search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
usb: gadget: f_hid: use after free in hidg_alloc_inst()
[linux-2.6/btrfs-unstable.git] / drivers / usb / gadget / function / f_hid.c
blobf0545f801c9d0ca417db02e28d531430b8561504
1 /*
2 * f_hid.c -- USB HID function driver
3 *
4 * Copyright (C) 2010 Fabien Chouteau <fabien.chouteau@barco.com>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 */
11
12 #include <linux/kernel.h>
13 #include <linux/module.h>
14 #include <linux/hid.h>
15 #include <linux/idr.h>
16 #include <linux/cdev.h>
17 #include <linux/mutex.h>
18 #include <linux/poll.h>
19 #include <linux/uaccess.h>
20 #include <linux/wait.h>
21 #include <linux/sched.h>
22 #include <linux/usb/g_hid.h>
23
24 #include "u_f.h"
25 #include "u_hid.h"
26
27 #define HIDG_MINORS 4
28
29 static int major, minors;
30 static struct class *hidg_class;
31 static DEFINE_IDA(hidg_ida);
32 static DEFINE_MUTEX(hidg_ida_lock); /* protects access to hidg_ida */
33
34 /*-------------------------------------------------------------------------*/
35 /* HID gadget struct */
36
37 struct f_hidg_req_list {
38 struct usb_request *req;
39 unsigned int pos;
40 struct list_head list;
41 };
42
43 struct f_hidg {
44 /* configuration */
45 unsigned char bInterfaceSubClass;
46 unsigned char bInterfaceProtocol;
47 unsigned short report_desc_length;
48 char *report_desc;
49 unsigned short report_length;
50
51 /* recv report */
52 struct list_head completed_out_req;
53 spinlock_t spinlock;
54 wait_queue_head_t read_queue;
55 unsigned int qlen;
56
57 /* send report */
58 struct mutex lock;
59 bool write_pending;
60 wait_queue_head_t write_queue;
61 struct usb_request *req;
62
63 int minor;
64 struct cdev cdev;
65 struct usb_function func;
66
67 struct usb_ep *in_ep;
68 struct usb_ep *out_ep;
69 };
70
71 static inline struct f_hidg *func_to_hidg(struct usb_function *f)
72 {
73 return container_of(f, struct f_hidg, func);
74 }
75
76 /*-------------------------------------------------------------------------*/
77 /* Static descriptors */
78
79 static struct usb_interface_descriptor hidg_interface_desc = {
80 .bLength = sizeof hidg_interface_desc,
81 .bDescriptorType = USB_DT_INTERFACE,
82 /* .bInterfaceNumber = DYNAMIC */
83 .bAlternateSetting = 0,
84 .bNumEndpoints = 2,
85 .bInterfaceClass = USB_CLASS_HID,
86 /* .bInterfaceSubClass = DYNAMIC */
87 /* .bInterfaceProtocol = DYNAMIC */
88 /* .iInterface = DYNAMIC */
89 };
90
91 static struct hid_descriptor hidg_desc = {
92 .bLength = sizeof hidg_desc,
93 .bDescriptorType = HID_DT_HID,
94 .bcdHID = 0x0101,
95 .bCountryCode = 0x00,
96 .bNumDescriptors = 0x1,
97 /*.desc[0].bDescriptorType = DYNAMIC */
98 /*.desc[0].wDescriptorLenght = DYNAMIC */
99 };
100
101 /* High-Speed Support */
102
103 static struct usb_endpoint_descriptor hidg_hs_in_ep_desc = {
104 .bLength = USB_DT_ENDPOINT_SIZE,
105 .bDescriptorType = USB_DT_ENDPOINT,
106 .bEndpointAddress = USB_DIR_IN,
107 .bmAttributes = USB_ENDPOINT_XFER_INT,
108 /*.wMaxPacketSize = DYNAMIC */
109 .bInterval = 4, /* FIXME: Add this field in the
110 * HID gadget configuration?
111 * (struct hidg_func_descriptor)
112 */
113 };
114
115 static struct usb_endpoint_descriptor hidg_hs_out_ep_desc = {
116 .bLength = USB_DT_ENDPOINT_SIZE,
117 .bDescriptorType = USB_DT_ENDPOINT,
118 .bEndpointAddress = USB_DIR_OUT,
119 .bmAttributes = USB_ENDPOINT_XFER_INT,
120 /*.wMaxPacketSize = DYNAMIC */
121 .bInterval = 4, /* FIXME: Add this field in the
122 * HID gadget configuration?
