1 /*
2 * f_hid.c -- USB HID function driver
3 *
4 * Copyright (C) 2010 Fabien Chouteau <fabien.chouteau@barco.com>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 */
11
12 #include <linux/kernel.h>
13 #include <linux/module.h>
14 #include <linux/hid.h>
15 #include <linux/idr.h>
16 #include <linux/cdev.h>
17 #include <linux/mutex.h>
18 #include <linux/poll.h>
19 #include <linux/uaccess.h>
20 #include <linux/wait.h>
21 #include <linux/sched.h>
22 #include <linux/usb/g_hid.h>
23
24 #include "u_f.h"
25 #include "u_hid.h"
26
27 #define HIDG_MINORS 4
28
29 static int major, minors;
30 static struct class *hidg_class;
31 static DEFINE_IDA(hidg_ida);
32 static DEFINE_MUTEX(hidg_ida_lock); /* protects access to hidg_ida */
33
34 /*-------------------------------------------------------------------------*/
35 /* HID gadget struct */
36
37 struct f_hidg_req_list {
38 struct usb_request *req;
39 unsigned int pos;
40 struct list_head list;
41 };
42
43 struct f_hidg {
44 /* configuration */
45 unsigned char bInterfaceSubClass;
46 unsigned char bInterfaceProtocol;
47 unsigned short report_desc_length;
48 char *report_desc;
49 unsigned short report_length;
50
51 /* recv report */
52 struct list_head completed_out_req;
53 spinlock_t read_spinlock;
54 wait_queue_head_t read_queue;
55 unsigned int qlen;
56
57 /* send report */
58 spinlock_t write_spinlock;
59 bool write_pending;
60 wait_queue_head_t write_queue;
61 struct usb_request *req;
62
63 int minor;
64 struct cdev cdev;
65 struct usb_function func;
66
67 struct usb_ep *in_ep;
68 struct usb_ep *out_ep;
69 };
70
func_to_hidg(struct usb_function * f)71 static inline struct f_hidg *func_to_hidg(struct usb_function *f)
72 {
73 return container_of(f, struct f_hidg, func);
74 }
75
76 /*-------------------------------------------------------------------------*/
77 /* Static descriptors */
78
79 static struct usb_interface_descriptor hidg_interface_desc = {
80 .bLength = sizeof hidg_interface_desc,
81 .bDescriptorType = USB_DT_INTERFACE,
82 /* .bInterfaceNumber = DYNAMIC */
83 .bAlternateSetting = 0,
84 .bNumEndpoints = 2,
85 .bInterfaceClass = USB_CLASS_HID,
86 /* .bInterfaceSubClass = DYNAMIC */
87 /* .bInterfaceProtocol = DYNAMIC */
88 /* .iInterface = DYNAMIC */
89 };
90
91 static struct hid_descriptor hidg_desc = {
92 .bLength = sizeof hidg_desc,
93 .bDescriptorType = HID_DT_HID,
94 .bcdHID = 0x0101,
95 .bCountryCode = 0x00,
96 .bNumDescriptors = 0x1,
97 /*.desc[0].bDescriptorType = DYNAMIC */
98 /*.desc[0].wDescriptorLenght = DYNAMIC */
99 };
100
101 /* High-Speed Support */
102
103 static struct usb_endpoint_descriptor hidg_hs_in_ep_desc = {
104 .bLength = USB_DT_ENDPOINT_SIZE,
105 .bDescriptorType = USB_DT_ENDPOINT,
106 .bEndpointAddress = USB_DIR_IN,
107 .bmAttributes = USB_ENDPOINT_XFER_INT,
108 /*.wMaxPacketSize = DYNAMIC */
109 .bInterval = 4, /* FIXME: Add this field in the
110 * HID gadget configuration?
111 * (struct hidg_func_descriptor)
112 */
113 };
114
115 static struct usb_endpoint_descriptor hidg_hs_out_ep_desc = {
116 .bLength = USB_DT_ENDPOINT_SIZE,
117 .bDescriptorType = USB_DT_ENDPOINT,
118 .bEndpointAddress = USB_DIR_OUT,
119 .bmAttributes = USB_ENDPOINT_XFER_INT,
120 /*.wMaxPacketSize = DYNAMIC */
121 .bInterval = 4, /* FIXME: Add this field in the
122 * HID gadget configuration?
