1/*	$NetBSD: uhid.c,v 1.129 2024/02/04 05:43:06 mrg Exp $	*/
2
3/*
4 * Copyright (c) 1998, 2004, 2008, 2012 The NetBSD Foundation, Inc.
5 * All rights reserved.
6 *
7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Lennart Augustsson (lennart@augustsson.net) at
9 * Carlstedt Research & Technology and Matthew R. Green (mrg@eterna23.net).
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 *    notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 *    notice, this list of conditions and the following disclaimer in the
18 *    documentation and/or other materials provided with the distribution.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
23 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
24 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30 * POSSIBILITY OF SUCH DAMAGE.
31 */
32
33/*
34 * HID spec: http://www.usb.org/developers/devclass_docs/HID1_11.pdf
35 */
36
37#include <sys/cdefs.h>
38__KERNEL_RCSID(0, "$NetBSD: uhid.c,v 1.129 2024/02/04 05:43:06 mrg Exp $");
39
40#ifdef _KERNEL_OPT
41#include "opt_compat_netbsd.h"
42#include "opt_usb.h"
43#endif
44
45#include <sys/param.h>
46#include <sys/types.h>
47
48#include <sys/atomic.h>
49#include <sys/compat_stub.h>
50#include <sys/conf.h>
51#include <sys/device.h>
52#include <sys/file.h>
53#include <sys/intr.h>
54#include <sys/ioctl.h>
55#include <sys/kernel.h>
56#include <sys/kmem.h>
57#include <sys/poll.h>
58#include <sys/proc.h>
59#include <sys/select.h>
60#include <sys/signalvar.h>
61#include <sys/systm.h>
62#include <sys/tty.h>
63#include <sys/vnode.h>
64
65#include <dev/usb/usb.h>
66#include <dev/usb/usbhid.h>
67
68#include <dev/usb/usbdevs.h>
69#include <dev/usb/usbdi.h>
70#include <dev/usb/usbdi_util.h>
71#include <dev/usb/usb_quirks.h>
72#include <dev/hid/hid.h>
73
74#include <dev/usb/uhidev.h>
75
76#include "ioconf.h"
77
78#ifdef UHID_DEBUG
79#define DPRINTF(x)	if (uhiddebug) printf x
80#define DPRINTFN(n,x)	if (uhiddebug>(n)) printf x
81int	uhiddebug = 0;
82#else
83#define DPRINTF(x)
84#define DPRINTFN(n,x)
85#endif
86
87struct uhid_softc {
88	device_t sc_dev;
89	struct uhidev *sc_hdev;
90	struct usbd_device *sc_udev;
91	uint8_t sc_report_id;
92
93	kmutex_t sc_lock;
94	kcondvar_t sc_cv;
95
96	int sc_isize;
97	int sc_osize;
98	int sc_fsize;
99
100	u_char *sc_obuf;
101
102	struct clist sc_q;	/* protected by sc_lock */
103	struct selinfo sc_rsel;
104	proc_t *sc_async;	/* process that wants SIGIO */
105	void *sc_sih;
106	volatile uint32_t sc_state;	/* driver state */
107#define UHID_IMMED	0x02	/* return read data immediately */
108
109	int sc_raw;
110	enum {
111		UHID_CLOSED,
112		UHID_OPENING,
113		UHID_OPEN,
114	} sc_open;
115	bool sc_closing;
116};
117
118#define	UHIDUNIT(dev)	(minor(dev))
119#define	UHID_CHUNK	128	/* chunk size for read */
120#define	UHID_BSIZE	1020	/* buffer size */
121
122static dev_type_open(uhidopen);
123static dev_type_cancel(uhidcancel);
124static dev_type_close(uhidclose);
125static dev_type_read(uhidread);
126static dev_type_write(uhidwrite);
127static dev_type_ioctl(uhidioctl);
