1/* 2 * f_hid.c -- USB HID function driver 3 * 4 * Copyright (C) 2010 Fabien Chouteau <fabien.chouteau@barco.com> 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation; either version 2 of the License, or 9 * (at your option) any later version. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write to the Free Software 18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 19 */ 20 21#include <linux/kernel.h> 22#include <linux/utsname.h> 23#include <linux/module.h> 24#include <linux/hid.h> 25#include <linux/cdev.h> 26#include <linux/mutex.h> 27#include <linux/poll.h> 28#include <linux/smp_lock.h> 29#include <linux/uaccess.h> 30#include <linux/wait.h> 31#include <linux/usb/g_hid.h> 32 33static int major, minors; 34static struct class *hidg_class; 35 36/*-------------------------------------------------------------------------*/ 37/* HID gadget struct */ 38 39struct f_hidg { 40 /* configuration */ 41 unsigned char bInterfaceSubClass; 42 unsigned char bInterfaceProtocol; 43 unsigned short report_desc_length; 44 char *report_desc; 45 unsigned short report_length; 46 47 /* recv report */ 48 char *set_report_buff; 49 unsigned short set_report_length; 50 spinlock_t spinlock; 51 wait_queue_head_t read_queue; 52 53 /* send report */ 54 struct mutex lock; 55 bool write_pending; 56 wait_queue_head_t write_queue; 57 struct usb_request *req; 58 59 int minor; 60 struct cdev cdev; 61 struct usb_function func; 62 struct usb_ep *in_ep; 63 struct usb_endpoint_descriptor *fs_in_ep_desc; 64 struct usb_endpoint_descriptor *hs_in_ep_desc; 65}; 66 67static inline struct f_hidg *func_to_hidg(struct usb_function *f) 68{ 69 return container_of(f, struct f_hidg, func); 70} 71 72/*-------------------------------------------------------------------------*/ 73/* Static descriptors */ 74 75static struct usb_interface_descriptor hidg_interface_desc = { 76 .bLength = sizeof hidg_interface_desc, 77 .bDescriptorType = USB_DT_INTERFACE, 78 /* .bInterfaceNumber = DYNAMIC */ 79 .bAlternateSetting = 0, 80 .bNumEndpoints = 1, 81 .bInterfaceClass = USB_CLASS_HID, 82 /* .bInterfaceSubClass = DYNAMIC */ 83 /* .bInterfaceProtocol = DYNAMIC */ 84 /* .iInterface = DYNAMIC */ 85}; 86 87static struct hid_descriptor hidg_desc = { 88 .bLength = sizeof hidg_desc, 89 .bDescriptorType = HID_DT_HID, 90 .bcdHID = 0x0101, 91 .bCountryCode = 0x00, 92 .bNumDescriptors = 0x1, 93 /*.desc[0].bDescriptorType = DYNAMIC */ 94 /*.desc[0].wDescriptorLenght = DYNAMIC */ 95}; 96 97/* High-Speed Support */ 98 99static struct usb_endpoint_descriptor hidg_hs_in_ep_desc = { 100 .bLength = USB_DT_ENDPOINT_SIZE, 101 .bDescriptorType = USB_DT_ENDPOINT, 102 .bEndpointAddress = USB_DIR_IN, 103 .bmAttributes = USB_ENDPOINT_XFER_INT, 104 /*.wMaxPacketSize = DYNAMIC */ 105 .bInterval = 4, 106}; 107 108static struct usb_descriptor_header *hidg_hs_descriptors[] = { 109 (struct usb_descriptor_header *)&hidg_interface_desc, 110 (struct usb_descriptor_header *)&hidg_desc, 111 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc, 112 NULL, 113}; 114 115/* Full-Speed Support */ 116 117static struct usb_endpoint_descriptor hidg_fs_in_ep_desc = { 118 .bLength = USB_DT_ENDPOINT_SIZE, 119 .bDescriptorType = USB_DT_ENDPOINT, 120 .bEndpointAddress = USB_DIR_IN, 121 .bmAttributes = USB_ENDPOINT_XFER_INT, 122 /*.wMaxPacketSize = DYNAMIC */ 123 .bInterval = 10, 124}; 125 126static struct usb_descriptor_header *hidg_fs_descriptors[] = { 127 (struct usb_descriptor_header *)&hidg_interface_desc, 128 (struct usb_descriptor_header *)&hidg_desc, 129 