123 * (struct hidg_func_descriptor)
124 */
125 };
126
127 static struct usb_descriptor_header *hidg_hs_descriptors[] = {
128 (struct usb_descriptor_header *)&hidg_interface_desc,
129 (struct usb_descriptor_header *)&hidg_desc,
130 (struct usb_descriptor_header *)&hidg_hs_in_ep_desc,
131 (struct usb_descriptor_header *)&hidg_hs_out_ep_desc,
132 NULL,
133 };
134
135 /* Full-Speed Support */
136
137 static struct usb_endpoint_descriptor hidg_fs_in_ep_desc = {
138 .bLength = USB_DT_ENDPOINT_SIZE,
139 .bDescriptorType = USB_DT_ENDPOINT,
140 .bEndpointAddress = USB_DIR_IN,
141 .bmAttributes = USB_ENDPOINT_XFER_INT,
142 /*.wMaxPacketSize = DYNAMIC */
143 .bInterval = 10, /* FIXME: Add this field in the
144 * HID gadget configuration?
145 * (struct hidg_func_descriptor)
146 */
147 };
148
149 static struct usb_endpoint_descriptor hidg_fs_out_ep_desc = {
150 .bLength = USB_DT_ENDPOINT_SIZE,
151 .bDescriptorType = USB_DT_ENDPOINT,
152 .bEndpointAddress = USB_DIR_OUT,
153 .bmAttributes = USB_ENDPOINT_XFER_INT,
154 /*.wMaxPacketSize = DYNAMIC */
155 .bInterval = 10, /* FIXME: Add this field in the
156 * HID gadget configuration?
157 * (struct hidg_func_descriptor)
158 */
159 };
160
161 static struct usb_descriptor_header *hidg_fs_descriptors[] = {
162 (struct usb_descriptor_header *)&hidg_interface_desc,
163 (struct usb_descriptor_header *)&hidg_desc,
164 (struct usb_descriptor_header *)&hidg_fs_in_ep_desc,
165 (struct usb_descriptor_header *)&hidg_fs_out_ep_desc,
166 NULL,
167 };
168
169 /*-------------------------------------------------------------------------*/
170 /* Strings */
171
172 #define CT_FUNC_HID_IDX 0
173
174 static struct usb_string ct_func_string_defs[] = {
175 [CT_FUNC_HID_IDX].s = "HID Interface",
176 {}, /* end of list */
177 };
178
179 static struct usb_gadget_strings ct_func_string_table = {
180 .language = 0x0409, /* en-US */
181 .strings = ct_func_string_defs,
182 };
183
184 static struct usb_gadget_strings *ct_func_strings[] = {
185 &ct_func_string_table,
186 NULL,
187 };
188
189 /*-------------------------------------------------------------------------*/
190 /* Char Device */
191
192 static ssize_t f_hidg_read(struct file *file, char __user *buffer,
193 size_t count, loff_t *ptr)
194 {
195 struct f_hidg *hidg = file->private_data;
196 struct f_hidg_req_list *list;
197 struct usb_request *req;
198 unsigned long flags;
199 int ret;
200
201 if (!count)
202 return 0;
203
204 if (!access_ok(VERIFY_WRITE, buffer, count))
205 return -EFAULT;
206
207 spin_lock_irqsave(&hidg->spinlock, flags);
208
209 #define READ_COND (!list_empty(&hidg->completed_out_req))
210
211 /* wait for at least one buffer to complete */
212 while (!READ_COND) {
213 spin_unlock_irqrestore(&hidg->spinlock, flags);
214 if (file->f_flags & O_NONBLOCK)
215 return -EAGAIN;
216
217 if (wait_event_interruptible(hidg->read_queue, READ_COND))
218 return -ERESTARTSYS;
219
220 spin_lock_irqsave(&hidg->spinlock, flags);
221 }
222
223 /* pick the first one */
224 list = list_first_entry(&hidg->completed_out_req,
225 struct f_hidg_req_list, list);
226 req = list->req;
227 count = min_t(unsigned int, count, req->actual - list->pos);
228 spin_unlock_irqrestore(&hidg->spinlock, flags);
229
230 /* copy to user outside spinlock */
231 count -= copy_to_user(buffer, req->buf + list->pos, count);
232 list->pos += count;
233
234 /*
235 * if this request is completely handled and transfered to
236 * userspace, remove its entry from the list and requeue it
237 * again. Otherwise, we will revisit it again upon the next
238 * call, taking into account its current read position.