123 * (struct hidg_func_descriptor)
124 */
125 };
126
127 static struct usb_descriptor_header *hidg_hs_descriptors[] = {
128 (struct usb_descriptor_header *)&hidg_interface_desc,
129 (struct usb_descriptor_header *)&hidg_desc,
130 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc,
131 (struct usb_descriptor_header *)&hidg_hs_out_ep_desc,
132 NULL,
133 };
134
135 /* Full-Speed Support */
136
137 static struct usb_endpoint_descriptor hidg_fs_in_ep_desc = {
138 .bLength = USB_DT_ENDPOINT_SIZE,
139 .bDescriptorType = USB_DT_ENDPOINT,
140 .bEndpointAddress = USB_DIR_IN,
141 .bmAttributes = USB_ENDPOINT_XFER_INT,
142 /*.wMaxPacketSize = DYNAMIC */
143 .bInterval = 10, /* FIXME: Add this field in the
144 * HID gadget configuration?
145 * (struct hidg_func_descriptor)
146 */
147 };
148
149 static struct usb_endpoint_descriptor hidg_fs_out_ep_desc = {
150 .bLength = USB_DT_ENDPOINT_SIZE,
151 .bDescriptorType = USB_DT_ENDPOINT,
152 .bEndpointAddress = USB_DIR_OUT,
153 .bmAttributes = USB_ENDPOINT_XFER_INT,
154 /*.wMaxPacketSize = DYNAMIC */
155 .bInterval = 10, /* FIXME: Add this field in the
156 * HID gadget configuration?
157 * (struct hidg_func_descriptor)
158 */
159 };
160
161 static struct usb_descriptor_header *hidg_fs_descriptors[] = {
162 (struct usb_descriptor_header *)&hidg_interface_desc,
163 (struct usb_descriptor_header *)&hidg_desc,
164 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc,
165 (struct usb_descriptor_header *)&hidg_fs_out_ep_desc,
166 NULL,
167 };
168
169 /*-------------------------------------------------------------------------*/
170 /* Strings */
171
172 #define CT_FUNC_HID_IDX 0
173
174 static struct usb_string ct_func_string_defs[] = {
175 [CT_FUNC_HID_IDX].s = "HID Interface",
176 {}, /* end of list */
177 };
178
179 static struct usb_gadget_strings ct_func_string_table = {
180 .language = 0x0409, /* en-US */
181 .strings = ct_func_string_defs,
182 };
183
184 static struct usb_gadget_strings *ct_func_strings[] = {
185 &ct_func_string_table,
186 NULL,
187 };
188
189 /*-------------------------------------------------------------------------*/
190 /* Char Device */
191
f_hidg_read(struct file * file,char __user * buffer,size_t count,loff_t * ptr)192 static ssize_t f_hidg_read(struct file *file, char __user *buffer,
193 size_t count, loff_t *ptr)
194 {
195 struct f_hidg *hidg = file->private_data;
196 struct f_hidg_req_list *list;
197 struct usb_request *req;
198 unsigned long flags;
199 int ret;
200
201 if (!count)
202 return 0;
203
204 if (!access_ok(VERIFY_WRITE, buffer, count))
205 return -EFAULT;
206
207 spin_lock_irqsave(&hidg->read_spinlock, flags);
208
209 #define READ_COND (!list_empty(&hidg->completed_out_req))
210
211 /* wait for at least one buffer to complete */
212 while (!READ_COND) {
213 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
214 if (file->f_flags & O_NONBLOCK)
215 return -EAGAIN;
216
217 if (wait_event_interruptible(hidg->read_queue, READ_COND))
218 return -ERESTARTSYS;
219
220 spin_lock_irqsave(&hidg->read_spinlock, flags);
221 }
222
223 /* pick the first one */
224 list = list_first_entry(&hidg->completed_out_req,
225 struct f_hidg_req_list, list);
226
227 /*
228 * Remove this from list to protect it from beign free()
229 * while host disables our function
230 */
231 list_del(&list->list);
232
233 req = list->req;
234 count = min_t(unsigned int, count, req->actual - list->pos);
235 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
236
237 /* copy to user outside spinlock */
238 count -= copy_to_user(buffer, req->buf + list->pos, count);
239 list->pos += count;
240
241 /*
242 * if this request is completely handled and transfered to
243 * userspace, remove its entry from the list and requeue it
244 * again. Otherwise, we will revisit it again upon the next
245 * call, taking into account its current read position.
