1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Gadget Function Driver for Android USB accessories
4 *
5 * Copyright (C) 2011 Google, Inc.
6 * Author: Mike Lockwood <lockwood@android.com>
7 *
8 * This software is licensed under the terms of the GNU General Public
9 * License version 2, as published by the Free Software Foundation, and
10 * may be copied, distributed, and modified under those terms.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 */
18
19 /* #define DEBUG */
20 /* #define VERBOSE_DEBUG */
21
22 #include <linux/module.h>
23 #include <linux/init.h>
24 #include <linux/poll.h>
25 #include <linux/delay.h>
26 #include <linux/wait.h>
27 #include <linux/err.h>
28 #include <linux/interrupt.h>
29 #include <linux/kthread.h>
30 #include <linux/freezer.h>
31 #include <linux/kref.h>
32
33 #include <linux/types.h>
34 #include <linux/file.h>
35 #include <linux/device.h>
36 #include <linux/miscdevice.h>
37
38 #include <linux/hid.h>
39 #include <linux/hiddev.h>
40 #include <linux/usb.h>
41 #include <linux/usb/ch9.h>
42 #include <linux/usb/f_accessory.h>
43
44 #include <linux/configfs.h>
45 #include <linux/usb/composite.h>
46
47 #define MAX_INST_NAME_LEN 40
48 #define BULK_BUFFER_SIZE 16384
49 #define ACC_STRING_SIZE 256
50
51 #define PROTOCOL_VERSION 2
52
53 /* String IDs */
54 #define INTERFACE_STRING_INDEX 0
55
56 /* number of tx and rx requests to allocate */
57 #define TX_REQ_MAX 4
58 #define RX_REQ_MAX 2
59
60 struct acc_hid_dev {
61 struct list_head list;
62 struct hid_device *hid;
63 struct acc_dev *dev;
64 /* accessory defined ID */
65 int id;
66 /* HID report descriptor */
67 u8 *report_desc;
68 /* length of HID report descriptor */
69 int report_desc_len;
70 /* number of bytes of report_desc we have received so far */
71 int report_desc_offset;
72 };
73
74 struct acc_dev {
75 struct usb_function function;
76 struct usb_composite_dev *cdev;
77 spinlock_t lock;
78 struct acc_dev_ref *ref;
79
80 struct usb_ep *ep_in;
81 struct usb_ep *ep_out;
82
83 /* online indicates state of function_set_alt & function_unbind
84 * set to 1 when we connect
85 */
86 int online;
87
88 /* disconnected indicates state of open & release
89 * Set to 1 when we disconnect.
90 * Not cleared until our file is closed.
91 */
92 int disconnected;
93
94 /* strings sent by the host */
95 char manufacturer[ACC_STRING_SIZE];
96 char model[ACC_STRING_SIZE];
97 char description[ACC_STRING_SIZE];
98 char version[ACC_STRING_SIZE];
99 char uri[ACC_STRING_SIZE];
100 char serial[ACC_STRING_SIZE];
101
102 /* for acc_complete_set_string */
103 int string_index;
104
105 /* set to 1 if we have a pending start request */
106 int start_requested;
107
108 int audio_mode;
109
110 /* synchronize access to our device file */
111 atomic_t open_excl;
112
113 struct list_head tx_idle;
114
115 wait_queue_head_t read_wq;
116 wait_queue_head_t write_wq;
117 struct usb_request *rx_req[RX_REQ_MAX];
118 int rx_done;
119
120 /* delayed work for handling ACCESSORY_START */
121 struct delayed_work start_work;
122
123 /* work for handling ACCESSORY GET PROTOCOL */
124 struct work_struct getprotocol_work;
125
126 /* work for handling ACCESSORY SEND STRING */
127 struct work_struct sendstring_work;
128
129 /* worker for registering and unregistering hid devices */
130 struct work_struct hid_work;
131
132 /* list of active HID devices */
133 struct list_head hid_list;
134
135 /* list of new HID devices to register */
136 struct list_head new_hid_list;
137
138 /* list of dead HID devices to unregister */
139 struct list_head dead_hid_list;
140 };
141
142 static struct usb_interface_descriptor acc_interface_desc = {
143 .bLength = USB_DT_INTERFACE_SIZE,
144 .bDescriptorType = USB_DT_INTERFACE,
145 .bInterfaceNumber = 0,
146 .bNumEndpoints = 2,
147 .bInterfaceClass = USB_CLASS_VENDOR_SPEC,
148 .bInterfaceSubClass = USB_SUBCLASS_VENDOR_SPEC,
149 .bInterfaceProtocol = 0,
150 };
151
152 static struct usb_endpoint_descriptor acc_superspeedplus_in_desc = {
153 .bLength = USB_DT_ENDPOINT_SIZE,
154 .bDescriptorType = USB_DT_ENDPOINT,
155 .bEndpointAddress = USB_DIR_IN,
156 .bmAttributes = USB_ENDPOINT_XFER_BULK,
157 .wMaxPacketSize = cpu_to_le16(1024),
158 };
159
160 static struct usb_endpoint_descriptor acc_superspeedplus_out_desc = {
161 .bLength = USB_DT_ENDPOINT_SIZE,
162 .bDescriptorType = USB_DT_ENDPOINT,
163 .bEndpointAddress = USB_DIR_OUT,
164 .bmAttributes = USB_ENDPOINT_XFER_BULK,
165 .wMaxPacketSize = cpu_to_le16(1024),
166 };
167
168 static struct usb_ss_ep_comp_descriptor acc_superspeedplus_comp_desc = {
169 .bLength = sizeof(acc_superspeedplus_comp_desc),
170 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
171
172 /* the following 2 values can be tweaked if necessary */
173 /* .bMaxBurst = 0, */
174 /* .bmAttributes = 0, */
175 };
176
177 static struct usb_endpoint_descriptor acc_superspeed_in_desc = {
178 .bLength = USB_DT_ENDPOINT_SIZE,
179 .bDescriptorType = USB_DT_ENDPOINT,
180 .bEndpointAddress = USB_DIR_IN,
181 .bmAttributes = USB_ENDPOINT_XFER_BULK,
182 .wMaxPacketSize = cpu_to_le16(1024),
183 };
184
185 static struct usb_endpoint_descriptor acc_superspeed_out_desc = {
186 .bLength = USB_DT_ENDPOINT_SIZE,
187 .bDescriptorType = USB_DT_ENDPOINT,
188 .bEndpointAddress = USB_DIR_OUT,
189 .bmAttributes = USB_ENDPOINT_XFER_BULK,
190 .wMaxPacketSize = cpu_to_le16(1024),
191 };
192
193 static struct usb_ss_ep_comp_descriptor acc_superspeed_comp_desc = {
194 .bLength = sizeof(acc_superspeed_comp_desc),
195 .bDescriptorType = USB_DT_SS_ENDPOINT_COMP,
196
197 /* the following 2 values can be tweaked if necessary */
198 /* .bMaxBurst = 0, */
199 /* .bmAttributes = 0, */
200 };
201
202 static struct usb_endpoint_descriptor acc_highspeed_in_desc = {
203 .bLength = USB_DT_ENDPOINT_SIZE,
204 .bDescriptorType = USB_DT_ENDPOINT,
205 .bEndpointAddress = USB_DIR_IN,
206 .bmAttributes = USB_ENDPOINT_XFER_BULK,
207 .wMaxPacketSize = cpu_to_le16(512),
208 };
209