128static dev_type_poll(uhidpoll);
129static dev_type_kqfilter(uhidkqfilter);
130
131const struct cdevsw uhid_cdevsw = {
132	.d_open = uhidopen,
133	.d_cancel = uhidcancel,
134	.d_close = uhidclose,
135	.d_read = uhidread,
136	.d_write = uhidwrite,
137	.d_ioctl = uhidioctl,
138	.d_stop = nostop,
139	.d_tty = notty,
140	.d_poll = uhidpoll,
141	.d_mmap = nommap,
142	.d_kqfilter = uhidkqfilter,
143	.d_discard = nodiscard,
144	.d_cfdriver = &uhid_cd,
145	.d_devtounit = dev_minor_unit,
146	.d_flag = D_OTHER
147};
148
149static void uhid_intr(void *, void *, u_int);
150
151static int	uhid_match(device_t, cfdata_t, void *);
152static void	uhid_attach(device_t, device_t, void *);
153static int	uhid_detach(device_t, int);
154
155CFATTACH_DECL_NEW(uhid, sizeof(struct uhid_softc), uhid_match, uhid_attach,
156    uhid_detach, NULL);
157
158static int
159uhid_match(device_t parent, cfdata_t match, void *aux)
160{
161#ifdef UHID_DEBUG
162	struct uhidev_attach_arg *uha = aux;
163#endif
164
165	DPRINTF(("uhid_match: report=%d\n", uha->reportid));
166
167	if (match->cf_flags & 1)
168		return UMATCH_HIGHEST;
169	else
170		return UMATCH_IFACECLASS_GENERIC;
171}
172
173static void
174uhid_attach(device_t parent, device_t self, void *aux)
175{
176	struct uhid_softc *sc = device_private(self);
177	struct uhidev_attach_arg *uha = aux;
178	int size, repid;
179	void *desc;
180
181	sc->sc_dev = self;
182	sc->sc_hdev = uha->parent;
183	sc->sc_udev = uha->uiaa->uiaa_device;
184	sc->sc_report_id = uha->reportid;
185
186	selinit(&sc->sc_rsel);
187
188	uhidev_get_report_desc(uha->parent, &desc, &size);
189	repid = uha->reportid;
190	sc->sc_isize = hid_report_size(desc, size, hid_input,   repid);
191	sc->sc_osize = hid_report_size(desc, size, hid_output,  repid);
192	sc->sc_fsize = hid_report_size(desc, size, hid_feature, repid);
193	sc->sc_raw =  hid_is_collection(desc, size, uha->reportid,
194	    HID_USAGE2(HUP_FIDO, HUF_U2FHID));
195
196	aprint_naive("\n");
197	aprint_normal(": input=%d, output=%d, feature=%d\n",
198	       sc->sc_isize, sc->sc_osize, sc->sc_fsize);
199
200	mutex_init(&sc->sc_lock, MUTEX_DEFAULT, IPL_SOFTUSB);
201	cv_init(&sc->sc_cv, "uhidrea");
202
203	if (!pmf_device_register(self, NULL, NULL))
204		aprint_error_dev(self, "couldn't establish power handler\n");
205
206	return;
207}
208
209static int
210uhid_detach(device_t self, int flags)
211{
212	struct uhid_softc *sc = device_private(self);
213	int maj, mn;
214
215	DPRINTF(("uhid_detach: sc=%p flags=%d\n", sc, flags));
216
217	pmf_device_deregister(self);
218
219	/* locate the major number */
220	maj = cdevsw_lookup_major(&uhid_cdevsw);
221
222	/* Nuke the vnodes for any open instances (calls close). */
223	mn = device_unit(self);
224	vdevgone(maj, mn, mn, VCHR);
225
226	KASSERTMSG(sc->sc_open == UHID_CLOSED, "open=%d", (int)sc->sc_open);
227
228	cv_destroy(&sc->sc_cv);
229	mutex_destroy(&sc->sc_lock);
230	seldestroy(&sc->sc_rsel);
231
232	return 0;
233}
234
235static void
236uhid_intr(void *cookie, void *data, u_int len)
237{