246 */
247 if (list->pos == req->actual) {
248 kfree(list);
249
250 req->length = hidg->report_length;
251 ret = usb_ep_queue(hidg->out_ep, req, GFP_KERNEL);
252 if (ret < 0) {
253 free_ep_req(hidg->out_ep, req);
254 return ret;
255 }
256 } else {
257 spin_lock_irqsave(&hidg->read_spinlock, flags);
258 list_add(&list->list, &hidg->completed_out_req);
259 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
260
261 wake_up(&hidg->read_queue);
262 }
263
264 return count;
265 }
266
f_hidg_req_complete(struct usb_ep * ep,struct usb_request * req)267 static void f_hidg_req_complete(struct usb_ep *ep, struct usb_request *req)
268 {
269 struct f_hidg *hidg = (struct f_hidg *)ep->driver_data;
270 unsigned long flags;
271
272 if (req->status != 0) {
273 ERROR(hidg->func.config->cdev,
274 "End Point Request ERROR: %d\n", req->status);
275 }
276
277 spin_lock_irqsave(&hidg->write_spinlock, flags);
278 hidg->write_pending = 0;
279 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
280 wake_up(&hidg->write_queue);
281 }
282
f_hidg_write(struct file * file,const char __user * buffer,size_t count,loff_t * offp)283 static ssize_t f_hidg_write(struct file *file, const char __user *buffer,
284 size_t count, loff_t *offp)
285 {
286 struct f_hidg *hidg = file->private_data;
287 struct usb_request *req;
288 unsigned long flags;
289 ssize_t status = -ENOMEM;
290
291 if (!access_ok(VERIFY_READ, buffer, count))
292 return -EFAULT;
293
294 spin_lock_irqsave(&hidg->write_spinlock, flags);
295
296 #define WRITE_COND (!hidg->write_pending)
297 try_again:
298 /* write queue */
299 while (!WRITE_COND) {
300 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
301 if (file->f_flags & O_NONBLOCK)
302 return -EAGAIN;
303
304 if (wait_event_interruptible_exclusive(
305 hidg->write_queue, WRITE_COND))
306 return -ERESTARTSYS;
307
308 spin_lock_irqsave(&hidg->write_spinlock, flags);
309 }
310
311 hidg->write_pending = 1;
312 req = hidg->req;
313 count = min_t(unsigned, count, hidg->report_length);
314
315 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
316 status = copy_from_user(hidg->req->buf, buffer, count);
317
318 if (status != 0) {
319 ERROR(hidg->func.config->cdev,
320 "copy_from_user error\n");
321 status = -EINVAL;
322 goto release_write_pending;
323 }
324
325 spin_lock_irqsave(&hidg->write_spinlock, flags);
326
327 /* we our function has been disabled by host */
328 if (!hidg->req) {
329 free_ep_req(hidg->in_ep, hidg->req);
330 /*
331 * TODO
332 * Should we fail with error here?
333 */
334 goto try_again;
335 }
336
337 req->status = 0;
338 req->zero = 0;
339 req->length = count;
340 req->complete = f_hidg_req_complete;
341 req->context = hidg;
342
343 status = usb_ep_queue(hidg->in_ep, hidg->req, GFP_ATOMIC);
344 if (status < 0) {
345 ERROR(hidg->func.config->cdev,
346 "usb_ep_queue error on int endpoint %zd\n", status);
347 goto release_write_pending_unlocked;
348 } else {
349 status = count;
350 }
351 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
352
353 return status;
354 release_write_pending:
355 spin_lock_irqsave(&hidg->write_spinlock, flags);
356 release_write_pending_unlocked:
357 hidg->write_pending = 0;
358 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
359
360 wake_up(&hidg->write_queue);
361
362 return status;
363 }
364
f_hidg_poll(struct file * file,poll_table * wait)365 static unsigned int f_hidg_poll(struct file *file, poll_table *wait)
366 {
367 struct f_hidg *hidg = file->private_data;
368 unsigned int ret = 0;
369
370 poll_wait(file, &hidg->read_queue, wait);
371 poll_wait(file, &hidg->write_queue, wait);
372
373 if (WRITE_COND)
374 ret |= POLLOUT | POLLWRNORM;
375
376 if (READ_COND)
377 ret |= POLLIN | POLLRDNORM;
378
379 return ret;
380 }
381
382 #undef WRITE_COND
383 #undef READ_COND
384
f_hidg_release(struct inode * inode,struct file * fd)385 static int f_hidg_release(struct inode *inode, struct file *fd)
386 {
387 fd->private_data = NULL;
388 return 0;
389 }
390
f_hidg_open(struct inode * inode,struct file * fd)391 static int f_hidg_open(struct inode *inode, struct file *fd)
392 {
393 struct f_hidg *hidg =
394 container_of(inode->i_cdev, struct f_hidg, cdev);
395
396 fd->private_data = hidg;
397
398 return 0;
399 }
400
401 /*-------------------------------------------------------------------------*/
402 /* usb_function */
403
hidg_alloc_ep_req(struct usb_ep * ep,unsigned length)404 static inline struct usb_request *hidg_alloc_ep_req(struct usb_ep *ep,
405 unsigned length)
406 {
407 return alloc_ep_req(ep, length);
408 }
409