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc, 130 NULL, 131}; 132 133/*-------------------------------------------------------------------------*/ 134/* Char Device */ 135 136static ssize_t f_hidg_read(struct file *file, char __user *buffer, 137 size_t count, loff_t *ptr) 138{ 139 struct f_hidg *hidg = file->private_data; 140 char *tmp_buff = NULL; 141 unsigned long flags; 142 143 if (!count) 144 return 0; 145 146 if (!access_ok(VERIFY_WRITE, buffer, count)) 147 return -EFAULT; 148 149 spin_lock_irqsave(&hidg->spinlock, flags); 150 151#define READ_COND (hidg->set_report_buff != NULL) 152 153 while (!READ_COND) { 154 spin_unlock_irqrestore(&hidg->spinlock, flags); 155 if (file->f_flags & O_NONBLOCK) 156 return -EAGAIN; 157 158 if (wait_event_interruptible(hidg->read_queue, READ_COND)) 159 return -ERESTARTSYS; 160 161 spin_lock_irqsave(&hidg->spinlock, flags); 162 } 163 164 165 count = min_t(unsigned, count, hidg->set_report_length); 166 tmp_buff = hidg->set_report_buff; 167 hidg->set_report_buff = NULL; 168 169 spin_unlock_irqrestore(&hidg->spinlock, flags); 170 171 if (tmp_buff != NULL) { 172 /* copy to user outside spinlock */ 173 count -= copy_to_user(buffer, tmp_buff, count); 174 kfree(tmp_buff); 175 } else 176 count = -ENOMEM; 177 178 return count; 179} 180 181static void f_hidg_req_complete(struct usb_ep *ep, struct usb_request *req) 182{ 183 struct f_hidg *hidg = (struct f_hidg *)ep->driver_data; 184 185 if (req->status != 0) { 186 ERROR(hidg->func.config->cdev, 187 "End Point Request ERROR: %d\n", req->status); 188 } 189 190 hidg->write_pending = 0; 191 wake_up(&hidg->write_queue); 192} 193 194static ssize_t f_hidg_write(struct file *file, const char __user *buffer, 195 size_t count, loff_t *offp) 196{ 197 struct f_hidg *hidg = file->private_data; 198 ssize_t status = -ENOMEM; 199 200 if (!access_ok(VERIFY_READ, buffer, count)) 201 return -EFAULT; 202 203 mutex_lock(&hidg->lock); 204 205#define WRITE_COND (!hidg->write_pending) 206 207 /* write queue */ 208 while (!WRITE_COND) { 209 mutex_unlock(&hidg->lock); 210 if (file->f_flags & O_NONBLOCK) 211 return -EAGAIN; 212 213 if (wait_event_interruptible_exclusive( 214 hidg->write_queue, WRITE_COND)) 215 return -ERESTARTSYS; 216 217 mutex_lock(&hidg->lock); 218 } 219 220 count = min_t(unsigned, count, hidg->report_length); 221 status = copy_from_user(hidg->req->buf, buffer, count); 222 223 if (status != 0) { 224 ERROR(hidg->func.config->cdev, 225 "copy_from_user error\n"); 226 mutex_unlock(&hidg->lock); 227 return -EINVAL; 228 } 229 230 hidg->req->status = 0; 231 hidg->req->zero = 0; 232 hidg->req->length = count; 233 hidg->req->complete = f_hidg_req_complete; 234 hidg->req->context = hidg; 235 hidg->write_pending = 1; 236 237 status = usb_ep_queue(hidg->in_ep, hidg->req, GFP_ATOMIC); 238 if (status < 0) { 239 ERROR(hidg->func.config->cdev, 240 "usb_ep_queue error on int endpoint %zd\n", status); 241 hidg->write_pending = 0; 242 wake_up(&hidg->write_queue); 243 } else { 244 status = count; 245 } 246 247 mutex_unlock(&hidg->lock); 248 249 return status; 250} 251 252static unsigned int f_hidg_poll(struct file *file, poll_table *wait) 253{ 254 struct f_hidg *hidg = file->private_data; 255 unsigned int ret = 0; 256 257 poll_wait(file, &hidg->read_queue, wait); 258 poll_wait(file, &hidg->write_queue, wait); 259 260 if (WRITE_COND) 261 ret |= POLLOUT | POLLWRNORM; 262 263 if (READ_COND) 264 ret |= POLLIN | POLLRDNORM; 265 266 return ret; 267} 268 269#undef WRITE_COND 270#undef READ_COND 271 272static int f_hidg_release(struct inode *inode, struct file *fd) 273{ 274 fd->private_data = NULL; 275 return 0; 276} 277 278static int f_hidg_open(struct inode *inode, struct file *fd) 279{ 280 struct f_hidg *hidg = 281 container_of(inode->i_cdev, struct f_hidg, cdev); 282 283 fd->private_data = hidg; 284 285 return 0; 286} 287 288/*-------------------------------------------------------------------------*/ 289/* usb_function */ 290 291static void hidg_set_report_complete(struct usb_ep *ep, struct usb_request *req) 292{ 293 struct f_hidg *hidg = (struct f_hidg *)req->context; 294 295 if (req->status != 0 || req->buf == NULL || req->actual == 0) { 296 ERROR(hidg->func.config->cdev, "%s FAILED\n", __func__); 297 return; 298 } 299 300 spin_lock(&hidg->spinlock); 301 302 hidg->set_report_buff = krealloc(hidg->set_report_buff, 303 req->actual, GFP_ATOMIC); 304 305 if (hidg->set_report_buff == NULL) { 306 spin_unlock(&hidg->spinlock); 307 return; 308 } 309 hidg->set_report_length = req->actual; 310 memcpy(hidg->set_report_buff, req->buf, req->actual); 311 312 spin_unlock(&hidg->spinlock); 313 314 wake_up(&hidg->read_queue); 315 316 return; 317} 318 319static int hidg_setup(struct usb_function *f, 320 const struct usb_ctrlrequest *ctrl) 321{ 322 struct f_hidg *hidg = func_to_hidg(f); 323 struct usb_composite_dev *cdev = f->config->cdev; 324 struct usb_request *req = cdev->req; 325 int status = 0; 326 __u16 value, length; 327 328 value = __le16_to_cpu(ctrl->wValue); 329 length = __le16_to_cpu(ctrl->wLength); 330 331 VDBG(cdev, "hid_setup crtl_request : bRequestType:0x%x bRequest:0x%x " 332 "Value:0x%x\n", ctrl->bRequestType, ctrl->bRequest, value); 333 334 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) { 335 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 336 | HID_REQ_GET_REPORT): 337 VDBG(cdev, "get_report\n"); 338 339 /* send an empty report */ 340 length = min_t(unsigned, length, hidg->report_length); 341 memset(req->buf, 0x0, length); 342 343 goto respond; 344 break; 345 346 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 347 | HID_REQ_GET_PROTOCOL): 348 VDBG(cdev, "get_protocol\n"); 349 goto stall; 350 break; 351 352 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 353 | HID_REQ_SET_REPORT): 354 VDBG(cdev, "set_report | wLenght=%d\n", ctrl->wLength); 355 req->context = hidg; 356 req->complete = hidg_set_report_complete; 357 goto respond; 358 break; 359 360 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8 361 | HID_REQ_SET_PROTOCOL): 362 VDBG(cdev, "set_protocol\n"); 363 goto stall; 364 break; 365 366 case ((USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_INTERFACE) << 8 367 | USB_REQ_GET_DESCRIPTOR): 368 switch (value >> 8) { 369 case HID_DT_REPORT: 370 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: REPORT\n"); 371 length = min_t(unsigned short, length, 372 hidg->report_desc_length); 373 memcpy(req->buf, hidg->report_desc, length); 374 goto respond; 375 break; 376 377 default: 378 VDBG(cdev, "Unknown decriptor request 0x%x\n", 379 value >> 8); 380 goto stall; 381 break; 382 } 383 break; 384 385 default: 386 VDBG(cdev, "Unknown request 0x%x\n", 387 ctrl->bRequest); 388 goto stall; 389 break; 390 } 391 392stall: 393 return -EOPNOTSUPP; 394 395respond: 396 req->zero = 0; 397 req->length = length; 398 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC); 399 if (status < 0) 400 ERROR(cdev, "usb_ep_queue error on ep0 %d\n", value); 401 return status; 402} 403 404static void hidg_disable(struct usb_function *f) 405{ 406 struct f_hidg *hidg = func_to_hidg(f); 407 408 usb_ep_disable(hidg->in_ep); 409 