238	struct uhid_softc *sc = cookie;
239
240#ifdef UHID_DEBUG
241	if (uhiddebug > 5) {
242		uint32_t i;
243
244		DPRINTF(("uhid_intr: data ="));
245		for (i = 0; i < len; i++)
246			DPRINTF((" %02x", ((u_char *)data)[i]));
247		DPRINTF(("\n"));
248	}
249#endif
250
251	mutex_enter(&sc->sc_lock);
252	(void)b_to_q(data, len, &sc->sc_q);
253
254	DPRINTFN(5, ("uhid_intr: waking %p\n", &sc->sc_q));
255	cv_broadcast(&sc->sc_cv);
256	selnotify(&sc->sc_rsel, 0, NOTE_SUBMIT);
257	if (atomic_load_relaxed(&sc->sc_async) != NULL) {
258		mutex_enter(&proc_lock);
259		if (sc->sc_async != NULL) {
260			DPRINTFN(3, ("uhid_intr: sending SIGIO to %jd\n",
261				(intmax_t)sc->sc_async->p_pid));
262			psignal(sc->sc_async, SIGIO);
263		}
264		mutex_exit(&proc_lock);
265	}
266	mutex_exit(&sc->sc_lock);
267}
268
269static int
270uhidopen(dev_t dev, int flag, int mode, struct lwp *l)
271{
272	struct uhid_softc *sc = device_lookup_private(&uhid_cd, UHIDUNIT(dev));
273	int error;
274
275	DPRINTF(("uhidopen: sc=%p\n", sc));
276	if (sc == NULL)
277		return ENXIO;
278
279	/*
280	 * Try to open.  If closing in progress, give up.  If already
281	 * open (or opening), fail -- opens are exclusive.
282	 */
283	mutex_enter(&sc->sc_lock);
284	if (sc->sc_open != UHID_CLOSED || sc->sc_closing) {
285		mutex_exit(&sc->sc_lock);
286		return EBUSY;
287	}
288	sc->sc_open = UHID_OPENING;
289	atomic_store_relaxed(&sc->sc_state, 0);
290	mutex_exit(&sc->sc_lock);
291
292	/* uhid interrupts aren't enabled yet, so setup sc_q now */
293	if (clalloc(&sc->sc_q, UHID_BSIZE, 0) == -1) {
294		error = ENOMEM;
295		goto fail0;
296	}
297
298	/* Allocate an output buffer if needed.  */
299	if (sc->sc_osize > 0)
300		sc->sc_obuf = kmem_alloc(sc->sc_osize, KM_SLEEP);
301	else
302		sc->sc_obuf = NULL;
303
304	/* Paranoia: reset SIGIO before enabling interrupts.  */
305	mutex_enter(&proc_lock);
306	atomic_store_relaxed(&sc->sc_async, NULL);
307	mutex_exit(&proc_lock);
308
309	/* Open the uhidev -- after this point we can get interrupts.  */
310	error = uhidev_open(sc->sc_hdev, &uhid_intr, sc);
311	if (error)
312		goto fail1;
313
314	/* We are open for business.  */
315	mutex_enter(&sc->sc_lock);
316	sc->sc_open = UHID_OPEN;
317	mutex_exit(&sc->sc_lock);
318
319	return 0;
320
321fail1:	selnotify(&sc->sc_rsel, POLLHUP, 0);
322	mutex_enter(&proc_lock);
323	atomic_store_relaxed(&sc->sc_async, NULL);
324	mutex_exit(&proc_lock);
325	if (sc->sc_osize > 0) {
326		kmem_free(sc->sc_obuf, sc->sc_osize);
327		sc->sc_obuf = NULL;
328	}
329	clfree(&sc->sc_q);
330fail0:	mutex_enter(&sc->sc_lock);
331	KASSERT(sc->sc_open == UHID_OPENING);
332	sc->sc_open = UHID_CLOSED;
333	atomic_store_relaxed(&sc->sc_state, 0);
334	mutex_exit(&sc->sc_lock);
335	return error;
336}
337
338static int
339uhidcancel(dev_t dev, int flag, int mode, struct lwp *l)
340{
341	struct uhid_softc *sc = device_lookup_private(&uhid_cd, UHIDUNIT(dev));
342
343	DPRINTF(("uhidcancel: sc=%p\n", sc));
344	if (sc == NULL)
345		return 0;
346
347	/*
348	 * Mark it closing, wake any waiters, and suspend output.