hidg_set_report_complete(struct usb_ep * ep,struct usb_request * req)410 static void hidg_set_report_complete(struct usb_ep *ep, struct usb_request *req)
411 {
412 struct f_hidg *hidg = (struct f_hidg *) req->context;
413 struct usb_composite_dev *cdev = hidg->func.config->cdev;
414 struct f_hidg_req_list *req_list;
415 unsigned long flags;
416
417 switch (req->status) {
418 case 0:
419 req_list = kzalloc(sizeof(*req_list), GFP_ATOMIC);
420 if (!req_list) {
421 ERROR(cdev, "Unable to allocate mem for req_list\n");
422 goto free_req;
423 }
424
425 req_list->req = req;
426
427 spin_lock_irqsave(&hidg->read_spinlock, flags);
428 list_add_tail(&req_list->list, &hidg->completed_out_req);
429 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
430
431 wake_up(&hidg->read_queue);
432 break;
433 default:
434 ERROR(cdev, "Set report failed %d\n", req->status);
435 /* FALLTHROUGH */
436 case -ECONNABORTED: /* hardware forced ep reset */
437 case -ECONNRESET: /* request dequeued */
438 case -ESHUTDOWN: /* disconnect from host */
439 free_req:
440 free_ep_req(ep, req);
441 return;
442 }
443 }
444
hidg_setup(struct usb_function * f,const struct usb_ctrlrequest * ctrl)445 static int hidg_setup(struct usb_function *f,
446 const struct usb_ctrlrequest *ctrl)
447 {
448 struct f_hidg *hidg = func_to_hidg(f);
449 struct usb_composite_dev *cdev = f->config->cdev;
450 struct usb_request *req = cdev->req;
451 int status = 0;
452 __u16 value, length;
453
454 value = __le16_to_cpu(ctrl->wValue);
455 length = __le16_to_cpu(ctrl->wLength);
456
457 VDBG(cdev,
458 "%s crtl_request : bRequestType:0x%x bRequest:0x%x Value:0x%x\n",
459 __func__, ctrl->bRequestType, ctrl->bRequest, value);
460
461 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) {
462 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
463 | HID_REQ_GET_REPORT):
464 VDBG(cdev, "get_report\n");
465
466 /* send an empty report */
467 length = min_t(unsigned, length, hidg->report_length);
468 memset(req->buf, 0x0, length);
469
470 goto respond;
471 break;
472
473 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
474 | HID_REQ_GET_PROTOCOL):
475 VDBG(cdev, "get_protocol\n");
476 goto stall;
477 break;
478
479 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
480 | HID_REQ_SET_REPORT):
481 VDBG(cdev, "set_report | wLength=%d\n", ctrl->wLength);
482 goto stall;
483 break;
484
485 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
486 | HID_REQ_SET_PROTOCOL):
487 VDBG(cdev, "set_protocol\n");
488 goto stall;
489 break;
490
491 case ((USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_INTERFACE) << 8
492 | USB_REQ_GET_DESCRIPTOR):
493 switch (value >> 8) {
494 case HID_DT_HID:
495 {
496 struct hid_descriptor hidg_desc_copy = hidg_desc;
497
498 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n");
499 hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT;
500 hidg_desc_copy.desc[0].wDescriptorLength =
501 cpu_to_le16(hidg->report_desc_length);
502
503 length = min_t(unsigned short, length,
504 hidg_desc_copy.bLength);
505 memcpy(req->buf, &hidg_desc_copy, length);
506 goto respond;
507 break;
508 }
509 case HID_DT_REPORT:
510 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: REPORT\n");
511 length = min_t(unsigned short, length,
512 hidg->report_desc_length);
513 memcpy(req->buf, hidg->report_desc, length);
514 goto respond;
515 break;
516
517 default:
518 VDBG(cdev, "Unknown descriptor request 0x%x\n",
519 value >> 8);
520 goto stall;
521 break;
522 }
523 break;
524
525 default:
526 VDBG(cdev, "Unknown request 0x%x\n",
527 ctrl->bRequest);
528 goto stall;
529 break;
530 }
531
532 stall:
533 return -EOPNOTSUPP;
534
535 respond:
536 req->zero = 0;
537 req->length = length;
538 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC);
539 if (status < 0)
540 ERROR(cdev, "usb_ep_queue error on ep0 %d\n", value);
541 return status;
542 }
543
hidg_disable(struct usb_function * f)544 static void hidg_disable(struct usb_function *f)
545 {
546 struct f_hidg *hidg = func_to_hidg(f);
547 struct f_hidg_req_list *list, *next;
548 unsigned long flags;
549
550 usb_ep_disable(hidg->in_ep);
551 usb_ep_disable(hidg->out_ep);
552
553 spin_lock_irqsave(&hidg->read_spinlock, flags);
554 list_for_each_entry_safe(list, next, &hidg->completed_out_req, list) {
555 free_ep_req(hidg->out_ep, list->req);
556 list_del(&list->list);
557 kfree(list);
558 }
559 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
560
561 spin_lock_irqsave(&hidg->write_spinlock, flags);
562 if (!hidg->write_pending) {
563 free_ep_req(hidg->in_ep, hidg->req);
564 hidg->write_pending = 1;
