1 // SPDX-License-Identifier: GPL-2.0+
3 * f_hid.c -- USB HID function driver
8 #include <linux/kernel.h>
9 #include <linux/module.h>
10 #include <linux/hid.h>
11 #include <linux/idr.h>
12 #include <linux/cdev.h>
13 #include <linux/mutex.h>
14 #include <linux/poll.h>
15 #include <linux/uaccess.h>
16 #include <linux/wait.h>
17 #include <linux/sched.h>
18 #include <linux/workqueue.h>
19 #include <linux/usb/func_utils.h>
20 #include <linux/usb/g_hid.h>
21 #include <uapi/linux/usb/g_hid.h>
28 * Most operating systems seem to allow for 5000ms timeout, we will allow
29 * userspace half that time to respond before we return an empty report.
31 #define GET_REPORT_TIMEOUT_MS 2500
33 static int major, minors;
35 static const struct class hidg_class = {
39 static DEFINE_IDA(hidg_ida);
40 static DEFINE_MUTEX(hidg_ida_lock); /* protects access to hidg_ida */
43 struct usb_hidg_report report_data;
44 struct list_head node;
47 /*-------------------------------------------------------------------------*/
48 /* HID gadget struct */
50 struct f_hidg_req_list {
51 struct usb_request *req;
53 struct list_head list;
58 unsigned char bInterfaceSubClass;
59 unsigned char bInterfaceProtocol;
60 unsigned char protocol;
62 unsigned short report_desc_length;
64 unsigned short report_length;
66 * use_out_ep - if true, the OUT Endpoint (interrupt out method)
67 * will be used to receive reports from the host
68 * using functions with the "intout" suffix.
69 * Otherwise, the OUT Endpoint will not be configured
70 * and the SETUP/SET_REPORT method ("ssreport" suffix)
71 * will be used to receive reports.
76 spinlock_t read_spinlock;
77 wait_queue_head_t read_queue;
78 /* recv report - interrupt out only (use_out_ep == 1) */
79 struct list_head completed_out_req;
81 /* recv report - setup set_report only (use_out_ep == 0) */
83 unsigned int set_report_length;
86 spinlock_t write_spinlock;
88 wait_queue_head_t write_queue;
89 struct usb_request *req;
92 struct usb_request *get_req;
93 struct usb_hidg_report get_report;
94 bool get_report_returned;
95 int get_report_req_report_id;
96 int get_report_req_report_length;
97 spinlock_t get_report_spinlock;
98 wait_queue_head_t get_queue; /* Waiting for userspace response */
99 wait_queue_head_t get_id_queue; /* Get ID came in */
100 struct work_struct work;
101 struct workqueue_struct *workqueue;
102 struct list_head report_list;
106 struct usb_function func;
108 struct usb_ep *in_ep;
109 struct usb_ep *out_ep;
112 static inline struct f_hidg *func_to_hidg(struct usb_function *f)
114 return container_of(f, struct f_hidg, func);
117 static void hidg_release(struct device *dev)
119 struct f_hidg *hidg = container_of(dev, struct f_hidg, dev);
121 kfree(hidg->report_desc);
122 kfree(hidg->set_report_buf);
126 /*-------------------------------------------------------------------------*/
127 /* Static descriptors */
129 static struct usb_interface_descriptor hidg_interface_desc = {
130 .bLength = sizeof hidg_interface_desc,
131 .bDescriptorType = USB_DT_INTERFACE,
132 /* .bInterfaceNumber = DYNAMIC */
133 .bAlternateSetting = 0,
134 /* .bNumEndpoints = DYNAMIC (depends on use_out_ep) */
135 .bInterfaceClass = USB_CLASS_HID,
136 /* .bInterfaceSubClass = DYNAMIC */
137 /* .bInterfaceProtocol = DYNAMIC */
138 /* .iInterface = DYNAMIC */
141 static struct hid_descriptor hidg_desc = {
142 .bLength = sizeof hidg_desc,
143 .bDescriptorType = HID_DT_HID,
144 .bcdHID = cpu_to_le16(0x0101),
145 .bCountryCode = 0x00,
146 .bNumDescriptors = 0x1,
147 /*.desc[0].bDescriptorType = DYNAMIC */
148 /*.desc[0].wDescriptorLenght = DYNAMIC */
151 /* Super-Speed Support */
153 static struct usb_endpoint_descriptor hidg_ss_in_ep_desc = {
154 .bLength = USB_DT_ENDPOINT_SIZE,
155 .bDescriptorType = USB_DT_ENDPOINT,
156 .bEndpointAddress = USB_DIR_IN,
157 .bmAttributes = USB_ENDPOINT_XFER_INT,
158 /*.wMaxPacketSize = DYNAMIC */
159 .bInterval = 4, /* FIXME: Add this field in the
160 * HID gadget configuration?
161 * (struct hidg_func_descriptor)
165 static struct usb_ss_ep_comp_descriptor hidg_ss_in_comp_desc = {
166 .bLength = sizeof(hidg_ss_in_comp_desc),
167 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
169 /* .bMaxBurst = 0, */
170 /* .bmAttributes = 0, */
171 /* .wBytesPerInterval = DYNAMIC */
174 static struct usb_endpoint_descriptor hidg_ss_out_ep_desc = {
175 .bLength = USB_DT_ENDPOINT_SIZE,
176 .bDescriptorType = USB_DT_ENDPOINT,
177 .bEndpointAddress = USB_DIR_OUT,
178 .bmAttributes = USB_ENDPOINT_XFER_INT,
179 /*.wMaxPacketSize = DYNAMIC */
180 .bInterval = 4, /* FIXME: Add this field in the
181 * HID gadget configuration?