349	 * After this point, no new xfers can be submitted.
350	 */
351	mutex_enter(&sc->sc_lock);
352	sc->sc_closing = true;
353	cv_broadcast(&sc->sc_cv);
354	mutex_exit(&sc->sc_lock);
355
356	uhidev_stop(sc->sc_hdev);
357
358	return 0;
359}
360
361static int
362uhidclose(dev_t dev, int flag, int mode, struct lwp *l)
363{
364	struct uhid_softc *sc = device_lookup_private(&uhid_cd, UHIDUNIT(dev));
365
366	DPRINTF(("uhidclose: sc=%p\n", sc));
367	if (sc == NULL)
368		return 0;
369
370	mutex_enter(&sc->sc_lock);
371	KASSERT(sc->sc_closing);
372	KASSERTMSG(sc->sc_open == UHID_OPEN || sc->sc_open == UHID_CLOSED,
373	    "sc_open=%d", sc->sc_open);
374	if (sc->sc_open == UHID_CLOSED)
375		goto out;
376
377	/* Release the lock while we free things.  */
378	mutex_exit(&sc->sc_lock);
379
380	/* Prevent further interrupts.  */
381	uhidev_close(sc->sc_hdev);
382
383	/* Hang up all select/poll.  */
384	selnotify(&sc->sc_rsel, POLLHUP, 0);
385
386	/* Reset SIGIO.  */
387	mutex_enter(&proc_lock);
388	atomic_store_relaxed(&sc->sc_async, NULL);
389	mutex_exit(&proc_lock);
390
391	/* Free the buffer and queue.  */
392	if (sc->sc_osize > 0) {
393		kmem_free(sc->sc_obuf, sc->sc_osize);
394		sc->sc_obuf = NULL;
395	}
396	clfree(&sc->sc_q);
397
398	mutex_enter(&sc->sc_lock);
399
400	/* All set.  We are now closed.  */
401	sc->sc_open = UHID_CLOSED;
402out:	KASSERT(sc->sc_open == UHID_CLOSED);
403	sc->sc_closing = false;
404	atomic_store_relaxed(&sc->sc_state, 0);
405	mutex_exit(&sc->sc_lock);
406
407	return 0;
408}
409
410static int
411uhidread(dev_t dev, struct uio *uio, int flag)
412{
413	struct uhid_softc *sc = device_lookup_private(&uhid_cd, UHIDUNIT(dev));
414	int error = 0;
415	int extra;
416	size_t length;
417	u_char buffer[UHID_CHUNK];
418	usbd_status err;
419
420	DPRINTFN(1, ("uhidread\n"));
421	if (atomic_load_relaxed(&sc->sc_state) & UHID_IMMED) {
422		DPRINTFN(1, ("uhidread immed\n"));
423		extra = sc->sc_report_id != 0;
424		if (sc->sc_isize + extra > sizeof(buffer))
425			return ENOBUFS;
426		err = uhidev_get_report(sc->sc_hdev, UHID_INPUT_REPORT,
427					buffer, sc->sc_isize + extra);
428		if (err)
429			return EIO;
430		return uiomove(buffer+extra, sc->sc_isize, uio);
431	}
432
433	mutex_enter(&sc->sc_lock);
434	while (sc->sc_q.c_cc == 0) {
435		if (flag & IO_NDELAY) {
436			mutex_exit(&sc->sc_lock);
437			return EWOULDBLOCK;
438		}
439		if (sc->sc_closing) {
440			mutex_exit(&sc->sc_lock);
441			return EIO;
442		}
443		DPRINTFN(5, ("uhidread: sleep on %p\n", &sc->sc_q));
444		error = cv_wait_sig(&sc->sc_cv, &sc->sc_lock);
445		DPRINTFN(5, ("uhidread: woke, error=%d\n", error));
446		if (error) {
447			break;
448		}
449	}
450