565 }
566
567 hidg->req = NULL;
568 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
569 }
570
hidg_set_alt(struct usb_function * f,unsigned intf,unsigned alt)571 static int hidg_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
572 {
573 struct usb_composite_dev *cdev = f->config->cdev;
574 struct f_hidg *hidg = func_to_hidg(f);
575 struct usb_request *req_in = NULL;
576 unsigned long flags;
577 int i, status = 0;
578
579 VDBG(cdev, "hidg_set_alt intf:%d alt:%d\n", intf, alt);
580
581 if (hidg->in_ep != NULL) {
582 /* restart endpoint */
583 usb_ep_disable(hidg->in_ep);
584
585 status = config_ep_by_speed(f->config->cdev->gadget, f,
586 hidg->in_ep);
587 if (status) {
588 ERROR(cdev, "config_ep_by_speed FAILED!\n");
589 goto fail;
590 }
591 status = usb_ep_enable(hidg->in_ep);
592 if (status < 0) {
593 ERROR(cdev, "Enable IN endpoint FAILED!\n");
594 goto fail;
595 }
596 hidg->in_ep->driver_data = hidg;
597
598 req_in = hidg_alloc_ep_req(hidg->in_ep, hidg->report_length);
599 if (!req_in) {
600 status = -ENOMEM;
601 goto disable_ep_in;
602 }
603 }
604
605
606 if (hidg->out_ep != NULL) {
607 /* restart endpoint */
608 usb_ep_disable(hidg->out_ep);
609
610 status = config_ep_by_speed(f->config->cdev->gadget, f,
611 hidg->out_ep);
612 if (status) {
613 ERROR(cdev, "config_ep_by_speed FAILED!\n");
614 goto free_req_in;
615 }
616 status = usb_ep_enable(hidg->out_ep);
617 if (status < 0) {
618 ERROR(cdev, "Enable OUT endpoint FAILED!\n");
619 goto free_req_in;
620 }
621 hidg->out_ep->driver_data = hidg;
622
623 /*
624 * allocate a bunch of read buffers and queue them all at once.
625 */
626 for (i = 0; i < hidg->qlen && status == 0; i++) {
627 struct usb_request *req =
628 hidg_alloc_ep_req(hidg->out_ep,
629 hidg->report_length);
630 if (req) {
631 req->complete = hidg_set_report_complete;
632 req->context = hidg;
633 status = usb_ep_queue(hidg->out_ep, req,
634 GFP_ATOMIC);
635 if (status) {
636 ERROR(cdev, "%s queue req --> %d\n",
637 hidg->out_ep->name, status);
638 free_ep_req(hidg->out_ep, req);
639 }
640 } else {
641 status = -ENOMEM;
642 goto disable_out_ep;
643 }
644 }
645 }
646
647 if (hidg->in_ep != NULL) {
648 spin_lock_irqsave(&hidg->write_spinlock, flags);
649 hidg->req = req_in;
650 hidg->write_pending = 0;
651 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
652
653 wake_up(&hidg->write_queue);
654 }
655 return 0;
656 disable_out_ep:
657 usb_ep_disable(hidg->out_ep);
658 free_req_in:
659 if (req_in)
660 free_ep_req(hidg->in_ep, req_in);
661
662 disable_ep_in:
663 if (hidg->in_ep)
664 usb_ep_disable(hidg->in_ep);
665
666 fail:
667 return status;
668 }
669
670 static const struct file_operations f_hidg_fops = {
671 .owner = THIS_MODULE,
672 .open = f_hidg_open,
673 .release = f_hidg_release,
674 .write = f_hidg_write,
675 .read = f_hidg_read,
676 .poll = f_hidg_poll,
677 .llseek = noop_llseek,
678 };
679
hidg_bind(struct usb_configuration * c,struct usb_function * f)680 static int hidg_bind(struct usb_configuration *c, struct usb_function *f)
681 {
682 struct usb_ep *ep;
683 struct f_hidg *hidg = func_to_hidg(f);
684 struct usb_string *us;
685 struct device *device;
686 int status;
687 dev_t dev;
688
689 /* maybe allocate device-global string IDs, and patch descriptors */
690 us = usb_gstrings_attach(c->cdev, ct_func_strings,
691 ARRAY_SIZE(ct_func_string_defs));
692 if (IS_ERR(us))
693 return PTR_ERR(us);
694 hidg_interface_desc.iInterface = us[CT_FUNC_HID_IDX].id;
695
696 /* allocate instance-specific interface IDs, and patch descriptors */
697 status = usb_interface_id(c, f);
698 if (status < 0)
699 goto fail;
700 hidg_interface_desc.bInterfaceNumber = status;
701
702 /* allocate instance-specific endpoints */
703 status = -ENODEV;
704 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_in_ep_desc);
705 if (!ep)
706 goto fail;
707 hidg->in_ep = ep;
708
709 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_out_ep_desc);
710 if (!ep)
711 goto fail;
712 hidg->out_ep = ep;
713
714 /* set descriptor dynamic values */
715 hidg_interface_desc.bInterfaceSubClass = hidg->bInterfaceSubClass;
716 hidg_interface_desc.bInterfaceProtocol = hidg->bInterfaceProtocol;
717 hidg_hs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
718 hidg_fs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
719 hidg_hs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
720 hidg_fs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
721 /*
722 * We can use hidg_desc struct here but we should not relay
723 * that its content won't change after returning from this function.
