linux/drivers/usb/gadget/function/f_hid.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0+
   2/*
   3 * f_hid.c -- USB HID function driver
   4 *
   5 * Copyright (C) 2010 Fabien Chouteau <fabien.chouteau@barco.com>
   6 */
   7
   8#include <linux/kernel.h>
   9#include <linux/module.h>
  10#include <linux/hid.h>
  11#include <linux/idr.h>
  12#include <linux/cdev.h>
  13#include <linux/mutex.h>
  14#include <linux/poll.h>
  15#include <linux/uaccess.h>
  16#include <linux/wait.h>
  17#include <linux/sched.h>
  18#include <linux/usb/g_hid.h>
  19
  20#include "u_f.h"
  21#include "u_hid.h"
  22
  23#define HIDG_MINORS     4
  24
  25static int major, minors;
  26static struct class *hidg_class;
  27static DEFINE_IDA(hidg_ida);
  28static DEFINE_MUTEX(hidg_ida_lock); /* protects access to hidg_ida */
  29
  30/*-------------------------------------------------------------------------*/
  31/*                            HID gadget struct                            */
  32
  33struct f_hidg_req_list {
  34        struct usb_request      *req;
  35        unsigned int            pos;
  36        struct list_head        list;
  37};
  38
  39struct f_hidg {
  40        /* configuration */
  41        unsigned char                   bInterfaceSubClass;
  42        unsigned char                   bInterfaceProtocol;
  43        unsigned char                   protocol;
  44        unsigned char                   idle;
  45        unsigned short                  report_desc_length;
  46        char                            *report_desc;
  47        unsigned short                  report_length;
  48
  49        /* recv report */
  50        struct list_head                completed_out_req;
  51        spinlock_t                      read_spinlock;
  52        wait_queue_head_t               read_queue;
  53        unsigned int                    qlen;
  54
  55        /* send report */
  56        spinlock_t                      write_spinlock;
  57        bool                            write_pending;
  58        wait_queue_head_t               write_queue;
  59        struct usb_request              *req;
  60
  61        int                             minor;
  62        struct cdev                     cdev;
  63        struct usb_function             func;
  64
  65        struct usb_ep                   *in_ep;
  66        struct usb_ep                   *out_ep;
  67};
  68
  69static inline struct f_hidg *func_to_hidg(struct usb_function *f)
  70{
  71        return container_of(f, struct f_hidg, func);
  72}
  73
  74/*-------------------------------------------------------------------------*/
  75/*                           Static descriptors                            */
  76
  77static struct usb_interface_descriptor hidg_interface_desc = {
  78        .bLength                = sizeof hidg_interface_desc,
  79        .bDescriptorType        = USB_DT_INTERFACE,
  80        /* .bInterfaceNumber    = DYNAMIC */
  81        .bAlternateSetting      = 0,
  82        .bNumEndpoints          = 2,
  83        .bInterfaceClass        = USB_CLASS_HID,
  84        /* .bInterfaceSubClass  = DYNAMIC */
  85        /* .bInterfaceProtocol  = DYNAMIC */
  86        /* .iInterface          = DYNAMIC */
  87};
  88
  89static struct hid_descriptor hidg_desc = {
  90        .bLength                        = sizeof hidg_desc,
  91        .bDescriptorType                = HID_DT_HID,
  92        .bcdHID                         = cpu_to_le16(0x0101),
  93        .bCountryCode                   = 0x00,
  94        .bNumDescriptors                = 0x1,
  95        /*.desc[0].bDescriptorType      = DYNAMIC */
  96        /*.desc[0].wDescriptorLenght    = DYNAMIC */
  97};
  98
  99/* Super-Speed Support */
 100
 101static struct usb_endpoint_descriptor hidg_ss_in_ep_desc = {
 102        .bLength                = USB_DT_ENDPOINT_SIZE,
 103        .bDescriptorType        = USB_DT_ENDPOINT,
 104        .bEndpointAddress       = USB_DIR_IN,
 105        .bmAttributes           = USB_ENDPOINT_XFER_INT,
 106        /*.wMaxPacketSize       = DYNAMIC */
 107        .bInterval              = 4, /* FIXME: Add this field in the
 108                                      * HID gadget configuration?
 109                                      * (struct hidg_func_descriptor)
 110                                      */
 111};
 112
 113static struct usb_ss_ep_comp_descriptor hidg_ss_in_comp_desc = {
 114        .bLength                = sizeof(hidg_ss_in_comp_desc),
 115        .bDescriptorType        = USB_DT_SS_ENDPOINT_COMP,
 116
 117        /* .bMaxBurst           = 0, */
 118        /* .bmAttributes        = 0, */
 119        /* .wBytesPerInterval   = DYNAMIC */
 120};
 121
 122static struct usb_endpoint_descriptor hidg_ss_out_ep_desc = {
 123        .bLength                = USB_DT_ENDPOINT_SIZE,
 124        .bDescriptorType        = USB_DT_ENDPOINT,
 125        .bEndpointAddress       = USB_DIR_OUT,
 126        .bmAttributes           = USB_ENDPOINT_XFER_INT,
 127        /*.wMaxPacketSize       = DYNAMIC */
 128        .bInterval              = 4, /* FIXME: Add this field in the
 129                                      * HID gadget configuration?
