Loading...
1// SPDX-License-Identifier: GPL-2.0+
2/*
3 * f_hid.c -- USB HID function driver
4 *
5 * Copyright (C) 2010 Fabien Chouteau <fabien.chouteau@barco.com>
6 */
7
8#include <linux/kernel.h>
9#include <linux/module.h>
10#include <linux/hid.h>
11#include <linux/idr.h>
12#include <linux/cdev.h>
13#include <linux/mutex.h>
14#include <linux/poll.h>
15#include <linux/uaccess.h>
16#include <linux/wait.h>
17#include <linux/sched.h>
18#include <linux/usb/g_hid.h>
19
20#include "u_f.h"
21#include "u_hid.h"
22
23#define HIDG_MINORS 4
24
25static int major, minors;
26
27static const struct class hidg_class = {
28 .name = "hidg",
29};
30
31static DEFINE_IDA(hidg_ida);
32static DEFINE_MUTEX(hidg_ida_lock); /* protects access to hidg_ida */
33
34/*-------------------------------------------------------------------------*/
35/* HID gadget struct */
36
37struct f_hidg_req_list {
38 struct usb_request *req;
39 unsigned int pos;
40 struct list_head list;
41};
42
43struct f_hidg {
44 /* configuration */
45 unsigned char bInterfaceSubClass;
46 unsigned char bInterfaceProtocol;
47 unsigned char protocol;
48 unsigned char idle;
49 unsigned short report_desc_length;
50 char *report_desc;
51 unsigned short report_length;
52 /*
53 * use_out_ep - if true, the OUT Endpoint (interrupt out method)
54 * will be used to receive reports from the host
55 * using functions with the "intout" suffix.
56 * Otherwise, the OUT Endpoint will not be configured
57 * and the SETUP/SET_REPORT method ("ssreport" suffix)
58 * will be used to receive reports.
59 */
60 bool use_out_ep;
61
62 /* recv report */
63 spinlock_t read_spinlock;
64 wait_queue_head_t read_queue;
65 /* recv report - interrupt out only (use_out_ep == 1) */
66 struct list_head completed_out_req;
67 unsigned int qlen;
68 /* recv report - setup set_report only (use_out_ep == 0) */
69 char *set_report_buf;
70 unsigned int set_report_length;
71
72 /* send report */
73 spinlock_t write_spinlock;
74 bool write_pending;
75 wait_queue_head_t write_queue;
76 struct usb_request *req;
77
78 struct device dev;
79 struct cdev cdev;
80 struct usb_function func;
81
82 struct usb_ep *in_ep;
83 struct usb_ep *out_ep;
84};
85
86static inline struct f_hidg *func_to_hidg(struct usb_function *f)
87{
88 return container_of(f, struct f_hidg, func);
89}
90
91static void hidg_release(struct device *dev)
92{
93 struct f_hidg *hidg = container_of(dev, struct f_hidg, dev);
94
95 kfree(hidg->report_desc);
96 kfree(hidg->set_report_buf);
97 kfree(hidg);
98}
99
100/*-------------------------------------------------------------------------*/
101/* Static descriptors */
102
103static struct usb_interface_descriptor hidg_interface_desc = {
104 .bLength = sizeof hidg_interface_desc,
105 .bDescriptorType = USB_DT_INTERFACE,
106 /* .bInterfaceNumber = DYNAMIC */
107 .bAlternateSetting = 0,
108 /* .bNumEndpoints = DYNAMIC (depends on use_out_ep) */
109 .bInterfaceClass = USB_CLASS_HID,
110 /* .bInterfaceSubClass = DYNAMIC */
111 /* .bInterfaceProtocol = DYNAMIC */
112 /* .iInterface = DYNAMIC */
113};
114
115static struct hid_descriptor hidg_desc = {
116 .bLength = sizeof hidg_desc,
117 .bDescriptorType = HID_DT_HID,
118 .bcdHID = cpu_to_le16(0x0101),
119 .bCountryCode = 0x00,
120 .bNumDescriptors = 0x1,
121 /*.desc[0].bDescriptorType = DYNAMIC */
122 /*.desc[0].wDescriptorLenght = DYNAMIC */
123};
124
125/* Super-Speed Support */
126
127static struct usb_endpoint_descriptor hidg_ss_in_ep_desc = {
128 .bLength = USB_DT_ENDPOINT_SIZE,
129 .bDescriptorType = USB_DT_ENDPOINT,
130 .bEndpointAddress = USB_DIR_IN,
131 .bmAttributes = USB_ENDPOINT_XFER_INT,
132 /*.wMaxPacketSize = DYNAMIC */
133 .bInterval = 4, /* FIXME: Add this field in the
134 * HID gadget configuration?
135 * (struct hidg_func_descriptor)
136 */
137};
138
139static struct usb_ss_ep_comp_descriptor hidg_ss_in_comp_desc = {
140 .bLength = sizeof(hidg_ss_in_comp_desc),
141 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
142
143 /* .bMaxBurst = 0, */
144 /* .bmAttributes = 0, */
145 /* .wBytesPerInterval = DYNAMIC */
146};
147
148static struct usb_endpoint_descriptor hidg_ss_out_ep_desc = {
149 .bLength = USB_DT_ENDPOINT_SIZE,
150 .bDescriptorType = USB_DT_ENDPOINT,
151 .bEndpointAddress = USB_DIR_OUT,
152 .bmAttributes = USB_ENDPOINT_XFER_INT,
153 /*.wMaxPacketSize = DYNAMIC */
154 .bInterval = 4, /* FIXME: Add this field in the
155 * HID gadget configuration?
156 * (struct hidg_func_descriptor)
157 */
158};
159
160static struct usb_ss_ep_comp_descriptor hidg_ss_out_comp_desc = {
161 .bLength = sizeof(hidg_ss_out_comp_desc),
162 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
163
164 /* .bMaxBurst = 0, */
165 /* .bmAttributes = 0, */
166 /* .wBytesPerInterval = DYNAMIC */
167};
168
169static struct usb_descriptor_header *hidg_ss_descriptors_intout[] = {
170 (struct usb_descriptor_header *)&hidg_interface_desc,
171 (struct usb_descriptor_header *)&hidg_desc,
172 (struct usb_descriptor_header *)&hidg_ss_in_ep_desc,
173 (struct usb_descriptor_header *)&hidg_ss_in_comp_desc,
174 (struct usb_descriptor_header *)&hidg_ss_out_ep_desc,
175 (struct usb_descriptor_header *)&hidg_ss_out_comp_desc,
176 NULL,
177};
178
179static struct usb_descriptor_header *hidg_ss_descriptors_ssreport[] = {
180 (struct usb_descriptor_header *)&hidg_interface_desc,
181 (struct usb_descriptor_header *)&hidg_desc,
182 (struct usb_descriptor_header *)&hidg_ss_in_ep_desc,
183 (struct usb_descriptor_header *)&hidg_ss_in_comp_desc,
184 NULL,
185};
186
187/* High-Speed Support */
188
189static struct usb_endpoint_descriptor hidg_hs_in_ep_desc = {
190 .bLength = USB_DT_ENDPOINT_SIZE,
191 .bDescriptorType = USB_DT_ENDPOINT,
192 .bEndpointAddress = USB_DIR_IN,
193 .bmAttributes = USB_ENDPOINT_XFER_INT,
194 /*.wMaxPacketSize = DYNAMIC */
195 .bInterval = 4, /* FIXME: Add this field in the
196 * HID gadget configuration?
197 * (struct hidg_func_descriptor)
198 */
199};
200
201static struct usb_endpoint_descriptor hidg_hs_out_ep_desc = {
202 .bLength = USB_DT_ENDPOINT_SIZE,
203 .bDescriptorType = USB_DT_ENDPOINT,
204 .bEndpointAddress = USB_DIR_OUT,
205 .bmAttributes = USB_ENDPOINT_XFER_INT,
206 /*.wMaxPacketSize = DYNAMIC */
207 .bInterval = 4, /* FIXME: Add this field in the
208 * HID gadget configuration?
209 * (struct hidg_func_descriptor)
210 */
211};
212
213static struct usb_descriptor_header *hidg_hs_descriptors_intout[] = {
214 (struct usb_descriptor_header *)&hidg_interface_desc,
215 (struct usb_descriptor_header *)&hidg_desc,
216 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc,
217 (struct usb_descriptor_header *)&hidg_hs_out_ep_desc,
218 NULL,
219};
220
221static struct usb_descriptor_header *hidg_hs_descriptors_ssreport[] = {
222 (struct usb_descriptor_header *)&hidg_interface_desc,
223 (struct usb_descriptor_header *)&hidg_desc,
224 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc,
225 NULL,
226};
227
228/* Full-Speed Support */
229
230static struct usb_endpoint_descriptor hidg_fs_in_ep_desc = {
231 .bLength = USB_DT_ENDPOINT_SIZE,
232 .bDescriptorType = USB_DT_ENDPOINT,
233 .bEndpointAddress = USB_DIR_IN,
234 .bmAttributes = USB_ENDPOINT_XFER_INT,
235 /*.wMaxPacketSize = DYNAMIC */
236 .bInterval = 10, /* FIXME: Add this field in the
237 * HID gadget configuration?
238 * (struct hidg_func_descriptor)
239 */
240};
241
242static struct usb_endpoint_descriptor hidg_fs_out_ep_desc = {
243 .bLength = USB_DT_ENDPOINT_SIZE,
244 .bDescriptorType = USB_DT_ENDPOINT,
245 .bEndpointAddress = USB_DIR_OUT,
246 .bmAttributes = USB_ENDPOINT_XFER_INT,
247 /*.wMaxPacketSize = DYNAMIC */
248 .bInterval = 10, /* FIXME: Add this field in the
249 * HID gadget configuration?
250 * (struct hidg_func_descriptor)
251 */
252};
253
254static struct usb_descriptor_header *hidg_fs_descriptors_intout[] = {
255 (struct usb_descriptor_header *)&hidg_interface_desc,
256 (struct usb_descriptor_header *)&hidg_desc,
257 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc,
258 (struct usb_descriptor_header *)&hidg_fs_out_ep_desc,
259 NULL,
260};
261
262static struct usb_descriptor_header *hidg_fs_descriptors_ssreport[] = {
263 (struct usb_descriptor_header *)&hidg_interface_desc,
264 (struct usb_descriptor_header *)&hidg_desc,
265 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc,
266 NULL,
267};
268
269/*-------------------------------------------------------------------------*/
270/* Strings */
271
272#define CT_FUNC_HID_IDX 0
273
274static struct usb_string ct_func_string_defs[] = {
275 [CT_FUNC_HID_IDX].s = "HID Interface",
276 {}, /* end of list */
277};
278
279static struct usb_gadget_strings ct_func_string_table = {
280 .language = 0x0409, /* en-US */
281 .strings = ct_func_string_defs,
282};
283
284static struct usb_gadget_strings *ct_func_strings[] = {
285 &ct_func_string_table,
286 NULL,
287};
288
289/*-------------------------------------------------------------------------*/
290/* Char Device */
291
292static ssize_t f_hidg_intout_read(struct file *file, char __user *buffer,
293 size_t count, loff_t *ptr)
294{
295 struct f_hidg *hidg = file->private_data;
296 struct f_hidg_req_list *list;
297 struct usb_request *req;
298 unsigned long flags;
299 int ret;
300
301 if (!count)
302 return 0;
303
304 spin_lock_irqsave(&hidg->read_spinlock, flags);
305
306#define READ_COND_INTOUT (!list_empty(&hidg->completed_out_req))
307
308 /* wait for at least one buffer to complete */
309 while (!READ_COND_INTOUT) {
310 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
311 if (file->f_flags & O_NONBLOCK)
312 return -EAGAIN;
313
314 if (wait_event_interruptible(hidg->read_queue, READ_COND_INTOUT))
315 return -ERESTARTSYS;
316
317 spin_lock_irqsave(&hidg->read_spinlock, flags);
318 }
319
320 /* pick the first one */
321 list = list_first_entry(&hidg->completed_out_req,
322 struct f_hidg_req_list, list);
323
324 /*
325 * Remove this from list to protect it from beign free()
326 * while host disables our function
327 */
328 list_del(&list->list);
329
330 req = list->req;
331 count = min_t(unsigned int, count, req->actual - list->pos);
332 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
333
334 /* copy to user outside spinlock */
335 count -= copy_to_user(buffer, req->buf + list->pos, count);
336 list->pos += count;
337
338 /*
339 * if this request is completely handled and transfered to
340 * userspace, remove its entry from the list and requeue it
341 * again. Otherwise, we will revisit it again upon the next
342 * call, taking into account its current read position.
