1 /* $NetBSD: uhidev.c,v 1.95 2024/02/04 05:43:06 mrg Exp $ */
2
3 /*
4 * Copyright (c) 2001, 2012 The NetBSD Foundation, Inc.
5 * All rights reserved.
6 *
7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Lennart Augustsson (lennart@augustsson.net) at
9 * Carlstedt Research & Technology and Matthew R. Green (mrg@eterna23.net).
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
24 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30 * POSSIBILITY OF SUCH DAMAGE.
31 */
32
33 /*
34 * HID spec: http://www.usb.org/developers/devclass_docs/HID1_11.pdf
35 */
36
37 #include <sys/cdefs.h>
38 __KERNEL_RCSID(0, "$NetBSD: uhidev.c,v 1.95 2024/02/04 05:43:06 mrg Exp $");
39
40 #ifdef _KERNEL_OPT
41 #include "opt_usb.h"
42 #endif
43
44 #include <sys/param.h>
45 #include <sys/types.h>
46
47 #include <sys/atomic.h>
48 #include <sys/conf.h>
49 #include <sys/device.h>
50 #include <sys/ioctl.h>
51 #include <sys/kernel.h>
52 #include <sys/kmem.h>
53 #include <sys/lwp.h>
54 #include <sys/rndsource.h>
55 #include <sys/signalvar.h>
56 #include <sys/systm.h>
57 #include <sys/xcall.h>
58
59 #include <dev/usb/usb.h>
60 #include <dev/usb/usbhid.h>
61
62 #include <dev/usb/usbdevs.h>
63 #include <dev/usb/usbdi.h>
64 #include <dev/usb/usbdi_util.h>
65 #include <dev/usb/usb_quirks.h>
66
67 #include <dev/usb/uhidev.h>
68 #include <dev/hid/hid.h>
69
70 /* Report descriptor for broken Wacom Graphire */
71 #include <dev/usb/ugraphire_rdesc.h>
72 /* Report descriptor for game controllers in "XInput" mode */
73 #include <dev/usb/xinput_rdesc.h>
74 /* Report descriptor for Xbox One controllers */
75 #include <dev/usb/x1input_rdesc.h>
76
77 #include "locators.h"
78
79 struct uhidev_softc {
80 device_t sc_dev; /* base device */
81 struct usbd_device *sc_udev;
82 struct usbd_interface *sc_iface; /* interface */
83 int sc_iep_addr;
84 int sc_oep_addr;
85 u_int sc_isize;
86
87 int sc_repdesc_size;
88 void *sc_repdesc;
89
90 u_int sc_nrepid;
91 struct uhidev {
92 struct uhidev_softc *sc_parent;
93 device_t sc_dev;
94 void (*sc_intr)(void *, void *, u_int);
95 void *sc_cookie;
96 krndsource_t sc_rndsource;
97 int sc_in_rep_size;
98 uint8_t sc_report_id;
99 uint8_t sc_state;
100 #define UHIDEV_OPEN 0x01 /* device is open */
101 #define UHIDEV_STOPPED 0x02 /* xfers are stopped */
102 } *sc_subdevs;
103
104 kmutex_t sc_lock;
105 kcondvar_t sc_cv;
106
107 /* Read/written under sc_lock. */
108 struct lwp *sc_writelock;
109 struct lwp *sc_configlock;
110 int sc_refcnt;
111 int sc_writereportid;
112 int sc_stopreportid;
113
114 /*
115 * - Read under sc_lock, provided sc_refcnt > 0.
116 * - Written under sc_configlock only when transitioning to and
117 * from sc_refcnt = 0.
118 */
119 u_char *sc_ibuf;
120 struct usbd_pipe *sc_ipipe; /* input interrupt pipe */
121 struct usbd_pipe *sc_opipe; /* output interrupt pipe */
122 struct usbd_xfer *sc_oxfer; /* write request */
123 usbd_callback sc_writecallback; /* async write request callback */
124 void *sc_writecookie;
125
126 u_int sc_flags;
127 #define UHIDEV_F_XB1 0x0001 /* Xbox 1 controller */
128 };
129
130 #ifdef UHIDEV_DEBUG
131 #define DPRINTF(x) if (uhidevdebug) printf x
132 #define DPRINTFN(n,x) if (uhidevdebug>(n)) printf x
133 int uhidevdebug = 0;
134 #else
135 #define DPRINTF(x)
136 #define DPRINTFN(n,x)
137 #endif
138
139 static void uhidev_intr(struct usbd_xfer *, void *, usbd_status);
140
141 static int uhidev_maxrepid(void *, int);
142 static int uhidevprint(void *, const char *);
143
144 static int uhidev_match(device_t, cfdata_t, void *);
145 static void uhidev_attach(device_t, device_t, void *);
146 static void uhidev_childdet(device_t, device_t);
147 static int uhidev_detach(device_t, int);
148
149 CFATTACH_DECL2_NEW(uhidev, sizeof(struct uhidev_softc), uhidev_match,
150 uhidev_attach, uhidev_detach, NULL, NULL, uhidev_childdet);
151
152 static int
uhidev_match(device_t parent,cfdata_t match,void * aux)153 uhidev_match(device_t parent, cfdata_t match, void *aux)
154 {
155 struct usbif_attach_arg *uiaa = aux;
156
157 /* Game controllers in "XInput" mode */
158 if (USBIF_IS_XINPUT(uiaa))
