1 /*
2 * Gadget Function Driver for Android USB accessories
3 *
4 * Copyright (C) 2011 Google, Inc.
5 * Author: Mike Lockwood <lockwood@android.com>
6 *
7 * This software is licensed under the terms of the GNU General Public
8 * License version 2, as published by the Free Software Foundation, and
9 * may be copied, distributed, and modified under those terms.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 */
17
18 /* #define DEBUG */
19 /* #define VERBOSE_DEBUG */
20
21 #include <linux/module.h>
22 #include <linux/init.h>
23 #include <linux/poll.h>
24 #include <linux/delay.h>
25 #include <linux/wait.h>
26 #include <linux/err.h>
27 #include <linux/interrupt.h>
28 #include <linux/kthread.h>
29 #include <linux/freezer.h>
30
31 #include <linux/types.h>
32 #include <linux/file.h>
33 #include <linux/device.h>
34 #include <linux/miscdevice.h>
35
36 #include <linux/hid.h>
37 #include <linux/hiddev.h>
38 #include <linux/usb.h>
39 #include <linux/usb/ch9.h>
40 #include <linux/usb/f_accessory.h>
41
42 #include <linux/configfs.h>
43 #include <linux/usb/composite.h>
44
45 #define MAX_INST_NAME_LEN 40
46 #define BULK_BUFFER_SIZE 16384
47 #define ACC_STRING_SIZE 256
48
49 #define PROTOCOL_VERSION 2
50
51 /* String IDs */
52 #define INTERFACE_STRING_INDEX 0
53
54 /* number of tx and rx requests to allocate */
55 #define TX_REQ_MAX 4
56 #define RX_REQ_MAX 2
57
58 struct acc_hid_dev {
59 struct list_head list;
60 struct hid_device *hid;
61 struct acc_dev *dev;
62 /* accessory defined ID */
63 int id;
64 /* HID report descriptor */
65 u8 *report_desc;
66 /* length of HID report descriptor */
67 int report_desc_len;
68 /* number of bytes of report_desc we have received so far */
69 int report_desc_offset;
70 };
71
72 struct acc_dev {
73 struct usb_function function;
74 struct usb_composite_dev *cdev;
75 spinlock_t lock;
76
77 struct usb_ep *ep_in;
78 struct usb_ep *ep_out;
79
80 /* online indicates state of function_set_alt & function_unbind
81 * set to 1 when we connect
82 */
83 int online:1;
84
85 /* disconnected indicates state of open & release
86 * Set to 1 when we disconnect.
87 * Not cleared until our file is closed.
88 */
89 int disconnected:1;
90
91 /* strings sent by the host */
92 char manufacturer[ACC_STRING_SIZE];
93 char model[ACC_STRING_SIZE];
94 char description[ACC_STRING_SIZE];
95 char version[ACC_STRING_SIZE];
96 char uri[ACC_STRING_SIZE];
97 char serial[ACC_STRING_SIZE];
98
99 /* for acc_complete_set_string */
100 int string_index;
101
102 /* set to 1 if we have a pending start request */
103 int start_requested;
104
105 int audio_mode;
106
107 /* synchronize access to our device file */
108 atomic_t open_excl;
109
110 struct list_head tx_idle;
111
112 wait_queue_head_t read_wq;
113 wait_queue_head_t write_wq;
114 struct usb_request *rx_req[RX_REQ_MAX];
115 int rx_done;
116
117 /* delayed work for handling ACCESSORY_START */
118 struct delayed_work start_work;
119
120 /* worker for registering and unregistering hid devices */
121 struct work_struct hid_work;
122
123 /* list of active HID devices */
124 struct list_head hid_list;
125
126 /* list of new HID devices to register */
127 struct list_head new_hid_list;
128
129 /* list of dead HID devices to unregister */
130 struct list_head dead_hid_list;
131 };
132
133 static struct usb_interface_descriptor acc_interface_desc = {
134 .bLength = USB_DT_INTERFACE_SIZE,
135 .bDescriptorType = USB_DT_INTERFACE,
136 .bInterfaceNumber = 0,
137 .bNumEndpoints = 2,
138 .bInterfaceClass = USB_CLASS_VENDOR_SPEC,
139 .bInterfaceSubClass = USB_SUBCLASS_VENDOR_SPEC,
140 .bInterfaceProtocol = 0,
141 };
142
143 static struct usb_endpoint_descriptor acc_highspeed_in_desc = {
144 .bLength = USB_DT_ENDPOINT_SIZE,
145 .bDescriptorType = USB_DT_ENDPOINT,
146 .bEndpointAddress = USB_DIR_IN,
147 .bmAttributes = USB_ENDPOINT_XFER_BULK,
148 .wMaxPacketSize = __constant_cpu_to_le16(512),
149 };
150
151 static struct usb_endpoint_descriptor acc_highspeed_out_desc = {
152 .bLength = USB_DT_ENDPOINT_SIZE,
153 .bDescriptorType = USB_DT_ENDPOINT,
154 .bEndpointAddress = USB_DIR_OUT,
155 .bmAttributes = USB_ENDPOINT_XFER_BULK,
156 .wMaxPacketSize = __constant_cpu_to_le16(512),
157 };
158
159 static struct usb_endpoint_descriptor acc_fullspeed_in_desc = {
160 .bLength = USB_DT_ENDPOINT_SIZE,
161 .bDescriptorType = USB_DT_ENDPOINT,
162 .bEndpointAddress = USB_DIR_IN,
163 .bmAttributes = USB_ENDPOINT_XFER_BULK,
164 };
165
166 static struct usb_endpoint_descriptor acc_fullspeed_out_desc = {
167 .bLength = USB_DT_ENDPOINT_SIZE,
168 .bDescriptorType = USB_DT_ENDPOINT,
169 .bEndpointAddress = USB_DIR_OUT,
170 .bmAttributes = USB_ENDPOINT_XFER_BULK,
171 };
172
173 static struct usb_descriptor_header *fs_acc_descs[] = {
174 (struct usb_descriptor_header *) &acc_interface_desc,
175 (struct usb_descriptor_header *) &acc_fullspeed_in_desc,