343 */
344 if (list->pos == req->actual) {
345 kfree(list);
346
347 req->length = hidg->report_length;
348 ret = usb_ep_queue(hidg->out_ep, req, GFP_KERNEL);
349 if (ret < 0) {
350 free_ep_req(hidg->out_ep, req);
351 return ret;
352 }
353 } else {
354 spin_lock_irqsave(&hidg->read_spinlock, flags);
355 list_add(&list->list, &hidg->completed_out_req);
356 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
357
358 wake_up(&hidg->read_queue);
359 }
360
361 return count;
362}
363
364#define READ_COND_SSREPORT (hidg->set_report_buf != NULL)
365
366static ssize_t f_hidg_ssreport_read(struct file *file, char __user *buffer,
367 size_t count, loff_t *ptr)
368{
369 struct f_hidg *hidg = file->private_data;
370 char *tmp_buf = NULL;
371 unsigned long flags;
372
373 if (!count)
374 return 0;
375
376 spin_lock_irqsave(&hidg->read_spinlock, flags);
377
378 while (!READ_COND_SSREPORT) {
379 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
380 if (file->f_flags & O_NONBLOCK)
381 return -EAGAIN;
382
383 if (wait_event_interruptible(hidg->read_queue, READ_COND_SSREPORT))
384 return -ERESTARTSYS;
385
386 spin_lock_irqsave(&hidg->read_spinlock, flags);
387 }
388
389 count = min_t(unsigned int, count, hidg->set_report_length);
390 tmp_buf = hidg->set_report_buf;
391 hidg->set_report_buf = NULL;
392
393 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
394
395 if (tmp_buf != NULL) {
396 count -= copy_to_user(buffer, tmp_buf, count);
397 kfree(tmp_buf);
398 } else {
399 count = -ENOMEM;
400 }
401
402 wake_up(&hidg->read_queue);
403
404 return count;
405}
406
407static ssize_t f_hidg_read(struct file *file, char __user *buffer,
408 size_t count, loff_t *ptr)
409{
410 struct f_hidg *hidg = file->private_data;
411
412 if (hidg->use_out_ep)
413 return f_hidg_intout_read(file, buffer, count, ptr);
414 else
415 return f_hidg_ssreport_read(file, buffer, count, ptr);
416}
417
418static void f_hidg_req_complete(struct usb_ep *ep, struct usb_request *req)
419{
420 struct f_hidg *hidg = (struct f_hidg *)ep->driver_data;
421 unsigned long flags;
422
423 if (req->status != 0) {
424 ERROR(hidg->func.config->cdev,
425 "End Point Request ERROR: %d\n", req->status);
426 }
427
428 spin_lock_irqsave(&hidg->write_spinlock, flags);
429 hidg->write_pending = 0;
430 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
431 wake_up(&hidg->write_queue);
432}
433
434static ssize_t f_hidg_write(struct file *file, const char __user *buffer,
435 size_t count, loff_t *offp)
436{
437 struct f_hidg *hidg = file->private_data;
438 struct usb_request *req;
439 unsigned long flags;
440 ssize_t status = -ENOMEM;
441
442 spin_lock_irqsave(&hidg->write_spinlock, flags);
443
444 if (!hidg->req) {
445 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
446 return -ESHUTDOWN;
447 }
448
449#define WRITE_COND (!hidg->write_pending)
450try_again:
451 /* write queue */
452 while (!WRITE_COND) {
453 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
454 if (file->f_flags & O_NONBLOCK)
455 return -EAGAIN;
456
457 if (wait_event_interruptible_exclusive(
458 hidg->write_queue, WRITE_COND))
459 return -ERESTARTSYS;
460
461 spin_lock_irqsave(&hidg->write_spinlock, flags);
462 }
463
464 hidg->write_pending = 1;
465 req = hidg->req;
466 count = min_t(unsigned, count, hidg->report_length);
467
468 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
469
470 if (!req) {
471 ERROR(hidg->func.config->cdev, "hidg->req is NULL\n");
472 status = -ESHUTDOWN;
473 goto release_write_pending;
474 }
475
476 status = copy_from_user(req->buf, buffer, count);
477 if (status != 0) {
478 ERROR(hidg->func.config->cdev,
479 "copy_from_user error\n");
480 status = -EINVAL;
481 goto release_write_pending;
482 }
483
484 spin_lock_irqsave(&hidg->write_spinlock, flags);
485
486 /* when our function has been disabled by host */
487 if (!hidg->req) {
488 free_ep_req(hidg->in_ep, req);
489 /*
490 * TODO
491 * Should we fail with error here?
492 */
493 goto try_again;
494 }
495
496 req->status = 0;
497 req->zero = 0;
498 req->length = count;
499 req->complete = f_hidg_req_complete;
500 req->context = hidg;
501
502 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
503
504 if (!hidg->in_ep->enabled) {
505 ERROR(hidg->func.config->cdev, "in_ep is disabled\n");
506 status = -ESHUTDOWN;
507 goto release_write_pending;
508 }
509
510 status = usb_ep_queue(hidg->in_ep, req, GFP_ATOMIC);
511 if (status < 0)
512 goto release_write_pending;
513 else
514 status = count;
515
516 return status;
517release_write_pending:
518 spin_lock_irqsave(&hidg->write_spinlock, flags);
519 hidg->write_pending = 0;
520 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
521
522 wake_up(&hidg->write_queue);
523
524 return status;
525}
526
527static __poll_t f_hidg_poll(struct file *file, poll_table *wait)
528{
529 struct f_hidg *hidg = file->private_data;
530 __poll_t ret = 0;
531
532 poll_wait(file, &hidg->read_queue, wait);
533 poll_wait(file, &hidg->write_queue, wait);
534
535 if (WRITE_COND)
536 ret |= EPOLLOUT | EPOLLWRNORM;
537
538 if (hidg->use_out_ep) {
539 if (READ_COND_INTOUT)
540 ret |= EPOLLIN | EPOLLRDNORM;
541 } else {
542 if (READ_COND_SSREPORT)
543 ret |= EPOLLIN | EPOLLRDNORM;
544 }
545
546 return ret;
547}
548
549#undef WRITE_COND
550#undef READ_COND_SSREPORT
551#undef READ_COND_INTOUT
552
553static int f_hidg_release(struct inode *inode, struct file *fd)
554{
555 fd->private_data = NULL;
556 return 0;
557}
558
559static int f_hidg_open(struct inode *inode, struct file *fd)
560{
561 struct f_hidg *hidg =
562 container_of(inode->i_cdev, struct f_hidg, cdev);
563
564 fd->private_data = hidg;
565
566 return 0;
567}
568
569/*-------------------------------------------------------------------------*/
570/* usb_function */
571
572static inline struct usb_request *hidg_alloc_ep_req(struct usb_ep *ep,
573 unsigned length)
574{
575 return alloc_ep_req(ep, length);
576}
577
578static void hidg_intout_complete(struct usb_ep *ep, struct usb_request *req)
579{
580 struct f_hidg *hidg = (struct f_hidg *) req->context;
581 struct usb_composite_dev *cdev = hidg->func.config->cdev;
582 struct f_hidg_req_list *req_list;
583 unsigned long flags;
584
585 switch (req->status) {
586 case 0:
587 req_list = kzalloc(sizeof(*req_list), GFP_ATOMIC);
588 if (!req_list) {
589 ERROR(cdev, "Unable to allocate mem for req_list\n");
590 goto free_req;
591 }
592
593 req_list->req = req;
594
595 spin_lock_irqsave(&hidg->read_spinlock, flags);
596 list_add_tail(&req_list->list, &hidg->completed_out_req);
597 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
598
599 wake_up(&hidg->read_queue);
600 break;
601 default:
602 ERROR(cdev, "Set report failed %d\n", req->status);
603 fallthrough;
604 case -ECONNABORTED: /* hardware forced ep reset */
605 case -ECONNRESET: /* request dequeued */
606 case -ESHUTDOWN: /* disconnect from host */
607free_req:
608 free_ep_req(ep, req);
609 return;
610 }
611}
612
613static void hidg_ssreport_complete(struct usb_ep *ep, struct usb_request *req)
614{
615 struct f_hidg *hidg = (struct f_hidg *)req->context;
616 struct usb_composite_dev *cdev = hidg->func.config->cdev;
617 char *new_buf = NULL;
618 unsigned long flags;
619
620 if (req->status != 0 || req->buf == NULL || req->actual == 0) {
621 ERROR(cdev,
622 "%s FAILED: status=%d, buf=%p, actual=%d\n",
623 __func__, req->status, req->buf, req->actual);
624 return;
625 }
626
627 spin_lock_irqsave(&hidg->read_spinlock, flags);
628
629 new_buf = krealloc(hidg->set_report_buf, req->actual, GFP_ATOMIC);
630 if (new_buf == NULL) {
631 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
632 return;
633 }
634 hidg->set_report_buf = new_buf;
635
636 hidg->set_report_length = req->actual;
637 memcpy(hidg->set_report_buf, req->buf, req->actual);
638
639 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
640
641 wake_up(&hidg->read_queue);
642}
643
644static int hidg_setup(struct usb_function *f,
645 const struct usb_ctrlrequest *ctrl)
646{
647 struct f_hidg *hidg = func_to_hidg(f);
648 struct usb_composite_dev *cdev = f->config->cdev;
649 struct usb_request *req = cdev->req;
650 int status = 0;
651 __u16 value, length;
652
653 value = __le16_to_cpu(ctrl->wValue);
654 length = __le16_to_cpu(ctrl->wLength);
655
656 VDBG(cdev,
657 "%s crtl_request : bRequestType:0x%x bRequest:0x%x Value:0x%x\n",
658 __func__, ctrl->bRequestType, ctrl->bRequest, value);
659
660 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) {
661 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
662 | HID_REQ_GET_REPORT):
663 VDBG(cdev, "get_report\n");
664
665 /* send an empty report */
666 length = min_t(unsigned, length, hidg->report_length);
667 memset(req->buf, 0x0, length);
668
669 goto respond;
670 break;
671
672 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
673 | HID_REQ_GET_PROTOCOL):
674 VDBG(cdev, "get_protocol\n");
675 length = min_t(unsigned int, length, 1);
676 ((u8 *) req->buf)[0] = hidg->protocol;
677 goto respond;
678 break;
679
680 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
681 | HID_REQ_GET_IDLE):
682 VDBG(cdev, "get_idle\n");
683 length = min_t(unsigned int, length, 1);
684 ((u8 *) req->buf)[0] = hidg->idle;
685 goto respond;
686 break;
687
688 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
689 | HID_REQ_SET_REPORT):
690 VDBG(cdev, "set_report | wLength=%d\n", ctrl->wLength);
691 if (hidg->use_out_ep)
692 goto stall;
693 req->complete = hidg_ssreport_complete;
694 req->context = hidg;
695 goto respond;
696 break;
697
698 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
699 | HID_REQ_SET_PROTOCOL):
700 VDBG(cdev, "set_protocol\n");
701 if (value > HID_REPORT_PROTOCOL)
702 goto stall;
703 length = 0;
704 /*
705 * We assume that programs implementing the Boot protocol
706 * are also compatible with the Report Protocol
707 */
708 if (hidg->bInterfaceSubClass == USB_INTERFACE_SUBCLASS_BOOT) {
709 hidg->protocol = value;
710 goto respond;
711 }
712 goto stall;
713 break;
714
715 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
716 | HID_REQ_SET_IDLE):
717 VDBG(cdev, "set_idle\n");
718 length = 0;
719 hidg->idle = value >> 8;
720 goto respond;
721 break;
722
723 case ((USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_INTERFACE) << 8
724 | USB_REQ_GET_DESCRIPTOR):
725 switch (value >> 8) {
726 case HID_DT_HID:
727 {
728 struct hid_descriptor hidg_desc_copy = hidg_desc;
729
730 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n");
731 hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT;
732 hidg_desc_copy.desc[0].wDescriptorLength =
733 cpu_to_le16(hidg->report_desc_length);
734
735 length = min_t(unsigned short, length,
736 hidg_desc_copy.bLength);
737 memcpy(req->buf, &hidg_desc_copy, length);
738 goto respond;
739 break;
740 }
741 case HID_DT_REPORT:
742 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: REPORT\n");
743 length = min_t(unsigned short, length,
744 hidg->report_desc_length);
745 memcpy(req->buf, hidg->report_desc, length);
746 goto respond;
747 break;
748
749 default:
750 VDBG(cdev, "Unknown descriptor request 0x%x\n",
751 value >> 8);
752 goto stall;
753 break;
754 }
755 break;
756
757 default:
758 VDBG(cdev, "Unknown request 0x%x\n",
759 ctrl->bRequest);
760 goto stall;
761 break;
762 }
763
764stall:
765 return -EOPNOTSUPP;
766
767respond:
768 req->zero = 0;
769 req->length = length;
770 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC);
771 if (status < 0)
772 ERROR(cdev, "usb_ep_queue error on ep0 %d\n", value);
773 return status;
774}
775
776static void hidg_disable(struct usb_function *f)
777{
778 struct f_hidg *hidg = func_to_hidg(f);
779 struct f_hidg_req_list *list, *next;
780 unsigned long flags;
781
782 usb_ep_disable(hidg->in_ep);
783
784 if (hidg->out_ep) {
785 usb_ep_disable(hidg->out_ep);
786
787 spin_lock_irqsave(&hidg->read_spinlock, flags);
788 list_for_each_entry_safe(list, next, &hidg->completed_out_req, list) {
789 free_ep_req(hidg->out_ep, list->req);
790 list_del(&list->list);
791 kfree(list);
792 }
793 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
794 }
795
796 spin_lock_irqsave(&hidg->write_spinlock, flags);
797 if (!hidg->write_pending) {
798 free_ep_req(hidg->in_ep, hidg->req);
799 hidg->write_pending = 1;
800 }
801
802 hidg->req = NULL;
803 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
804}
805
806static int hidg_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
807{
808 struct usb_composite_dev *cdev = f->config->cdev;
809 struct f_hidg *hidg = func_to_hidg(f);
810 struct usb_request *req_in = NULL;
811 unsigned long flags;
812 int i, status = 0;
813
814 VDBG(cdev, "hidg_set_alt intf:%d alt:%d\n", intf, alt);
815
816 if (hidg->in_ep != NULL) {
817 /* restart endpoint */
818 usb_ep_disable(hidg->in_ep);
819
820 status = config_ep_by_speed(f->config->cdev->gadget, f,
821 hidg->in_ep);
822 if (status) {
823 ERROR(cdev, "config_ep_by_speed FAILED!\n");
824 goto fail;
825 }
826 status = usb_ep_enable(hidg->in_ep);
827 if (status < 0) {
828 ERROR(cdev, "Enable IN endpoint FAILED!\n");
829 goto fail;
830 }
831 hidg->in_ep->driver_data = hidg;
832
833 req_in = hidg_alloc_ep_req(hidg->in_ep, hidg->report_length);
834 if (!req_in) {
835 status = -ENOMEM;
836 goto disable_ep_in;
837 }
838 }
839
840 if (hidg->use_out_ep && hidg->out_ep != NULL) {
841 /* restart endpoint */
842 usb_ep_disable(hidg->out_ep);
843
844 status = config_ep_by_speed(f->config->cdev->gadget, f,
845 hidg->out_ep);
846 if (status) {
847 ERROR(cdev, "config_ep_by_speed FAILED!\n");
848 goto free_req_in;
849 }
850 status = usb_ep_enable(hidg->out_ep);
851 if (status < 0) {
852 ERROR(cdev, "Enable OUT endpoint FAILED!\n");
853 goto free_req_in;
854 }
855 hidg->out_ep->driver_data = hidg;
856
857 /*
858 * allocate a bunch of read buffers and queue them all at once.