182 * (struct hidg_func_descriptor)
186 static struct usb_ss_ep_comp_descriptor hidg_ss_out_comp_desc = {
187 .bLength = sizeof(hidg_ss_out_comp_desc),
188 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
190 /* .bMaxBurst = 0, */
191 /* .bmAttributes = 0, */
192 /* .wBytesPerInterval = DYNAMIC */
195 static struct usb_descriptor_header *hidg_ss_descriptors_intout[] = {
196 (struct usb_descriptor_header *)&hidg_interface_desc,
197 (struct usb_descriptor_header *)&hidg_desc,
198 (struct usb_descriptor_header *)&hidg_ss_in_ep_desc,
199 (struct usb_descriptor_header *)&hidg_ss_in_comp_desc,
200 (struct usb_descriptor_header *)&hidg_ss_out_ep_desc,
201 (struct usb_descriptor_header *)&hidg_ss_out_comp_desc,
205 static struct usb_descriptor_header *hidg_ss_descriptors_ssreport[] = {
206 (struct usb_descriptor_header *)&hidg_interface_desc,
207 (struct usb_descriptor_header *)&hidg_desc,
208 (struct usb_descriptor_header *)&hidg_ss_in_ep_desc,
209 (struct usb_descriptor_header *)&hidg_ss_in_comp_desc,
213 /* High-Speed Support */
215 static struct usb_endpoint_descriptor hidg_hs_in_ep_desc = {
216 .bLength = USB_DT_ENDPOINT_SIZE,
217 .bDescriptorType = USB_DT_ENDPOINT,
218 .bEndpointAddress = USB_DIR_IN,
219 .bmAttributes = USB_ENDPOINT_XFER_INT,
220 /*.wMaxPacketSize = DYNAMIC */
221 .bInterval = 4, /* FIXME: Add this field in the
222 * HID gadget configuration?
223 * (struct hidg_func_descriptor)
227 static struct usb_endpoint_descriptor hidg_hs_out_ep_desc = {
228 .bLength = USB_DT_ENDPOINT_SIZE,
229 .bDescriptorType = USB_DT_ENDPOINT,
230 .bEndpointAddress = USB_DIR_OUT,
231 .bmAttributes = USB_ENDPOINT_XFER_INT,
232 /*.wMaxPacketSize = DYNAMIC */
233 .bInterval = 4, /* FIXME: Add this field in the
234 * HID gadget configuration?
235 * (struct hidg_func_descriptor)
239 static struct usb_descriptor_header *hidg_hs_descriptors_intout[] = {
240 (struct usb_descriptor_header *)&hidg_interface_desc,
241 (struct usb_descriptor_header *)&hidg_desc,
242 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc,
243 (struct usb_descriptor_header *)&hidg_hs_out_ep_desc,
247 static struct usb_descriptor_header *hidg_hs_descriptors_ssreport[] = {
248 (struct usb_descriptor_header *)&hidg_interface_desc,
249 (struct usb_descriptor_header *)&hidg_desc,
250 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc,
254 /* Full-Speed Support */
256 static struct usb_endpoint_descriptor hidg_fs_in_ep_desc = {
257 .bLength = USB_DT_ENDPOINT_SIZE,
258 .bDescriptorType = USB_DT_ENDPOINT,
259 .bEndpointAddress = USB_DIR_IN,
260 .bmAttributes = USB_ENDPOINT_XFER_INT,
261 /*.wMaxPacketSize = DYNAMIC */
262 .bInterval = 10, /* FIXME: Add this field in the
263 * HID gadget configuration?
264 * (struct hidg_func_descriptor)
268 static struct usb_endpoint_descriptor hidg_fs_out_ep_desc = {
269 .bLength = USB_DT_ENDPOINT_SIZE,
270 .bDescriptorType = USB_DT_ENDPOINT,
271 .bEndpointAddress = USB_DIR_OUT,
272 .bmAttributes = USB_ENDPOINT_XFER_INT,
273 /*.wMaxPacketSize = DYNAMIC */
274 .bInterval = 10, /* FIXME: Add this field in the
275 * HID gadget configuration?
276 * (struct hidg_func_descriptor)
280 static struct usb_descriptor_header *hidg_fs_descriptors_intout[] = {
281 (struct usb_descriptor_header *)&hidg_interface_desc,
282 (struct usb_descriptor_header *)&hidg_desc,
283 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc,
284 (struct usb_descriptor_header *)&hidg_fs_out_ep_desc,
288 static struct usb_descriptor_header *hidg_fs_descriptors_ssreport[] = {
289 (struct usb_descriptor_header *)&hidg_interface_desc,
290 (struct usb_descriptor_header *)&hidg_desc,
291 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc,
295 /*-------------------------------------------------------------------------*/
298 #define CT_FUNC_HID_IDX 0
300 static struct usb_string ct_func_string_defs[] = {
301 [CT_FUNC_HID_IDX].s = "HID Interface",
302 {}, /* end of list */
305 static struct usb_gadget_strings ct_func_string_table = {
306 .language = 0x0409, /* en-US */
307 .strings = ct_func_string_defs,
310 static struct usb_gadget_strings *ct_func_strings[] = {
311 &ct_func_string_table,
315 /*-------------------------------------------------------------------------*/
318 static ssize_t f_hidg_intout_read(struct file *file, char __user *buffer,
319 size_t count, loff_t *ptr)
321 struct f_hidg *hidg = file->private_data;
322 struct f_hidg_req_list *list;
323 struct usb_request *req;
330 spin_lock_irqsave(&hidg->read_spinlock, flags);
332 #define READ_COND_INTOUT (!list_empty(&hidg->completed_out_req))
334 /* wait for at least one buffer to complete */
335 while (!READ_COND_INTOUT) {
336 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
337 if (file->f_flags & O_NONBLOCK)
340 if (wait_event_interruptible(hidg->read_queue, READ_COND_INTOUT))
343 spin_lock_irqsave(&hidg->read_spinlock, flags);
346 /* pick the first one */
347 list = list_first_entry(&hidg->completed_out_req,
348 struct f_hidg_req_list, list);
351 * Remove this from list to protect it from beign free()
352 * while host disables our function
354 list_del(&list->list);
357 count = min_t(unsigned int, count, req->actual - list->pos);
358 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
360 /* copy to user outside spinlock */
361 count -= copy_to_user(buffer, req->buf + list->pos, count);
365 * if this request is completely handled and transfered to
366 * userspace, remove its entry from the list and requeue it
367 * again. Otherwise, we will revisit it again upon the next
368 * call, taking into account its current read position.