 130                                      * (struct hidg_func_descriptor)
 131                                      */
 132};
 133
 134static struct usb_ss_ep_comp_descriptor hidg_ss_out_comp_desc = {
 135        .bLength                = sizeof(hidg_ss_out_comp_desc),
 136        .bDescriptorType        = USB_DT_SS_ENDPOINT_COMP,
 137
 138        /* .bMaxBurst           = 0, */
 139        /* .bmAttributes        = 0, */
 140        /* .wBytesPerInterval   = DYNAMIC */
 141};
 142
 143static struct usb_descriptor_header *hidg_ss_descriptors[] = {
 144        (struct usb_descriptor_header *)&hidg_interface_desc,
 145        (struct usb_descriptor_header *)&hidg_desc,
 146        (struct usb_descriptor_header *)&hidg_ss_in_ep_desc,
 147        (struct usb_descriptor_header *)&hidg_ss_in_comp_desc,
 148        (struct usb_descriptor_header *)&hidg_ss_out_ep_desc,
 149        (struct usb_descriptor_header *)&hidg_ss_out_comp_desc,
 150        NULL,
 151};
 152
 153/* High-Speed Support */
 154
 155static struct usb_endpoint_descriptor hidg_hs_in_ep_desc = {
 156        .bLength                = USB_DT_ENDPOINT_SIZE,
 157        .bDescriptorType        = USB_DT_ENDPOINT,
 158        .bEndpointAddress       = USB_DIR_IN,
 159        .bmAttributes           = USB_ENDPOINT_XFER_INT,
 160        /*.wMaxPacketSize       = DYNAMIC */
 161        .bInterval              = 4, /* FIXME: Add this field in the
 162                                      * HID gadget configuration?
 163                                      * (struct hidg_func_descriptor)
 164                                      */
 165};
 166
 167static struct usb_endpoint_descriptor hidg_hs_out_ep_desc = {
 168        .bLength                = USB_DT_ENDPOINT_SIZE,
 169        .bDescriptorType        = USB_DT_ENDPOINT,
 170        .bEndpointAddress       = USB_DIR_OUT,
 171        .bmAttributes           = USB_ENDPOINT_XFER_INT,
 172        /*.wMaxPacketSize       = DYNAMIC */
 173        .bInterval              = 4, /* FIXME: Add this field in the
 174                                      * HID gadget configuration?
 175                                      * (struct hidg_func_descriptor)
 176                                      */
 177};
 178
 179static struct usb_descriptor_header *hidg_hs_descriptors[] = {
 180        (struct usb_descriptor_header *)&hidg_interface_desc,
 181        (struct usb_descriptor_header *)&hidg_desc,
 182        (struct usb_descriptor_header *)&hidg_hs_in_ep_desc,
 183        (struct usb_descriptor_header *)&hidg_hs_out_ep_desc,
 184        NULL,
 185};
 186
 187/* Full-Speed Support */
 188
 189static struct usb_endpoint_descriptor hidg_fs_in_ep_desc = {
 190        .bLength                = USB_DT_ENDPOINT_SIZE,
 191        .bDescriptorType        = USB_DT_ENDPOINT,
 192        .bEndpointAddress       = USB_DIR_IN,
 193        .bmAttributes           = USB_ENDPOINT_XFER_INT,
 194        /*.wMaxPacketSize       = DYNAMIC */
 195        .bInterval              = 10, /* FIXME: Add this field in the
 196                                       * HID gadget configuration?
 197                                       * (struct hidg_func_descriptor)
 198                                       */
 199};
 200
 201static struct usb_endpoint_descriptor hidg_fs_out_ep_desc = {
 202        .bLength                = USB_DT_ENDPOINT_SIZE,
 203        .bDescriptorType        = USB_DT_ENDPOINT,
 204        .bEndpointAddress       = USB_DIR_OUT,
 205        .bmAttributes           = USB_ENDPOINT_XFER_INT,
 206        /*.wMaxPacketSize       = DYNAMIC */
 207        .bInterval              = 10, /* FIXME: Add this field in the
 208                                       * HID gadget configuration?
 209                                       * (struct hidg_func_descriptor)
 210                                       */
 211};
 212
 213static struct usb_descriptor_header *hidg_fs_descriptors[] = {
 214        (struct usb_descriptor_header *)&hidg_interface_desc,
 215        (struct usb_descriptor_header *)&hidg_desc,
 216        (struct usb_descriptor_header *)&hidg_fs_in_ep_desc,
 217        (struct usb_descriptor_header *)&hidg_fs_out_ep_desc,
 218        NULL,
 219};
 220
 221/*-------------------------------------------------------------------------*/
 222/*                                 Strings                                 */
 223
 224#define CT_FUNC_HID_IDX 0
 225
 226static struct usb_string ct_func_string_defs[] = {
 227        [CT_FUNC_HID_IDX].s     = "HID Interface",
 228        {},                     /* end of list */
 229};
 230
 231static struct usb_gadget_strings ct_func_string_table = {
 232        .language       = 0x0409,       /* en-US */
 233        .strings        = ct_func_string_defs,
 234};
 235
 236static struct usb_gadget_strings *ct_func_strings[] = {
 237        &ct_func_string_table,
 238        NULL,
 239};
 240
 241/*-------------------------------------------------------------------------*/
 242/*                              Char Device                                */
 243
 244static ssize_t f_hidg_read(struct file *file, char __user *buffer,
 245                        size_t count, loff_t *ptr)
 246{
 247        struct f_hidg *hidg = file->private_data;
 248        struct f_hidg_req_list *list;
 249        struct usb_request *req;
 250        unsigned long flags;
 251        int ret;
 252
 253        if (!count)
 254                return 0;
 255
 256        spin_lock_irqsave(&hidg->read_spinlock, flags);
 257
 258#define READ_COND (!list_empty(&hidg->completed_out_req))
 259
 260        /* wait for at least one buffer to complete */
 261        while (!READ_COND) {
 262                spin_unlock_irqrestore(&hidg->read_spinlock, flags);
 263                if (file->f_flags & O_NONBLOCK)
 264                        return -EAGAIN;
 265
 266                if (wait_event_interruptible(hidg->read_queue, READ_COND))
 267                        return -ERESTARTSYS;
 268
 269                spin_lock_irqsave(&hidg->read_spinlock, flags);
 270        }
 271
 272        /* pick the first one */
 273        list = list_first_entry(&hidg->completed_out_req,
 274                                struct f_hidg_req_list, list);
 275
 276        /*
 277         * Remove this from list to protect it from beign free()
 278         * while host disables our function
 279         */
 280        list_del(&list->list);
 281
 282        req = list->req;
 283        count = min_t(unsigned int, count, req->actual - list->pos);
 284        spin_unlock_irqrestore(&hidg->read_spinlock, flags);
 285
 286        /* copy to user outside spinlock */
 287        count -= copy_to_user(buffer, req->buf + list->pos, count);
 288        list->pos += count;
 289
 290        /*
 291         * if this request is completely handled and transfered to
 292         * userspace, remove its entry from the list and requeue it
 293         * again. Otherwise, we will revisit it again upon the next
 294         * call, taking into account its current read position.
