1 /*
2 * Gadget Function Driver for Android USB accessories
3 *
4 * Copyright (C) 2011 Google, Inc.
5 * Author: Mike Lockwood <lockwood@android.com>
6 *
7 * This software is licensed under the terms of the GNU General Public
8 * License version 2, as published by the Free Software Foundation, and
9 * may be copied, distributed, and modified under those terms.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 */
17
18 /* #define DEBUG */
19 /* #define VERBOSE_DEBUG */
20
21 #include <linux/module.h>
22 #include <linux/init.h>
23 #include <linux/poll.h>
24 #include <linux/delay.h>
25 #include <linux/wait.h>
26 #include <linux/err.h>
27 #include <linux/interrupt.h>
28 #include <linux/kthread.h>
29 #include <linux/freezer.h>
30
31 #include <linux/types.h>
32 #include <linux/file.h>
33 #include <linux/device.h>
34 #include <linux/miscdevice.h>
35
36 #include <linux/hid.h>
37 #include <linux/hiddev.h>
38 #include <linux/usb.h>
39 #include <linux/usb/ch9.h>
40 #include <linux/usb/f_accessory.h>
41
42 #define BULK_BUFFER_SIZE 16384
43 #define ACC_STRING_SIZE 256
44
45 #define PROTOCOL_VERSION 2
46
47 /* String IDs */
48 #define INTERFACE_STRING_INDEX 0
49
50 /* number of tx and rx requests to allocate */
51 #define TX_REQ_MAX 4
52 #define RX_REQ_MAX 2
53
54 struct acc_hid_dev {
55 struct list_head list;
56 struct hid_device *hid;
57 struct acc_dev *dev;
58 /* accessory defined ID */
59 int id;
60 /* HID report descriptor */
61 u8 *report_desc;
62 /* length of HID report descriptor */
63 int report_desc_len;
64 /* number of bytes of report_desc we have received so far */
65 int report_desc_offset;
66 };
67
68 struct acc_dev {
69 struct usb_function function;
70 struct usb_composite_dev *cdev;
71 spinlock_t lock;
72
73 struct usb_ep *ep_in;
74 struct usb_ep *ep_out;
75
76 /* set to 1 when we connect */
77 int online:1;
78 /* Set to 1 when we disconnect.
79 * Not cleared until our file is closed.
80 */
81 int disconnected:1;
82
83 /* strings sent by the host */
84 char manufacturer[ACC_STRING_SIZE];
85 char model[ACC_STRING_SIZE];
86 char description[ACC_STRING_SIZE];
87 char version[ACC_STRING_SIZE];
88 char uri[ACC_STRING_SIZE];
89 char serial[ACC_STRING_SIZE];
90
91 /* for acc_complete_set_string */
92 int string_index;
93
94 /* set to 1 if we have a pending start request */
95 int start_requested;
96
97 int audio_mode;
98
99 /* synchronize access to our device file */
100 atomic_t open_excl;
101
102 struct list_head tx_idle;
103
104 wait_queue_head_t read_wq;
105 wait_queue_head_t write_wq;
106 struct usb_request *rx_req[RX_REQ_MAX];
107 int rx_done;
108
109 /* delayed work for handling ACCESSORY_START */
110 struct delayed_work start_work;
111
112 /* worker for registering and unregistering hid devices */
113 struct work_struct hid_work;
114
115 /* list of active HID devices */
116 struct list_head hid_list;
117
118 /* list of new HID devices to register */
119 struct list_head new_hid_list;
120
121 /* list of dead HID devices to unregister */
122 struct list_head dead_hid_list;
123 };
124
125 static struct usb_interface_descriptor acc_interface_desc = {
126 .bLength = USB_DT_INTERFACE_SIZE,
127 .bDescriptorType = USB_DT_INTERFACE,
128 .bInterfaceNumber = 0,
129 .bNumEndpoints = 2,
130 .bInterfaceClass = USB_CLASS_VENDOR_SPEC,
131 .bInterfaceSubClass = USB_SUBCLASS_VENDOR_SPEC,
132 .bInterfaceProtocol = 0,
133 };
134
135 static struct usb_endpoint_descriptor acc_highspeed_in_desc = {
136 .bLength = USB_DT_ENDPOINT_SIZE,
137 .bDescriptorType = USB_DT_ENDPOINT,
138 .bEndpointAddress = USB_DIR_IN,
139 .bmAttributes = USB_ENDPOINT_XFER_BULK,
140 .wMaxPacketSize = __constant_cpu_to_le16(512),
141 };
142
143 static struct usb_endpoint_descriptor acc_highspeed_out_desc = {
144 .bLength = USB_DT_ENDPOINT_SIZE,
145 .bDescriptorType = USB_DT_ENDPOINT,
146 .bEndpointAddress = USB_DIR_OUT,
147 .bmAttributes = USB_ENDPOINT_XFER_BULK,
148 .wMaxPacketSize = __constant_cpu_to_le16(512),
149 };
150
151 static struct usb_endpoint_descriptor acc_fullspeed_in_desc = {
152 .bLength = USB_DT_ENDPOINT_SIZE,
153 .bDescriptorType = USB_DT_ENDPOINT,
154 .bEndpointAddress = USB_DIR_IN,
155 .bmAttributes = USB_ENDPOINT_XFER_BULK,
156 };
157
158 static struct usb_endpoint_descriptor acc_fullspeed_out_desc = {
159 .bLength = USB_DT_ENDPOINT_SIZE,
160 .bDescriptorType = USB_DT_ENDPOINT,