451	/* Transfer as many chunks as possible. */
452	while (sc->sc_q.c_cc > 0 && uio->uio_resid > 0 && !error) {
453		length = uimin(sc->sc_q.c_cc, uio->uio_resid);
454		if (length > sizeof(buffer))
455			length = sizeof(buffer);
456
457		/* Remove a small chunk from the input queue. */
458		(void) q_to_b(&sc->sc_q, buffer, length);
459		DPRINTFN(5, ("uhidread: got %lu chars\n", (u_long)length));
460
461		/* Copy the data to the user process. */
462		mutex_exit(&sc->sc_lock);
463		if ((error = uiomove(buffer, length, uio)) != 0)
464			return error;
465		mutex_enter(&sc->sc_lock);
466	}
467
468	mutex_exit(&sc->sc_lock);
469	return error;
470}
471
472static int
473uhidwrite(dev_t dev, struct uio *uio, int flag)
474{
475	struct uhid_softc *sc = device_lookup_private(&uhid_cd, UHIDUNIT(dev));
476	int error;
477	int size;
478	usbd_status err;
479
480	DPRINTFN(1, ("uhidwrite\n"));
481
482	size = sc->sc_osize;
483	if (uio->uio_resid != size || size == 0)
484		return EINVAL;
485	error = uiomove(sc->sc_obuf, size, uio);
486#ifdef UHID_DEBUG
487	if (uhiddebug > 5) {
488		uint32_t i;
489
490		DPRINTF(("%s: outdata[%d] =", device_xname(sc->sc_dev),
491		    error));
492		for (i = 0; i < size; i++)
493			DPRINTF((" %02x", sc->sc_obuf[i]));
494		DPRINTF(("\n"));
495	}
496#endif
497	if (!error) {
498		if (sc->sc_raw)
499			err = uhidev_write(sc->sc_hdev, sc->sc_obuf, size);
500		else
501			err = uhidev_set_report(sc->sc_hdev,
502			    UHID_OUTPUT_REPORT, sc->sc_obuf, size);
503		if (err) {
504			DPRINTF(("%s: err = %d\n",
505			    device_xname(sc->sc_dev), err));
506			error = EIO;
507		}
508	}
509
510	return error;
511}
512
513static int
514uhidioctl(dev_t dev, u_long cmd, void *addr, int flag, struct lwp *l)
515{
516	struct uhid_softc *sc = device_lookup_private(&uhid_cd, UHIDUNIT(dev));
517	struct usb_ctl_report_desc *rd;
518	struct usb_ctl_report *re;
519	u_char buffer[UHID_CHUNK];
520	int size, extra;
521	usbd_status err;
522	void *desc;
523
524	DPRINTFN(2, ("uhidioctl: cmd=%lx\n", cmd));
525
526	switch (cmd) {
527	case FIONBIO:
528		/* All handled in the upper FS layer. */
529		break;
530
531	case FIOASYNC:
532		mutex_enter(&proc_lock);
533		if (*(int *)addr) {
534			if (sc->sc_async != NULL) {
535				mutex_exit(&proc_lock);
536				return EBUSY;
537			}
538			atomic_store_relaxed(&sc->sc_async, l->l_proc);
539			DPRINTF(("uhid_do_ioctl: FIOASYNC %p\n", l->l_proc));
540		} else
541			atomic_store_relaxed(&sc->sc_async, NULL);
542		mutex_exit(&proc_lock);
543		break;
544
545	/* XXX this is not the most general solution. */
546	case TIOCSPGRP:
547		mutex_enter(&proc_lock);
548		if (sc->sc_async == NULL) {
549			mutex_exit(&proc_lock);
550			return EINVAL;
551		}