159 return UMATCH_IFACECLASS_IFACESUBCLASS_IFACEPROTO;
160 /* Xbox One controllers */
161 if (USBIF_IS_X1INPUT(uiaa) && uiaa->uiaa_ifaceno == 0)
162 return UMATCH_IFACECLASS_IFACESUBCLASS_IFACEPROTO;
163
164 if (uiaa->uiaa_class != UICLASS_HID)
165 return UMATCH_NONE;
166 if (usbd_get_quirks(uiaa->uiaa_device)->uq_flags & UQ_HID_IGNORE)
167 return UMATCH_NONE;
168 return UMATCH_IFACECLASS_GENERIC;
169 }
170
171 static void
uhidev_attach(device_t parent,device_t self,void * aux)172 uhidev_attach(device_t parent, device_t self, void *aux)
173 {
174 struct uhidev_softc *sc = device_private(self);
175 struct usbif_attach_arg *uiaa = aux;
176 struct usbd_interface *iface = uiaa->uiaa_iface;
177 usb_interface_descriptor_t *id;
178 usb_endpoint_descriptor_t *ed;
179 struct uhidev_attach_arg uha;
180 device_t dev;
181 int maxinpktsize, size, nrepid, repid, repsz;
182 int *repsizes;
183 int i;
184 void *desc;
185 const void *descptr;
186 usbd_status err;
187 char *devinfop;
188 int locs[UHIDBUSCF_NLOCS];
189
190 sc->sc_dev = self;
191 sc->sc_udev = uiaa->uiaa_device;
192 sc->sc_iface = iface;
193
194 aprint_naive("\n");
195 aprint_normal("\n");
196
197 mutex_init(&sc->sc_lock, MUTEX_DEFAULT, IPL_SOFTUSB);
198 cv_init(&sc->sc_cv, "uhidev");
199 sc->sc_writelock = NULL;
200 sc->sc_configlock = NULL;
201 sc->sc_refcnt = 0;
202 sc->sc_writereportid = -1;
203 sc->sc_stopreportid = -1;
204
205 id = usbd_get_interface_descriptor(iface);
206
207 devinfop = usbd_devinfo_alloc(uiaa->uiaa_device, 0);
208 aprint_normal_dev(self, "%s, iclass %d/%d\n",
209 devinfop, id->bInterfaceClass, id->bInterfaceSubClass);
210 usbd_devinfo_free(devinfop);
211
212 if (!pmf_device_register(self, NULL, NULL))
213 aprint_error_dev(self, "couldn't establish power handler\n");
214
215 if (uiaa->uiaa_vendor == USB_VENDOR_WACOM) {
216 if (uiaa->uiaa_product == USB_PRODUCT_WACOM_XD0912U) {
217 /*
218 * Wacom Intuos2 (XD-0912-U) requires longer idle time to
219 * initialize the device with 0x0202.
220 */
221 DELAY(500000);
222 }
223 }
224 (void)usbd_set_idle(iface, 0, 0);
225
226 if ((usbd_get_quirks(sc->sc_udev)->uq_flags & UQ_NO_SET_PROTO) == 0)
227 (void)usbd_set_protocol(iface, 1);
228
229 maxinpktsize = 0;
230 sc->sc_iep_addr = sc->sc_oep_addr = -1;
231 for (i = 0; i < id->bNumEndpoints; i++) {
232 ed = usbd_interface2endpoint_descriptor(iface, i);
233 if (ed == NULL) {
234 aprint_error_dev(self,
235 "could not read endpoint descriptor\n");
236 return;
237 }
238
239 DPRINTFN(10,("uhidev_attach: bLength=%d bDescriptorType=%d "
240 "bEndpointAddress=%d-%s bmAttributes=%d wMaxPacketSize=%d"
241 " bInterval=%d\n",
242 ed->bLength, ed->bDescriptorType,
243 ed->bEndpointAddress & UE_ADDR,
244 UE_GET_DIR(ed->bEndpointAddress)==UE_DIR_IN? "in" : "out",
245 ed->bmAttributes & UE_XFERTYPE,
246 UGETW(ed->wMaxPacketSize), ed->bInterval));
247
248 if (UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_IN &&
249 (ed->bmAttributes & UE_XFERTYPE) == UE_INTERRUPT) {
250 maxinpktsize = UGETW(ed->wMaxPacketSize);
251 sc->sc_iep_addr = ed->bEndpointAddress;
252 } else if (UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_OUT &&
253 (ed->bmAttributes & UE_XFERTYPE) == UE_INTERRUPT) {
254 sc->sc_oep_addr = ed->bEndpointAddress;
255 } else {
256 aprint_verbose_dev(self, "endpoint %d: ignored\n", i);
257 }
258 }
259
260 /*
261 * Check that we found an input interrupt endpoint. The output interrupt
262 * endpoint is optional
263 */
264 if (sc->sc_iep_addr == -1) {
265 aprint_error_dev(self, "no input interrupt endpoint\n");
266 return;
267 }
268
269 /* XXX need to extend this */
270 descptr = NULL;
271 if (uiaa->uiaa_vendor == USB_VENDOR_WACOM) {
272 static uByte reportbuf[3];
273
274 /* The report descriptor for the Wacom Graphire is broken. */
275 switch (uiaa->uiaa_product) {
276 case USB_PRODUCT_WACOM_GRAPHIRE3_4X5:
277 case USB_PRODUCT_WACOM_GRAPHIRE3_6X8:
278 case USB_PRODUCT_WACOM_GRAPHIRE4_4X5: /* The 6x8 too? */
279 /*
280 * The Graphire3 needs 0x0202 to be written to
281 * feature report ID 2 before it'll start
282 * returning digitizer data.