210 static struct usb_endpoint_descriptor acc_highspeed_out_desc = {
211 .bLength = USB_DT_ENDPOINT_SIZE,
212 .bDescriptorType = USB_DT_ENDPOINT,
213 .bEndpointAddress = USB_DIR_OUT,
214 .bmAttributes = USB_ENDPOINT_XFER_BULK,
215 .wMaxPacketSize = cpu_to_le16(512),
216 };
217
218 static struct usb_endpoint_descriptor acc_fullspeed_in_desc = {
219 .bLength = USB_DT_ENDPOINT_SIZE,
220 .bDescriptorType = USB_DT_ENDPOINT,
221 .bEndpointAddress = USB_DIR_IN,
222 .bmAttributes = USB_ENDPOINT_XFER_BULK,
223 };
224
225 static struct usb_endpoint_descriptor acc_fullspeed_out_desc = {
226 .bLength = USB_DT_ENDPOINT_SIZE,
227 .bDescriptorType = USB_DT_ENDPOINT,
228 .bEndpointAddress = USB_DIR_OUT,
229 .bmAttributes = USB_ENDPOINT_XFER_BULK,
230 };
231
232 static struct usb_descriptor_header *fs_acc_descs[] = {
233 (struct usb_descriptor_header *) &acc_interface_desc,
234 (struct usb_descriptor_header *) &acc_fullspeed_in_desc,
235 (struct usb_descriptor_header *) &acc_fullspeed_out_desc,
236 NULL,
237 };
238
239 static struct usb_descriptor_header *hs_acc_descs[] = {
240 (struct usb_descriptor_header *) &acc_interface_desc,
241 (struct usb_descriptor_header *) &acc_highspeed_in_desc,
242 (struct usb_descriptor_header *) &acc_highspeed_out_desc,
243 NULL,
244 };
245
246 static struct usb_descriptor_header *ss_acc_descs[] = {
247 (struct usb_descriptor_header *) &acc_interface_desc,
248 (struct usb_descriptor_header *) &acc_superspeed_in_desc,
249 (struct usb_descriptor_header *) &acc_superspeed_comp_desc,
250 (struct usb_descriptor_header *) &acc_superspeed_out_desc,
251 (struct usb_descriptor_header *) &acc_superspeed_comp_desc,
252 NULL,
253 };
254
255 static struct usb_descriptor_header *ssp_acc_descs[] = {
256 (struct usb_descriptor_header *) &acc_interface_desc,
257 (struct usb_descriptor_header *) &acc_superspeedplus_in_desc,
258 (struct usb_descriptor_header *) &acc_superspeedplus_comp_desc,
259 (struct usb_descriptor_header *) &acc_superspeedplus_out_desc,
260 (struct usb_descriptor_header *) &acc_superspeedplus_comp_desc,
261 NULL,
262 };
263
264 static struct usb_string acc_string_defs[] = {
265 [INTERFACE_STRING_INDEX].s = "Android Accessory Interface",
266 { }, /* end of list */
267 };
268
269 static struct usb_gadget_strings acc_string_table = {
270 .language = 0x0409, /* en-US */
271 .strings = acc_string_defs,
272 };
273
274 static struct usb_gadget_strings *acc_strings[] = {
275 &acc_string_table,
276 NULL,
277 };
278
279 struct acc_dev_ref {
280 struct kref kref;
281 struct acc_dev *acc_dev;
282 };
283
284 static struct acc_dev_ref _acc_dev_ref = {
285 .kref = KREF_INIT(0),
286 };
287
288 struct acc_instance {
289 struct usb_function_instance func_inst;
290 const char *name;
291 };
292
get_acc_dev(void)293 static struct acc_dev *get_acc_dev(void)
294 {
295 struct acc_dev_ref *ref = &_acc_dev_ref;
296
297 return kref_get_unless_zero(&ref->kref) ? ref->acc_dev : NULL;
298 }
299
__put_acc_dev(struct kref * kref)300 static void __put_acc_dev(struct kref *kref)
301 {
302 struct acc_dev_ref *ref = container_of(kref, struct acc_dev_ref, kref);
303 struct acc_dev *dev = ref->acc_dev;
304
305 /* Cancel any async work */
306 cancel_delayed_work_sync(&dev->start_work);
307 cancel_work_sync(&dev->getprotocol_work);
308 cancel_work_sync(&dev->sendstring_work);
309 cancel_work_sync(&dev->hid_work);
310
311 ref->acc_dev = NULL;
312 kfree(dev);
313 }
314
put_acc_dev(struct acc_dev * dev)315 static void put_acc_dev(struct acc_dev *dev)
316 {
317 struct acc_dev_ref *ref = dev->ref;
318
319 WARN_ON(ref->acc_dev != dev);
320 kref_put(&ref->kref, __put_acc_dev);
321 }
322
func_to_dev(struct usb_function * f)323 static inline struct acc_dev *func_to_dev(struct usb_function *f)
324 {
325 return container_of(f, struct acc_dev, function);
326 }
327
acc_request_new(struct usb_ep * ep,int buffer_size)328 static struct usb_request *acc_request_new(struct usb_ep *ep, int buffer_size)
329 {
330 struct usb_request *req = usb_ep_alloc_request(ep, GFP_KERNEL);
331
332 if (!req)
333 return NULL;
334
335 /* now allocate buffers for the requests */
336 req->buf = kmalloc(buffer_size, GFP_KERNEL);
337 if (!req->buf) {
338 usb_ep_free_request(ep, req);
339 return NULL;
340 }
341
342 return req;
343 }
344
acc_request_free(struct usb_request * req,struct usb_ep * ep)345 static void acc_request_free(struct usb_request *req, struct usb_ep *ep)
346 {
347 if (req) {
348 kfree(req->buf);
349 usb_ep_free_request(ep, req);
350 }
351 }
352
353 /* add a request to the tail of a list */
req_put(struct acc_dev * dev,struct list_head * head,struct usb_request * req)354 static void req_put(struct acc_dev *dev, struct list_head *head,
355 struct usb_request *req)
356 {
357 unsigned long flags;
358
359 spin_lock_irqsave(&dev->lock, flags);
360 list_add_tail(&req->list, head);
361 spin_unlock_irqrestore(&dev->lock, flags);
362 }
363
364 /* remove a request from the head of a list */
req_get(struct acc_dev * dev,struct list_head * head)365 static struct usb_request *req_get(struct acc_dev *dev, struct list_head *head)
366 {
367 unsigned long flags;
368 struct usb_request *req;
369
370 spin_lock_irqsave(&dev->lock, flags);
371 if (list_empty(head)) {
372 req = 0;
373 } else {
374 req = list_first_entry(head, struct usb_request, list);
375 list_del(&req->list);
376 }
377 spin_unlock_irqrestore(&dev->lock, flags);
378 return req;
379 }
380
acc_set_disconnected(struct acc_dev * dev)381 static void acc_set_disconnected(struct acc_dev *dev)
382 {
383 dev->disconnected = 1;
384 }
385
acc_complete_in(struct usb_ep * ep,struct usb_request * req)386 static void acc_complete_in(struct usb_ep *ep, struct usb_request *req)
387 {
388 struct acc_dev *dev = get_acc_dev();
389
390 if (!dev)
391 return;
392
393 if (req->status == -ESHUTDOWN) {
394 pr_debug("acc_complete_in set disconnected");
395 acc_set_disconnected(dev);
396 }
397
398 req_put(dev, &dev->tx_idle, req);
399
400 wake_up(&dev->write_wq);
