1/* $NetBSD: uhidev.c,v 1.95 2024/02/04 05:43:06 mrg Exp $ */ 2 3/* 4 * Copyright (c) 2001, 2012 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Lennart Augustsson (lennart@augustsson.net) at 9 * Carlstedt Research & Technology and Matthew R. Green (mrg@eterna23.net). 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 24 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33/* 34 * HID spec: http://www.usb.org/developers/devclass_docs/HID1_11.pdf 35 */ 36 37#include <sys/cdefs.h> 38__KERNEL_RCSID(0, "$NetBSD: uhidev.c,v 1.95 2024/02/04 05:43:06 mrg Exp $"); 39 40#ifdef _KERNEL_OPT 41#include "opt_usb.h" 42#endif 43 44#include <sys/param.h> 45#include <sys/types.h> 46 47#include <sys/atomic.h> 48#include <sys/conf.h> 49#include <sys/device.h> 50#include <sys/ioctl.h> 51#include <sys/kernel.h> 52#include <sys/kmem.h> 53#include <sys/lwp.h> 54#include <sys/rndsource.h> 55#include <sys/signalvar.h> 56#include <sys/systm.h> 57#include <sys/xcall.h> 58 59#include <dev/usb/usb.h> 60#include <dev/usb/usbhid.h> 61 62#include <dev/usb/usbdevs.h> 63#include <dev/usb/usbdi.h> 64#include <dev/usb/usbdi_util.h> 65#include <dev/usb/usb_quirks.h> 66 67#include <dev/usb/uhidev.h> 68#include <dev/hid/hid.h> 69 70/* Report descriptor for broken Wacom Graphire */ 71#include <dev/usb/ugraphire_rdesc.h> 72/* Report descriptor for game controllers in "XInput" mode */ 73#include <dev/usb/xinput_rdesc.h> 74/* Report descriptor for Xbox One controllers */ 75#include <dev/usb/x1input_rdesc.h> 76 77#include "locators.h" 78 79struct uhidev_softc { 80 device_t sc_dev; /* base device */ 81 struct usbd_device *sc_udev; 82 struct usbd_interface *sc_iface; /* interface */ 83 int sc_iep_addr; 84 int sc_oep_addr; 85 u_int sc_isize; 86 87 int sc_repdesc_size; 88 void *sc_repdesc; 89 90 u_int sc_nrepid; 91 struct uhidev { 92 struct uhidev_softc *sc_parent; 93 device_t sc_dev; 94 void (*sc_intr)(void *, void *, u_int); 95 void *sc_cookie; 96 krndsource_t sc_rndsource; 97 int sc_in_rep_size; 98 uint8_t sc_report_id; 99 uint8_t sc_state; 100#define UHIDEV_OPEN 0x01 /* device is open */ 101#define UHIDEV_STOPPED 0x02 /* xfers are stopped */ 102 } *sc_subdevs; 103 104 kmutex_t sc_lock; 105 kcondvar_t sc_cv; 106 107 /* Read/written under sc_lock. */ 108 struct lwp *sc_writelock; 109 struct lwp *sc_configlock; 110 int sc_refcnt; 111 int sc_writereportid; 112 int sc_stopreportid; 113 114 /* 115 * - Read under sc_lock, provided sc_refcnt > 0. 116 * - Written under sc_configlock only when transitioning to and 117 * from sc_refcnt = 0. 118 */ 119 u_char *sc_ibuf; 120 struct usbd_pipe *sc_ipipe; /* input interrupt pipe */ 121 struct usbd_pipe *sc_opipe; /* output interrupt pipe */ 122 struct usbd_xfer *sc_oxfer; /* write request */ 123 usbd_callback sc_writecallback; /* async write request callback */ 124 void *sc_writecookie; 125 126 u_int sc_flags; 127#define UHIDEV_F_XB1 0x0001 /* Xbox 1 controller */ 128}; 129 130#ifdef UHIDEV_DEBUG 131#define DPRINTF(x) if (uhidevdebug) printf x 132#define DPRINTFN(n,x) if (uhidevdebug>(n)) printf x 133int uhidevdebug = 0; 134#else 135#define DPRINTF(x) 136#define DPRINTFN(n,x) 137#endif 138 139static void uhidev_intr(struct usbd_xfer *, void *, usbd_status); 140 141static int uhidev_maxrepid(void *, int); 142static int uhidevprint(void *, const char *); 143 144static int uhidev_match(device_t, cfdata_t, void *); 145static void uhidev_attach(device_t, device_t, void *); 146static void uhidev_childdet(device_t, device_t); 147static int uhidev_detach(device_t, int); 148 149CFATTACH_DECL2_NEW(uhidev, sizeof(struct uhidev_softc), uhidev_match, 150 uhidev_attach, uhidev_detach, NULL, NULL, uhidev_childdet); 151 152static int 153uhidev_match(device_t parent, cfdata_t match, void *aux) 154{ 155 struct usbif_attach_arg *uiaa = aux; 156 157 /* Game controllers in "XInput" mode */ 158 if (USBIF_IS_XINPUT(uiaa)) 159 return UMATCH_IFACECLASS_IFACESUBCLASS_IFACEPROTO; 160 /* Xbox One controllers */ 161 if (USBIF_IS_X1INPUT(uiaa) && uiaa->uiaa_ifaceno == 0) 162 return UMATCH_IFACECLASS_IFACESUBCLASS_IFACEPROTO; 163 164 if (uiaa->uiaa_class != UICLASS_HID) 165 return UMATCH_NONE; 166 if (usbd_get_quirks(uiaa->uiaa_device)->uq_flags & UQ_HID_IGNORE) 167 return UMATCH_NONE; 