 295         */
 296        if (list->pos == req->actual) {
 297                kfree(list);
 298
 299                req->length = hidg->report_length;
 300                ret = usb_ep_queue(hidg->out_ep, req, GFP_KERNEL);
 301                if (ret < 0) {
 302                        free_ep_req(hidg->out_ep, req);
 303                        return ret;
 304                }
 305        } else {
 306                spin_lock_irqsave(&hidg->read_spinlock, flags);
 307                list_add(&list->list, &hidg->completed_out_req);
 308                spin_unlock_irqrestore(&hidg->read_spinlock, flags);
 309
 310                wake_up(&hidg->read_queue);
 311        }
 312
 313        return count;
 314}
 315
 316static void f_hidg_req_complete(struct usb_ep *ep, struct usb_request *req)
 317{
 318        struct f_hidg *hidg = (struct f_hidg *)ep->driver_data;
 319        unsigned long flags;
 320
 321        if (req->status != 0) {
 322                ERROR(hidg->func.config->cdev,
 323                        "End Point Request ERROR: %d\n", req->status);
 324        }
 325
 326        spin_lock_irqsave(&hidg->write_spinlock, flags);
 327        hidg->write_pending = 0;
 328        spin_unlock_irqrestore(&hidg->write_spinlock, flags);
 329        wake_up(&hidg->write_queue);
 330}
 331
 332static ssize_t f_hidg_write(struct file *file, const char __user *buffer,
 333                            size_t count, loff_t *offp)
 334{
 335        struct f_hidg *hidg  = file->private_data;
 336        struct usb_request *req;
 337        unsigned long flags;
 338        ssize_t status = -ENOMEM;
 339
 340        spin_lock_irqsave(&hidg->write_spinlock, flags);
 341
 342        if (!hidg->req) {
 343                spin_unlock_irqrestore(&hidg->write_spinlock, flags);
 344                return -ESHUTDOWN;
 345        }
 346
 347#define WRITE_COND (!hidg->write_pending)
 348try_again:
 349        /* write queue */
 350        while (!WRITE_COND) {
 351                spin_unlock_irqrestore(&hidg->write_spinlock, flags);
 352                if (file->f_flags & O_NONBLOCK)
 353                        return -EAGAIN;
 354
 355                if (wait_event_interruptible_exclusive(
 356                                hidg->write_queue, WRITE_COND))
 357                        return -ERESTARTSYS;
 358
 359                spin_lock_irqsave(&hidg->write_spinlock, flags);
 360        }
 361
 362        hidg->write_pending = 1;
 363        req = hidg->req;
 364        count  = min_t(unsigned, count, hidg->report_length);
 365
 366        spin_unlock_irqrestore(&hidg->write_spinlock, flags);
 367
 368        if (!req) {
 369                ERROR(hidg->func.config->cdev, "hidg->req is NULL\n");
 370                status = -ESHUTDOWN;
 371                goto release_write_pending;
 372        }
 373
 374        status = copy_from_user(req->buf, buffer, count);
 375        if (status != 0) {
 376                ERROR(hidg->func.config->cdev,
 377                        "copy_from_user error\n");
 378                status = -EINVAL;
 379                goto release_write_pending;
 380        }
 381
 382        spin_lock_irqsave(&hidg->write_spinlock, flags);
 383
 384        /* when our function has been disabled by host */
 385        if (!hidg->req) {
 386                free_ep_req(hidg->in_ep, req);
 387                /*
 388                 * TODO
 389                 * Should we fail with error here?