401 put_acc_dev(dev);
402 }
403
acc_complete_out(struct usb_ep * ep,struct usb_request * req)404 static void acc_complete_out(struct usb_ep *ep, struct usb_request *req)
405 {
406 struct acc_dev *dev = get_acc_dev();
407
408 if (!dev)
409 return;
410
411 dev->rx_done = 1;
412 if (req->status == -ESHUTDOWN) {
413 pr_debug("acc_complete_out set disconnected");
414 acc_set_disconnected(dev);
415 }
416
417 wake_up(&dev->read_wq);
418 put_acc_dev(dev);
419 }
420
acc_complete_set_string(struct usb_ep * ep,struct usb_request * req)421 static void acc_complete_set_string(struct usb_ep *ep, struct usb_request *req)
422 {
423 struct acc_dev *dev = ep->driver_data;
424 char *string_dest = NULL;
425 int length = req->actual;
426
427 if (req->status != 0) {
428 pr_err("acc_complete_set_string, err %d\n", req->status);
429 return;
430 }
431
432 switch (dev->string_index) {
433 case ACCESSORY_STRING_MANUFACTURER:
434 string_dest = dev->manufacturer;
435 break;
436 case ACCESSORY_STRING_MODEL:
437 string_dest = dev->model;
438 break;
439 case ACCESSORY_STRING_DESCRIPTION:
440 string_dest = dev->description;
441 break;
442 case ACCESSORY_STRING_VERSION:
443 string_dest = dev->version;
444 break;
445 case ACCESSORY_STRING_URI:
446 string_dest = dev->uri;
447 break;
448 case ACCESSORY_STRING_SERIAL:
449 string_dest = dev->serial;
450 break;
451 }
452 if (string_dest) {
453 unsigned long flags;
454
455 if (length >= ACC_STRING_SIZE)
456 length = ACC_STRING_SIZE - 1;
457
458 spin_lock_irqsave(&dev->lock, flags);
459 memcpy(string_dest, req->buf, length);
460 /* ensure zero termination */
461 string_dest[length] = 0;
462 spin_unlock_irqrestore(&dev->lock, flags);
463 } else {
464 pr_err("unknown accessory string index %d\n",
465 dev->string_index);
466 }
467 }
468
acc_complete_set_hid_report_desc(struct usb_ep * ep,struct usb_request * req)469 static void acc_complete_set_hid_report_desc(struct usb_ep *ep,
470 struct usb_request *req)
471 {
472 struct acc_hid_dev *hid = req->context;
473 struct acc_dev *dev = hid->dev;
474 int length = req->actual;
475
476 if (req->status != 0) {
477 pr_err("acc_complete_set_hid_report_desc, err %d\n",
478 req->status);
479 return;
480 }
481
482 memcpy(hid->report_desc + hid->report_desc_offset, req->buf, length);
483 hid->report_desc_offset += length;
484 if (hid->report_desc_offset == hid->report_desc_len) {
485 /* After we have received the entire report descriptor
486 * we schedule work to initialize the HID device
487 */
488 schedule_work(&dev->hid_work);
489 }
490 }
491
acc_complete_send_hid_event(struct usb_ep * ep,struct usb_request * req)492 static void acc_complete_send_hid_event(struct usb_ep *ep,
493 struct usb_request *req)
494 {
495 struct acc_hid_dev *hid = req->context;
496 int length = req->actual;
497
498 if (req->status != 0) {
499 pr_err("acc_complete_send_hid_event, err %d\n", req->status);
500 return;
501 }
502
503 hid_report_raw_event(hid->hid, HID_INPUT_REPORT, req->buf, length, 1);
504 }
505
acc_hid_parse(struct hid_device * hid)506 static int acc_hid_parse(struct hid_device *hid)
507 {
508 struct acc_hid_dev *hdev = hid->driver_data;
509
510 hid_parse_report(hid, hdev->report_desc, hdev->report_desc_len);
511 return 0;
512 }
513
acc_hid_start(struct hid_device * hid)514 static int acc_hid_start(struct hid_device *hid)
515 {
516 return 0;
517 }
518
acc_hid_stop(struct hid_device * hid)519 static void acc_hid_stop(struct hid_device *hid)
520 {
521 }
522
acc_hid_open(struct hid_device * hid)523 static int acc_hid_open(struct hid_device *hid)
524 {
525 return 0;
526 }
527
acc_hid_close(struct hid_device * hid)528 static void acc_hid_close(struct hid_device *hid)
529 {
530 }
531
acc_hid_raw_request(struct hid_device * hid,unsigned char reportnum,__u8 * buf,size_t len,unsigned char rtype,int reqtype)532 static int acc_hid_raw_request(struct hid_device *hid, unsigned char reportnum,
533 __u8 *buf, size_t len, unsigned char rtype, int reqtype)
534 {
535 return 0;
536 }
537
538 static struct hid_ll_driver acc_hid_ll_driver = {
539 .parse = acc_hid_parse,
540 .start = acc_hid_start,
541 .stop = acc_hid_stop,
542 .open = acc_hid_open,
543 .close = acc_hid_close,
544 .raw_request = acc_hid_raw_request,
545 };
546
acc_hid_new(struct acc_dev * dev,int id,int desc_len)547 static struct acc_hid_dev *acc_hid_new(struct acc_dev *dev,
548 int id, int desc_len)
549 {
550 struct acc_hid_dev *hdev;
551
552 hdev = kzalloc(sizeof(*hdev), GFP_ATOMIC);
553 if (!hdev)
554 return NULL;
555 hdev->report_desc = kzalloc(desc_len, GFP_ATOMIC);
556 if (!hdev->report_desc) {
557 kfree(hdev);
558 return NULL;
559 }
560 hdev->dev = dev;
561 hdev->id = id;
562 hdev->report_desc_len = desc_len;
563
564 return hdev;
565 }
566
acc_hid_get(struct list_head * list,int id)567 static struct acc_hid_dev *acc_hid_get(struct list_head *list, int id)
568 {
569 struct acc_hid_dev *hid;
570
571 list_for_each_entry(hid, list, list) {
572 if (hid->id == id)
573 return hid;
574 }
575 return NULL;
576 }
577
acc_register_hid(struct acc_dev * dev,int id,int desc_length)578 static int acc_register_hid(struct acc_dev *dev, int id, int desc_length)
579 {
580 struct acc_hid_dev *hid;
581 unsigned long flags;
582
583 /* report descriptor length must be > 0 */
584 if (desc_length <= 0)
585 return -EINVAL;
586
587 spin_lock_irqsave(&dev->lock, flags);
588 /* replace HID if one already exists with this ID */
589 hid = acc_hid_get(&dev->hid_list, id);
590 if (!hid)
591 hid = acc_hid_get(&dev->new_hid_list, id);
592 if (hid)
593 list_move(&hid->list, &dev->dead_hid_list);
594
595 hid = acc_hid_new(dev, id, desc_length);
596 if (!hid) {
597 spin_unlock_irqrestore(&dev->lock, flags);
598 return -ENOMEM;
599 }
600
601 list_add(&hid->list, &dev->new_hid_list);
602 spin_unlock_irqrestore(&dev->lock, flags);
603
604 /* schedule work to register the HID device */
605 schedule_work(&dev->hid_work);
606 return 0;
607 }
608