176 (struct usb_descriptor_header *) &acc_fullspeed_out_desc,
177 NULL,
178 };
179
180 static struct usb_descriptor_header *hs_acc_descs[] = {
181 (struct usb_descriptor_header *) &acc_interface_desc,
182 (struct usb_descriptor_header *) &acc_highspeed_in_desc,
183 (struct usb_descriptor_header *) &acc_highspeed_out_desc,
184 NULL,
185 };
186
187 static struct usb_string acc_string_defs[] = {
188 [INTERFACE_STRING_INDEX].s = "Android Accessory Interface",
189 { }, /* end of list */
190 };
191
192 static struct usb_gadget_strings acc_string_table = {
193 .language = 0x0409, /* en-US */
194 .strings = acc_string_defs,
195 };
196
197 static struct usb_gadget_strings *acc_strings[] = {
198 &acc_string_table,
199 NULL,
200 };
201
202 /* temporary variable used between acc_open() and acc_gadget_bind() */
203 static struct acc_dev *_acc_dev;
204
205 struct acc_instance {
206 struct usb_function_instance func_inst;
207 const char *name;
208 };
209
func_to_dev(struct usb_function * f)210 static inline struct acc_dev *func_to_dev(struct usb_function *f)
211 {
212 return container_of(f, struct acc_dev, function);
213 }
214
acc_request_new(struct usb_ep * ep,int buffer_size)215 static struct usb_request *acc_request_new(struct usb_ep *ep, int buffer_size)
216 {
217 struct usb_request *req = usb_ep_alloc_request(ep, GFP_KERNEL);
218
219 if (!req)
220 return NULL;
221
222 /* now allocate buffers for the requests */
223 req->buf = kmalloc(buffer_size, GFP_KERNEL);
224 if (!req->buf) {
225 usb_ep_free_request(ep, req);
226 return NULL;
227 }
228
229 return req;
230 }
231
acc_request_free(struct usb_request * req,struct usb_ep * ep)232 static void acc_request_free(struct usb_request *req, struct usb_ep *ep)
233 {
234 if (req) {
235 kfree(req->buf);
236 usb_ep_free_request(ep, req);
237 }
238 }
239
240 /* add a request to the tail of a list */
req_put(struct acc_dev * dev,struct list_head * head,struct usb_request * req)241 static void req_put(struct acc_dev *dev, struct list_head *head,
242 struct usb_request *req)
243 {
244 unsigned long flags;
245
246 spin_lock_irqsave(&dev->lock, flags);
247 list_add_tail(&req->list, head);
248 spin_unlock_irqrestore(&dev->lock, flags);
249 }
250
251 /* remove a request from the head of a list */
req_get(struct acc_dev * dev,struct list_head * head)252 static struct usb_request *req_get(struct acc_dev *dev, struct list_head *head)
253 {
254 unsigned long flags;
255 struct usb_request *req;
256
257 spin_lock_irqsave(&dev->lock, flags);
258 if (list_empty(head)) {
259 req = 0;
260 } else {
261 req = list_first_entry(head, struct usb_request, list);
262 list_del(&req->list);
263 }
264 spin_unlock_irqrestore(&dev->lock, flags);
265 return req;
266 }
267
acc_set_disconnected(struct acc_dev * dev)268 static void acc_set_disconnected(struct acc_dev *dev)
269 {
270 dev->disconnected = 1;
271 }
272
acc_complete_in(struct usb_ep * ep,struct usb_request * req)273 static void acc_complete_in(struct usb_ep *ep, struct usb_request *req)
274 {
275 struct acc_dev *dev = _acc_dev;
276
277 if (req->status == -ESHUTDOWN) {
278 pr_debug("acc_complete_in set disconnected");
279 acc_set_disconnected(dev);
280 }
281
282 req_put(dev, &dev->tx_idle, req);
283
284 wake_up(&dev->write_wq);
285 }
286
acc_complete_out(struct usb_ep * ep,struct usb_request * req)287 static void acc_complete_out(struct usb_ep *ep, struct usb_request *req)
288 {
289 struct acc_dev *dev = _acc_dev;
290
291 dev->rx_done = 1;
292 if (req->status == -ESHUTDOWN) {
293 pr_debug("acc_complete_out set disconnected");
294 acc_set_disconnected(dev);
295 }
296
297 wake_up(&dev->read_wq);
298 }
299
acc_complete_set_string(struct usb_ep * ep,struct usb_request * req)300 static void acc_complete_set_string(struct usb_ep *ep, struct usb_request *req)
301 {
302 struct acc_dev *dev = ep->driver_data;
303 char *string_dest = NULL;
304 int length = req->actual;
305
306 if (req->status != 0) {
307 pr_err("acc_complete_set_string, err %d\n", req->status);
308 return;
309 }
310
311 switch (dev->string_index) {
312 case ACCESSORY_STRING_MANUFACTURER:
313 string_dest = dev->manufacturer;
314 break;
315 case ACCESSORY_STRING_MODEL:
316 string_dest = dev->model;
317 break;
318 case ACCESSORY_STRING_DESCRIPTION:
319 string_dest = dev->description;
320 break;
321 case ACCESSORY_STRING_VERSION:
322 string_dest = dev->version;
323 break;
324 case ACCESSORY_STRING_URI:
325 string_dest = dev->uri;
326 break;
327 case ACCESSORY_STRING_SERIAL:
328 string_dest = dev->serial;
329 break;
330 }
331 if (string_dest) {
332 unsigned long flags;
333
334 if (length >= ACC_STRING_SIZE)
335 length = ACC_STRING_SIZE - 1;
336
337 spin_lock_irqsave(&dev->lock, flags);
338 memcpy(string_dest, req->buf, length);
339 /* ensure zero termination */
340 string_dest[length] = 0;
341 spin_unlock_irqrestore(&dev->lock, flags);
