1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * f_hid.c -- USB HID function driver 4 * 5 * Copyright (C) 2010 Fabien Chouteau <fabien.chouteau@barco.com> 6 */ 7 8 #include <linux/kernel.h> 9 #include <linux/module.h> 10 #include <linux/hid.h> 11 #include <linux/idr.h> 12 #include <linux/cdev.h> 13 #include <linux/mutex.h> 14 #include <linux/poll.h> 15 #include <linux/uaccess.h> 16 #include <linux/wait.h> 17 #include <linux/sched.h> 18 #include <linux/workqueue.h> 19 #include <linux/usb/func_utils.h> 20 #include <linux/usb/g_hid.h> 21 #include <uapi/linux/usb/g_hid.h> 22 23 #include "u_hid.h" 24 25 #define HIDG_MINORS 4 26 27 /* 28 * Most operating systems seem to allow for 5000ms timeout, we will allow 29 * userspace half that time to respond before we return an empty report. 30 */ 31 #define GET_REPORT_TIMEOUT_MS 2500 32 33 static int major, minors; 34 35 static const struct class hidg_class = { 36 .name = "hidg", 37 }; 38 39 static DEFINE_IDA(hidg_ida); 40 static DEFINE_MUTEX(hidg_ida_lock); /* protects access to hidg_ida */ 41 42 struct report_entry { 43 struct usb_hidg_report report_data; 44 struct list_head node; 45 }; 46 47 /*-------------------------------------------------------------------------*/ 48 /* HID gadget struct */ 49 50 struct f_hidg_req_list { 51 struct usb_request *req; 52 unsigned int pos; 53 struct list_head list; 54 }; 55 56 struct f_hidg { 57 /* configuration */ 58 unsigned char bInterfaceSubClass; 59 unsigned char bInterfaceProtocol; 60 unsigned char protocol; 61 unsigned char idle; 62 unsigned short report_desc_length; 63 char *report_desc; 64 unsigned short report_length; 65 unsigned char interval; 66 bool interval_user_set; 67 68 /* 69 * use_out_ep - if true, the OUT Endpoint (interrupt out method) 70 * will be used to receive reports from the host 71 * using functions with the "intout" suffix. 72 * Otherwise, the OUT Endpoint will not be configured 73 * and the SETUP/SET_REPORT method ("ssreport" suffix) 74 * will be used to receive reports. 75 */ 76 bool use_out_ep; 77 78 /* recv report */ 79 spinlock_t read_spinlock; 80 wait_queue_head_t read_queue; 81 bool disabled; 82 /* recv report - interrupt out only (use_out_ep == 1) */ 83 struct list_head completed_out_req; 84 unsigned int qlen; 85 /* recv report - setup set_report only (use_out_ep == 0) */ 86 char *set_report_buf; 87 unsigned int set_report_length; 88 89 /* send report */ 90 spinlock_t write_spinlock; 91 bool write_pending; 92 wait_queue_head_t write_queue; 93 struct usb_request *req; 94 95 /* get report */ 96 struct usb_request *get_req; 97 struct usb_hidg_report get_report; 98 bool get_report_returned; 99 int get_report_req_report_id; 100 int get_report_req_report_length; 101 spinlock_t get_report_spinlock; 102 wait_queue_head_t get_queue; /* Waiting for userspace response */ 103 wait_queue_head_t get_id_queue; /* Get ID came in */ 104 struct work_struct work; 105 struct workqueue_struct *workqueue; 106 struct list_head report_list; 107 108 struct device dev; 109 struct cdev cdev; 110 struct usb_function func; 111 112 struct usb_ep *in_ep; 113 struct usb_ep *out_ep; 114 }; 115 116 static inline struct f_hidg *func_to_hidg(struct usb_function *f) 117 { 118 return container_of(f, struct f_hidg, func); 119 } 120 121 static void hidg_release(struct device *dev) 122 { 123 struct f_hidg *hidg = container_of(dev, struct f_hidg, dev); 124 125 kfree(hidg->report_desc); 126 kfree(hidg->set_report_buf); 127 kfree(hidg); 128 } 129 130 /*-------------------------------------------------------------------------*/ 131 /* Static descriptors */ 132 133 static struct usb_interface_descriptor hidg_interface_desc = { 134 .bLength = sizeof hidg_interface_desc, 135 .bDescriptorType = USB_DT_INTERFACE, 136 /* .bInterfaceNumber = DYNAMIC */ 137 .bAlternateSetting = 0, 138 /* .bNumEndpoints = DYNAMIC (depends on use_out_ep) */ 139 .bInterfaceClass = USB_CLASS_HID, 140 /* .bInterfaceSubClass = DYNAMIC */ 141 /* .bInterfaceProtocol = DYNAMIC */ 142 /* .iInterface = DYNAMIC */ 143 }; 144 145 static struct hid_descriptor hidg_desc = { 146 .bLength = sizeof hidg_desc, 147 .bDescriptorType = HID_DT_HID, 148 .bcdHID = cpu_to_le16(0x0101), 149 .bCountryCode = 0x00, 150 .bNumDescriptors = 0x1, 151 /*.rpt_desc.bDescriptorType = DYNAMIC */ 152 /*.rpt_desc.wDescriptorLength = DYNAMIC */ 153 }; 154 155 /* Super-Speed Support */ 156 157 static struct usb_endpoint_descriptor hidg_ss_in_ep_desc = { 158 .bLength = USB_DT_ENDPOINT_SIZE, 159 .bDescriptorType = USB_DT_ENDPOINT, 160 .bEndpointAddress = USB_DIR_IN, 161 .bmAttributes = USB_ENDPOINT_XFER_INT, 162 /*.wMaxPacketSize = DYNAMIC */ 163 /*.bInterval = DYNAMIC */ 164 }; 165 166 static struct usb_ss_ep_comp_descriptor hidg_ss_in_comp_desc = { 167 .bLength = sizeof(hidg_ss_in_comp_desc), 168 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 169 170 /* .bMaxBurst = 0, */ 171 /* .bmAttributes = 0, */ 172 /* .wBytesPerInterval = DYNAMIC */ 173 }; 174 175 static struct usb_endpoint_descriptor hidg_ss_out_ep_desc = { 176 .bLength = USB_DT_ENDPOINT_SIZE, 177 .bDescriptorType = USB_DT_ENDPOINT, 178 .bEndpointAddress = USB_DIR_OUT, 179 .bmAttributes = USB_ENDPOINT_XFER_INT, 180 /*.wMaxPacketSize = DYNAMIC */ 181 /*.bInterval = DYNAMIC */ 182 }; 183 184 static struct usb_ss_ep_comp_descriptor hidg_ss_out_comp_desc = { 185 .bLength = sizeof(hidg_ss_out_comp_desc), 186 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, 187 188 /* .bMaxBurst = 0, */ 189 /* .bmAttributes = 0, */ 190 /* .wBytesPerInterval = DYNAMIC */ 191 }; 192 193 static struct usb_descriptor_header *hidg_ss_descriptors_intout[] = { 194 (struct usb_descriptor_header *)&hidg_interface_desc, 195 (struct usb_descriptor_header *)&hidg_desc, 196 (struct usb_descriptor_header *)&hidg_ss_in_ep_desc, 197 (struct usb_descriptor_header *)&hidg_ss_in_comp_desc, 198 (struct usb_descriptor_header *)&hidg_ss_out_ep_desc, 199 (struct usb_descriptor_header *)&hidg_ss_out_comp_desc, 200 NULL, 201 }; 202 203 static struct usb_descriptor_header *hidg_ss_descriptors_ssreport[] = { 