283 */
284 reportbuf[0] = 0x02;
285 reportbuf[1] = 0x02;
286 usbd_set_report(uiaa->uiaa_iface, UHID_FEATURE_REPORT, 2,
287 &reportbuf, 2);
288
289 size = sizeof(uhid_graphire3_4x5_report_descr);
290 descptr = uhid_graphire3_4x5_report_descr;
291 break;
292 case USB_PRODUCT_WACOM_GRAPHIRE:
293 case USB_PRODUCT_WACOM_GRAPHIRE2:
294 case USB_PRODUCT_WACOM_XD0912U:
295 case USB_PRODUCT_WACOM_CTH690K0:
296 reportbuf[0] = 0x02;
297 reportbuf[1] = 0x02;
298 usbd_set_report(uiaa->uiaa_iface, UHID_FEATURE_REPORT, 2,
299 &reportbuf, 2);
300 break;
301 default:
302 /* Keep descriptor */
303 break;
304 }
305 }
306 if (USBIF_IS_XINPUT(uiaa)) {
307 size = sizeof(uhid_xinput_report_descr);
308 descptr = uhid_xinput_report_descr;
309 }
310 if (USBIF_IS_X1INPUT(uiaa)) {
311 sc->sc_flags |= UHIDEV_F_XB1;
312 size = sizeof(uhid_x1input_report_descr);
313 descptr = uhid_x1input_report_descr;
314 }
315
316 if (descptr) {
317 desc = kmem_alloc(size, KM_SLEEP);
318 err = USBD_NORMAL_COMPLETION;
319 memcpy(desc, descptr, size);
320 } else {
321 desc = NULL;
322 err = usbd_read_report_desc(uiaa->uiaa_iface, &desc, &size);
323 }
324 if (err) {
325 aprint_error_dev(self, "no report descriptor\n");
326 return;
327 }
328
329 if (uiaa->uiaa_vendor == USB_VENDOR_HOSIDEN &&
330 uiaa->uiaa_product == USB_PRODUCT_HOSIDEN_PPP) {
331 static uByte reportbuf[] = { 1 };
332 /*
333 * This device was sold by Konami with its ParaParaParadise
334 * game for PlayStation2. It needs to be "turned on"
335 * before it will send any reports.
336 */
337
338 usbd_set_report(uiaa->uiaa_iface, UHID_FEATURE_REPORT, 0,
339 &reportbuf, sizeof(reportbuf));
340 }
341
342 if (uiaa->uiaa_vendor == USB_VENDOR_LOGITECH &&
343 uiaa->uiaa_product == USB_PRODUCT_LOGITECH_CBT44 && size == 0xb1) {
344 uint8_t *data = desc;
345 /*
346 * This device has a odd USAGE_MINIMUM value that would
347 * cause the multimedia keys to have their usage number
348 * shifted up one usage. Adjust so the usages are sane.
349 */
350
351 if (data[0x56] == 0x19 && data[0x57] == 0x01 &&
352 data[0x58] == 0x2a && data[0x59] == 0x8c)
353 data[0x57] = 0x00;
354 }
355
356 /*
357 * Enable the Six Axis and DualShock 3 controllers.
358 * See http://ps3.jim.sh/sixaxis/usb/
359 */
360 if (uiaa->uiaa_vendor == USB_VENDOR_SONY &&
361 uiaa->uiaa_product == USB_PRODUCT_SONY_PS3CONTROLLER) {
362 usb_device_request_t req;
363 char data[17];
364 int actlen;
365
366 req.bmRequestType = UT_READ_CLASS_INTERFACE;
367 req.bRequest = 1;
368 USETW(req.wValue, 0x3f2);
369 USETW(req.wIndex, 0);
370 USETW(req.wLength, sizeof(data));
371
372 usbd_do_request_flags(sc->sc_udev, &req, data,
373 USBD_SHORT_XFER_OK, &actlen, USBD_DEFAULT_TIMEOUT);
374 }
375
376 sc->sc_repdesc = desc;
377 sc->sc_repdesc_size = size;
378
379 uha.uiaa = uiaa;
380 nrepid = uhidev_maxrepid(desc, size);
381 if (nrepid < 0)
382 return;
383 if (nrepid > 0)
384 aprint_normal_dev(self, "%d report ids\n", nrepid);
385 nrepid++;
386 repsizes = kmem_alloc(nrepid * sizeof(*repsizes), KM_SLEEP);
387 sc->sc_subdevs = kmem_zalloc(nrepid * sizeof(sc->sc_subdevs[0]),
388 KM_SLEEP);
389
390 /* Just request max packet size for the interrupt pipe */
391 sc->sc_isize = maxinpktsize;
392 sc->sc_nrepid = nrepid;
393
394 usbd_add_drv_event(USB_EVENT_DRIVER_ATTACH, sc->sc_udev, sc->sc_dev);
395
396 for (repid = 0; repid < nrepid; repid++) {
397 repsz = hid_report_size(desc, size, hid_input, repid);
398 DPRINTF(("uhidev_match: repid=%d, repsz=%d\n", repid, repsz));
399 repsizes[repid] = repsz;
400 }
401
402 DPRINTF(("uhidev_attach: isize=%d\n", sc->sc_isize));
403
404 for (repid = 0; repid < nrepid; repid++) {
405 struct uhidev *scd = &sc->sc_subdevs[repid];
406
407 scd->sc_parent = sc;
408 scd->sc_report_id = repid;
409 scd->sc_in_rep_size = repsizes[repid];
410
411 DPRINTF(("uhidev_match: try repid=%d\n", repid));
412 if (hid_report_size(desc, size, hid_input, repid) == 0 &&
413 hid_report_size(desc, size, hid_output, repid) == 0 &&
414 hid_report_size(desc, size, hid_feature, repid) == 0) {
415 ; /* already NULL in sc->sc_subdevs[repid] */
416 } else {
417 uha.parent = scd;
418 uha.reportid = repid;
419 locs[UHIDBUSCF_REPORTID] = repid;
420
421 dev = config_found(self, &uha, uhidevprint,
422 CFARGS(.submatch = config_stdsubmatch,
423 .locators = locs));
424 sc->sc_subdevs[repid].sc_dev = dev;
425 if (dev == NULL)
426 continue;
427 /*
428 * XXXSMP -- could be detached in the middle of
429 * sleeping for allocation in rnd_attach_source
430 */
431 rnd_attach_source(&scd->sc_rndsource,
432 device_xname(dev), RND_TYPE_TTY, RND_FLAG_DEFAULT);
433 }
434 }
435 kmem_free(repsizes, nrepid * sizeof(*repsizes));
436
437 return;
438 }
439
440 static int
uhidev_maxrepid(void * buf,int len)441 uhidev_maxrepid(void *buf, int len)
442 {
443 struct hid_data *d;
444 struct hid_item h;
445 int maxid;
446
447 maxid = -1;
448 h.report_ID = 0;
449 for (d = hid_start_parse(buf, len, hid_none); hid_get_item(d, &h); )
450 if ((int)h.report_ID > maxid)
451 maxid = h.report_ID;
452 hid_end_parse(d);
453 return MIN(maxid, UHIDEV_MAXREPID);
454 }
455
456 static int
uhidevprint(void * aux,const char * pnp)457 uhidevprint(void *aux, const char *pnp)
458 {
459 struct uhidev_attach_arg *uha = aux;
460
461 if (pnp)
462 aprint_normal("uhid at %s", pnp);
463 if (uha->reportid != 0)
464 aprint_normal(" reportid %d", uha->reportid);
465 return UNCONF;
466 }
467
468 static void
uhidev_childdet(device_t self,device_t child)469 uhidev_childdet(device_t self, device_t child)
470 {
471 int i;
472 struct uhidev_softc *sc = device_private(self);
473
474 for (i = 0; i < sc->sc_nrepid; i++) {
475 if (sc->sc_subdevs[i].sc_dev == child)
476 break;
477 }
478 KASSERT(i < sc->sc_nrepid);
479 sc->sc_subdevs[i].sc_dev = NULL;
480 /*
481 * XXXSMP -- could be reattached in the middle of sleeping for
482 * lock on sources to delete this in rnd_attach_source
483 *
484 * (Actually this can't happen right now because there's no
485 * rescan method, but if there were, it could.)