 390                 */
 391                goto try_again;
 392        }
 393
 394        req->status   = 0;
 395        req->zero     = 0;
 396        req->length   = count;
 397        req->complete = f_hidg_req_complete;
 398        req->context  = hidg;
 399
 400        spin_unlock_irqrestore(&hidg->write_spinlock, flags);
 401
 402        if (!hidg->in_ep->enabled) {
 403                ERROR(hidg->func.config->cdev, "in_ep is disabled\n");
 404                status = -ESHUTDOWN;
 405                goto release_write_pending;
 406        }
 407
 408        status = usb_ep_queue(hidg->in_ep, req, GFP_ATOMIC);
 409        if (status < 0)
 410                goto release_write_pending;
 411        else
 412                status = count;
 413
 414        return status;
 415release_write_pending:
 416        spin_lock_irqsave(&hidg->write_spinlock, flags);
 417        hidg->write_pending = 0;
 418        spin_unlock_irqrestore(&hidg->write_spinlock, flags);
 419
 420        wake_up(&hidg->write_queue);
 421
 422        return status;
 423}
 424
 425static __poll_t f_hidg_poll(struct file *file, poll_table *wait)
 426{
 427        struct f_hidg   *hidg  = file->private_data;
 428        __poll_t        ret = 0;
 429
 430        poll_wait(file, &hidg->read_queue, wait);
 431        poll_wait(file, &hidg->write_queue, wait);
 432
 433        if (WRITE_COND)
 434                ret |= EPOLLOUT | EPOLLWRNORM;
 435
 436        if (READ_COND)
 437                ret |= EPOLLIN | EPOLLRDNORM;
 438
 439        return ret;
 440}
 441
 442#undef WRITE_COND
 443#undef READ_COND
 444
 445static int f_hidg_release(struct inode *inode, struct file *fd)
 446{
 447        fd->private_data = NULL;
 448        return 0;
 449}
 450
 451static int f_hidg_open(struct inode *inode, struct file *fd)
 452{
 453        struct f_hidg *hidg =
 454                container_of(inode->i_cdev, struct f_hidg, cdev);
 455
 456        fd->private_data = hidg;
 457
 458        return 0;
 459}
 460
 461/*-------------------------------------------------------------------------*/
 462/*                                usb_function                             */
 463
 464static inline struct usb_request *hidg_alloc_ep_req(struct usb_ep *ep,
 465                                                    unsigned length)
 466{
 467        return alloc_ep_req(ep, length);
 468}
 469
 470static void hidg_set_report_complete(struct usb_ep *ep, struct usb_request *req)
 471{
 472        struct f_hidg *hidg = (struct f_hidg *) req->context;
 473        struct usb_composite_dev *cdev = hidg->func.config->cdev;
 474        struct f_hidg_req_list *req_list;
 475        unsigned long flags;
 476
 477        switch (req->status) {
 478        case 0:
 479                req_list = kzalloc(sizeof(*req_list), GFP_ATOMIC);
 480                if (!req_list) {
 481                        ERROR(cdev, "Unable to allocate mem for req_list\n");
 482                        goto free_req;
 483                }
 484
 485                req_list->req = req;
 486
 487                spin_lock_irqsave(&hidg->read_spinlock, flags);
 488                list_add_tail(&req_list->list, &hidg->completed_out_req);
 489                spin_unlock_irqrestore(&hidg->read_spinlock, flags);
 490
 491                wake_up(&hidg->read_queue);
 492                break;
 493        default:
 494                ERROR(cdev, "Set report failed %d\n", req->status);
 495                fallthrough;
 496        case -ECONNABORTED:             /* hardware forced ep reset */
 497        case -ECONNRESET:               /* request dequeued */
 498        case -ESHUTDOWN:                /* disconnect from host */
 499free_req:
 500                free_ep_req(ep, req);
 501                return;
 502        }
 503}
 504
 505static int hidg_setup(struct usb_function *f,
 506                const struct usb_ctrlrequest *ctrl)
 507{
 508        struct f_hidg                   *hidg = func_to_hidg(f);
 509        struct usb_composite_dev        *cdev = f->config->cdev;
 510        struct usb_request              *req  = cdev->req;
 511        int status = 0;
 512        __u16 value, length;
 513
 514        value   = __le16_to_cpu(ctrl->wValue);
 515        length  = __le16_to_cpu(ctrl->wLength);
 516
 517        VDBG(cdev,
 518             "%s crtl_request : bRequestType:0x%x bRequest:0x%x Value:0x%x\n",
 519             __func__, ctrl->bRequestType, ctrl->bRequest, value);
 520
 521        switch ((ctrl->bRequestType << 8) | ctrl->bRequest) {
 522        case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
 523                  | HID_REQ_GET_REPORT):
 524                VDBG(cdev, "get_report\n");
 525
 526                /* send an empty report */
 527                length = min_t(unsigned, length, hidg->report_length);
 528                memset(req->buf, 0x0, length);
 529
 530                goto respond;
 531                break;
 532
 533        case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
 534                  | HID_REQ_GET_PROTOCOL):
 535                VDBG(cdev, "get_protocol\n");
 536                length = min_t(unsigned int, length, 1);
 537                ((u8 *) req->buf)[0] = hidg->protocol;
 538                goto respond;
 539                break;
 540
 541        case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
 542                  | HID_REQ_GET_IDLE):
 543                VDBG(cdev, "get_idle\n");
 544                length = min_t(unsigned int, length, 1);
 545                ((u8 *) req->buf)[0] = hidg->idle;
 546                goto respond;
 547                break;
 548
 549        case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
 550                  | HID_REQ_SET_REPORT):
 551                VDBG(cdev, "set_report | wLength=%d\n", ctrl->wLength);
 552                goto stall;
 553                break;
 554
 555        case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
 556                  | HID_REQ_SET_PROTOCOL):
 557                VDBG(cdev, "set_protocol\n");
 558                if (value > HID_REPORT_PROTOCOL)
 559                        goto stall;
 560                length = 0;
 561                /*