370 if (list->pos == req->actual) {
373 req->length = hidg->report_length;
374 ret = usb_ep_queue(hidg->out_ep, req, GFP_KERNEL);
376 free_ep_req(hidg->out_ep, req);
380 spin_lock_irqsave(&hidg->read_spinlock, flags);
381 list_add(&list->list, &hidg->completed_out_req);
382 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
384 wake_up(&hidg->read_queue);
390 #define READ_COND_SSREPORT (hidg->set_report_buf != NULL)
392 static ssize_t f_hidg_ssreport_read(struct file *file, char __user *buffer,
393 size_t count, loff_t *ptr)
395 struct f_hidg *hidg = file->private_data;
396 char *tmp_buf = NULL;
402 spin_lock_irqsave(&hidg->read_spinlock, flags);
404 while (!READ_COND_SSREPORT) {
405 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
406 if (file->f_flags & O_NONBLOCK)
409 if (wait_event_interruptible(hidg->read_queue, READ_COND_SSREPORT))
412 spin_lock_irqsave(&hidg->read_spinlock, flags);
415 count = min_t(unsigned int, count, hidg->set_report_length);
416 tmp_buf = hidg->set_report_buf;
417 hidg->set_report_buf = NULL;
419 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
421 if (tmp_buf != NULL) {
422 count -= copy_to_user(buffer, tmp_buf, count);
428 wake_up(&hidg->read_queue);
433 static ssize_t f_hidg_read(struct file *file, char __user *buffer,
434 size_t count, loff_t *ptr)
436 struct f_hidg *hidg = file->private_data;
438 if (hidg->use_out_ep)
439 return f_hidg_intout_read(file, buffer, count, ptr);
441 return f_hidg_ssreport_read(file, buffer, count, ptr);
444 static void f_hidg_req_complete(struct usb_ep *ep, struct usb_request *req)
446 struct f_hidg *hidg = (struct f_hidg *)ep->driver_data;
449 if (req->status != 0) {
450 ERROR(hidg->func.config->cdev,
451 "End Point Request ERROR: %d\n", req->status);
454 spin_lock_irqsave(&hidg->write_spinlock, flags);
455 hidg->write_pending = 0;
456 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
457 wake_up(&hidg->write_queue);
460 static ssize_t f_hidg_write(struct file *file, const char __user *buffer,
461 size_t count, loff_t *offp)
463 struct f_hidg *hidg = file->private_data;
464 struct usb_request *req;
466 ssize_t status = -ENOMEM;
468 spin_lock_irqsave(&hidg->write_spinlock, flags);
471 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
475 #define WRITE_COND (!hidg->write_pending)
478 while (!WRITE_COND) {
479 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
480 if (file->f_flags & O_NONBLOCK)
483 if (wait_event_interruptible_exclusive(
484 hidg->write_queue, WRITE_COND))
487 spin_lock_irqsave(&hidg->write_spinlock, flags);
490 hidg->write_pending = 1;
492 count = min_t(unsigned, count, hidg->report_length);
494 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
497 ERROR(hidg->func.config->cdev, "hidg->req is NULL\n");
499 goto release_write_pending;
502 status = copy_from_user(req->buf, buffer, count);
504 ERROR(hidg->func.config->cdev,
505 "copy_from_user error\n");
507 goto release_write_pending;
510 spin_lock_irqsave(&hidg->write_spinlock, flags);
512 /* when our function has been disabled by host */
514 free_ep_req(hidg->in_ep, req);
517 * Should we fail with error here?