161 .bEndpointAddress = USB_DIR_OUT,
162 .bmAttributes = USB_ENDPOINT_XFER_BULK,
163 };
164
165 static struct usb_descriptor_header *fs_acc_descs[] = {
166 (struct usb_descriptor_header *) &acc_interface_desc,
167 (struct usb_descriptor_header *) &acc_fullspeed_in_desc,
168 (struct usb_descriptor_header *) &acc_fullspeed_out_desc,
169 NULL,
170 };
171
172 static struct usb_descriptor_header *hs_acc_descs[] = {
173 (struct usb_descriptor_header *) &acc_interface_desc,
174 (struct usb_descriptor_header *) &acc_highspeed_in_desc,
175 (struct usb_descriptor_header *) &acc_highspeed_out_desc,
176 NULL,
177 };
178
179 static struct usb_string acc_string_defs[] = {
180 [INTERFACE_STRING_INDEX].s = "Android Accessory Interface",
181 { }, /* end of list */
182 };
183
184 static struct usb_gadget_strings acc_string_table = {
185 .language = 0x0409, /* en-US */
186 .strings = acc_string_defs,
187 };
188
189 static struct usb_gadget_strings *acc_strings[] = {
190 &acc_string_table,
191 NULL,
192 };
193
194 /* temporary variable used between acc_open() and acc_gadget_bind() */
195 static struct acc_dev *_acc_dev;
196
func_to_dev(struct usb_function * f)197 static inline struct acc_dev *func_to_dev(struct usb_function *f)
198 {
199 return container_of(f, struct acc_dev, function);
200 }
201
acc_request_new(struct usb_ep * ep,int buffer_size)202 static struct usb_request *acc_request_new(struct usb_ep *ep, int buffer_size)
203 {
204 struct usb_request *req = usb_ep_alloc_request(ep, GFP_KERNEL);
205 if (!req)
206 return NULL;
207
208 /* now allocate buffers for the requests */
209 req->buf = kmalloc(buffer_size, GFP_KERNEL);
210 if (!req->buf) {
211 usb_ep_free_request(ep, req);
212 return NULL;
213 }
214
215 return req;
216 }
217
acc_request_free(struct usb_request * req,struct usb_ep * ep)218 static void acc_request_free(struct usb_request *req, struct usb_ep *ep)
219 {
220 if (req) {
221 kfree(req->buf);
222 usb_ep_free_request(ep, req);
223 }
224 }
225
226 /* add a request to the tail of a list */
req_put(struct acc_dev * dev,struct list_head * head,struct usb_request * req)227 static void req_put(struct acc_dev *dev, struct list_head *head,
228 struct usb_request *req)
229 {
230 unsigned long flags;
231
232 spin_lock_irqsave(&dev->lock, flags);
233 list_add_tail(&req->list, head);
234 spin_unlock_irqrestore(&dev->lock, flags);
235 }
236
237 /* remove a request from the head of a list */
req_get(struct acc_dev * dev,struct list_head * head)238 static struct usb_request *req_get(struct acc_dev *dev, struct list_head *head)
239 {
240 unsigned long flags;
241 struct usb_request *req;
242
243 spin_lock_irqsave(&dev->lock, flags);
244 if (list_empty(head)) {
245 req = 0;
246 } else {
247 req = list_first_entry(head, struct usb_request, list);
248 list_del(&req->list);
249 }
250 spin_unlock_irqrestore(&dev->lock, flags);
251 return req;
252 }
253
acc_set_disconnected(struct acc_dev * dev)254 static void acc_set_disconnected(struct acc_dev *dev)
255 {
256 dev->online = 0;
257 dev->disconnected = 1;
258 }
259
acc_complete_in(struct usb_ep * ep,struct usb_request * req)260 static void acc_complete_in(struct usb_ep *ep, struct usb_request *req)
261 {
262 struct acc_dev *dev = _acc_dev;
263
264 if (req->status == -ESHUTDOWN) {
265 pr_debug("acc_complete_in set disconnected");
266 acc_set_disconnected(dev);
267 }
268
269 req_put(dev, &dev->tx_idle, req);
270
271 wake_up(&dev->write_wq);
272 }
273
acc_complete_out(struct usb_ep * ep,struct usb_request * req)274 static void acc_complete_out(struct usb_ep *ep, struct usb_request *req)
275 {
276 struct acc_dev *dev = _acc_dev;
277
278 dev->rx_done = 1;
279 if (req->status == -ESHUTDOWN) {
280 pr_debug("acc_complete_out set disconnected");
281 acc_set_disconnected(dev);
282 }
283
284 wake_up(&dev->read_wq);
285 }
286
acc_complete_set_string(struct usb_ep * ep,struct usb_request * req)287 static void acc_complete_set_string(struct usb_ep *ep, struct usb_request *req)
288 {
289 struct acc_dev *dev = ep->driver_data;
290 char *string_dest = NULL;
291 int length = req->actual;
292
293 if (req->status != 0) {
294 pr_err("acc_complete_set_string, err %d\n", req->status);
295 return;
296 }
297
298 switch (dev->string_index) {
299 case ACCESSORY_STRING_MANUFACTURER:
300 string_dest = dev->manufacturer;
301 break;