552		if (*(int *)addr != sc->sc_async->p_pgid) {
553			mutex_exit(&proc_lock);
554			return EPERM;
555		}
556		mutex_exit(&proc_lock);
557		break;
558
559	case FIOSETOWN:
560		mutex_enter(&proc_lock);
561		if (sc->sc_async == NULL) {
562			mutex_exit(&proc_lock);
563			return EINVAL;
564		}
565		if (-*(int *)addr != sc->sc_async->p_pgid
566		    && *(int *)addr != sc->sc_async->p_pid) {
567			mutex_exit(&proc_lock);
568			return EPERM;
569		}
570		mutex_exit(&proc_lock);
571		break;
572
573	case USB_HID_GET_RAW:
574		*(int *)addr = sc->sc_raw;
575		break;
576
577	case USB_HID_SET_RAW:
578		sc->sc_raw = *(int *)addr;
579		break;
580
581	case USB_GET_REPORT_DESC:
582		uhidev_get_report_desc(sc->sc_hdev, &desc, &size);
583		rd = (struct usb_ctl_report_desc *)addr;
584		size = uimin(size, sizeof(rd->ucrd_data));
585		rd->ucrd_size = size;
586		memcpy(rd->ucrd_data, desc, size);
587		break;
588
589	case USB_SET_IMMED:
590		if (*(int *)addr) {
591			extra = sc->sc_report_id != 0;
592			if (sc->sc_isize + extra > sizeof(buffer))
593				return ENOBUFS;
594			err = uhidev_get_report(sc->sc_hdev, UHID_INPUT_REPORT,
595						buffer, sc->sc_isize + extra);
596			if (err)
597				return EOPNOTSUPP;
598
599			atomic_or_32(&sc->sc_state, UHID_IMMED);
600		} else
601			atomic_and_32(&sc->sc_state, ~UHID_IMMED);
602		break;
603
604	case USB_GET_REPORT:
605		re = (struct usb_ctl_report *)addr;
606		switch (re->ucr_report) {
607		case UHID_INPUT_REPORT:
608			size = sc->sc_isize;
609			break;
610		case UHID_OUTPUT_REPORT:
611			size = sc->sc_osize;
612			break;
613		case UHID_FEATURE_REPORT:
614			size = sc->sc_fsize;
615			break;
616		default:
617			return EINVAL;
618		}
619		extra = sc->sc_report_id != 0;
620		if (size + extra > sizeof(re->ucr_data))
621			return ENOBUFS;
622		err = uhidev_get_report(sc->sc_hdev, re->ucr_report,
623		    re->ucr_data, size + extra);
624		if (extra)
625			memmove(re->ucr_data, re->ucr_data+1, size);
626		if (err)
627			return EIO;
628		break;
629
630	case USB_SET_REPORT:
631		re = (struct usb_ctl_report *)addr;
632		switch (re->ucr_report) {
633		case UHID_INPUT_REPORT:
634			size = sc->sc_isize;
635			break;
636		case UHID_OUTPUT_REPORT:
637			size = sc->sc_osize;
638			break;
639		case UHID_FEATURE_REPORT:
640			size = sc->sc_fsize;
641			break;
642		default:
643			return EINVAL;
644		}
645		if (size > sizeof(re->ucr_data))
646			return ENOBUFS;
647		err = uhidev_set_report(sc->sc_hdev, re->ucr_report,
648		    re->ucr_data, size);
649		if (err)
650			return EIO;
651		break;
652
653	case USB_GET_REPORT_ID:
654		*(int *)addr = sc->sc_report_id;
655		break;
656
657	case USB_GET_DEVICE_DESC:
658		*(usb_device_descriptor_t *)addr =