hidg->in_ep->driver_data = NULL; 410 411 return; 412} 413 414static int hidg_set_alt(struct usb_function *f, unsigned intf, unsigned alt) 415{ 416 struct usb_composite_dev *cdev = f->config->cdev; 417 struct f_hidg *hidg = func_to_hidg(f); 418 const struct usb_endpoint_descriptor *ep_desc; 419 int status = 0; 420 421 VDBG(cdev, "hidg_set_alt intf:%d alt:%d\n", intf, alt); 422 423 if (hidg->in_ep != NULL) { 424 /* restart endpoint */ 425 if (hidg->in_ep->driver_data != NULL) 426 usb_ep_disable(hidg->in_ep); 427 428 ep_desc = ep_choose(f->config->cdev->gadget, 429 hidg->hs_in_ep_desc, hidg->fs_in_ep_desc); 430 status = usb_ep_enable(hidg->in_ep, ep_desc); 431 if (status < 0) { 432 ERROR(cdev, "Enable endpoint FAILED!\n"); 433 goto fail; 434 } 435 hidg->in_ep->driver_data = hidg; 436 } 437fail: 438 return status; 439} 440 441const struct file_operations f_hidg_fops = { 442 .owner = THIS_MODULE, 443 .open = f_hidg_open, 444 .release = f_hidg_release, 445 .write = f_hidg_write, 446 .read = f_hidg_read, 447 .poll = f_hidg_poll, 448}; 449 450static int __init hidg_bind(struct usb_configuration *c, struct usb_function *f) 451{ 452 struct usb_ep *ep; 453 struct f_hidg *hidg = func_to_hidg(f); 454 int status; 455 dev_t dev; 456 457 /* allocate instance-specific interface IDs, and patch descriptors */ 458 status = usb_interface_id(c, f); 459 if (status < 0) 460 goto fail; 461 hidg_interface_desc.bInterfaceNumber = status; 462 463 464 /* allocate instance-specific endpoints */ 465 status = -ENODEV; 466 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_in_ep_desc); 467 if (!ep) 468 goto fail; 469 ep->driver_data = c->cdev; /* claim */ 470 hidg->in_ep = ep; 471 472 /* preallocate request and buffer */ 473 status = -ENOMEM; 474 hidg->req = usb_ep_alloc_request(hidg->in_ep, GFP_KERNEL); 475 if (!hidg->req) 476 goto fail; 477 478 479 hidg->req->buf = kmalloc(hidg->report_length, GFP_KERNEL); 480 if (!hidg->req->buf) 481 goto fail; 482 483 /* set descriptor dynamic values */ 484 hidg_interface_desc.bInterfaceSubClass = hidg->bInterfaceSubClass; 485 hidg_interface_desc.bInterfaceProtocol = hidg->bInterfaceProtocol; 486 hidg_hs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 487 hidg_fs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length); 488 hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT; 489 hidg_desc.desc[0].wDescriptorLength = 490 cpu_to_le16(hidg->report_desc_length); 491 492 hidg->set_report_buff = NULL; 493 494 /* copy descriptors */ 495 f->descriptors = usb_copy_descriptors(hidg_fs_descriptors); 496 if (!f->descriptors) 497 goto fail; 498 499 hidg->fs_in_ep_desc = usb_find_endpoint(hidg_fs_descriptors, 500 f->descriptors, 501 &hidg_fs_in_ep_desc); 502 503 if (gadget_is_dualspeed(c->cdev->gadget)) { 504 hidg_hs_in_ep_desc.bEndpointAddress = 505 hidg_fs_in_ep_desc.bEndpointAddress; 506 f->hs_descriptors = usb_copy_descriptors(hidg_hs_descriptors); 507 if (!f->hs_descriptors) 508 goto fail; 509 hidg->hs_in_ep_desc = usb_find_endpoint(hidg_hs_descriptors, 510 f->hs_descriptors, 511 &hidg_hs_in_ep_desc); 512 } else { 513 hidg->hs_in_ep_desc = NULL; 514 } 515 516 mutex_init(&hidg->lock); 517 spin_lock_init(&hidg->spinlock); 518 init_waitqueue_head(&hidg->write_queue); 519 init_waitqueue_head(&hidg->read_queue); 520 521 /* create char device */ 522 cdev_init(&hidg->cdev, &f_hidg_fops); 523 dev = MKDEV(major, hidg->minor); 524 status = cdev_add(&hidg->cdev, dev, 1); 525 if (status) 526 goto fail; 527 528 device_create(hidg_class, NULL, dev, NULL, "%s%d", "hidg", hidg->minor); 529 530 