525 req->complete = f_hidg_req_complete;
528 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
530 if (!hidg->in_ep->enabled) {
531 ERROR(hidg->func.config->cdev, "in_ep is disabled\n");
533 goto release_write_pending;
536 status = usb_ep_queue(hidg->in_ep, req, GFP_ATOMIC);
538 goto release_write_pending;
543 release_write_pending:
544 spin_lock_irqsave(&hidg->write_spinlock, flags);
545 hidg->write_pending = 0;
546 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
548 wake_up(&hidg->write_queue);
553 static struct report_entry *f_hidg_search_for_report(struct f_hidg *hidg, u8 report_id)
555 struct list_head *ptr;
556 struct report_entry *entry;
558 list_for_each(ptr, &hidg->report_list) {
559 entry = list_entry(ptr, struct report_entry, node);
560 if (entry->report_data.report_id == report_id)
567 static void get_report_workqueue_handler(struct work_struct *work)
569 struct f_hidg *hidg = container_of(work, struct f_hidg, work);
570 struct usb_composite_dev *cdev = hidg->func.config->cdev;
571 struct usb_request *req;
572 struct report_entry *ptr;
577 spin_lock_irqsave(&hidg->get_report_spinlock, flags);
580 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
585 req->length = min_t(unsigned int, min_t(unsigned int, hidg->get_report_req_report_length,
586 hidg->report_length),
589 /* Check if there is a response available for immediate response */
590 ptr = f_hidg_search_for_report(hidg, hidg->get_report_req_report_id);
591 if (ptr && !ptr->report_data.userspace_req) {
592 /* Report exists in list and it is to be used for immediate response */
593 req->buf = ptr->report_data.data;
594 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC);
595 hidg->get_report_returned = true;
596 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
599 * Report does not exist in list or should not be immediately sent
600 * i.e. give userspace time to respond
602 hidg->get_report_returned = false;
603 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
604 wake_up(&hidg->get_id_queue);
605 #define GET_REPORT_COND (!hidg->get_report_returned)
606 /* Wait until userspace has responded or timeout */
607 status = wait_event_interruptible_timeout(hidg->get_queue, !GET_REPORT_COND,
608 msecs_to_jiffies(GET_REPORT_TIMEOUT_MS));
609 spin_lock_irqsave(&hidg->get_report_spinlock, flags);
612 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
615 if (status == 0 && !hidg->get_report_returned) {
616 /* GET_REPORT request was not serviced by userspace within timeout period */
617 VDBG(cdev, "get_report : userspace timeout.\n");
618 hidg->get_report_returned = true;
621 /* Search again for report ID in list and respond to GET_REPORT request */
622 ptr = f_hidg_search_for_report(hidg, hidg->get_report_req_report_id);
625 * Either get an updated response just serviced by userspace
626 * or send the latest response in the list
628 req->buf = ptr->report_data.data;
630 /* If there are no prevoiusly sent reports send empty report */
631 req->buf = hidg->get_report.data;
632 memset(req->buf, 0x0, req->length);
635 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC);
636 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
640 VDBG(cdev, "usb_ep_queue error on ep0 responding to GET_REPORT\n");
643 static int f_hidg_get_report_id(struct file *file, __u8 __user *buffer)
645 struct f_hidg *hidg = file->private_data;
648 ret = put_user(hidg->get_report_req_report_id, buffer);
653 static int f_hidg_get_report(struct file *file, struct usb_hidg_report __user *buffer)
655 struct f_hidg *hidg = file->private_data;
656 struct usb_composite_dev *cdev = hidg->func.config->cdev;
658 struct report_entry *entry;
659 struct report_entry *ptr;
662 entry = kmalloc(sizeof(*entry), GFP_KERNEL);
666 if (copy_from_user(&entry->report_data, buffer,
667 sizeof(struct usb_hidg_report))) {
668 ERROR(cdev, "copy_from_user error\n");
673 report_id = entry->report_data.report_id;
675 spin_lock_irqsave(&hidg->get_report_spinlock, flags);
676 ptr = f_hidg_search_for_report(hidg, report_id);
679 /* Report already exists in list - update it */
680 if (copy_from_user(&ptr->report_data, buffer,
681 sizeof(struct usb_hidg_report))) {
682 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
683 ERROR(cdev, "copy_from_user error\n");
689 /* Report does not exist in list - add it */
690 list_add_tail(&entry->node, &hidg->report_list);
693 /* If there is no response pending then do nothing further */
694 if (hidg->get_report_returned) {
695 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
699 /* If this userspace response serves the current pending report */
700 if (hidg->get_report_req_report_id == report_id) {
701 hidg->get_report_returned = true;
702 wake_up(&hidg->get_queue);
705 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
709 static long f_hidg_ioctl(struct file *file, unsigned int code, unsigned long arg)
712 case GADGET_HID_READ_GET_REPORT_ID:
713 return f_hidg_get_report_id(file, (__u8 __user *)arg);
714 case GADGET_HID_WRITE_GET_REPORT:
715 return f_hidg_get_report(file, (struct usb_hidg_report __user *)arg);
721 static __poll_t f_hidg_poll(struct file *file, poll_table *wait)
723 struct f_hidg *hidg = file->private_data;
726 poll_wait(file, &hidg->read_queue, wait);
727 poll_wait(file, &hidg->write_queue, wait);
728 poll_wait(file, &hidg->get_queue, wait);
729 poll_wait(file, &hidg->get_id_queue, wait);
732 ret |= EPOLLOUT | EPOLLWRNORM;
734 if (hidg->use_out_ep) {
735 if (READ_COND_INTOUT)