acc_unregister_hid(struct acc_dev * dev,int id)609 static int acc_unregister_hid(struct acc_dev *dev, int id)
610 {
611 struct acc_hid_dev *hid;
612 unsigned long flags;
613
614 spin_lock_irqsave(&dev->lock, flags);
615 hid = acc_hid_get(&dev->hid_list, id);
616 if (!hid)
617 hid = acc_hid_get(&dev->new_hid_list, id);
618 if (!hid) {
619 spin_unlock_irqrestore(&dev->lock, flags);
620 return -EINVAL;
621 }
622
623 list_move(&hid->list, &dev->dead_hid_list);
624 spin_unlock_irqrestore(&dev->lock, flags);
625
626 schedule_work(&dev->hid_work);
627 return 0;
628 }
629
create_bulk_endpoints(struct acc_dev * dev,struct usb_endpoint_descriptor * in_desc,struct usb_endpoint_descriptor * out_desc)630 static int create_bulk_endpoints(struct acc_dev *dev,
631 struct usb_endpoint_descriptor *in_desc,
632 struct usb_endpoint_descriptor *out_desc)
633 {
634 struct usb_composite_dev *cdev = dev->cdev;
635 struct usb_request *req;
636 struct usb_ep *ep;
637 int i;
638
639 DBG(cdev, "create_bulk_endpoints dev: %p\n", dev);
640
641 ep = usb_ep_autoconfig(cdev->gadget, in_desc);
642 if (!ep) {
643 DBG(cdev, "usb_ep_autoconfig for ep_in failed\n");
644 return -ENODEV;
645 }
646 DBG(cdev, "usb_ep_autoconfig for ep_in got %s\n", ep->name);
647 ep->driver_data = dev; /* claim the endpoint */
648 dev->ep_in = ep;
649
650 ep = usb_ep_autoconfig(cdev->gadget, out_desc);
651 if (!ep) {
652 DBG(cdev, "usb_ep_autoconfig for ep_out failed\n");
653 return -ENODEV;
654 }
655 DBG(cdev, "usb_ep_autoconfig for ep_out got %s\n", ep->name);
656 ep->driver_data = dev; /* claim the endpoint */
657 dev->ep_out = ep;
658
659 /* now allocate requests for our endpoints */
660 for (i = 0; i < TX_REQ_MAX; i++) {
661 req = acc_request_new(dev->ep_in, BULK_BUFFER_SIZE);
662 if (!req)
663 goto fail;
664 req->complete = acc_complete_in;
665 req_put(dev, &dev->tx_idle, req);
666 }
667 for (i = 0; i < RX_REQ_MAX; i++) {
668 req = acc_request_new(dev->ep_out, BULK_BUFFER_SIZE);
669 if (!req)
670 goto fail;
671 req->complete = acc_complete_out;
672 dev->rx_req[i] = req;
673 }
674
675 return 0;
676
677 fail:
678 pr_err("acc_bind() could not allocate requests\n");
679 while ((req = req_get(dev, &dev->tx_idle)))
680 acc_request_free(req, dev->ep_in);
681 for (i = 0; i < RX_REQ_MAX; i++) {
682 acc_request_free(dev->rx_req[i], dev->ep_out);
683 dev->rx_req[i] = NULL;
684 }
685
686 return -1;
687 }
688
acc_read(struct file * fp,char __user * buf,size_t count,loff_t * pos)689 static ssize_t acc_read(struct file *fp, char __user *buf,
690 size_t count, loff_t *pos)
691 {
692 struct acc_dev *dev = fp->private_data;
693 struct usb_request *req;
694 ssize_t r = count;
695 ssize_t data_length;
696 unsigned xfer;
697 int ret = 0;
698
699 pr_debug("acc_read(%zu)\n", count);
700
701 if (dev->disconnected) {
702 pr_debug("acc_read disconnected");
703 return -ENODEV;
704 }
705
706 if (count > BULK_BUFFER_SIZE)
707 count = BULK_BUFFER_SIZE;
708
709 /* we will block until we're online */
710 pr_debug("acc_read: waiting for online\n");
711 ret = wait_event_interruptible(dev->read_wq, dev->online);
712 if (ret < 0) {
713 r = ret;
714 goto done;
715 }
716
717 if (!dev->rx_req[0]) {
718 pr_warn("acc_read: USB request already handled/freed");
719 r = -EINVAL;
720 goto done;
721 }
722
723 /*
724 * Calculate the data length by considering termination character.
725 * Then compansite the difference of rounding up to
726 * integer multiple of maxpacket size.
727 */
728 data_length = count;
729 data_length += dev->ep_out->maxpacket - 1;
730 data_length -= data_length % dev->ep_out->maxpacket;
731
732 if (dev->rx_done) {
733 // last req cancelled. try to get it.
734 req = dev->rx_req[0];
735 goto copy_data;
736 }
737
738 requeue_req:
739 /* queue a request */
740 req = dev->rx_req[0];
741 req->length = data_length;
742 dev->rx_done = 0;
743 ret = usb_ep_queue(dev->ep_out, req, GFP_KERNEL);
744 if (ret < 0) {
745 r = -EIO;
746 goto done;
747 } else {
748 pr_debug("rx %p queue\n", req);
749 }
750
751 /* wait for a request to complete */
752 ret = wait_event_interruptible(dev->read_wq, dev->rx_done);
753 if (ret < 0) {
754 r = ret;
755 ret = usb_ep_dequeue(dev->ep_out, req);
756 if (ret != 0) {
757 // cancel failed. There can be a data already received.
758 // it will be retrieved in the next read.
759 pr_debug("acc_read: cancelling failed %d", ret);
760 }
761 goto done;
762 }
763
764 copy_data:
765 dev->rx_done = 0;
766 if (dev->online) {
767 /* If we got a 0-len packet, throw it back and try again. */
768 if (req->actual == 0)
769 goto requeue_req;
770
771 pr_debug("rx %p %u\n", req, req->actual);
772 xfer = (req->actual < count) ? req->actual : count;
773 r = xfer;
774 if (copy_to_user(buf, req->buf, xfer))
775 r = -EFAULT;
776 } else
777 r = -EIO;
778
779 done:
780 pr_debug("acc_read returning %zd\n", r);
781 return r;
782 }
783
acc_write(struct file * fp,const char __user * buf,size_t count,loff_t * pos)784 static ssize_t acc_write(struct file *fp, const char __user *buf,
785 size_t count, loff_t *pos)
786 {
787 struct acc_dev *dev = fp->private_data;
788 struct usb_request *req = 0;
789 ssize_t r = count;
790 unsigned xfer;
791 int ret;
792
793 pr_debug("acc_write(%zu)\n", count);
794
795 if (!dev->online || dev->disconnected) {
796 pr_debug("acc_write disconnected or not online");
797 return -ENODEV;
798 }
799
800 while (count > 0) {
801 /* get an idle tx request to use */
802 req = 0;
803 ret = wait_event_interruptible(dev->write_wq,
804 ((req = req_get(dev, &dev->tx_idle)) || !dev->online));
805 if (!dev->online || dev->disconnected) {
806 pr_debug("acc_write dev->error\n");
807 r = -EIO;
808 break;
809 }
810
811 if (!req) {
812 r = ret;
813 break;
814 }
815
816 if (count > BULK_BUFFER_SIZE) {
817 xfer = BULK_BUFFER_SIZE;
818 /* ZLP, They will be more TX requests so not yet. */
819 req->zero = 0;
820 } else {
821 xfer = count;
822 /* If the data length is a multple of the
823 * maxpacket size then send a zero length packet(ZLP).