859 */
860 for (i = 0; i < hidg->qlen && status == 0; i++) {
861 struct usb_request *req =
862 hidg_alloc_ep_req(hidg->out_ep,
863 hidg->report_length);
864 if (req) {
865 req->complete = hidg_intout_complete;
866 req->context = hidg;
867 status = usb_ep_queue(hidg->out_ep, req,
868 GFP_ATOMIC);
869 if (status) {
870 ERROR(cdev, "%s queue req --> %d\n",
871 hidg->out_ep->name, status);
872 free_ep_req(hidg->out_ep, req);
873 }
874 } else {
875 status = -ENOMEM;
876 goto disable_out_ep;
877 }
878 }
879 }
880
881 if (hidg->in_ep != NULL) {
882 spin_lock_irqsave(&hidg->write_spinlock, flags);
883 hidg->req = req_in;
884 hidg->write_pending = 0;
885 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
886
887 wake_up(&hidg->write_queue);
888 }
889 return 0;
890disable_out_ep:
891 if (hidg->out_ep)
892 usb_ep_disable(hidg->out_ep);
893free_req_in:
894 if (req_in)
895 free_ep_req(hidg->in_ep, req_in);
896
897disable_ep_in:
898 if (hidg->in_ep)
899 usb_ep_disable(hidg->in_ep);
900
901fail:
902 return status;
903}
904
905static const struct file_operations f_hidg_fops = {
906 .owner = THIS_MODULE,
907 .open = f_hidg_open,
908 .release = f_hidg_release,
909 .write = f_hidg_write,
910 .read = f_hidg_read,
911 .poll = f_hidg_poll,
912 .llseek = noop_llseek,
913};
914
915static int hidg_bind(struct usb_configuration *c, struct usb_function *f)
916{
917 struct usb_ep *ep;
918 struct f_hidg *hidg = func_to_hidg(f);
919 struct usb_string *us;
920 int status;
921
922 /* maybe allocate device-global string IDs, and patch descriptors */
923 us = usb_gstrings_attach(c->cdev, ct_func_strings,
924 ARRAY_SIZE(ct_func_string_defs));
925 if (IS_ERR(us))
926 return PTR_ERR(us);
927 hidg_interface_desc.iInterface = us[CT_FUNC_HID_IDX].id;
928
929 /* allocate instance-specific interface IDs, and patch descriptors */
930 status = usb_interface_id(c, f);
931 if (status < 0)
932 goto fail;
933 hidg_interface_desc.bInterfaceNumber = status;
934
935 /* allocate instance-specific endpoints */
936 status = -ENODEV;
937 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_in_ep_desc);
938 if (!ep)
939 goto fail;
940 hidg->in_ep = ep;
941
942 hidg->out_ep = NULL;
943 if (hidg->use_out_ep) {
944 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_out_ep_desc);
945 if (!ep)
946 goto fail;
947 hidg->out_ep = ep;
948 }
949
950 /* used only if use_out_ep == 1 */
951 hidg->set_report_buf = NULL;
952
953 /* set descriptor dynamic values */
954 hidg_interface_desc.bInterfaceSubClass = hidg->bInterfaceSubClass;
955 hidg_interface_desc.bInterfaceProtocol = hidg->bInterfaceProtocol;
956 hidg_interface_desc.bNumEndpoints = hidg->use_out_ep ? 2 : 1;
957 hidg->protocol = HID_REPORT_PROTOCOL;
958 hidg->idle = 1;
959 hidg_ss_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
960 hidg_ss_in_comp_desc.wBytesPerInterval =
961 cpu_to_le16(hidg->report_length);
962 hidg_hs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
963 hidg_fs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
964 hidg_ss_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
965 hidg_ss_out_comp_desc.wBytesPerInterval =
966 cpu_to_le16(hidg->report_length);
967 hidg_hs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
968 hidg_fs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
969 /*
970 * We can use hidg_desc struct here but we should not relay
971 * that its content won't change after returning from this function.
972 */
973 hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT;
974 hidg_desc.desc[0].wDescriptorLength =
975 cpu_to_le16(hidg->report_desc_length);
976
977 hidg_hs_in_ep_desc.bEndpointAddress =
978 hidg_fs_in_ep_desc.bEndpointAddress;
979 hidg_hs_out_ep_desc.bEndpointAddress =
980 hidg_fs_out_ep_desc.bEndpointAddress;
981
982 hidg_ss_in_ep_desc.bEndpointAddress =
983 hidg_fs_in_ep_desc.bEndpointAddress;
984 hidg_ss_out_ep_desc.bEndpointAddress =
985 hidg_fs_out_ep_desc.bEndpointAddress;
986
987 if (hidg->use_out_ep)
988 status = usb_assign_descriptors(f,
989 hidg_fs_descriptors_intout,
990 hidg_hs_descriptors_intout,
991 hidg_ss_descriptors_intout,
992 hidg_ss_descriptors_intout);
993 else
994 status = usb_assign_descriptors(f,
995 hidg_fs_descriptors_ssreport,
996 hidg_hs_descriptors_ssreport,
997 hidg_ss_descriptors_ssreport,
998 hidg_ss_descriptors_ssreport);
999
1000 if (status)
1001 goto fail;
1002
1003 spin_lock_init(&hidg->write_spinlock);
1004 hidg->write_pending = 1;
1005 hidg->req = NULL;
1006 spin_lock_init(&hidg->read_spinlock);
1007 init_waitqueue_head(&hidg->write_queue);
1008 init_waitqueue_head(&hidg->read_queue);
1009 INIT_LIST_HEAD(&hidg->completed_out_req);
1010
1011 /* create char device */
1012 cdev_init(&hidg->cdev, &f_hidg_fops);
1013 status = cdev_device_add(&hidg->cdev, &hidg->dev);
1014 if (status)
1015 goto fail_free_descs;
1016
1017 return 0;
1018fail_free_descs:
1019 usb_free_all_descriptors(f);
1020fail:
1021 ERROR(f->config->cdev, "hidg_bind FAILED\n");
1022 if (hidg->req != NULL)
1023 free_ep_req(hidg->in_ep, hidg->req);
1024
1025 return status;
1026}
1027
1028static inline int hidg_get_minor(void)
1029{
1030 int ret;
1031
1032 ret = ida_simple_get(&hidg_ida, 0, 0, GFP_KERNEL);
1033 if (ret >= HIDG_MINORS) {
1034 ida_simple_remove(&hidg_ida, ret);
1035 ret = -ENODEV;
1036 }
1037
1038 return ret;
1039}
1040
1041static inline struct f_hid_opts *to_f_hid_opts(struct config_item *item)
1042{
1043 return container_of(to_config_group(item), struct f_hid_opts,
1044 func_inst.group);
1045}
1046
1047static void hid_attr_release(struct config_item *item)
1048{
1049 struct f_hid_opts *opts = to_f_hid_opts(item);
1050
1051 usb_put_function_instance(&opts->func_inst);
1052}
1053
1054static struct configfs_item_operations hidg_item_ops = {
1055 .release = hid_attr_release,
1056};
1057
1058#define F_HID_OPT(name, prec, limit) \
1059static ssize_t f_hid_opts_##name##_show(struct config_item *item, char *page)\
1060{ \
1061 struct f_hid_opts *opts = to_f_hid_opts(item); \
1062 int result; \
1063 \
1064 mutex_lock(&opts->lock); \
1065 result = sprintf(page, "%d\n", opts->name); \
1066 mutex_unlock(&opts->lock); \
1067 \
1068 return result; \
1069} \
1070 \
1071static ssize_t f_hid_opts_##name##_store(struct config_item *item, \
1072 const char *page, size_t len) \
1073{ \
1074 struct f_hid_opts *opts = to_f_hid_opts(item); \
1075 int ret; \
1076 u##prec num; \
1077 \
1078 mutex_lock(&opts->lock); \
1079 if (opts->refcnt) { \
1080 ret = -EBUSY; \
1081 goto end; \
1082 } \
1083 \
1084 ret = kstrtou##prec(page, 0, &num); \
1085 if (ret) \
1086 goto end; \
1087 \
1088 if (num > limit) { \
1089 ret = -EINVAL; \
1090 goto end; \
1091 } \
1092 opts->name = num; \
1093 ret = len; \
1094 \
1095end: \
1096 mutex_unlock(&opts->lock); \
1097 return ret; \
1098} \
1099 \
1100CONFIGFS_ATTR(f_hid_opts_, name)
1101
1102F_HID_OPT(subclass, 8, 255);
1103F_HID_OPT(protocol, 8, 255);
1104F_HID_OPT(no_out_endpoint, 8, 1);
1105F_HID_OPT(report_length, 16, 65535);
1106
1107static ssize_t f_hid_opts_report_desc_show(struct config_item *item, char *page)
1108{
1109 struct f_hid_opts *opts = to_f_hid_opts(item);
1110 int result;
1111
1112 mutex_lock(&opts->lock);
1113 result = opts->report_desc_length;
1114 memcpy(page, opts->report_desc, opts->report_desc_length);
1115 mutex_unlock(&opts->lock);
1116
1117 return result;
1118}
1119
1120static ssize_t f_hid_opts_report_desc_store(struct config_item *item,
1121 const char *page, size_t len)
1122{
1123 struct f_hid_opts *opts = to_f_hid_opts(item);
1124 int ret = -EBUSY;
1125 char *d;
1126
1127 mutex_lock(&opts->lock);
1128
1129 if (opts->refcnt)
1130 goto end;
1131 if (len > PAGE_SIZE) {
1132 ret = -ENOSPC;
1133 goto end;
1134 }
1135 d = kmemdup(page, len, GFP_KERNEL);
1136 if (!d) {
1137 ret = -ENOMEM;
1138 goto end;
1139 }
1140 kfree(opts->report_desc);
1141 opts->report_desc = d;
1142 opts->report_desc_length = len;
1143 opts->report_desc_alloc = true;
1144 ret = len;
1145end:
1146 mutex_unlock(&opts->lock);
1147 return ret;
1148}
1149
1150CONFIGFS_ATTR(f_hid_opts_, report_desc);
1151
1152static ssize_t f_hid_opts_dev_show(struct config_item *item, char *page)
1153{
1154 struct f_hid_opts *opts = to_f_hid_opts(item);
1155
1156 return sprintf(page, "%d:%d\n", major, opts->minor);
1157}
1158
1159CONFIGFS_ATTR_RO(f_hid_opts_, dev);
1160
1161static struct configfs_attribute *hid_attrs[] = {
1162 &f_hid_opts_attr_subclass,
1163 &f_hid_opts_attr_protocol,
1164 &f_hid_opts_attr_no_out_endpoint,
1165 &f_hid_opts_attr_report_length,
1166 &f_hid_opts_attr_report_desc,
1167 &f_hid_opts_attr_dev,
1168 NULL,
1169};
1170
1171static const struct config_item_type hid_func_type = {
1172 .ct_item_ops = &hidg_item_ops,
1173 .ct_attrs = hid_attrs,
1174 .ct_owner = THIS_MODULE,
1175};
1176
1177static inline void hidg_put_minor(int minor)
1178{
1179 ida_simple_remove(&hidg_ida, minor);
1180}
1181
1182static void hidg_free_inst(struct usb_function_instance *f)
1183{