302 case ACCESSORY_STRING_MODEL:
303 string_dest = dev->model;
304 break;
305 case ACCESSORY_STRING_DESCRIPTION:
306 string_dest = dev->description;
307 break;
308 case ACCESSORY_STRING_VERSION:
309 string_dest = dev->version;
310 break;
311 case ACCESSORY_STRING_URI:
312 string_dest = dev->uri;
313 break;
314 case ACCESSORY_STRING_SERIAL:
315 string_dest = dev->serial;
316 break;
317 }
318 if (string_dest) {
319 unsigned long flags;
320
321 if (length >= ACC_STRING_SIZE)
322 length = ACC_STRING_SIZE - 1;
323
324 spin_lock_irqsave(&dev->lock, flags);
325 memcpy(string_dest, req->buf, length);
326 /* ensure zero termination */
327 string_dest[length] = 0;
328 spin_unlock_irqrestore(&dev->lock, flags);
329 } else {
330 pr_err("unknown accessory string index %d\n",
331 dev->string_index);
332 }
333 }
334
acc_complete_set_hid_report_desc(struct usb_ep * ep,struct usb_request * req)335 static void acc_complete_set_hid_report_desc(struct usb_ep *ep,
336 struct usb_request *req)
337 {
338 struct acc_hid_dev *hid = req->context;
339 struct acc_dev *dev = hid->dev;
340 int length = req->actual;
341
342 if (req->status != 0) {
343 pr_err("acc_complete_set_hid_report_desc, err %d\n",
344 req->status);
345 return;
346 }
347
348 memcpy(hid->report_desc + hid->report_desc_offset, req->buf, length);
349 hid->report_desc_offset += length;
350 if (hid->report_desc_offset == hid->report_desc_len) {
351 /* After we have received the entire report descriptor
352 * we schedule work to initialize the HID device
353 */
354 schedule_work(&dev->hid_work);
355 }
356 }
357
acc_complete_send_hid_event(struct usb_ep * ep,struct usb_request * req)358 static void acc_complete_send_hid_event(struct usb_ep *ep,
359 struct usb_request *req)
360 {
361 struct acc_hid_dev *hid = req->context;
362 int length = req->actual;
363
364 if (req->status != 0) {
365 pr_err("acc_complete_send_hid_event, err %d\n", req->status);
366 return;
367 }
368
369 hid_report_raw_event(hid->hid, HID_INPUT_REPORT, req->buf, length, 1);
370 }
371
acc_hid_parse(struct hid_device * hid)372 static int acc_hid_parse(struct hid_device *hid)
373 {
374 struct acc_hid_dev *hdev = hid->driver_data;
375
376 hid_parse_report(hid, hdev->report_desc, hdev->report_desc_len);
377 return 0;
378 }
379
acc_hid_start(struct hid_device * hid)380 static int acc_hid_start(struct hid_device *hid)
381 {
382 return 0;
383 }
384
acc_hid_stop(struct hid_device * hid)385 static void acc_hid_stop(struct hid_device *hid)
386 {
387 }
388
acc_hid_open(struct hid_device * hid)389 static int acc_hid_open(struct hid_device *hid)
390 {
391 return 0;
392 }
393
acc_hid_close(struct hid_device * hid)394 static void acc_hid_close(struct hid_device *hid)
395 {
396 }
397
398 static struct hid_ll_driver acc_hid_ll_driver = {
399 .parse = acc_hid_parse,
400 .start = acc_hid_start,
401 .stop = acc_hid_stop,
402 .open = acc_hid_open,
403 .close = acc_hid_close,
404 };
405
acc_hid_new(struct acc_dev * dev,int id,int desc_len)406 static struct acc_hid_dev *acc_hid_new(struct acc_dev *dev,
407 int id, int desc_len)
408 {
409 struct acc_hid_dev *hdev;
410
411 hdev = kzalloc(sizeof(*hdev), GFP_ATOMIC);
412 if (!hdev)
413 return NULL;
414 hdev->report_desc = kzalloc(desc_len, GFP_ATOMIC);
415 if (!hdev->report_desc) {
416 kfree(hdev);
417 return NULL;
418 }
419 hdev->dev = dev;
420 hdev->id = id;
421 hdev->report_desc_len = desc_len;
422
423 return hdev;
424 }
425
acc_hid_get(struct list_head * list,int id)426 static struct acc_hid_dev *acc_hid_get(struct list_head *list, int id)
427 {
428 struct acc_hid_dev *hid;
429
430 list_for_each_entry(hid, list, list) {
431 if (hid->id == id)
432 return hid;
433 }
434 return NULL;
435 }
436
acc_register_hid(struct acc_dev * dev,int id,int desc_length)437 static int acc_register_hid(struct acc_dev *dev, int id, int desc_length)
438 {
439 struct acc_hid_dev *hid;
440 unsigned long flags;
441
442 /* report descriptor length must be > 0 */
443 if (desc_length <= 0)
444 return -EINVAL;
445
446 spin_lock_irqsave(&dev->lock, flags);
447 /* replace HID if one already exists with this ID */
448 hid = acc_hid_get(&dev->hid_list, id);
449 if (!hid)
450 hid = acc_hid_get(&dev->new_hid_list, id);
451 if (hid)
452 list_move(&hid->list, &dev->dead_hid_list);
453
454 hid = acc_hid_new(dev, id, desc_length);
455 if (!hid) {