824 */
825 req->zero = ((xfer % dev->ep_in->maxpacket) == 0);
826 }
827 if (copy_from_user(req->buf, buf, xfer)) {
828 r = -EFAULT;
829 break;
830 }
831
832 req->length = xfer;
833 ret = usb_ep_queue(dev->ep_in, req, GFP_KERNEL);
834 if (ret < 0) {
835 pr_debug("acc_write: xfer error %d\n", ret);
836 r = -EIO;
837 break;
838 }
839
840 buf += xfer;
841 count -= xfer;
842
843 /* zero this so we don't try to free it on error exit */
844 req = 0;
845 }
846
847 if (req)
848 req_put(dev, &dev->tx_idle, req);
849
850 pr_debug("acc_write returning %zd\n", r);
851 return r;
852 }
853
acc_ioctl(struct file * fp,unsigned code,unsigned long value)854 static long acc_ioctl(struct file *fp, unsigned code, unsigned long value)
855 {
856 struct acc_dev *dev = fp->private_data;
857 char *src = NULL;
858 int ret;
859
860 switch (code) {
861 case ACCESSORY_GET_STRING_MANUFACTURER:
862 src = dev->manufacturer;
863 break;
864 case ACCESSORY_GET_STRING_MODEL:
865 src = dev->model;
866 break;
867 case ACCESSORY_GET_STRING_DESCRIPTION:
868 src = dev->description;
869 break;
870 case ACCESSORY_GET_STRING_VERSION:
871 src = dev->version;
872 break;
873 case ACCESSORY_GET_STRING_URI:
874 src = dev->uri;
875 break;
876 case ACCESSORY_GET_STRING_SERIAL:
877 src = dev->serial;
878 break;
879 case ACCESSORY_IS_START_REQUESTED:
880 return dev->start_requested;
881 case ACCESSORY_GET_AUDIO_MODE:
882 return dev->audio_mode;
883 }
884 if (!src)
885 return -EINVAL;
886
887 ret = strlen(src) + 1;
888 if (copy_to_user((void __user *)value, src, ret))
889 ret = -EFAULT;
890 return ret;
891 }
892
acc_open(struct inode * ip,struct file * fp)893 static int acc_open(struct inode *ip, struct file *fp)
894 {
895 struct acc_dev *dev = get_acc_dev();
896
897 if (!dev)
898 return -ENODEV;
899
900 if (atomic_xchg(&dev->open_excl, 1)) {
901 put_acc_dev(dev);
902 return -EBUSY;
903 }
904
905 dev->disconnected = 0;
906 fp->private_data = dev;
907 return 0;
908 }
909
acc_release(struct inode * ip,struct file * fp)910 static int acc_release(struct inode *ip, struct file *fp)
911 {
912 struct acc_dev *dev = fp->private_data;
913
914 if (!dev)
915 return -ENOENT;
916
917 /* indicate that we are disconnected
918 * still could be online so don't touch online flag
919 */
920 dev->disconnected = 1;
921
922 fp->private_data = NULL;
923 WARN_ON(!atomic_xchg(&dev->open_excl, 0));
924 put_acc_dev(dev);
925 return 0;
926 }
927
928 /* file operations for /dev/usb_accessory */
929 static const struct file_operations acc_fops = {
930 .owner = THIS_MODULE,
931 .read = acc_read,
932 .write = acc_write,
933 .unlocked_ioctl = acc_ioctl,
934 .compat_ioctl = acc_ioctl,
935 .open = acc_open,
936 .release = acc_release,
937 };
938
acc_hid_probe(struct hid_device * hdev,const struct hid_device_id * id)939 static int acc_hid_probe(struct hid_device *hdev,
940 const struct hid_device_id *id)
941 {
942 int ret;
943
944 ret = hid_parse(hdev);
945 if (ret)
946 return ret;
947 return hid_hw_start(hdev, HID_CONNECT_DEFAULT);
948 }
949
950 static struct miscdevice acc_device = {
951 .minor = MISC_DYNAMIC_MINOR,
952 .name = "usb_accessory",
953 .fops = &acc_fops,
954 };
955
956 static const struct hid_device_id acc_hid_table[] = {
957 { HID_USB_DEVICE(HID_ANY_ID, HID_ANY_ID) },
958 { }
959 };
960
961 static struct hid_driver acc_hid_driver = {
962 .name = "USB accessory",
963 .id_table = acc_hid_table,
964 .probe = acc_hid_probe,
965 };
966
acc_complete_setup_noop(struct usb_ep * ep,struct usb_request * req)967 static void acc_complete_setup_noop(struct usb_ep *ep, struct usb_request *req)
968 {
969 /*
970 * Default no-op function when nothing needs to be done for the
971 * setup request
972 */
973 }
974
acc_ctrlrequest(struct usb_composite_dev * cdev,const struct usb_ctrlrequest * ctrl)975 int acc_ctrlrequest(struct usb_composite_dev *cdev,
976 const struct usb_ctrlrequest *ctrl)
977 {
978 struct acc_dev *dev = get_acc_dev();
979 int value = -EOPNOTSUPP;
980 struct acc_hid_dev *hid;
981 int offset;
982 u8 b_requestType = ctrl->bRequestType;
983 u8 b_request = ctrl->bRequest;
984 u16 w_index = le16_to_cpu(ctrl->wIndex);
985 u16 w_value = le16_to_cpu(ctrl->wValue);
986 u16 w_length = le16_to_cpu(ctrl->wLength);
987 unsigned long flags;
988
989 /*
990 * If instance is not created which is the case in power off charging
991 * mode, dev will be NULL. Hence return error if it is the case.