486 */
487 rnd_detach_source(&sc->sc_subdevs[i].sc_rndsource);
488 }
489
490 static int
uhidev_detach(device_t self,int flags)491 uhidev_detach(device_t self, int flags)
492 {
493 struct uhidev_softc *sc = device_private(self);
494 int rv;
495
496 DPRINTF(("uhidev_detach: sc=%p flags=%d\n", sc, flags));
497
498 /*
499 * Try to detach all our children. If anything fails, bail.
500 * Failure can happen if this is from drvctl -d; of course, if
501 * this is a USB device being yanked, flags will have
502 * DETACH_FORCE and the children will not have the option of
503 * refusing detachment. If they do detach, the pipes can no
504 * longer be in use.
505 */
506 rv = config_detach_children(self, flags);
507 if (rv)
508 return rv;
509
510 KASSERTMSG(sc->sc_refcnt == 0,
511 "%s: %d refs remain", device_xname(sc->sc_dev), sc->sc_refcnt);
512 KASSERT(sc->sc_opipe == NULL);
513 KASSERT(sc->sc_ipipe == NULL);
514 KASSERT(sc->sc_ibuf == NULL);
515
516 if (sc->sc_repdesc != NULL) {
517 kmem_free(sc->sc_repdesc, sc->sc_repdesc_size);
518 sc->sc_repdesc = NULL;
519 }
520 if (sc->sc_subdevs != NULL) {
521 int nrepid = sc->sc_nrepid;
522 kmem_free(sc->sc_subdevs, nrepid * sizeof(sc->sc_subdevs[0]));
523 sc->sc_subdevs = NULL;
524 }
525
526 usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, sc->sc_udev, sc->sc_dev);
527
528 pmf_device_deregister(self);
529 KASSERT(sc->sc_configlock == NULL);
530 KASSERT(sc->sc_writelock == NULL);
531 cv_destroy(&sc->sc_cv);
532 mutex_destroy(&sc->sc_lock);
533
534 return rv;
535 }
536
537 static void
uhidev_intr(struct usbd_xfer * xfer,void * addr,usbd_status status)538 uhidev_intr(struct usbd_xfer *xfer, void *addr, usbd_status status)
539 {
540 struct uhidev_softc *sc = addr;
541 struct uhidev *scd;
542 u_char *p;
543 u_int rep;
544 uint32_t cc;
545
546 usbd_get_xfer_status(xfer, NULL, NULL, &cc, NULL);
547
548 #ifdef UHIDEV_DEBUG
549 if (uhidevdebug > 5) {
550 uint32_t i;
551
552 DPRINTF(("uhidev_intr: status=%d cc=%d\n", status, cc));
553 DPRINTF(("uhidev_intr: data ="));
554 for (i = 0; i < cc; i++)
555 DPRINTF((" %02x", sc->sc_ibuf[i]));
556 DPRINTF(("\n"));
557 }
558 #endif
559
560 if (status == USBD_CANCELLED)
561 return;
562
563 if (status != USBD_NORMAL_COMPLETION) {
564 DPRINTF(("%s: interrupt status=%d\n", device_xname(sc->sc_dev),
565 status));
566 usbd_clear_endpoint_stall_async(sc->sc_ipipe);
567 return;
568 }
569
570 p = sc->sc_ibuf;
571 if (sc->sc_nrepid != 1)
572 rep = *p++, cc--;
573 else
574 rep = 0;
575 if (rep >= sc->sc_nrepid) {
576 printf("uhidev_intr: bad repid %d\n", rep);
577 return;
578 }
579 scd = &sc->sc_subdevs[rep];
580 DPRINTFN(5,("uhidev_intr: rep=%d, scd=%p state=%#x\n",
581 rep, scd, scd->sc_state));
582 if (!(atomic_load_acquire(&scd->sc_state) & UHIDEV_OPEN))
583 return;
584 #ifdef UHIDEV_DEBUG
585 if (scd->sc_in_rep_size != cc) {
586 DPRINTF(("%s: expected %d bytes, got %d\n",
587 device_xname(sc->sc_dev), scd->sc_in_rep_size, cc));
588 }
589 #endif
590 if (cc == 0) {
591 DPRINTF(("%s: 0-length input ignored\n",
592 device_xname(sc->sc_dev)));
593 return;
594 }
595 rnd_add_uint32(&scd->sc_rndsource, (uintptr_t)(sc->sc_ibuf));
596 scd->sc_intr(scd->sc_cookie, p, cc);
597 }
598
599 void
uhidev_get_report_desc(struct uhidev * scd,void ** desc,int * size)600 uhidev_get_report_desc(struct uhidev *scd, void **desc, int *size)
601 {
602 struct uhidev_softc *sc = scd->sc_parent;
603
604 *desc = sc->sc_repdesc;
605 *size = sc->sc_repdesc_size;
606 }
607
608 static int
uhidev_config_enter(struct uhidev_softc * sc)609 uhidev_config_enter(struct uhidev_softc *sc)
610 {
611 int error;
612
613 KASSERT(mutex_owned(&sc->sc_lock));
614
615 for (;;) {
616 if (sc->sc_configlock == NULL)
617 break;
618 error = cv_wait_sig(&sc->sc_cv, &sc->sc_lock);
619 if (error)
620 return error;
621 }
622
623 sc->sc_configlock = curlwp;
624 return 0;
625 }
626
627 static void
uhidev_config_enter_nointr(struct uhidev_softc * sc)628 uhidev_config_enter_nointr(struct uhidev_softc *sc)
629 {
630
631 KASSERT(mutex_owned(&sc->sc_lock));
632
633 while (sc->sc_configlock)
634 cv_wait(&sc->sc_cv, &sc->sc_lock);
635 sc->sc_configlock = curlwp;
636 }
637
638 static void
uhidev_config_exit(struct uhidev_softc * sc)639 uhidev_config_exit(struct uhidev_softc *sc)
640 {
641
642 KASSERT(mutex_owned(&sc->sc_lock));
643 KASSERTMSG(sc->sc_configlock == curlwp, "%s: migrated from %p to %p",
644 device_xname(sc->sc_dev), curlwp, sc->sc_configlock);
645
646 sc->sc_configlock = NULL;
647 cv_broadcast(&sc->sc_cv);
648 }
649
650 /*
651 * uhidev_open_pipes(sc)
652 *
653 * Ensure the pipes of the softc are open. Caller must hold
654 * sc_lock, which may be released and reacquired.