342 } else {
343 pr_err("unknown accessory string index %d\n",
344 dev->string_index);
345 }
346 }
347
acc_complete_set_hid_report_desc(struct usb_ep * ep,struct usb_request * req)348 static void acc_complete_set_hid_report_desc(struct usb_ep *ep,
349 struct usb_request *req)
350 {
351 struct acc_hid_dev *hid = req->context;
352 struct acc_dev *dev = hid->dev;
353 int length = req->actual;
354
355 if (req->status != 0) {
356 pr_err("acc_complete_set_hid_report_desc, err %d\n",
357 req->status);
358 return;
359 }
360
361 memcpy(hid->report_desc + hid->report_desc_offset, req->buf, length);
362 hid->report_desc_offset += length;
363 if (hid->report_desc_offset == hid->report_desc_len) {
364 /* After we have received the entire report descriptor
365 * we schedule work to initialize the HID device
366 */
367 schedule_work(&dev->hid_work);
368 }
369 }
370
acc_complete_send_hid_event(struct usb_ep * ep,struct usb_request * req)371 static void acc_complete_send_hid_event(struct usb_ep *ep,
372 struct usb_request *req)
373 {
374 struct acc_hid_dev *hid = req->context;
375 int length = req->actual;
376
377 if (req->status != 0) {
378 pr_err("acc_complete_send_hid_event, err %d\n", req->status);
379 return;
380 }
381
382 hid_report_raw_event(hid->hid, HID_INPUT_REPORT, req->buf, length, 1);
383 }
384
acc_hid_parse(struct hid_device * hid)385 static int acc_hid_parse(struct hid_device *hid)
386 {
387 struct acc_hid_dev *hdev = hid->driver_data;
388
389 hid_parse_report(hid, hdev->report_desc, hdev->report_desc_len);
390 return 0;
391 }
392
acc_hid_start(struct hid_device * hid)393 static int acc_hid_start(struct hid_device *hid)
394 {
395 return 0;
396 }
397
acc_hid_stop(struct hid_device * hid)398 static void acc_hid_stop(struct hid_device *hid)
399 {
400 }
401
acc_hid_open(struct hid_device * hid)402 static int acc_hid_open(struct hid_device *hid)
403 {
404 return 0;
405 }
406
acc_hid_close(struct hid_device * hid)407 static void acc_hid_close(struct hid_device *hid)
408 {
409 }
410
acc_hid_raw_request(struct hid_device * hid,unsigned char reportnum,__u8 * buf,size_t len,unsigned char rtype,int reqtype)411 static int acc_hid_raw_request(struct hid_device *hid, unsigned char reportnum,
412 __u8 *buf, size_t len, unsigned char rtype, int reqtype)
413 {
414 return 0;
415 }
416
417 static struct hid_ll_driver acc_hid_ll_driver = {
418 .parse = acc_hid_parse,
419 .start = acc_hid_start,
420 .stop = acc_hid_stop,
421 .open = acc_hid_open,
422 .close = acc_hid_close,
423 .raw_request = acc_hid_raw_request,
424 };
425
acc_hid_new(struct acc_dev * dev,int id,int desc_len)426 static struct acc_hid_dev *acc_hid_new(struct acc_dev *dev,
427 int id, int desc_len)
428 {
429 struct acc_hid_dev *hdev;
430
431 hdev = kzalloc(sizeof(*hdev), GFP_ATOMIC);
432 if (!hdev)
433 return NULL;
434 hdev->report_desc = kzalloc(desc_len, GFP_ATOMIC);
435 if (!hdev->report_desc) {
436 kfree(hdev);
437 return NULL;
438 }
439 hdev->dev = dev;
440 hdev->id = id;
441 hdev->report_desc_len = desc_len;
442
443 return hdev;
444 }
445
acc_hid_get(struct list_head * list,int id)446 static struct acc_hid_dev *acc_hid_get(struct list_head *list, int id)
447 {
448 struct acc_hid_dev *hid;
449
450 list_for_each_entry(hid, list, list) {
451 if (hid->id == id)
452 return hid;
453 }
454 return NULL;
455 }
456
acc_register_hid(struct acc_dev * dev,int id,int desc_length)457 static int acc_register_hid(struct acc_dev *dev, int id, int desc_length)
458 {
459 struct acc_hid_dev *hid;
460 unsigned long flags;
461
462 /* report descriptor length must be > 0 */
463 if (desc_length <= 0)
464 return -EINVAL;
465
466 spin_lock_irqsave(&dev->lock, flags);
467 /* replace HID if one already exists with this ID */
468 hid = acc_hid_get(&dev->hid_list, id);
469 if (!hid)
470 hid = acc_hid_get(&dev->new_hid_list, id);
471 if (hid)
472 list_move(&hid->list, &dev->dead_hid_list);
473
474 hid = acc_hid_new(dev, id, desc_length);
475 if (!hid) {
476 spin_unlock_irqrestore(&dev->lock, flags);
477 return -ENOMEM;
478 }
479
480 list_add(&hid->list, &dev->new_hid_list);
481 spin_unlock_irqrestore(&dev->lock, flags);
482
483 /* schedule work to register the HID device */
484 schedule_work(&dev->hid_work);
485 return 0;
486 }
487
acc_unregister_hid(struct acc_dev * dev,int id)488 static int acc_unregister_hid(struct acc_dev *dev, int id)
489 {
490 struct acc_hid_dev *hid;
491 unsigned long flags;
492
493 spin_lock_irqsave(&dev->lock, flags);
494 hid = acc_hid_get(&dev->hid_list, id);
495 if (!hid)
496 hid = acc_hid_get(&dev->new_hid_list, id);
497 if (!hid) {
498 spin_unlock_irqrestore(&dev->lock, flags);
499 return -EINVAL;
500 }
501
502 list_move(&hid->list, &dev->dead_hid_list);
503 spin_unlock_irqrestore(&dev->lock, flags);
504
505 schedule_work(&dev->hid_work);
506 return 0;
507 }
508