204 (struct usb_descriptor_header *)&hidg_interface_desc, 205 (struct usb_descriptor_header *)&hidg_desc, 206 (struct usb_descriptor_header *)&hidg_ss_in_ep_desc, 207 (struct usb_descriptor_header *)&hidg_ss_in_comp_desc, 208 NULL, 209 }; 210 211 /* High-Speed Support */ 212 213 static struct usb_endpoint_descriptor hidg_hs_in_ep_desc = { 214 .bLength = USB_DT_ENDPOINT_SIZE, 215 .bDescriptorType = USB_DT_ENDPOINT, 216 .bEndpointAddress = USB_DIR_IN, 217 .bmAttributes = USB_ENDPOINT_XFER_INT, 218 /*.wMaxPacketSize = DYNAMIC */ 219 /* .bInterval = DYNAMIC */ 220 }; 221 222 static struct usb_endpoint_descriptor hidg_hs_out_ep_desc = { 223 .bLength = USB_DT_ENDPOINT_SIZE, 224 .bDescriptorType = USB_DT_ENDPOINT, 225 .bEndpointAddress = USB_DIR_OUT, 226 .bmAttributes = USB_ENDPOINT_XFER_INT, 227 /*.wMaxPacketSize = DYNAMIC */ 228 /*.bInterval = DYNAMIC */ 229 }; 230 231 static struct usb_descriptor_header *hidg_hs_descriptors_intout[] = { 232 (struct usb_descriptor_header *)&hidg_interface_desc, 233 (struct usb_descriptor_header *)&hidg_desc, 234 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc, 235 (struct usb_descriptor_header *)&hidg_hs_out_ep_desc, 236 NULL, 237 }; 238 239 static struct usb_descriptor_header *hidg_hs_descriptors_ssreport[] = { 240 (struct usb_descriptor_header *)&hidg_interface_desc, 241 (struct usb_descriptor_header *)&hidg_desc, 242 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc, 243 NULL, 244 }; 245 246 /* Full-Speed Support */ 247 248 static struct usb_endpoint_descriptor hidg_fs_in_ep_desc = { 249 .bLength = USB_DT_ENDPOINT_SIZE, 250 .bDescriptorType = USB_DT_ENDPOINT, 251 .bEndpointAddress = USB_DIR_IN, 252 .bmAttributes = USB_ENDPOINT_XFER_INT, 253 /*.wMaxPacketSize = DYNAMIC */ 254 /*.bInterval = DYNAMIC */ 255 }; 256 257 static struct usb_endpoint_descriptor hidg_fs_out_ep_desc = { 258 .bLength = USB_DT_ENDPOINT_SIZE, 259 .bDescriptorType = USB_DT_ENDPOINT, 260 .bEndpointAddress = USB_DIR_OUT, 261 .bmAttributes = USB_ENDPOINT_XFER_INT, 262 /*.wMaxPacketSize = DYNAMIC */ 263 /*.bInterval = DYNAMIC */ 264 }; 265 266 static struct usb_descriptor_header *hidg_fs_descriptors_intout[] = { 267 (struct usb_descriptor_header *)&hidg_interface_desc, 268 (struct usb_descriptor_header *)&hidg_desc, 269 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc, 270 (struct usb_descriptor_header *)&hidg_fs_out_ep_desc, 271 NULL, 272 }; 273 274 static struct usb_descriptor_header *hidg_fs_descriptors_ssreport[] = { 275 (struct usb_descriptor_header *)&hidg_interface_desc, 276 (struct usb_descriptor_header *)&hidg_desc, 277 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc, 278 NULL, 279 }; 280 281 /*-------------------------------------------------------------------------*/ 282 /* Strings */ 283 284 #define CT_FUNC_HID_IDX 0 285 286 static struct usb_string ct_func_string_defs[] = { 287 [CT_FUNC_HID_IDX].s = "HID Interface", 288 {}, /* end of list */ 289 }; 290 291 static struct usb_gadget_strings ct_func_string_table = { 292 .language = 0x0409, /* en-US */ 293 .strings = ct_func_string_defs, 294 }; 295 296 static struct usb_gadget_strings *ct_func_strings[] = { 297 &ct_func_string_table, 298 NULL, 299 }; 300 301 /*-------------------------------------------------------------------------*/ 302 /* Char Device */ 303 304 static ssize_t f_hidg_intout_read(struct file *file, char __user *buffer, 305 size_t count, loff_t *ptr) 306 { 307 struct f_hidg *hidg = file->private_data; 308 struct f_hidg_req_list *list; 309 struct usb_request *req; 310 unsigned long flags; 311 int ret; 312 313 if (!count) 314 return 0; 315 316 spin_lock_irqsave(&hidg->read_spinlock, flags); 317 318 #define READ_COND_INTOUT (!list_empty(&hidg->completed_out_req) || hidg->disabled) 319 320 /* wait for at least one buffer to complete */ 321 while (!READ_COND_INTOUT) { 322 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 323 if (file->f_flags & O_NONBLOCK) 324 return -EAGAIN; 325 326 if (wait_event_interruptible(hidg->read_queue, READ_COND_INTOUT)) 327 return -ERESTARTSYS; 328 329 spin_lock_irqsave(&hidg->read_spinlock, flags); 330 } 331 332 if (hidg->disabled) { 333 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 334 return -ESHUTDOWN; 335 } 336 337 /* pick the first one */ 338 list = list_first_entry(&hidg->completed_out_req, 339 struct f_hidg_req_list, list); 340 341 /* 342 * Remove this from list to protect it from beign free() 343 * while host disables our function 344 */ 345 list_del(&list->list); 346 347 req = list->req; 348 count = min_t(unsigned int, count, req->actual - list->pos); 349 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 350 351 /* copy to user outside spinlock */ 352 count -= copy_to_user(buffer, req->buf + list->pos, count); 353 list->pos += count; 354 355 /* 356 * if this request is completely handled and transfered to 357 * userspace, remove its entry from the list and requeue it 358 * again. Otherwise, we will revisit it again upon the next 359 * call, taking into account its current read position. 360 */ 361 if (list->pos == req->actual) { 362 kfree(list); 363 364 req->length = hidg->report_length; 365 ret = usb_ep_queue(hidg->out_ep, req, GFP_KERNEL); 366 if (ret < 0) { 367 free_ep_req(hidg->out_ep, req); 368 return ret; 369 } 370 } else { 371 spin_lock_irqsave(&hidg->read_spinlock, flags); 372 list_add(&list->list, &hidg->completed_out_req); 373 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 374 375 wake_up(&hidg->read_queue); 376 } 377 378 return count; 379 } 380 381 #define READ_COND_SSREPORT (hidg->set_report_buf != NULL || hidg->disabled) 382 383 static ssize_t f_hidg_ssreport_read(struct file *file, char __user *buffer, 384 size_t count, loff_t *ptr) 385 { 386 struct f_hidg *hidg = file->private_data; 387 char *tmp_buf = NULL; 388 unsigned long flags; 389 390 if (!count) 391 return 0; 392 393 spin_lock_irqsave(&hidg->read_spinlock, flags); 394 395 while (!READ_COND_SSREPORT) { 396 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 397 if (file->f_flags & O_NONBLOCK) 398 return -EAGAIN; 399 400 if (wait_event_interruptible(hidg->read_queue, READ_COND_SSREPORT)) 401 return -ERESTARTSYS; 402 403 spin_lock_irqsave(&hidg->read_spinlock, flags); 404 } 405 406 count = min_t(unsigned int, count, hidg->set_report_length); 407 tmp_buf = hidg->set_report_buf; 408 hidg->set_report_buf = NULL; 409 410 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 411 412 if (tmp_buf != NULL) { 413 count -= copy_to_user(buffer, tmp_buf, count); 414 kfree(tmp_buf); 415 } else { 416 count = -ENOMEM; 417 } 418 419 wake_up(&hidg->read_queue); 420 421 return count; 422 } 423 424 static ssize_t f_hidg_read(struct file *file, char __user *buffer, 425 size_t count, loff_t *ptr) 426 { 427 struct f_hidg *hidg = file->private_data; 428 429 if (hidg->use_out_ep) 430 return f_hidg_intout_read(file, buffer, count, ptr); 431 else 432 return f_hidg_ssreport_read(file, buffer, count, ptr); 433 } 434 435 static void f_hidg_req_complete(struct usb_ep *ep, struct usb_request *req) 436 { 437 struct f_hidg *hidg = (struct f_hidg *)ep->driver_data; 438 unsigned long flags; 439 440 if (req->status != 0) { 441 ERROR(hidg->func.config->cdev, 442 "End Point Request ERROR: %d\n", req->status); 443 } 444 445 spin_lock_irqsave(&hidg->write_spinlock, flags); 446 hidg->write_pending = 0; 447 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 448 wake_up(&hidg->write_queue); 449 } 450 451 static ssize_t f_hidg_write(struct file *file, const char __user *buffer, 452 size_t count, loff_t *offp) 453 { 454 struct f_hidg *hidg = file->private_data; 455 struct usb_request *req; 456 unsigned long flags; 457 ssize_t status = -ENOMEM; 458 459 spin_lock_irqsave(&hidg->write_spinlock, flags); 460 461 if (!hidg->req) { 462 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 463 return -ESHUTDOWN; 464 } 465 466 #define WRITE_COND (!hidg->write_pending) 467 try_again: 468 /* write queue */ 469 while (!WRITE_COND) { 470 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 471 if (file->f_flags & O_NONBLOCK) 472 return -EAGAIN; 473 474 if (wait_event_interruptible_exclusive( 475 hidg->write_queue, WRITE_COND)) 476 return -ERESTARTSYS; 477 478 spin_lock_irqsave(&hidg->write_spinlock, flags); 479 } 480 481 hidg->write_pending = 1; 482 req = hidg->req; 483 count = min_t(unsigned, count, hidg->report_length); 484 485 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 486 487 if (!req) { 488 ERROR(hidg->func.config->cdev, "hidg->req is NULL\n"); 489 status = -ESHUTDOWN; 490 goto release_write_pending; 491 } 492 493 status = copy_from_user(req->buf, buffer, count); 494 if (status != 0) { 495 ERROR(hidg->func.config->cdev, 496 "copy_from_user error\n"); 497 status = -EINVAL; 498 goto release_write_pending; 499 } 500 501 spin_lock_irqsave(&hidg->write_spinlock, flags); 502 503 /* when our function has been disabled by host */ 504 if (!hidg->req) { 505 free_ep_req(hidg->in_ep, req); 506 /* 507 * TODO 508 * Should we fail with error here? 509 */ 510 goto try_again; 511 } 512 513 req->status = 0; 514 req->zero = 0; 515 req->length = count; 516 req->complete = f_hidg_req_complete; 517 req->context = hidg; 518 519 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 520 521 if (!hidg->in_ep->enabled) { 522 ERROR(hidg->func.config->cdev, "in_ep is disabled\n"); 523 status = -ESHUTDOWN; 524 goto release_write_pending; 525 } 526 527 status = usb_ep_queue(hidg->in_ep, req, GFP_ATOMIC); 528 if (status < 0) 529 goto release_write_pending; 530 else 531 status = count; 532 533 return status; 534 release_write_pending: 535 spin_lock_irqsave(&hidg->write_spinlock, flags); 536 hidg->write_pending = 0; 537 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 538 539 wake_up(&hidg->write_queue); 540 541 return status; 542 } 543 544 static struct report_entry *f_hidg_search_for_report(struct f_hidg *hidg, u8 report_id) 545 { 546 struct list_head *ptr; 547 struct report_entry *entry; 548 549 list_for_each(ptr, &hidg->report_list) { 550 entry = list_entry(ptr, struct report_entry, node); 551 if (entry->report_data.report_id == report_id) 552 return entry; 553 } 554 555 return NULL; 556 } 557 558 static void get_report_workqueue_handler(struct work_struct *work) 559 { 560 struct f_hidg *hidg = container_of(work, struct f_hidg, work); 561 struct usb_composite_dev *cdev = hidg->func.config->cdev; 562 struct usb_request *req; 563 struct report_entry *ptr; 564 unsigned long flags; 565 566 int status = 0; 567 568 spin_lock_irqsave(&hidg->get_report_spinlock, flags); 569 req = hidg->get_req; 570 if (!req) { 571 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 572 return; 573 } 574 575 req->zero = 0; 576 req->length = min_t(unsigned int, min_t(unsigned int, hidg->get_report_req_report_length, 577 hidg->report_length), 578 MAX_REPORT_LENGTH); 579 580 /* Check if there is a response available for immediate response */ 581 ptr = f_hidg_search_for_report(hidg, hidg->get_report_req_report_id); 582 if (ptr && !ptr->report_data.userspace_req) { 583 /* Report exists in list and it is to be used for immediate response */ 584 req->buf = ptr->report_data.data; 585 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); 586 hidg->get_report_returned = true; 587 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 588 } else { 589 /* 590 * Report does not exist in list or should not be immediately sent 591 * i.e. give userspace time to respond 592 */ 593 hidg->get_report_returned = false; 594 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 595 wake_up(&hidg->get_id_queue); 596 #define GET_REPORT_COND (!hidg->get_report_returned) 597 /* Wait until userspace has responded or timeout */ 598 status = wait_event_interruptible_timeout(hidg->get_queue, !GET_REPORT_COND, 599 msecs_to_jiffies(GET_REPORT_TIMEOUT_MS)); 600 spin_lock_irqsave(&hidg->get_report_spinlock, flags); 601 req = hidg->get_req; 602 if (!req) { 603 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 604 return; 605 } 606 if (status == 0 && !hidg->get_report_returned) { 607 /* GET_REPORT request was not serviced by userspace within timeout period */ 608 VDBG(cdev, "get_report : userspace timeout.