168 return UMATCH_IFACECLASS_GENERIC; 169} 170 171static void 172uhidev_attach(device_t parent, device_t self, void *aux) 173{ 174 struct uhidev_softc *sc = device_private(self); 175 struct usbif_attach_arg *uiaa = aux; 176 struct usbd_interface *iface = uiaa->uiaa_iface; 177 usb_interface_descriptor_t *id; 178 usb_endpoint_descriptor_t *ed; 179 struct uhidev_attach_arg uha; 180 device_t dev; 181 int maxinpktsize, size, nrepid, repid, repsz; 182 int *repsizes; 183 int i; 184 void *desc; 185 const void *descptr; 186 usbd_status err; 187 char *devinfop; 188 int locs[UHIDBUSCF_NLOCS]; 189 190 sc->sc_dev = self; 191 sc->sc_udev = uiaa->uiaa_device; 192 sc->sc_iface = iface; 193 194 aprint_naive("\n"); 195 aprint_normal("\n"); 196 197 mutex_init(&sc->sc_lock, MUTEX_DEFAULT, IPL_SOFTUSB); 198 cv_init(&sc->sc_cv, "uhidev"); 199 sc->sc_writelock = NULL; 200 sc->sc_configlock = NULL; 201 sc->sc_refcnt = 0; 202 sc->sc_writereportid = -1; 203 sc->sc_stopreportid = -1; 204 205 id = usbd_get_interface_descriptor(iface); 206 207 devinfop = usbd_devinfo_alloc(uiaa->uiaa_device, 0); 208 aprint_normal_dev(self, "%s, iclass %d/%d\n", 209 devinfop, id->bInterfaceClass, id->bInterfaceSubClass); 210 usbd_devinfo_free(devinfop); 211 212 if (!pmf_device_register(self, NULL, NULL)) 213 aprint_error_dev(self, "couldn't establish power handler\n"); 214 215 if (uiaa->uiaa_vendor == USB_VENDOR_WACOM) { 216 if (uiaa->uiaa_product == USB_PRODUCT_WACOM_XD0912U) { 217 /* 218 * Wacom Intuos2 (XD-0912-U) requires longer idle time to 219 * initialize the device with 0x0202. 220 */ 221 DELAY(500000); 222 } 223 } 224 (void)usbd_set_idle(iface, 0, 0); 225 226 if ((usbd_get_quirks(sc->sc_udev)->uq_flags & UQ_NO_SET_PROTO) == 0) 227 (void)usbd_set_protocol(iface, 1); 228 229 maxinpktsize = 0; 230 sc->sc_iep_addr = sc->sc_oep_addr = -1; 231 for (i = 0; i < id->bNumEndpoints; i++) { 232 ed = usbd_interface2endpoint_descriptor(iface, i); 233 if (ed == NULL) { 234 aprint_error_dev(self, 235 "could not read endpoint descriptor\n"); 236 return; 237 } 238 239 DPRINTFN(10,("uhidev_attach: bLength=%d bDescriptorType=%d " 240 "bEndpointAddress=%d-%s bmAttributes=%d wMaxPacketSize=%d" 241 " bInterval=%d\n", 242 ed->bLength, ed->bDescriptorType, 243 ed->bEndpointAddress & UE_ADDR, 244 UE_GET_DIR(ed->bEndpointAddress)==UE_DIR_IN? "in" : "out", 245 ed->bmAttributes & UE_XFERTYPE, 246 UGETW(ed->wMaxPacketSize), ed->bInterval)); 247 248 if (UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_IN && 249 (ed->bmAttributes & UE_XFERTYPE) == UE_INTERRUPT) { 250 maxinpktsize = UGETW(ed->wMaxPacketSize); 251 sc->sc_iep_addr = ed->bEndpointAddress; 252 } else if (UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_OUT && 253 (ed->bmAttributes & UE_XFERTYPE) == UE_INTERRUPT) { 254 sc->sc_oep_addr = ed->bEndpointAddress; 255 } else { 256 aprint_verbose_dev(self, "endpoint %d: ignored\n", i); 257 } 258 } 259 260 /* 261 * Check that we found an input interrupt endpoint. The output interrupt 262 * endpoint is optional 263 */ 264 if (sc->sc_iep_addr == -1) { 265 aprint_error_dev(self, "no input interrupt endpoint\n"); 266 return; 267 } 268 269 /* XXX need to extend this */ 270 descptr = NULL; 271 if (uiaa->uiaa_vendor == USB_VENDOR_WACOM) { 272 static uByte reportbuf[3]; 273 274 /* The report descriptor for the Wacom Graphire is broken. */ 275 switch (uiaa->uiaa_product) { 276 case USB_PRODUCT_WACOM_GRAPHIRE3_4X5: 277 case USB_PRODUCT_WACOM_GRAPHIRE3_6X8: 278 case USB_PRODUCT_WACOM_GRAPHIRE4_4X5: /* The 6x8 too? */ 279 /* 280 * The Graphire3 needs 0x0202 to be written to 281 * feature report ID 2 before it'll start 282 * returning digitizer data. 283 */ 284 reportbuf[0] = 0x02; 285 reportbuf[1] = 0x02; 286 usbd_set_report(uiaa->uiaa_iface, UHID_FEATURE_REPORT, 2, 287 &reportbuf, 2); 288 289 size = sizeof(uhid_graphire3_4x5_report_descr); 290 descptr = uhid_graphire3_4x5_report_descr; 291 break; 292 case USB_PRODUCT_WACOM_GRAPHIRE: 293 case USB_PRODUCT_WACOM_GRAPHIRE2: 294 case USB_PRODUCT_WACOM_XD0912U: 295 case USB_PRODUCT_WACOM_CTH690K0: 296 reportbuf[0] = 0x02; 297 reportbuf[1] = 0x02; 298 usbd_set_report(uiaa->uiaa_iface, UHID_FEATURE_REPORT, 2, 299 &reportbuf, 2); 300 break; 301 default: 302 /* Keep descriptor */ 