655 */
656 static int
uhidev_open_pipes(struct uhidev_softc * sc)657 uhidev_open_pipes(struct uhidev_softc *sc)
658 {
659 usbd_status err;
660 int error;
661
662 KASSERT(mutex_owned(&sc->sc_lock));
663
664 /*
665 * If the pipes are already open, just increment the reference
666 * count. The reference count is limited by the number of
667 * report ids, so this can't overflow.
668 */
669 if (sc->sc_refcnt) {
670 KASSERT(sc->sc_refcnt < UHIDEV_MAXREPID);
671 sc->sc_refcnt++;
672 return 0;
673 }
674
675 /*
676 * If there's no input data to prepare, don't bother with the
677 * pipes. We assume any device that does output also does
678 * input; if you have a device where this is wrong, then
679 * uhidev_write will fail gracefully (it checks sc->sc_opipe),
680 * and you can use that device to test the changes needed to
681 * open the output pipe here.
682 */
683 if (sc->sc_isize == 0)
684 return 0;
685
686 /*
687 * Lock the configuration and release sc_lock -- we may sleep
688 * to allocate. If someone else got in first, we're done;
689 * otherwise open the pipes.
690 */
691 error = uhidev_config_enter(sc);
692 if (error)
693 goto out;
694 if (sc->sc_refcnt) {
695 KASSERT(sc->sc_refcnt < UHIDEV_MAXREPID);
696 sc->sc_refcnt++;
697 error = 0;
698 goto out0;
699 }
700 mutex_exit(&sc->sc_lock);
701
702 /* Allocate an input buffer. */
703 sc->sc_ibuf = kmem_alloc(sc->sc_isize, KM_SLEEP);
704
705 /* Set up input interrupt pipe. */
706 DPRINTF(("%s: isize=%d, ep=0x%02x\n", __func__, sc->sc_isize,
707 sc->sc_iep_addr));
708
709 err = usbd_open_pipe_intr(sc->sc_iface, sc->sc_iep_addr,
710 USBD_SHORT_XFER_OK, &sc->sc_ipipe, sc, sc->sc_ibuf,
711 sc->sc_isize, uhidev_intr, USBD_DEFAULT_INTERVAL);
712 if (err != USBD_NORMAL_COMPLETION) {
713 DPRINTF(("uhidopen: usbd_open_pipe_intr failed, "
714 "error=%d\n", err));
715 error = EIO;
716 goto out1;
717 }
718
719 /*
720 * Set up output interrupt pipe if an output interrupt endpoint
721 * exists.
