1 /*
2 * Gadget Driver for Android ADB
3 *
4 * Copyright (C) 2008 Google, Inc.
5 * Author: Mike Lockwood <lockwood@android.com>
6 *
7 * This software is licensed under the terms of the GNU General Public
8 * License version 2, as published by the Free Software Foundation, and
9 * may be copied, distributed, and modified under those terms.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 */
17
18 #include <linux/module.h>
19 #include <linux/init.h>
20 #include <linux/poll.h>
21 #include <linux/delay.h>
22 #include <linux/wait.h>
23 #include <linux/err.h>
24 #include <linux/interrupt.h>
25 #include <linux/sched.h>
26 #include <linux/types.h>
27 #include <linux/device.h>
28 #include <linux/miscdevice.h>
29
30 #define ADB_BULK_BUFFER_SIZE 4096
31
32 /* number of tx requests to allocate */
33 #define TX_REQ_MAX 4
34
35 static const char adb_shortname[] = "android_adb";
36
37 struct adb_dev {
38 struct usb_function function;
39 struct usb_composite_dev *cdev;
40 spinlock_t lock;
41
42 struct usb_ep *ep_in;
43 struct usb_ep *ep_out;
44
45 int online;
46 int error;
47
48 atomic_t read_excl;
49 atomic_t write_excl;
50 atomic_t open_excl;
51
52 struct list_head tx_idle;
53
54 wait_queue_head_t read_wq;
55 wait_queue_head_t write_wq;
56 struct usb_request *rx_req;
57 int rx_done;
58 };
59
60 static struct usb_interface_descriptor adb_interface_desc = {
61 .bLength = USB_DT_INTERFACE_SIZE,
62 .bDescriptorType = USB_DT_INTERFACE,
63 .bInterfaceNumber = 0,
64 .bNumEndpoints = 2,
65 .bInterfaceClass = 0xFF,
66 .bInterfaceSubClass = 0x42,
67 .bInterfaceProtocol = 1,
68 };
69
70 static struct usb_endpoint_descriptor adb_highspeed_in_desc = {
71 .bLength = USB_DT_ENDPOINT_SIZE,
72 .bDescriptorType = USB_DT_ENDPOINT,
73 .bEndpointAddress = USB_DIR_IN,
74 .bmAttributes = USB_ENDPOINT_XFER_BULK,
75 .wMaxPacketSize = __constant_cpu_to_le16(512),
76 };
77
78 static struct usb_endpoint_descriptor adb_highspeed_out_desc = {
79 .bLength = USB_DT_ENDPOINT_SIZE,
80 .bDescriptorType = USB_DT_ENDPOINT,
81 .bEndpointAddress = USB_DIR_OUT,
82 .bmAttributes = USB_ENDPOINT_XFER_BULK,
83 .wMaxPacketSize = __constant_cpu_to_le16(512),
84 };
85
86 static struct usb_endpoint_descriptor adb_fullspeed_in_desc = {
87 .bLength = USB_DT_ENDPOINT_SIZE,
88 .bDescriptorType = USB_DT_ENDPOINT,
89 .bEndpointAddress = USB_DIR_IN,
90 .bmAttributes = USB_ENDPOINT_XFER_BULK,
91 };
92
93 static struct usb_endpoint_descriptor adb_fullspeed_out_desc = {
94 .bLength = USB_DT_ENDPOINT_SIZE,
95 .bDescriptorType = USB_DT_ENDPOINT,
96 .bEndpointAddress = USB_DIR_OUT,
97 .bmAttributes = USB_ENDPOINT_XFER_BULK,
98 };
99
100 static struct usb_descriptor_header *fs_adb_descs[] = {
101 (struct usb_descriptor_header *) &adb_interface_desc,
102 (struct usb_descriptor_header *) &adb_fullspeed_in_desc,
103 (struct usb_descriptor_header *) &adb_fullspeed_out_desc,
104 NULL,
105 };
106
107 static struct usb_descriptor_header *hs_adb_descs[] = {
108 (struct usb_descriptor_header *) &adb_interface_desc,
109 (struct usb_descriptor_header *) &adb_highspeed_in_desc,
110 (struct usb_descriptor_header *) &adb_highspeed_out_desc,
111 NULL,
112 };
113
114 static void adb_ready_callback(void);
115 static void adb_closed_callback(void);
116
117 /* temporary variable used between adb_open() and adb_gadget_bind() */