239 */
240 if (list->pos == req->actual) {
241 spin_lock_irqsave(&hidg->spinlock, flags);
242 list_del(&list->list);
243 kfree(list);
244 spin_unlock_irqrestore(&hidg->spinlock, flags);
245
246 req->length = hidg->report_length;
247 ret = usb_ep_queue(hidg->out_ep, req, GFP_KERNEL);
248 if (ret < 0)
249 return ret;
250 }
251
252 return count;
253 }
254
255 static void f_hidg_req_complete(struct usb_ep *ep, struct usb_request *req)
256 {
257 struct f_hidg *hidg = (struct f_hidg *)ep->driver_data;
258
259 if (req->status != 0) {
260 ERROR(hidg->func.config->cdev,
261 "End Point Request ERROR: %d\n", req->status);
262 }
263
264 hidg->write_pending = 0;
265 wake_up(&hidg->write_queue);
266 }
267
268 static ssize_t f_hidg_write(struct file *file, const char __user *buffer,
269 size_t count, loff_t *offp)
270 {
271 struct f_hidg *hidg = file->private_data;
272 ssize_t status = -ENOMEM;
273
274 if (!access_ok(VERIFY_READ, buffer, count))
275 return -EFAULT;
276
277 mutex_lock(&hidg->lock);
278
279 #define WRITE_COND (!hidg->write_pending)
280
281 /* write queue */
282 while (!WRITE_COND) {
283 mutex_unlock(&hidg->lock);
284 if (file->f_flags & O_NONBLOCK)
285 return -EAGAIN;
286
287 if (wait_event_interruptible_exclusive(
288 hidg->write_queue, WRITE_COND))
289 return -ERESTARTSYS;
290
291 mutex_lock(&hidg->lock);
292 }
293
294 count = min_t(unsigned, count, hidg->report_length);
295 status = copy_from_user(hidg->req->buf, buffer, count);
296
297 if (status != 0) {
298 ERROR(hidg->func.config->cdev,
299 "copy_from_user error\n");
300 mutex_unlock(&hidg->lock);
301 return -EINVAL;
302 }
303
304 hidg->req->status = 0;
305 hidg->req->zero = 0;
306 hidg->req->length = count;
307 hidg->req->complete = f_hidg_req_complete;
308 hidg->req->context = hidg;
309 hidg->write_pending = 1;
310
311 status = usb_ep_queue(hidg->in_ep, hidg->req, GFP_ATOMIC);
312 if (status < 0) {
313 ERROR(hidg->func.config->cdev,
314 "usb_ep_queue error on int endpoint %zd\n", status);
315 hidg->write_pending = 0;
316 wake_up(&hidg->write_queue);
317 } else {
318 status = count;
319 }
320
321 mutex_unlock(&hidg->lock);
322
323 return status;
324 }
325
326 static unsigned int f_hidg_poll(struct file *file, poll_table *wait)
327 {
328 struct f_hidg *hidg = file->private_data;
329 unsigned int ret = 0;
330
331 poll_wait(file, &hidg->read_queue, wait);
332 poll_wait(file, &hidg->write_queue, wait);
333
334 if (WRITE_COND)
335 ret |= POLLOUT | POLLWRNORM;
336
337 if (READ_COND)
338 ret |= POLLIN | POLLRDNORM;
339
340 return ret;
341 }
342
343 #undef WRITE_COND
344 #undef READ_COND
345
346 static int f_hidg_release(struct inode *inode, struct file *fd)
347 {
348 fd->private_data = NULL;
349 return 0;
350 }
351
352 static int f_hidg_open(struct inode *inode, struct file *fd)
353 {
354 struct f_hidg *hidg =
355 container_of(inode->i_cdev, struct f_hidg, cdev);
356
357 fd->private_data = hidg;
358
359 return 0;
360 }
361
362 /*-------------------------------------------------------------------------*/
363 /* usb_function */
364
365 static inline struct usb_request *hidg_alloc_ep_req(struct usb_ep *ep,
366 unsigned length)
367 {
368 return alloc_ep_req(ep, length, length);
369 }
370
371 static void hidg_set_report_complete(struct usb_ep *ep, struct usb_request *req)