456 spin_unlock_irqrestore(&dev->lock, flags);
457 return -ENOMEM;
458 }
459
460 list_add(&hid->list, &dev->new_hid_list);
461 spin_unlock_irqrestore(&dev->lock, flags);
462
463 /* schedule work to register the HID device */
464 schedule_work(&dev->hid_work);
465 return 0;
466 }
467
acc_unregister_hid(struct acc_dev * dev,int id)468 static int acc_unregister_hid(struct acc_dev *dev, int id)
469 {
470 struct acc_hid_dev *hid;
471 unsigned long flags;
472
473 spin_lock_irqsave(&dev->lock, flags);
474 hid = acc_hid_get(&dev->hid_list, id);
475 if (!hid)
476 hid = acc_hid_get(&dev->new_hid_list, id);
477 if (!hid) {
478 spin_unlock_irqrestore(&dev->lock, flags);
479 return -EINVAL;
480 }
481
482 list_move(&hid->list, &dev->dead_hid_list);
483 spin_unlock_irqrestore(&dev->lock, flags);
484
485 schedule_work(&dev->hid_work);
486 return 0;
487 }
488
create_bulk_endpoints(struct acc_dev * dev,struct usb_endpoint_descriptor * in_desc,struct usb_endpoint_descriptor * out_desc)489 static int create_bulk_endpoints(struct acc_dev *dev,
490 struct usb_endpoint_descriptor *in_desc,
491 struct usb_endpoint_descriptor *out_desc)
492 {
493 struct usb_composite_dev *cdev = dev->cdev;
494 struct usb_request *req;
495 struct usb_ep *ep;
496 int i;
497
498 DBG(cdev, "create_bulk_endpoints dev: %p\n", dev);
499
500 ep = usb_ep_autoconfig(cdev->gadget, in_desc);
501 if (!ep) {
502 DBG(cdev, "usb_ep_autoconfig for ep_in failed\n");
503 return -ENODEV;
504 }
505 DBG(cdev, "usb_ep_autoconfig for ep_in got %s\n", ep->name);
506 ep->driver_data = dev; /* claim the endpoint */
507 dev->ep_in = ep;
508
509 ep = usb_ep_autoconfig(cdev->gadget, out_desc);
510 if (!ep) {
511 DBG(cdev, "usb_ep_autoconfig for ep_out failed\n");
512 return -ENODEV;
513 }
514 DBG(cdev, "usb_ep_autoconfig for ep_out got %s\n", ep->name);
515 ep->driver_data = dev; /* claim the endpoint */
516 dev->ep_out = ep;
517
518 ep = usb_ep_autoconfig(cdev->gadget, out_desc);
519 if (!ep) {
520 DBG(cdev, "usb_ep_autoconfig for ep_out failed\n");
521 return -ENODEV;
522 }
523 DBG(cdev, "usb_ep_autoconfig for ep_out got %s\n", ep->name);
524 ep->driver_data = dev; /* claim the endpoint */
525 dev->ep_out = ep;
526
527 /* now allocate requests for our endpoints */
528 for (i = 0; i < TX_REQ_MAX; i++) {
529 req = acc_request_new(dev->ep_in, BULK_BUFFER_SIZE);
530 if (!req)
531 goto fail;
532 req->complete = acc_complete_in;
533 req_put(dev, &dev->tx_idle, req);
534 }
535 for (i = 0; i < RX_REQ_MAX; i++) {
536 req = acc_request_new(dev->ep_out, BULK_BUFFER_SIZE);
537 if (!req)
538 goto fail;
539 req->complete = acc_complete_out;
540 dev->rx_req[i] = req;
541 }
542
543 return 0;
544
545 fail:
546 pr_err("acc_bind() could not allocate requests\n");
547 while ((req = req_get(dev, &dev->tx_idle)))
548 acc_request_free(req, dev->ep_in);
549 for (i = 0; i < RX_REQ_MAX; i++)
550 acc_request_free(dev->rx_req[i], dev->ep_out);
551 return -1;
552 }
553
acc_read(struct file * fp,char __user * buf,size_t count,loff_t * pos)554 static ssize_t acc_read(struct file *fp, char __user *buf,
555 size_t count, loff_t *pos)
556 {
557 struct acc_dev *dev = fp->private_data;
558 struct usb_request *req;
559 int r = count, xfer;
560 int ret = 0;
561
562 pr_debug("acc_read(%d)\n", count);
563
564 if (dev->disconnected) {
565 pr_debug("acc_read disconnected");
566 return -ENODEV;
567 }
568
569 if (count > BULK_BUFFER_SIZE)
570 count = BULK_BUFFER_SIZE;
571
572 /* we will block until we're online */
573 pr_debug("acc_read: waiting for online\n");
574 ret = wait_event_interruptible(dev->read_wq, dev->online);
575 if (ret < 0) {
576 r = ret;
577 goto done;
578 }
579
580 if (dev->rx_done) {
581 // last req cancelled. try to get it.
582 req = dev->rx_req[0];
583 goto copy_data;
584 }
585
586 requeue_req:
587 /* queue a request */
588 req = dev->rx_req[0];
589 req->length = count;
590 dev->rx_done = 0;
591 ret = usb_ep_queue(dev->ep_out, req, GFP_KERNEL);
592 if (ret < 0) {
593 r = -EIO;
594 goto done;
595 } else {
596 pr_debug("rx %p queue\n", req);
597 }
598
599 /* wait for a request to complete */
600 ret = wait_event_interruptible(dev->read_wq, dev->rx_done);
601 if (ret < 0) {
602 r = ret;
603 ret = usb_ep_dequeue(dev->ep_out, req);
604 if (ret != 0) {
605 // cancel failed. There can be a data already received.
606 // it will be retrieved in the next read.
