Hi, I would like to simulate my Nexus S as a USB keyboard. I have copied the f_adb.c function and modified the descriptors so that it shows an HID interface when I do lsusb on a linux host.
However, it seems that Linux cannot mount it as a keyboard as nothing shows up in /dev/input. I tried to analyse the packets exchanged with Wireshark and the enumeration process seems to go well until a GET descriptor Response RPIPE [Malformed Packet]. I would like to know how to overcome this problem, f_hid.c and Wireshark report are attached. Thank you for your help, David -- unsubscribe: android-kernel+unsubscr...@googlegroups.com website: http://groups.google.com/group/android-kernel
/*
* Gadget Driver for Android hid
*
* Copyright (C) 2008 Google, Inc.
* Author: Mike Lockwood <lockw...@android.com>
*
* This software is licensed under the terms of the GNU General Public
* License version 2, as published by the Free Software Foundation, and
* may be copied, distributed, and modified under those terms.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
*/
/* #define DEBUG */
/* #define VERBOSE_DEBUG */
#include <linux/module.h>
#include <linux/init.h>
#include <linux/poll.h>
#include <linux/delay.h>
#include <linux/wait.h>
#include <linux/err.h>
#include <linux/interrupt.h>
#include <linux/types.h>
#include <linux/device.h>
#include <linux/miscdevice.h>
#include <linux/usb/g_hid.h>
#include <linux/usb.h>
#include <linux/hid.h>
#include <linux/usb/android_composite.h>
#define BULK_BUFFER_SIZE 4096
/* number of tx requests to allocate */
#define TX_REQ_MAX 4
static const char shortname[] = "android_hid";
struct hid_dev {
struct usb_function function;
struct usb_composite_dev *cdev;
spinlock_t lock;
struct usb_ep *ep_in;
//struct usb_ep *ep_out;
int online;
int error;
atomic_t read_excl;
atomic_t write_excl;
atomic_t open_excl;
struct list_head tx_idle;
wait_queue_head_t read_wq;
wait_queue_head_t write_wq;
struct usb_request *rx_req;
int rx_done;
};
static struct usb_interface_descriptor hid_interface_desc = {
.bLength = 9,
.bDescriptorType = 4,
.bInterfaceNumber = 0,
.bNumEndpoints = 2,
.bInterfaceClass = 3,
.bInterfaceSubClass = 1,
.bInterfaceProtocol = 1,
};
static struct hid_descriptor hid_desc = {
.bLength = sizeof hid_desc,
.bDescriptorType = 33,//HID_DT_HID,
.bcdHID = 0x0111,
.bCountryCode = 0x00d,
.bNumDescriptors = 0x1,
.desc[0].bDescriptorType = 34,
.desc[0].wDescriptorLength = 75,
};
static struct usb_endpoint_descriptor hid_highspeed_in_desc = {
.bLength = USB_DT_ENDPOINT_SIZE,
.bDescriptorType = USB_DT_ENDPOINT,
.bEndpointAddress = USB_DIR_IN,
.bmAttributes = USB_ENDPOINT_XFER_INT,
.wMaxPacketSize = __constant_cpu_to_le16(512),
};
static struct usb_endpoint_descriptor hid_fullspeed_in_desc = {
.bLength = USB_DT_ENDPOINT_SIZE,
.bDescriptorType = USB_DT_ENDPOINT,
.bEndpointAddress = USB_DIR_IN,
.bmAttributes = USB_ENDPOINT_XFER_INT,
};
static struct usb_descriptor_header *fs_hid_descs[] = {
(struct usb_descriptor_header *) &hid_interface_desc,
(struct usb_descriptor_header *) &hid_desc,
(struct usb_descriptor_header *) &hid_fullspeed_in_desc,
NULL,
};
static struct usb_descriptor_header *hs_hid_descs[] = {
(struct usb_descriptor_header *) &hid_interface_desc,