372 {
373 struct f_hidg *hidg = (struct f_hidg *) req->context;
374 struct f_hidg_req_list *req_list;
375 unsigned long flags;
376
377 req_list = kzalloc(sizeof(*req_list), GFP_ATOMIC);
378 if (!req_list)
379 return;
380
381 req_list->req = req;
382
383 spin_lock_irqsave(&hidg->spinlock, flags);
384 list_add_tail(&req_list->list, &hidg->completed_out_req);
385 spin_unlock_irqrestore(&hidg->spinlock, flags);
386
387 wake_up(&hidg->read_queue);
388 }
389
390 static int hidg_setup(struct usb_function *f,
391 const struct usb_ctrlrequest *ctrl)
392 {
393 struct f_hidg *hidg = func_to_hidg(f);
394 struct usb_composite_dev *cdev = f->config->cdev;
395 struct usb_request *req = cdev->req;
396 int status = 0;
397 __u16 value, length;
398
399 value = __le16_to_cpu(ctrl->wValue);
400 length = __le16_to_cpu(ctrl->wLength);
401
402 VDBG(cdev, "hid_setup crtl_request : bRequestType:0x%x bRequest:0x%x "
403 "Value:0x%x\n", ctrl->bRequestType, ctrl->bRequest, value);
404
405 switch ((ctrl->bRequestType << 8) | ctrl->bRequest) {
406 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
407 | HID_REQ_GET_REPORT):
408 VDBG(cdev, "get_report\n");
409
410 /* send an empty report */
411 length = min_t(unsigned, length, hidg->report_length);
412 memset(req->buf, 0x0, length);
413
414 goto respond;
415 break;
416
417 case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
418 | HID_REQ_GET_PROTOCOL):
419 VDBG(cdev, "get_protocol\n");
420 goto stall;
421 break;
422
423 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
424 | HID_REQ_SET_REPORT):
425 VDBG(cdev, "set_report | wLenght=%d\n", ctrl->wLength);
426 goto stall;
427 break;
428
429 case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
430 | HID_REQ_SET_PROTOCOL):
431 VDBG(cdev, "set_protocol\n");
432 goto stall;
433 break;
434
435 case ((USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_INTERFACE) << 8
436 | USB_REQ_GET_DESCRIPTOR):
437 switch (value >> 8) {
438 case HID_DT_HID:
439 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n");
440 length = min_t(unsigned short, length,
441 hidg_desc.bLength);
442 memcpy(req->buf, &hidg_desc, length);
443 goto respond;
444 break;
445 case HID_DT_REPORT:
446 VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: REPORT\n");
447 length = min_t(unsigned short, length,
448 hidg->report_desc_length);
449 memcpy(req->buf, hidg->report_desc, length);
450 goto respond;
451 break;
452
453 default:
454 VDBG(cdev, "Unknown descriptor request 0x%x\n",
455 value >> 8);
456 goto stall;
457 break;
458 }
459 break;
460
461 default:
462 VDBG(cdev, "Unknown request 0x%x\n",
463 ctrl->bRequest);
464 goto stall;
465 break;
466 }
467
468 stall:
469 return -EOPNOTSUPP;
470
471 respond:
472 req->zero = 0;
473 req->length = length;
474 status = usb_ep_queue(cdev->gadget->ep0, req, GFP_ATOMIC);
475 if (status < 0)
476 ERROR(cdev, "usb_ep_queue error on ep0 %d\n", value);
477 return status;
478 }
479
480 static void hidg_disable(struct usb_function *f)
481 {
482 struct f_hidg *hidg = func_to_hidg(f);
483 struct f_hidg_req_list *list, *next;
484
485 usb_ep_disable(hidg->in_ep);
486 hidg->in_ep->driver_data = NULL;
487
488 usb_ep_disable(hidg->out_ep);
489 hidg->out_ep->driver_data = NULL;
490
491 list_for_each_entry_safe(list, next, &hidg->completed_out_req, list) {