303 break; 304 } 305 } 306 if (USBIF_IS_XINPUT(uiaa)) { 307 size = sizeof(uhid_xinput_report_descr); 308 descptr = uhid_xinput_report_descr; 309 } 310 if (USBIF_IS_X1INPUT(uiaa)) { 311 sc->sc_flags |= UHIDEV_F_XB1; 312 size = sizeof(uhid_x1input_report_descr); 313 descptr = uhid_x1input_report_descr; 314 } 315 316 if (descptr) { 317 desc = kmem_alloc(size, KM_SLEEP); 318 err = USBD_NORMAL_COMPLETION; 319 memcpy(desc, descptr, size); 320 } else { 321 desc = NULL; 322 err = usbd_read_report_desc(uiaa->uiaa_iface, &desc, &size); 323 } 324 if (err) { 325 aprint_error_dev(self, "no report descriptor\n"); 326 return; 327 } 328 329 if (uiaa->uiaa_vendor == USB_VENDOR_HOSIDEN && 330 uiaa->uiaa_product == USB_PRODUCT_HOSIDEN_PPP) { 331 static uByte reportbuf[] = { 1 }; 332 /* 333 * This device was sold by Konami with its ParaParaParadise 334 * game for PlayStation2. It needs to be "turned on" 335 * before it will send any reports. 336 */ 337 338 usbd_set_report(uiaa->uiaa_iface, UHID_FEATURE_REPORT, 0, 339 &reportbuf, sizeof(reportbuf)); 340 } 341 342 if (uiaa->uiaa_vendor == USB_VENDOR_LOGITECH && 343 uiaa->uiaa_product == USB_PRODUCT_LOGITECH_CBT44 && size == 0xb1) { 344 uint8_t *data = desc; 345 /* 346 * This device has a odd USAGE_MINIMUM value that would 347 * cause the multimedia keys to have their usage number 348 * shifted up one usage. Adjust so the usages are sane. 349 */ 350 351 if (data[0x56] == 0x19 && data[0x57] == 0x01 && 352 data[0x58] == 0x2a && data[0x59] == 0x8c) 353 data[0x57] = 0x00; 354 } 355 356 /* 357 * Enable the Six Axis and DualShock 3 controllers. 358 * See http://ps3.jim.sh/sixaxis/usb/ 359 */ 360 if (uiaa->uiaa_vendor == USB_VENDOR_SONY && 361 uiaa->uiaa_product == USB_PRODUCT_SONY_PS3CONTROLLER) { 362 usb_device_request_t req; 363 char data[17]; 364 int actlen; 365 366 req.bmRequestType = UT_READ_CLASS_INTERFACE; 367 req.bRequest = 1; 368 USETW(req.wValue, 0x3f2); 369 USETW(req.wIndex, 0); 370 USETW(req.wLength, sizeof(data)); 371 372 usbd_do_request_flags(sc->sc_udev, &req, data, 373 USBD_SHORT_XFER_OK, &actlen, USBD_DEFAULT_TIMEOUT); 374 } 375 376 sc->sc_repdesc = desc; 377 sc->sc_repdesc_size = size; 378 379 uha.uiaa = uiaa; 380 nrepid = uhidev_maxrepid(desc, size); 381 if (nrepid < 0) 382 return; 383 if (nrepid > 0) 384 aprint_normal_dev(self, "%d report ids\n", nrepid); 385 nrepid++; 386 repsizes = kmem_alloc(nrepid * sizeof(*repsizes), KM_SLEEP); 387 sc->sc_subdevs = kmem_zalloc(nrepid * sizeof(sc->sc_subdevs[0]), 388 KM_SLEEP); 389 390 /* Just request max packet size for the interrupt pipe */ 391 sc->sc_isize = maxinpktsize; 392 sc->sc_nrepid = nrepid; 393 394 usbd_add_drv_event(USB_EVENT_DRIVER_ATTACH, sc->sc_udev, sc->sc_dev); 395 396 for (repid = 0; repid < nrepid; repid++) { 397 repsz = hid_report_size(desc, size, hid_input, repid); 398 DPRINTF(("uhidev_match: repid=%d, repsz=%d\n", repid, repsz)); 399 repsizes[repid] = repsz; 400 } 401 402 DPRINTF(("uhidev_attach: isize=%d\n", sc->sc_isize)); 403 404 for (repid = 0; repid < nrepid; repid++) { 405 struct uhidev *scd = &sc->sc_subdevs[repid]; 406 407 scd->sc_parent = sc; 408 scd->sc_report_id = repid; 409 scd->sc_in_rep_size = repsizes[repid]; 410 411 DPRINTF(("uhidev_match: try repid=%d\n", repid)); 412 if (hid_report_size(desc, size, hid_input, repid) == 0 && 413 hid_report_size(desc, size, hid_output, repid) == 0 && 414 hid_report_size(desc, size, hid_feature, repid) == 0) { 415 ; /* already NULL in sc->sc_subdevs[repid] */ 416 } else { 417 uha.parent = scd; 418 uha.reportid = repid; 419 locs[UHIDBUSCF_REPORTID] = repid; 420 421 dev = config_found(self, &uha, uhidevprint, 422 CFARGS(.submatch = config_stdsubmatch, 423 .locators = locs)); 424 sc->sc_subdevs[repid].sc_dev = dev; 425 if (dev == NULL) 426 continue; 427 /* 428 * XXXSMP -- could be detached in the middle of 429 * sleeping for allocation in rnd_attach_source 430 */ 431 rnd_attach_source(&scd->sc_rndsource, 432 device_xname(dev), RND_TYPE_TTY, RND_FLAG_DEFAULT); 433 } 434 } 435 kmem_free(repsizes, nrepid * sizeof(*repsizes)); 436 437 return; 438} 439 440static int 441uhidev_maxrepid(void *buf, int len) 442{ 443 struct hid_data *d; 444 struct hid_item h; 445 int maxid; 446 447 maxid = -1; 448 h.report_ID = 0; 449 