1184 struct f_hid_opts *opts;
1185
1186 opts = container_of(f, struct f_hid_opts, func_inst);
1187
1188 mutex_lock(&hidg_ida_lock);
1189
1190 hidg_put_minor(opts->minor);
1191 if (ida_is_empty(&hidg_ida))
1192 ghid_cleanup();
1193
1194 mutex_unlock(&hidg_ida_lock);
1195
1196 if (opts->report_desc_alloc)
1197 kfree(opts->report_desc);
1198
1199 kfree(opts);
1200}
1201
1202static struct usb_function_instance *hidg_alloc_inst(void)
1203{
1204 struct f_hid_opts *opts;
1205 struct usb_function_instance *ret;
1206 int status = 0;
1207
1208 opts = kzalloc(sizeof(*opts), GFP_KERNEL);
1209 if (!opts)
1210 return ERR_PTR(-ENOMEM);
1211 mutex_init(&opts->lock);
1212 opts->func_inst.free_func_inst = hidg_free_inst;
1213 ret = &opts->func_inst;
1214
1215 mutex_lock(&hidg_ida_lock);
1216
1217 if (ida_is_empty(&hidg_ida)) {
1218 status = ghid_setup(NULL, HIDG_MINORS);
1219 if (status) {
1220 ret = ERR_PTR(status);
1221 kfree(opts);
1222 goto unlock;
1223 }
1224 }
1225
1226 opts->minor = hidg_get_minor();
1227 if (opts->minor < 0) {
1228 ret = ERR_PTR(opts->minor);
1229 kfree(opts);
1230 if (ida_is_empty(&hidg_ida))
1231 ghid_cleanup();
1232 goto unlock;
1233 }
1234 config_group_init_type_name(&opts->func_inst.group, "", &hid_func_type);
1235
1236unlock:
1237 mutex_unlock(&hidg_ida_lock);
1238 return ret;
1239}
1240
1241static void hidg_free(struct usb_function *f)
1242{
1243 struct f_hidg *hidg;
1244 struct f_hid_opts *opts;
1245
1246 hidg = func_to_hidg(f);
1247 opts = container_of(f->fi, struct f_hid_opts, func_inst);
1248 put_device(&hidg->dev);
1249 mutex_lock(&opts->lock);
1250 --opts->refcnt;
1251 mutex_unlock(&opts->lock);
1252}
1253
1254static void hidg_unbind(struct usb_configuration *c, struct usb_function *f)
1255{
1256 struct f_hidg *hidg = func_to_hidg(f);
1257
1258 cdev_device_del(&hidg->cdev, &hidg->dev);
1259
1260 usb_free_all_descriptors(f);
1261}
1262
1263static struct usb_function *hidg_alloc(struct usb_function_instance *fi)
1264{
1265 struct f_hidg *hidg;
1266 struct f_hid_opts *opts;
1267 int ret;
1268
1269 /* allocate and initialize one new instance */
1270 hidg = kzalloc(sizeof(*hidg), GFP_KERNEL);
1271 if (!hidg)
1272 return ERR_PTR(-ENOMEM);
1273
1274 opts = container_of(fi, struct f_hid_opts, func_inst);
1275
1276 mutex_lock(&opts->lock);
1277
1278 device_initialize(&hidg->dev);
1279 hidg->dev.release = hidg_release;
1280 hidg->dev.class = &hidg_class;
1281 hidg->dev.devt = MKDEV(major, opts->minor);
1282 ret = dev_set_name(&hidg->dev, "hidg%d", opts->minor);
1283 if (ret)
1284 goto err_unlock;
1285
1286 hidg->bInterfaceSubClass = opts->subclass;
1287 hidg->bInterfaceProtocol = opts->protocol;
1288 hidg->report_length = opts->report_length;
1289 hidg->report_desc_length = opts->report_desc_length;
1290 if (opts->report_desc) {
1291 hidg->report_desc = kmemdup(opts->report_desc,
1292 opts->report_desc_length,
1293 GFP_KERNEL);
1294 if (!hidg->report_desc) {
1295 ret = -ENOMEM;
1296 goto err_put_device;
1297 }
1298 }
1299 hidg->use_out_ep = !opts->no_out_endpoint;
1300
1301 ++opts->refcnt;
1302 mutex_unlock(&opts->lock);
1303
1304 hidg->func.name = "hid";
1305 hidg->func.bind = hidg_bind;
1306 hidg->func.unbind = hidg_unbind;
1307 hidg->func.set_alt = hidg_set_alt;
1308 hidg->func.disable = hidg_disable;
1309 hidg->func.setup = hidg_setup;
1310 hidg->func.free_func = hidg_free;
1311
1312 /* this could be made configurable at some point */
1313 hidg->qlen = 4;
1314
1315 return &hidg->func;
1316
1317err_put_device:
1318 put_device(&hidg->dev);
1319err_unlock:
1320 mutex_unlock(&opts->lock);
1321 return ERR_PTR(ret);
1322}
1323
1324DECLARE_USB_FUNCTION_INIT(hid, hidg_alloc_inst, hidg_alloc);
1325MODULE_LICENSE("GPL");
1326MODULE_AUTHOR("Fabien Chouteau");
1327
1328int ghid_setup(struct usb_gadget *g, int count)
1329{
1330 int status;
1331 dev_t dev;
1332
1333 status = class_register(&hidg_class);
1334 if (status)
1335 return status;
1336
1337 status = alloc_chrdev_region(&dev, 0, count, "hidg");
1338 if (status) {
1339 class_unregister(&hidg_class);
1340 return status;
1341 }
1342
1343 major = MAJOR(dev);
1344 minors = count;
1345
1346 return 0;
1347}
1348
1349void ghid_cleanup(void)
1350{
1351 if (major) {
1352 unregister_chrdev_region(MKDEV(major, 0), minors);
1353 major = minors = 0;
1354 }
1355
1356 class_unregister(&hidg_class);
1357}
1// SPDX-License-Identifier: GPL-2.0+
2/*
3 * f_hid.c -- USB HID function driver
4 *
5 * Copyright (C) 2010 Fabien Chouteau <fabien.chouteau@barco.com>
6 */
7
8#include <linux/kernel.h>
9#include <linux/module.h>
10#include <linux/hid.h>
11#include <linux/idr.h>
12#include <linux/cdev.h>
13#include <linux/mutex.h>
14#include <linux/poll.h>
15#include <linux/uaccess.h>
16#include <linux/wait.h>
17#include <linux/sched.h>
18#include <linux/workqueue.h>
19#include <linux/usb/func_utils.h>
20#include <linux/usb/g_hid.h>
21#include <uapi/linux/usb/g_hid.h>
22
23#include "u_hid.h"
24
25#define HIDG_MINORS 4
26
27/*
28 * Most operating systems seem to allow for 5000ms timeout, we will allow
29 * userspace half that time to respond before we return an empty report.
30 */
31#define GET_REPORT_TIMEOUT_MS 2500
32
33static int major, minors;
34
35static const struct class hidg_class = {
36 .name = "hidg",
37};
38
39static DEFINE_IDA(hidg_ida);
40static DEFINE_MUTEX(hidg_ida_lock); /* protects access to hidg_ida */
41
42struct report_entry {
43 struct usb_hidg_report report_data;
44 struct list_head node;
45};
46
47/*-------------------------------------------------------------------------*/
48/* HID gadget struct */
49
50struct f_hidg_req_list {
51 struct usb_request *req;
52 unsigned int pos;
53 struct list_head list;
54};
55
56struct f_hidg {
57 /* configuration */
58 unsigned char bInterfaceSubClass;
59 unsigned char bInterfaceProtocol;
60 unsigned char protocol;
61 unsigned char idle;
62 unsigned short report_desc_length;
63 char *report_desc;
64 unsigned short report_length;
65 /*
66 * use_out_ep - if true, the OUT Endpoint (interrupt out method)
67 * will be used to receive reports from the host
68 * using functions with the "intout" suffix.
69 * Otherwise, the OUT Endpoint will not be configured
70 * and the SETUP/SET_REPORT method ("ssreport" suffix)
71 * will be used to receive reports.
72 */
73 bool use_out_ep;
74
75 /* recv report */
76 spinlock_t read_spinlock;
77 wait_queue_head_t read_queue;
78 /* recv report - interrupt out only (use_out_ep == 1) */
79 struct list_head completed_out_req;
80 unsigned int qlen;
81 /* recv report - setup set_report only (use_out_ep == 0) */
82 char *set_report_buf;
83 unsigned int set_report_length;
84
85 /* send report */
86 spinlock_t write_spinlock;
87 bool write_pending;
88 wait_queue_head_t write_queue;
89 struct usb_request *req;
90
91 /* get report */
92 struct usb_request *get_req;
93 struct usb_hidg_report get_report;
94 bool get_report_returned;
95 int get_report_req_report_id;
96 int get_report_req_report_length;
97 spinlock_t get_report_spinlock;
98 wait_queue_head_t get_queue; /* Waiting for userspace response */
99 wait_queue_head_t get_id_queue; /* Get ID came in */
100 struct work_struct work;
101 struct workqueue_struct *workqueue;
102 struct list_head report_list;
103
104 struct device dev;
105 struct cdev cdev;
106 struct usb_function func;
107
108 struct usb_ep *in_ep;
109 struct usb_ep *out_ep;
110};
111
112static inline struct f_hidg *func_to_hidg(struct usb_function *f)
113{
114 return container_of(f, struct f_hidg, func);
115}
116
117static void hidg_release(struct device *dev)
118{
119 struct f_hidg *hidg = container_of(dev, struct f_hidg, dev);
120
121 kfree(hidg->report_desc);
122 kfree(hidg->set_report_buf);
123 kfree(hidg);
124}
125
126/*-------------------------------------------------------------------------*/
127/* Static descriptors */
128
129static struct usb_interface_descriptor hidg_interface_desc = {
130 .bLength = sizeof hidg_interface_desc,
131 .bDescriptorType = USB_DT_INTERFACE,
132 /* .bInterfaceNumber = DYNAMIC */
133 .bAlternateSetting = 0,
134 /* .bNumEndpoints = DYNAMIC (depends on use_out_ep) */
135 .bInterfaceClass = USB_CLASS_HID,
136 /* .bInterfaceSubClass = DYNAMIC */
137 /* .bInterfaceProtocol = DYNAMIC */
138 /* .iInterface = DYNAMIC */
139};
140
141static struct hid_descriptor hidg_desc = {
142 .bLength = sizeof hidg_desc,
143 .bDescriptorType = HID_DT_HID,
144 .bcdHID = cpu_to_le16(0x0101),
145 .bCountryCode = 0x00,
146 .bNumDescriptors = 0x1,
147 /*.desc[0].bDescriptorType = DYNAMIC */
148 /*.desc[0].wDescriptorLenght = DYNAMIC */
149};
150
151/* Super-Speed Support */
152
153static struct usb_endpoint_descriptor hidg_ss_in_ep_desc = {
154 .bLength = USB_DT_ENDPOINT_SIZE,
155 .bDescriptorType = USB_DT_ENDPOINT,
156 .bEndpointAddress = USB_DIR_IN,
157 .bmAttributes = USB_ENDPOINT_XFER_INT,
158 /*.wMaxPacketSize = DYNAMIC */
159 .bInterval = 4, /* FIXME: Add this field in the
160 * HID gadget configuration?