492 list_del(&list->list);
493 kfree(list);
494 }
495 }
496
497 static int hidg_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
498 {
499 struct usb_composite_dev *cdev = f->config->cdev;
500 struct f_hidg *hidg = func_to_hidg(f);
501 int i, status = 0;
502
503 VDBG(cdev, "hidg_set_alt intf:%d alt:%d\n", intf, alt);
504
505 if (hidg->in_ep != NULL) {
506 /* restart endpoint */
507 if (hidg->in_ep->driver_data != NULL)
508 usb_ep_disable(hidg->in_ep);
509
510 status = config_ep_by_speed(f->config->cdev->gadget, f,
511 hidg->in_ep);
512 if (status) {
513 ERROR(cdev, "config_ep_by_speed FAILED!\n");
514 goto fail;
515 }
516 status = usb_ep_enable(hidg->in_ep);
517 if (status < 0) {
518 ERROR(cdev, "Enable IN endpoint FAILED!\n");
519 goto fail;
520 }
521 hidg->in_ep->driver_data = hidg;
522 }
523
524
525 if (hidg->out_ep != NULL) {
526 /* restart endpoint */
527 if (hidg->out_ep->driver_data != NULL)
528 usb_ep_disable(hidg->out_ep);
529
530 status = config_ep_by_speed(f->config->cdev->gadget, f,
531 hidg->out_ep);
532 if (status) {
533 ERROR(cdev, "config_ep_by_speed FAILED!\n");
534 goto fail;
535 }
536 status = usb_ep_enable(hidg->out_ep);
537 if (status < 0) {
538 ERROR(cdev, "Enable IN endpoint FAILED!\n");
539 goto fail;
540 }
541 hidg->out_ep->driver_data = hidg;
542
543 /*
544 * allocate a bunch of read buffers and queue them all at once.
545 */
546 for (i = 0; i < hidg->qlen && status == 0; i++) {
547 struct usb_request *req =
548 hidg_alloc_ep_req(hidg->out_ep,
549 hidg->report_length);
550 if (req) {
551 req->complete = hidg_set_report_complete;
552 req->context = hidg;
553 status = usb_ep_queue(hidg->out_ep, req,
554 GFP_ATOMIC);
555 if (status)
556 ERROR(cdev, "%s queue req --> %d\n",
557 hidg->out_ep->name, status);
558 } else {
559 usb_ep_disable(hidg->out_ep);
560 hidg->out_ep->driver_data = NULL;
561 status = -ENOMEM;
562 goto fail;
563 }
564 }
565 }
566
567 fail:
568 return status;
569 }
570
571 const struct file_operations f_hidg_fops = {
572 .owner = THIS_MODULE,
573 .open = f_hidg_open,
574 .release = f_hidg_release,
575 .write = f_hidg_write,
576 .read = f_hidg_read,
577 .poll = f_hidg_poll,
578 .llseek = noop_llseek,
579 };
580
581 static int hidg_bind(struct usb_configuration *c, struct usb_function *f)
582 {
583 struct usb_ep *ep;
584 struct f_hidg *hidg = func_to_hidg(f);
585 struct usb_string *us;
586 struct device *device;
587 int status;
588 dev_t dev;
589
590 /* maybe allocate device-global string IDs, and patch descriptors */
591 us = usb_gstrings_attach(c->cdev, ct_func_strings,
592 ARRAY_SIZE(ct_func_string_defs));
593 if (IS_ERR(us))
594 return PTR_ERR(us);
595 hidg_interface_desc.iInterface = us[CT_FUNC_HID_IDX].id;
596
597 /* allocate instance-specific interface IDs, and patch descriptors */
598 status = usb_interface_id(c, f);
599 if (status < 0)
600 goto fail;
601 hidg_interface_desc.bInterfaceNumber = status;
602
603 /* allocate instance-specific endpoints */
604 status = -ENODEV;
605 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_in_ep_desc);
606 if (!ep)
607 goto fail;
608 ep->driver_data = c->cdev; /* claim */
609 hidg->in_ep = ep;
610
611 ep = usb_ep_autoconfig(c->cdev->gadget, &hidg_fs_out_ep_desc);
612 if (!ep)
613 goto fail;