\n"); 609 hidg->get_report_returned = true; 610 } 611 612 /* Search again for report ID in list and respond to GET_REPORT request */ 613 ptr = f_hidg_search_for_report(hidg, hidg->get_report_req_report_id); 614 if (ptr) { 615 /* 616 * Either get an updated response just serviced by userspace 617 * or send the latest response in the list 618 */ 619 req->buf = ptr->report_data.data; 620 } else { 621 /* If there are no prevoiusly sent reports send empty report */ 622 req->buf = hidg->get_report.data; 623 memset(req->buf, 0x0, req->length); 624 } 625 626 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); 627 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 628 } 629 630 if (status < 0) 631 VDBG(cdev, "usb_ep_queue error on ep0 responding to GET_REPORT\n"); 632 } 633 634 static int f_hidg_get_report_id(struct file *file, __u8 __user *buffer) 635 { 636 struct f_hidg *hidg = file->private_data; 637 int ret = 0; 638 639 ret = put_user(hidg->get_report_req_report_id, buffer); 640 641 return ret; 642 } 643 644 static int f_hidg_get_report(struct file *file, struct usb_hidg_report __user *buffer) 645 { 646 struct f_hidg *hidg = file->private_data; 647 struct usb_composite_dev *cdev = hidg->func.config->cdev; 648 unsigned long flags; 649 struct report_entry *entry; 650 struct report_entry *ptr; 651 __u8 report_id; 652 653 entry = kmalloc(sizeof(*entry), GFP_KERNEL); 654 if (!entry) 655 return -ENOMEM; 656 657 if (copy_from_user(&entry->report_data, buffer, 658 sizeof(struct usb_hidg_report))) { 659 ERROR(cdev, "copy_from_user error\n"); 660 kfree(entry); 661 return -EINVAL; 662 } 663 664 report_id = entry->report_data.report_id; 665 666 spin_lock_irqsave(&hidg->get_report_spinlock, flags); 667 ptr = f_hidg_search_for_report(hidg, report_id); 668 669 if (ptr) { 670 /* Report already exists in list - update it */ 671 if (copy_from_user(&ptr->report_data, buffer, 672 sizeof(struct usb_hidg_report))) { 673 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 674 ERROR(cdev, "copy_from_user error\n"); 675 kfree(entry); 676 return -EINVAL; 677 } 678 kfree(entry); 679 } else { 680 /* Report does not exist in list - add it */ 681 list_add_tail(&entry->node, &hidg->report_list); 682 } 683 684 /* If there is no response pending then do nothing further */ 685 if (hidg->get_report_returned) { 686 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 687 return 0; 688 } 689 690 /* If this userspace response serves the current pending report */ 691 if (hidg->get_report_req_report_id == report_id) { 692 hidg->get_report_returned = true; 693 wake_up(&hidg->get_queue); 694 } 695 696 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 697 return 0; 698 } 699 700 static long f_hidg_ioctl(struct file *file, unsigned int code, unsigned long arg) 701 { 702 switch (code) { 703 case GADGET_HID_READ_GET_REPORT_ID: 704 return f_hidg_get_report_id(file, (__u8 __user *)arg); 705 case GADGET_HID_WRITE_GET_REPORT: 706 return f_hidg_get_report(file, (struct usb_hidg_report __user *)arg); 707 default: 708 return -ENOTTY; 709 } 710 } 711 712 static __poll_t f_hidg_poll(struct file *file, poll_table *wait) 713 { 714 struct f_hidg *hidg = file->private_data; 715 __poll_t ret = 0; 716 717 poll_wait(file, &hidg->read_queue, wait); 718 poll_wait(file, &hidg->write_queue, wait); 719 poll_wait(file, &hidg->get_queue, wait); 720 poll_wait(file, &hidg->get_id_queue, wait); 721 722 if (WRITE_COND) 723 ret |= EPOLLOUT | EPOLLWRNORM; 724 725 if (hidg->use_out_ep) { 726 if (READ_COND_INTOUT) 727 ret |= EPOLLIN | EPOLLRDNORM; 728 } else { 729 if (READ_COND_SSREPORT) 730 ret |= EPOLLIN | EPOLLRDNORM; 731 } 732 733 if (GET_REPORT_COND) 734 ret |= EPOLLPRI; 735 736 return ret; 737 } 738 739 #undef WRITE_COND 740 #undef READ_COND_SSREPORT 741 #undef READ_COND_INTOUT 742 #undef GET_REPORT_COND 743 744 static int f_hidg_release(struct inode *inode, struct file *fd) 745 { 746 fd->private_data = NULL; 747 return 0; 748 } 749 750 static int f_hidg_open(struct inode *inode, struct file *fd) 751 { 752 struct f_hidg *hidg = 753 container_of(inode->i_cdev, struct f_hidg, cdev); 754 755 fd->private_data = hidg; 756 757 return 0; 758 } 759 760 /*-------------------------------------------------------------------------*/ 761 /* usb_function */ 762 763 static inline struct usb_request *hidg_alloc_ep_req(struct usb_ep *ep, 764 unsigned length) 765 { 766 return alloc_ep_req(ep, length); 767 } 768 769 static void hidg_intout_complete(struct usb_ep *ep, struct usb_request *req) 770 { 771 struct f_hidg *hidg = (struct f_hidg *) req->context; 772 struct usb_composite_dev *cdev = hidg->func.config->cdev; 773 struct f_hidg_req_list *req_list; 774 unsigned long flags; 775 776 switch (req->status) { 777 case 0: 778 req_list = kzalloc(sizeof(*req_list), GFP_ATOMIC); 779 if (!req_list) { 780 ERROR(cdev, "Unable to allocate mem for req_list\n"); 781 goto free_req; 782 } 783 784 req_list->req = req; 785 786 spin_lock_irqsave(&hidg->read_spinlock, flags); 787 list_add_tail(&req_list->list, &hidg->completed_out_req); 788 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 789 790 wake_up(&hidg->read_queue); 791 break; 792 default: 793 ERROR(cdev, "Set report failed %d\n", req->status); 794 fallthrough; 795 case -ECONNABORTED: /* hardware forced ep reset */ 796 case -ECONNRESET: /* request dequeued */ 797 case -ESHUTDOWN: /* disconnect from host */ 798 free_req: 799 free_ep_req(ep, req); 800 return; 801 } 802 } 803 804 static void hidg_ssreport_complete(struct usb_ep *ep, struct usb_request *req) 805 { 806 struct f_hidg *hidg = (struct f_hidg *)req->context; 807 struct usb_composite_dev *cdev = hidg->func.config->cdev; 808 char *new_buf = NULL; 809 unsigned long flags; 810 811 if (req->status != 0 || req->buf == NULL || req->actual == 0) { 812 ERROR(cdev, 813 "%s FAILED: status=%d, buf=%p, actual=%d\n", 814 __func__, req->status, req->buf, req->actual); 815 return; 816 } 817 818 