161 * (struct hidg_func_descriptor)
162 */
163};
164
165static struct usb_ss_ep_comp_descriptor hidg_ss_in_comp_desc = {
166 .bLength = sizeof(hidg_ss_in_comp_desc),
167 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
168
169 /* .bMaxBurst = 0, */
170 /* .bmAttributes = 0, */
171 /* .wBytesPerInterval = DYNAMIC */
172};
173
174static struct usb_endpoint_descriptor hidg_ss_out_ep_desc = {
175 .bLength = USB_DT_ENDPOINT_SIZE,
176 .bDescriptorType = USB_DT_ENDPOINT,
177 .bEndpointAddress = USB_DIR_OUT,
178 .bmAttributes = USB_ENDPOINT_XFER_INT,
179 /*.wMaxPacketSize = DYNAMIC */
180 .bInterval = 4, /* FIXME: Add this field in the
181 * HID gadget configuration?
182 * (struct hidg_func_descriptor)
183 */
184};
185
186static struct usb_ss_ep_comp_descriptor hidg_ss_out_comp_desc = {
187 .bLength = sizeof(hidg_ss_out_comp_desc),
188 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
189
190 /* .bMaxBurst = 0, */
191 /* .bmAttributes = 0, */
192 /* .wBytesPerInterval = DYNAMIC */
193};
194
195static struct usb_descriptor_header *hidg_ss_descriptors_intout[] = {
196 (struct usb_descriptor_header *)&hidg_interface_desc,
197 (struct usb_descriptor_header *)&hidg_desc,
198 (struct usb_descriptor_header *)&hidg_ss_in_ep_desc,
199 (struct usb_descriptor_header *)&hidg_ss_in_comp_desc,
200 (struct usb_descriptor_header *)&hidg_ss_out_ep_desc,
201 (struct usb_descriptor_header *)&hidg_ss_out_comp_desc,
202 NULL,
203};
204
205static struct usb_descriptor_header *hidg_ss_descriptors_ssreport[] = {
206 (struct usb_descriptor_header *)&hidg_interface_desc,
207 (struct usb_descriptor_header *)&hidg_desc,
208 (struct usb_descriptor_header *)&hidg_ss_in_ep_desc,
209 (struct usb_descriptor_header *)&hidg_ss_in_comp_desc,
210 NULL,
211};
212
213/* High-Speed Support */
214
215static struct usb_endpoint_descriptor hidg_hs_in_ep_desc = {
216 .bLength = USB_DT_ENDPOINT_SIZE,
217 .bDescriptorType = USB_DT_ENDPOINT,
218 .bEndpointAddress = USB_DIR_IN,
219 .bmAttributes = USB_ENDPOINT_XFER_INT,
220 /*.wMaxPacketSize = DYNAMIC */
221 .bInterval = 4, /* FIXME: Add this field in the
222 * HID gadget configuration?
223 * (struct hidg_func_descriptor)
224 */
225};
226
227static struct usb_endpoint_descriptor hidg_hs_out_ep_desc = {
228 .bLength = USB_DT_ENDPOINT_SIZE,
229 .bDescriptorType = USB_DT_ENDPOINT,
230 .bEndpointAddress = USB_DIR_OUT,
231 .bmAttributes = USB_ENDPOINT_XFER_INT,
232 /*.wMaxPacketSize = DYNAMIC */
233 .bInterval = 4, /* FIXME: Add this field in the
234 * HID gadget configuration?
235 * (struct hidg_func_descriptor)
236 */
237};
238
239static struct usb_descriptor_header *hidg_hs_descriptors_intout[] = {
240 (struct usb_descriptor_header *)&hidg_interface_desc,
241 (struct usb_descriptor_header *)&hidg_desc,
242 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc,
243 (struct usb_descriptor_header *)&hidg_hs_out_ep_desc,
244 NULL,
245};
246
247static struct usb_descriptor_header *hidg_hs_descriptors_ssreport[] = {
248 (struct usb_descriptor_header *)&hidg_interface_desc,
249 (struct usb_descriptor_header *)&hidg_desc,
250 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc,
251 NULL,
252};
253
254/* Full-Speed Support */
255
256static struct usb_endpoint_descriptor hidg_fs_in_ep_desc = {
257 .bLength = USB_DT_ENDPOINT_SIZE,
258 .bDescriptorType = USB_DT_ENDPOINT,
259 .bEndpointAddress = USB_DIR_IN,
260 .bmAttributes = USB_ENDPOINT_XFER_INT,
261 /*.wMaxPacketSize = DYNAMIC */
262 .bInterval = 10, /* FIXME: Add this field in the
263 * HID gadget configuration?
264 * (struct hidg_func_descriptor)
265 */
266};
267
268static struct usb_endpoint_descriptor hidg_fs_out_ep_desc = {
269 .bLength = USB_DT_ENDPOINT_SIZE,
270 .bDescriptorType = USB_DT_ENDPOINT,
271 .bEndpointAddress = USB_DIR_OUT,
272 .bmAttributes = USB_ENDPOINT_XFER_INT,
273 /*.wMaxPacketSize = DYNAMIC */
274 .bInterval = 10, /* FIXME: Add this field in the
275 * HID gadget configuration?
276 * (struct hidg_func_descriptor)
277 */
278};
279
280static struct usb_descriptor_header *hidg_fs_descriptors_intout[] = {
281 (struct usb_descriptor_header *)&hidg_interface_desc,
282 (struct usb_descriptor_header *)&hidg_desc,
283 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc,
284 (struct usb_descriptor_header *)&hidg_fs_out_ep_desc,
285 NULL,
286};
287
288static struct usb_descriptor_header *hidg_fs_descriptors_ssreport[] = {
289 (struct usb_descriptor_header *)&hidg_interface_desc,
290 (struct usb_descriptor_header *)&hidg_desc,
291 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc,
292 NULL,
293};
294
295/*-------------------------------------------------------------------------*/
296/* Strings */
297
298#define CT_FUNC_HID_IDX 0
299
300static struct usb_string ct_func_string_defs[] = {
301 [CT_FUNC_HID_IDX].s = "HID Interface",
302 {}, /* end of list */
303};
304
305static struct usb_gadget_strings ct_func_string_table = {
306 .language = 0x0409, /* en-US */
307 .strings = ct_func_string_defs,
308};
309
310static struct usb_gadget_strings *ct_func_strings[] = {
311 &ct_func_string_table,
312 NULL,
313};
314
315/*-------------------------------------------------------------------------*/
316/* Char Device */
317
318static ssize_t f_hidg_intout_read(struct file *file, char __user *buffer,
319 size_t count, loff_t *ptr)
320{
321 struct f_hidg *hidg = file->private_data;
322 struct f_hidg_req_list *list;
323 struct usb_request *req;
324 unsigned long flags;
325 int ret;
326
327 if (!count)
328 return 0;
329
330 spin_lock_irqsave(&hidg->read_spinlock, flags);
331
332#define READ_COND_INTOUT (!list_empty(&hidg->completed_out_req))
333
334 /* wait for at least one buffer to complete */
335 while (!READ_COND_INTOUT) {
336 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
337 if (file->f_flags & O_NONBLOCK)
338 return -EAGAIN;
339
340 if (wait_event_interruptible(hidg->read_queue, READ_COND_INTOUT))
341 return -ERESTARTSYS;
342
343 spin_lock_irqsave(&hidg->read_spinlock, flags);
344 }
345
346 /* pick the first one */
347 list = list_first_entry(&hidg->completed_out_req,
348 struct f_hidg_req_list, list);
349
350 /*
351 * Remove this from list to protect it from beign free()
352 * while host disables our function
353 */
354 list_del(&list->list);
355
356 req = list->req;
357 count = min_t(unsigned int, count, req->actual - list->pos);
358 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
359
360 /* copy to user outside spinlock */
361 count -= copy_to_user(buffer, req->buf + list->pos, count);
362 list->pos += count;
363
364 /*
365 * if this request is completely handled and transfered to
366 * userspace, remove its entry from the list and requeue it
367 * again. Otherwise, we will revisit it again upon the next
368 * call, taking into account its current read position.
369 */
370 if (list->pos == req->actual) {
371 kfree(list);
372
373 req->length = hidg->report_length;
374 ret = usb_ep_queue(hidg->out_ep, req, GFP_KERNEL);
375 if (ret < 0) {
376 free_ep_req(hidg->out_ep, req);
377 return ret;
378 }
379 } else {
380 spin_lock_irqsave(&hidg->read_spinlock, flags);
381 list_add(&list->list, &hidg->completed_out_req);
382 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
383
384 wake_up(&hidg->read_queue);
385 }
386
387 return count;
388}
389
390#define READ_COND_SSREPORT (hidg->set_report_buf != NULL)
391
392static ssize_t f_hidg_ssreport_read(struct file *file, char __user *buffer,
393 size_t count, loff_t *ptr)
394{
395 struct f_hidg *hidg = file->private_data;
396 char *tmp_buf = NULL;
397 unsigned long flags;
398
399 if (!count)
400 return 0;
401
402 spin_lock_irqsave(&hidg->read_spinlock, flags);
403
404 while (!READ_COND_SSREPORT) {
405 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
406 if (file->f_flags & O_NONBLOCK)
407 return -EAGAIN;
408
409 if (wait_event_interruptible(hidg->read_queue, READ_COND_SSREPORT))
410 return -ERESTARTSYS;
411
412 spin_lock_irqsave(&hidg->read_spinlock, flags);
413 }
414
415 count = min_t(unsigned int, count, hidg->set_report_length);
416 tmp_buf = hidg->set_report_buf;
417 hidg->set_report_buf = NULL;
418
419 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
420
421 if (tmp_buf != NULL) {
422 count -= copy_to_user(buffer, tmp_buf, count);
423 kfree(tmp_buf);
424 } else {
425 count = -ENOMEM;
426 }
427
428 wake_up(&hidg->read_queue);
429
430 return count;
431}
432
433static ssize_t f_hidg_read(struct file *file, char __user *buffer,
434 size_t count, loff_t *ptr)
435{
436 struct f_hidg *hidg = file->private_data;
437
438 if (hidg->use_out_ep)
439 return f_hidg_intout_read(file, buffer, count, ptr);
440 else
441 return f_hidg_ssreport_read(file, buffer, count, ptr);
442}
443
444static void f_hidg_req_complete(struct usb_ep *ep, struct usb_request *req)
445{
446 struct f_hidg *hidg = (struct f_hidg *)ep->driver_data;
447 unsigned long flags;
448
449 if (req->status != 0) {
450 ERROR(hidg->func.config->cdev,
451 "End Point Request ERROR: %d\n", req->status);
452 }
453
454 spin_lock_irqsave(&hidg->write_spinlock, flags);
455 hidg->write_pending = 0;
456 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
457 wake_up(&hidg->write_queue);
458}
459
460static ssize_t f_hidg_write(struct file *file, const char __user *buffer,
461 size_t count, loff_t *offp)
462{
463 struct f_hidg *hidg = file->private_data;
464 struct usb_request *req;
465 unsigned long flags;
466 ssize_t status = -ENOMEM;
467
468 spin_lock_irqsave(&hidg->write_spinlock, flags);
469
470 if (!hidg->req) {
471 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
472 return -ESHUTDOWN;
473 }
474
475#define WRITE_COND (!hidg->write_pending)
476try_again:
477 /* write queue */
478 while (!WRITE_COND) {
479 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
480 if (file->f_flags & O_NONBLOCK)
481 return -EAGAIN;
482
483 if (wait_event_interruptible_exclusive(
484 hidg->write_queue, WRITE_COND))
485 return -ERESTARTSYS;
486
487 spin_lock_irqsave(&hidg->write_spinlock, flags);
488 }
489
490 hidg->write_pending = 1;
491 req = hidg->req;
492 count = min_t(unsigned, count, hidg->report_length);
493
494 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
495
496 if (!req) {
497 ERROR(hidg->func.config->cdev, "hidg->req is NULL\n");
498 status = -ESHUTDOWN;
499 goto release_write_pending;
500 }
501
502 status = copy_from_user(req->buf, buffer, count);
503 if (status != 0) {
504 ERROR(hidg->func.config->cdev,
505 "copy_from_user error\n");
506 status = -EINVAL;
507 goto release_write_pending;
508 }
509
510 spin_lock_irqsave(&hidg->write_spinlock, flags);
511
512 /* when our function has been disabled by host */
513 if (!hidg->req) {
514 free_ep_req(hidg->in_ep, req);
515 /*
516 * TODO
517 * Should we fail with error here?
