/drivers/usb/gadget/f_accessory.c
C | 1172 lines | 913 code | 184 blank | 75 comment | 126 complexity | b0b10d106818bfa34db0af990eb43306 MD5 | raw file
Possible License(s): LGPL-2.0, AGPL-1.0, GPL-2.0
1/* 2 * Gadget Function Driver for Android USB accessories 3 * 4 * Copyright (C) 2011 Google, Inc. 5 * Author: Mike Lockwood <lockwood@android.com> 6 * 7 * This software is licensed under the terms of the GNU General Public 8 * License version 2, as published by the Free Software Foundation, and 9 * may be copied, distributed, and modified under those terms. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 */ 17 18/* #define DEBUG */ 19/* #define VERBOSE_DEBUG */ 20 21#include <linux/module.h> 22#include <linux/init.h> 23#include <linux/poll.h> 24#include <linux/delay.h> 25#include <linux/wait.h> 26#include <linux/err.h> 27#include <linux/interrupt.h> 28#include <linux/kthread.h> 29#include <linux/freezer.h> 30 31#include <linux/types.h> 32#include <linux/file.h> 33#include <linux/device.h> 34#include <linux/miscdevice.h> 35 36#include <linux/hid.h> 37#include <linux/hiddev.h> 38#include <linux/usb.h> 39#include <linux/usb/ch9.h> 40#include <linux/usb/f_accessory.h> 41 42#define BULK_BUFFER_SIZE 16384 43#define ACC_STRING_SIZE 256 44 45#define PROTOCOL_VERSION 2 46 47/* String IDs */ 48#define INTERFACE_STRING_INDEX 0 49 50/* number of tx and rx requests to allocate */ 51#define TX_REQ_MAX 4 52#define RX_REQ_MAX 2 53 54struct acc_hid_dev { 55 struct list_head list; 56 struct hid_device *hid; 57 struct acc_dev *dev; 58 /* accessory defined ID */ 59 int id; 60 /* HID report descriptor */ 61 u8 *report_desc; 62 /* length of HID report descriptor */ 63 int report_desc_len; 64 /* number of bytes of report_desc we have received so far */ 65 int report_desc_offset; 66}; 67 68struct acc_dev { 69 struct usb_function function; 70 struct usb_composite_dev *cdev; 71 spinlock_t lock; 72 73 struct usb_ep *ep_in; 74 struct usb_ep *ep_out; 75 76 /* set to 1 when we connect */ 77 int online:1; 78 /* Set to 1 when we disconnect. 79 * Not cleared until our file is closed. 80 */ 81 int disconnected:1; 82 83 /* strings sent by the host */ 84 char manufacturer[ACC_STRING_SIZE]; 85 char model[ACC_STRING_SIZE]; 86 char description[ACC_STRING_SIZE]; 87 char version[ACC_STRING_SIZE]; 88 char uri[ACC_STRING_SIZE]; 89 char serial[ACC_STRING_SIZE]; 90 91 /* for acc_complete_set_string */ 92 int string_index; 93 94 /* set to 1 if we have a pending start request */ 95 int start_requested; 96 97 int audio_mode; 98 99 /* synchronize access to our device file */ 100 atomic_t open_excl; 101 102 struct list_head tx_idle; 103 104 wait_queue_head_t read_wq; 105 wait_queue_head_t write_wq; 106 struct usb_request *rx_req[RX_REQ_MAX]; 107 int rx_done; 108 109 /* delayed work for handling ACCESSORY_START */ 110 struct delayed_work start_work; 111 112 /* worker for registering and unregistering hid devices */ 113 struct work_struct hid_work; 114 115 /* list of active HID devices */ 116 struct list_head hid_list; 117 118 /* list of new HID devices to register */ 119 struct list_head new_hid_list; 120 121 /* list of dead HID devices to unregister */ 122 struct list_head dead_hid_list; 123}; 124 125static struct usb_interface_descriptor acc_interface_desc = { 126 .bLength = USB_DT_INTERFACE_SIZE, 127 .bDescriptorType = USB_DT_INTERFACE, 128 .bInterfaceNumber = 0, 129 .bNumEndpoints = 2, 130 .bInterfaceClass = USB_CLASS_VENDOR_SPEC, 131 .bInterfaceSubClass = USB_SUBCLASS_VENDOR_SPEC, 132 .bInterfaceProtocol = 0, 133}; 134 135static struct usb_endpoint_descriptor acc_highspeed_in_desc = { 136 .bLength = USB_DT_ENDPOINT_SIZE, 137 .bDescriptorType = USB_DT_ENDPOINT, 138 .bEndpointAddress = USB_DIR_IN, 139 .bmAttributes = USB_ENDPOINT_XFER_BULK, 140 .wMaxPacketSize = __constant_cpu_to_le16(512), 141}; 142 143static struct usb_endpoint_descriptor acc_highspeed_out_desc = { 144 .bLength = USB_DT_ENDPOINT_SIZE, 145 .bDescriptorType = USB_DT_ENDPOINT, 146 .bEndpointAddress = USB_DIR_OUT, 147 .bmAttributes = USB_ENDPOINT_XFER_BULK, 148 .wMaxPacketSize = __constant_cpu_to_le16(512), 149}; 150 151static struct usb_endpoint_descriptor acc_fullspeed_in_desc = { 152 .bLength = USB_DT_ENDPOINT_SIZE, 153 .bDescriptorType = USB_DT_ENDPOINT, 154 .bEndpointAddress = USB_DIR_IN, 155 .bmAttributes = USB_ENDPOINT_XFER_BULK, 156}; 157 158static struct usb_endpoint_descriptor acc_fullspeed_out_desc = { 159 .bLength = USB_DT_ENDPOINT_SIZE, 160 .bDescriptorType = USB_DT_ENDPOINT, 161 .bEndpointAddress = USB_DIR_OUT, 162 .bmAttributes = USB_ENDPOINT_XFER_BULK, 163}; 164 165static struct usb_descriptor_header *fs_acc_descs[] = { 166 (struct usb_descriptor_header *) &acc_interface_desc, 167 (struct usb_descriptor_header *) &acc_fullspeed_in_desc, 168 (struct usb_descriptor_header *) &acc_fullspeed_out_desc, 169 NULL, 170}; 171 172static struct usb_descriptor_header *hs_acc_descs[] = { 173 (struct usb_descriptor_header *) &acc_interface_desc, 174 (struct usb_descriptor_header *) &acc_highspeed_in_desc, 175 (struct usb_descriptor_header *) &acc_highspeed_out_desc, 176 NULL, 177}; 178 179static struct usb_string acc_string_defs[] = { 180 [INTERFACE_STRING_INDEX].s = "Android Accessory Interface", 181 { }, /* end of list */ 182}; 183 184static struct usb_gadget_strings acc_string_table = { 185 .language = 0x0409, /* en-US */ 186 .strings = acc_string_defs, 187}; 188 189static struct usb_gadget_strings *acc_strings[] = { 190 &acc_string_table, 191 NULL, 192}; 193 194/* temporary variable used between acc_open() and acc_gadget_bind() */ 195static struct acc_dev *_acc_dev; 196 197static inline struct acc_dev *func_to_dev(struct usb_function *f) 198{ 199 return container_of(f, struct acc_dev, function); 200} 201 202static struct usb_request *acc_request_new(struct usb_ep *ep, int buffer_size) 203{ 204 struct usb_request *req = usb_ep_alloc_request(ep, GFP_KERNEL); 205 if (!req) 206 return NULL; 207 208 /* now allocate buffers for the requests */ 209 req->buf = kmalloc(buffer_size, GFP_KERNEL); 210 if (!req->buf) { 211 usb_ep_free_request(ep, req); 212 return NULL; 213 } 214 215 return req; 216} 217 218static void acc_request_free(struct usb_request *req, struct usb_ep *ep) 219{ 220 if (req) { 221 kfree(req->buf); 222 usb_ep_free_request(ep, req); 223 } 224} 225 226/* add a request to the tail of a list */ 227static void req_put(struct acc_dev *dev, struct list_head *head, 228 struct usb_request *req) 229{ 230 unsigned long flags; 231 232 spin_lock_irqsave(&dev->lock, flags); 233 list_add_tail(&req->list, head); 234 spin_unlock_irqrestore(&dev->lock, flags); 235} 236 237/* remove a request from the head of a list */ 238static struct usb_request *req_get(struct acc_dev *dev, struct list_head *head) 239{ 240 unsigned long flags; 241 struct usb_request *req; 242 243 spin_lock_irqsave(&dev->lock, flags); 244 if (list_empty(head)) { 245 req = 0; 246 } else { 247 req = list_first_entry(head, struct usb_request, list); 248 list_del(&req->list); 249 } 250 spin_unlock_irqrestore(&dev->lock, flags); 251 return req; 252} 253 254static void acc_set_disconnected(struct acc_dev *dev) 255{ 256 dev->online = 0; 257 dev->disconnected = 1; 258} 259 260static void acc_complete_in(struct usb_ep *ep, struct usb_request *req) 261{ 262 struct acc_dev *dev = _acc_dev; 263 264 if (req->status != 0) 265 acc_set_disconnected(dev); 266 267 req_put(dev, &dev->tx_idle, req); 268 269 wake_up(&dev->write_wq); 270} 271 272static void acc_complete_out(struct usb_ep *ep, struct usb_request *req) 273{ 274 struct acc_dev *dev = _acc_dev; 275 276 dev->rx_done = 1; 277 if (req->status != 0) 278 acc_set_disconnected(dev); 279 280 wake_up(&dev->read_wq); 281} 282 283static void acc_complete_set_string(struct usb_ep *ep, struct usb_request *req) 284{ 285 struct acc_dev *dev = ep->driver_data; 286 char *string_dest = NULL; 287 int length = req->actual; 288 289 if (req->status != 0) { 290 pr_err("acc_complete_set_string, err %d\n", req->status); 291 return; 292 } 293 294 switch (dev->string_index) { 295 case ACCESSORY_STRING_MANUFACTURER: 296 string_dest = dev->manufacturer; 297 break; 298 case ACCESSORY_STRING_MODEL: 299 string_dest = dev->model; 300 break; 301 case ACCESSORY_STRING_DESCRIPTION: 302 string_dest = dev->description; 303 break; 304 case ACCESSORY_STRING_VERSION: 305 string_dest = dev->version; 306 break; 307 case ACCESSORY_STRING_URI: 308 string_dest = dev->uri; 309 break; 310 case ACCESSORY_STRING_SERIAL: 311 string_dest = dev->serial; 312 break; 313 } 314 if (string_dest) { 315 unsigned long flags; 316 317 if (length >= ACC_STRING_SIZE) 318 length = ACC_STRING_SIZE - 1; 319 320 spin_lock_irqsave(&dev->lock, flags); 321 memcpy(string_dest, req->buf, length); 322 /* ensure zero termination */ 323 string_dest[length] = 0; 324 spin_unlock_irqrestore(&dev->lock, flags); 325 } else { 326 pr_err("unknown accessory string index %d\n", 327 dev->string_index); 328 } 329} 330 331static void acc_complete_set_hid_report_desc(struct usb_ep *ep, 332 struct usb_request *req) 333{ 334 struct acc_hid_dev *hid = req->context; 335 struct acc_dev *dev = hid->dev; 336 int length = req->actual; 337 338 if (req->status != 0) { 339 pr_err("acc_complete_set_hid_report_desc, err %d\n", 340 req->status); 341 return; 342 } 343 344 memcpy(hid->report_desc + hid->report_desc_offset, req->buf, length); 345 hid->report_desc_offset += length; 346 if (hid->report_desc_offset == hid->report_desc_len) { 347 /* After we have received the entire report descriptor 348 * we schedule work to initialize the HID device 349 */ 350 schedule_work(&dev->hid_work); 351 } 352} 353 354static void acc_complete_send_hid_event(struct usb_ep *ep, 355 struct usb_request *req) 356{ 357 struct acc_hid_dev *hid = req->context; 358 int length = req->actual; 359 360 if (req->status != 0) { 361 pr_err("acc_complete_send_hid_event, err %d\n", req->status); 362 return; 363 } 364 365 hid_report_raw_event(hid->hid, HID_INPUT_REPORT, req->buf, length, 1); 366} 367 368static int acc_hid_parse(struct hid_device *hid) 369{ 370 struct acc_hid_dev *hdev = hid->driver_data; 371 372 hid_parse_report(hid, hdev->report_desc, hdev->report_desc_len); 373 return 0; 374} 375 376static int acc_hid_start(struct hid_device *hid) 377{ 378 return 0; 379} 380 381static void acc_hid_stop(struct hid_device *hid) 382{ 383} 384 385static int acc_hid_open(struct hid_device *hid) 386{ 387 return 0; 388} 389 390static void acc_hid_close(struct hid_device *hid) 391{ 392} 393 394static struct hid_ll_driver acc_hid_ll_driver = { 395 .parse = acc_hid_parse, 396 .start = acc_hid_start, 397 .stop = acc_hid_stop, 398 .open = acc_hid_open, 399 .close = acc_hid_close, 400}; 401 402static struct acc_hid_dev *acc_hid_new(struct acc_dev *dev, 403 int id, int desc_len) 404{ 405 struct acc_hid_dev *hdev; 406 407 hdev = kzalloc(sizeof(*hdev), GFP_ATOMIC); 408 if (!hdev) 409 return NULL; 410 hdev->report_desc = kzalloc(desc_len, GFP_ATOMIC); 411 if (!hdev->report_desc) { 412 kfree(hdev); 413 return NULL; 414 } 415 hdev->dev = dev; 416 hdev->id = id; 417 hdev->report_desc_len = desc_len; 418 419 return hdev; 420} 421 422static struct acc_hid_dev *acc_hid_get(struct list_head *list, int id) 423{ 424 struct acc_hid_dev *hid; 425 426 list_for_each_entry(hid, list, list) { 427 if (hid->id == id) 428 return hid; 429 } 430 return NULL; 431} 432 433static int acc_register_hid(struct acc_dev *dev, int id, int desc_length) 434{ 435 struct acc_hid_dev *hid; 436 unsigned long flags; 437 438 /* report descriptor length must be > 0 */ 439 if (desc_length <= 0) 440 return -EINVAL; 441 442 spin_lock_irqsave(&dev->lock, flags); 443 /* replace HID if one already exists with this ID */ 444 hid = acc_hid_get(&dev->hid_list, id); 445 if (!hid) 446 hid = acc_hid_get(&dev->new_hid_list, id); 447 if (hid) 448 list_move(&hid->list, &dev->dead_hid_list); 449 450 hid = acc_hid_new(dev, id, desc_length); 451 if (!hid) { 452 spin_unlock_irqrestore(&dev->lock, flags); 453 return -ENOMEM; 454 } 455 456 list_add(&hid->list, &dev->new_hid_list); 457 spin_unlock_irqrestore(&dev->lock, flags); 458 459 /* schedule work to register the HID device */ 460 schedule_work(&dev->hid_work); 461 return 0; 462} 463 464static int acc_unregister_hid(struct acc_dev *dev, int id) 465{ 466 struct acc_hid_dev *hid; 467 unsigned long flags; 468 469 spin_lock_irqsave(&dev->lock, flags); 470 hid = acc_hid_get(&dev->hid_list, id); 471 if (!hid) 472 hid = acc_hid_get(&dev->new_hid_list, id); 473 if (!hid) { 474 spin_unlock_irqrestore(&dev->lock, flags); 475 return -EINVAL; 476 } 477 478 list_move(&hid->list, &dev->dead_hid_list); 479 spin_unlock_irqrestore(&dev->lock, flags); 480 481 schedule_work(&dev->hid_work); 482 return 0; 483} 484 485static int create_bulk_endpoints(struct acc_dev *dev, 486 struct usb_endpoint_descriptor *in_desc, 487 struct usb_endpoint_descriptor *out_desc) 488{ 489 struct usb_composite_dev *cdev = dev->cdev; 490 struct usb_request *req; 491 struct usb_ep *ep; 492 int i; 493 494 DBG(cdev, "create_bulk_endpoints dev: %p\n", dev); 495 496 ep = usb_ep_autoconfig(cdev->gadget, in_desc); 497 if (!ep) { 498 DBG(cdev, "usb_ep_autoconfig for ep_in failed\n"); 499 return -ENODEV; 500 } 501 DBG(cdev, "usb_ep_autoconfig for ep_in got %s\n", ep->name); 502 ep->driver_data = dev; /* claim the endpoint */ 503 dev->ep_in = ep; 504 505 ep = usb_ep_autoconfig(cdev->gadget, out_desc); 506 if (!ep) { 507 DBG(cdev, "usb_ep_autoconfig for ep_out failed\n"); 508 return -ENODEV; 509 } 510 DBG(cdev, "usb_ep_autoconfig for ep_out got %s\n", ep->name); 511 ep->driver_data = dev; /* claim the endpoint */ 512 dev->ep_out = ep; 513 514 ep = usb_ep_autoconfig(cdev->gadget, out_desc); 515 if (!ep) { 516 DBG(cdev, "usb_ep_autoconfig for ep_out failed\n"); 517 return -ENODEV; 518 } 519 DBG(cdev, "usb_ep_autoconfig for ep_out got %s\n", ep->name); 520 ep->driver_data = dev; /* claim the endpoint */ 521 dev->ep_out = ep; 522 523 /* now allocate requests for our endpoints */ 524 for (i = 0; i < TX_REQ_MAX; i++) { 525 req = acc_request_new(dev->ep_in, BULK_BUFFER_SIZE); 526 if (!req) 527 goto fail; 528 req->complete = acc_complete_in; 529 req_put(dev, &dev->tx_idle, req); 530 } 531 for (i = 0; i < RX_REQ_MAX; i++) { 532 req = acc_request_new(dev->ep_out, BULK_BUFFER_SIZE); 533 if (!req) 534 goto fail; 535 req->complete = acc_complete_out; 536 dev->rx_req[i] = req; 537 } 538 539 return 0; 540 541fail: 542 pr_err("acc_bind() could not allocate requests\n"); 543 while ((req = req_get(dev, &dev->tx_idle))) 544 acc_request_free(req, dev->ep_in); 545 for (i = 0; i < RX_REQ_MAX; i++) 546 acc_request_free(dev->rx_req[i], dev->ep_out); 547 return -1; 548} 549 550static ssize_t acc_read(struct file *fp, char __user *buf, 551 size_t count, loff_t *pos) 552{ 553 struct acc_dev *dev = fp->private_data; 554 struct usb_request *req; 555 int r = count, xfer; 556 int ret = 0; 557 558 pr_debug("acc_read(%d)\n", count); 559 560 if (dev->disconnected) 561 return -ENODEV; 562 563 if (count > BULK_BUFFER_SIZE) 564 count = BULK_BUFFER_SIZE; 565 566 /* we will block until we're online */ 567 pr_debug("acc_read: waiting for online\n"); 568 ret = wait_event_interruptible(dev->read_wq, dev->online); 569 if (ret < 0) { 570 r = ret; 571 goto done; 572 } 573 574requeue_req: 575 /* queue a request */ 576 req = dev->rx_req[0]; 577 req->length = count; 578 dev->rx_done = 0; 579 ret = usb_ep_queue(dev->ep_out, req, GFP_KERNEL); 580 if (ret < 0) { 581 r = -EIO; 582 goto done; 583 } else { 584 pr_debug("rx %p queue\n", req); 585 } 586 587 /* wait for a request to complete */ 588 ret = wait_event_interruptible(dev->read_wq, dev->rx_done); 589 if (ret < 0) { 590 r = ret; 591 usb_ep_dequeue(dev->ep_out, req); 