV(major, hidg->minor)); 1080 cdev_del(&hidg->cdev); 1081 1082 usb_free_all_descriptors(f); 1083 } 1084 1085 static struct usb_function *hidg_alloc(struct usb_function_instance *fi) 1086 { 1087 struct f_hidg *hidg; 1088 struct f_hid_opts *opts; 1089 1090 /* allocate and initialize one new instance */ 1091 hidg = kzalloc(sizeof(*hidg), GFP_KERNEL); 1092 if (!hidg) 1093 return ERR_PTR(-ENOMEM); 1094 1095 opts = container_of(fi, struct f_hid_opts, func_inst); 1096 1097 mutex_lock(&opts->lock); 1098 ++opts->refcnt; 1099 1100 hidg->minor = opts->minor; 1101 hidg->bInterfaceSubClass = opts->subclass; 1102 hidg->bInterfaceProtocol = opts->protocol; 1103 hidg->report_length = opts->report_length; 1104 hidg->report_desc_length = opts->report_desc_length; 1105 if (opts->report_desc) { 1106 hidg->report_desc = kmemdup(opts->report_desc, 1107 opts->report_desc_length, 1108 GFP_KERNEL); 1109 if (!hidg->report_desc) { 1110 kfree(hidg); 1111 mutex_unlock(&opts->lock); 1112 return ERR_PTR(-ENOMEM); 1113 } 1114 } 1115 1116 mutex_unlock(&opts->lock); 1117 1118 hidg->func.name = "hid"; 1119 hidg->func.bind = hidg_bind; 1120 hidg->func.unbind = hidg_unbind; 1121 hidg->func.set_alt = hidg_set_alt; 1122 hidg->func.disable = hidg_disable; 1123 hidg->func.setup = hidg_setup; 1124 hidg->func.free_func = hidg_free; 1125 1126 /* this could me made configurable at some point */ 1127 hidg->qlen = 4; 1128 1129 return &hidg->func; 1130 } 1131 1132 DECLARE_USB_FUNCTION_INIT(hid, hidg_alloc_inst, hidg_alloc); 1133 MODULE_LICENSE("GPL"); 1134 MODULE_AUTHOR("Fabien Chouteau"); 1135 1136 int ghid_setup(struct usb_gadget *g, int count) 1137 { 1138 int status; 1139 dev_t dev; 1140 1141 hidg_class = class_create(THIS_MODULE, "hidg"); 1142 if (IS_ERR(hidg_class)) { 1143 status = PTR_ERR(hidg_class); 1144 hidg_class = NULL; 1145 return status; 1146 } 1147 1148 status = alloc_chrdev_region(&dev, 0, count, "hidg"); 1149 if (status) { 1150 class_destroy(hidg_class); 1151 hidg_class = NULL; 1152 return status; 1153 } 1154 1155 major = MAJOR(dev); 1156 minors = count; 1157 1158 return 0; 1159 } 1160 1161 void ghid_cleanup(void) 1162 { 1163 if (major) { 1164 unregister_chrdev_region(MKDEV(major, 0), minors); 1165 major = minors = 0; 1166 } 1167 1168 class_destroy(hidg_class); 1169 hidg_class = NULL; 1170 } 1171