118 static struct adb_dev *_adb_dev;
119
func_to_adb(struct usb_function * f)120 static inline struct adb_dev *func_to_adb(struct usb_function *f)
121 {
122 return container_of(f, struct adb_dev, function);
123 }
124
125
adb_request_new(struct usb_ep * ep,int buffer_size)126 static struct usb_request *adb_request_new(struct usb_ep *ep, int buffer_size)
127 {
128 struct usb_request *req = usb_ep_alloc_request(ep, GFP_KERNEL);
129 if (!req)
130 return NULL;
131
132 /* now allocate buffers for the requests */
133 req->buf = kmalloc(buffer_size, GFP_KERNEL);
134 if (!req->buf) {
135 usb_ep_free_request(ep, req);
136 return NULL;
137 }
138
139 return req;
140 }
141
adb_request_free(struct usb_request * req,struct usb_ep * ep)142 static void adb_request_free(struct usb_request *req, struct usb_ep *ep)
143 {
144 if (req) {
145 kfree(req->buf);
146 usb_ep_free_request(ep, req);
147 }
148 }
149
adb_lock(atomic_t * excl)150 static inline int adb_lock(atomic_t *excl)
151 {
152 if (atomic_inc_return(excl) == 1) {
153 return 0;
154 } else {
155 atomic_dec(excl);
156 return -1;
157 }
158 }
159
adb_unlock(atomic_t * excl)160 static inline void adb_unlock(atomic_t *excl)
161 {
162 atomic_dec(excl);
163 }
164
165 /* add a request to the tail of a list */
adb_req_put(struct adb_dev * dev,struct list_head * head,struct usb_request * req)166 void adb_req_put(struct adb_dev *dev, struct list_head *head,
167 struct usb_request *req)
168 {
169 unsigned long flags;
170
171 spin_lock_irqsave(&dev->lock, flags);
172 list_add_tail(&req->list, head);
173 spin_unlock_irqrestore(&dev->lock, flags);
174 }
175
176 /* remove a request from the head of a list */
adb_req_get(struct adb_dev * dev,struct list_head * head)177 struct usb_request *adb_req_get(struct adb_dev *dev, struct list_head *head)
178 {
179 unsigned long flags;
180 struct usb_request *req;
181
182 spin_lock_irqsave(&dev->lock, flags);
183 if (list_empty(head)) {
184 req = 0;
185 } else {
186 req = list_first_entry(head, struct usb_request, list);
187 list_del(&req->list);
188 }
189 spin_unlock_irqrestore(&dev->lock, flags);
190 return req;
191 }
192
adb_complete_in(struct usb_ep * ep,struct usb_request * req)193 static void adb_complete_in(struct usb_ep *ep, struct usb_request *req)
194 {
195 struct adb_dev *dev = _adb_dev;
196
197 if (req->status != 0)
198 dev->error = 1;
199
200 adb_req_put(dev, &dev->tx_idle, req);
201
202 wake_up(&dev->write_wq);
203 }
204
adb_complete_out(struct usb_ep * ep,struct usb_request * req)205 static void adb_complete_out(struct usb_ep *ep, struct usb_request *req)
206 {
207 struct adb_dev *dev = _adb_dev;
208
209 dev->rx_done = 1;
210 if (req->status != 0 && req->status != -ECONNRESET)
211 dev->error = 1;
212
213 wake_up(&dev->read_wq);
214 }
215
adb_create_bulk_endpoints(struct adb_dev * dev,struct usb_endpoint_descriptor * in_desc,struct usb_endpoint_descriptor * out_desc)216 static int adb_create_bulk_endpoints(struct adb_dev *dev,
217 struct usb_endpoint_descriptor *in_desc,
218 struct usb_endpoint_descriptor *out_desc)
219 {
220 struct usb_composite_dev *cdev = dev->cdev;
221 struct usb_request *req;
222 struct usb_ep *ep;
223 int i;
224
225 DBG(cdev, "create_bulk_endpoints dev: %p\n", dev);
226
227 ep = usb_ep_autoconfig(cdev->gadget, in_desc);
228 if (!ep) {