592 goto done; 593 } 594 if (dev->online) { 595 /* If we got a 0-len packet, throw it back and try again. */ 596 if (req->actual == 0) 597 goto requeue_req; 598 599 pr_debug("rx %p %d\n", req, req->actual); 600 xfer = (req->actual < count) ? req->actual : count; 601 r = xfer; 602 if (copy_to_user(buf, req->buf, xfer)) 603 r = -EFAULT; 604 } else 605 r = -EIO; 606 607done: 608 pr_debug("acc_read returning %d\n", r); 609 return r; 610} 611 612static ssize_t acc_write(struct file *fp, const char __user *buf, 613 size_t count, loff_t *pos) 614{ 615 struct acc_dev *dev = fp->private_data; 616 struct usb_request *req = 0; 617 int r = count, xfer; 618 int ret; 619 620 pr_debug("acc_write(%d)\n", count); 621 622 if (!dev->online || dev->disconnected) 623 return -ENODEV; 624 625 while (count > 0) { 626 if (!dev->online) { 627 pr_debug("acc_write dev->error\n"); 628 r = -EIO; 629 break; 630 } 631 632 /* get an idle tx request to use */ 633 req = 0; 634 ret = wait_event_interruptible(dev->write_wq, 635 ((req = req_get(dev, &dev->tx_idle)) || !dev->online)); 636 if (!req) { 637 r = ret; 638 break; 639 } 640 641 if (count > BULK_BUFFER_SIZE) 642 xfer = BULK_BUFFER_SIZE; 643 else 644 xfer = count; 645 if (copy_from_user(req->buf, buf, xfer)) { 646 r = -EFAULT; 647 break; 648 } 649 650 req->length = xfer; 651 ret = usb_ep_queue(dev->ep_in, req, GFP_KERNEL); 652 if (ret < 0) { 653 pr_debug("acc_write: xfer error %d\n", ret); 654 r = -EIO; 655 break; 656 } 657 658 buf += xfer; 659 count -= xfer; 660 661 /* zero this so we don't try to free it on error exit */ 662 req = 0; 663 } 664 665 if (req) 666 req_put(dev, &dev->tx_idle, req); 667 668 pr_debug("acc_write returning %d\n", r); 669 return r; 670} 671 672static long acc_ioctl(struct file *fp, unsigned code, unsigned long value) 673{ 674 struct acc_dev *dev = fp->private_data; 675 char *src = NULL; 676 int ret; 677 678 switch (code) { 679 case ACCESSORY_GET_STRING_MANUFACTURER: 680 src = dev->manufacturer; 681 break; 682 case ACCESSORY_GET_STRING_MODEL: 683 src = dev->model; 684 break; 685 case ACCESSORY_GET_STRING_DESCRIPTION: 686 src = dev->description; 687 break; 688 case ACCESSORY_GET_STRING_VERSION: 689 src = dev->version; 690 break; 691 case ACCESSORY_GET_STRING_URI: 692 src = dev->uri; 693 break; 694 case ACCESSORY_GET_STRING_SERIAL: 695 src = dev->serial; 696 break; 697 case ACCESSORY_IS_START_REQUESTED: 698 return dev->start_requested; 699 case ACCESSORY_GET_AUDIO_MODE: 700 return dev->audio_mode; 701 } 702 if (!src) 703 return -EINVAL; 704 705 ret = strlen(src) + 1; 706 if (copy_to_user((void __user *)value, src, ret)) 707 ret = -EFAULT; 708 return ret; 709} 710 711static int acc_open(struct inode *ip, struct file *fp) 712{ 713 printk(KERN_INFO "acc_open\n"); 714 if (atomic_xchg(&_acc_dev->open_excl, 1)) 715 return -EBUSY; 716 717 _acc_dev->disconnected = 0; 718 fp->private_data = _acc_dev; 719 return 0; 720} 721 722static int acc_release(struct inode *ip, struct file *fp) 723{ 724 printk(KERN_INFO "acc_release\n"); 725 726 WARN_ON(!atomic_xchg(&_acc_dev->open_excl, 0)); 727 _acc_dev->disconnected = 0; 728 return 0; 729} 730 731/* file operations for /dev/usb_accessory */ 732static const struct file_operations acc_fops = { 733 .owner = THIS_MODULE, 734 .read = acc_read, 735 .write = acc_write, 736 .unlocked_ioctl = acc_ioctl, 737 .open = acc_open, 738 .release = acc_release, 739}; 740 741static int acc_hid_probe(struct hid_device *hdev, 742 const struct hid_device_id *id) 743{ 744 int ret; 745 746 ret = hid_parse(hdev); 747 if (ret) 748 return ret; 749 return hid_hw_start(hdev, HID_CONNECT_DEFAULT); 750} 751 752static struct miscdevice acc_device = { 753 .minor = MISC_DYNAMIC_MINOR, 754 .name = "usb_accessory", 755 .fops = &acc_fops, 756}; 757 758static const struct hid_device_id acc_hid_table[] = { 759 { HID_USB_DEVICE(HID_ANY_ID, HID_ANY_ID) }, 760 { } 761}; 762 763static struct hid_driver