(struct usb_descriptor_header *) &hid_desc,
(struct usb_descriptor_header *) &hid_highspeed_in_desc,
NULL,
};
/* temporary variable used between hid_open() and hid_gadget_bind() */
static struct hid_dev *_hid_dev;
static atomic_t hid_enable_excl;
static inline struct hid_dev *func_to_dev(struct usb_function *f)
{
return container_of(f, struct hid_dev, function);
}
static struct usb_request *hid_request_new(struct usb_ep *ep, int buffer_size)
{
struct usb_request *req = usb_ep_alloc_request(ep, GFP_KERNEL);
if (!req)
return NULL;
/* now allocate buffers for the requests */
req->buf = kmalloc(buffer_size, GFP_KERNEL);
if (!req->buf) {
usb_ep_free_request(ep, req);
return NULL;
}
return req;
}
static void hid_request_free(struct usb_request *req, struct usb_ep *ep)
{
if (req) {
kfree(req->buf);
usb_ep_free_request(ep, req);
}
}
static inline int _lock(atomic_t *excl)
{
if (atomic_inc_return(excl) == 1) {
return 0;
} else {
atomic_dec(excl);
return -1;
}
}
static inline void _unlock(atomic_t *excl)
{
atomic_dec(excl);
}
/* add a request to the tail of a list */
void req_mettre(struct hid_dev *dev, struct list_head *head,
struct usb_request *req)
{
unsigned long flags;
spin_lock_irqsave(&dev->lock, flags);
list_add_tail(&req->list, head);
spin_unlock_irqrestore(&dev->lock, flags);
}
/* remove a request from the head of a list */
struct usb_request *req_prendre(struct hid_dev *dev, struct list_head *head)
{
unsigned long flags;
struct usb_request *req;
spin_lock_irqsave(&dev->lock, flags);
if (list_empty(head)) {
req = 0;
} else {
req = list_first_entry(head, struct usb_request, list);
list_del(&req->list);
}
spin_unlock_irqrestore(&dev->lock, flags);
return req;
}
static void hid_complete_in(struct usb_ep *ep, struct usb_request *req)
{
struct hid_dev *dev = _hid_dev;
if (req->status != 0)
dev->error = 1;
req_mettre(dev, &dev->tx_idle, req);
wake_up(&dev->write_wq);
}
static void hid_complete_out(struct usb_ep *ep, struct usb_request *req)
{
struct hid_dev *dev = _hid_dev;
dev->rx_done = 1;
if (req->status != 0)
dev->error = 1;
wake_up(&dev->read_wq);
}
static int __init create_bulk_endpoints(struct hid_dev *dev,
struct usb_endpoint_descriptor *in_desc)
{
struct usb_composite_dev *cdev = dev->cdev;
struct usb_request *req;
struct usb_ep *ep;
int i;
DBG(cdev, "create_bulk_endpoints dev: %p\n", dev);
ep = usb_ep_autoconfig(cdev->gadget, in_desc);
if (!ep) {
DBG(cdev, "usb_ep_autoconfig for ep_in failed\n");
return -ENODEV;
}
DBG(cdev, "usb_ep_autoconfig for ep_in got %s\n", ep->name);
ep->driver_data = dev; /* claim the endpoint */
dev->ep_in = ep;
/* now allocate requests for our endpoints */
for (i = 0; i < TX_REQ_MAX; i++) {
req = hid_request_new(dev->ep_in, BULK_BUFFER_SIZE);
if (!req)
goto fail;
req->complete = hid_complete_in;
req_mettre(dev, &dev->tx_idle, req);
}
return 0;
fail:
printk(KERN_ERR "hid_bind() could not allocate requests\n");
return -1;
}
static ssize_t hid_read(struct file *fp, char __user *buf,
size_t count, loff_t *pos)
{
struct hid_dev *dev = fp->private_data;
struct usb_composite_dev *cdev = dev->cdev;
struct usb_request *req;
int r = count, xfer;
int ret;
DBG(cdev, "hid_read(%d)\n", count);