724 */
725 hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT;
726 hidg_desc.desc[0].wDescriptorLength =
727 cpu_to_le16(hidg->report_desc_length);
728
729 hidg_hs_in_ep_desc.bEndpointAddress =
730 hidg_fs_in_ep_desc.bEndpointAddress;
731 hidg_hs_out_ep_desc.bEndpointAddress =
732 hidg_fs_out_ep_desc.bEndpointAddress;
733
734 status = usb_assign_descriptors(f, hidg_fs_descriptors,
735 hidg_hs_descriptors, NULL, NULL);
736 if (status)
737 goto fail;
738
739 spin_lock_init(&hidg->write_spinlock);
740 hidg->write_pending = 1;
741 hidg->req = NULL;
742 spin_lock_init(&hidg->read_spinlock);
743 init_waitqueue_head(&hidg->write_queue);
744 init_waitqueue_head(&hidg->read_queue);
745 INIT_LIST_HEAD(&hidg->completed_out_req);
746
747 /* create char device */
748 cdev_init(&hidg->cdev, &f_hidg_fops);
749 dev = MKDEV(major, hidg->minor);
750 status = cdev_add(&hidg->cdev, dev, 1);
751 if (status)
752 goto fail_free_descs;
753
754 device = device_create(hidg_class, NULL, dev, NULL,
755 "%s%d", "hidg", hidg->minor);
756 if (IS_ERR(device)) {
757 status = PTR_ERR(device);
758 goto del;
759 }
760
761 return 0;
762 del:
763 cdev_del(&hidg->cdev);
764 fail_free_descs:
765 usb_free_all_descriptors(f);
766 fail:
767 ERROR(f->config->cdev, "hidg_bind FAILED\n");
768 if (hidg->req != NULL)
769 free_ep_req(hidg->in_ep, hidg->req);
770
771 return status;
772 }
773
hidg_get_minor(void)774 static inline int hidg_get_minor(void)
775 {
776 int ret;
777
778 ret = ida_simple_get(&hidg_ida, 0, 0, GFP_KERNEL);
779 if (ret >= HIDG_MINORS) {
780 ida_simple_remove(&hidg_ida, ret);
781 ret = -ENODEV;
782 }
783
784 return ret;
785 }
786
to_f_hid_opts(struct config_item * item)787 static inline struct f_hid_opts *to_f_hid_opts(struct config_item *item)
788 {
789 return container_of(to_config_group(item), struct f_hid_opts,
790 func_inst.group);
791 }
792
hid_attr_release(struct config_item * item)793 static void hid_attr_release(struct config_item *item)
794 {
795 struct f_hid_opts *opts = to_f_hid_opts(item);
796
797 usb_put_function_instance(&opts->func_inst);
798 }
799
800 static struct configfs_item_operations hidg_item_ops = {
801 .release = hid_attr_release,
802 };
803
804 #define F_HID_OPT(name, prec, limit) \
805 static ssize_t f_hid_opts_##name##_show(struct config_item *item, char *page)\
806 { \
807 struct f_hid_opts *opts = to_f_hid_opts(item); \
808 int result; \
809 \
810 mutex_lock(&opts->lock); \
811 result = sprintf(page, "%d\n", opts->name); \
812 mutex_unlock(&opts->lock); \
813 \
814 return result; \
815 } \
816 \
817 static ssize_t f_hid_opts_##name##_store(struct config_item *item, \
818 const char *page, size_t len) \
819 { \
820 struct f_hid_opts *opts = to_f_hid_opts(item); \
821 int ret; \
822 u##prec num; \
823 \
824 mutex_lock(&opts->lock); \
825 if (opts->refcnt) { \
826 ret = -EBUSY; \
827 goto end; \
828 } \
829 \
830 ret = kstrtou##prec(page, 0, &num); \
831 if (ret) \
832 goto end; \
833 \
834 if (num > limit) { \
835 ret = -EINVAL; \
836 goto end; \
837 } \
838 opts->name = num; \
839 ret = len; \
840 \
841 end: \
842 mutex_unlock(&opts->lock); \
843 return ret; \
844 } \
845 \
846 CONFIGFS_ATTR(f_hid_opts_, name)
847
848 F_HID_OPT(subclass, 8, 255);
849 F_HID_OPT(protocol, 8, 255);
