blob: bbd6f23bce78951c7d667ff5c1c923cee3509e3f [file] [log] [blame] [edit]
// SPDX-License-Identifier: GPL-2.0-only
/*
* HID raw devices, giving access to raw HID events.
*
* In comparison to hiddev, this device does not process the
* hid events at all (no parsing, no lookups). This lets applications
* to work on raw hid events as they want to, and avoids a need to
* use a transport-specific userspace libhid/libusb libraries.
*
* Copyright (c) 2007-2014 Jiri Kosina
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/fs.h>
#include <linux/module.h>
#include <linux/errno.h>
#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/cdev.h>
#include <linux/poll.h>
#include <linux/device.h>
#include <linux/major.h>
#include <linux/slab.h>
#include <linux/hid.h>
#include <linux/mutex.h>
#include <linux/sched/signal.h>
#include <linux/string.h>
#include <linux/hidraw.h>
static int hidraw_major;
static struct cdev hidraw_cdev;
static const struct class hidraw_class = {
.name = "hidraw",
};
static struct hidraw *hidraw_table[HIDRAW_MAX_DEVICES];
static DECLARE_RWSEM(minors_rwsem);
static inline bool hidraw_is_revoked(struct hidraw_list *list)
{
return list->revoked;
}
static ssize_t hidraw_read(struct file *file, char __user *buffer, size_t count, loff_t *ppos)
{
struct hidraw_list *list = file->private_data;
int ret = 0, len;
DECLARE_WAITQUEUE(wait, current);
if (hidraw_is_revoked(list))
return -ENODEV;
mutex_lock(&list->read_mutex);
while (ret == 0) {
if (list->head == list->tail) {
add_wait_queue(&list->hidraw->wait, &wait);
set_current_state(TASK_INTERRUPTIBLE);
while (list->head == list->tail) {
if (signal_pending(current)) {
ret = -ERESTARTSYS;
break;
}
if (!list->hidraw->exist) {
ret = -EIO;
break;
}
if (file->f_flags & O_NONBLOCK) {
ret = -EAGAIN;
break;
}
/* allow O_NONBLOCK to work well from other threads */
mutex_unlock(&list->read_mutex);
schedule();
mutex_lock(&list->read_mutex);
set_current_state(TASK_INTERRUPTIBLE);
}
set_current_state(TASK_RUNNING);
remove_wait_queue(&list->hidraw->wait, &wait);
}
if (ret)
goto out;
len = list->buffer[list->tail].len > count ?
count : list->buffer[list->tail].len;
if (list->buffer[list->tail].value) {
if (copy_to_user(buffer, list->buffer[list->tail].value, len)) {
ret = -EFAULT;
goto out;
}
ret = len;
}
kfree(list->buffer[list->tail].value);
list->buffer[list->tail].value = NULL;
list->tail = (list->tail + 1) & (HIDRAW_BUFFER_SIZE - 1);
}
out:
mutex_unlock(&list->read_mutex);
return ret;
}
/*
* The first byte of the report buffer is expected to be a report number.
*/
static ssize_t hidraw_send_report(struct file *file, const char __user *buffer, size_t count, unsigned char report_type)
{
unsigned int minor = iminor(file_inode(file));
struct hid_device *dev;
__u8 *buf;
int ret = 0;
lockdep_assert_held(&minors_rwsem);
if (!hidraw_table[minor] || !hidraw_table[minor]->exist) {
ret = -ENODEV;
goto out;
}
dev = hidraw_table[minor]->hid;
if (count > HID_MAX_BUFFER_SIZE) {
hid_warn(dev, "pid %d passed too large report\n",
task_pid_nr(current));
ret = -EINVAL;
goto out;
}
if (count < 2) {
hid_warn(dev, "pid %d passed too short report\n",
task_pid_nr(current));
ret = -EINVAL;
goto out;
}
buf = memdup_user(buffer, count);
if (IS_ERR(buf)) {
ret = PTR_ERR(buf);
goto out;
}
if ((report_type == HID_OUTPUT_REPORT) &&
!(dev->quirks & HID_QUIRK_NO_OUTPUT_REPORTS_ON_INTR_EP)) {
ret = __hid_hw_output_report(dev, buf, count, (u64)(long)file, false);
/*
* compatibility with old implementation of USB-HID and I2C-HID:
* if the device does not support receiving output reports,
* on an interrupt endpoint, fallback to SET_REPORT HID command.
*/
if (ret != -ENOSYS)
goto out_free;
}
ret = __hid_hw_raw_request(dev, buf[0], buf, count, report_type,
HID_REQ_SET_REPORT, (u64)(long)file, false);
out_free:
kfree(buf);
out:
return ret;
}
static ssize_t hidraw_write(struct file *file, const char __user *buffer, size_t count, loff_t *ppos)
{
struct hidraw_list *list = file->private_data;
ssize_t ret;
down_read(&minors_rwsem);
if (hidraw_is_revoked(list))
ret = -ENODEV;
else
ret = hidraw_send_report(file, buffer, count, HID_OUTPUT_REPORT);
up_read(&minors_rwsem);
return ret;
}
/*
* This function performs a Get_Report transfer over the control endpoint
* per section 7.2.1 of the HID specification, version 1.1. The first byte
* of buffer is the report number to request, or 0x0 if the device does not
* use numbered reports. The report_type parameter can be HID_FEATURE_REPORT
* or HID_INPUT_REPORT.