607 pr_debug("acc_read: cancelling failed %d", ret);
608 }
609 goto done;
610 }
611
612 copy_data:
613 dev->rx_done = 0;
614 if (dev->online) {
615 /* If we got a 0-len packet, throw it back and try again. */
616 if (req->actual == 0)
617 goto requeue_req;
618
619 pr_debug("rx %p %d\n", req, req->actual);
620 xfer = (req->actual < count) ? req->actual : count;
621 r = xfer;
622 if (copy_to_user(buf, req->buf, xfer))
623 r = -EFAULT;
624 } else
625 r = -EIO;
626
627 done:
628 pr_debug("acc_read returning %d\n", r);
629 return r;
630 }
631
acc_write(struct file * fp,const char __user * buf,size_t count,loff_t * pos)632 static ssize_t acc_write(struct file *fp, const char __user *buf,
633 size_t count, loff_t *pos)
634 {
635 struct acc_dev *dev = fp->private_data;
636 struct usb_request *req = 0;
637 int r = count, xfer;
638 int ret;
639
640 pr_debug("acc_write(%d)\n", count);
641
642 if (!dev->online || dev->disconnected) {
643 pr_debug("acc_write disconnected or not online");
644 return -ENODEV;
645 }
646
647 while (count > 0) {
648 if (!dev->online) {
649 pr_debug("acc_write dev->error\n");
650 r = -EIO;
651 break;
652 }
653
654 /* get an idle tx request to use */
655 req = 0;
656 ret = wait_event_interruptible(dev->write_wq,
657 ((req = req_get(dev, &dev->tx_idle)) || !dev->online));
658 if (!req) {
659 r = ret;
660 break;
661 }
662
663 if (count > BULK_BUFFER_SIZE) {
664 xfer = BULK_BUFFER_SIZE;
665 /* ZLP, They will be more TX requests so not yet. */
666 req->zero = 0;
667 } else {
668 xfer = count;
669 /* If the data length is a multple of the
670 * maxpacket size then send a zero length packet(ZLP).
671 */
672 req->zero = ((xfer % dev->ep_in->maxpacket) == 0);
673 }
674 if (copy_from_user(req->buf, buf, xfer)) {
675 r = -EFAULT;
676 break;
677 }
678
679 req->length = xfer;
680 ret = usb_ep_queue(dev->ep_in, req, GFP_KERNEL);
681 if (ret < 0) {
682 pr_debug("acc_write: xfer error %d\n", ret);
683 r = -EIO;
684 break;
685 }
686
687 buf += xfer;
688 count -= xfer;
689
690 /* zero this so we don't try to free it on error exit */
691 req = 0;
692 }
693
694 if (req)
695 req_put(dev, &dev->tx_idle, req);
696
697 pr_debug("acc_write returning %d\n", r);
698 return r;
699 }
700
acc_ioctl(struct file * fp,unsigned code,unsigned long value)701 static long acc_ioctl(struct file *fp, unsigned code, unsigned long value)
702 {
703 struct acc_dev *dev = fp->private_data;
704 char *src = NULL;
705 int ret;
706
707 switch (code) {
708 case ACCESSORY_GET_STRING_MANUFACTURER:
709 src = dev->manufacturer;
710 break;
711 case ACCESSORY_GET_STRING_MODEL:
712 src = dev->model;
713 break;
714 case ACCESSORY_GET_STRING_DESCRIPTION:
715 src = dev->description;
716 break;
717 case ACCESSORY_GET_STRING_VERSION:
718 src = dev->version;
719 break;
720 case ACCESSORY_GET_STRING_URI:
721 src = dev->uri;
722 break;
723 case ACCESSORY_GET_STRING_SERIAL:
724 src = dev->serial;
725 break;
726 case ACCESSORY_IS_START_REQUESTED:
727 return dev->start_requested;
728 case ACCESSORY_GET_AUDIO_MODE:
729 return dev->audio_mode;
730 }
731 if (!src)
732 return -EINVAL;
733
734 ret = strlen(src) + 1;
735 if (copy_to_user((void __user *)value, src, ret))
736 ret = -EFAULT;
737 return ret;
738 }
739
acc_open(struct inode * ip,struct file * fp)740 static int acc_open(struct inode *ip, struct file *fp)
741 {
742 printk(KERN_INFO "acc_open\n");
743 if (atomic_xchg(&_acc_dev->open_excl, 1))
744 return -EBUSY;
745
746 _acc_dev->disconnected = 0;
747 fp->private_data = _acc_dev;
748 return 0;
749 }
750
acc_release(struct inode * ip,struct file * fp)751 static int acc_release(struct inode *ip, struct file *fp)
752 {
753 printk(KERN_INFO "acc_release\n");
754
755 WARN_ON(!atomic_xchg(&_acc_dev->open_excl, 0));
756 _acc_dev->disconnected = 0;
757 return 0;
758 }
759
760 /* file operations for /dev/usb_accessory */
761 static const struct file_operations acc_fops = {
762 .owner = THIS_MODULE,
763 .read = acc_read,
764 .write = acc_write,
765 .unlocked_ioctl = acc_ioctl,
766 .open = acc_open,
767 .release = acc_release,
768 };
769
acc_hid_probe(struct hid_device * hdev,const struct hid_device_id * id)770 static int acc_hid_probe(struct hid_device *hdev,
771 const struct hid_device_id *id)
772 {
773 int ret;
774
775 ret = hid_parse(hdev);
776 if (ret)
777 return ret;
778 return hid_hw_start(hdev, HID_CONNECT_DEFAULT);