 562                 * We assume that programs implementing the Boot protocol
 563                 * are also compatible with the Report Protocol
 564                 */
 565                if (hidg->bInterfaceSubClass == USB_INTERFACE_SUBCLASS_BOOT) {
 566                        hidg->protocol = value;
 567                        goto respond;
 568                }
 569                goto stall;
 570                break;
 571
 572        case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
 573                  | HID_REQ_SET_IDLE):
 574                VDBG(cdev, "set_idle\n");
 575                length = 0;
 576                hidg->idle = value >> 8;
 577                goto respond;
 578                break;
 579
 580        case ((USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_INTERFACE) << 8
 581                  | USB_REQ_GET_DESCRIPTOR):
 582                switch (value >> 8) {
 583                case HID_DT_HID:
 584                {
 585                        struct hid_descriptor hidg_desc_copy = hidg_desc;
 586
 587                        VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n");
 588                        hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT;
 589                        hidg_desc_copy.desc[0].wDescriptorLength =
 590                                cpu_to_le16(hidg->report_desc_length);
 591
 592                        length = min_t(unsigned short, length,
 593                                                   hidg_desc_copy.bLength);
 594                        memcpy(req->buf, &hidg_desc_copy, length);
 595                        goto respond;
 596                        break;
 597                }
 598                case HID_DT_REPORT:
 599                        VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: REPORT\n");
 600                        length = min_t(unsigned short, length,
 601                                                   hidg->report_desc_length);
 602                        memcpy(req->buf, hidg->report_desc, length);
 603                        goto respond;
 604                        break;
 605
 606                default:
 607                        VDBG(cdev, "Unknown descriptor request 0x%x\n",
 608                                 value >> 8);
 609                        goto stall;
 610                        break;
 611                }
 612                break;
 613
 614        default:
 615                VDBG(cdev, "Unknown request 0x%x\n",
 616                         ctrl->bRequest);
 617                goto stall;
 618                break;
 619        }
 620
 621stall:
 622        return -EOPNOTSUPP;
 623
 624respond:
 625        req->zero = 0;
 626        req->length = length;
 627        status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC);
 628        if (status < 0)
 629                ERROR(cdev, "usb_ep_queue error on ep0 %d\n", value);
 630        return status;
 631}
 632
 633static void hidg_disable(struct usb_function *f)
 634{
 635        struct f_hidg *hidg = func_to_hidg(f);
 636        struct f_hidg_req_list *list, *next;
 637        unsigned long flags;
 638
 639        usb_ep_disable(hidg->in_ep);
 640        usb_ep_disable(hidg->out_ep);
 641
 642        spin_lock_irqsave(&hidg->read_spinlock, flags);
 643        list_for_each_entry_safe(list, next, &hidg->completed_out_req, list) {
 644                free_ep_req(hidg->out_ep, list->req);
 645                list_del(&list->list);
 646                kfree(list);
 647        }
 648        spin_unlock_irqrestore(&hidg->read_spinlock, flags);
 649
 650        spin_lock_irqsave(&hidg->write_spinlock, flags);
 651        if (!hidg->write_pending) {
 652                free_ep_req(hidg->in_ep, hidg->req);
 653                hidg->write_pending = 1;
 654        }
 655
 656        hidg->req = NULL;
 657        spin_unlock_irqrestore(&hidg->write_spinlock, flags);
 658}
 659
 660static int hidg_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
 661{
 662        struct usb_composite_dev                *cdev = f->config->cdev;
 663        struct f_hidg                           *hidg = func_to_hidg(f);
 664        struct usb_request                      *req_in = NULL;
 665        unsigned long                           flags;
 666        int i, status = 0;
 667
 668        VDBG(cdev, "hidg_set_alt intf:%d alt:%d\n", intf, alt);
 669
 670        if (hidg->in_ep != NULL) {
 671                /* restart endpoint */
 672                usb_ep_disable(hidg->in_ep);
 673
 674                status = config_ep_by_speed(f->config->cdev->gadget, f,
 675                                            hidg->in_ep);
 676                if (status) {
 677                        ERROR(cdev, "config_ep_by_speed FAILED!\n");
 678                        goto fail;
 679                }
 680                status = usb_ep_enable(hidg->in_ep);
 681                if (status < 0) {
 682                        ERROR(cdev, "Enable IN endpoint FAILED!\n");
 683                        goto fail;
 684                }
 685                hidg->in_ep->driver_data = hidg;
 686
 687                req_in = hidg_alloc_ep_req(hidg->in_ep, hidg->report_length);
 688                if (!req_in) {
 689                        status = -ENOMEM;
 690                        goto disable_ep_in;
 691                }
 692        }
 693
 694
 695        if (hidg->out_ep != NULL) {
 696                /* restart endpoint */
 697                usb_ep_disable(hidg->out_ep);
 698
 699                status = config_ep_by_speed(f->config->cdev->gadget, f,
 700                                            hidg->out_ep);
 701                if (status) {
 702                        ERROR(cdev, "config_ep_by_speed FAILED!\n");
 703                        goto free_req_in;
 704                }
 705                status = usb_ep_enable(hidg->out_ep);
 706                if (status < 0) {
 707                        ERROR(cdev, "Enable OUT endpoint FAILED!\n");
 708                        goto free_req_in;
 709                }
 710                hidg->out_ep->driver_data = hidg;
 711
 712                /*
 713                 * allocate a bunch of read buffers and queue them all at once.