722 */
723 if (sc->sc_oep_addr != -1) {
724 DPRINTF(("uhidev_open: oep=0x%02x\n", sc->sc_oep_addr));
725
726 err = usbd_open_pipe(sc->sc_iface, sc->sc_oep_addr,
727 0, &sc->sc_opipe);
728
729 if (err != USBD_NORMAL_COMPLETION) {
730 DPRINTF(("uhidev_open: usbd_open_pipe failed, "
731 "error=%d\n", err));
732 error = EIO;
733 goto out2;
734 }
735 DPRINTF(("uhidev_open: sc->sc_opipe=%p\n", sc->sc_opipe));
736
737 error = usbd_create_xfer(sc->sc_opipe, UHIDEV_OSIZE, 0, 0,
738 &sc->sc_oxfer);
739 if (error) {
740 DPRINTF(("uhidev_open: couldn't allocate an xfer\n"));
741 goto out3;
742 }
743
744 if (sc->sc_flags & UHIDEV_F_XB1) {
745 uint8_t init_data[] = { 0x05, 0x20 };
746 int init_data_len = sizeof(init_data);
747 err = usbd_intr_transfer(sc->sc_oxfer, sc->sc_opipe, 0,
748 USBD_NO_TIMEOUT, init_data, &init_data_len);
749 if (err != USBD_NORMAL_COMPLETION) {
750 DPRINTF(("uhidev_open: xb1 init failed, "
751 "error=%d\n", err));
752 error = EIO;
753 goto out4;
754 }
755 }
756 }
757
758 /* Success! */
759 mutex_enter(&sc->sc_lock);
760 KASSERTMSG(sc->sc_refcnt == 0, "%d refs spuriously acquired",
761 sc->sc_refcnt);
762 sc->sc_refcnt++;
763 goto out0;
764
765 out4: if (sc->sc_oxfer) {
766 usbd_abort_pipe(sc->sc_opipe);
767 usbd_destroy_xfer(sc->sc_oxfer);
768 sc->sc_oxfer = NULL;
769 }
770 out3: if (sc->sc_opipe) {
771 usbd_close_pipe(sc->sc_opipe);
772 sc->sc_opipe = NULL;
773 }
774 out2: if (sc->sc_ipipe) {
775 usbd_abort_pipe(sc->sc_ipipe);
776 usbd_close_pipe(sc->sc_ipipe);
777 sc->sc_ipipe = NULL;
778 }
779 out1: kmem_free(sc->sc_ibuf, sc->sc_isize);
780 sc->sc_ibuf = NULL;
781 mutex_enter(&sc->sc_lock);
782 out0: KASSERT(mutex_owned(&sc->sc_lock));
783 uhidev_config_exit(sc);
784 out: KASSERT(mutex_owned(&sc->sc_lock));
785 return error;
786 }
787
788 static void
uhidev_close_pipes(struct uhidev_softc * sc)789 uhidev_close_pipes(struct uhidev_softc *sc)
790 {
791
792 KASSERT(mutex_owned(&sc->sc_lock));
793 KASSERTMSG(sc->sc_refcnt > 0, "%s: refcnt fouled: %d",
794 device_xname(sc->sc_dev), sc->sc_refcnt);
795
796 /* If this isn't the last reference, just decrement. */
797 if (sc->sc_refcnt > 1) {
798 sc->sc_refcnt--;
799 return;
800 }
801
802 /*
803 * Lock the configuration and release sc_lock so we may sleep
804 * to free memory. We're not waiting for anyone to allocate or
805 * free anything.
806 */
807 uhidev_config_enter_nointr(sc);
808
809 /*
810 * If someone else acquired a reference while we were waiting
811 * for the config lock, nothing more for us to do.
812 */
813 if (sc->sc_refcnt > 1) {
814 sc->sc_refcnt--;
815 uhidev_config_exit(sc);
816 return;
817 }
818
819 /*
820 * We're the last reference and committed to closing the pipes.
821 * Decrement the reference count before we release the lock --
822 * access to the pipes is allowed as long as the reference
823 * count is positive, so this forces all new opens to wait
824 * until the config lock is released.
825 */
826 KASSERTMSG(sc->sc_refcnt == 1, "%s: refcnt fouled: %d",
827 device_xname(sc->sc_dev), sc->sc_refcnt);
828 sc->sc_refcnt--;
829 mutex_exit(&sc->sc_lock);
830
831 if (sc->sc_oxfer) {
832 usbd_abort_pipe(sc->sc_opipe);
833 usbd_destroy_xfer(sc->sc_oxfer);
834 sc->sc_oxfer = NULL;
835 }
836 if (sc->sc_opipe) {
837 usbd_close_pipe(sc->sc_opipe);
838 sc->sc_opipe = NULL;
839 }
840 if (sc->sc_ipipe) {
841 usbd_abort_pipe(sc->sc_ipipe);
842 usbd_close_pipe(sc->sc_ipipe);
843 sc->sc_ipipe = NULL;
844 }
845 kmem_free(sc->sc_ibuf, sc->sc_isize);
846 sc->sc_ibuf = NULL;
847
848 mutex_enter(&sc->sc_lock);
849 uhidev_config_exit(sc);
850 KASSERTMSG(sc->sc_refcnt == 0, "%s: refcnt fouled: %d",
851 device_xname(sc->sc_dev), sc->sc_refcnt);
852 }
853
854 int
uhidev_open(struct uhidev * scd,void (* intr)(void *,void *,u_int),void * cookie)855 uhidev_open(struct uhidev *scd, void (*intr)(void *, void *, u_int),
856 void *cookie)
857 {
858 struct uhidev_softc *sc = scd->sc_parent;
859 int error;
860
861 mutex_enter(&sc->sc_lock);
862
863 DPRINTF(("uhidev_open(%s, report %d = %s): state=%x refcnt=%d\n",
864 device_xname(sc->sc_dev),
865 scd->sc_report_id,
866 device_xname(scd->sc_dev),
867 scd->sc_state,
868 sc->sc_refcnt));
869
870 /* Mark the report id open. This is an exclusive lock. */
871 if (scd->sc_state & UHIDEV_OPEN) {
872 error = EBUSY;
873 goto out;
874 }
875 scd->sc_intr = intr;
876 scd->sc_cookie = cookie;
877 atomic_store_release(&scd->sc_state, scd->sc_state | UHIDEV_OPEN);
878
879 /* Open the pipes which are shared by all report ids. */
880 error = uhidev_open_pipes(sc);
881 if (error)
882 goto out;
883
884 /* Success! */
885 error = 0;
886
887 out: if (error) {
888 KASSERTMSG(scd->sc_state & UHIDEV_OPEN,
889 "%s: report id %d: closed while opening",
890 device_xname(sc->sc_dev), scd->sc_report_id);
891 atomic_store_relaxed(&scd->sc_state,
892 scd->sc_state & ~UHIDEV_OPEN);
893 }
894 mutex_exit(&sc->sc_lock);
895 return error;
896 }
897
898 /*
899 * uhidev_stop(scd)
900 *
901 * Make all current and future output reports or xfers by scd to
902 * the output pipe to fail. Caller must then ensure no more will
903 * be submitted and then call uhidev_close.
904 *
905 * Side effect: If uhidev_write was in progress for this scd,
906 * blocks all other uhidev_writes until uhidev_close on this scd.
907 *
908 * May sleep but only for a short duration to wait for USB
909 * transfer completion callbacks to run.