779 }
780
781 static struct miscdevice acc_device = {
782 .minor = MISC_DYNAMIC_MINOR,
783 .name = "usb_accessory",
784 .fops = &acc_fops,
785 };
786
787 static const struct hid_device_id acc_hid_table[] = {
788 { HID_USB_DEVICE(HID_ANY_ID, HID_ANY_ID) },
789 { }
790 };
791
792 static struct hid_driver acc_hid_driver = {
793 .name = "USB accessory",
794 .id_table = acc_hid_table,
795 .probe = acc_hid_probe,
796 };
797
acc_ctrlrequest(struct usb_composite_dev * cdev,const struct usb_ctrlrequest * ctrl)798 static int acc_ctrlrequest(struct usb_composite_dev *cdev,
799 const struct usb_ctrlrequest *ctrl)
800 {
801 struct acc_dev *dev = _acc_dev;
802 int value = -EOPNOTSUPP;
803 struct acc_hid_dev *hid;
804 int offset;
805 u8 b_requestType = ctrl->bRequestType;
806 u8 b_request = ctrl->bRequest;
807 u16 w_index = le16_to_cpu(ctrl->wIndex);
808 u16 w_value = le16_to_cpu(ctrl->wValue);
809 u16 w_length = le16_to_cpu(ctrl->wLength);
810 unsigned long flags;
811
812 /*
813 printk(KERN_INFO "acc_ctrlrequest "
814 "%02x.%02x v%04x i%04x l%u\n",
815 b_requestType, b_request,
816 w_value, w_index, w_length);
817 */
818
819 if (b_requestType == (USB_DIR_OUT | USB_TYPE_VENDOR)) {
820 if (b_request == ACCESSORY_START) {
821 dev->start_requested = 1;
822 schedule_delayed_work(
823 &dev->start_work, msecs_to_jiffies(10));
824 value = 0;
825 } else if (b_request == ACCESSORY_SEND_STRING) {
826 dev->string_index = w_index;
827 cdev->gadget->ep0->driver_data = dev;
828 cdev->req->complete = acc_complete_set_string;
829 value = w_length;
830 } else if (b_request == ACCESSORY_SET_AUDIO_MODE &&
831 w_index == 0 && w_length == 0) {
832 dev->audio_mode = w_value;
833 value = 0;
834 } else if (b_request == ACCESSORY_REGISTER_HID) {
835 value = acc_register_hid(dev, w_value, w_index);
836 } else if (b_request == ACCESSORY_UNREGISTER_HID) {
837 value = acc_unregister_hid(dev, w_value);
838 } else if (b_request == ACCESSORY_SET_HID_REPORT_DESC) {
839 spin_lock_irqsave(&dev->lock, flags);
840 hid = acc_hid_get(&dev->new_hid_list, w_value);
841 spin_unlock_irqrestore(&dev->lock, flags);
842 if (!hid) {
843 value = -EINVAL;
844 goto err;
845 }
846 offset = w_index;
847 if (offset != hid->report_desc_offset
848 || offset + w_length > hid->report_desc_len) {
849 value = -EINVAL;
850 goto err;
851 }
852 cdev->req->context = hid;
853 cdev->req->complete = acc_complete_set_hid_report_desc;
854 value = w_length;
855 } else if (b_request == ACCESSORY_SEND_HID_EVENT) {
856 spin_lock_irqsave(&dev->lock, flags);
857 hid = acc_hid_get(&dev->hid_list, w_value);
858 spin_unlock_irqrestore(&dev->lock, flags);
859 if (!hid) {
860 value = -EINVAL;
861 goto err;
862 }
863 cdev->req->context = hid;
864 cdev->req->complete = acc_complete_send_hid_event;
865 value = w_length;
866 }
867 } else if (b_requestType == (USB_DIR_IN | USB_TYPE_VENDOR)) {
868 if (b_request == ACCESSORY_GET_PROTOCOL) {
869 *((u16 *)cdev->req->buf) = PROTOCOL_VERSION;
870 value = sizeof(u16);
871
872 /* clear any string left over from a previous session */
873 memset(dev->manufacturer, 0, sizeof(dev->manufacturer));
874 memset(dev->model, 0, sizeof(dev->model));
875 memset(dev->description, 0, sizeof(dev->description));
876 memset(dev->version, 0, sizeof(dev->version));
877 memset(dev->uri, 0, sizeof(dev->uri));
878 memset(dev->serial, 0, sizeof(dev->serial));
879 dev->start_requested = 0;
880 dev->audio_mode = 0;
881 }
882 }
883
884 if (value >= 0) {
885 cdev->req->zero = 0;
886 cdev->req->length = value;
887 value = usb_ep_queue(cdev->gadget->ep0, cdev->req, GFP_ATOMIC);
888 if (value < 0)
889 ERROR(cdev, "%s setup response queue error\n",
890 __func__);
891 }
892
893 err:
894 if (value == -EOPNOTSUPP)
895 VDBG(cdev,
896 "unknown class-specific control req "
897 "%02x.%02x v%04x i%04x l%u\n",
898 ctrl->bRequestType, ctrl->bRequest,
899 w_value, w_index, w_length);
900 return value;
901 }
902
903 static int
acc_function_bind(struct usb_configuration * c,struct usb_function * f)904 acc_function_bind(struct usb_configuration *c, struct usb_function *f)
905 {
906 struct usb_composite_dev *cdev = c->cdev;
907 struct acc_dev *dev = func_to_dev(f);
908 int id;
909 int ret;
910
911 DBG(cdev, "acc_function_bind dev: %p\n", dev);
912
913 ret = hid_register_driver(&acc_hid_driver);
914 if (ret)