736 ret |= EPOLLIN | EPOLLRDNORM;
738 if (READ_COND_SSREPORT)
739 ret |= EPOLLIN | EPOLLRDNORM;
749 #undef READ_COND_SSREPORT
750 #undef READ_COND_INTOUT
751 #undef GET_REPORT_COND
753 static int f_hidg_release(struct inode *inode, struct file *fd)
755 fd->private_data = NULL;
759 static int f_hidg_open(struct inode *inode, struct file *fd)
761 struct f_hidg *hidg =
762 container_of(inode->i_cdev, struct f_hidg, cdev);
764 fd->private_data = hidg;
769 /*-------------------------------------------------------------------------*/
772 static inline struct usb_request *hidg_alloc_ep_req(struct usb_ep *ep,
775 return alloc_ep_req(ep, length);
778 static void hidg_intout_complete(struct usb_ep *ep, struct usb_request *req)
780 struct f_hidg *hidg = (struct f_hidg *) req->context;
781 struct usb_composite_dev *cdev = hidg->func.config->cdev;
782 struct f_hidg_req_list *req_list;
785 switch (req->status) {
787 req_list = kzalloc(sizeof(*req_list), GFP_ATOMIC);
789 ERROR(cdev, "Unable to allocate mem for req_list\n");
795 spin_lock_irqsave(&hidg->read_spinlock, flags);
796 list_add_tail(&req_list->list, &hidg->completed_out_req);
797 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
799 wake_up(&hidg->read_queue);
802 ERROR(cdev, "Set report failed %d\n", req->status);
804 case -ECONNABORTED: /* hardware forced ep reset */
805 case -ECONNRESET: /* request dequeued */
806 case -ESHUTDOWN: /* disconnect from host */
808 free_ep_req(ep, req);
813 static void hidg_ssreport_complete(struct usb_ep *ep, struct usb_request *req)
815 struct f_hidg *hidg = (struct f_hidg *)req->context;
816 struct usb_composite_dev *cdev = hidg->func.config->cdev;
817 char *new_buf = NULL;
820 if (req->status != 0 || req->buf == NULL || req->actual == 0) {
822 "%s FAILED: status=%d, buf=%p, actual=%d\n",
823 __func__, req->status, req->buf, req->actual);
827 spin_lock_irqsave(&hidg->read_spinlock, flags);
829 new_buf = krealloc(hidg->set_report_buf, req->actual, GFP_ATOMIC);
830 if (new_buf == NULL) {
831 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
834 hidg->set_report_buf = new_buf;
836 hidg->set_report_length = req->actual;
837 memcpy(hidg->set_report_buf, req->buf, req->actual);
839 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
841 wake_up(&hidg->read_queue);
844 static void hidg_get_report_complete(struct usb_ep *ep, struct usb_request *req)
848 static int hidg_setup(struct usb_function *f,
849 const struct usb_ctrlrequest *ctrl)
851 struct f_hidg *hidg = func_to_hidg(f);
852 struct usb_composite_dev *cdev = f->config->cdev;
853 struct usb_request *req = cdev->req;
858 value = __le16_to_cpu(ctrl->wValue);
859 length = __le16_to_cpu(ctrl->wLength);
862 "%s crtl_request : bRequestType:0x%x bRequest:0x%x Value:0x%x\n",
863 __func__, ctrl->bRequestType, ctrl->bRequest, value);
865 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) {
866 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
867 | HID_REQ_GET_REPORT):
868 VDBG(cdev, "get_report | wLength=%d\n", ctrl->wLength);
871 * Update GET_REPORT ID so that an ioctl can be used to determine what
872 * GET_REPORT the request was actually for.
874 spin_lock_irqsave(&hidg->get_report_spinlock, flags);
875 hidg->get_report_req_report_id = value & 0xff;
876 hidg->get_report_req_report_length = length;
877 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
879 queue_work(hidg->workqueue, &hidg->work);
883 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
884 | HID_REQ_GET_PROTOCOL):
885 VDBG(cdev, "get_protocol\n");
886 length = min_t(unsigned int, length, 1);
887 ((u8 *) req->buf)[0] = hidg->protocol;
891 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
893 VDBG(cdev, "get_idle\n");
894 length = min_t(unsigned int, length, 1);
895 ((u8 *) req->buf)[0] = hidg->idle;
899 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
900 | HID_REQ_SET_REPORT):
901 VDBG(cdev, "set_report | wLength=%d\n", ctrl->wLength);
902 if (hidg->use_out_ep)
904 req->complete = hidg_ssreport_complete;
909 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
910 | HID_REQ_SET_PROTOCOL):
911 VDBG(cdev, "set_protocol\n");
912 if (value > HID_REPORT_PROTOCOL)
916 * We assume that programs implementing the Boot protocol
917 * are also compatible with the Report Protocol
919 if (hidg->bInterfaceSubClass == USB_INTERFACE_SUBCLASS_BOOT) {
920 hidg->protocol = value;
926 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
928 VDBG(cdev, "set_idle\n");
930 hidg->idle = value >> 8;
934 case ((USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_INTERFACE) << 8
935 | USB_REQ_GET_DESCRIPTOR):
936 switch (value >> 8) {
939 struct hid_descriptor hidg_desc_copy = hidg_desc;
941 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n");
942 hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT;
943 hidg_desc_copy.desc[0].wDescriptorLength =
944 cpu_to_le16(hidg->report_desc_length);
946 length = min_t(unsigned short, length,
947 hidg_desc_copy.bLength);
948 memcpy(req->buf, &hidg_desc_copy, length);
953 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: REPORT\n");
954 length = min_t(unsigned short, length,
955 hidg->report_desc_length);
956 memcpy(req->buf, hidg->report_desc, length);
961 VDBG(cdev, "Unknown descriptor request 0x%x\n",
969 VDBG(cdev, "Unknown request 0x%x\n",
980 req->length = length;
981 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC);
983 ERROR(cdev, "usb_ep_queue error on ep0 %d\n", value);