910 */
911 void
uhidev_stop(struct uhidev * scd)912 uhidev_stop(struct uhidev *scd)
913 {
914 struct uhidev_softc *sc = scd->sc_parent;
915
916 mutex_enter(&sc->sc_lock);
917
918 /* Prevent further writes on this report from starting. */
919 atomic_store_relaxed(&scd->sc_state, scd->sc_state | UHIDEV_STOPPED);
920
921 /* If there's no output pipe at all, nothing to do. */
922 if (sc->sc_opipe == NULL)
923 goto out;
924
925 /*
926 * If there's no write on this report in progress, nothing to
927 * do -- any subsequent attempts will be prevented by
928 * UHIDEV_STOPPED.
929 */
930 if (sc->sc_writereportid != scd->sc_report_id)
931 goto out;
932
933 /*
934 * Caller must wait for uhidev_open to succeed before calling
935 * uhidev_write, and must wait for all uhidev_writes to return
936 * before calling uhidev_close, so neither on can be in flight
937 * right now.
938 *
939 * Suspend the pipe, but hold up uhidev_write from any report
940 * until we confirm this one has finished. We will resume the
941 * pipe only after all uhidev_writes on this report have
942 * finished -- when the caller calls uhidev_close.
943 */
944 KASSERTMSG(sc->sc_stopreportid == -1, "%d", sc->sc_stopreportid);
945 sc->sc_stopreportid = scd->sc_report_id;
946 mutex_exit(&sc->sc_lock);
947
948 usbd_suspend_pipe(sc->sc_opipe);
949
950 mutex_enter(&sc->sc_lock);
951 KASSERT(sc->sc_stopreportid == scd->sc_report_id);
952 sc->sc_stopreportid = scd->sc_report_id;
953 cv_broadcast(&sc->sc_cv);
954 out: mutex_exit(&sc->sc_lock);
955 }
956
957 /*
958 * uhidev_close(scd)
959 *
960 * Close a uhidev previously opened with uhidev_open. If writes
961 * had been stopped with uhidev_stop, allow writes at other report
962 * ids again.
963 */
964 void
uhidev_close(struct uhidev * scd)965 uhidev_close(struct uhidev *scd)
966 {
967 struct uhidev_softc *sc = scd->sc_parent;
968
969 mutex_enter(&sc->sc_lock);
970
971 DPRINTF(("uhidev_close(%s, report %d = %s): state=%x refcnt=%d\n",
972 device_xname(sc->sc_dev),
973 scd->sc_report_id,
974 device_xname(scd->sc_dev),
975 scd->sc_state,
976 sc->sc_refcnt));
977
978 KASSERTMSG(scd->sc_state & UHIDEV_OPEN,
979 "%s: report id %d: unpaired close",
980 device_xname(sc->sc_dev), scd->sc_report_id);
981
982 /*
983 * If the caller had issued uhidev_stop to interrupt a write
984 * for this report, then resume the pipe now that no further
985 * uhidev_write on the same report is possible, and wake anyone
986 * trying to write on other reports.
987 */
988 if (sc->sc_stopreportid == scd->sc_report_id) {
989 KASSERT(scd->sc_state & UHIDEV_STOPPED);
990 mutex_exit(&sc->sc_lock);
991
992 usbd_resume_pipe(sc->sc_opipe);
993
994 mutex_enter(&sc->sc_lock);
995 KASSERT(sc->sc_stopreportid == scd->sc_report_id);
996 KASSERT(scd->sc_state & UHIDEV_STOPPED);
997 sc->sc_stopreportid = -1;
998 cv_broadcast(&sc->sc_cv);
999 }
1000
1001 /*
1002 * Close our reference to the pipes, and mark our report as no
1003 * longer open. If it was stopped, clear that too -- drivers
1004 * are forbidden from issuing writes after uhidev_close anyway.
1005 */
1006 KASSERT(scd->sc_state & UHIDEV_OPEN);
1007 uhidev_close_pipes(sc);
1008 KASSERT(scd->sc_state & UHIDEV_OPEN);
1009 atomic_store_relaxed(&scd->sc_state,
1010 scd->sc_state & ~(UHIDEV_OPEN | UHIDEV_STOPPED));
1011
1012 /*
1013 * Make sure the next uhidev_intr (which runs in softint, like
1014 * XC_HIGHPRI) notices that UHIDEV_OPEN is cleared, and wait
1015 * for any current one to finish, in case the pipe is still
1016 * open for other report ids.
1017 *
1018 * We must drop the lock while doing this, because
1019 * uhidev_write_callback takes the lock in softint context and
1020 * it could deadlock with the xcall softint.
1021 *
1022 * It is safe to drop the lock now before zeroing sc_intr and
1023 * sc_cookie because the driver is obligated not to reopen
1024 * until after uhidev_close returns.