518 */
519 goto try_again;
520 }
521
522 req->status = 0;
523 req->zero = 0;
524 req->length = count;
525 req->complete = f_hidg_req_complete;
526 req->context = hidg;
527
528 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
529
530 if (!hidg->in_ep->enabled) {
531 ERROR(hidg->func.config->cdev, "in_ep is disabled\n");
532 status = -ESHUTDOWN;
533 goto release_write_pending;
534 }
535
536 status = usb_ep_queue(hidg->in_ep, req, GFP_ATOMIC);
537 if (status < 0)
538 goto release_write_pending;
539 else
540 status = count;
541
542 return status;
543release_write_pending:
544 spin_lock_irqsave(&hidg->write_spinlock, flags);
545 hidg->write_pending = 0;
546 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
547
548 wake_up(&hidg->write_queue);
549
550 return status;
551}
552
553static struct report_entry *f_hidg_search_for_report(struct f_hidg *hidg, u8 report_id)
554{
555 struct list_head *ptr;
556 struct report_entry *entry;
557
558 list_for_each(ptr, &hidg->report_list) {
559 entry = list_entry(ptr, struct report_entry, node);
560 if (entry->report_data.report_id == report_id)
561 return entry;
562 }
563
564 return NULL;
565}
566
567static void get_report_workqueue_handler(struct work_struct *work)
568{
569 struct f_hidg *hidg = container_of(work, struct f_hidg, work);
570 struct usb_composite_dev *cdev = hidg->func.config->cdev;
571 struct usb_request *req;
572 struct report_entry *ptr;
573 unsigned long flags;
574
575 int status = 0;
576
577 spin_lock_irqsave(&hidg->get_report_spinlock, flags);
578 req = hidg->get_req;
579 if (!req) {
580 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
581 return;
582 }
583
584 req->zero = 0;
585 req->length = min_t(unsigned int, min_t(unsigned int, hidg->get_report_req_report_length,
586 hidg->report_length),
587 MAX_REPORT_LENGTH);
588
589 /* Check if there is a response available for immediate response */
590 ptr = f_hidg_search_for_report(hidg, hidg->get_report_req_report_id);
591 if (ptr && !ptr->report_data.userspace_req) {
592 /* Report exists in list and it is to be used for immediate response */
593 req->buf = ptr->report_data.data;
594 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC);
595 hidg->get_report_returned = true;
596 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
597 } else {
598 /*
599 * Report does not exist in list or should not be immediately sent
600 * i.e. give userspace time to respond
601 */
602 hidg->get_report_returned = false;
603 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
604 wake_up(&hidg->get_id_queue);
605#define GET_REPORT_COND (!hidg->get_report_returned)
606 /* Wait until userspace has responded or timeout */
607 status = wait_event_interruptible_timeout(hidg->get_queue, !GET_REPORT_COND,
608 msecs_to_jiffies(GET_REPORT_TIMEOUT_MS));
609 spin_lock_irqsave(&hidg->get_report_spinlock, flags);
610 req = hidg->get_req;
611 if (!req) {
612 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
613 return;
614 }
615 if (status == 0 && !hidg->get_report_returned) {
616 /* GET_REPORT request was not serviced by userspace within timeout period */
617 VDBG(cdev, "get_report : userspace timeout.\n");
618 hidg->get_report_returned = true;
619 }
620
621 /* Search again for report ID in list and respond to GET_REPORT request */
622 ptr = f_hidg_search_for_report(hidg, hidg->get_report_req_report_id);
623 if (ptr) {
624 /*
625 * Either get an updated response just serviced by userspace
626 * or send the latest response in the list
627 */
628 req->buf = ptr->report_data.data;
629 } else {
630 /* If there are no prevoiusly sent reports send empty report */
631 req->buf = hidg->get_report.data;
632 memset(req->buf, 0x0, req->length);
633 }
634
635 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC);
636 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
637 }
638
639 if (status < 0)
640 VDBG(cdev, "usb_ep_queue error on ep0 responding to GET_REPORT\n");
641}
642
643static int f_hidg_get_report_id(struct file *file, __u8 __user *buffer)
644{
645 struct f_hidg *hidg = file->private_data;
646 int ret = 0;
647
648 ret = put_user(hidg->get_report_req_report_id, buffer);
649
650 return ret;
651}
652
653static int f_hidg_get_report(struct file *file, struct usb_hidg_report __user *buffer)
654{
655 struct f_hidg *hidg = file->private_data;
656 struct usb_composite_dev *cdev = hidg->func.config->cdev;
657 unsigned long flags;
658 struct report_entry *entry;
659 struct report_entry *ptr;
660 __u8 report_id;
661
662 entry = kmalloc(sizeof(*entry), GFP_KERNEL);
663 if (!entry)
664 return -ENOMEM;
665
666 if (copy_from_user(&entry->report_data, buffer,
667 sizeof(struct usb_hidg_report))) {
668 ERROR(cdev, "copy_from_user error\n");
669 kfree(entry);
670 return -EINVAL;
671 }
672
673 report_id = entry->report_data.report_id;
674
675 spin_lock_irqsave(&hidg->get_report_spinlock, flags);
676 ptr = f_hidg_search_for_report(hidg, report_id);
677
678 if (ptr) {
679 /* Report already exists in list - update it */
680 if (copy_from_user(&ptr->report_data, buffer,
681 sizeof(struct usb_hidg_report))) {
682 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
683 ERROR(cdev, "copy_from_user error\n");
684 kfree(entry);
685 return -EINVAL;
686 }
687 kfree(entry);
688 } else {
689 /* Report does not exist in list - add it */
690 list_add_tail(&entry->node, &hidg->report_list);
691 }
692
693 /* If there is no response pending then do nothing further */
694 if (hidg->get_report_returned) {
695 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
696 return 0;
697 }
698
699 /* If this userspace response serves the current pending report */
700 if (hidg->get_report_req_report_id == report_id) {
701 hidg->get_report_returned = true;
702 wake_up(&hidg->get_queue);
703 }
704
705 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
706 return 0;
707}
708
709static long f_hidg_ioctl(struct file *file, unsigned int code, unsigned long arg)
710{
711 switch (code) {
712 case GADGET_HID_READ_GET_REPORT_ID:
713 return f_hidg_get_report_id(file, (__u8 __user *)arg);
714 case GADGET_HID_WRITE_GET_REPORT:
715 return f_hidg_get_report(file, (struct usb_hidg_report __user *)arg);
716 default:
717 return -ENOTTY;
718 }
719}
720
721static __poll_t f_hidg_poll(struct file *file, poll_table *wait)
722{
723 struct f_hidg *hidg = file->private_data;
724 __poll_t ret = 0;
725
726 poll_wait(file, &hidg->read_queue, wait);
727 poll_wait(file, &hidg->write_queue, wait);
728 poll_wait(file, &hidg->get_queue, wait);
729 poll_wait(file, &hidg->get_id_queue, wait);
730
731 if (WRITE_COND)
732 ret |= EPOLLOUT | EPOLLWRNORM;
733
734 if (hidg->use_out_ep) {
735 if (READ_COND_INTOUT)
736 ret |= EPOLLIN | EPOLLRDNORM;
737 } else {
738 if (READ_COND_SSREPORT)
739 ret |= EPOLLIN | EPOLLRDNORM;
740 }
741
742 if (GET_REPORT_COND)
743 ret |= EPOLLPRI;
744
745 return ret;
746}
747
748#undef WRITE_COND
749#undef READ_COND_SSREPORT
750#undef READ_COND_INTOUT
751#undef GET_REPORT_COND
752
753static int f_hidg_release(struct inode *inode, struct file *fd)
754{
755 fd->private_data = NULL;
756 return 0;
757}
758
759static int f_hidg_open(struct inode *inode, struct file *fd)
760{
761 struct f_hidg *hidg =
762 container_of(inode->i_cdev, struct f_hidg, cdev);
763
764 fd->private_data = hidg;
765
766 return 0;
767}
768
769/*-------------------------------------------------------------------------*/
770/* usb_function */
771
772static inline struct usb_request *hidg_alloc_ep_req(struct usb_ep *ep,
773 unsigned length)
774{
775 return alloc_ep_req(ep, length);
776}
777
778static void hidg_intout_complete(struct usb_ep *ep, struct usb_request *req)
779{
780 struct f_hidg *hidg = (struct f_hidg *) req->context;
781 struct usb_composite_dev *cdev = hidg->func.config->cdev;
782 struct f_hidg_req_list *req_list;
783 unsigned long flags;
784
785 switch (req->status) {
786 case 0:
787 req_list = kzalloc(sizeof(*req_list), GFP_ATOMIC);
788 if (!req_list) {
789 ERROR(cdev, "Unable to allocate mem for req_list\n");
790 goto free_req;
791 }
792
793 req_list->req = req;
794
795 spin_lock_irqsave(&hidg->read_spinlock, flags);
796 list_add_tail(&req_list->list, &hidg->completed_out_req);
797 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
798
799 wake_up(&hidg->read_queue);
800 break;
801 default:
802 ERROR(cdev, "Set report failed %d\n", req->status);
803 fallthrough;
804 case -ECONNABORTED: /* hardware forced ep reset */
805 case -ECONNRESET: /* request dequeued */
806 case -ESHUTDOWN: /* disconnect from host */
807free_req:
808 free_ep_req(ep, req);
809 return;
810 }
811}
812
813static void hidg_ssreport_complete(struct usb_ep *ep, struct usb_request *req)
814{
815 struct f_hidg *hidg = (struct f_hidg *)req->context;
816 struct usb_composite_dev *cdev = hidg->func.config->cdev;
817 char *new_buf = NULL;
818 unsigned long flags;
819
820 if (req->status != 0 || req->buf == NULL || req->actual == 0) {
821 ERROR(cdev,
822 "%s FAILED: status=%d, buf=%p, actual=%d\n",
823 __func__, req->status, req->buf, req->actual);
824 return;
825 }
826
827 spin_lock_irqsave(&hidg->read_spinlock, flags);
828
829 new_buf = krealloc(hidg->set_report_buf, req->actual, GFP_ATOMIC);
830 if (new_buf == NULL) {
831 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
832 return;
833 }
834 hidg->set_report_buf = new_buf;
835
836 hidg->set_report_length = req->actual;
837 memcpy(hidg->set_report_buf, req->buf, req->actual);
838
839 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
840
841 wake_up(&hidg->read_queue);
842}
843
844static void hidg_get_report_complete(struct usb_ep *ep, struct usb_request *req)
845{
846}
847
848static int hidg_setup(struct usb_function *f,
849 const struct usb_ctrlrequest *ctrl)
850{
851 struct f_hidg *hidg = func_to_hidg(f);
852 struct usb_composite_dev *cdev = f->config->cdev;
853 struct usb_request *req = cdev->req;
854 int status = 0;
855 __u16 value, length;
856 unsigned long flags;
857
858 value = __le16_to_cpu(ctrl->wValue);
859 length = __le16_to_cpu(ctrl->wLength);
860
861 VDBG(cdev,
862 "%s crtl_request : bRequestType:0x%x bRequest:0x%x Value:0x%x\n",
863 __func__, ctrl->bRequestType, ctrl->bRequest, value);
864
865 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) {
866 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
867 | HID_REQ_GET_REPORT):
868 VDBG(cdev, "get_report | wLength=%d\n", ctrl->wLength);
869
870 /*
871 * Update GET_REPORT ID so that an ioctl can be used to determine what
872 * GET_REPORT the request was actually for.