229 DBG(cdev, "usb_ep_autoconfig for ep_in failed\n");
230 return -ENODEV;
231 }
232 DBG(cdev, "usb_ep_autoconfig for ep_in got %s\n", ep->name);
233 ep->driver_data = dev; /* claim the endpoint */
234 dev->ep_in = ep;
235
236 ep = usb_ep_autoconfig(cdev->gadget, out_desc);
237 if (!ep) {
238 DBG(cdev, "usb_ep_autoconfig for ep_out failed\n");
239 return -ENODEV;
240 }
241 DBG(cdev, "usb_ep_autoconfig for adb ep_out got %s\n", ep->name);
242 ep->driver_data = dev; /* claim the endpoint */
243 dev->ep_out = ep;
244
245 /* now allocate requests for our endpoints */
246 req = adb_request_new(dev->ep_out, ADB_BULK_BUFFER_SIZE);
247 if (!req)
248 goto fail;
249 req->complete = adb_complete_out;
250 dev->rx_req = req;
251
252 for (i = 0; i < TX_REQ_MAX; i++) {
253 req = adb_request_new(dev->ep_in, ADB_BULK_BUFFER_SIZE);
254 if (!req)
255 goto fail;
256 req->complete = adb_complete_in;
257 adb_req_put(dev, &dev->tx_idle, req);
258 }
259
260 return 0;
261
262 fail:
263 printk(KERN_ERR "adb_bind() could not allocate requests\n");
264 return -1;
265 }
266
adb_read(struct file * fp,char __user * buf,size_t count,loff_t * pos)267 static ssize_t adb_read(struct file *fp, char __user *buf,
268 size_t count, loff_t *pos)
269 {
270 struct adb_dev *dev = fp->private_data;
271 struct usb_request *req;
272 int r = count, xfer;
273 int ret;
274
275 pr_debug("adb_read(%d)\n", count);
276 if (!_adb_dev)
277 return -ENODEV;
278
279 if (count > ADB_BULK_BUFFER_SIZE)
280 return -EINVAL;
281
282 if (adb_lock(&dev->read_excl))
283 return -EBUSY;
284
285 /* we will block until we're online */
286 while (!(dev->online || dev->error)) {
287 pr_debug("adb_read: waiting for online state\n");
288 ret = wait_event_interruptible(dev->read_wq,
289 (dev->online || dev->error));
290 if (ret < 0) {
291 adb_unlock(&dev->read_excl);
292 return ret;
293 }
294 }
295 if (dev->error) {
296 r = -EIO;
297 goto done;
298 }
299
300 requeue_req:
301 /* queue a request */
302 req = dev->rx_req;
303 req->length = count;
304 dev->rx_done = 0;
305 ret = usb_ep_queue(dev->ep_out, req, GFP_ATOMIC);
306 if (ret < 0) {
307 pr_debug("adb_read: failed to queue req %p (%d)\n", req, ret);
308 r = -EIO;
309 dev->error = 1;
310 goto done;
311 } else {
312 pr_debug("rx %p queue\n", req);
313 }
314
315 /* wait for a request to complete */
316 ret = wait_event_interruptible(dev->read_wq, dev->rx_done);
317 if (ret < 0) {
318 if (ret != -ERESTARTSYS)
319 dev->error = 1;
320 r = ret;
321 usb_ep_dequeue(dev->ep_out, req);
322 goto done;
323 }
324 if (!dev->error) {
325 /* If we got a 0-len packet, throw it back and try again. */
326 if (req->actual == 0)
327 goto requeue_req;
328
329 pr_debug("rx %p %d\n", req, req->actual);
330 xfer = (req->actual < count) ? req->actual : count;
331 if (copy_to_user(buf, req->buf, xfer))
332 r = -EFAULT;
333
334 } else
335 r = -EIO;
336
337 done:
338 adb_unlock(&dev->read_excl);
339 pr_debug("adb_read returning %d\n", r);
340 return r;
341 }
342
adb_write(struct file * fp,const char __user * buf,size_t count,loff_t * pos)343 static ssize_t adb_write(struct file *fp, const char __user *buf,
344 size_t count, loff_t *pos)
345 {
346 struct adb_dev *dev = fp->private_data;
347 struct usb_request *req = 0;
348 int r = count, xfer;
349 int ret;
350
351 if (!_adb_dev)
352 return -ENODEV;