acc_hid_driver = { 764 .name = "USB accessory", 765 .id_table = acc_hid_table, 766 .probe = acc_hid_probe, 767}; 768 769static int acc_ctrlrequest(struct usb_composite_dev *cdev, 770 const struct usb_ctrlrequest *ctrl) 771{ 772 struct acc_dev *dev = _acc_dev; 773 int value = -EOPNOTSUPP; 774 struct acc_hid_dev *hid; 775 int offset; 776 u8 b_requestType = ctrl->bRequestType; 777 u8 b_request = ctrl->bRequest; 778 u16 w_index = le16_to_cpu(ctrl->wIndex); 779 u16 w_value = le16_to_cpu(ctrl->wValue); 780 u16 w_length = le16_to_cpu(ctrl->wLength); 781 unsigned long flags; 782 783/* 784 printk(KERN_INFO "acc_ctrlrequest " 785 "%02x.%02x v%04x i%04x l%u\n", 786 b_requestType, b_request, 787 w_value, w_index, w_length); 788*/ 789 790 if (b_requestType == (USB_DIR_OUT | USB_TYPE_VENDOR)) { 791 if (b_request == ACCESSORY_START) { 792 dev->start_requested = 1; 793 schedule_delayed_work( 794 &dev->start_work, msecs_to_jiffies(10)); 795 value = 0; 796 } else if (b_request == ACCESSORY_SEND_STRING) { 797 dev->string_index = w_index; 798 cdev->gadget->ep0->driver_data = dev; 799 cdev->req->complete = acc_complete_set_string; 800 value = w_length; 801 } else if (b_request == ACCESSORY_SET_AUDIO_MODE && 802 w_index == 0 && w_length == 0) { 803 dev->audio_mode = w_value; 804 value = 0; 805 } else if (b_request == ACCESSORY_REGISTER_HID) { 806 value = acc_register_hid(dev, w_value, w_index); 807 } else if (b_request == ACCESSORY_UNREGISTER_HID) { 808 value = acc_unregister_hid(dev, w_value); 809 } else if (b_request == ACCESSORY_SET_HID_REPORT_DESC) { 810 spin_lock_irqsave(&dev->lock, flags); 811 hid = acc_hid_get(&dev->new_hid_list, w_value); 812 spin_unlock_irqrestore(&dev->lock, flags); 813 if (!hid) { 814 value = -EINVAL; 815 goto err; 816 } 817 offset = w_index; 818 if (offset != hid->report_desc_offset 819 || offset + w_length > hid->report_desc_len) { 820 value = -EINVAL; 821 goto err; 822 } 823 cdev->req->context = hid; 824 cdev->req->complete = acc_complete_set_hid_report_desc; 825 value = w_length; 826 } else if (b_request == ACCESSORY_SEND_HID_EVENT) { 827 spin_lock_irqsave(&dev->lock, flags); 828 hid = acc_hid_get(&dev->hid_list, w_value); 829 spin_unlock_irqrestore(&dev->lock, flags); 830 if (!hid) { 831 value = -EINVAL; 832 goto err; 833 } 834 cdev->req->context = hid; 835 cdev->req->complete = acc_complete_send_hid_event; 836 value = w_length; 837 } 838 } else if (b_requestType == (USB_DIR_IN | USB_TYPE_VENDOR)) { 839 if (b_request == ACCESSORY_GET_PROTOCOL) { 840 *((u16 *)cdev->req->buf) = PROTOCOL_VERSION; 841 value = sizeof(u16); 842 843 /* clear strings left over from a previous session */ 844 memset(dev->manufacturer, 0, sizeof(dev->manufacturer)); 845 memset(dev->model, 0, sizeof(dev->model)); 846 memset(dev->description, 0, sizeof(dev->description)); 847 memset(dev->version, 0, sizeof(dev->version)); 848 memset(dev->uri, 0, sizeof(dev->uri)); 849 memset(dev->serial, 0, sizeof(dev->serial)); 850 dev->start_requested = 0; 851 dev->audio_mode = 0; 852 } 853 } 854 855 if (value >= 0) { 856 cdev->req->zero = 0; 857 cdev->req->length = value; 858 value = usb_ep_queue(cdev->gadget->ep0, cdev->req, GFP_ATOMIC); 859 if (value < 0) 860 ERROR(cdev, "%s setup response queue error\n", 861 __func__); 862 } 863 864err: 865 if (value == -EOPNOTSUPP) 866 VDBG(cdev, 867 "unknown class-specific control req " 868 "%02x.