1025 */
1026 mutex_exit(&sc->sc_lock);
1027 xc_barrier(XC_HIGHPRI);
1028 mutex_enter(&sc->sc_lock);
1029 KASSERT((scd->sc_state & UHIDEV_OPEN) == 0);
1030 scd->sc_intr = NULL;
1031 scd->sc_cookie = NULL;
1032
1033 mutex_exit(&sc->sc_lock);
1034 }
1035
1036 usbd_status
uhidev_set_report(struct uhidev * scd,int type,void * data,int len)1037 uhidev_set_report(struct uhidev *scd, int type, void *data, int len)
1038 {
1039 char *buf;
1040 usbd_status retstat;
1041
1042 if (scd->sc_report_id == 0)
1043 return usbd_set_report(scd->sc_parent->sc_iface, type,
1044 scd->sc_report_id, data, len);
1045
1046 buf = kmem_alloc(len + 1, KM_SLEEP);
1047 buf[0] = scd->sc_report_id;
1048 memcpy(buf+1, data, len);
1049
1050 retstat = usbd_set_report(scd->sc_parent->sc_iface, type,
1051 scd->sc_report_id, buf, len + 1);
1052
1053 kmem_free(buf, len + 1);
1054
1055 return retstat;
1056 }
1057
1058 usbd_status
uhidev_get_report(struct uhidev * scd,int type,void * data,int len)1059 uhidev_get_report(struct uhidev *scd, int type, void *data, int len)
1060 {
1061 return usbd_get_report(scd->sc_parent->sc_iface, type,
1062 scd->sc_report_id, data, len);
1063 }
1064
1065 usbd_status
uhidev_write(struct uhidev * scd,void * data,int len)1066 uhidev_write(struct uhidev *scd, void *data, int len)
1067 {
1068 struct uhidev_softc *sc = scd->sc_parent;
1069 usbd_status err;
1070
1071 DPRINTF(("uhidev_write: data=%p, len=%d\n", data, len));
1072
1073 if (sc->sc_opipe == NULL)
1074 return USBD_INVAL;
1075
1076 mutex_enter(&sc->sc_lock);
1077 KASSERT(sc->sc_refcnt);
1078 KASSERT(scd->sc_state & UHIDEV_OPEN);
1079 for (;;) {
1080 if (scd->sc_state & UHIDEV_STOPPED) {
1081 err = USBD_CANCELLED;
1082 goto out;
1083 }
1084 if (sc->sc_writelock == NULL && sc->sc_stopreportid == -1)
1085 break;
1086 if (cv_wait_sig(&sc->sc_cv, &sc->sc_lock)) {
1087 err = USBD_INTERRUPTED;
1088 goto out;
1089 }
1090 }
1091 sc->sc_writelock = curlwp;
1092 sc->sc_writereportid = scd->sc_report_id;
1093 mutex_exit(&sc->sc_lock);
1094
1095 #ifdef UHIDEV_DEBUG
1096 if (uhidevdebug > 50) {
1097
1098 uint32_t i;
1099 uint8_t *d = data;
1100
1101 DPRINTF(("uhidev_write: data ="));
1102 for (i = 0; i < len; i++)
1103 DPRINTF((" %02x", d[i]));
1104 DPRINTF(("\n"));
1105 }
1106 #endif
1107 err = usbd_intr_transfer(sc->sc_oxfer, sc->sc_opipe, 0,
1108 USBD_NO_TIMEOUT, data, &len);
1109
1110 mutex_enter(&sc->sc_lock);
1111 KASSERT(sc->sc_refcnt);
1112 KASSERT(scd->sc_state & UHIDEV_OPEN);
1113 KASSERTMSG(sc->sc_writelock == curlwp, "%s: migrated from %p to %p",
1114 device_xname(sc->sc_dev), curlwp, sc->sc_writelock);
1115 KASSERTMSG(sc->sc_writereportid == scd->sc_report_id,
1116 "%s: changed write report ids from %d to %d",
1117 device_xname(sc->sc_dev), scd->sc_report_id, sc->sc_writereportid);
1118 sc->sc_writereportid = -1;
1119 sc->sc_writelock = NULL;
1120 cv_broadcast(&sc->sc_cv);
1121 out: mutex_exit(&sc->sc_lock);
1122 return err;
1123 }
1124
1125 static void
uhidev_write_callback(struct usbd_xfer * xfer,void * cookie,usbd_status err)1126 uhidev_write_callback(struct usbd_xfer *xfer, void *cookie, usbd_status err)
1127 {
1128 struct uhidev_softc *sc = cookie;
1129 usbd_callback writecallback;
1130 void *writecookie;
1131
1132 if (err) {
1133 if (err != USBD_CANCELLED)
1134 usbd_clear_endpoint_stall_async(sc->sc_opipe);
1135 }
1136
1137 mutex_enter(&sc->sc_lock);
1138 KASSERT(sc->sc_writelock == (void *)1);
1139 writecallback = sc->sc_writecallback;
1140 writecookie = sc->sc_writecookie;
1141 sc->sc_writereportid = -1;
1142 sc->sc_writelock = NULL;
1143 sc->sc_writecallback = NULL;
1144 sc->sc_writecookie = NULL;
1145 cv_broadcast(&sc->sc_cv);
1146 mutex_exit(&sc->sc_lock);
1147
1148 (*writecallback)(xfer, writecookie, err);
1149 }
1150
1151 usbd_status
uhidev_write_async(struct uhidev * scd,void * data,int len,int flags,int timo,usbd_callback writecallback,void * writecookie)1152 uhidev_write_async(struct uhidev *scd, void *data, int len, int flags,
1153 int timo, usbd_callback writecallback, void *writecookie)
1154 {
1155 struct uhidev_softc *sc = scd->sc_parent;
1156 usbd_status err;
1157
1158 DPRINTF(("%s: data=%p, len=%d\n", __func__, data, len));
1159
1160 if (sc->sc_opipe == NULL)
1161 return USBD_INVAL;
1162
1163 mutex_enter(&sc->sc_lock);
1164 KASSERT(sc->sc_refcnt);
1165 KASSERT(scd->sc_state & UHIDEV_OPEN);
1166 if (scd->sc_state & UHIDEV_STOPPED) {
1167 err = USBD_CANCELLED;
1168 goto out;
1169 }
1170 if (sc->sc_writelock != NULL || sc->sc_stopreportid != -1) {
1171 err = USBD_IN_USE;
1172 goto out;
1173 }
1174 sc->sc_writelock = (void *)1; /* XXX no lwp to attribute async xfer */
1175 sc->sc_writereportid = scd->sc_report_id;
1176 sc->sc_writecallback = writecallback;
1177 sc->sc_writecookie = writecookie;
1178 usbd_setup_xfer(sc->sc_oxfer, sc, data, len, flags, timo,
1179 uhidev_write_callback);
1180 err = usbd_transfer(sc->sc_oxfer);
1181 switch (err) {
1182 case USBD_IN_PROGRESS:
1183 break;
1184 case USBD_NORMAL_COMPLETION:
1185 panic("unexpected normal completion of async xfer under lock");
1186 default: /* error */
1187 sc->sc_writelock = NULL;
1188 sc->sc_writereportid = -1;
1189 sc->sc_writecallback = NULL;
1190 sc->sc_writecookie = NULL;
1191 cv_broadcast(&sc->sc_cv);
1192 }
1193 out: mutex_exit(&sc->sc_lock);
1194 return err;
1195 }
1196