 714                 */
 715                for (i = 0; i < hidg->qlen && status == 0; i++) {
 716                        struct usb_request *req =
 717                                        hidg_alloc_ep_req(hidg->out_ep,
 718                                                          hidg->report_length);
 719                        if (req) {
 720                                req->complete = hidg_set_report_complete;
 721                                req->context  = hidg;
 722                                status = usb_ep_queue(hidg->out_ep, req,
 723                                                      GFP_ATOMIC);
 724                                if (status) {
 725                                        ERROR(cdev, "%s queue req --> %d\n",
 726                                                hidg->out_ep->name, status);
 727                                        free_ep_req(hidg->out_ep, req);
 728                                }
 729                        } else {
 730                                status = -ENOMEM;
 731                                goto disable_out_ep;
 732                        }
 733                }
 734        }
 735
 736        if (hidg->in_ep != NULL) {
 737                spin_lock_irqsave(&hidg->write_spinlock, flags);
 738                hidg->req = req_in;
 739                hidg->write_pending = 0;
 740                spin_unlock_irqrestore(&hidg->write_spinlock, flags);
 741
 742                wake_up(&hidg->write_queue);
 743        }
 744        return 0;
 745disable_out_ep:
 746        usb_ep_disable(hidg->out_ep);
 747free_req_in:
 748        if (req_in)
 749                free_ep_req(hidg->in_ep, req_in);
 750
 751disable_ep_in:
 752        if (hidg->in_ep)
 753                usb_ep_disable(hidg->in_ep);
 754
 755fail:
 756        return status;
 757}
 758
 759static const struct file_operations f_hidg_fops = {
 760        .owner          = THIS_MODULE,
 761        .open           = f_hidg_open,
 762        .release        = f_hidg_release,
 763        .write          = f_hidg_write,
 764        .read           = f_hidg_read,
 765        .poll           = f_hidg_poll,
 766        .llseek         = noop_llseek,
 767};
 768
 769static int hidg_bind(struct usb_configuration *c, struct usb_function *f)
 770{
 771        struct usb_ep           *ep;
 772        struct f_hidg           *hidg = func_to_hidg(f);
 773        struct usb_string       *us;
 774        struct device           *device;
 775        int                     status;
 776        dev_t                   dev;
 777
 778        /* maybe allocate device-global string IDs, and patch descriptors */
 779        us = usb_gstrings_attach(c->cdev, ct_func_strings,
 780                                 ARRAY_SIZE(ct_func_string_defs));
 781        if (IS_ERR(us))
 782                return PTR_ERR(us);
 783        hidg_interface_desc.iInterface = us[CT_FUNC_HID_IDX].id;
 784
 785        /* allocate instance-specific interface IDs, and patch descriptors */
 786        status = usb_interface_id(c, f);
 787        if (status < 0)
 788                goto fail;
 789        hidg_interface_desc.bInterfaceNumber = status;
 790
 791        /* allocate instance-specific endpoints */
 792        status = -ENODEV;
 793        ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_in_ep_desc);
 794        if (!ep)
 795                goto fail;
 796        hidg->in_ep = ep;
 797
 798        ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_out_ep_desc);
 799        if (!ep)
 800                goto fail;
 801        hidg->out_ep = ep;
 802
 803        /* set descriptor dynamic values */
 804        hidg_interface_desc.bInterfaceSubClass = hidg->bInterfaceSubClass;
 805        hidg_interface_desc.bInterfaceProtocol = hidg->bInterfaceProtocol;
 806        hidg->protocol = HID_REPORT_PROTOCOL;
 807        hidg->idle = 1;
 808        hidg_ss_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
 809        hidg_ss_in_comp_desc.wBytesPerInterval =
 810                                cpu_to_le16(hidg->report_length);
 811        hidg_hs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
 812        hidg_fs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
 813        hidg_ss_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
 814        hidg_ss_out_comp_desc.wBytesPerInterval =
 815                                cpu_to_le16(hidg->report_length);
 816        hidg_hs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
 817        hidg_fs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
 818        /*
 819         * We can use hidg_desc struct here but we should not relay
 820         * that its content won't change after returning from this function.
 821         */
 822        hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT;
 823        hidg_desc.desc[0].wDescriptorLength =
 824                cpu_to_le16(hidg->report_desc_length);
 825
 826        hidg_hs_in_ep_desc.bEndpointAddress =
 827                hidg_fs_in_ep_desc.bEndpointAddress;
 828        hidg_hs_out_ep_desc.bEndpointAddress =
 829                hidg_fs_out_ep_desc.bEndpointAddress;
 830
 831        hidg_ss_in_ep_desc.bEndpointAddress =
 832                hidg_fs_in_ep_desc.bEndpointAddress;
 833        hidg_ss_out_ep_desc.bEndpointAddress =
 834                hidg_fs_out_ep_desc.bEndpointAddress;
 835
 836        status = usb_assign_descriptors(f, hidg_fs_descriptors,
 837                        hidg_hs_descriptors, hidg_ss_descriptors,
 838                        hidg_ss_descriptors);
 839        if (status)
 840                goto fail;
 841
 842        spin_lock_init(&hidg->write_spinlock);
 843        hidg->write_pending = 1;
 844        hidg->req = NULL;
 845        spin_lock_init(&hidg->read_spinlock);
 846        init_waitqueue_head(&hidg->write_queue);
 847        init_waitqueue_head(&hidg->read_queue);
 848        INIT_LIST_HEAD(&hidg->completed_out_req);
 849
 850        /* create char device */
 851        cdev_init(&hidg->cdev, &f_hidg_fops);
 852        dev = MKDEV(major, hidg->minor);
 853        status = cdev_add(&hidg->cdev, dev, 1);
 854        if (status)
 855                goto fail_free_descs;
 856