659			*usbd_get_device_descriptor(sc->sc_udev);
660		break;
661
662	case USB_GET_DEVICEINFO:
663		usbd_fill_deviceinfo(sc->sc_udev,
664				     (struct usb_device_info *)addr, 0);
665		break;
666	case USB_GET_DEVICEINFO_30:
667		MODULE_HOOK_CALL(usb_subr_fill_30_hook,
668                    (sc->sc_udev,
669		      (struct usb_device_info30 *)addr, 0,
670                      usbd_devinfo_vp, usbd_printBCD),
671                    enosys(), err);
672		if (err == 0)
673			return 0;
674		break;
675	case USB_GET_STRING_DESC:
676	    {
677		struct usb_string_desc *si = (struct usb_string_desc *)addr;
678		err = usbd_get_string_desc(sc->sc_udev,
679			si->usd_string_index,
680			si->usd_language_id, &si->usd_desc, &size);
681		if (err)
682			return EINVAL;
683		break;
684	    }
685
686	default:
687		return EINVAL;
688	}
689	return 0;
690}
691
692static int
693uhidpoll(dev_t dev, int events, struct lwp *l)
694{
695	struct uhid_softc *sc = device_lookup_private(&uhid_cd, UHIDUNIT(dev));
696	int revents = 0;
697
698	mutex_enter(&sc->sc_lock);
699	if (events & (POLLOUT | POLLWRNORM))
700		revents |= events & (POLLOUT | POLLWRNORM);
701	if (events & (POLLIN | POLLRDNORM)) {
702		if (sc->sc_q.c_cc > 0)
703			revents |= events & (POLLIN | POLLRDNORM);
704		else
705			selrecord(l, &sc->sc_rsel);
706	}
707	mutex_exit(&sc->sc_lock);
708
709	return revents;
710}
711
712static void
713filt_uhidrdetach(struct knote *kn)
714{
715	struct uhid_softc *sc = kn->kn_hook;
716
717	mutex_enter(&sc->sc_lock);
718	selremove_knote(&sc->sc_rsel, kn);
719	mutex_exit(&sc->sc_lock);
720}
721
722static int
723filt_uhidread(struct knote *kn, long hint)
724{
725	struct uhid_softc *sc = kn->kn_hook;
726
727	if (hint == NOTE_SUBMIT)
728		KASSERT(mutex_owned(&sc->sc_lock));
729	else
730		mutex_enter(&sc->sc_lock);
731
732	kn->kn_data = sc->sc_q.c_cc;
733
734	if (hint == NOTE_SUBMIT)
735		KASSERT(mutex_owned(&sc->sc_lock));
736	else
737		mutex_exit(&sc->sc_lock);
738
739	return kn->kn_data > 0;
740}
741
742static const struct filterops uhidread_filtops = {
743	.f_flags = FILTEROP_ISFD,
744	.f_attach = NULL,
745	.f_detach = filt_uhidrdetach,
746	.f_event = filt_uhidread,
747};
748
749static int
750uhidkqfilter(dev_t dev, struct knote *kn)
751{
752	struct uhid_softc *sc = device_lookup_private(&uhid_cd, UHIDUNIT(dev));
753
754	switch (kn->kn_filter) {
755	case EVFILT_READ:
756		kn->kn_fop = &uhidread_filtops;
757		kn->kn_hook = sc;
758		mutex_enter(&sc->sc_lock);
759		selrecord_knote(&sc->sc_rsel, kn);
760		mutex_exit(&sc->sc_lock);
761		return 0;
762
763	case EVFILT_WRITE:
764		kn->kn_fop = &seltrue_filtops;
765		return 0;
766
767	default:
768		return EINVAL;
769	}
770}
771