992 */
993 if (!dev)
994 return -ENODEV;
995
996 if (b_requestType == (USB_DIR_OUT | USB_TYPE_VENDOR)) {
997 if (b_request == ACCESSORY_START) {
998 dev->start_requested = 1;
999 schedule_delayed_work(
1000 &dev->start_work, msecs_to_jiffies(10));
1001 value = 0;
1002 cdev->req->complete = acc_complete_setup_noop;
1003 } else if (b_request == ACCESSORY_SEND_STRING) {
1004 schedule_work(&dev->sendstring_work);
1005 dev->string_index = w_index;
1006 cdev->gadget->ep0->driver_data = dev;
1007 cdev->req->complete = acc_complete_set_string;
1008 value = w_length;
1009 } else if (b_request == ACCESSORY_SET_AUDIO_MODE &&
1010 w_index == 0 && w_length == 0) {
1011 dev->audio_mode = w_value;
1012 cdev->req->complete = acc_complete_setup_noop;
1013 value = 0;
1014 } else if (b_request == ACCESSORY_REGISTER_HID) {
1015 cdev->req->complete = acc_complete_setup_noop;
1016 value = acc_register_hid(dev, w_value, w_index);
1017 } else if (b_request == ACCESSORY_UNREGISTER_HID) {
1018 cdev->req->complete = acc_complete_setup_noop;
1019 value = acc_unregister_hid(dev, w_value);
1020 } else if (b_request == ACCESSORY_SET_HID_REPORT_DESC) {
1021 spin_lock_irqsave(&dev->lock, flags);
1022 hid = acc_hid_get(&dev->new_hid_list, w_value);
1023 spin_unlock_irqrestore(&dev->lock, flags);
1024 if (!hid) {
1025 value = -EINVAL;
1026 goto err;
1027 }
1028 offset = w_index;
1029 if (offset != hid->report_desc_offset
1030 || offset + w_length > hid->report_desc_len) {
1031 value = -EINVAL;
1032 goto err;
1033 }
1034 cdev->req->context = hid;
1035 cdev->req->complete = acc_complete_set_hid_report_desc;
1036 value = w_length;
1037 } else if (b_request == ACCESSORY_SEND_HID_EVENT) {
1038 spin_lock_irqsave(&dev->lock, flags);
1039 hid = acc_hid_get(&dev->hid_list, w_value);
1040 spin_unlock_irqrestore(&dev->lock, flags);
1041 if (!hid) {
1042 value = -EINVAL;
1043 goto err;
1044 }
1045 cdev->req->context = hid;
1046 cdev->req->complete = acc_complete_send_hid_event;
1047 value = w_length;
1048 }
1049 } else if (b_requestType == (USB_DIR_IN | USB_TYPE_VENDOR)) {
1050 if (b_request == ACCESSORY_GET_PROTOCOL) {
1051 schedule_work(&dev->getprotocol_work);
1052 *((u16 *)cdev->req->buf) = PROTOCOL_VERSION;
1053 value = sizeof(u16);
1054 cdev->req->complete = acc_complete_setup_noop;
1055 /* clear any string left over from a previous session */
1056 memset(dev->manufacturer, 0, sizeof(dev->manufacturer));
1057 memset(dev->model, 0, sizeof(dev->model));
1058 memset(dev->description, 0, sizeof(dev->description));
1059 memset(dev->version, 0, sizeof(dev->version));
1060 memset(dev->uri, 0, sizeof(dev->uri));
1061 memset(dev->serial, 0, sizeof(dev->serial));
1062 dev->start_requested = 0;
1063 dev->audio_mode = 0;
1064 }
1065 }
1066
1067 if (value >= 0) {
1068 cdev->req->zero = 0;
1069 cdev->req->length = value;
1070 value = usb_ep_queue(cdev->gadget->ep0, cdev->req, GFP_ATOMIC);
1071 if (value < 0)
1072 ERROR(cdev, "%s setup response queue error\n",
1073 __func__);
1074 }
1075
1076 err:
1077 if (value == -EOPNOTSUPP)
1078 VDBG(cdev,
1079 "unknown class-specific control req "
1080 "%02x.%02x v%04x i%04x l%u\n",
1081 ctrl->bRequestType, ctrl->bRequest,
1082 w_value, w_index, w_length);
1083 put_acc_dev(dev);
1084 return value;
1085 }
1086 EXPORT_SYMBOL_GPL(acc_ctrlrequest);
1087
acc_ctrlrequest_composite(struct usb_composite_dev * cdev,const struct usb_ctrlrequest * ctrl)1088 int acc_ctrlrequest_composite(struct usb_composite_dev *cdev,
1089 const struct usb_ctrlrequest *ctrl)
1090 {
1091 u16 w_length = le16_to_cpu(ctrl->wLength);
1092
1093 if (w_length > USB_COMP_EP0_BUFSIZ) {
1094 if (ctrl->bRequestType & USB_DIR_IN) {
1095 /* Cast away the const, we are going to overwrite on purpose. */
1096 __le16 *temp = (__le16 *)&ctrl->wLength;
1097
1098 *temp = cpu_to_le16(USB_COMP_EP0_BUFSIZ);
1099 w_length = USB_COMP_EP0_BUFSIZ;
1100 } else {
1101 return -EINVAL;
1102 }
1103 }
1104 return acc_ctrlrequest(cdev, ctrl);
1105 }
1106 EXPORT_SYMBOL_GPL(acc_ctrlrequest_composite);
1107
1108 static int
__acc_function_bind(struct usb_configuration * c,struct usb_function * f,bool configfs)1109 __acc_function_bind(struct usb_configuration *c,
1110 struct usb_function *f, bool configfs)
1111 {
1112 struct usb_composite_dev *cdev = c->cdev;
1113 struct acc_dev *dev = func_to_dev(f);
1114 int id;
1115 int ret;
1116
1117 DBG(cdev, "acc_function_bind dev: %p\n", dev);
1118
1119 if (configfs) {
1120 if (acc_string_defs[INTERFACE_STRING_INDEX].id == 0) {
1121 ret = usb_string_id(c->cdev);
1122 if (ret < 0)
1123 return ret;
1124 acc_string_defs[INTERFACE_STRING_INDEX].id = ret;
1125 acc_interface_desc.iInterface = ret;
1126 }
1127 dev->cdev = c->cdev;
1128 }
1129 ret = hid_register_driver(&acc_hid_driver);
1130 if (ret)
1131 return ret;
1132
1133 dev->start_requested = 0;
1134
1135 /* allocate interface ID(s) */
1136 id = usb_interface_id(c, f);
1137 if (id < 0)
1138 return id;
1139 acc_interface_desc.bInterfaceNumber = id;
1140
1141 /* allocate endpoints */
1142 ret = create_bulk_endpoints(dev, &acc_fullspeed_in_desc,
1143 &acc_fullspeed_out_desc);
1144 if (ret)
1145 return ret;
1146
1147 /* support high speed hardware */
1148 acc_highspeed_in_desc.bEndpointAddress =
1149 acc_fullspeed_in_desc.bEndpointAddress;
1150 acc_highspeed_out_desc.bEndpointAddress =
1151 acc_fullspeed_out_desc.bEndpointAddress;
1152
1153 /* support super speed hardware */
1154 acc_superspeed_in_desc.bEndpointAddress =
1155 acc_fullspeed_in_desc.bEndpointAddress;
1156 acc_superspeed_out_desc.bEndpointAddress =
1157 acc_fullspeed_out_desc.bEndpointAddress;
1158
1159 /* support super speed plus hardware */
1160 acc_superspeedplus_in_desc.bEndpointAddress =
1161 acc_fullspeed_in_desc.bEndpointAddress;
1162 acc_superspeedplus_out_desc.bEndpointAddress =
1163 acc_fullspeed_out_desc.bEndpointAddress;
1164
1165 DBG(cdev, "%s speed %s: IN/%s, OUT/%s\n",
1166 gadget_is_dualspeed(c->cdev->gadget) ? "dual" : "full",
1167 f->name, dev->ep_in->name, dev->ep_out->name);
1168 return 0;
1169 }
1170
1171 static int
acc_function_bind_configfs(struct usb_configuration * c,struct usb_function * f)1172 acc_function_bind_configfs(struct usb_configuration *c,