create_bulk_endpoints(struct acc_dev * dev,struct usb_endpoint_descriptor * in_desc,struct usb_endpoint_descriptor * out_desc)509 static int create_bulk_endpoints(struct acc_dev *dev,
510 struct usb_endpoint_descriptor *in_desc,
511 struct usb_endpoint_descriptor *out_desc)
512 {
513 struct usb_composite_dev *cdev = dev->cdev;
514 struct usb_request *req;
515 struct usb_ep *ep;
516 int i;
517
518 DBG(cdev, "create_bulk_endpoints dev: %p\n", dev);
519
520 ep = usb_ep_autoconfig(cdev->gadget, in_desc);
521 if (!ep) {
522 DBG(cdev, "usb_ep_autoconfig for ep_in failed\n");
523 return -ENODEV;
524 }
525 DBG(cdev, "usb_ep_autoconfig for ep_in got %s\n", ep->name);
526 ep->driver_data = dev; /* claim the endpoint */
527 dev->ep_in = ep;
528
529 ep = usb_ep_autoconfig(cdev->gadget, out_desc);
530 if (!ep) {
531 DBG(cdev, "usb_ep_autoconfig for ep_out failed\n");
532 return -ENODEV;
533 }
534 DBG(cdev, "usb_ep_autoconfig for ep_out got %s\n", ep->name);
535 ep->driver_data = dev; /* claim the endpoint */
536 dev->ep_out = ep;
537
538 /* now allocate requests for our endpoints */
539 for (i = 0; i < TX_REQ_MAX; i++) {
540 req = acc_request_new(dev->ep_in, BULK_BUFFER_SIZE);
541 if (!req)
542 goto fail;
543 req->complete = acc_complete_in;
544 req_put(dev, &dev->tx_idle, req);
545 }
546 for (i = 0; i < RX_REQ_MAX; i++) {
547 req = acc_request_new(dev->ep_out, BULK_BUFFER_SIZE);
548 if (!req)
549 goto fail;
550 req->complete = acc_complete_out;
551 dev->rx_req[i] = req;
552 }
553
554 return 0;
555
556 fail:
557 pr_err("acc_bind() could not allocate requests\n");
558 while ((req = req_get(dev, &dev->tx_idle)))
559 acc_request_free(req, dev->ep_in);
560 for (i = 0; i < RX_REQ_MAX; i++)
561 acc_request_free(dev->rx_req[i], dev->ep_out);
562 return -1;
563 }
564
acc_read(struct file * fp,char __user * buf,size_t count,loff_t * pos)565 static ssize_t acc_read(struct file *fp, char __user *buf,
566 size_t count, loff_t *pos)
567 {
568 struct acc_dev *dev = fp->private_data;
569 struct usb_request *req;
570 ssize_t r = count;
571 unsigned xfer;
572 int ret = 0;
573
574 pr_debug("acc_read(%zu)\n", count);
575
576 if (dev->disconnected) {
577 pr_debug("acc_read disconnected");
578 return -ENODEV;
579 }
580
581 if (count > BULK_BUFFER_SIZE)
582 count = BULK_BUFFER_SIZE;
583
584 /* we will block until we're online */
585 pr_debug("acc_read: waiting for online\n");
586 ret = wait_event_interruptible(dev->read_wq, dev->online);
587 if (ret < 0) {
588 r = ret;
589 goto done;
590 }
591
592 if (dev->rx_done) {
593 // last req cancelled. try to get it.
594 req = dev->rx_req[0];
595 goto copy_data;
596 }
597
598 requeue_req:
599 /* queue a request */
600 req = dev->rx_req[0];
601 req->length = count;
602 dev->rx_done = 0;
603 ret = usb_ep_queue(dev->ep_out, req, GFP_KERNEL);
604 if (ret < 0) {
605 r = -EIO;
606 goto done;
607 } else {
608 pr_debug("rx %p queue\n", req);
609 }
610
611 /* wait for a request to complete */
612 ret = wait_event_interruptible(dev->read_wq, dev->rx_done);
613 if (ret < 0) {
614 r = ret;
615 ret = usb_ep_dequeue(dev->ep_out, req);
616 if (ret != 0) {
617 // cancel failed. There can be a data already received.
618 // it will be retrieved in the next read.
619 pr_debug("acc_read: cancelling failed %d", ret);
620 }
621 goto done;
622 }
623
624 copy_data:
625 dev->rx_done = 0;
626 if (dev->online) {
627 /* If we got a 0-len packet, throw it back and try again. */
628 if (req->actual == 0)
629 goto requeue_req;
630
631 pr_debug("rx %p %u\n", req, req->actual);
632 xfer = (req->actual < count) ? req->actual : count;
633 r = xfer;
634 if (copy_to_user(buf, req->buf, xfer))
635 r = -EFAULT;
636 } else
637 r = -EIO;
638
639 done:
640 pr_debug("acc_read returning %zd\n", r);
641 return r;
642 }
643
acc_write(struct file * fp,const char __user * buf,size_t count,loff_t * pos)644 static ssize_t acc_write(struct file *fp, const char __user *buf,
645 size_t count, loff_t *pos)
646 {
647 struct acc_dev *dev = fp->private_data;
648 struct usb_request *req = 0;
649 ssize_t r = count;
650 unsigned xfer;
651 int ret;
652
653 pr_debug("acc_write(%zu)\n", count);
654
655 if (!dev->online || dev->disconnected) {
656 pr_debug("acc_write disconnected or not online");
657 return -ENODEV;
658 }
659
660 while (count > 0) {
661 if (!dev->online) {
662 pr_debug("acc_write dev->error\n");
663 r = -EIO;
664 break;
665 }
666
667 /* get an idle tx request to use */
668 req = 0;
669 ret = wait_event_interruptible(dev->write_wq,
670 ((req = req_get(dev, &dev->tx_idle)) || !dev->online));
671 if (!req) {
672 r = ret;
673 break;
674 }
675
676 if (count > BULK_BUFFER_SIZE) {
677 xfer = BULK_BUFFER_SIZE;
678 /* ZLP, They will be more TX requests so not yet. */
679 req->zero = 0;
680 } else {
681 xfer = count;
682 /* If the data length is a multple of the
683 * maxpacket size then send a zero length packet(ZLP).