for (d = hid_start_parse(buf, len, hid_none); hid_get_item(d, &h); ) 450 if ((int)h.report_ID > maxid) 451 maxid = h.report_ID; 452 hid_end_parse(d); 453 return MIN(maxid, UHIDEV_MAXREPID); 454} 455 456static int 457uhidevprint(void *aux, const char *pnp) 458{ 459 struct uhidev_attach_arg *uha = aux; 460 461 if (pnp) 462 aprint_normal("uhid at %s", pnp); 463 if (uha->reportid != 0) 464 aprint_normal(" reportid %d", uha->reportid); 465 return UNCONF; 466} 467 468static void 469uhidev_childdet(device_t self, device_t child) 470{ 471 int i; 472 struct uhidev_softc *sc = device_private(self); 473 474 for (i = 0; i < sc->sc_nrepid; i++) { 475 if (sc->sc_subdevs[i].sc_dev == child) 476 break; 477 } 478 KASSERT(i < sc->sc_nrepid); 479 sc->sc_subdevs[i].sc_dev = NULL; 480 /* 481 * XXXSMP -- could be reattached in the middle of sleeping for 482 * lock on sources to delete this in rnd_attach_source 483 * 484 * (Actually this can't happen right now because there's no 485 * rescan method, but if there were, it could.) 486 */ 487 rnd_detach_source(&sc->sc_subdevs[i].sc_rndsource); 488} 489 490static int 491uhidev_detach(device_t self, int flags) 492{ 493 struct uhidev_softc *sc = device_private(self); 494 int rv; 495 496 DPRINTF(("uhidev_detach: sc=%p flags=%d\n", sc, flags)); 497 498 /* 499 * Try to detach all our children. If anything fails, bail. 500 * Failure can happen if this is from drvctl -d; of course, if 501 * this is a USB device being yanked, flags will have 502 * DETACH_FORCE and the children will not have the option of 503 * refusing detachment. If they do detach, the pipes can no 504 * longer be in use. 505 */ 506 rv = config_detach_children(self, flags); 507 if (rv) 508 return rv; 509 510 KASSERTMSG(sc->sc_refcnt == 0, 511 "%s: %d refs remain", device_xname(sc->sc_dev), sc->sc_refcnt); 512 KASSERT(sc->sc_opipe == NULL); 513 KASSERT(sc->sc_ipipe == NULL); 514 KASSERT(sc->sc_ibuf == NULL); 515 516 if (sc->sc_repdesc != NULL) { 517 kmem_free(sc->sc_repdesc, sc->sc_repdesc_size); 518 sc->sc_repdesc = NULL; 519 } 520 if (sc->sc_subdevs != NULL) { 521 int nrepid = sc->sc_nrepid; 522 kmem_free(sc->sc_subdevs, nrepid * sizeof(sc->sc_subdevs[0])); 523 sc->sc_subdevs = NULL; 524 } 525 526 usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, sc->sc_udev, sc->sc_dev); 527 528 pmf_device_deregister(self); 529 KASSERT(sc->sc_configlock == NULL); 530 KASSERT(sc->sc_writelock == NULL); 531 cv_destroy(&sc->sc_cv); 532 mutex_destroy(&sc->sc_lock); 533 534 return rv; 535} 536 537static void 538uhidev_intr(struct usbd_xfer *xfer, void *addr, usbd_status status) 539{ 540 struct uhidev_softc *sc = addr; 541 struct uhidev *scd; 542 u_char *p; 543 u_int rep; 544 uint32_t cc; 545 546 usbd_get_xfer_status(xfer, NULL, NULL, &cc, NULL); 547 548#ifdef UHIDEV_DEBUG 549 if (uhidevdebug > 5) { 550 uint32_t i; 551 552 DPRINTF(("uhidev_intr: status=%d cc=%d\n", status, cc)); 553 DPRINTF(("uhidev_intr: data =")); 554 for (i = 0; i < cc; i++) 555 DPRINTF((" %02x", sc->sc_ibuf[i])); 556 DPRINTF(("\n")); 557 } 558#endif 559 560 if (status == USBD_CANCELLED) 561 return; 562 563 if (status != USBD_NORMAL_COMPLETION) { 564 DPRINTF(("%s: interrupt status=%d\n", device_xname(sc->sc_dev), 565 status)); 566 usbd_clear_endpoint_stall_async(sc->sc_ipipe); 567 return; 568 } 569 570 p = sc->sc_ibuf; 571 if (sc->sc_nrepid != 1) 572 rep = *p++, cc--; 573 else 574 rep = 0; 575 if (rep >= sc->sc_nrepid) { 576 printf("uhidev_intr: bad repid %d\n", rep); 577 return; 578 } 579 scd = &sc->sc_subdevs[rep]; 580 DPRINTFN(5,("uhidev_intr: rep=%d, scd=%p state=%#x\n", 581 rep, scd, scd->sc_state)); 582 if (!