spin_lock_irqsave(&hidg->read_spinlock, flags); 819 820 new_buf = krealloc(hidg->set_report_buf, req->actual, GFP_ATOMIC); 821 if (new_buf == NULL) { 822 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 823 return; 824 } 825 hidg->set_report_buf = new_buf; 826 827 hidg->set_report_length = req->actual; 828 memcpy(hidg->set_report_buf, req->buf, req->actual); 829 830 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 831 832 wake_up(&hidg->read_queue); 833 } 834 835 static void hidg_get_report_complete(struct usb_ep *ep, struct usb_request *req) 836 { 837 } 838 839 static int hidg_setup(struct usb_function *f, 840 const struct usb_ctrlrequest *ctrl) 841 { 842 struct f_hidg *hidg = func_to_hidg(f); 843 struct usb_composite_dev *cdev = f->config->cdev; 844 struct usb_request *req = cdev->req; 845 int status = 0; 846 __u16 value, length; 847 unsigned long flags; 848 849 value = __le16_to_cpu(ctrl->wValue); 850 length = __le16_to_cpu(ctrl->wLength); 851 852 VDBG(cdev, 853 "%s crtl_request : bRequestType:0x%x bRequest:0x%x Value:0x%x\n", 854 __func__, ctrl->bRequestType, ctrl->bRequest, value); 855 856 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) { 857 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 858 | HID_REQ_GET_REPORT): 859 VDBG(cdev, "get_report | wLength=%d\n", ctrl->wLength); 860 861 /* 862 * Update GET_REPORT ID so that an ioctl can be used to determine what 863 * GET_REPORT the request was actually for. 864 */ 865 spin_lock_irqsave(&hidg->get_report_spinlock, flags); 866 hidg->get_report_req_report_id = value & 0xff; 867 hidg->get_report_req_report_length = length; 868 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 869 870 queue_work(hidg->workqueue, &hidg->work); 871 872 return status; 873 874 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 875 | HID_REQ_GET_PROTOCOL): 876 VDBG(cdev, "get_protocol\n"); 877 length = min_t(unsigned int, length, 1); 878 ((u8 *) req->buf)[0] = hidg->protocol; 879 goto respond; 880 break; 881 882 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 883 | HID_REQ_GET_IDLE): 884 VDBG(cdev, "get_idle\n"); 885 length = min_t(unsigned int, length, 1); 886 ((u8 *) req->buf)[0] = hidg->idle; 887 goto respond; 888 break; 889 890 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 891 | HID_REQ_SET_REPORT): 892 VDBG(cdev, "set_report | wLength=%d\n", ctrl->wLength); 893 if (hidg->use_out_ep) 894 goto stall; 895 req->complete = hidg_ssreport_complete; 896 req->context = hidg; 897 goto respond; 898 break; 899 900 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 901 | HID_REQ_SET_PROTOCOL): 902 VDBG(cdev, "set_protocol\n"); 903 if (value > HID_REPORT_PROTOCOL) 904 goto stall; 905 length = 0; 906 /* 907 * We assume that programs implementing the Boot protocol 908 * are also compatible with the Report Protocol 909 */ 910 if (hidg->bInterfaceSubClass == USB_INTERFACE_SUBCLASS_BOOT) { 911 hidg->protocol = value; 912 goto respond; 913 } 914 goto stall; 915 break; 916 917 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 918 | HID_REQ_SET_IDLE): 919 VDBG(cdev, "set_idle\n"); 920 length = 0; 921 hidg->idle = value >> 8; 922 goto respond; 923 break; 924 925 case ((USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_INTERFACE) << 8 926 | USB_REQ_GET_DESCRIPTOR): 927 switch (value >> 8) { 928 case HID_DT_HID: 929 { 930 struct hid_descriptor hidg_desc_copy = hidg_desc; 931 932 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n"); 933 hidg_desc_copy.rpt_desc.bDescriptorType = HID_DT_REPORT; 934 hidg_desc_copy.rpt_desc.wDescriptorLength = 935 cpu_to_le16(hidg->report_desc_length); 936 937 length = min_t(unsigned short, length, 938 hidg_desc_copy.bLength); 939 memcpy(req->buf, &hidg_desc_copy, length); 940 goto respond; 941 break; 942 } 943 case HID_DT_REPORT: 944 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: REPORT\n"); 945 length = min_t(unsigned short, length, 946 hidg->report_desc_length); 947 memcpy(req->buf, hidg->report_desc, length); 948 goto respond; 949 break; 950 951 default: 952 VDBG(cdev, "Unknown descriptor request 0x%x\n", 953 value >> 8); 954 goto stall; 955 break; 956 } 957 break; 958 959 default: 960 VDBG(cdev, "Unknown request 0x%x\n", 961 ctrl->bRequest); 962 goto stall; 963 break; 964 } 965 966 stall: 967 return -EOPNOTSUPP; 968 969 respond: 970 req->zero = 0; 971 req->length = length; 972 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); 973 if (status < 0) 974 ERROR(cdev, "usb_ep_queue error on ep0 %d\n", value); 975 return status; 976 } 977 978 static void hidg_disable(struct usb_function *f) 979 { 980 struct f_hidg *hidg = func_to_hidg(f); 981 struct f_hidg_req_list *list, *next; 982 unsigned long flags; 983 984 usb_ep_disable(hidg->in_ep); 985 986 if (hidg->out_ep) { 987 usb_ep_disable(hidg->out_ep); 988 989 spin_lock_irqsave(&hidg->read_spinlock, flags); 990 list_for_each_entry_safe(list, next, &hidg->completed_out_req, list) { 991 free_ep_req(hidg->out_ep, list->req); 992 list_del(&list->list); 993 kfree(list); 994 } 995 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 996 } 997 998 spin_lock_irqsave(&hidg->get_report_spinlock, flags); 999 if (!hidg->get_report_returned) { 1000 usb_ep_free_request(f->config->cdev->gadget->ep0, hidg->get_req); 1001 hidg->get_req = NULL; 1002 hidg->get_report_returned = true; 1003 } 1004 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags); 1005 1006 spin_lock_irqsave(&hidg->read_spinlock, flags); 1007 hidg->disabled = true; 1008 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 1009 wake_up(&hidg->read_queue); 1010 1011 spin_lock_irqsave(&hidg->write_spinlock, flags); 1012 if (!hidg->write_pending) { 1013 free_ep_req(hidg->in_ep, hidg->req); 1014 hidg->write_pending = 1; 1015 } 1016 1017 hidg->req = NULL; 1018 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 1019 } 1020 1021 static int hidg_set_alt(struct usb_function *f, unsigned intf, unsigned alt) 1022 { 1023 struct usb_composite_dev *cdev = f->config->cdev; 1024 struct f_hidg *hidg = func_to_hidg(f); 1025 struct usb_request *req_in = NULL; 1026 unsigned long flags; 1027 int i, status = 0; 1028 1029 VDBG(cdev, "hidg_set_alt intf:%d alt:%d\n", intf, alt); 1030 1031 if (hidg->in_ep != NULL) { 1032 /* restart endpoint */ 1033 usb_ep_disable(hidg->in_ep); 1034 1035 status = config_ep_by_speed(f->config->cdev->gadget, f, 1036 hidg->in_ep); 1037 if (status) { 1038 ERROR(cdev, "config_ep_by_speed FAILED!