915 return ret;
916
917 dev->start_requested = 0;
918
919 /* allocate interface ID(s) */
920 id = usb_interface_id(c, f);
921 if (id < 0)
922 return id;
923 acc_interface_desc.bInterfaceNumber = id;
924
925 /* allocate endpoints */
926 ret = create_bulk_endpoints(dev, &acc_fullspeed_in_desc,
927 &acc_fullspeed_out_desc);
928 if (ret)
929 return ret;
930
931 /* support high speed hardware */
932 if (gadget_is_dualspeed(c->cdev->gadget)) {
933 acc_highspeed_in_desc.bEndpointAddress =
934 acc_fullspeed_in_desc.bEndpointAddress;
935 acc_highspeed_out_desc.bEndpointAddress =
936 acc_fullspeed_out_desc.bEndpointAddress;
937 }
938
939 DBG(cdev, "%s speed %s: IN/%s, OUT/%s\n",
940 gadget_is_dualspeed(c->cdev->gadget) ? "dual" : "full",
941 f->name, dev->ep_in->name, dev->ep_out->name);
942 return 0;
943 }
944
945 static void
kill_all_hid_devices(struct acc_dev * dev)946 kill_all_hid_devices(struct acc_dev *dev)
947 {
948 struct acc_hid_dev *hid;
949 struct list_head *entry, *temp;
950 unsigned long flags;
951
952 spin_lock_irqsave(&dev->lock, flags);
953 list_for_each_safe(entry, temp, &dev->hid_list) {
954 hid = list_entry(entry, struct acc_hid_dev, list);
955 list_del(&hid->list);
956 list_add(&hid->list, &dev->dead_hid_list);
957 }
958 list_for_each_safe(entry, temp, &dev->new_hid_list) {
959 hid = list_entry(entry, struct acc_hid_dev, list);
960 list_del(&hid->list);
961 list_add(&hid->list, &dev->dead_hid_list);
962 }
963 spin_unlock_irqrestore(&dev->lock, flags);
964
965 schedule_work(&dev->hid_work);
966 }
967
968 static void
acc_hid_unbind(struct acc_dev * dev)969 acc_hid_unbind(struct acc_dev *dev)
970 {
971 hid_unregister_driver(&acc_hid_driver);
972 kill_all_hid_devices(dev);
973 }
974
975 static void
acc_function_unbind(struct usb_configuration * c,struct usb_function * f)976 acc_function_unbind(struct usb_configuration *c, struct usb_function *f)
977 {
978 struct acc_dev *dev = func_to_dev(f);
979 struct usb_request *req;
980 int i;
981
982 while ((req = req_get(dev, &dev->tx_idle)))
983 acc_request_free(req, dev->ep_in);
984 for (i = 0; i < RX_REQ_MAX; i++)
985 acc_request_free(dev->rx_req[i], dev->ep_out);
986
987 acc_hid_unbind(dev);
988 }
989
acc_start_work(struct work_struct * data)990 static void acc_start_work(struct work_struct *data)
991 {
992 char *envp[2] = { "ACCESSORY=START", NULL };
993 kobject_uevent_env(&acc_device.this_device->kobj, KOBJ_CHANGE, envp);
994 }
995
acc_hid_init(struct acc_hid_dev * hdev)996 static int acc_hid_init(struct acc_hid_dev *hdev)
997 {
998 struct hid_device *hid;
999 int ret;
1000
1001 hid = hid_allocate_device();
1002 if (IS_ERR(hid))
1003 return PTR_ERR(hid);
1004
1005 hid->ll_driver = &acc_hid_ll_driver;
1006 hid->dev.parent = acc_device.this_device;
1007
1008 hid->bus = BUS_USB;
1009 hid->vendor = HID_ANY_ID;
1010 hid->product = HID_ANY_ID;
1011 hid->driver_data = hdev;
1012 ret = hid_add_device(hid);
1013 if (ret) {
1014 pr_err("can't add hid device: %d\n", ret);
1015 hid_destroy_device(hid);
1016 return ret;
1017 }
1018
1019 hdev->hid = hid;
1020 return 0;
1021 }
1022
acc_hid_delete(struct acc_hid_dev * hid)1023 static void acc_hid_delete(struct acc_hid_dev *hid)
1024 {
1025 kfree(hid->report_desc);
1026 kfree(hid);
1027 }
1028
acc_hid_work(struct work_struct * data)1029 static void acc_hid_work(struct work_struct *data)
1030 {
1031 struct acc_dev *dev = _acc_dev;
1032 struct list_head *entry, *temp;
1033 struct acc_hid_dev *hid;
1034 struct list_head new_list, dead_list;
1035 unsigned long flags;
1036
1037 INIT_LIST_HEAD(&new_list);
1038
1039 spin_lock_irqsave(&dev->lock, flags);
1040
1041 /* copy hids that are ready for initialization to new_list */
1042 list_for_each_safe(entry, temp, &dev->new_hid_list) {
1043 hid = list_entry(entry, struct acc_hid_dev, list);
1044 if (hid->report_desc_offset == hid->report_desc_len)
1045 list_move(&hid->list, &new_list);
1046 }
1047
1048 if (list_empty(&dev->dead_hid_list)) {
1049 INIT_LIST_HEAD(&dead_list);
1050 } else {
1051 /* move all of dev->dead_hid_list to dead_list */
1052 dead_list.prev = dev->dead_hid_list.prev;
1053 dead_list.next = dev->dead_hid_list.next;
1054 dead_list.next->prev = &dead_list;
1055 dead_list.prev->next = &dead_list;
1056 INIT_LIST_HEAD(&dev->dead_hid_list);
1057 }
1058
1059 spin_unlock_irqrestore(&dev->lock, flags);
1060