684 */
685 req->zero = ((xfer % dev->ep_in->maxpacket) == 0);
686 }
687 if (copy_from_user(req->buf, buf, xfer)) {
688 r = -EFAULT;
689 break;
690 }
691
692 req->length = xfer;
693 ret = usb_ep_queue(dev->ep_in, req, GFP_KERNEL);
694 if (ret < 0) {
695 pr_debug("acc_write: xfer error %d\n", ret);
696 r = -EIO;
697 break;
698 }
699
700 buf += xfer;
701 count -= xfer;
702
703 /* zero this so we don't try to free it on error exit */
704 req = 0;
705 }
706
707 if (req)
708 req_put(dev, &dev->tx_idle, req);
709
710 pr_debug("acc_write returning %zd\n", r);
711 return r;
712 }
713
acc_ioctl(struct file * fp,unsigned code,unsigned long value)714 static long acc_ioctl(struct file *fp, unsigned code, unsigned long value)
715 {
716 struct acc_dev *dev = fp->private_data;
717 char *src = NULL;
718 int ret;
719
720 switch (code) {
721 case ACCESSORY_GET_STRING_MANUFACTURER:
722 src = dev->manufacturer;
723 break;
724 case ACCESSORY_GET_STRING_MODEL:
725 src = dev->model;
726 break;
727 case ACCESSORY_GET_STRING_DESCRIPTION:
728 src = dev->description;
729 break;
730 case ACCESSORY_GET_STRING_VERSION:
731 src = dev->version;
732 break;
733 case ACCESSORY_GET_STRING_URI:
734 src = dev->uri;
735 break;
736 case ACCESSORY_GET_STRING_SERIAL:
737 src = dev->serial;
738 break;
739 case ACCESSORY_IS_START_REQUESTED:
740 return dev->start_requested;
741 case ACCESSORY_GET_AUDIO_MODE:
742 return dev->audio_mode;
743 }
744 if (!src)
745 return -EINVAL;
746
747 ret = strlen(src) + 1;
748 if (copy_to_user((void __user *)value, src, ret))
749 ret = -EFAULT;
750 return ret;
751 }
752
acc_open(struct inode * ip,struct file * fp)753 static int acc_open(struct inode *ip, struct file *fp)
754 {
755 printk(KERN_INFO "acc_open\n");
756 if (atomic_xchg(&_acc_dev->open_excl, 1))
757 return -EBUSY;
758
759 _acc_dev->disconnected = 0;
760 fp->private_data = _acc_dev;
761 return 0;
762 }
763
acc_release(struct inode * ip,struct file * fp)764 static int acc_release(struct inode *ip, struct file *fp)
765 {
766 printk(KERN_INFO "acc_release\n");
767
768 WARN_ON(!atomic_xchg(&_acc_dev->open_excl, 0));
769 /* indicate that we are disconnected
770 * still could be online so don't touch online flag
771 */
772 _acc_dev->disconnected = 1;
773 return 0;
774 }
775
776 /* file operations for /dev/usb_accessory */
777 static const struct file_operations acc_fops = {
778 .owner = THIS_MODULE,
779 .read = acc_read,
780 .write = acc_write,
781 .unlocked_ioctl = acc_ioctl,
782 .open = acc_open,
783 .release = acc_release,
784 };
785
acc_hid_probe(struct hid_device * hdev,const struct hid_device_id * id)786 static int acc_hid_probe(struct hid_device *hdev,
787 const struct hid_device_id *id)
788 {
789 int ret;
790
791 ret = hid_parse(hdev);
792 if (ret)
793 return ret;
794 return hid_hw_start(hdev, HID_CONNECT_DEFAULT);
795 }
796
797 static struct miscdevice acc_device = {
798 .minor = MISC_DYNAMIC_MINOR,
799 .name = "usb_accessory",
800 .fops = &acc_fops,
801 };
802
803 static const struct hid_device_id acc_hid_table[] = {
804 { HID_USB_DEVICE(HID_ANY_ID, HID_ANY_ID) },
805 { }
806 };
807
808 static struct hid_driver acc_hid_driver = {
809 .name = "USB accessory",
810 .id_table = acc_hid_table,
811 .probe = acc_hid_probe,
812 };
813
acc_complete_setup_noop(struct usb_ep * ep,struct usb_request * req)814 static void acc_complete_setup_noop(struct usb_ep *ep, struct usb_request *req)
815 {
816 /*
817 * Default no-op function when nothing needs to be done for the
818 * setup request
819 */
820 }
821
acc_ctrlrequest(struct usb_composite_dev * cdev,const struct usb_ctrlrequest * ctrl)822 int acc_ctrlrequest(struct usb_composite_dev *cdev,
823 const struct usb_ctrlrequest *ctrl)
824 {
825 struct acc_dev *dev = _acc_dev;
826 int value = -EOPNOTSUPP;
827 struct acc_hid_dev *hid;
828 int offset;
829 u8 b_requestType = ctrl->bRequestType;
830 u8 b_request = ctrl->bRequest;
831 u16 w_index = le16_to_cpu(ctrl->wIndex);
832 u16 w_value = le16_to_cpu(ctrl->wValue);
833 u16 w_length = le16_to_cpu(ctrl->wLength);
834 unsigned long flags;
835
836 /*
837 printk(KERN_INFO "acc_ctrlrequest "
838 "%02x.%02x v%04x i%04x l%u\n",
839 b_requestType, b_request,
840 w_value, w_index, w_length);
841 */
842
843 if (b_requestType == (USB_DIR_OUT | USB_TYPE_VENDOR)) {
844 if (b_request == ACCESSORY_START) {
845 dev->start_requested = 1;
846 schedule_delayed_work(
847 &dev->start_work, msecs_to_jiffies(10));
848 value = 0;
849 cdev->req->complete = acc_complete_setup_noop;
850 } else if (b_request == ACCESSORY_SEND_STRING) {
851 dev->string_index = w_index;
852 cdev->gadget->ep0->driver_data = dev;
853 cdev->req->complete = acc_complete_set_string;
854 value = w_length;
855 } else if (b_request == ACCESSORY_SET_AUDIO_MODE &&
856 w_index == 0 && w_length == 0) {
857 dev->audio_mode = w_value;
858 cdev->req->complete = acc_complete_setup_noop;
859 value = 0;
860 } else if (b_request == ACCESSORY_REGISTER_HID) {
861 cdev->req->complete = acc_complete_setup_noop;
862 value = acc_register_hid(dev, w_value, w_index);