614 ep->driver_data = c->cdev; /* claim */
615 hidg->out_ep = ep;
616
617 /* preallocate request and buffer */
618 status = -ENOMEM;
619 hidg->req = usb_ep_alloc_request(hidg->in_ep, GFP_KERNEL);
620 if (!hidg->req)
621 goto fail;
622
623 hidg->req->buf = kmalloc(hidg->report_length, GFP_KERNEL);
624 if (!hidg->req->buf)
625 goto fail;
626
627 /* set descriptor dynamic values */
628 hidg_interface_desc.bInterfaceSubClass = hidg->bInterfaceSubClass;
629 hidg_interface_desc.bInterfaceProtocol = hidg->bInterfaceProtocol;
630 hidg_hs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
631 hidg_fs_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
632 hidg_hs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
633 hidg_fs_out_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
634 hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT;
635 hidg_desc.desc[0].wDescriptorLength =
636 cpu_to_le16(hidg->report_desc_length);
637
638 hidg_hs_in_ep_desc.bEndpointAddress =
639 hidg_fs_in_ep_desc.bEndpointAddress;
640 hidg_hs_out_ep_desc.bEndpointAddress =
641 hidg_fs_out_ep_desc.bEndpointAddress;
642
643 status = usb_assign_descriptors(f, hidg_fs_descriptors,
644 hidg_hs_descriptors, NULL);
645 if (status)
646 goto fail;
647
648 mutex_init(&hidg->lock);
649 spin_lock_init(&hidg->spinlock);
650 init_waitqueue_head(&hidg->write_queue);
651 init_waitqueue_head(&hidg->read_queue);
652 INIT_LIST_HEAD(&hidg->completed_out_req);
653
654 /* create char device */
655 cdev_init(&hidg->cdev, &f_hidg_fops);
656 dev = MKDEV(major, hidg->minor);
657 status = cdev_add(&hidg->cdev, dev, 1);
658 if (status)
659 goto fail_free_descs;
660
661 device = device_create(hidg_class, NULL, dev, NULL,
662 "%s%d", "hidg", hidg->minor);
663 if (IS_ERR(device)) {
664 status = PTR_ERR(device);
665 goto del;
666 }
667
668 return 0;
669 del:
670 cdev_del(&hidg->cdev);
671 fail_free_descs:
672 usb_free_all_descriptors(f);
673 fail:
674 ERROR(f->config->cdev, "hidg_bind FAILED\n");
675 if (hidg->req != NULL) {
676 kfree(hidg->req->buf);
677 if (hidg->in_ep != NULL)
678 usb_ep_free_request(hidg->in_ep, hidg->req);
679 }
680
681 return status;
682 }
683
684 static inline int hidg_get_minor(void)
685 {
686 int ret;
687
688 ret = ida_simple_get(&hidg_ida, 0, 0, GFP_KERNEL);
689
690 return ret;
691 }
692
693 static inline struct f_hid_opts *to_f_hid_opts(struct config_item *item)
694 {
695 return container_of(to_config_group(item), struct f_hid_opts,
696 func_inst.group);
697 }
698
699 CONFIGFS_ATTR_STRUCT(f_hid_opts);
700 CONFIGFS_ATTR_OPS(f_hid_opts);
701
702 static void hid_attr_release(struct config_item *item)
703 {
704 struct f_hid_opts *opts = to_f_hid_opts(item);
705
706 usb_put_function_instance(&opts->func_inst);
707 }
708
709 static struct configfs_item_operations hidg_item_ops = {
710 .release = hid_attr_release,
711 .show_attribute = f_hid_opts_attr_show,
712 .store_attribute = f_hid_opts_attr_store,
713 };
714
715 #define F_HID_OPT(name, prec, limit) \
716 static ssize_t f_hid_opts_##name##_show(struct f_hid_opts *opts, char *page)\
717 { \
718 int result; \
719 \
720 mutex_lock(&opts->lock); \
721 result = sprintf(page, "%d\n", opts->name); \
722 mutex_unlock(&opts->lock); \
723 \
724 return result; \
725 } \
726 \