1061 /* register new HID devices */
1062 list_for_each_safe(entry, temp, &new_list) {
1063 hid = list_entry(entry, struct acc_hid_dev, list);
1064 if (acc_hid_init(hid)) {
1065 pr_err("can't add HID device %p\n", hid);
1066 acc_hid_delete(hid);
1067 } else {
1068 spin_lock_irqsave(&dev->lock, flags);
1069 list_move(&hid->list, &dev->hid_list);
1070 spin_unlock_irqrestore(&dev->lock, flags);
1071 }
1072 }
1073
1074 /* remove dead HID devices */
1075 list_for_each_safe(entry, temp, &dead_list) {
1076 hid = list_entry(entry, struct acc_hid_dev, list);
1077 list_del(&hid->list);
1078 if (hid->hid)
1079 hid_destroy_device(hid->hid);
1080 acc_hid_delete(hid);
1081 }
1082 }
1083
acc_function_set_alt(struct usb_function * f,unsigned intf,unsigned alt)1084 static int acc_function_set_alt(struct usb_function *f,
1085 unsigned intf, unsigned alt)
1086 {
1087 struct acc_dev *dev = func_to_dev(f);
1088 struct usb_composite_dev *cdev = f->config->cdev;
1089 int ret;
1090
1091 DBG(cdev, "acc_function_set_alt intf: %d alt: %d\n", intf, alt);
1092
1093 ret = config_ep_by_speed(cdev->gadget, f, dev->ep_in);
1094 if (ret)
1095 return ret;
1096
1097 ret = usb_ep_enable(dev->ep_in);
1098 if (ret)
1099 return ret;
1100
1101 ret = config_ep_by_speed(cdev->gadget, f, dev->ep_out);
1102 if (ret)
1103 return ret;
1104
1105 ret = usb_ep_enable(dev->ep_out);
1106 if (ret) {
1107 usb_ep_disable(dev->ep_in);
1108 return ret;
1109 }
1110
1111 dev->online = 1;
1112
1113 /* readers may be blocked waiting for us to go online */
1114 wake_up(&dev->read_wq);
1115 return 0;
1116 }
1117
acc_function_disable(struct usb_function * f)1118 static void acc_function_disable(struct usb_function *f)
1119 {
1120 struct acc_dev *dev = func_to_dev(f);
1121 struct usb_composite_dev *cdev = dev->cdev;
1122
1123 DBG(cdev, "acc_function_disable\n");
1124 acc_set_disconnected(dev);
1125 usb_ep_disable(dev->ep_in);
1126 usb_ep_disable(dev->ep_out);
1127
1128 /* readers may be blocked waiting for us to go online */
1129 wake_up(&dev->read_wq);
1130
1131 VDBG(cdev, "%s disabled\n", dev->function.name);
1132 }
1133
acc_bind_config(struct usb_configuration * c)1134 static int acc_bind_config(struct usb_configuration *c)
1135 {
1136 struct acc_dev *dev = _acc_dev;
1137 int ret;
1138
1139 printk(KERN_INFO "acc_bind_config\n");
1140
1141 /* allocate a string ID for our interface */
1142 if (acc_string_defs[INTERFACE_STRING_INDEX].id == 0) {
1143 ret = usb_string_id(c->cdev);
1144 if (ret < 0)
1145 return ret;
1146 acc_string_defs[INTERFACE_STRING_INDEX].id = ret;
1147 acc_interface_desc.iInterface = ret;
1148 }
1149
1150 dev->cdev = c->cdev;
1151 dev->function.name = "accessory";
1152 dev->function.strings = acc_strings,
1153 dev->function.descriptors = fs_acc_descs;
1154 dev->function.hs_descriptors = hs_acc_descs;
1155 dev->function.bind = acc_function_bind;
1156 dev->function.unbind = acc_function_unbind;
1157 dev->function.set_alt = acc_function_set_alt;
1158 dev->function.disable = acc_function_disable;
1159
1160 return usb_add_function(c, &dev->function);
1161 }
1162
acc_setup(void)1163 static int acc_setup(void)
1164 {
1165 struct acc_dev *dev;
1166 int ret;
1167
1168 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
1169 if (!dev)
1170 return -ENOMEM;
1171
1172 spin_lock_init(&dev->lock);
1173 init_waitqueue_head(&dev->read_wq);
1174 init_waitqueue_head(&dev->write_wq);
1175 atomic_set(&dev->open_excl, 0);
1176 INIT_LIST_HEAD(&dev->tx_idle);
1177 INIT_LIST_HEAD(&dev->hid_list);
1178 INIT_LIST_HEAD(&dev->new_hid_list);
1179 INIT_LIST_HEAD(&dev->dead_hid_list);
1180 INIT_DELAYED_WORK(&dev->start_work, acc_start_work);
1181 INIT_WORK(&dev->hid_work, acc_hid_work);
1182
1183 /* _acc_dev must be set before calling usb_gadget_register_driver */
1184 _acc_dev = dev;
1185
1186 ret = misc_register(&acc_device);
1187 if (ret)
1188 goto err;
1189
1190 return 0;
1191
1192 err:
1193 kfree(dev);
1194 pr_err("USB accessory gadget driver failed to initialize\n");
1195 return ret;
1196 }
1197
acc_disconnect(void)1198 static void acc_disconnect(void)
1199 {
1200 /* unregister all HID devices if USB is disconnected */
1201 kill_all_hid_devices(_acc_dev);
1202 }
1203
acc_cleanup(void)1204 static void acc_cleanup(void)
1205 {
1206 misc_deregister(&acc_device);
1207 kfree(_acc_dev);
1208 _acc_dev = NULL;
1209 }
1210