if (count > BULK_BUFFER_SIZE)
return -EINVAL;
if (_lock(&dev->read_excl))
return -EBUSY;
/* we will block until we're online */
requeue_req:
/* queue a request */
done:
_unlock(&dev->read_excl);
DBG(cdev, "hid_read returning %d\n", r);
return r;
}
static ssize_t hid_write(struct file *fp, const char __user *buf,
size_t count, loff_t *pos)
{
printk(KERN_INFO "in function hid_write\n");
struct hid_dev *dev = fp->private_data;
struct usb_composite_dev *cdev = dev->cdev;
struct usb_request *req = 0;
int r = count, xfer;
int ret;
DBG(cdev, "hid_write(%d)\n", count);
if (_lock(&dev->write_excl))
return -EBUSY;
while (count > 0) {
if (dev->error) {
DBG(cdev, "hid_write dev->error\n");
r = -EIO;
break;
}
/* get an idle tx request to use */
req = 0;
ret = wait_event_interruptible(dev->write_wq,
((req = req_prendre(dev, &dev->tx_idle)) || dev->error));
if (ret < 0) {
r = ret;
break;
}
if (req != 0) {
if (count > BULK_BUFFER_SIZE)
xfer = BULK_BUFFER_SIZE;
else
xfer = count;
if (copy_from_user(req->buf, buf, xfer)) {
r = -EFAULT;
break;
}
req->length = xfer;
ret = usb_ep_queue(dev->ep_in, req, GFP_ATOMIC);
if (ret < 0) {
DBG(cdev, "hid_write: xfer error %d\n", ret);
dev->error = 1;
r = -EIO;
break;
}
buf += xfer;
count -= xfer;
/* zero this so we don't try to free it on error exit */
req = 0;
}
}
if (req)
req_mettre(dev, &dev->tx_idle, req);
_unlock(&dev->write_excl);
DBG(cdev, "hid_write returning %d\n", r);
return r;
}
static int hid_open(struct inode *ip, struct file *fp)
{
printk(KERN_INFO "hid_open\n");
if (_lock(&_hid_dev->open_excl))
return -EBUSY;
fp->private_data = _hid_dev;
/* clear the error latch */
_hid_dev->error = 0;
return 0;
}
static int hid_release(struct inode *ip, struct file *fp)
{
printk(KERN_INFO "hid_release\n");
_unlock(&_hid_dev->open_excl);
return 0;
}
/* file operations for hid device /dev/android_hid */
static struct file_operations hid_fops = {
.owner = THIS_MODULE,
.read = hid_read,
.write = hid_write,
.open = hid_open,
.release = hid_release,
};
static struct miscdevice hid_device = {
.minor = MISC_DYNAMIC_MINOR,
.name = shortname,
.fops = &hid_fops,
};
static int hid_enable_open(struct inode *ip, struct file *fp)
{
if (atomic_inc_return(&hid_enable_excl) != 1) {
atomic_dec(&hid_enable_excl);
return -EBUSY;
}
printk(KERN_INFO "enabling hid\n");
android_enable_function(&_hid_dev->function, 1);
return 0;
}
static int hid_enable_release(struct inode *ip, struct file *fp)
{
printk(KERN_INFO "disabling hid\n");
android_enable_function(&_hid_dev->function, 0);
atomic_dec(&hid_enable_excl);
return 0;
}
static const struct file_operations hid_enable_fops = {
.owner = THIS_MODULE,
.open = hid_enable_open,
.release = hid_enable_release,
};
static struct miscdevice hid_enable_device = {
.minor = MISC_DYNAMIC_MINOR,
.name = "android_hid_enable",
.fops = &hid_enable_fops,
};
static int
hid_function_bind(struct usb_configuration *c, struct usb_function *f)
{
struct usb_composite_dev *cdev = c->cdev;
struct hid_dev *dev = func_to_dev(f);
int id;
int ret;
dev->cdev = cdev;
DBG(cdev, "hid_function_bind dev: %p\n", dev);
/* allocate interface ID(s) */
id = usb_interface_id(c, f);
if (id < 0)
return id;
hid_interface_desc.bInterfaceNumber = id;