%02x v%04x i%04x l%u\n", 869 ctrl->bRequestType, ctrl->bRequest, 870 w_value, w_index, w_length); 871 return value; 872} 873 874static int 875acc_function_bind(struct usb_configuration *c, struct usb_function *f) 876{ 877 struct usb_composite_dev *cdev = c->cdev; 878 struct acc_dev *dev = func_to_dev(f); 879 int id; 880 int ret; 881 882 DBG(cdev, "acc_function_bind dev: %p\n", dev); 883 884 ret = hid_register_driver(&acc_hid_driver); 885 if (ret) 886 return ret; 887 888 dev->start_requested = 0; 889 890 /* allocate interface ID(s) */ 891 id = usb_interface_id(c, f); 892 if (id < 0) 893 return id; 894 acc_interface_desc.bInterfaceNumber = id; 895 896 /* allocate endpoints */ 897 ret = create_bulk_endpoints(dev, &acc_fullspeed_in_desc, 898 &acc_fullspeed_out_desc); 899 if (ret) 900 return ret; 901 902 /* support high speed hardware */ 903 if (gadget_is_dualspeed(c->cdev->gadget)) { 904 acc_highspeed_in_desc.bEndpointAddress = 905 acc_fullspeed_in_desc.bEndpointAddress; 906 acc_highspeed_out_desc.bEndpointAddress = 907 acc_fullspeed_out_desc.bEndpointAddress; 908 } 909 910 DBG(cdev, "%s speed %s: IN/%s, OUT/%s\n", 911 gadget_is_dualspeed(c->cdev->gadget) ? "dual" : "full", 912 f->name, dev->ep_in->name, dev->ep_out->name); 913 return 0; 914} 915 916static void 917kill_all_hid_devices(struct acc_dev *dev) 918{ 919 struct acc_hid_dev *hid; 920 struct list_head *entry, *temp; 921 unsigned long flags; 922 923 spin_lock_irqsave(&dev->lock, flags); 924 list_for_each_safe(entry, temp, &dev->hid_list) { 925 hid = list_entry(entry, struct acc_hid_dev, list); 926 list_del(&hid->list); 927 list_add(&hid->list, &dev->dead_hid_list); 928 } 929 list_for_each_safe(entry, temp, &dev->new_hid_list) { 930 hid = list_entry(entry, struct acc_hid_dev, list); 931 list_del(&hid->list); 932 list_add(&hid->list, &dev->dead_hid_list); 933 } 934 spin_unlock_irqrestore(&dev->lock, flags); 935 936 schedule_work(&dev->hid_work); 937} 938 939static void 940acc_hid_unbind(struct acc_dev *dev) 941{ 942 hid_unregister_driver(&acc_hid_driver); 943 kill_all_hid_devices(dev); 944} 945 946static void 947acc_function_unbind(struct usb_configuration *c, struct usb_function *f) 948{ 949 struct acc_dev *dev = func_to_dev(f); 950 struct usb_request *req; 951 int i; 952 953 while ((req = req_get(dev, &dev->tx_idle))) 954 acc_request_free(req, dev->ep_in); 955 for (i = 0; i < RX_REQ_MAX; i++) 956 acc_request_free(dev->rx_req[i], dev->ep_out); 957 958 acc_hid_unbind(dev); 959} 960 961static void acc_start_work(struct work_struct *data) 962{ 963 char *envp[2] = { "ACCESSORY=START", NULL }; 964 kobject_uevent_env(&acc_device.this_device->kobj, KOBJ_CHANGE, envp); 965} 966 967static int acc_hid_init(struct acc_hid_dev *hdev) 968{ 969 struct hid_device *hid; 970 int ret; 971 972 hid = hid_allocate_device(); 973 if (IS_ERR(hid)) 974 return PTR_ERR(hid); 975 976 hid->ll_driver = &acc_hid_ll_driver; 977 hid->dev.parent = acc_device.this_device; 978 979 hid->bus = BUS_USB; 980 hid->vendor = HID_ANY_ID; 981 hid->product = HID_ANY_ID; 982 hid->driver_data = hdev; 983 ret = hid_add_device(hid); 984 if (ret) { 985 pr_err("can't add hid device: %d\n", ret); 986 hid_destroy_device(hid); 987 return ret; 988 } 989 990 hdev->hid = hid; 991 return 0; 992} 993 994static void acc_hid_delete(struct acc_hid_dev *hid) 995{ 996 kfree(hid->report_desc); 997 kfree(hid); 998} 999 1000static void acc_hid_work(struct work_struct *data) 1001{ 1002 struct acc_dev *dev = _acc_dev; 1003 struct list_head *entry, *temp; 1004 struct acc_hid_dev *hid; 1005 struct list_head new_list, dead_list; 1006 unsigned long flags; 1007 1008 INIT_LIST_HEAD(&new_list); 1009 1010 spin_lock_irqsave(&dev->lock, flags); 1011 1012 /* copy hids that are ready for initialization to new_list */ 1013 list_for_each_safe(entry, temp, &dev->new_hid_list) { 1014 hid = list_entry(entry, struct acc_hid_dev, list); 1015 if (hid->report_desc_offset == hid->report_desc_len) 1016 list_move(&hid->list, &new_list); 1017 } 1018 1019 if (list_empty(&dev->dead_hid_list)) { 1020 INIT_LIST_HEAD(&dead_list); 1021 } else { 1022 /* move all of dev->dead_hid_list to dead_list */ 1023 dead_list.prev = dev->dead_hid_list.prev; 1024 dead_list.next = dev->dead_hid_list.next; 1025 dead_list.next->prev = &dead_list; 1026 dead_list.prev->next = &dead_list; 1027 INIT_LIST_HEAD(&dev->dead_hid_list); 1028 } 1029 1030 spin_unlock_irqrestore(&dev->lock, flags); 1031 1032 /* register new HID devices */ 1033 