987 static void hidg_disable(struct usb_function *f)
989 struct f_hidg *hidg = func_to_hidg(f);
990 struct f_hidg_req_list *list, *next;
993 usb_ep_disable(hidg->in_ep);
996 usb_ep_disable(hidg->out_ep);
998 spin_lock_irqsave(&hidg->read_spinlock, flags);
999 list_for_each_entry_safe(list, next, &hidg->completed_out_req, list) {
1000 free_ep_req(hidg->out_ep, list->req);
1001 list_del(&list->list);
1004 spin_unlock_irqrestore(&hidg->read_spinlock, flags);
1007 spin_lock_irqsave(&hidg->get_report_spinlock, flags);
1008 if (!hidg->get_report_returned) {
1009 usb_ep_free_request(f->config->cdev->gadget->ep0, hidg->get_req);
1010 hidg->get_req = NULL;
1011 hidg->get_report_returned = true;
1013 spin_unlock_irqrestore(&hidg->get_report_spinlock, flags);
1015 spin_lock_irqsave(&hidg->write_spinlock, flags);
1016 if (!hidg->write_pending) {
1017 free_ep_req(hidg->in_ep, hidg->req);
1018 hidg->write_pending = 1;
1022 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
1025 static int hidg_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
1027 struct usb_composite_dev *cdev = f->config->cdev;
1028 struct f_hidg *hidg = func_to_hidg(f);
1029 struct usb_request *req_in = NULL;
1030 unsigned long flags;
1033 VDBG(cdev, "hidg_set_alt intf:%d alt:%d\n", intf, alt);
1035 if (hidg->in_ep != NULL) {
1036 /* restart endpoint */
1037 usb_ep_disable(hidg->in_ep);
1039 status = config_ep_by_speed(f->config->cdev->gadget, f,
1042 ERROR(cdev, "config_ep_by_speed FAILED!\n");
1045 status = usb_ep_enable(hidg->in_ep);
1047 ERROR(cdev, "Enable IN endpoint FAILED!\n");
1050 hidg->in_ep->driver_data = hidg;
1052 req_in = hidg_alloc_ep_req(hidg->in_ep, hidg->report_length);
1059 if (hidg->use_out_ep && hidg->out_ep != NULL) {
1060 /* restart endpoint */
1061 usb_ep_disable(hidg->out_ep);
1063 status = config_ep_by_speed(f->config->cdev->gadget, f,
1066 ERROR(cdev, "config_ep_by_speed FAILED!\n");
1069 status = usb_ep_enable(hidg->out_ep);
1071 ERROR(cdev, "Enable OUT endpoint FAILED!\n");
1074 hidg->out_ep->driver_data = hidg;
1077 * allocate a bunch of read buffers and queue them all at once.
1079 for (i = 0; i < hidg->qlen && status == 0; i++) {
1080 struct usb_request *req =
1081 hidg_alloc_ep_req(hidg->out_ep,
1082 hidg->report_length);
1084 req->complete = hidg_intout_complete;
1085 req->context = hidg;
1086 status = usb_ep_queue(hidg->out_ep, req,
1089 ERROR(cdev, "%s queue req --> %d\n",
1090 hidg->out_ep->name, status);
1091 free_ep_req(hidg->out_ep, req);
1095 goto disable_out_ep;
1100 if (hidg->in_ep != NULL) {
1101 spin_lock_irqsave(&hidg->write_spinlock, flags);
1103 hidg->write_pending = 0;
1104 spin_unlock_irqrestore(&hidg->write_spinlock, flags);
1106 wake_up(&hidg->write_queue);
1111 usb_ep_disable(hidg->out_ep);
1114 free_ep_req(hidg->in_ep, req_in);
1118 usb_ep_disable(hidg->in_ep);
1124 #ifdef CONFIG_COMPAT
1125 static long f_hidg_compat_ioctl(struct file *file, unsigned int code,
1126 unsigned long value)
1128 return f_hidg_ioctl(file, code, value);
1132 static const struct file_operations f_hidg_fops = {
1133 .owner = THIS_MODULE,
1134 .open = f_hidg_open,
1135 .release = f_hidg_release,
1136 .write = f_hidg_write,
1137 .read = f_hidg_read,
1138 .poll = f_hidg_poll,
1139 .unlocked_ioctl = f_hidg_ioctl,
1140 #ifdef CONFIG_COMPAT
1141 .compat_ioctl = f_hidg_compat_ioctl,
1143 .llseek = noop_llseek,
1146 static int hidg_bind(struct usb_configuration *c, struct usb_function *f)
1149 struct f_hidg *hidg = func_to_hidg(f);
1150 struct usb_string *us;
1153 hidg->get_req = usb_ep_alloc_request(c->cdev->gadget->ep0, GFP_ATOMIC);
1157 hidg->get_req->zero = 0;
1158 hidg->get_req->complete = hidg_get_report_complete;
1159 hidg->get_req->context = hidg;
1160 hidg->get_report_returned = true;
1162 /* maybe allocate device-global string IDs, and patch descriptors */
1163 us = usb_gstrings_attach(c->cdev, ct_func_strings,
1164 ARRAY_SIZE(ct_func_string_defs));
1167 hidg_interface_desc.iInterface = us[CT_FUNC_HID_IDX].id;
1169 /* allocate instance-specific interface IDs, and patch descriptors */
1170 status = usb_interface_id(c, f);
1173 hidg_interface_desc.bInterfaceNumber = status;
1175 /* allocate instance-specific endpoints */
1177 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_in_ep_desc);
1182 hidg->out_ep = NULL;
1183 if (hidg->use_out_ep) {
1184 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_out_ep_desc);
1190 /* used only if use_out_ep == 1 */
1191 hidg->set_report_buf = NULL;
1193 /* set descriptor dynamic values */
1194 hidg_interface_desc.bInterfaceSubClass = hidg->bInterfaceSubClass;
1195 hidg_interface_desc.bInterfaceProtocol = hidg->bInterfaceProtocol;
1196 hidg_interface_desc.bNumEndpoints = hidg->use_out_ep ? 2 : 1;
1197 hidg->protocol = HID_REPORT_PROTOCOL;
1199 hidg_ss_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
1200 hidg_ss_in_comp_desc.wBytesPerInterval =
1201 cpu_to_le16(hidg->report_length);
1202 hidg_hs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
1203 hidg_fs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
1204 hidg_ss_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
1205 hidg_ss_out_comp_desc.wBytesPerInterval =
1206 cpu_to_le16(hidg->report_length);
1207 hidg_hs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
1208 hidg_fs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
1210 * We can use hidg_desc struct here but we should not relay
1211 * that its content won't change after returning from this function.