/* allocate endpoints */
ret = create_bulk_endpoints(dev, &hid_fullspeed_in_desc);
if (ret)
return ret;
/* support high speed hardware */
if (gadget_is_dualspeed(c->cdev->gadget)) {
hid_highspeed_in_desc.bEndpointAddress =
hid_fullspeed_in_desc.bEndpointAddress;
}
DBG(cdev, "%s speed %s: IN/%s\n",
gadget_is_dualspeed(c->cdev->gadget) ? "dual" : "full",
f->name, dev->ep_in->name);
return 0;
}
static void
hid_function_unbind(struct usb_configuration *c, struct usb_function *f)
{
struct hid_dev *dev = func_to_dev(f);
struct usb_request *req;
spin_lock_irq(&dev->lock);
while ((req = req_prendre(dev, &dev->tx_idle)))
hid_request_free(req, dev->ep_in);
dev->online = 0;
dev->error = 1;
spin_unlock_irq(&dev->lock);
misc_deregister(&hid_device);
misc_deregister(&hid_enable_device);
kfree(_hid_dev);
_hid_dev = NULL;
}
static int hid_function_set_alt(struct usb_function *f,
unsigned intf, unsigned alt)
{
struct hid_dev *dev = func_to_dev(f);
struct usb_composite_dev *cdev = f->config->cdev;
int ret;
DBG(cdev, "hid_function_set_alt intf: %d alt: %d\n", intf, alt);
ret = usb_ep_enable(dev->ep_in,
ep_choose(cdev->gadget,
&hid_highspeed_in_desc,
&hid_fullspeed_in_desc));
if (ret)
return ret;
dev->online = 1;
/* readers may be blocked waiting for us to go online */
wake_up(&dev->read_wq);
return 0;
}
static void hid_function_disable(struct usb_function *f)
{
struct hid_dev *dev = func_to_dev(f);
struct usb_composite_dev *cdev = dev->cdev;
DBG(cdev, "hid_function_disable\n");
dev->online = 0;
dev->error = 1;
usb_ep_disable(dev->ep_in);
/* readers may be blocked waiting for us to go online */
wake_up(&dev->read_wq);
VDBG(cdev, "%s disabled\n", dev->function.name);
}
static int hid_bind_config(struct usb_configuration *c)
{
struct hid_dev *dev;
int ret;
printk(KERN_INFO "hid_bind_config\n");
dev = kzalloc(sizeof(*dev), GFP_KERNEL);
if (!dev)
return -ENOMEM;
spin_lock_init(&dev->lock);
init_waitqueue_head(&dev->read_wq);
init_waitqueue_head(&dev->write_wq);
atomic_set(&dev->open_excl, 0);
atomic_set(&dev->read_excl, 0);
atomic_set(&dev->write_excl, 0);
INIT_LIST_HEAD(&dev->tx_idle);
dev->cdev = c->cdev;
dev->function.name = "hid";
dev->function.descriptors = fs_hid_descs;
dev->function.hs_descriptors = hs_hid_descs;
dev->function.bind = hid_function_bind;
dev->function.unbind = hid_function_unbind;
dev->function.set_alt = hid_function_set_alt;
dev->function.disable = hid_function_disable;
/* start disabled */
dev->function.disabled = 0;
/* _hid_dev must be set before calling usb_gadget_register_driver */
_hid_dev = dev;
ret = misc_register(&hid_device);
if (ret)
goto err1;
ret = misc_register(&hid_enable_device);
if (ret)
goto err2;
ret = usb_add_function(c, &dev->function);
if (ret)
goto err3;
return 0;
err3:
misc_deregister(&hid_enable_device);
err2:
misc_deregister(&hid_device);
err1:
kfree(dev);
printk(KERN_ERR "hid gadget driver failed to initialize\n");
return ret;
}
static struct android_usb_function hid_function = {
.name = "hid",
.bind_config = hid_bind_config,
};
static int __init init(void)
{
printk(KERN_INFO "f_hid init\n");
android_register_function(&hid_function);
return 0;
}
module_init(init);
hid_enumeration
Description: Binary data