873 */
874 spin_lock_irqsave(&hidg->get_report_spinlock, flags);
875 hidg->get_report_req_report_id = value & 0xff;
876 hidg->get_report_req_report_length = length;
877 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
878
879 queue_work(hidg->workqueue, &hidg->work);
880
881 return status;
882
883 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
884 | HID_REQ_GET_PROTOCOL):
885 VDBG(cdev, "get_protocol\n");
886 length = min_t(unsigned int, length, 1);
887 ((u8 *) req->buf)[0] = hidg->protocol;
888 goto respond;
889 break;
890
891 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
892 | HID_REQ_GET_IDLE):
893 VDBG(cdev, "get_idle\n");
894 length = min_t(unsigned int, length, 1);
895 ((u8 *) req->buf)[0] = hidg->idle;
896 goto respond;
897 break;
898
899 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
900 | HID_REQ_SET_REPORT):
901 VDBG(cdev, "set_report | wLength=%d\n", ctrl->wLength);
902 if (hidg->use_out_ep)
903 goto stall;
904 req->complete = hidg_ssreport_complete;
905 req->context = hidg;
906 goto respond;
907 break;
908
909 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
910 | HID_REQ_SET_PROTOCOL):
911 VDBG(cdev, "set_protocol\n");
912 if (value > HID_REPORT_PROTOCOL)
913 goto stall;
914 length = 0;
915 /*
916 * We assume that programs implementing the Boot protocol
917 * are also compatible with the Report Protocol
918 */
919 if (hidg->bInterfaceSubClass == USB_INTERFACE_SUBCLASS_BOOT) {
920 hidg->protocol = value;
921 goto respond;
922 }
923 goto stall;
924 break;
925
926 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
927 | HID_REQ_SET_IDLE):
928 VDBG(cdev, "set_idle\n");
929 length = 0;
930 hidg->idle = value >> 8;
931 goto respond;
932 break;
933
934 case ((USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_INTERFACE) << 8
935 | USB_REQ_GET_DESCRIPTOR):
936 switch (value >> 8) {
937 case HID_DT_HID:
938 {
939 struct hid_descriptor hidg_desc_copy = hidg_desc;
940
941 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n");
942 hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT;
943 hidg_desc_copy.desc[0].wDescriptorLength =
944 cpu_to_le16(hidg->report_desc_length);
945
946 length = min_t(unsigned short, length,
947 hidg_desc_copy.bLength);
948 memcpy(req->buf, &hidg_desc_copy, length);
949 goto respond;
950 break;
951 }
952 case HID_DT_REPORT:
953 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: REPORT\n");
954 length = min_t(unsigned short, length,
955 hidg->report_desc_length);
956 memcpy(req->buf, hidg->report_desc, length);
957 goto respond;
958 break;
959
960 default:
961 VDBG(cdev, "Unknown descriptor request 0x%x\n",
962 value >> 8);
963 goto stall;
964 break;
965 }
966 break;
967
968 default:
969 VDBG(cdev, "Unknown request 0x%x\n",
970 ctrl->bRequest);
971 goto stall;
972 break;
973 }
974
975stall:
976 return -EOPNOTSUPP;
977
978respond:
979 req->zero = 0;
980 req->length = length;
981 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC);
982 if (status < 0)
983 ERROR(cdev, "usb_ep_queue error on ep0 %d\n", value);
984 return status;
985}
986
987static void hidg_disable(struct usb_function *f)
988{
989 struct f_hidg *hidg = func_to_hidg(f);
990 struct f_hidg_req_list *list, *next;
991 unsigned long flags;
992
993 usb_ep_disable(hidg->in_ep);
994
995 if (hidg->out_ep) {
996 usb_ep_disable(hidg->out_ep);
997
998 spin_lock_irqsave(&hidg->read_spinlock, flags);
999 list_for_each_entry_safe(list, next, &hidg->completed_out_req, list) {
1000 free_ep_req(hidg->out_ep, list->req);
1001 list_del(&list->list);
1002 kfree(list);
1003 }
1004 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
1005 }
1006
1007 spin_lock_irqsave(&hidg->get_report_spinlock, flags);
1008 if (!hidg->get_report_returned) {
1009 usb_ep_free_request(f->config->cdev->gadget->ep0, hidg->get_req);
1010 hidg->get_req = NULL;
1011 hidg->get_report_returned = true;
1012 }
1013 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
1014
1015 spin_lock_irqsave(&hidg->write_spinlock, flags);
1016 if (!hidg->write_pending) {
1017 free_ep_req(hidg->in_ep, hidg->req);
1018 hidg->write_pending = 1;
1019 }
1020
1021 hidg->req = NULL;
1022 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
1023}
1024
1025static int hidg_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
1026{
1027 struct usb_composite_dev *cdev = f->config->cdev;
1028 struct f_hidg *hidg = func_to_hidg(f);
1029 struct usb_request *req_in = NULL;
1030 unsigned long flags;
1031 int i, status = 0;
1032
1033 VDBG(cdev, "hidg_set_alt intf:%d alt:%d\n", intf, alt);
1034
1035 if (hidg->in_ep != NULL) {
1036 /* restart endpoint */
1037 usb_ep_disable(hidg->in_ep);
1038
1039 status = config_ep_by_speed(f->config->cdev->gadget, f,
1040 hidg->in_ep);
1041 if (status) {
1042 ERROR(cdev, "config_ep_by_speed FAILED!\n");
1043 goto fail;
1044 }
1045 status = usb_ep_enable(hidg->in_ep);
1046 if (status < 0) {
1047 ERROR(cdev, "Enable IN endpoint FAILED!\n");
1048 goto fail;
1049 }
1050 hidg->in_ep->driver_data = hidg;
1051
1052 req_in = hidg_alloc_ep_req(hidg->in_ep, hidg->report_length);
1053 if (!req_in) {
1054 status = -ENOMEM;
1055 goto disable_ep_in;
1056 }
1057 }
1058
1059 if (hidg->use_out_ep && hidg->out_ep != NULL) {
1060 /* restart endpoint */
1061 usb_ep_disable(hidg->out_ep);
1062
1063 status = config_ep_by_speed(f->config->cdev->gadget, f,
1064 hidg->out_ep);
1065 if (status) {
1066 ERROR(cdev, "config_ep_by_speed FAILED!\n");
1067 goto free_req_in;
1068 }
1069 status = usb_ep_enable(hidg->out_ep);
1070 if (status < 0) {
1071 ERROR(cdev, "Enable OUT endpoint FAILED!\n");
1072 goto free_req_in;
1073 }
1074 hidg->out_ep->driver_data = hidg;
1075
1076 /*
1077 * allocate a bunch of read buffers and queue them all at once.
1078 */
1079 for (i = 0; i < hidg->qlen && status == 0; i++) {
1080 struct usb_request *req =
1081 hidg_alloc_ep_req(hidg->out_ep,
1082 hidg->report_length);
1083 if (req) {
1084 req->complete = hidg_intout_complete;
1085 req->context = hidg;
1086 status = usb_ep_queue(hidg->out_ep, req,
1087 GFP_ATOMIC);
1088 if (status) {
1089 ERROR(cdev, "%s queue req --> %d\n",
1090 hidg->out_ep->name, status);
1091 free_ep_req(hidg->out_ep, req);
1092 }
1093 } else {
1094 status = -ENOMEM;
1095 goto disable_out_ep;
1096 }
1097 }
1098 }
1099
1100 if (hidg->in_ep != NULL) {
1101 spin_lock_irqsave(&hidg->write_spinlock, flags);
1102 hidg->req = req_in;
1103 hidg->write_pending = 0;
1104 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
1105
1106 wake_up(&hidg->write_queue);
1107 }
1108 return 0;
1109disable_out_ep:
1110 if (hidg->out_ep)
1111 usb_ep_disable(hidg->out_ep);
1112free_req_in:
1113 if (req_in)
1114 free_ep_req(hidg->in_ep, req_in);
1115
1116disable_ep_in:
1117 if (hidg->in_ep)
1118 usb_ep_disable(hidg->in_ep);
1119
1120fail:
1121 return status;
1122}
1123
1124#ifdef CONFIG_COMPAT
1125static long f_hidg_compat_ioctl(struct file *file, unsigned int code,
1126 unsigned long value)
1127{
1128 return f_hidg_ioctl(file, code, value);
1129}
1130#endif
1131
1132static const struct file_operations f_hidg_fops = {
1133 .owner = THIS_MODULE,
1134 .open = f_hidg_open,
1135 .release = f_hidg_release,
1136 .write = f_hidg_write,
1137 .read = f_hidg_read,
1138 .poll = f_hidg_poll,
1139 .unlocked_ioctl = f_hidg_ioctl,
1140#ifdef CONFIG_COMPAT
1141 .compat_ioctl = f_hidg_compat_ioctl,
1142#endif
1143 .llseek = noop_llseek,
1144};
1145
1146static int hidg_bind(struct usb_configuration *c, struct usb_function *f)
1147{
1148 struct usb_ep *ep;
1149 struct f_hidg *hidg = func_to_hidg(f);
1150 struct usb_string *us;
1151 int status;
1152
1153 hidg->get_req = usb_ep_alloc_request(c->cdev->gadget->ep0, GFP_ATOMIC);
1154 if (!hidg->get_req)
1155 return -ENOMEM;
1156
1157 hidg->get_req->zero = 0;
1158 hidg->get_req->complete = hidg_get_report_complete;
1159 hidg->get_req->context = hidg;
1160 hidg->get_report_returned = true;
1161
1162 /* maybe allocate device-global string IDs, and patch descriptors */
1163 us = usb_gstrings_attach(c->cdev, ct_func_strings,
1164 ARRAY_SIZE(ct_func_string_defs));
1165 if (IS_ERR(us))
1166 return PTR_ERR(us);
1167 hidg_interface_desc.iInterface = us[CT_FUNC_HID_IDX].id;
1168
1169 /* allocate instance-specific interface IDs, and patch descriptors */
1170 status = usb_interface_id(c, f);
1171 if (status < 0)
1172 goto fail;
1173 hidg_interface_desc.bInterfaceNumber = status;
1174
1175 /* allocate instance-specific endpoints */
1176 status = -ENODEV;
1177 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_in_ep_desc);
1178 if (!ep)
1179 goto fail;
1180 hidg->in_ep = ep;
1181
1182 hidg->out_ep = NULL;
1183 if (hidg->use_out_ep) {
1184 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_out_ep_desc);
1185 if (!ep)
1186 goto fail;
1187 hidg->out_ep = ep;
1188 }
1189
1190 /* used only if use_out_ep == 1 */
1191 hidg->set_report_buf = NULL;
1192
1193 /* set descriptor dynamic values */
1194 hidg_interface_desc.bInterfaceSubClass = hidg->bInterfaceSubClass;
1195 hidg_interface_desc.bInterfaceProtocol = hidg->bInterfaceProtocol;
1196 hidg_interface_desc.bNumEndpoints = hidg->use_out_ep ? 2 : 1;
1197 hidg->protocol = HID_REPORT_PROTOCOL;
1198 hidg->idle = 1;
1199 hidg_ss_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
1200 hidg_ss_in_comp_desc.wBytesPerInterval =
1201 cpu_to_le16(hidg->report_length);
1202 hidg_hs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
1203 hidg_fs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
1204 hidg_ss_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
1205 hidg_ss_out_comp_desc.wBytesPerInterval =
1206 cpu_to_le16(hidg->report_length);
1207 hidg_hs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
1208 hidg_fs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
1209 /*
1210 * We can use hidg_desc struct here but we should not relay
1211 * that its content won't change after returning from this function.