(atomic_load_acquire(&scd->sc_state) & UHIDEV_OPEN)) 583 return; 584#ifdef UHIDEV_DEBUG 585 if (scd->sc_in_rep_size != cc) { 586 DPRINTF(("%s: expected %d bytes, got %d\n", 587 device_xname(sc->sc_dev), scd->sc_in_rep_size, cc)); 588 } 589#endif 590 if (cc == 0) { 591 DPRINTF(("%s: 0-length input ignored\n", 592 device_xname(sc->sc_dev))); 593 return; 594 } 595 rnd_add_uint32(&scd->sc_rndsource, (uintptr_t)(sc->sc_ibuf)); 596 scd->sc_intr(scd->sc_cookie, p, cc); 597} 598 599void 600uhidev_get_report_desc(struct uhidev *scd, void **desc, int *size) 601{ 602 struct uhidev_softc *sc = scd->sc_parent; 603 604 *desc = sc->sc_repdesc; 605 *size = sc->sc_repdesc_size; 606} 607 608static int 609uhidev_config_enter(struct uhidev_softc *sc) 610{ 611 int error; 612 613 KASSERT(mutex_owned(&sc->sc_lock)); 614 615 for (;;) { 616 if (sc->sc_configlock == NULL) 617 break; 618 error = cv_wait_sig(&sc->sc_cv, &sc->sc_lock); 619 if (error) 620 return error; 621 } 622 623 sc->sc_configlock = curlwp; 624 return 0; 625} 626 627static void 628uhidev_config_enter_nointr(struct uhidev_softc *sc) 629{ 630 631 KASSERT(mutex_owned(&sc->sc_lock)); 632 633 while (sc->sc_configlock) 634 cv_wait(&sc->sc_cv, &sc->sc_lock); 635 sc->sc_configlock = curlwp; 636} 637 638static void 639uhidev_config_exit(struct uhidev_softc *sc) 640{ 641 642 KASSERT(mutex_owned(&sc->sc_lock)); 643 KASSERTMSG(sc->sc_configlock == curlwp, "%s: migrated from %p to %p", 644 device_xname(sc->sc_dev), curlwp, sc->sc_configlock); 645 646 sc->sc_configlock = NULL; 647 cv_broadcast(&sc->sc_cv); 648} 649 650/* 651 * uhidev_open_pipes(sc) 652 * 653 * Ensure the pipes of the softc are open. Caller must hold 654 * sc_lock, which may be released and reacquired. 655 */ 656static int 657uhidev_open_pipes(struct uhidev_softc *sc) 658{ 659 usbd_status err; 660 int error; 661 662 KASSERT(mutex_owned(&sc->sc_lock)); 663 664 /* 665 * If the pipes are already open, just increment the reference 666 * count. The reference count is limited by the number of 667 * report ids, so this can't overflow. 668 */ 669 if (sc->sc_refcnt) { 670 KASSERT(sc->sc_refcnt < UHIDEV_MAXREPID); 671 sc->sc_refcnt++; 672 return 0; 673 } 674 675 /* 676 * If there's no input data to prepare, don't bother with the 677 * pipes. We assume any device that does output also does 678 * input; if you have a device where this is wrong, then 679 * uhidev_write will fail gracefully (it checks sc->sc_opipe), 680 * and you can use that device to test the changes needed to 681 * open the output pipe here. 682 */ 683 if (sc->sc_isize == 0) 684 return 0; 685 686 /* 687 * Lock the configuration and release sc_lock -- we may sleep 688 * to allocate. If someone else got in first, we're done; 689 * otherwise open the pipes. 690 */ 691 error = uhidev_config_enter(sc); 692 if (error) 693 goto out; 694 if (sc->sc_refcnt) { 695 KASSERT(sc->sc_refcnt < UHIDEV_MAXREPID); 696 sc->sc_refcnt++; 697 error = 0; 698 goto out0; 699 } 700 mutex_exit(&sc->sc_lock); 701 702 /* Allocate an input buffer. */ 703 sc->sc_ibuf = kmem_alloc(sc->sc_isize, KM_SLEEP); 704 705 /* Set up input interrupt pipe. */ 706 DPRINTF(("%s: isize=%d, ep=0x%02x\n", __func__, sc->sc_isize, 707 sc->sc_iep_addr)); 708 709 err = usbd_open_pipe_intr(sc->sc_iface, sc->sc_iep_addr, 710 USBD_SHORT_XFER_OK, &sc->sc_ipipe, sc, sc->sc_ibuf, 711 sc->sc_isize, uhidev_intr, USBD_DEFAULT_INTERVAL); 712 if (err != USBD_NORMAL_COMPLETION) { 713 DPRINTF(("uhidopen: usbd_open_pipe_intr failed, " 714 "error=%d\n", err)); 715 error = EIO; 716 goto out1; 717 } 718 719 /* 720 * Set up output interrupt pipe if an output interrupt endpoint 721 * exists. 722 */ 723 if (sc->sc_oep_addr != -1) { 724 DPRINTF(("uhidev_open: oep=0x%02x\n", sc->sc_oep_addr)); 725 726 err = usbd_open_pipe(sc->sc_iface, sc->sc_oep_addr, 727 0, &sc->sc_opipe); 728 729 if (err != USBD_NORMAL_COMPLETION) { 730 DPRINTF(("uhidev_open: usbd_open_pipe failed, " 731 "error=%d\n", err)); 732 error = EIO; 733 goto out2; 734 } 735 DPRINTF(("uhidev_open: sc->sc_opipe=%p\n", sc->sc_opipe)); 736 737 error = usbd_create_xfer(sc->sc_opipe, UHIDEV_OSIZE, 0, 0, 738 &sc->sc_oxfer); 739 if (error) { 740 DPRINTF(("uhidev_open: couldn't allocate an xfer\n")); 741 goto out3; 742 } 743 744 if (sc->sc_flags & UHIDEV_F_XB1) { 745 uint8_t init_data[] = { 0x05, 0x20 }; 746 int init_data_len = sizeof(init_data); 747 err = usbd_intr_transfer(sc->sc_oxfer, sc->sc_opipe, 0, 748 USBD_NO_TIMEOUT, init_data, &init_data_len); 749 if (err != USBD_NORMAL_COMPLETION) { 750 DPRINTF(("uhidev_open: xb1 init failed, " 751 "error=%d\n", err)); 752 error = EIO; 753 goto out4; 754 } 755 } 756 } 757 758 /* Success! */ 759 mutex_enter(&sc->sc_lock); 760 KASSERTMSG(sc->sc_refcnt == 0, "%d refs spuriously acquired", 761 sc->sc_refcnt); 762 sc->sc_refcnt++; 763 goto out0; 764 765out4: if (sc->sc_oxfer) { 766 