353 pr_debug("adb_write(%d)\n", count);
354
355 if (adb_lock(&dev->write_excl))
356 return -EBUSY;
357
358 while (count > 0) {
359 if (dev->error) {
360 pr_debug("adb_write dev->error\n");
361 r = -EIO;
362 break;
363 }
364
365 /* get an idle tx request to use */
366 req = 0;
367 ret = wait_event_interruptible(dev->write_wq,
368 (req = adb_req_get(dev, &dev->tx_idle)) || dev->error);
369
370 if (ret < 0) {
371 r = ret;
372 break;
373 }
374
375 if (req != 0) {
376 if (count > ADB_BULK_BUFFER_SIZE)
377 xfer = ADB_BULK_BUFFER_SIZE;
378 else
379 xfer = count;
380 if (copy_from_user(req->buf, buf, xfer)) {
381 r = -EFAULT;
382 break;
383 }
384
385 req->length = xfer;
386 ret = usb_ep_queue(dev->ep_in, req, GFP_ATOMIC);
387 if (ret < 0) {
388 pr_debug("adb_write: xfer error %d\n", ret);
389 dev->error = 1;
390 r = -EIO;
391 break;
392 }
393
394 buf += xfer;
395 count -= xfer;
396
397 /* zero this so we don't try to free it on error exit */
398 req = 0;
399 }
400 }
401
402 if (req)
403 adb_req_put(dev, &dev->tx_idle, req);
404
405 adb_unlock(&dev->write_excl);
406 pr_debug("adb_write returning %d\n", r);
407 return r;
408 }
409
adb_open(struct inode * ip,struct file * fp)410 static int adb_open(struct inode *ip, struct file *fp)
411 {
412 pr_info("adb_open\n");
413 if (!_adb_dev)
414 return -ENODEV;
415
416 if (adb_lock(&_adb_dev->open_excl))
417 return -EBUSY;
418
419 fp->private_data = _adb_dev;
420
421 /* clear the error latch */
422 _adb_dev->error = 0;
423
424 adb_ready_callback();
425
426 return 0;
427 }
428
adb_release(struct inode * ip,struct file * fp)429 static int adb_release(struct inode *ip, struct file *fp)
430 {
431 pr_info("adb_release\n");
432
433 adb_closed_callback();
434
435 adb_unlock(&_adb_dev->open_excl);
436 return 0;
437 }
438
439 /* file operations for ADB device /dev/android_adb */
440 static const struct file_operations adb_fops = {
441 .owner = THIS_MODULE,
442 .read = adb_read,
443 .write = adb_write,
444 .open = adb_open,
445 .release = adb_release,
446 };
447
448 static struct miscdevice adb_device = {
449 .minor = MISC_DYNAMIC_MINOR,
450 .name = adb_shortname,
451 .fops = &adb_fops,
452 };
453
454
455
456
457 static int
adb_function_bind(struct usb_configuration * c,struct usb_function * f)458 adb_function_bind(struct usb_configuration *c, struct usb_function *f)
459 {
460 struct usb_composite_dev *cdev = c->cdev;
461 struct adb_dev *dev = func_to_adb(f);
462 int id;
463 int ret;
464
465 dev->cdev = cdev;
466 DBG(cdev, "adb_function_bind dev: %p\n", dev);
467
468 /* allocate interface ID(s) */
469 id = usb_interface_id(c, f);
470 if (id < 0)
471 return id;
472 adb_interface_desc.bInterfaceNumber = id;
473
474 /* allocate endpoints */
475 ret = adb_create_bulk_endpoints(dev, &adb_fullspeed_in_desc,
476 &adb_fullspeed_out_desc);
477 if (ret)
478 return ret;
479
480 /* support high speed hardware */
481 if (gadget_is_dualspeed(c->cdev->gadget)) {
482 adb_highspeed_in_desc.bEndpointAddress =
483 adb_fullspeed_in_desc.bEndpointAddress;
484 adb_highspeed_out_desc.bEndpointAddress =
485 adb_fullspeed_out_desc.bEndpointAddress;
486 }
487
488 DBG(cdev, "%s speed %s: IN/%s, OUT/%s\n",
489 gadget_is_dualspeed(c->cdev->gadget) ? "dual" : "full",
490 f->name, dev->ep_in->name, dev->ep_out->name);
491 return 0;
492 }
493