727 static ssize_t f_hid_opts_##name##_store(struct f_hid_opts *opts, \
728 const char *page, size_t len) \
729 { \
730 int ret; \
731 u##prec num; \
732 \
733 mutex_lock(&opts->lock); \
734 if (opts->refcnt) { \
735 ret = -EBUSY; \
736 goto end; \
737 } \
738 \
739 ret = kstrtou##prec(page, 0, &num); \
740 if (ret) \
741 goto end; \
742 \
743 if (num > limit) { \
744 ret = -EINVAL; \
745 goto end; \
746 } \
747 opts->name = num; \
748 ret = len; \
749 \
750 end: \
751 mutex_unlock(&opts->lock); \
752 return ret; \
753 } \
754 \
755 static struct f_hid_opts_attribute f_hid_opts_##name = \
756 __CONFIGFS_ATTR(name, S_IRUGO | S_IWUSR, f_hid_opts_##name##_show,\
757 f_hid_opts_##name##_store)
758
759 F_HID_OPT(subclass, 8, 255);
760 F_HID_OPT(protocol, 8, 255);
761 F_HID_OPT(report_length, 16, 65536);
762
763 static ssize_t f_hid_opts_report_desc_show(struct f_hid_opts *opts, char *page)
764 {
765 int result;
766
767 mutex_lock(&opts->lock);
768 result = opts->report_desc_length;
769 memcpy(page, opts->report_desc, opts->report_desc_length);
770 mutex_unlock(&opts->lock);
771
772 return result;
773 }
774
775 static ssize_t f_hid_opts_report_desc_store(struct f_hid_opts *opts,
776 const char *page, size_t len)
777 {
778 int ret = -EBUSY;
779 char *d;
780
781 mutex_lock(&opts->lock);
782
783 if (opts->refcnt)
784 goto end;
785 if (len > PAGE_SIZE) {
786 ret = -ENOSPC;
787 goto end;
788 }
789 d = kmemdup(page, len, GFP_KERNEL);
790 if (!d) {
791 ret = -ENOMEM;
792 goto end;
793 }
794 kfree(opts->report_desc);
795 opts->report_desc = d;
796 opts->report_desc_length = len;
797 opts->report_desc_alloc = true;
798 ret = len;
799 end:
800 mutex_unlock(&opts->lock);
801 return ret;
802 }
803
804 static struct f_hid_opts_attribute f_hid_opts_report_desc =
805 __CONFIGFS_ATTR(report_desc, S_IRUGO | S_IWUSR,
806 f_hid_opts_report_desc_show,
807 f_hid_opts_report_desc_store);
808
809 static struct configfs_attribute *hid_attrs[] = {
810 &f_hid_opts_subclass.attr,
811 &f_hid_opts_protocol.attr,
812 &f_hid_opts_report_length.attr,
813 &f_hid_opts_report_desc.attr,
814 NULL,
815 };
816
817 static struct config_item_type hid_func_type = {
818 .ct_item_ops = &hidg_item_ops,
819 .ct_attrs = hid_attrs,
820 .ct_owner = THIS_MODULE,
821 };
822
823 static inline void hidg_put_minor(int minor)
824 {
825 ida_simple_remove(&hidg_ida, minor);
826 }
827
828 static void hidg_free_inst(struct usb_function_instance *f)
829 {
830 struct f_hid_opts *opts;
831
832 opts = container_of(f, struct f_hid_opts, func_inst);
833
834 mutex_lock(&hidg_ida_lock);
835
836 hidg_put_minor(opts->minor);
837 if (idr_is_empty(&hidg_ida.idr))
838 ghid_cleanup();
839
840 mutex_unlock(&hidg_ida_lock);
841
842 if (opts->report_desc_alloc)
843 kfree(opts->report_desc);
844
845 kfree(opts);
846 }
847
848 static struct usb_function_instance *hidg_alloc_inst(void)
849 {
850 struct f_hid_opts *opts;
851 struct usb_function_instance *ret;
852 int status = 0;
853
854 opts = kzalloc(sizeof(*opts), GFP_KERNEL);
855 if (!opts)
856 return ERR_PTR(-ENOMEM);
857 mutex_init(&opts->lock);
858 opts->func_inst.free_func_inst = hidg_free_inst;
859 ret = &opts->func_inst;
860
861 mutex_lock(&hidg_ida_lock);
862
863 if (idr_is_empty(&hidg_ida.idr)) {
864 status = ghid_setup(NULL, HIDG_MINORS);
865 if (status) {