usbd_abort_pipe(sc->sc_opipe); 767 usbd_destroy_xfer(sc->sc_oxfer); 768 sc->sc_oxfer = NULL; 769 } 770out3: if (sc->sc_opipe) { 771 usbd_close_pipe(sc->sc_opipe); 772 sc->sc_opipe = NULL; 773 } 774out2: if (sc->sc_ipipe) { 775 usbd_abort_pipe(sc->sc_ipipe); 776 usbd_close_pipe(sc->sc_ipipe); 777 sc->sc_ipipe = NULL; 778 } 779out1: kmem_free(sc->sc_ibuf, sc->sc_isize); 780 sc->sc_ibuf = NULL; 781 mutex_enter(&sc->sc_lock); 782out0: KASSERT(mutex_owned(&sc->sc_lock)); 783 uhidev_config_exit(sc); 784out: KASSERT(mutex_owned(&sc->sc_lock)); 785 return error; 786} 787 788static void 789uhidev_close_pipes(struct uhidev_softc *sc) 790{ 791 792 KASSERT(mutex_owned(&sc->sc_lock)); 793 KASSERTMSG(sc->sc_refcnt > 0, "%s: refcnt fouled: %d", 794 device_xname(sc->sc_dev), sc->sc_refcnt); 795 796 /* If this isn't the last reference, just decrement. */ 797 if (sc->sc_refcnt > 1) { 798 sc->sc_refcnt--; 799 return; 800 } 801 802 /* 803 * Lock the configuration and release sc_lock so we may sleep 804 * to free memory. We're not waiting for anyone to allocate or 805 * free anything. 806 */ 807 uhidev_config_enter_nointr(sc); 808 809 /* 810 * If someone else acquired a reference while we were waiting 811 * for the config lock, nothing more for us to do. 812 */ 813 if (sc->sc_refcnt > 1) { 814 sc->sc_refcnt--; 815 uhidev_config_exit(sc); 816 return; 817 } 818 819 /* 820 * We're the last reference and committed to closing the pipes. 821 * Decrement the reference count before we release the lock -- 822 * access to the pipes is allowed as long as the reference 823 * count is positive, so this forces all new opens to wait 824 * until the config lock is released. 825 */ 826 KASSERTMSG(sc->sc_refcnt == 1, "%s: refcnt fouled: %d", 827 device_xname(sc->sc_dev), sc->sc_refcnt); 828 sc->sc_refcnt--; 829 mutex_exit(&sc->sc_lock); 830 831 if (sc->sc_oxfer) { 832 usbd_abort_pipe(sc->sc_opipe); 833 usbd_destroy_xfer(sc->sc_oxfer); 834 sc->sc_oxfer = NULL; 835 } 836 if (sc->sc_opipe) { 837 usbd_close_pipe(sc->sc_opipe); 838 sc->sc_opipe = NULL; 839 } 840 if (sc->sc_ipipe) { 841 usbd_abort_pipe(sc->sc_ipipe); 842 usbd_close_pipe(sc->sc_ipipe); 843 sc->sc_ipipe = NULL; 844 } 845 kmem_free(sc->sc_ibuf, sc->sc_isize); 846 sc->sc_ibuf = NULL; 847 848 mutex_enter(&sc->sc_lock); 849 uhidev_config_exit(sc); 850 KASSERTMSG(sc->sc_refcnt == 0, "%s: refcnt fouled: %d", 851 device_xname(sc->sc_dev), sc->sc_refcnt); 852} 853 854int 855uhidev_open(struct uhidev *scd, void (*intr)(void *, void *, u_int), 856 void *cookie) 857{ 858 struct uhidev_softc *sc = scd->sc_parent; 859 int error; 860 861 mutex_enter(&sc->sc_lock); 862 863 DPRINTF(("uhidev_open(%s, report %d = %s): state=%x refcnt=%d\n", 864 device_xname(sc->sc_dev), 865 scd->sc_report_id, 866 device_xname(scd->sc_dev), 867 scd->sc_state, 868 sc->sc_refcnt)); 869 870 /* Mark the report id open. This is an exclusive lock. */ 871 if (scd->sc_state & UHIDEV_OPEN) { 872 error = EBUSY; 873 goto out; 874 } 875 scd->sc_intr = intr; 876 scd->sc_cookie = cookie; 877 atomic_store_release(&scd->sc_state, scd->sc_state | UHIDEV_OPEN); 878 879 /* Open the pipes which are shared by all report ids. */ 880 error = uhidev_open_pipes(sc); 881 if (error) 882 goto out; 883 884 /* Success! */ 885 error = 0; 886 887out: if (error) { 888 KASSERTMSG(scd->sc_state & UHIDEV_OPEN, 889 "%s: report id %d: closed while opening", 890 device_xname(sc->sc_dev), scd->sc_report_id); 891 atomic_store_relaxed(&scd->sc_state, 892 scd->sc_state & ~UHIDEV_OPEN); 893 } 894 mutex_exit(&sc->sc_lock); 895 return error; 896} 897 898/* 899 * uhidev_stop(scd) 900 * 901 * Make all current and future output reports or xfers by scd to 902 * the output pipe to fail. Caller must then ensure no more will 903 * be submitted and then call uhidev_close. 904 * 905 * Side effect: If uhidev_write was in progress for this scd, 906 * blocks all other uhidev_writes until uhidev_close on this scd. 907 * 908 * May sleep but only for a short duration to wait for USB 909 * transfer completion callbacks to run. 910 */ 911void 912uhidev_stop(struct uhidev *scd) 913{ 914 struct uhidev_softc *sc = scd->sc_parent; 915 916 mutex_enter(&sc->sc_lock); 917 918 /* Prevent further writes on this report from starting. */ 919 atomic_store_relaxed(&scd->sc_state, scd->sc_state | UHIDEV_STOPPED); 920 921 /* If there's no output pipe at all, nothing to do. */ 922 if (sc->sc_opipe == NULL) 923 goto out; 924 925 /* 926 * If there's no write on this report in progress, nothing to 927 * do -- any subsequent attempts will be prevented by 928 * UHIDEV_STOPPED. 