494 static void
adb_function_unbind(struct usb_configuration * c,struct usb_function * f)495 adb_function_unbind(struct usb_configuration *c, struct usb_function *f)
496 {
497 struct adb_dev *dev = func_to_adb(f);
498 struct usb_request *req;
499
500
501 dev->online = 0;
502 dev->error = 1;
503
504 wake_up(&dev->read_wq);
505
506 adb_request_free(dev->rx_req, dev->ep_out);
507 while ((req = adb_req_get(dev, &dev->tx_idle)))
508 adb_request_free(req, dev->ep_in);
509 }
510
adb_function_set_alt(struct usb_function * f,unsigned intf,unsigned alt)511 static int adb_function_set_alt(struct usb_function *f,
512 unsigned intf, unsigned alt)
513 {
514 struct adb_dev *dev = func_to_adb(f);
515 struct usb_composite_dev *cdev = f->config->cdev;
516 int ret;
517
518 DBG(cdev, "adb_function_set_alt intf: %d alt: %d\n", intf, alt);
519
520 ret = config_ep_by_speed(cdev->gadget, f, dev->ep_in);
521 if (ret)
522 return ret;
523
524 ret = usb_ep_enable(dev->ep_in);
525 if (ret)
526 return ret;
527
528 ret = config_ep_by_speed(cdev->gadget, f, dev->ep_out);
529 if (ret)
530 return ret;
531
532 ret = usb_ep_enable(dev->ep_out);
533 if (ret) {
534 usb_ep_disable(dev->ep_in);
535 return ret;
536 }
537 dev->online = 1;
538
539 /* readers may be blocked waiting for us to go online */
540 wake_up(&dev->read_wq);
541 return 0;
542 }
543
adb_function_disable(struct usb_function * f)544 static void adb_function_disable(struct usb_function *f)
545 {
546 struct adb_dev *dev = func_to_adb(f);
547 struct usb_composite_dev *cdev = dev->cdev;
548
549 DBG(cdev, "adb_function_disable cdev %p\n", cdev);
550 dev->online = 0;
551 dev->error = 1;
552 usb_ep_disable(dev->ep_in);
553 usb_ep_disable(dev->ep_out);
554
555 /* readers may be blocked waiting for us to go online */
556 wake_up(&dev->read_wq);
557
558 VDBG(cdev, "%s disabled\n", dev->function.name);
559 }
560
adb_bind_config(struct usb_configuration * c)561 static int adb_bind_config(struct usb_configuration *c)
562 {
563 struct adb_dev *dev = _adb_dev;
564
565 printk(KERN_INFO "adb_bind_config\n");
566
567 dev->cdev = c->cdev;
568 dev->function.name = "adb";
569 dev->function.descriptors = fs_adb_descs;
570 dev->function.hs_descriptors = hs_adb_descs;
571 dev->function.bind = adb_function_bind;
572 dev->function.unbind = adb_function_unbind;
573 dev->function.set_alt = adb_function_set_alt;
574 dev->function.disable = adb_function_disable;
575
576 return usb_add_function(c, &dev->function);
577 }
578
adb_setup(void)579 static int adb_setup(void)
580 {
581 struct adb_dev *dev;
582 int ret;
583
584 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
585 if (!dev)
586 return -ENOMEM;
587
588 spin_lock_init(&dev->lock);
589
590 init_waitqueue_head(&dev->read_wq);
591 init_waitqueue_head(&dev->write_wq);
592
593 atomic_set(&dev->open_excl, 0);
594 atomic_set(&dev->read_excl, 0);
595 atomic_set(&dev->write_excl, 0);
596
597 INIT_LIST_HEAD(&dev->tx_idle);
598
599 _adb_dev = dev;
600
601 ret = misc_register(&adb_device);
602 if (ret)
603 goto err;
604
605 return 0;
606
607 err:
608 kfree(dev);
609 printk(KERN_ERR "adb gadget driver failed to initialize\n");
610 return ret;
611 }
612
adb_cleanup(void)613 static void adb_cleanup(void)
614 {
615 misc_deregister(&adb_device);
616
617 kfree(_adb_dev);
618 _adb_dev = NULL;
619 }
620