863 } else if (b_request == ACCESSORY_UNREGISTER_HID) {
864 cdev->req->complete = acc_complete_setup_noop;
865 value = acc_unregister_hid(dev, w_value);
866 } else if (b_request == ACCESSORY_SET_HID_REPORT_DESC) {
867 spin_lock_irqsave(&dev->lock, flags);
868 hid = acc_hid_get(&dev->new_hid_list, w_value);
869 spin_unlock_irqrestore(&dev->lock, flags);
870 if (!hid) {
871 value = -EINVAL;
872 goto err;
873 }
874 offset = w_index;
875 if (offset != hid->report_desc_offset
876 || offset + w_length > hid->report_desc_len) {
877 value = -EINVAL;
878 goto err;
879 }
880 cdev->req->context = hid;
881 cdev->req->complete = acc_complete_set_hid_report_desc;
882 value = w_length;
883 } else if (b_request == ACCESSORY_SEND_HID_EVENT) {
884 spin_lock_irqsave(&dev->lock, flags);
885 hid = acc_hid_get(&dev->hid_list, w_value);
886 spin_unlock_irqrestore(&dev->lock, flags);
887 if (!hid) {
888 value = -EINVAL;
889 goto err;
890 }
891 cdev->req->context = hid;
892 cdev->req->complete = acc_complete_send_hid_event;
893 value = w_length;
894 }
895 } else if (b_requestType == (USB_DIR_IN | USB_TYPE_VENDOR)) {
896 if (b_request == ACCESSORY_GET_PROTOCOL) {
897 *((u16 *)cdev->req->buf) = PROTOCOL_VERSION;
898 value = sizeof(u16);
899 cdev->req->complete = acc_complete_setup_noop;
900 /* clear any string left over from a previous session */
901 memset(dev->manufacturer, 0, sizeof(dev->manufacturer));
902 memset(dev->model, 0, sizeof(dev->model));
903 memset(dev->description, 0, sizeof(dev->description));
904 memset(dev->version, 0, sizeof(dev->version));
905 memset(dev->uri, 0, sizeof(dev->uri));
906 memset(dev->serial, 0, sizeof(dev->serial));
907 dev->start_requested = 0;
908 dev->audio_mode = 0;
909 }
910 }
911
912 if (value >= 0) {
913 cdev->req->zero = 0;
914 cdev->req->length = value;
915 value = usb_ep_queue(cdev->gadget->ep0, cdev->req, GFP_ATOMIC);
916 if (value < 0)
917 ERROR(cdev, "%s setup response queue error\n",
918 __func__);
919 }
920
921 err:
922 if (value == -EOPNOTSUPP)
923 VDBG(cdev,
924 "unknown class-specific control req "
925 "%02x.%02x v%04x i%04x l%u\n",
926 ctrl->bRequestType, ctrl->bRequest,
927 w_value, w_index, w_length);
928 return value;
929 }
930 EXPORT_SYMBOL_GPL(acc_ctrlrequest);
931
932 static int
__acc_function_bind(struct usb_configuration * c,struct usb_function * f,bool configfs)933 __acc_function_bind(struct usb_configuration *c,
934 struct usb_function *f, bool configfs)
935 {
936 struct usb_composite_dev *cdev = c->cdev;
937 struct acc_dev *dev = func_to_dev(f);
938 int id;
939 int ret;
940
941 DBG(cdev, "acc_function_bind dev: %p\n", dev);
942
943 if (configfs) {
944 if (acc_string_defs[INTERFACE_STRING_INDEX].id == 0) {
945 ret = usb_string_id(c->cdev);
946 if (ret < 0)
947 return ret;
948 acc_string_defs[INTERFACE_STRING_INDEX].id = ret;
949 acc_interface_desc.iInterface = ret;
950 }
951 dev->cdev = c->cdev;
952 }
953 ret = hid_register_driver(&acc_hid_driver);
954 if (ret)
955 return ret;
956
957 dev->start_requested = 0;
958
959 /* allocate interface ID(s) */
960 id = usb_interface_id(c, f);
961 if (id < 0)
962 return id;
963 acc_interface_desc.bInterfaceNumber = id;
964
965 /* allocate endpoints */
966 ret = create_bulk_endpoints(dev, &acc_fullspeed_in_desc,
967 &acc_fullspeed_out_desc);
968 if (ret)
969 return ret;
970
971 /* support high speed hardware */
972 if (gadget_is_dualspeed(c->cdev->gadget)) {
973 acc_highspeed_in_desc.bEndpointAddress =
974 acc_fullspeed_in_desc.bEndpointAddress;
975 acc_highspeed_out_desc.bEndpointAddress =
976 acc_fullspeed_out_desc.bEndpointAddress;
977 }
978
979 DBG(cdev, "%s speed %s: IN/%s, OUT/%s\n",
980 gadget_is_dualspeed(c->cdev->gadget) ? "dual" : "full",
981 f->name, dev->ep_in->name, dev->ep_out->name);
982 return 0;
983 }
984
985 static int
acc_function_bind_configfs(struct usb_configuration * c,struct usb_function * f)986 acc_function_bind_configfs(struct usb_configuration *c,
987 struct usb_function *f) {
988 return __acc_function_bind(c, f, true);
989 }
990
991 static void
kill_all_hid_devices(struct acc_dev * dev)992 kill_all_hid_devices(struct acc_dev *dev)
993 {
994 struct acc_hid_dev *hid;
995 struct list_head *entry, *temp;
996 unsigned long flags;
997
998 /* do nothing if usb accessory device doesn't exist */
999 if (!dev)
1000 return;
1001
1002 spin_lock_irqsave(&dev->lock, flags);
1003 list_for_each_safe(entry, temp, &dev->hid_list) {
1004 hid = list_entry(entry, struct acc_hid_dev, list);
1005 list_del(&hid->list);
1006 list_add(&hid->list, &dev->dead_hid_list);
1007 }
1008 list_for_each_safe(entry, temp, &dev->new_hid_list) {
1009 hid = list_entry(entry, struct acc_hid_dev, list);
1010 list_del(&hid->list);
1011 list_add(&hid->list, &dev->dead_hid_list);
1012 }
1013 spin_unlock_irqrestore(&dev->lock, flags);
1014
1015 schedule_work(&dev->hid_work);
1016 }
1017
1018 static void
acc_hid_unbind(struct acc_dev * dev)1019 acc_hid_unbind(struct acc_dev *dev)
1020 {
1021 hid_unregister_driver(&acc_hid_driver);
1022 kill_all_hid_devices(dev);
1023 }