929 */ 930 if (sc->sc_writereportid != scd->sc_report_id) 931 goto out; 932 933 /* 934 * Caller must wait for uhidev_open to succeed before calling 935 * uhidev_write, and must wait for all uhidev_writes to return 936 * before calling uhidev_close, so neither on can be in flight 937 * right now. 938 * 939 * Suspend the pipe, but hold up uhidev_write from any report 940 * until we confirm this one has finished. We will resume the 941 * pipe only after all uhidev_writes on this report have 942 * finished -- when the caller calls uhidev_close. 943 */ 944 KASSERTMSG(sc->sc_stopreportid == -1, "%d", sc->sc_stopreportid); 945 sc->sc_stopreportid = scd->sc_report_id; 946 mutex_exit(&sc->sc_lock); 947 948 usbd_suspend_pipe(sc->sc_opipe); 949 950 mutex_enter(&sc->sc_lock); 951 KASSERT(sc->sc_stopreportid == scd->sc_report_id); 952 sc->sc_stopreportid = scd->sc_report_id; 953 cv_broadcast(&sc->sc_cv); 954out: mutex_exit(&sc->sc_lock); 955} 956 957/* 958 * uhidev_close(scd) 959 * 960 * Close a uhidev previously opened with uhidev_open. If writes 961 * had been stopped with uhidev_stop, allow writes at other report 962 * ids again. 963 */ 964void 965uhidev_close(struct uhidev *scd) 966{ 967 struct uhidev_softc *sc = scd->sc_parent; 968 969 mutex_enter(&sc->sc_lock); 970 971 DPRINTF(("uhidev_close(%s, report %d = %s): state=%x refcnt=%d\n", 972 device_xname(sc->sc_dev), 973 scd->sc_report_id, 974 device_xname(scd->sc_dev), 975 scd->sc_state, 976 sc->sc_refcnt)); 977 978 KASSERTMSG(scd->sc_state & UHIDEV_OPEN, 979 "%s: report id %d: unpaired close", 980 device_xname(sc->sc_dev), scd->sc_report_id); 981 982 /* 983 * If the caller had issued uhidev_stop to interrupt a write 984 * for this report, then resume the pipe now that no further 985 * uhidev_write on the same report is possible, and wake anyone 986 * trying to write on other reports. 987 */ 988 if (sc->sc_stopreportid == scd->sc_report_id) { 989 KASSERT(scd->sc_state & UHIDEV_STOPPED); 990 mutex_exit(&sc->sc_lock); 991 992 usbd_resume_pipe(sc->sc_opipe); 993 994 mutex_enter(&sc->sc_lock); 995 KASSERT(sc->sc_stopreportid == scd->sc_report_id); 996 KASSERT(scd->sc_state & UHIDEV_STOPPED); 997 sc->sc_stopreportid = -1; 998 cv_broadcast(&sc->sc_cv); 999 } 1000 1001 /* 1002 * Close our reference to the pipes, and mark our report as no 1003 * longer open. If it was stopped, clear that too -- drivers 1004 * are forbidden from issuing writes after uhidev_close anyway. 1005 */ 1006 KASSERT(scd->sc_state & UHIDEV_OPEN); 1007 uhidev_close_pipes(sc); 1008 KASSERT(scd->sc_state & UHIDEV_OPEN); 1009 atomic_store_relaxed(&scd->sc_state, 1010 scd->sc_state & ~(UHIDEV_OPEN | UHIDEV_STOPPED)); 1011 1012 /* 1013 * Make sure the next uhidev_intr (which runs in softint, like 1014 * XC_HIGHPRI) notices that UHIDEV_OPEN is cleared, and wait 1015 * for any current one to finish, in case the pipe is still 1016 * open for other report ids. 1017 * 1018 * We must drop the lock while doing this, because 1019 * uhidev_write_callback takes the lock in softint context and 1020 * it could deadlock with the xcall softint. 1021 * 1022 * It is safe to drop the lock now before zeroing sc_intr and 1023 * sc_cookie because the driver is obligated not to reopen 1024 * until after uhidev_close returns. 1025 */ 1026 mutex_exit(&sc->sc_lock); 1027 xc_barrier(XC_HIGHPRI); 1028 mutex_enter(&sc->sc_lock); 1029 KASSERT((scd->sc_state & UHIDEV_OPEN) == 0); 1030 scd->sc_intr = NULL; 1031 scd->sc_cookie = NULL; 1032 1033 mutex_exit(&sc->sc_lock); 1034} 1035 1036usbd_status 1037uhidev_set_report(struct uhidev *scd, int type, void *data, int len) 1038{ 1039 char *buf; 1040 usbd_status retstat; 1041 1042 if (scd->sc_report_id == 0) 1043 return usbd_set_report(scd->sc_parent->sc_iface, type, 1044 scd->sc_report_id, data, len); 1045 1046 buf = kmem_alloc(len + 1, KM_SLEEP); 1047 buf[0] = scd->sc_report_id; 1048 memcpy(buf+1, data, len); 1049 1050 