\n"); 1039 goto fail; 1040 } 1041 status = usb_ep_enable(hidg->in_ep); 1042 if (status < 0) { 1043 ERROR(cdev, "Enable IN endpoint FAILED!\n"); 1044 goto fail; 1045 } 1046 hidg->in_ep->driver_data = hidg; 1047 1048 req_in = hidg_alloc_ep_req(hidg->in_ep, hidg->report_length); 1049 if (!req_in) { 1050 status = -ENOMEM; 1051 goto disable_ep_in; 1052 } 1053 } 1054 1055 if (hidg->use_out_ep && hidg->out_ep != NULL) { 1056 /* restart endpoint */ 1057 usb_ep_disable(hidg->out_ep); 1058 1059 status = config_ep_by_speed(f->config->cdev->gadget, f, 1060 hidg->out_ep); 1061 if (status) { 1062 ERROR(cdev, "config_ep_by_speed FAILED!\n"); 1063 goto free_req_in; 1064 } 1065 status = usb_ep_enable(hidg->out_ep); 1066 if (status < 0) { 1067 ERROR(cdev, "Enable OUT endpoint FAILED!\n"); 1068 goto free_req_in; 1069 } 1070 hidg->out_ep->driver_data = hidg; 1071 1072 /* 1073 * allocate a bunch of read buffers and queue them all at once. 1074 */ 1075 for (i = 0; i < hidg->qlen && status == 0; i++) { 1076 struct usb_request *req = 1077 hidg_alloc_ep_req(hidg->out_ep, 1078 hidg->report_length); 1079 if (req) { 1080 req->complete = hidg_intout_complete; 1081 req->context = hidg; 1082 status = usb_ep_queue(hidg->out_ep, req, 1083 GFP_ATOMIC); 1084 if (status) { 1085 ERROR(cdev, "%s queue req --> %d\n", 1086 hidg->out_ep->name, status); 1087 free_ep_req(hidg->out_ep, req); 1088 } 1089 } else { 1090 status = -ENOMEM; 1091 goto disable_out_ep; 1092 } 1093 } 1094 } 1095 1096 spin_lock_irqsave(&hidg->read_spinlock, flags); 1097 hidg->disabled = false; 1098 spin_unlock_irqrestore(&hidg->read_spinlock, flags); 1099 1100 if (hidg->in_ep != NULL) { 1101 spin_lock_irqsave(&hidg->write_spinlock, flags); 1102 hidg->req = req_in; 1103 hidg->write_pending = 0; 1104 spin_unlock_irqrestore(&hidg->write_spinlock, flags); 1105 1106 wake_up(&hidg->write_queue); 1107 } 1108 return 0; 1109 disable_out_ep: 1110 if (hidg->out_ep) 1111 usb_ep_disable(hidg->out_ep); 1112 free_req_in: 1113 if (req_in) 1114 free_ep_req(hidg->in_ep, req_in); 1115 1116 disable_ep_in: 1117 if (hidg->in_ep) 1118 usb_ep_disable(hidg->in_ep); 1119 1120 fail: 1121 return status; 1122 } 1123 1124 #ifdef CONFIG_COMPAT 1125 static long f_hidg_compat_ioctl(struct file *file, unsigned int code, 1126 unsigned long value) 1127 { 1128 return f_hidg_ioctl(file, code, value); 1129 } 1130 #endif 1131 1132 static const struct file_operations f_hidg_fops = { 1133 .owner = THIS_MODULE, 1134 .open = f_hidg_open, 1135 .release = f_hidg_release, 1136 .write = f_hidg_write, 1137 .read = f_hidg_read, 1138 .poll = f_hidg_poll, 1139 .unlocked_ioctl = f_hidg_ioctl, 1140 #ifdef CONFIG_COMPAT 1141 .compat_ioctl = f_hidg_compat_ioctl, 1142 #endif 1143 .llseek = noop_llseek, 1144 }; 1145 1146 static int hidg_bind(struct usb_configuration *c, struct usb_function *f) 1147 { 1148 struct usb_ep *ep; 1149 struct f_hidg *hidg = func_to_hidg(f); 1150 struct usb_string *us; 1151 int status; 1152 1153 hidg->get_req = usb_ep_alloc_request(c->cdev->gadget->ep0, GFP_ATOMIC); 1154 if (!hidg->get_req) 1155 return -ENOMEM; 1156 1157 hidg->get_req->zero = 0; 1158 hidg->get_req->complete = hidg_get_report_complete; 1159 hidg->get_req->context = hidg; 1160 hidg->get_report_returned = true; 1161 1162 /* maybe allocate device-global string IDs, and patch descriptors */ 1163 us = usb_gstrings_attach(c->cdev, ct_func_strings, 1164 ARRAY_SIZE(ct_func_string_defs)); 1165 if (IS_ERR(us)) 1166 return PTR_ERR(us); 1167 hidg_interface_desc.iInterface = us[CT_FUNC_HID_IDX].id; 1168 1169 /* allocate instance-specific interface IDs, and patch descriptors */ 1170 status = usb_interface_id(c, f); 1171 if (status < 0) 1172 goto fail; 1173 hidg_interface_desc.bInterfaceNumber = status; 1174 1175 /* allocate instance-specific endpoints */ 1176 status = -ENODEV; 1177 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_in_ep_desc); 1178 if (!ep) 1179 goto fail; 1180 hidg->in_ep = ep; 1181 1182 hidg->out_ep = NULL; 1183 if (hidg->use_out_ep) { 1184 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_out_ep_desc); 1185 if (!ep) 1186 goto fail; 1187 hidg->out_ep = ep; 1188 } 1189 1190 /* used only if use_out_ep == 1 */ 1191 hidg->set_report_buf = NULL; 1192 1193 /* set descriptor dynamic values */ 1194 hidg_interface_desc.bInterfaceSubClass = hidg->bInterfaceSubClass; 1195 hidg_interface_desc.bInterfaceProtocol = hidg->bInterfaceProtocol; 1196 hidg_interface_desc.bNumEndpoints = hidg->use_out_ep ? 2 : 1; 1197 hidg->protocol = HID_REPORT_PROTOCOL; 1198 hidg->idle = 1; 1199 hidg_ss_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 1200 hidg_ss_in_comp_desc.wBytesPerInterval = 1201 cpu_to_le16(hidg->report_length); 1202 hidg_hs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 1203 hidg_fs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 1204 hidg_ss_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 1205 1206 /* IN endpoints: FS default=10ms, HS default=4µ-frame; user override if set */ 1207 if (!hidg->interval_user_set) { 1208 hidg_fs_in_ep_desc.bInterval = 10; 1209 hidg_hs_in_ep_desc.bInterval = 4; 1210 } else { 1211 hidg_fs_in_ep_desc.bInterval = hidg->interval; 1212 hidg_hs_in_ep_desc.bInterval = hidg->interval; 1213 } 1214 1215 hidg_ss_out_comp_desc.wBytesPerInterval = 1216 cpu_to_le16(hidg->report_length); 1217 hidg_hs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 1218 hidg_fs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 1219 /* 1220 * We can use hidg_desc struct here but we should not relay 1221 * that its content won't change after returning from this function. 