1173 struct usb_function *f) {
1174 return __acc_function_bind(c, f, true);
1175 }
1176
1177 static void
kill_all_hid_devices(struct acc_dev * dev)1178 kill_all_hid_devices(struct acc_dev *dev)
1179 {
1180 struct acc_hid_dev *hid;
1181 struct list_head *entry, *temp;
1182 unsigned long flags;
1183
1184 spin_lock_irqsave(&dev->lock, flags);
1185 list_for_each_safe(entry, temp, &dev->hid_list) {
1186 hid = list_entry(entry, struct acc_hid_dev, list);
1187 list_del(&hid->list);
1188 list_add(&hid->list, &dev->dead_hid_list);
1189 }
1190 list_for_each_safe(entry, temp, &dev->new_hid_list) {
1191 hid = list_entry(entry, struct acc_hid_dev, list);
1192 list_del(&hid->list);
1193 list_add(&hid->list, &dev->dead_hid_list);
1194 }
1195 spin_unlock_irqrestore(&dev->lock, flags);
1196
1197 schedule_work(&dev->hid_work);
1198 }
1199
1200 static void
acc_hid_unbind(struct acc_dev * dev)1201 acc_hid_unbind(struct acc_dev *dev)
1202 {
1203 hid_unregister_driver(&acc_hid_driver);
1204 kill_all_hid_devices(dev);
1205 }
1206
1207 static void
acc_function_unbind(struct usb_configuration * c,struct usb_function * f)1208 acc_function_unbind(struct usb_configuration *c, struct usb_function *f)
1209 {
1210 struct acc_dev *dev = func_to_dev(f);
1211 struct usb_request *req;
1212 int i;
1213
1214 dev->online = 0; /* clear online flag */
1215 wake_up(&dev->read_wq); /* unblock reads on closure */
1216 wake_up(&dev->write_wq); /* likewise for writes */
1217
1218 while ((req = req_get(dev, &dev->tx_idle)))
1219 acc_request_free(req, dev->ep_in);
1220 for (i = 0; i < RX_REQ_MAX; i++) {
1221 acc_request_free(dev->rx_req[i], dev->ep_out);
1222 dev->rx_req[i] = NULL;
1223 }
1224
1225 acc_hid_unbind(dev);
1226 }
1227
acc_getprotocol_work(struct work_struct * data)1228 static void acc_getprotocol_work(struct work_struct *data)
1229 {
1230 char *envp[2] = { "ACCESSORY=GETPROTOCOL", NULL };
1231
1232 kobject_uevent_env(&acc_device.this_device->kobj, KOBJ_CHANGE, envp);
1233 }
1234
acc_sendstring_work(struct work_struct * data)1235 static void acc_sendstring_work(struct work_struct *data)
1236 {
1237 char *envp[2] = { "ACCESSORY=SENDSTRING", NULL };
1238
1239 kobject_uevent_env(&acc_device.this_device->kobj, KOBJ_CHANGE, envp);
1240 }
1241
acc_start_work(struct work_struct * data)1242 static void acc_start_work(struct work_struct *data)
1243 {
1244 char *envp[2] = { "ACCESSORY=START", NULL };
1245
1246 kobject_uevent_env(&acc_device.this_device->kobj, KOBJ_CHANGE, envp);
1247 }
1248
acc_hid_init(struct acc_hid_dev * hdev)1249 static int acc_hid_init(struct acc_hid_dev *hdev)
1250 {
1251 struct hid_device *hid;
1252 int ret;
1253
1254 hid = hid_allocate_device();
1255 if (IS_ERR(hid))
1256 return PTR_ERR(hid);
1257
1258 hid->ll_driver = &acc_hid_ll_driver;
1259 hid->dev.parent = acc_device.this_device;
1260
1261 hid->bus = BUS_USB;
1262 hid->vendor = HID_ANY_ID;
1263 hid->product = HID_ANY_ID;
1264 hid->driver_data = hdev;
1265 ret = hid_add_device(hid);
1266 if (ret) {
1267 pr_err("can't add hid device: %d\n", ret);
1268 hid_destroy_device(hid);
1269 return ret;
1270 }
1271
1272 hdev->hid = hid;
1273 return 0;
1274 }
1275
acc_hid_delete(struct acc_hid_dev * hid)1276 static void acc_hid_delete(struct acc_hid_dev *hid)
1277 {
1278 kfree(hid->report_desc);
1279 kfree(hid);
1280 }
1281
acc_hid_work(struct work_struct * data)1282 static void acc_hid_work(struct work_struct *data)
1283 {
1284 struct acc_dev *dev = get_acc_dev();
1285 struct list_head *entry, *temp;
1286 struct acc_hid_dev *hid;
1287 struct list_head new_list, dead_list;
1288 unsigned long flags;
1289
1290 if (!dev)
1291 return;
1292
1293 INIT_LIST_HEAD(&new_list);
1294
1295 spin_lock_irqsave(&dev->lock, flags);
1296
1297 /* copy hids that are ready for initialization to new_list */
1298 list_for_each_safe(entry, temp, &dev->new_hid_list) {
1299 hid = list_entry(entry, struct acc_hid_dev, list);
1300 if (hid->report_desc_offset == hid->report_desc_len)
1301 list_move(&hid->list, &new_list);
1302 }
1303
1304 if (list_empty(&dev->dead_hid_list)) {
1305 INIT_LIST_HEAD(&dead_list);
1306 } else {
1307 /* move all of dev->dead_hid_list to dead_list */
1308 dead_list.prev = dev->dead_hid_list.prev;
1309 dead_list.next = dev->dead_hid_list.next;
1310 dead_list.next->prev = &dead_list;
1311 dead_list.prev->next = &dead_list;
1312 INIT_LIST_HEAD(&dev->dead_hid_list);
1313 }
1314
1315 spin_unlock_irqrestore(&dev->lock, flags);
1316
1317 /* register new HID devices */
1318 list_for_each_safe(entry, temp, &new_list) {
1319 hid = list_entry(entry, struct acc_hid_dev, list);
1320 if (acc_hid_init(hid)) {
1321 pr_err("can't add HID device %p\n", hid);
1322 acc_hid_delete(hid);
1323 } else {
1324 spin_lock_irqsave(&dev->lock, flags);
1325 list_move(&hid->list, &dev->hid_list);
1326 spin_unlock_irqrestore(&dev->lock, flags);
1327 }
1328 }
1329
1330 /* remove dead HID devices */
1331 list_for_each_safe(entry, temp, &dead_list) {
1332 hid = list_entry(entry, struct acc_hid_dev, list);
1333 list_del(&hid->list);
1334 if (hid->hid)
1335 hid_destroy_device(hid->hid);
1336 acc_hid_delete(hid);
1337 }
1338
1339 put_acc_dev(dev);
1340 }
1341
acc_function_set_alt(struct usb_function * f,unsigned intf,unsigned alt)1342 static int acc_function_set_alt(struct usb_function *f,
1343 unsigned intf, unsigned alt)
1344 {
1345 struct acc_dev *dev = func_to_dev(f);
1346 struct usb_composite_dev *cdev = f->config->cdev;
1347 int ret;
1348
1349 DBG(cdev, "acc_function_set_alt intf: %d alt: %d\n", intf, alt);
1350
1351 ret = config_ep_by_speed(cdev->gadget, f, dev->ep_in);
1352 if (ret)
1353 return ret;
1354
1355 ret = usb_ep_enable(dev->ep_in);
1356 if (ret)
1357 return ret;
1358
1359 ret = config_ep_by_speed(cdev->gadget, f, dev->ep_out);
1360 if (ret)
1361 return ret;
1362
1363 ret = usb_ep_enable(dev->ep_out);
1364 if (ret) {
1365 usb_ep_disable(dev->ep_in);
1366 return ret;
1367 }
1368
1369 dev->online = 1;
1370 dev->disconnected = 0; /* if online then not disconnected */
1371
1372 /* readers may be blocked waiting for us to go online */
1373 wake_up(&dev->read_wq);
1374 return 0;