1213 hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT;
1214 hidg_desc.desc[0].wDescriptorLength =
1215 cpu_to_le16(hidg->report_desc_length);
1217 hidg_hs_in_ep_desc.bEndpointAddress =
1218 hidg_fs_in_ep_desc.bEndpointAddress;
1219 hidg_hs_out_ep_desc.bEndpointAddress =
1220 hidg_fs_out_ep_desc.bEndpointAddress;
1222 hidg_ss_in_ep_desc.bEndpointAddress =
1223 hidg_fs_in_ep_desc.bEndpointAddress;
1224 hidg_ss_out_ep_desc.bEndpointAddress =
1225 hidg_fs_out_ep_desc.bEndpointAddress;
1227 if (hidg->use_out_ep)
1228 status = usb_assign_descriptors(f,
1229 hidg_fs_descriptors_intout,
1230 hidg_hs_descriptors_intout,
1231 hidg_ss_descriptors_intout,
1232 hidg_ss_descriptors_intout);
1234 status = usb_assign_descriptors(f,
1235 hidg_fs_descriptors_ssreport,
1236 hidg_hs_descriptors_ssreport,
1237 hidg_ss_descriptors_ssreport,
1238 hidg_ss_descriptors_ssreport);
1243 spin_lock_init(&hidg->write_spinlock);
1244 hidg->write_pending = 1;
1246 spin_lock_init(&hidg->read_spinlock);
1247 spin_lock_init(&hidg->get_report_spinlock);
1248 init_waitqueue_head(&hidg->write_queue);
1249 init_waitqueue_head(&hidg->read_queue);
1250 init_waitqueue_head(&hidg->get_queue);
1251 init_waitqueue_head(&hidg->get_id_queue);
1252 INIT_LIST_HEAD(&hidg->completed_out_req);
1253 INIT_LIST_HEAD(&hidg->report_list);
1255 INIT_WORK(&hidg->work, get_report_workqueue_handler);
1256 hidg->workqueue = alloc_workqueue("report_work",
1261 if (!hidg->workqueue) {
1266 /* create char device */
1267 cdev_init(&hidg->cdev, &f_hidg_fops);
1268 status = cdev_device_add(&hidg->cdev, &hidg->dev);
1270 goto fail_free_descs;
1274 destroy_workqueue(hidg->workqueue);
1275 usb_free_all_descriptors(f);
1277 ERROR(f->config->cdev, "hidg_bind FAILED\n");
1278 if (hidg->req != NULL)
1279 free_ep_req(hidg->in_ep, hidg->req);
1281 usb_ep_free_request(c->cdev->gadget->ep0, hidg->get_req);
1282 hidg->get_req = NULL;
1287 static inline int hidg_get_minor(void)
1291 ret = ida_alloc(&hidg_ida, GFP_KERNEL);
1292 if (ret >= HIDG_MINORS) {
1293 ida_free(&hidg_ida, ret);
1300 static inline struct f_hid_opts *to_f_hid_opts(struct config_item *item)
1302 return container_of(to_config_group(item), struct f_hid_opts,
1306 static void hid_attr_release(struct config_item *item)
1308 struct f_hid_opts *opts = to_f_hid_opts(item);
1310 usb_put_function_instance(&opts->func_inst);
1313 static struct configfs_item_operations hidg_item_ops = {
1314 .release = hid_attr_release,
1317 #define F_HID_OPT(name, prec, limit) \
1318 static ssize_t f_hid_opts_##name##_show(struct config_item *item, char *page)\
1320 struct f_hid_opts *opts = to_f_hid_opts(item); \
1323 mutex_lock(&opts->lock); \
1324 result = sprintf(page, "%d\n", opts->name); \
1325 mutex_unlock(&opts->lock); \
1330 static ssize_t f_hid_opts_##name##_store(struct config_item *item, \
1331 const char *page, size_t len) \
1333 struct f_hid_opts *opts = to_f_hid_opts(item); \
1337 mutex_lock(&opts->lock); \
1338 if (opts->refcnt) { \
1343 ret = kstrtou##prec(page, 0, &num); \
1347 if (num > limit) { \
1355 mutex_unlock(&opts->lock); \
1359 CONFIGFS_ATTR(f_hid_opts_, name)
1361 F_HID_OPT(subclass, 8, 255);
1362 F_HID_OPT(protocol, 8, 255);
1363 F_HID_OPT(no_out_endpoint, 8, 1);
1364 F_HID_OPT(report_length, 16, 65535);
1366 static ssize_t f_hid_opts_report_desc_show(struct config_item *item, char *page)
1368 struct f_hid_opts *opts = to_f_hid_opts(item);
1371 mutex_lock(&opts->lock);
1372 result = opts->report_desc_length;
1373 memcpy(page, opts->report_desc, opts->report_desc_length);
1374 mutex_unlock(&opts->lock);
1379 static ssize_t f_hid_opts_report_desc_store(struct config_item *item,
1380 const char *page, size_t len)
1382 struct f_hid_opts *opts = to_f_hid_opts(item);
1386 mutex_lock(&opts->lock);
1390 if (len > PAGE_SIZE) {
1394 d = kmemdup(page, len, GFP_KERNEL);
1399 kfree(opts->report_desc);
1400 opts->report_desc = d;
1401 opts->report_desc_length = len;
1402 opts->report_desc_alloc = true;
1405 mutex_unlock(&opts->lock);
1409 CONFIGFS_ATTR(f_hid_opts_, report_desc);
1411 static ssize_t f_hid_opts_dev_show(struct config_item *item, char *page)
1413 struct f_hid_opts *opts = to_f_hid_opts(item);