1222 */ 1223 hidg_desc.rpt_desc.bDescriptorType = HID_DT_REPORT; 1224 hidg_desc.rpt_desc.wDescriptorLength = 1225 cpu_to_le16(hidg->report_desc_length); 1226 1227 hidg_hs_in_ep_desc.bEndpointAddress = 1228 hidg_fs_in_ep_desc.bEndpointAddress; 1229 hidg_hs_out_ep_desc.bEndpointAddress = 1230 hidg_fs_out_ep_desc.bEndpointAddress; 1231 1232 hidg_ss_in_ep_desc.bEndpointAddress = 1233 hidg_fs_in_ep_desc.bEndpointAddress; 1234 hidg_ss_out_ep_desc.bEndpointAddress = 1235 hidg_fs_out_ep_desc.bEndpointAddress; 1236 1237 if (hidg->use_out_ep) { 1238 /* OUT endpoints: same defaults (FS=10, HS=4) unless user set */ 1239 if (!hidg->interval_user_set) { 1240 hidg_fs_out_ep_desc.bInterval = 10; 1241 hidg_hs_out_ep_desc.bInterval = 4; 1242 } else { 1243 hidg_fs_out_ep_desc.bInterval = hidg->interval; 1244 hidg_hs_out_ep_desc.bInterval = hidg->interval; 1245 } 1246 status = usb_assign_descriptors(f, 1247 hidg_fs_descriptors_intout, 1248 hidg_hs_descriptors_intout, 1249 hidg_ss_descriptors_intout, 1250 hidg_ss_descriptors_intout); 1251 } else { 1252 status = usb_assign_descriptors(f, 1253 hidg_fs_descriptors_ssreport, 1254 hidg_hs_descriptors_ssreport, 1255 hidg_ss_descriptors_ssreport, 1256 hidg_ss_descriptors_ssreport); 1257 } 1258 if (status) 1259 goto fail; 1260 1261 spin_lock_init(&hidg->write_spinlock); 1262 hidg->write_pending = 1; 1263 hidg->req = NULL; 1264 spin_lock_init(&hidg->read_spinlock); 1265 spin_lock_init(&hidg->get_report_spinlock); 1266 init_waitqueue_head(&hidg->write_queue); 1267 init_waitqueue_head(&hidg->read_queue); 1268 init_waitqueue_head(&hidg->get_queue); 1269 init_waitqueue_head(&hidg->get_id_queue); 1270 INIT_LIST_HEAD(&hidg->completed_out_req); 1271 INIT_LIST_HEAD(&hidg->report_list); 1272 1273 INIT_WORK(&hidg->work, get_report_workqueue_handler); 1274 hidg->workqueue = alloc_workqueue("report_work", 1275 WQ_FREEZABLE | 1276 WQ_MEM_RECLAIM, 1277 1); 1278 1279 if (!hidg->workqueue) { 1280 status = -ENOMEM; 1281 goto fail; 1282 } 1283 1284 /* create char device */ 1285 cdev_init(&hidg->cdev, &f_hidg_fops); 1286 status = cdev_device_add(&hidg->cdev, &hidg->dev); 1287 if (status) 1288 goto fail_free_descs; 1289 1290 return 0; 1291 fail_free_descs: 1292 destroy_workqueue(hidg->workqueue); 1293 usb_free_all_descriptors(f); 1294 fail: 1295 ERROR(f->config->cdev, "hidg_bind FAILED\n"); 1296 if (hidg->req != NULL) 1297 free_ep_req(hidg->in_ep, hidg->req); 1298 1299 usb_ep_free_request(c->cdev->gadget->ep0, hidg->get_req); 1300 hidg->get_req = NULL; 1301 1302 return status; 1303 } 1304 1305 static inline int hidg_get_minor(void) 1306 { 1307 int ret; 1308 1309 ret = ida_alloc(&hidg_ida, GFP_KERNEL); 1310 if (ret >= HIDG_MINORS) { 1311 ida_free(&hidg_ida, ret); 1312 ret = -ENODEV; 1313 } 1314 1315 return ret; 1316 } 1317 1318 static inline struct f_hid_opts *to_f_hid_opts(struct config_item *item) 1319 { 1320 return container_of(to_config_group(item), struct f_hid_opts, 1321 func_inst.group); 1322 } 1323 1324 static void hid_attr_release(struct config_item *item) 1325 { 1326 struct f_hid_opts *opts = to_f_hid_opts(item); 1327 1328 usb_put_function_instance(&opts->func_inst); 1329 } 1330 1331 static struct configfs_item_operations hidg_item_ops = { 1332 .release = hid_attr_release, 1333 }; 1334 1335 #define F_HID_OPT(name, prec, limit) \ 1336 static ssize_t f_hid_opts_##name##_show(struct config_item *item, char *page)\ 1337 { \ 1338 struct f_hid_opts *opts = to_f_hid_opts(item); \ 1339 int result; \ 1340 \ 1341 mutex_lock(&opts->lock); \ 1342 result = sprintf(page, "%d\n", opts->name); \ 1343 mutex_unlock(&opts->lock); \ 1344 \ 1345 return result; \ 1346 } \ 1347 \ 1348 static ssize_t f_hid_opts_##name##_store(struct config_item *item, \ 1349 const char *page, size_t len) \ 1350 { \ 1351 struct f_hid_opts *opts = to_f_hid_opts(item); \ 1352 int ret; \ 1353 u##prec num; \ 1354 \ 1355 mutex_lock(&opts->lock); \ 1356 if (opts->refcnt) { \ 1357 ret = -EBUSY; \ 1358 goto end; \ 1359 } \ 1360 \ 1361 ret = kstrtou##prec(page, 0, &num); \ 1362 if (ret) \ 1363 goto end; \ 1364 \ 1365 if (num > limit) { \ 1366 ret = -EINVAL; \ 1367 goto end; \ 1368 } \ 1369 opts->name = num; \ 1370 ret = len; \ 1371 \ 1372 end: \ 1373 mutex_unlock(&opts->lock); \ 1374 return ret; \ 1375 } \ 1376 \ 1377 CONFIGFS_ATTR(f_hid_opts_, name) 1378 1379 F_HID_OPT(subclass, 8, 255); 1380 F_HID_OPT(protocol, 8, 255); 1381 F_HID_OPT(no_out_endpoint, 8, 1); 1382 F_HID_OPT(report_length, 16, 65535); 1383 1384 static ssize_t f_hid_opts_report_desc_show(struct config_item *item, char *page) 1385 { 1386 struct f_hid_opts *opts = to_f_hid_opts(item); 1387 int result; 1388 1389 mutex_lock(&opts->lock); 1390 result = opts->report_desc_length; 1391 memcpy(page, opts->report_desc, opts->report_desc_length); 1392 mutex_unlock(&opts->lock); 1393 1394 return result; 1395 } 1396 1397 static ssize_t f_hid_opts_report_desc_store(struct config_item *item, 1398 const char *page, size_t len) 1399 { 1400 struct f_hid_opts *opts = to_f_hid_opts(item); 1401 int ret = -EBUSY; 1402 char *d; 1403 1404 mutex_lock(&opts->lock); 1405 1406 if (opts->refcnt) 1407 goto end; 1408 if (len > PAGE_SIZE) { 1409 ret = -ENOSPC; 1410 goto end; 1411 } 1412 d = kmemdup(page, len, GFP_KERNEL); 1413 if (!d) { 1414 ret = -ENOMEM; 1415 goto end; 1416 } 1417 kfree(opts->report_desc); 1418 opts->report_desc = d; 1419 opts->report_desc_length = len; 1420 opts->report_desc_alloc = true; 1421 ret = len; 1422 end: 1423 mutex_unlock(&opts->lock); 1424 return ret; 1425 } 1426 1427 CONFIGFS_ATTR(f_hid_opts_, report_desc); 1428 1429 static ssize_t f_hid_opts_interval_show(struct config_item *item, char *page) 1430 { 1431 struct f_hid_opts *opts = to_f_hid_opts(item); 1432 int result; 1433 1434 mutex_lock(&opts->lock); 1435 result = sprintf(page, "%d\n", opts->interval); 1436 mutex_unlock(&opts->lock); 1437 1438 return result; 1439 } 1440 1441 static ssize_t f_hid_opts_interval_store(struct config_item *item, 1442 const char *page, size_t len) 1443 { 1444 struct f_hid_opts *opts = to_f_hid_opts(item); 1445 int ret; 1446 unsigned int tmp; 1447 1448 mutex_lock(&opts->lock); 1449 if (opts->refcnt) { 1450 ret = -EBUSY; 1451 goto end; 1452 } 1453 1454 /* parse into a wider type first */ 1455 ret = kstrtouint(page, 0, &tmp); 1456 if (ret) 1457 goto end; 1458 1459 /* range-check against unsigned char max */ 1460 if (tmp > 255) { 1461 ret = -EINVAL; 1462 goto end; 1463 } 1464 1465 opts->interval = (unsigned char)tmp; 1466 opts->interval_user_set = true; 1467 ret = len; 1468 1469 end: 1470 mutex_unlock(&opts->lock); 1471 return ret; 1472 } 1473 1474 CONFIGFS_ATTR(f_hid_opts_, interval); 1475 1476 static ssize_t f_hid_opts_dev_show(struct config_item *item, char *page) 1477 { 1478 struct f_hid_opts *opts = to_f_hid_opts(item); 1479 1480 return sprintf(page, "%d:%d\n", major, opts->minor); 1481 } 1482 1483 CONFIGFS_ATTR_RO(f_hid_opts_, dev); 1484 1485 static struct configfs_attribute *hid_attrs[] = { 1486 &f_hid_opts_attr_subclass, 1487 &f_hid_opts_attr_protocol, 1488 &f_hid_opts_attr_no_out_endpoint, 1489 &f_hid_opts_attr_report_length, 1490 &f_hid_opts_attr_interval, 1491 &f_hid_opts_attr_report_desc, 1492 &f_hid_opts_attr_dev, 1493 NULL, 1494 }; 1495 1496 static const struct config_item_type hid_func_type = { 1497 .ct_item_ops = &hidg_item_ops, 1498 .ct_attrs = hid_attrs, 1499 .ct_owner = THIS_MODULE, 1500 }; 1501 1502 static inline void hidg_put_minor(int minor) 1503 { 1504 ida_free(&hidg_ida, minor); 1505 } 1506 1507 static void hidg_free_inst(struct usb_function_instance *f) 1508 { 1509 struct f_hid_opts *opts; 1510 1511 opts = container_of(f, struct f_hid_opts, func_inst); 1512 1513 mutex_lock(&hidg_ida_lock); 1514 1515 hidg_put_minor(opts->minor); 1516 if (ida_is_empty(&hidg_ida)) 1517 ghid_cleanup(); 1518 1519 mutex_unlock(&hidg_ida_lock); 1520 1521 if (opts->report_desc_alloc) 1522 kfree(opts->report_desc); 1523 1524 kfree(opts); 1525 } 1526 1527 static struct usb_function_instance *hidg_alloc_inst(void) 1528 { 1529 struct f_hid_opts *opts; 1530 struct usb_function_instance *ret; 1531 int status = 0; 1532 1533 opts = kzalloc(sizeof(*opts), GFP_KERNEL); 1534 if (!opts) 1535 return ERR_PTR(-ENOMEM); 1536 mutex_init(&opts->lock); 1537 1538 opts->interval = 4; 1539 opts->interval_user_set = false; 1540 1541 opts->func_inst.free_func_inst = hidg_free_inst; 1542 ret = &opts->func_inst; 1543 1544 mutex_lock(&hidg_ida_lock); 1545 1546 if (ida_is_empty(&hidg_ida)) { 1547 status = ghid_setup(NULL, HIDG_MINORS); 1548 if (status) { 1549 ret = ERR_PTR(status); 1550 kfree(opts); 1551 goto unlock; 1552 } 1553 } 1554 1555 opts->minor = hidg_get_minor(); 1556 if (opts->minor < 0) { 1557 ret = ERR_PTR(opts->minor); 1558 kfree(opts); 1559 if (ida_is_empty(&hidg_ida)) 1560 ghid_cleanup(); 1561 goto unlock; 1562 } 1563 config_group_init_type_name(&opts->func_inst.group, "", &hid_func_type); 1564 1565 unlock: 1566 mutex_unlock(&hidg_ida_lock); 1567 return ret; 1568 } 1569 1570 static void hidg_free(struct usb_function *f) 1571 { 1572 struct f_hidg *hidg; 1573 struct f_hid_opts *opts; 1574 1575 hidg = func_to_hidg(f); 1576 opts = container_of(f->fi, struct f_hid_opts, func_inst); 1577 put_device(&hidg->dev); 1578 mutex_lock(&opts->lock); 1579 --opts->refcnt; 1580 mutex_unlock(&opts->lock); 1581 } 1582 1583 static void hidg_unbind(struct usb_configuration *c, struct usb_function *f) 1584 { 1585 struct f_hidg *hidg = func_to_hidg(f); 1586 1587 cdev_device_del(&hidg->cdev, &hidg->dev); 1588 destroy_workqueue(hidg->workqueue); 1589 usb_free_all_descriptors(f); 1590 } 1591 1592 static struct usb_function *hidg_alloc(struct usb_function_instance *fi) 1593 { 1594 struct f_hidg *hidg; 1595 struct f_hid_opts *opts; 1596 int ret; 1597 1598 /* allocate and initialize one new instance */ 1599 hidg = kzalloc(sizeof(*hidg), GFP_KERNEL); 1600 if (!hidg) 1601 return ERR_PTR(-ENOMEM); 1602 1603 opts = container_of(fi, struct f_hid_opts, func_inst); 1604 1605 mutex_lock(&opts->lock); 1606 1607 device_initialize(&hidg->dev); 1608 hidg->dev.release = hidg_release; 1609 hidg->dev.class = &hidg_class; 1610 hidg->dev.devt = MKDEV(major, opts->minor); 1611 ret = dev_set_name(&hidg->dev, "hidg%d", opts->minor); 1612 if (ret) 1613 goto err_unlock; 1614 1615 hidg->bInterfaceSubClass = opts->subclass; 1616 hidg->bInterfaceProtocol = opts->protocol; 1617 hidg->report_length = opts->report_length; 1618 hidg->report_desc_length = opts->report_desc_length; 1619 hidg->interval = opts->interval; 1620 hidg->interval_user_set = opts->interval_user_set; 1621 if (opts->report_desc) { 1622 hidg->report_desc = kmemdup(opts->report_desc, 1623 opts->report_desc_length, 1624 GFP_KERNEL); 1625 if (!hidg->report_desc) { 1626 ret = -ENOMEM; 1627 goto err_put_device; 1628 } 1629 } 1630 hidg->use_out_ep = !opts->no_out_endpoint; 1631 1632 ++opts->refcnt; 1633 mutex_unlock(&opts->lock); 1634 1635 hidg->func.name = "hid"; 1636 hidg->func.bind = hidg_bind; 1637 hidg->func.unbind = hidg_unbind; 1638 hidg->func.set_alt = hidg_set_alt; 1639 hidg->func.disable = hidg_disable; 1640 hidg->func.setup = hidg_setup; 1641 hidg->func.free_func = hidg_free; 1642 1643 /* this could be made configurable at some point */ 1644 hidg->qlen = 4; 1645 1646 return &hidg->func; 1647 1648 err_put_device: 1649 put_device(&hidg->dev); 1650 err_unlock: 1651 mutex_unlock(&opts->lock); 1652 return ERR_PTR(ret); 1653 } 1654 1655 DECLARE_USB_FUNCTION_INIT(hid, hidg_alloc_inst, hidg_alloc); 1656 MODULE_DESCRIPTION("USB HID function driver"); 1657 MODULE_LICENSE("GPL"); 1658 MODULE_AUTHOR("Fabien Chouteau"); 1659 1660 int ghid_setup(struct usb_gadget *g, int count) 1661 { 1662 int status; 1663 dev_t dev; 1664 1665 status = class_register(&hidg_class); 1666 if (status) 1667 return status; 1668 1669 status = alloc_chrdev_region(&dev, 0, count, "hidg"); 1670 if (status) { 1671 class_unregister(&hidg_class); 1672 return status; 1673 } 1674 1675 major = MAJOR(dev); 1676 minors = count; 1677 1678 return 0; 1679 } 1680 1681 void ghid_cleanup(void) 1682 { 1683 if (major) { 1684 unregister_chrdev_region(MKDEV(major, 0), minors); 1685 major = minors = 0; 1686 } 1687 1688 class_unregister(&hidg_class); 1689 } 1690