1375 }
1376
acc_function_disable(struct usb_function * f)1377 static void acc_function_disable(struct usb_function *f)
1378 {
1379 struct acc_dev *dev = func_to_dev(f);
1380 struct usb_composite_dev *cdev = dev->cdev;
1381
1382 DBG(cdev, "acc_function_disable\n");
1383 acc_set_disconnected(dev); /* this now only sets disconnected */
1384 dev->online = 0; /* so now need to clear online flag here too */
1385 usb_ep_disable(dev->ep_in);
1386 usb_ep_disable(dev->ep_out);
1387
1388 /* readers may be blocked waiting for us to go online */
1389 wake_up(&dev->read_wq);
1390
1391 VDBG(cdev, "%s disabled\n", dev->function.name);
1392 }
1393
acc_setup(void)1394 static int acc_setup(void)
1395 {
1396 struct acc_dev_ref *ref = &_acc_dev_ref;
1397 struct acc_dev *dev;
1398 int ret;
1399
1400 if (kref_read(&ref->kref))
1401 return -EBUSY;
1402
1403 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
1404 if (!dev)
1405 return -ENOMEM;
1406
1407 spin_lock_init(&dev->lock);
1408 init_waitqueue_head(&dev->read_wq);
1409 init_waitqueue_head(&dev->write_wq);
1410 atomic_set(&dev->open_excl, 0);
1411 INIT_LIST_HEAD(&dev->tx_idle);
1412 INIT_LIST_HEAD(&dev->hid_list);
1413 INIT_LIST_HEAD(&dev->new_hid_list);
1414 INIT_LIST_HEAD(&dev->dead_hid_list);
1415 INIT_DELAYED_WORK(&dev->start_work, acc_start_work);
1416 INIT_WORK(&dev->hid_work, acc_hid_work);
1417 INIT_WORK(&dev->getprotocol_work, acc_getprotocol_work);
1418 INIT_WORK(&dev->sendstring_work, acc_sendstring_work);
1419
1420 dev->ref = ref;
1421 if (cmpxchg_relaxed(&ref->acc_dev, NULL, dev)) {
1422 ret = -EBUSY;
1423 goto err_free_dev;
1424 }
1425
1426 ret = misc_register(&acc_device);
1427 if (ret)
1428 goto err_zap_ptr;
1429
1430 kref_init(&ref->kref);
1431 return 0;
1432
1433 err_zap_ptr:
1434 ref->acc_dev = NULL;
1435 err_free_dev:
1436 kfree(dev);
1437 pr_err("USB accessory gadget driver failed to initialize\n");
1438 return ret;
1439 }
1440
acc_disconnect(void)1441 void acc_disconnect(void)
1442 {
1443 struct acc_dev *dev = get_acc_dev();
1444
1445 if (!dev)
1446 return;
1447
1448 /* unregister all HID devices if USB is disconnected */
1449 kill_all_hid_devices(dev);
1450 put_acc_dev(dev);
1451 }
1452 EXPORT_SYMBOL_GPL(acc_disconnect);
1453
acc_cleanup(void)1454 static void acc_cleanup(void)
1455 {
1456 struct acc_dev *dev = get_acc_dev();
1457
1458 misc_deregister(&acc_device);
1459 put_acc_dev(dev);
1460 put_acc_dev(dev); /* Pairs with kref_init() in acc_setup() */
1461 }
to_acc_instance(struct config_item * item)1462 static struct acc_instance *to_acc_instance(struct config_item *item)
1463 {
1464 return container_of(to_config_group(item), struct acc_instance,
1465 func_inst.group);
1466 }
1467
acc_attr_release(struct config_item * item)1468 static void acc_attr_release(struct config_item *item)
1469 {
1470 struct acc_instance *fi_acc = to_acc_instance(item);
1471
1472 usb_put_function_instance(&fi_acc->func_inst);
1473 }
1474
1475 static struct configfs_item_operations acc_item_ops = {
1476 .release = acc_attr_release,
1477 };
1478
1479 static struct config_item_type acc_func_type = {
1480 .ct_item_ops = &acc_item_ops,
1481 .ct_owner = THIS_MODULE,
1482 };
1483
to_fi_acc(struct usb_function_instance * fi)1484 static struct acc_instance *to_fi_acc(struct usb_function_instance *fi)
1485 {
1486 return container_of(fi, struct acc_instance, func_inst);
1487 }
1488
acc_set_inst_name(struct usb_function_instance * fi,const char * name)1489 static int acc_set_inst_name(struct usb_function_instance *fi, const char *name)
1490 {
1491 struct acc_instance *fi_acc;
1492 char *ptr;
1493 int name_len;
1494
1495 name_len = strlen(name) + 1;
1496 if (name_len > MAX_INST_NAME_LEN)
1497 return -ENAMETOOLONG;
1498
1499 ptr = kstrndup(name, name_len, GFP_KERNEL);
1500 if (!ptr)
1501 return -ENOMEM;
1502
1503 fi_acc = to_fi_acc(fi);
1504 fi_acc->name = ptr;
1505 return 0;
1506 }
1507
acc_free_inst(struct usb_function_instance * fi)1508 static void acc_free_inst(struct usb_function_instance *fi)
1509 {
1510 struct acc_instance *fi_acc;
1511
1512 fi_acc = to_fi_acc(fi);
1513 kfree(fi_acc->name);
1514 acc_cleanup();
1515 }
1516
acc_alloc_inst(void)1517 static struct usb_function_instance *acc_alloc_inst(void)
1518 {
1519 struct acc_instance *fi_acc;
1520 int err;
1521
1522 fi_acc = kzalloc(sizeof(*fi_acc), GFP_KERNEL);
1523 if (!fi_acc)
1524 return ERR_PTR(-ENOMEM);
1525 fi_acc->func_inst.set_inst_name = acc_set_inst_name;
1526 fi_acc->func_inst.free_func_inst = acc_free_inst;
1527
1528 err = acc_setup();
1529 if (err) {
1530 kfree(fi_acc);
1531 return ERR_PTR(err);
1532 }
1533
1534 config_group_init_type_name(&fi_acc->func_inst.group,
1535 "", &acc_func_type);
1536 return &fi_acc->func_inst;
1537 }
1538
acc_free(struct usb_function * f)1539 static void acc_free(struct usb_function *f)
1540 {
1541 struct acc_dev *dev = func_to_dev(f);
1542
1543 put_acc_dev(dev);
1544 }
1545
acc_ctrlrequest_configfs(struct usb_function * f,const struct usb_ctrlrequest * ctrl)1546 int acc_ctrlrequest_configfs(struct usb_function *f,
1547 const struct usb_ctrlrequest *ctrl) {
1548 if (f->config != NULL && f->config->cdev != NULL)
1549 return acc_ctrlrequest(f->config->cdev, ctrl);
1550 else
1551 return -1;
1552 }
1553
acc_alloc(struct usb_function_instance * fi)1554 static struct usb_function *acc_alloc(struct usb_function_instance *fi)
1555 {
1556 struct acc_dev *dev = get_acc_dev();
1557
1558 dev->function.name = "accessory";
1559 dev->function.strings = acc_strings,
1560 dev->function.fs_descriptors = fs_acc_descs;
1561 dev->function.hs_descriptors = hs_acc_descs;
1562 dev->function.ss_descriptors = ss_acc_descs;
1563 dev->function.ssp_descriptors = ssp_acc_descs;
1564 dev->function.bind = acc_function_bind_configfs;
1565 dev->function.unbind = acc_function_unbind;
1566 dev->function.set_alt = acc_function_set_alt;
1567 dev->function.disable = acc_function_disable;
1568 dev->function.free_func = acc_free;
1569 dev->function.setup = acc_ctrlrequest_configfs;
1570
1571 return &dev->function;
1572 }
1573 DECLARE_USB_FUNCTION_INIT(accessory, acc_alloc_inst, acc_alloc);
1574 MODULE_LICENSE("GPL");
1575