1024
1025 static void
acc_function_unbind(struct usb_configuration * c,struct usb_function * f)1026 acc_function_unbind(struct usb_configuration *c, struct usb_function *f)
1027 {
1028 struct acc_dev *dev = func_to_dev(f);
1029 struct usb_request *req;
1030 int i;
1031
1032 dev->online = 0; /* clear online flag */
1033 wake_up(&dev->read_wq); /* unblock reads on closure */
1034 wake_up(&dev->write_wq); /* likewise for writes */
1035
1036 while ((req = req_get(dev, &dev->tx_idle)))
1037 acc_request_free(req, dev->ep_in);
1038 for (i = 0; i < RX_REQ_MAX; i++)
1039 acc_request_free(dev->rx_req[i], dev->ep_out);
1040
1041 acc_hid_unbind(dev);
1042 }
1043
acc_start_work(struct work_struct * data)1044 static void acc_start_work(struct work_struct *data)
1045 {
1046 char *envp[2] = { "ACCESSORY=START", NULL };
1047
1048 kobject_uevent_env(&acc_device.this_device->kobj, KOBJ_CHANGE, envp);
1049 }
1050
acc_hid_init(struct acc_hid_dev * hdev)1051 static int acc_hid_init(struct acc_hid_dev *hdev)
1052 {
1053 struct hid_device *hid;
1054 int ret;
1055
1056 hid = hid_allocate_device();
1057 if (IS_ERR(hid))
1058 return PTR_ERR(hid);
1059
1060 hid->ll_driver = &acc_hid_ll_driver;
1061 hid->dev.parent = acc_device.this_device;
1062
1063 hid->bus = BUS_USB;
1064 hid->vendor = HID_ANY_ID;
1065 hid->product = HID_ANY_ID;
1066 hid->driver_data = hdev;
1067 ret = hid_add_device(hid);
1068 if (ret) {
1069 pr_err("can't add hid device: %d\n", ret);
1070 hid_destroy_device(hid);
1071 return ret;
1072 }
1073
1074 hdev->hid = hid;
1075 return 0;
1076 }
1077
acc_hid_delete(struct acc_hid_dev * hid)1078 static void acc_hid_delete(struct acc_hid_dev *hid)
1079 {
1080 kfree(hid->report_desc);
1081 kfree(hid);
1082 }
1083
acc_hid_work(struct work_struct * data)1084 static void acc_hid_work(struct work_struct *data)
1085 {
1086 struct acc_dev *dev = _acc_dev;
1087 struct list_head *entry, *temp;
1088 struct acc_hid_dev *hid;
1089 struct list_head new_list, dead_list;
1090 unsigned long flags;
1091
1092 INIT_LIST_HEAD(&new_list);
1093
1094 spin_lock_irqsave(&dev->lock, flags);
1095
1096 /* copy hids that are ready for initialization to new_list */
1097 list_for_each_safe(entry, temp, &dev->new_hid_list) {
1098 hid = list_entry(entry, struct acc_hid_dev, list);
1099 if (hid->report_desc_offset == hid->report_desc_len)
1100 list_move(&hid->list, &new_list);
1101 }
1102
1103 if (list_empty(&dev->dead_hid_list)) {
1104 INIT_LIST_HEAD(&dead_list);
1105 } else {
1106 /* move all of dev->dead_hid_list to dead_list */
1107 dead_list.prev = dev->dead_hid_list.prev;
1108 dead_list.next = dev->dead_hid_list.next;
1109 dead_list.next->prev = &dead_list;
1110 dead_list.prev->next = &dead_list;
1111 INIT_LIST_HEAD(&dev->dead_hid_list);
1112 }
1113
1114 spin_unlock_irqrestore(&dev->lock, flags);
1115
1116 /* register new HID devices */
1117 list_for_each_safe(entry, temp, &new_list) {
1118 hid = list_entry(entry, struct acc_hid_dev, list);
1119 if (acc_hid_init(hid)) {
1120 pr_err("can't add HID device %p\n", hid);
1121 acc_hid_delete(hid);
1122 } else {
1123 spin_lock_irqsave(&dev->lock, flags);
1124 list_move(&hid->list, &dev->hid_list);
1125 spin_unlock_irqrestore(&dev->lock, flags);
1126 }
1127 }
1128
1129 /* remove dead HID devices */
1130 list_for_each_safe(entry, temp, &dead_list) {
1131 hid = list_entry(entry, struct acc_hid_dev, list);
1132 list_del(&hid->list);
1133 if (hid->hid)
1134 hid_destroy_device(hid->hid);
1135 acc_hid_delete(hid);
1136 }
1137 }
1138
acc_function_set_alt(struct usb_function * f,unsigned intf,unsigned alt)1139 static int acc_function_set_alt(struct usb_function *f,
1140 unsigned intf, unsigned alt)
1141 {
1142 struct acc_dev *dev = func_to_dev(f);
1143 struct usb_composite_dev *cdev = f->config->cdev;
1144 int ret;
1145
1146 DBG(cdev, "acc_function_set_alt intf: %d alt: %d\n", intf, alt);
1147
1148 ret = config_ep_by_speed(cdev->gadget, f, dev->ep_in);
1149 if (ret)
1150 return ret;
1151
1152 ret = usb_ep_enable(dev->ep_in);
1153 if (ret)
1154 return ret;
1155
1156 ret = config_ep_by_speed(cdev->gadget, f, dev->ep_out);
1157 if (ret)
1158 return ret;
1159
1160 ret = usb_ep_enable(dev->ep_out);
1161 if (ret) {
1162 usb_ep_disable(dev->ep_in);
1163 return ret;
1164 }
1165
1166 dev->online = 1;
1167 dev->disconnected = 0; /* if online then not disconnected */
1168
1169 /* readers may be blocked waiting for us to go online */
1170 wake_up(&dev->read_wq);
1171 return 0;
1172 }
1173
acc_function_disable(struct usb_function * f)1174 static void acc_function_disable(struct usb_function *f)
1175 {
1176 struct acc_dev *dev = func_to_dev(f);
1177 struct usb_composite_dev *cdev = dev->cdev;
1178
1179 DBG(cdev, "acc_function_disable\n");
1180 acc_set_disconnected(dev); /* this now only sets disconnected */
1181 dev->online = 0; /* so now need to clear online flag here too */
1182 usb_ep_disable(dev->ep_in);
1183 usb_ep_disable(dev->ep_out);
1184
1185 /* readers may be blocked waiting for us to go online */
1186 wake_up(&dev->read_wq);
1187