850 F_HID_OPT(report_length, 16, 65535);
851
f_hid_opts_report_desc_show(struct config_item * item,char * page)852 static ssize_t f_hid_opts_report_desc_show(struct config_item *item, char *page)
853 {
854 struct f_hid_opts *opts = to_f_hid_opts(item);
855 int result;
856
857 mutex_lock(&opts->lock);
858 result = opts->report_desc_length;
859 memcpy(page, opts->report_desc, opts->report_desc_length);
860 mutex_unlock(&opts->lock);
861
862 return result;
863 }
864
f_hid_opts_report_desc_store(struct config_item * item,const char * page,size_t len)865 static ssize_t f_hid_opts_report_desc_store(struct config_item *item,
866 const char *page, size_t len)
867 {
868 struct f_hid_opts *opts = to_f_hid_opts(item);
869 int ret = -EBUSY;
870 char *d;
871
872 mutex_lock(&opts->lock);
873
874 if (opts->refcnt)
875 goto end;
876 if (len > PAGE_SIZE) {
877 ret = -ENOSPC;
878 goto end;
879 }
880 d = kmemdup(page, len, GFP_KERNEL);
881 if (!d) {
882 ret = -ENOMEM;
883 goto end;
884 }
885 kfree(opts->report_desc);
886 opts->report_desc = d;
887 opts->report_desc_length = len;
888 opts->report_desc_alloc = true;
889 ret = len;
890 end:
891 mutex_unlock(&opts->lock);
892 return ret;
893 }
894
895 CONFIGFS_ATTR(f_hid_opts_, report_desc);
896
f_hid_opts_dev_show(struct config_item * item,char * page)897 static ssize_t f_hid_opts_dev_show(struct config_item *item, char *page)
898 {
899 struct f_hid_opts *opts = to_f_hid_opts(item);
900
901 return sprintf(page, "%d:%d\n", major, opts->minor);
902 }
903
904 CONFIGFS_ATTR_RO(f_hid_opts_, dev);
905
906 static struct configfs_attribute *hid_attrs[] = {
907 &f_hid_opts_attr_subclass,
908 &f_hid_opts_attr_protocol,
909 &f_hid_opts_attr_report_length,
910 &f_hid_opts_attr_report_desc,
911 &f_hid_opts_attr_dev,
912 NULL,
913 };
914
915 static struct config_item_type hid_func_type = {
916 .ct_item_ops = &hidg_item_ops,
917 .ct_attrs = hid_attrs,
918 .ct_owner = THIS_MODULE,
919 };
920
hidg_put_minor(int minor)921 static inline void hidg_put_minor(int minor)
922 {
923 ida_simple_remove(&hidg_ida, minor);
924 }
925
hidg_free_inst(struct usb_function_instance * f)926 static void hidg_free_inst(struct usb_function_instance *f)
927 {
928 struct f_hid_opts *opts;
929
930 opts = container_of(f, struct f_hid_opts, func_inst);
931
932 mutex_lock(&hidg_ida_lock);
933
934 hidg_put_minor(opts->minor);
935 if (idr_is_empty(&hidg_ida.idr))
936 ghid_cleanup();
937
938 mutex_unlock(&hidg_ida_lock);
939
940 if (opts->report_desc_alloc)
941 kfree(opts->report_desc);
942
943 kfree(opts);
944 }
945
hidg_alloc_inst(void)946 static struct usb_function_instance *hidg_alloc_inst(void)
947 {
948 struct f_hid_opts *opts;
949 struct usb_function_instance *ret;
950 int status = 0;
951
952 opts = kzalloc(sizeof(*opts), GFP_KERNEL);
953 if (!opts)
954 return ERR_PTR(-ENOMEM);
955 mutex_init(&opts->lock);
956 opts->func_inst.free_func_inst = hidg_free_inst;
957 ret = &opts->func_inst;
958
959 mutex_lock(&hidg_ida_lock);
960
961 if (idr_is_empty(&hidg_ida.idr)) {
962 status = ghid_setup(NULL, HIDG_MINORS);
963 if (status) {
964 ret = ERR_PTR(status);
965 kfree(opts);
966 goto unlock;
967 }
968 }
969
970 opts->minor = hidg_get_minor();
971 if (opts->minor < 0) {
972 ret = ERR_PTR(opts->minor);
973 kfree(opts);