1415 return sprintf(page, "%d:%d\n", major, opts->minor);
1418 CONFIGFS_ATTR_RO(f_hid_opts_, dev);
1420 static struct configfs_attribute *hid_attrs[] = {
1421 &f_hid_opts_attr_subclass,
1422 &f_hid_opts_attr_protocol,
1423 &f_hid_opts_attr_no_out_endpoint,
1424 &f_hid_opts_attr_report_length,
1425 &f_hid_opts_attr_report_desc,
1426 &f_hid_opts_attr_dev,
1430 static const struct config_item_type hid_func_type = {
1431 .ct_item_ops = &hidg_item_ops,
1432 .ct_attrs = hid_attrs,
1433 .ct_owner = THIS_MODULE,
1436 static inline void hidg_put_minor(int minor)
1438 ida_free(&hidg_ida, minor);
1441 static void hidg_free_inst(struct usb_function_instance *f)
1443 struct f_hid_opts *opts;
1445 opts = container_of(f, struct f_hid_opts, func_inst);
1447 mutex_lock(&hidg_ida_lock);
1449 hidg_put_minor(opts->minor);
1450 if (ida_is_empty(&hidg_ida))
1453 mutex_unlock(&hidg_ida_lock);
1455 if (opts->report_desc_alloc)
1456 kfree(opts->report_desc);
1461 static struct usb_function_instance *hidg_alloc_inst(void)
1463 struct f_hid_opts *opts;
1464 struct usb_function_instance *ret;
1467 opts = kzalloc(sizeof(*opts), GFP_KERNEL);
1469 return ERR_PTR(-ENOMEM);
1470 mutex_init(&opts->lock);
1471 opts->func_inst.free_func_inst = hidg_free_inst;
1472 ret = &opts->func_inst;
1474 mutex_lock(&hidg_ida_lock);
1476 if (ida_is_empty(&hidg_ida)) {
1477 status = ghid_setup(NULL, HIDG_MINORS);
1479 ret = ERR_PTR(status);
1485 opts->minor = hidg_get_minor();
1486 if (opts->minor < 0) {
1487 ret = ERR_PTR(opts->minor);
1489 if (ida_is_empty(&hidg_ida))
1493 config_group_init_type_name(&opts->func_inst.group, "", &hid_func_type);
1496 mutex_unlock(&hidg_ida_lock);
1500 static void hidg_free(struct usb_function *f)
1502 struct f_hidg *hidg;
1503 struct f_hid_opts *opts;
1505 hidg = func_to_hidg(f);
1506 opts = container_of(f->fi, struct f_hid_opts, func_inst);
1507 put_device(&hidg->dev);
1508 mutex_lock(&opts->lock);
1510 mutex_unlock(&opts->lock);
1513 static void hidg_unbind(struct usb_configuration *c, struct usb_function *f)
1515 struct f_hidg *hidg = func_to_hidg(f);
1517 cdev_device_del(&hidg->cdev, &hidg->dev);
1518 destroy_workqueue(hidg->workqueue);
1519 usb_free_all_descriptors(f);
1522 static struct usb_function *hidg_alloc(struct usb_function_instance *fi)
1524 struct f_hidg *hidg;
1525 struct f_hid_opts *opts;
1528 /* allocate and initialize one new instance */
1529 hidg = kzalloc(sizeof(*hidg), GFP_KERNEL);
1531 return ERR_PTR(-ENOMEM);
1533 opts = container_of(fi, struct f_hid_opts, func_inst);
1535 mutex_lock(&opts->lock);
1537 device_initialize(&hidg->dev);
1538 hidg->dev.release = hidg_release;
1539 hidg->dev.class = &hidg_class;
1540 hidg->dev.devt = MKDEV(major, opts->minor);
1541 ret = dev_set_name(&hidg->dev, "hidg%d", opts->minor);
1545 hidg->bInterfaceSubClass = opts->subclass;
1546 hidg->bInterfaceProtocol = opts->protocol;
1547 hidg->report_length = opts->report_length;
1548 hidg->report_desc_length = opts->report_desc_length;
1549 if (opts->report_desc) {
1550 hidg->report_desc = kmemdup(opts->report_desc,
1551 opts->report_desc_length,
1553 if (!hidg->report_desc) {
1555 goto err_put_device;
1558 hidg->use_out_ep = !opts->no_out_endpoint;
1561 mutex_unlock(&opts->lock);
1563 hidg->func.name = "hid";
1564 hidg->func.bind = hidg_bind;
1565 hidg->func.unbind = hidg_unbind;
1566 hidg->func.set_alt = hidg_set_alt;
1567 hidg->func.disable = hidg_disable;
1568 hidg->func.setup = hidg_setup;
1569 hidg->func.free_func = hidg_free;
1571 /* this could be made configurable at some point */
1577 put_device(&hidg->dev);
1579 mutex_unlock(&opts->lock);
1580 return ERR_PTR(ret);
1583 DECLARE_USB_FUNCTION_INIT(hid, hidg_alloc_inst, hidg_alloc);
1584 MODULE_DESCRIPTION("USB HID function driver");
1585 MODULE_LICENSE("GPL");
1586 MODULE_AUTHOR("Fabien Chouteau");
1588 int ghid_setup(struct usb_gadget *g, int count)
1593 status = class_register(&hidg_class);
1597 status = alloc_chrdev_region(&dev, 0, count, "hidg");
1599 class_unregister(&hidg_class);
1609 void ghid_cleanup(void)
1612 unregister_chrdev_region(MKDEV(major, 0), minors);
1616 class_unregister(&hidg_class);
projects / J-linux.git / blob