 857        device = device_create(hidg_class, NULL, dev, NULL,
 858                               "%s%d", "hidg", hidg->minor);
 859        if (IS_ERR(device)) {
 860                status = PTR_ERR(device);
 861                goto del;
 862        }
 863
 864        return 0;
 865del:
 866        cdev_del(&hidg->cdev);
 867fail_free_descs:
 868        usb_free_all_descriptors(f);
 869fail:
 870        ERROR(f->config->cdev, "hidg_bind FAILED\n");
 871        if (hidg->req != NULL)
 872                free_ep_req(hidg->in_ep, hidg->req);
 873
 874        return status;
 875}
 876
 877static inline int hidg_get_minor(void)
 878{
 879        int ret;
 880
 881        ret = ida_simple_get(&hidg_ida, 0, 0, GFP_KERNEL);
 882        if (ret >= HIDG_MINORS) {
 883                ida_simple_remove(&hidg_ida, ret);
 884                ret = -ENODEV;
 885        }
 886
 887        return ret;
 888}
 889
 890static inline struct f_hid_opts *to_f_hid_opts(struct config_item *item)
 891{
 892        return container_of(to_config_group(item), struct f_hid_opts,
 893                            func_inst.group);
 894}
 895
 896static void hid_attr_release(struct config_item *item)
 897{
 898        struct f_hid_opts *opts = to_f_hid_opts(item);
 899
 900        usb_put_function_instance(&opts->func_inst);
 901}
 902
 903static struct configfs_item_operations hidg_item_ops = {
 904        .release        = hid_attr_release,
 905};
 906
 907#define F_HID_OPT(name, prec, limit)                                    \
 908static ssize_t f_hid_opts_##name##_show(struct config_item *item, char *page)\
 909{                                                                       \
 910        struct f_hid_opts *opts = to_f_hid_opts(item);                  \
 911        int result;                                                     \
 912                                                                        \
 913        mutex_lock(&opts->lock);                                        \
 914        result = sprintf(page, "%d\n", opts->name);                     \
 915        mutex_unlock(&opts->lock);                                      \
 916                                                                        \
 917        return result;                                                  \
 918}                                                                       \
 919                                                                        \
 920static ssize_t f_hid_opts_##name##_store(struct config_item *item,      \
 921                                         const char *page, size_t len)  \
 922{                                                                       \
 923        struct f_hid_opts *opts = to_f_hid_opts(item);                  \
 924        int ret;                                                        \
 925        u##prec num;                                                    \
 926                                                                        \
 927        mutex_lock(&opts->lock);                                        \
 928        if (opts->refcnt) {                                             \
 929                ret = -EBUSY;                                           \
 930                goto end;                                               \
 931        }                                                               \
 932                                                                        \
 933        ret = kstrtou##prec(page, 0, &num);                             \
 934        if (ret)                                                        \
 935                goto end;                                               \
 936                                                                        \
 937        if (num > limit) {                                              \
 938                ret = -EINVAL;                                          \
 939                goto end;                                               \
 940        }                                                               \
 941        opts->name = num;                                               \
 942        ret = len;                                                      \
 943                                                                        \
 944end:                                                                    \
 945        mutex_unlock(&opts->lock);                                      \
 946        return ret;                                                     \
 947}                                                                       \
 948                                                                        \
 949CONFIGFS_ATTR(f_hid_opts_, name)
 950
 951F_HID_OPT(subclass, 8, 255);
 952F_HID_OPT(protocol, 8, 255);
 953F_HID_OPT(report_length, 16, 65535);
 954
 955static ssize_t f_hid_opts_report_desc_show(struct config_item *item, char *page)
 956{
 957        struct f_hid_opts *opts = to_f_hid_opts(item);
 958        int result;
 959
 960        mutex_lock(&opts->lock);
 961        result = opts->report_desc_length;
 962        memcpy(page, opts->report_desc, opts->report_desc_length);
 963        mutex_unlock(&opts->lock);
 964
 965        return result;
 966}
 967
 968static ssize_t f_hid_opts_report_desc_store(struct config_item *item,
 969                                            const char *page, size_t len)
 970{
 971        struct f_hid_opts *opts = to_f_hid_opts(item);
 972        int ret = -EBUSY;
 973        char *d;
 974
 975        mutex_lock(&opts->lock);
 976
 977        if (opts->refcnt)
 978                goto end;
 979        if (len > PAGE_SIZE) {
 980                ret = -ENOSPC;
 981                goto end;
 982        }
 983        d = kmemdup(page, len, GFP_KERNEL);
 984        if (!d) {
 985                ret = -ENOMEM;
 986                goto end;
 987        }
 988        kfree(opts->report_desc);
 989        opts->report_desc = d;
 990        opts->report_desc_length = len;
 991        opts->report_desc_alloc = true;
 992        ret = len;
 993end:
 994        mutex_unlock(&opts->lock);
 995        return ret;
 996}
 997
 998CONFIGFS_ATTR(f_hid_opts_, report_desc);