1188 VDBG(cdev, "%s disabled\n", dev->function.name);
1189 }
1190
acc_setup(void)1191 static int acc_setup(void)
1192 {
1193 struct acc_dev *dev;
1194 int ret;
1195
1196 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
1197 if (!dev)
1198 return -ENOMEM;
1199
1200 spin_lock_init(&dev->lock);
1201 init_waitqueue_head(&dev->read_wq);
1202 init_waitqueue_head(&dev->write_wq);
1203 atomic_set(&dev->open_excl, 0);
1204 INIT_LIST_HEAD(&dev->tx_idle);
1205 INIT_LIST_HEAD(&dev->hid_list);
1206 INIT_LIST_HEAD(&dev->new_hid_list);
1207 INIT_LIST_HEAD(&dev->dead_hid_list);
1208 INIT_DELAYED_WORK(&dev->start_work, acc_start_work);
1209 INIT_WORK(&dev->hid_work, acc_hid_work);
1210
1211 /* _acc_dev must be set before calling usb_gadget_register_driver */
1212 _acc_dev = dev;
1213
1214 ret = misc_register(&acc_device);
1215 if (ret)
1216 goto err;
1217
1218 return 0;
1219
1220 err:
1221 kfree(dev);
1222 pr_err("USB accessory gadget driver failed to initialize\n");
1223 return ret;
1224 }
1225
acc_disconnect(void)1226 void acc_disconnect(void)
1227 {
1228 /* unregister all HID devices if USB is disconnected */
1229 kill_all_hid_devices(_acc_dev);
1230 }
1231 EXPORT_SYMBOL_GPL(acc_disconnect);
1232
acc_cleanup(void)1233 static void acc_cleanup(void)
1234 {
1235 misc_deregister(&acc_device);
1236 kfree(_acc_dev);
1237 _acc_dev = NULL;
1238 }
to_acc_instance(struct config_item * item)1239 static struct acc_instance *to_acc_instance(struct config_item *item)
1240 {
1241 return container_of(to_config_group(item), struct acc_instance,
1242 func_inst.group);
1243 }
1244
acc_attr_release(struct config_item * item)1245 static void acc_attr_release(struct config_item *item)
1246 {
1247 struct acc_instance *fi_acc = to_acc_instance(item);
1248
1249 usb_put_function_instance(&fi_acc->func_inst);
1250 }
1251
1252 static struct configfs_item_operations acc_item_ops = {
1253 .release = acc_attr_release,
1254 };
1255
1256 static struct config_item_type acc_func_type = {
1257 .ct_item_ops = &acc_item_ops,
1258 .ct_owner = THIS_MODULE,
1259 };
1260
to_fi_acc(struct usb_function_instance * fi)1261 static struct acc_instance *to_fi_acc(struct usb_function_instance *fi)
1262 {
1263 return container_of(fi, struct acc_instance, func_inst);
1264 }
1265
acc_set_inst_name(struct usb_function_instance * fi,const char * name)1266 static int acc_set_inst_name(struct usb_function_instance *fi, const char *name)
1267 {
1268 struct acc_instance *fi_acc;
1269 char *ptr;
1270 int name_len;
1271
1272 name_len = strlen(name) + 1;
1273 if (name_len > MAX_INST_NAME_LEN)
1274 return -ENAMETOOLONG;
1275
1276 ptr = kstrndup(name, name_len, GFP_KERNEL);
1277 if (!ptr)
1278 return -ENOMEM;
1279
1280 fi_acc = to_fi_acc(fi);
1281 fi_acc->name = ptr;
1282 return 0;
1283 }
1284
acc_free_inst(struct usb_function_instance * fi)1285 static void acc_free_inst(struct usb_function_instance *fi)
1286 {
1287 struct acc_instance *fi_acc;
1288
1289 fi_acc = to_fi_acc(fi);
1290 kfree(fi_acc->name);
1291 acc_cleanup();
1292 }
1293
acc_alloc_inst(void)1294 static struct usb_function_instance *acc_alloc_inst(void)
1295 {
1296 struct acc_instance *fi_acc;
1297 struct acc_dev *dev;
1298 int err;
1299
1300 fi_acc = kzalloc(sizeof(*fi_acc), GFP_KERNEL);
1301 if (!fi_acc)
1302 return ERR_PTR(-ENOMEM);
1303 fi_acc->func_inst.set_inst_name = acc_set_inst_name;
1304 fi_acc->func_inst.free_func_inst = acc_free_inst;
1305
1306 err = acc_setup();
1307 if (err) {
1308 kfree(fi_acc);
1309 pr_err("Error setting ACCESSORY\n");
1310 return ERR_PTR(err);
1311 }
1312
1313 config_group_init_type_name(&fi_acc->func_inst.group,
1314 "", &acc_func_type);
1315 dev = _acc_dev;
1316 return &fi_acc->func_inst;
1317 }
1318
acc_free(struct usb_function * f)1319 static void acc_free(struct usb_function *f)
1320 {
1321 /*NO-OP: no function specific resource allocation in mtp_alloc*/
1322 }
1323
acc_ctrlrequest_configfs(struct usb_function * f,const struct usb_ctrlrequest * ctrl)1324 int acc_ctrlrequest_configfs(struct usb_function *f,
1325 const struct usb_ctrlrequest *ctrl) {
1326 if (f->config != NULL && f->config->cdev != NULL)
1327 return acc_ctrlrequest(f->config->cdev, ctrl);
1328 else
1329 return -1;
1330 }
1331
acc_alloc(struct usb_function_instance * fi)1332 static struct usb_function *acc_alloc(struct usb_function_instance *fi)
1333 {
1334 struct acc_dev *dev = _acc_dev;
1335
1336 pr_info("acc_alloc\n");
1337
1338 dev->function.name = "accessory";
1339 dev->function.strings = acc_strings,
1340 dev->function.fs_descriptors = fs_acc_descs;
1341 dev->function.hs_descriptors = hs_acc_descs;
1342 dev->function.bind = acc_function_bind_configfs;
1343 dev->function.unbind = acc_function_unbind;
1344 dev->function.set_alt = acc_function_set_alt;
1345 dev->function.disable = acc_function_disable;
1346 dev->function.free_func = acc_free;
1347 dev->function.setup = acc_ctrlrequest_configfs;
1348
1349 return &dev->function;
1350 }
1351 DECLARE_USB_FUNCTION_INIT(accessory, acc_alloc_inst, acc_alloc);
1352 MODULE_LICENSE("GPL");
1353