list_for_each_safe(entry, temp, &new_list) { 1034 hid = list_entry(entry, struct acc_hid_dev, list); 1035 if (acc_hid_init(hid)) { 1036 pr_err("can't add HID device %p\n", hid); 1037 acc_hid_delete(hid); 1038 } else { 1039 spin_lock_irqsave(&dev->lock, flags); 1040 list_move(&hid->list, &dev->hid_list); 1041 spin_unlock_irqrestore(&dev->lock, flags); 1042 } 1043 } 1044 1045 /* remove dead HID devices */ 1046 list_for_each_safe(entry, temp, &dead_list) { 1047 hid = list_entry(entry, struct acc_hid_dev, list); 1048 list_del(&hid->list); 1049 if (hid->hid) 1050 hid_destroy_device(hid->hid); 1051 acc_hid_delete(hid); 1052 } 1053} 1054 1055static int acc_function_set_alt(struct usb_function *f, 1056 unsigned intf, unsigned alt) 1057{ 1058 struct acc_dev *dev = func_to_dev(f); 1059 struct usb_composite_dev *cdev = f->config->cdev; 1060 int ret; 1061 1062 DBG(cdev, "acc_function_set_alt intf: %d alt: %d\n", intf, alt); 1063 config_ep_by_speed(cdev->gadget, f, dev->ep_in); 1064 ret = usb_ep_enable(dev->ep_in); 1065 if (ret) 1066 return ret; 1067 config_ep_by_speed(cdev->gadget, f, dev->ep_out); 1068 ret = usb_ep_enable(dev->ep_out); 1069 if (ret) { 1070 usb_ep_disable(dev->ep_in); 1071 return ret; 1072 } 1073 1074 dev->online = 1; 1075 1076 /* readers may be blocked waiting for us to go online */ 1077 wake_up(&dev->read_wq); 1078 return 0; 1079} 1080 1081static void acc_function_disable(struct usb_function *f) 1082{ 1083 struct acc_dev *dev = func_to_dev(f); 1084 struct usb_composite_dev *cdev = dev->cdev; 1085 1086 DBG(cdev, "acc_function_disable\n"); 1087 acc_set_disconnected(dev); 1088 usb_ep_disable(dev->ep_in); 1089 usb_ep_disable(dev->ep_out); 1090 1091 /* readers may be blocked waiting for us to go online */ 1092 wake_up(&dev->read_wq); 1093 1094 VDBG(cdev, "%s disabled\n", dev->function.name); 1095} 1096 1097static int acc_bind_config(struct usb_configuration *c) 1098{ 1099 struct acc_dev *dev = _acc_dev; 1100 int ret; 1101 1102 printk(KERN_INFO "acc_bind_config\n"); 1103 1104 /* allocate a string ID for our interface */ 1105 if (acc_string_defs[INTERFACE_STRING_INDEX].id == 0) { 1106 ret = usb_string_id(c->cdev); 1107 if (ret < 0) 1108 return ret; 1109 acc_string_defs[INTERFACE_STRING_INDEX].id = ret; 1110 acc_interface_desc.iInterface = ret; 1111 } 1112 1113 dev->cdev = c->cdev; 1114 dev->function.name = "accessory"; 1115 dev->function.strings = acc_strings, 1116 dev->function.descriptors = fs_acc_descs; 1117 dev->function.hs_descriptors = hs_acc_descs; 1118 dev->function.bind = acc_function_bind; 1119 dev->function.unbind = acc_function_unbind; 1120 dev->function.set_alt = acc_function_set_alt; 1121 dev->function.disable = acc_function_disable; 1122 1123 return usb_add_function(c, &dev->function); 1124} 1125 1126static int acc_setup(void) 1127{ 1128 struct acc_dev *dev; 1129 int ret; 1130 1131 dev = kzalloc(sizeof(*dev), GFP_KERNEL); 1132 if (!dev) 1133 return -ENOMEM; 1134 1135 spin_lock_init(&dev->lock); 1136 init_waitqueue_head(&dev->read_wq); 1137 init_waitqueue_head(&dev->write_wq); 1138 atomic_set(&dev->open_excl, 0); 1139 INIT_LIST_HEAD(&dev->tx_idle); 1140 INIT_LIST_HEAD(&dev->hid_list); 1141 INIT_LIST_HEAD(&dev->new_hid_list); 1142 INIT_LIST_HEAD(&dev->dead_hid_list); 1143 INIT_DELAYED_WORK(&dev->start_work, acc_start_work); 1144 INIT_WORK(&dev->hid_work, acc_hid_work); 1145 1146 /* _acc_dev must be set before calling usb_gadget_register_driver */ 1147 _acc_dev = dev; 1148 1149 ret = misc_register(&acc_device); 1150 if (ret) 1151 goto err; 1152 1153 return 0; 1154 1155err: 1156 kfree(dev); 1157 pr_err("USB accessory gadget driver failed to initialize\n"); 1158 return ret; 1159} 1160 1161static void acc_disconnect(void) 1162{ 1163 /* unregister all HID devices if USB is disconnected */ 1164 kill_all_hid_devices(_acc_dev); 1165} 1166 1167static void acc_cleanup(void) 1168{ 1169 misc_deregister(&acc_device); 1170 kfree(_acc_dev); 1171 _acc_dev = NULL; 1172}