974 if (idr_is_empty(&hidg_ida.idr))
975 ghid_cleanup();
976 goto unlock;
977 }
978 config_group_init_type_name(&opts->func_inst.group, "", &hid_func_type);
979
980 unlock:
981 mutex_unlock(&hidg_ida_lock);
982 return ret;
983 }
984
hidg_free(struct usb_function * f)985 static void hidg_free(struct usb_function *f)
986 {
987 struct f_hidg *hidg;
988 struct f_hid_opts *opts;
989
990 hidg = func_to_hidg(f);
991 opts = container_of(f->fi, struct f_hid_opts, func_inst);
992 kfree(hidg->report_desc);
993 kfree(hidg);
994 mutex_lock(&opts->lock);
995 --opts->refcnt;
996 mutex_unlock(&opts->lock);
997 }
998
hidg_unbind(struct usb_configuration * c,struct usb_function * f)999 static void hidg_unbind(struct usb_configuration *c, struct usb_function *f)
1000 {
1001 struct f_hidg *hidg = func_to_hidg(f);
1002
1003 device_destroy(hidg_class, MKDEV(major, hidg->minor));
1004 cdev_del(&hidg->cdev);
1005
1006 usb_free_all_descriptors(f);
1007 }
1008
hidg_alloc(struct usb_function_instance * fi)1009 static struct usb_function *hidg_alloc(struct usb_function_instance *fi)
1010 {
1011 struct f_hidg *hidg;
1012 struct f_hid_opts *opts;
1013
1014 /* allocate and initialize one new instance */
1015 hidg = kzalloc(sizeof(*hidg), GFP_KERNEL);
1016 if (!hidg)
1017 return ERR_PTR(-ENOMEM);
1018
1019 opts = container_of(fi, struct f_hid_opts, func_inst);
1020
1021 mutex_lock(&opts->lock);
1022 ++opts->refcnt;
1023
1024 hidg->minor = opts->minor;
1025 hidg->bInterfaceSubClass = opts->subclass;
1026 hidg->bInterfaceProtocol = opts->protocol;
1027 hidg->report_length = opts->report_length;
1028 hidg->report_desc_length = opts->report_desc_length;
1029 if (opts->report_desc) {
1030 hidg->report_desc = kmemdup(opts->report_desc,
1031 opts->report_desc_length,
1032 GFP_KERNEL);
1033 if (!hidg->report_desc) {
1034 kfree(hidg);
1035 mutex_unlock(&opts->lock);
1036 return ERR_PTR(-ENOMEM);
1037 }
1038 }
1039
1040 mutex_unlock(&opts->lock);
1041
1042 hidg->func.name = "hid";
1043 hidg->func.bind = hidg_bind;
1044 hidg->func.unbind = hidg_unbind;
1045 hidg->func.set_alt = hidg_set_alt;
1046 hidg->func.disable = hidg_disable;
1047 hidg->func.setup = hidg_setup;
1048 hidg->func.free_func = hidg_free;
1049
1050 /* this could me made configurable at some point */
1051 hidg->qlen = 4;
1052
1053 return &hidg->func;
1054 }
1055
1056 DECLARE_USB_FUNCTION_INIT(hid, hidg_alloc_inst, hidg_alloc);
1057 MODULE_LICENSE("GPL");
1058 MODULE_AUTHOR("Fabien Chouteau");
1059
ghid_setup(struct usb_gadget * g,int count)1060 int ghid_setup(struct usb_gadget *g, int count)
1061 {
1062 int status;
1063 dev_t dev;
1064
1065 hidg_class = class_create(THIS_MODULE, "hidg");
1066 if (IS_ERR(hidg_class)) {
1067 status = PTR_ERR(hidg_class);
1068 hidg_class = NULL;
1069 return status;
1070 }
1071
1072 status = alloc_chrdev_region(&dev, 0, count, "hidg");
1073 if (status) {
1074 class_destroy(hidg_class);
1075 hidg_class = NULL;
1076 return status;
1077 }
1078
1079 major = MAJOR(dev);
1080 minors = count;
1081
1082 return 0;
1083 }
1084
ghid_cleanup(void)1085 void ghid_cleanup(void)
1086 {
1087 if (major) {
1088 unregister_chrdev_region(MKDEV(major, 0), minors);
1089 major = minors = 0;
1090 }
1091
1092 class_destroy(hidg_class);
1093 hidg_class = NULL;
1094 }
1095