866 ret = ERR_PTR(status);
867 kfree(opts);
868 goto unlock;
869 }
870 }
871
872 opts->minor = hidg_get_minor();
873 if (opts->minor < 0) {
874 ret = ERR_PTR(opts->minor);
875 kfree(opts);
876 if (idr_is_empty(&hidg_ida.idr))
877 ghid_cleanup();
878 goto unlock;
879 }
880 config_group_init_type_name(&opts->func_inst.group, "", &hid_func_type);
881
882 unlock:
883 mutex_unlock(&hidg_ida_lock);
884 return ret;
885 }
886
887 static void hidg_free(struct usb_function *f)
888 {
889 struct f_hidg *hidg;
890 struct f_hid_opts *opts;
891
892 hidg = func_to_hidg(f);
893 opts = container_of(f->fi, struct f_hid_opts, func_inst);
894 kfree(hidg->report_desc);
895 kfree(hidg);
896 mutex_lock(&opts->lock);
897 --opts->refcnt;
898 mutex_unlock(&opts->lock);
899 }
900
901 static void hidg_unbind(struct usb_configuration *c, struct usb_function *f)
902 {
903 struct f_hidg *hidg = func_to_hidg(f);
904
905 device_destroy(hidg_class, MKDEV(major, hidg->minor));
906 cdev_del(&hidg->cdev);
907
908 /* disable/free request and end point */
909 usb_ep_disable(hidg->in_ep);
910 usb_ep_dequeue(hidg->in_ep, hidg->req);
911 kfree(hidg->req->buf);
912 usb_ep_free_request(hidg->in_ep, hidg->req);
913
914 usb_free_all_descriptors(f);
915 }
916
917 static struct usb_function *hidg_alloc(struct usb_function_instance *fi)
918 {
919 struct f_hidg *hidg;
920 struct f_hid_opts *opts;
921
922 /* allocate and initialize one new instance */
923 hidg = kzalloc(sizeof(*hidg), GFP_KERNEL);
924 if (!hidg)
925 return ERR_PTR(-ENOMEM);
926
927 opts = container_of(fi, struct f_hid_opts, func_inst);
928
929 mutex_lock(&opts->lock);
930 ++opts->refcnt;
931
932 hidg->minor = opts->minor;
933 hidg->bInterfaceSubClass = opts->subclass;
934 hidg->bInterfaceProtocol = opts->protocol;
935 hidg->report_length = opts->report_length;
936 hidg->report_desc_length = opts->report_desc_length;
937 if (opts->report_desc) {
938 hidg->report_desc = kmemdup(opts->report_desc,
939 opts->report_desc_length,
940 GFP_KERNEL);
941 if (!hidg->report_desc) {
942 kfree(hidg);
943 mutex_unlock(&opts->lock);
944 return ERR_PTR(-ENOMEM);
945 }
946 }
947
948 mutex_unlock(&opts->lock);
949
950 hidg->func.name = "hid";
951 hidg->func.bind = hidg_bind;
952 hidg->func.unbind = hidg_unbind;
953 hidg->func.set_alt = hidg_set_alt;
954 hidg->func.disable = hidg_disable;
955 hidg->func.setup = hidg_setup;
956 hidg->func.free_func = hidg_free;
957
958 /* this could me made configurable at some point */
959 hidg->qlen = 4;
960
961 return &hidg->func;
962 }
963
964 DECLARE_USB_FUNCTION_INIT(hid, hidg_alloc_inst, hidg_alloc);
965 MODULE_LICENSE("GPL");
966 MODULE_AUTHOR("Fabien Chouteau");
967
968 int ghid_setup(struct usb_gadget *g, int count)
969 {
970 int status;
971 dev_t dev;
972
973 hidg_class = class_create(THIS_MODULE, "hidg");
974 if (IS_ERR(hidg_class)) {
975 hidg_class = NULL;
976 return PTR_ERR(hidg_class);
977 }
978
979 status = alloc_chrdev_region(&dev, 0, count, "hidg");
980 if (!status) {
981 major = MAJOR(dev);
982 minors = count;
983 }
984
985 return status;
986 }
987
988 void ghid_cleanup(void)
989 {
990 if (major) {
991 unregister_chrdev_region(MKDEV(major, 0), minors);
992 major = minors = 0;
993 }
994
995 class_destroy(hidg_class);
996 hidg_class = NULL;
997 }
(deprecated) Btrfs devel tree