1212 */
1213 hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT;
1214 hidg_desc.desc[0].wDescriptorLength =
1215 cpu_to_le16(hidg->report_desc_length);
1216
1217 hidg_hs_in_ep_desc.bEndpointAddress =
1218 hidg_fs_in_ep_desc.bEndpointAddress;
1219 hidg_hs_out_ep_desc.bEndpointAddress =
1220 hidg_fs_out_ep_desc.bEndpointAddress;
1221
1222 hidg_ss_in_ep_desc.bEndpointAddress =
1223 hidg_fs_in_ep_desc.bEndpointAddress;
1224 hidg_ss_out_ep_desc.bEndpointAddress =
1225 hidg_fs_out_ep_desc.bEndpointAddress;
1226
1227 if (hidg->use_out_ep)
1228 status = usb_assign_descriptors(f,
1229 hidg_fs_descriptors_intout,
1230 hidg_hs_descriptors_intout,
1231 hidg_ss_descriptors_intout,
1232 hidg_ss_descriptors_intout);
1233 else
1234 status = usb_assign_descriptors(f,
1235 hidg_fs_descriptors_ssreport,
1236 hidg_hs_descriptors_ssreport,
1237 hidg_ss_descriptors_ssreport,
1238 hidg_ss_descriptors_ssreport);
1239
1240 if (status)
1241 goto fail;
1242
1243 spin_lock_init(&hidg->write_spinlock);
1244 hidg->write_pending = 1;
1245 hidg->req = NULL;
1246 spin_lock_init(&hidg->read_spinlock);
1247 spin_lock_init(&hidg->get_report_spinlock);
1248 init_waitqueue_head(&hidg->write_queue);
1249 init_waitqueue_head(&hidg->read_queue);
1250 init_waitqueue_head(&hidg->get_queue);
1251 init_waitqueue_head(&hidg->get_id_queue);
1252 INIT_LIST_HEAD(&hidg->completed_out_req);
1253 INIT_LIST_HEAD(&hidg->report_list);
1254
1255 INIT_WORK(&hidg->work, get_report_workqueue_handler);
1256 hidg->workqueue = alloc_workqueue("report_work",
1257 WQ_FREEZABLE |
1258 WQ_MEM_RECLAIM,
1259 1);
1260
1261 if (!hidg->workqueue) {
1262 status = -ENOMEM;
1263 goto fail;
1264 }
1265
1266 /* create char device */
1267 cdev_init(&hidg->cdev, &f_hidg_fops);
1268 status = cdev_device_add(&hidg->cdev, &hidg->dev);
1269 if (status)
1270 goto fail_free_descs;
1271
1272 return 0;
1273fail_free_descs:
1274 destroy_workqueue(hidg->workqueue);
1275 usb_free_all_descriptors(f);
1276fail:
1277 ERROR(f->config->cdev, "hidg_bind FAILED\n");
1278 if (hidg->req != NULL)
1279 free_ep_req(hidg->in_ep, hidg->req);
1280
1281 usb_ep_free_request(c->cdev->gadget->ep0, hidg->get_req);
1282 hidg->get_req = NULL;
1283
1284 return status;
1285}
1286
1287static inline int hidg_get_minor(void)
1288{
1289 int ret;
1290
1291 ret = ida_alloc(&hidg_ida, GFP_KERNEL);
1292 if (ret >= HIDG_MINORS) {
1293 ida_free(&hidg_ida, ret);
1294 ret = -ENODEV;
1295 }
1296
1297 return ret;
1298}
1299
1300static inline struct f_hid_opts *to_f_hid_opts(struct config_item *item)
1301{
1302 return container_of(to_config_group(item), struct f_hid_opts,
1303 func_inst.group);
1304}
1305
1306static void hid_attr_release(struct config_item *item)
1307{
1308 struct f_hid_opts *opts = to_f_hid_opts(item);
1309
1310 usb_put_function_instance(&opts->func_inst);
1311}
1312
1313static struct configfs_item_operations hidg_item_ops = {
1314 .release = hid_attr_release,
1315};
1316
1317#define F_HID_OPT(name, prec, limit) \
1318static ssize_t f_hid_opts_##name##_show(struct config_item *item, char *page)\
1319{ \
1320 struct f_hid_opts *opts = to_f_hid_opts(item); \
1321 int result; \
1322 \
1323 mutex_lock(&opts->lock); \
1324 result = sprintf(page, "%d\n", opts->name); \
1325 mutex_unlock(&opts->lock); \
1326 \
1327 return result; \
1328} \
1329 \
1330static ssize_t f_hid_opts_##name##_store(struct config_item *item, \
1331 const char *page, size_t len) \
1332{ \
1333 struct f_hid_opts *opts = to_f_hid_opts(item); \
1334 int ret; \
1335 u##prec num; \
1336 \
1337 mutex_lock(&opts->lock); \
1338 if (opts->refcnt) { \
1339 ret = -EBUSY; \
1340 goto end; \
1341 } \
1342 \
1343 ret = kstrtou##prec(page, 0, &num); \
1344 if (ret) \
1345 goto end; \
1346 \
1347 if (num > limit) { \
1348 ret = -EINVAL; \
1349 goto end; \
1350 } \
1351 opts->name = num; \
1352 ret = len; \
1353 \
1354end: \
1355 mutex_unlock(&opts->lock); \
1356 return ret; \
1357} \
1358 \
1359CONFIGFS_ATTR(f_hid_opts_, name)
1360
1361F_HID_OPT(subclass, 8, 255);
1362F_HID_OPT(protocol, 8, 255);
1363F_HID_OPT(no_out_endpoint, 8, 1);
1364F_HID_OPT(report_length, 16, 65535);
1365
1366static ssize_t f_hid_opts_report_desc_show(struct config_item *item, char *page)
1367{
1368 struct f_hid_opts *opts = to_f_hid_opts(item);
1369 int result;
1370
1371 mutex_lock(&opts->lock);
1372 result = opts->report_desc_length;
1373 memcpy(page, opts->report_desc, opts->report_desc_length);
1374 mutex_unlock(&opts->lock);
1375
1376 return result;
1377}
1378
1379static ssize_t f_hid_opts_report_desc_store(struct config_item *item,
1380 const char *page, size_t len)
1381{
1382 struct f_hid_opts *opts = to_f_hid_opts(item);
1383 int ret = -EBUSY;
1384 char *d;
1385
1386 mutex_lock(&opts->lock);
1387
1388 if (opts->refcnt)
1389 goto end;
1390 if (len > PAGE_SIZE) {
1391 ret = -ENOSPC;
1392 goto end;
1393 }
1394 d = kmemdup(page, len, GFP_KERNEL);
1395 if (!d) {
1396 ret = -ENOMEM;
1397 goto end;
1398 }
1399 kfree(opts->report_desc);
1400 opts->report_desc = d;
1401 opts->report_desc_length = len;
1402 opts->report_desc_alloc = true;
1403 ret = len;
1404end:
1405 mutex_unlock(&opts->lock);
1406 return ret;
1407}
1408
1409CONFIGFS_ATTR(f_hid_opts_, report_desc);
1410
1411static ssize_t f_hid_opts_dev_show(struct config_item *item, char *page)
1412{
1413 struct f_hid_opts *opts = to_f_hid_opts(item);
1414
1415 return sprintf(page, "%d:%d\n", major, opts->minor);
1416}
1417
1418CONFIGFS_ATTR_RO(f_hid_opts_, dev);
1419
1420static struct configfs_attribute *hid_attrs[] = {
1421 &f_hid_opts_attr_subclass,
1422 &f_hid_opts_attr_protocol,
1423 &f_hid_opts_attr_no_out_endpoint,
1424 &f_hid_opts_attr_report_length,
1425 &f_hid_opts_attr_report_desc,
1426 &f_hid_opts_attr_dev,
1427 NULL,
1428};
1429
1430static const struct config_item_type hid_func_type = {
1431 .ct_item_ops = &hidg_item_ops,
1432 .ct_attrs = hid_attrs,
1433 .ct_owner = THIS_MODULE,
1434};
1435
1436static inline void hidg_put_minor(int minor)
1437{
1438 ida_free(&hidg_ida, minor);
1439}
1440
1441static void hidg_free_inst(struct usb_function_instance *f)
1442{
1443 struct f_hid_opts *opts;
1444
1445 opts = container_of(f, struct f_hid_opts, func_inst);
1446
1447 mutex_lock(&hidg_ida_lock);
1448
1449 hidg_put_minor(opts->minor);
1450 if (ida_is_empty(&hidg_ida))
1451 ghid_cleanup();
1452
1453 mutex_unlock(&hidg_ida_lock);
1454
1455 if (opts->report_desc_alloc)
1456 kfree(opts->report_desc);
1457
1458 kfree(opts);
1459}
1460
1461static struct usb_function_instance *hidg_alloc_inst(void)
1462{
1463 struct f_hid_opts *opts;
1464 struct usb_function_instance *ret;
1465 int status = 0;
1466
1467 opts = kzalloc(sizeof(*opts), GFP_KERNEL);
1468 if (!opts)
1469 return ERR_PTR(-ENOMEM);
1470 mutex_init(&opts->lock);
1471 opts->func_inst.free_func_inst = hidg_free_inst;
1472 ret = &opts->func_inst;
1473
1474 mutex_lock(&hidg_ida_lock);
1475
1476 if (ida_is_empty(&hidg_ida)) {
1477 status = ghid_setup(NULL, HIDG_MINORS);
1478 if (status) {
1479 ret = ERR_PTR(status);
1480 kfree(opts);
1481 goto unlock;
1482 }
1483 }
1484
1485 opts->minor = hidg_get_minor();
1486 if (opts->minor < 0) {
1487 ret = ERR_PTR(opts->minor);
1488 kfree(opts);
1489 if (ida_is_empty(&hidg_ida))
1490 ghid_cleanup();
1491 goto unlock;
1492 }
1493 config_group_init_type_name(&opts->func_inst.group, "", &hid_func_type);
1494
1495unlock:
1496 mutex_unlock(&hidg_ida_lock);
1497 return ret;
1498}
1499
1500static void hidg_free(struct usb_function *f)
1501{
1502 struct f_hidg *hidg;
1503 struct f_hid_opts *opts;
1504
1505 hidg = func_to_hidg(f);
1506 opts = container_of(f->fi, struct f_hid_opts, func_inst);
1507 put_device(&hidg->dev);
1508 mutex_lock(&opts->lock);
1509 --opts->refcnt;
1510 mutex_unlock(&opts->lock);
1511}
1512
1513static void hidg_unbind(struct usb_configuration *c, struct usb_function *f)
1514{
1515 struct f_hidg *hidg = func_to_hidg(f);
1516
1517 cdev_device_del(&hidg->cdev, &hidg->dev);
1518 destroy_workqueue(hidg->workqueue);
1519 usb_free_all_descriptors(f);
1520}
1521
1522static struct usb_function *hidg_alloc(struct usb_function_instance *fi)
1523{
1524 struct f_hidg *hidg;
1525 struct f_hid_opts *opts;
1526 int ret;
1527
1528 /* allocate and initialize one new instance */
1529 hidg = kzalloc(sizeof(*hidg), GFP_KERNEL);
1530 if (!hidg)
1531 return ERR_PTR(-ENOMEM);
1532
1533 opts = container_of(fi, struct f_hid_opts, func_inst);
1534
1535 mutex_lock(&opts->lock);
1536
1537 device_initialize(&hidg->dev);
1538 hidg->dev.release = hidg_release;
1539 hidg->dev.class = &hidg_class;
1540 hidg->dev.devt = MKDEV(major, opts->minor);
1541 ret = dev_set_name(&hidg->dev, "hidg%d", opts->minor);
1542 if (ret)
1543 goto err_unlock;
1544
1545 hidg->bInterfaceSubClass = opts->subclass;
1546 hidg->bInterfaceProtocol = opts->protocol;
1547 hidg->report_length = opts->report_length;
1548 hidg->report_desc_length = opts->report_desc_length;
1549 if (opts->report_desc) {
1550 hidg->report_desc = kmemdup(opts->report_desc,
1551 opts->report_desc_length,
1552 GFP_KERNEL);
1553 if (!hidg->report_desc) {
1554 ret = -ENOMEM;
1555 goto err_put_device;
1556 }
1557 }
1558 hidg->use_out_ep = !opts->no_out_endpoint;
1559
1560 ++opts->refcnt;
1561 mutex_unlock(&opts->lock);
1562
1563 hidg->func.name = "hid";
1564 hidg->func.bind = hidg_bind;
1565 hidg->func.unbind = hidg_unbind;
1566 hidg->func.set_alt = hidg_set_alt;
1567 hidg->func.disable = hidg_disable;
1568 hidg->func.setup = hidg_setup;
1569 hidg->func.free_func = hidg_free;
1570
1571 /* this could be made configurable at some point */
1572 hidg->qlen = 4;
1573
1574 return &hidg->func;
1575
1576err_put_device:
1577 put_device(&hidg->dev);
1578err_unlock:
1579 mutex_unlock(&opts->lock);
1580 return ERR_PTR(ret);
1581}
1582
1583DECLARE_USB_FUNCTION_INIT(hid, hidg_alloc_inst, hidg_alloc);
1584MODULE_DESCRIPTION("USB HID function driver");
1585MODULE_LICENSE("GPL");
1586MODULE_AUTHOR("Fabien Chouteau");
1587
1588int ghid_setup(struct usb_gadget *g, int count)
1589{
1590 int status;
1591 dev_t dev;
1592
1593 status = class_register(&hidg_class);
1594 if (status)
1595 return status;
1596
1597 status = alloc_chrdev_region(&dev, 0, count, "hidg");
1598 if (status) {
1599 class_unregister(&hidg_class);
1600 return status;
1601 }
1602
1603 major = MAJOR(dev);
1604 minors = count;
1605
1606 return 0;
1607}
1608
1609void ghid_cleanup(void)
1610{
1611 if (major) {
1612 unregister_chrdev_region(MKDEV(major, 0), minors);
1613 major = minors = 0;
1614 }
1615
1616 class_unregister(&hidg_class);
1617}