 999
1000static ssize_t f_hid_opts_dev_show(struct config_item *item, char *page)
1001{
1002        struct f_hid_opts *opts = to_f_hid_opts(item);
1003
1004        return sprintf(page, "%d:%d\n", major, opts->minor);
1005}
1006
1007CONFIGFS_ATTR_RO(f_hid_opts_, dev);
1008
1009static struct configfs_attribute *hid_attrs[] = {
1010        &f_hid_opts_attr_subclass,
1011        &f_hid_opts_attr_protocol,
1012        &f_hid_opts_attr_report_length,
1013        &f_hid_opts_attr_report_desc,
1014        &f_hid_opts_attr_dev,
1015        NULL,
1016};
1017
1018static const struct config_item_type hid_func_type = {
1019        .ct_item_ops    = &hidg_item_ops,
1020        .ct_attrs       = hid_attrs,
1021        .ct_owner       = THIS_MODULE,
1022};
1023
1024static inline void hidg_put_minor(int minor)
1025{
1026        ida_simple_remove(&hidg_ida, minor);
1027}
1028
1029static void hidg_free_inst(struct usb_function_instance *f)
1030{
1031        struct f_hid_opts *opts;
1032
1033        opts = container_of(f, struct f_hid_opts, func_inst);
1034
1035        mutex_lock(&hidg_ida_lock);
1036
1037        hidg_put_minor(opts->minor);
1038        if (ida_is_empty(&hidg_ida))
1039                ghid_cleanup();
1040
1041        mutex_unlock(&hidg_ida_lock);
1042
1043        if (opts->report_desc_alloc)
1044                kfree(opts->report_desc);
1045
1046        kfree(opts);
1047}
1048
1049static struct usb_function_instance *hidg_alloc_inst(void)
1050{
1051        struct f_hid_opts *opts;
1052        struct usb_function_instance *ret;
1053        int status = 0;
1054
1055        opts = kzalloc(sizeof(*opts), GFP_KERNEL);
1056        if (!opts)
1057                return ERR_PTR(-ENOMEM);
1058        mutex_init(&opts->lock);
1059        opts->func_inst.free_func_inst = hidg_free_inst;
1060        ret = &opts->func_inst;
1061
1062        mutex_lock(&hidg_ida_lock);
1063
1064        if (ida_is_empty(&hidg_ida)) {
1065                status = ghid_setup(NULL, HIDG_MINORS);
1066                if (status)  {
1067                        ret = ERR_PTR(status);
1068                        kfree(opts);
1069                        goto unlock;
1070                }
1071        }
1072
1073        opts->minor = hidg_get_minor();
1074        if (opts->minor < 0) {
1075                ret = ERR_PTR(opts->minor);
1076                kfree(opts);
1077                if (ida_is_empty(&hidg_ida))
1078                        ghid_cleanup();
1079                goto unlock;
1080        }
1081        config_group_init_type_name(&opts->func_inst.group, "", &hid_func_type);
1082
1083unlock:
1084        mutex_unlock(&hidg_ida_lock);
1085        return ret;
1086}
1087
1088static void hidg_free(struct usb_function *f)
1089{
1090        struct f_hidg *hidg;
1091        struct f_hid_opts *opts;
1092
1093        hidg = func_to_hidg(f);
1094        opts = container_of(f->fi, struct f_hid_opts, func_inst);
1095        kfree(hidg->report_desc);
1096        kfree(hidg);
1097        mutex_lock(&opts->lock);
1098        --opts->refcnt;
1099        mutex_unlock(&opts->lock);
1100}
1101
1102static void hidg_unbind(struct usb_configuration *c, struct usb_function *f)
1103{
1104        struct f_hidg *hidg = func_to_hidg(f);
1105
1106        device_destroy(hidg_class, MKDEV(major, hidg->minor));
1107        cdev_del(&hidg->cdev);
1108
1109        usb_free_all_descriptors(f);
1110}
1111
1112static struct usb_function *hidg_alloc(struct usb_function_instance *fi)
1113{
1114        struct f_hidg *hidg;
1115        struct f_hid_opts *opts;
1116
1117        /* allocate and initialize one new instance */
1118        hidg = kzalloc(sizeof(*hidg), GFP_KERNEL);
1119        if (!hidg)
1120                return ERR_PTR(-ENOMEM);
1121
1122        opts = container_of(fi, struct f_hid_opts, func_inst);
1123
1124        mutex_lock(&opts->lock);
1125        ++opts->refcnt;
1126
1127        hidg->minor = opts->minor;
1128        hidg->bInterfaceSubClass = opts->subclass;
1129        hidg->bInterfaceProtocol = opts->protocol;
1130        hidg->report_length = opts->report_length;
1131        hidg->report_desc_length = opts->report_desc_length;
1132        if (opts->report_desc) {
1133                hidg->report_desc = kmemdup(opts->report_desc,
1134                                            opts->report_desc_length,
1135                                            GFP_KERNEL);
1136                if (!hidg->report_desc) {
1137                        kfree(hidg);
1138                        mutex_unlock(&opts->lock);
1139                        return ERR_PTR(-ENOMEM);
1140                }
1141        }
1142
1143        mutex_unlock(&opts->lock);
1144
1145        hidg->func.name    = "hid";
1146        hidg->func.bind    = hidg_bind;
1147        hidg->func.unbind  = hidg_unbind;
1148        hidg->func.set_alt = hidg_set_alt;
1149        hidg->func.disable = hidg_disable;
1150        hidg->func.setup   = hidg_setup;
1151        hidg->func.free_func = hidg_free;
1152
1153        /* this could be made configurable at some point */
1154        hidg->qlen         = 4;
1155
1156        return &hidg->func;
1157}
1158
1159DECLARE_USB_FUNCTION_INIT(hid, hidg_alloc_inst, hidg_alloc);
1160MODULE_LICENSE("GPL");
1161MODULE_AUTHOR("Fabien Chouteau");
1162
1163int ghid_setup(struct usb_gadget *g, int count)
1164{
1165        int status;
1166        dev_t dev;
1167
1168        hidg_class = class_create(THIS_MODULE, "hidg");
1169        if (IS_ERR(hidg_class)) {
1170                status = PTR_ERR(hidg_class);
1171                hidg_class = NULL;
1172                return status;
1173        }
1174
1175        status = alloc_chrdev_region(&dev, 0, count, "hidg");
1176        if (status) {
1177                class_destroy(hidg_class);
1178                hidg_class = NULL;
1179                return status;
1180        }
1181
1182        major = MAJOR(dev);
1183        minors = count;
1184
1185        return 0;
1186}
1187
1188void ghid_cleanup(void)
1189{
1190        if (major) {
1191                unregister_chrdev_region(MKDEV(major, 0), minors);
1192                major = minors = 0;
1193        }
1194
1195        class_destroy(hidg_class);
1196        hidg_class = NULL;
1197}
1198