return 0; 531 532fail: 533 ERROR(f->config->cdev, "hidg_bind FAILED\n"); 534 if (hidg->req != NULL) { 535 kfree(hidg->req->buf); 536 if (hidg->in_ep != NULL) 537 usb_ep_free_request(hidg->in_ep, hidg->req); 538 } 539 540 usb_free_descriptors(f->hs_descriptors); 541 usb_free_descriptors(f->descriptors); 542 543 return status; 544} 545 546static void hidg_unbind(struct usb_configuration *c, struct usb_function *f) 547{ 548 struct f_hidg *hidg = func_to_hidg(f); 549 550 device_destroy(hidg_class, MKDEV(major, hidg->minor)); 551 cdev_del(&hidg->cdev); 552 553 /* disable/free request and end point */ 554 usb_ep_disable(hidg->in_ep); 555 usb_ep_dequeue(hidg->in_ep, hidg->req); 556 kfree(hidg->req->buf); 557 usb_ep_free_request(hidg->in_ep, hidg->req); 558 559 /* free descriptors copies */ 560 usb_free_descriptors(f->hs_descriptors); 561 usb_free_descriptors(f->descriptors); 562 563 kfree(hidg->report_desc); 564 kfree(hidg->set_report_buff); 565 kfree(hidg); 566} 567 568/*-------------------------------------------------------------------------*/ 569/* Strings */ 570 571#define CT_FUNC_HID_IDX 0 572 573static struct usb_string ct_func_string_defs[] = { 574 [CT_FUNC_HID_IDX].s = "HID Interface", 575 {}, /* end of list */ 576}; 577 578static struct usb_gadget_strings ct_func_string_table = { 579 .language = 0x0409, /* en-US */ 580 .strings = ct_func_string_defs, 581}; 582 583static struct usb_gadget_strings *ct_func_strings[] = { 584 &ct_func_string_table, 585 NULL, 586}; 587 588/*-------------------------------------------------------------------------*/ 589/* usb_configuration */ 590 591int __init hidg_bind_config(struct usb_configuration *c, 592 struct hidg_func_descriptor *fdesc, int index) 593{ 594 struct f_hidg *hidg; 595 int status; 596 597 if (index >= minors) 598 return -ENOENT; 599 600 /* maybe allocate device-global string IDs, and patch descriptors */ 601 if (ct_func_string_defs[CT_FUNC_HID_IDX].id == 0) { 602 status = usb_string_id(c->cdev); 603 if (status < 0) 604 return status; 605 ct_func_string_defs[CT_FUNC_HID_IDX].id = status; 606 hidg_interface_desc.iInterface = status; 607 } 608 609 /* allocate and initialize one new instance */ 610 hidg = kzalloc(sizeof *hidg, GFP_KERNEL); 611 if (!hidg) 612 return -ENOMEM; 613 614 hidg->minor = index; 615 hidg->bInterfaceSubClass = fdesc->subclass; 616 hidg->bInterfaceProtocol = fdesc->protocol; 617 hidg->report_length = fdesc->report_length; 618 hidg->report_desc_length = fdesc->report_desc_length; 619 hidg->report_desc = kmemdup(fdesc->report_desc, 620 fdesc->report_desc_length, 621 GFP_KERNEL); 622 if (!hidg->report_desc) { 623 kfree(hidg); 624 return -ENOMEM; 625 } 626 627 hidg->func.name = "hid"; 628 hidg->func.strings = ct_func_strings; 629 hidg->func.bind = hidg_bind; 630 hidg->func.unbind = hidg_unbind; 631 hidg->func.set_alt = hidg_set_alt; 632 hidg->func.disable = hidg_disable; 633 hidg->func.setup = hidg_setup; 634 635 status = usb_add_function(c, &hidg->func); 636 if (status) 637 kfree(hidg); 638 639 return status; 640} 641 642int __init ghid_setup(struct usb_gadget *g, int count) 643{ 644 int status; 645 dev_t dev; 646 647 hidg_class = class_create(THIS_MODULE, "hidg"); 648 649 status = alloc_chrdev_region(&dev, 0, count, "hidg"); 650 if (!status) { 651 major = MAJOR(dev); 652 minors = count; 653 } 654 655 return status; 656} 657 658void ghid_cleanup(void) 659{ 660 if (major) { 661 unregister_chrdev_region(MKDEV(major, 0), minors); 662 major = minors = 0; 663 } 664 665 class_destroy(hidg_class); 666 hidg_class = NULL; 667} 668