retstat = usbd_set_report(scd->sc_parent->sc_iface, type, 1051 scd->sc_report_id, buf, len + 1); 1052 1053 kmem_free(buf, len + 1); 1054 1055 return retstat; 1056} 1057 1058usbd_status 1059uhidev_get_report(struct uhidev *scd, int type, void *data, int len) 1060{ 1061 return usbd_get_report(scd->sc_parent->sc_iface, type, 1062 scd->sc_report_id, data, len); 1063} 1064 1065usbd_status 1066uhidev_write(struct uhidev *scd, void *data, int len) 1067{ 1068 struct uhidev_softc *sc = scd->sc_parent; 1069 usbd_status err; 1070 1071 DPRINTF(("uhidev_write: data=%p, len=%d\n", data, len)); 1072 1073 if (sc->sc_opipe == NULL) 1074 return USBD_INVAL; 1075 1076 mutex_enter(&sc->sc_lock); 1077 KASSERT(sc->sc_refcnt); 1078 KASSERT(scd->sc_state & UHIDEV_OPEN); 1079 for (;;) { 1080 if (scd->sc_state & UHIDEV_STOPPED) { 1081 err = USBD_CANCELLED; 1082 goto out; 1083 } 1084 if (sc->sc_writelock == NULL && sc->sc_stopreportid == -1) 1085 break; 1086 if (cv_wait_sig(&sc->sc_cv, &sc->sc_lock)) { 1087 err = USBD_INTERRUPTED; 1088 goto out; 1089 } 1090 } 1091 sc->sc_writelock = curlwp; 1092 sc->sc_writereportid = scd->sc_report_id; 1093 mutex_exit(&sc->sc_lock); 1094 1095#ifdef UHIDEV_DEBUG 1096 if (uhidevdebug > 50) { 1097 1098 uint32_t i; 1099 uint8_t *d = data; 1100 1101 DPRINTF(("uhidev_write: data =")); 1102 for (i = 0; i < len; i++) 1103 DPRINTF((" %02x", d[i])); 1104 DPRINTF(("\n")); 1105 } 1106#endif 1107 err = usbd_intr_transfer(sc->sc_oxfer, sc->sc_opipe, 0, 1108 USBD_NO_TIMEOUT, data, &len); 1109 1110 mutex_enter(&sc->sc_lock); 1111 KASSERT(sc->sc_refcnt); 1112 KASSERT(scd->sc_state & UHIDEV_OPEN); 1113 KASSERTMSG(sc->sc_writelock == curlwp, "%s: migrated from %p to %p", 1114 device_xname(sc->sc_dev), curlwp, sc->sc_writelock); 1115 KASSERTMSG(sc->sc_writereportid == scd->sc_report_id, 1116 "%s: changed write report ids from %d to %d", 1117 device_xname(sc->sc_dev), scd->sc_report_id, sc->sc_writereportid); 1118 sc->sc_writereportid = -1; 1119 sc->sc_writelock = NULL; 1120 cv_broadcast(&sc->sc_cv); 1121out: mutex_exit(&sc->sc_lock); 1122 return err; 1123} 1124 1125static void 1126uhidev_write_callback(struct usbd_xfer *xfer, void *cookie, usbd_status err) 1127{ 1128 struct uhidev_softc *sc = cookie; 1129 usbd_callback writecallback; 1130 void *writecookie; 1131 1132 if (err) { 1133 if (err != USBD_CANCELLED) 1134 usbd_clear_endpoint_stall_async(sc->sc_opipe); 1135 } 1136 1137 mutex_enter(&sc->sc_lock); 1138 KASSERT(sc->sc_writelock == (void *)1); 1139 writecallback = sc->sc_writecallback; 1140 writecookie = sc->sc_writecookie; 1141 sc->sc_writereportid = -1; 1142 sc->sc_writelock = NULL; 1143 sc->sc_writecallback = NULL; 1144 sc->sc_writecookie = NULL; 1145 cv_broadcast(&sc->sc_cv); 1146 mutex_exit(&sc->sc_lock); 1147 1148 (*writecallback)(xfer, writecookie, err); 1149} 1150 1151usbd_status 1152uhidev_write_async(struct uhidev *scd, void *data, int len, int flags, 1153 int timo, usbd_callback writecallback, void *writecookie) 1154{ 1155 struct uhidev_softc *sc = scd->sc_parent; 1156 usbd_status err; 1157 1158 DPRINTF(("%s: data=%p, len=%d\n", __func__, data, len)); 1159 1160 if (sc->sc_opipe == NULL) 1161 return USBD_INVAL; 1162 1163 mutex_enter(&sc->sc_lock); 1164 KASSERT(sc->sc_refcnt); 1165 KASSERT(scd->sc_state & UHIDEV_OPEN); 1166 if (scd->sc_state & UHIDEV_STOPPED) { 1167 err = USBD_CANCELLED; 1168 goto out; 1169 } 1170 if (sc->sc_writelock != NULL || sc->sc_stopreportid != -1) { 1171 err = USBD_IN_USE; 1172 goto out; 1173 } 1174 sc->sc_writelock = (void *)1; /* XXX no lwp to attribute async xfer */ 1175 sc->sc_writereportid = scd->sc_report_id; 1176 sc->sc_writecallback = writecallback; 1177 sc->sc_writecookie = writecookie; 1178 usbd_setup_xfer(sc->sc_oxfer, sc, data, len, flags, timo, 1179 uhidev_write_callback); 1180 err = usbd_transfer(sc->sc_oxfer); 1181 switch (err) { 1182 case USBD_IN_PROGRESS: 1183 break; 1184 case USBD_NORMAL_COMPLETION: 1185 panic("unexpected normal completion of async xfer under lock"); 1186 default: /* error */ 1187 sc->sc_writelock = NULL; 1188 sc->sc_writereportid = -1; 1189 sc->sc_writecallback = NULL; 1190 sc->sc_writecookie = NULL; 1191 cv_broadcast(&sc->sc_cv); 1192 } 1193out: mutex_exit(&sc->sc_lock); 1194 return err; 1195} 1196