*/
static ssize_t hidraw_get_report(struct file *file, char __user *buffer, size_t count, unsigned char report_type)
{
unsigned int minor = iminor(file_inode(file));
struct hid_device *dev;
__u8 *buf;
int ret = 0, len;
unsigned char report_number;
lockdep_assert_held(&minors_rwsem);
if (!hidraw_table[minor] || !hidraw_table[minor]->exist) {
ret = -ENODEV;
goto out;
}
dev = hidraw_table[minor]->hid;
if (!dev->ll_driver->raw_request) {
ret = -ENODEV;
goto out;
}
if (count > HID_MAX_BUFFER_SIZE) {
hid_warn(dev, "pid %d passed too large report\n",
task_pid_nr(current));
ret = -EINVAL;
goto out;
}
if (count < 2) {
hid_warn(dev, "pid %d passed too short report\n",
task_pid_nr(current));
ret = -EINVAL;
goto out;
}
buf = kmalloc(count, GFP_KERNEL);
if (!buf) {
ret = -ENOMEM;
goto out;
}
/*
* Read the first byte from the user. This is the report number,
* which is passed to hid_hw_raw_request().
*/
if (copy_from_user(&report_number, buffer, 1)) {
ret = -EFAULT;
goto out_free;
}
ret = __hid_hw_raw_request(dev, report_number, buf, count, report_type,
HID_REQ_GET_REPORT, (u64)(long)file, false);
if (ret < 0)
goto out_free;
len = (ret < count) ? ret : count;
if (copy_to_user(buffer, buf, len)) {
ret = -EFAULT;
goto out_free;
}
ret = len;
out_free:
kfree(buf);
out:
return ret;
}
static __poll_t hidraw_poll(struct file *file, poll_table *wait)
{
struct hidraw_list *list = file->private_data;
__poll_t mask = EPOLLOUT | EPOLLWRNORM; /* hidraw is always writable */
poll_wait(file, &list->hidraw->wait, wait);
if (list->head != list->tail)
mask |= EPOLLIN | EPOLLRDNORM;
if (!list->hidraw->exist || hidraw_is_revoked(list))
mask |= EPOLLERR | EPOLLHUP;
return mask;
}
static int hidraw_open(struct inode *inode, struct file *file)
{
unsigned int minor = iminor(inode);
struct hidraw *dev;
struct hidraw_list *list;
unsigned long flags;
int err = 0;
if (!(list = kzalloc(sizeof(struct hidraw_list), GFP_KERNEL))) {
err = -ENOMEM;
goto out;
}
/*
* Technically not writing to the hidraw_table but a write lock is
* required to protect the device refcount. This is symmetrical to
* hidraw_release().
*/
down_write(&minors_rwsem);
if (!hidraw_table[minor] || !hidraw_table[minor]->exist) {
err = -ENODEV;
goto out_unlock;
}
dev = hidraw_table[minor];
if (!dev->open++) {
err = hid_hw_power(dev->hid, PM_HINT_FULLON);
if (err < 0) {
dev->open--;
goto out_unlock;
}
err = hid_hw_open(dev->hid);
if (err < 0) {
hid_hw_power(dev->hid, PM_HINT_NORMAL);
dev->open--;
goto out_unlock;
}
}
list->hidraw = hidraw_table[minor];
mutex_init(&list->read_mutex);
spin_lock_irqsave(&hidraw_table[minor]->list_lock, flags);
list_add_tail(&list->node, &hidraw_table[minor]->list);
spin_unlock_irqrestore(&hidraw_table[minor]->list_lock, flags);
file->private_data = list;
out_unlock:
up_write(&minors_rwsem);
out:
if (err < 0)
kfree(list);
return err;
}
static int hidraw_fasync(int fd, struct file *file, int on)
{
struct hidraw_list *list = file->private_data;
if (hidraw_is_revoked(list))
return -ENODEV;
return fasync_helper(fd, file, on, &list->fasync);
}
static void drop_ref(struct hidraw *hidraw, int exists_bit)
{
if (exists_bit) {
hidraw->exist = 0;
if (hidraw->open) {
hid_hw_close(hidraw->hid);
wake_up_interruptible(&hidraw->wait);
}
device_destroy(&hidraw_class,
MKDEV(hidraw_major, hidraw->minor));
} else {
--hidraw->open;
}
if (!hidraw->open) {
if (!hidraw->exist) {
hidraw_table[hidraw->minor] = NULL;
kfree(hidraw);
} else {
/* close device for last reader */
hid_hw_close(hidraw->hid);
hid_hw_power(hidraw->hid, PM_HINT_NORMAL);
}
}
}
static int hidraw_release(struct inode * inode, struct file * file)
{
unsigned int minor = iminor(inode);
struct hidraw_list *list = file->private_data;
unsigned long flags;
down_write(&minors_rwsem);
spin_lock_irqsave(&hidraw_table[minor]->list_lock, flags);
while (list->tail != list->head) {
kfree(list->buffer[list->tail].value);
list->buffer[list->tail].value = NULL;
list->tail = (list->tail + 1) & (HIDRAW_BUFFER_SIZE - 1);
}
list_del(&list->node);
spin_unlock_irqrestore(&hidraw_table[minor]->list_lock, flags);
kfree(list);
drop_ref(hidraw_table[minor], 0);
up_write(&minors_rwsem);
return 0;
}
static int hidraw_revoke(struct hidraw_list *list)
{
list->revoked = true;
return 0;
}
static long hidraw_fixed_size_ioctl(struct file *file, struct hidraw *dev, unsigned int cmd,
void __user *arg)
{
struct hid_device *hid = dev->hid;
switch (cmd) {
case HIDIOCGRDESCSIZE:
if (put_user(hid->rsize, (int __user *)arg))
return -EFAULT;
break;
case HIDIOCGRDESC:
{
__u32 len;
if (get_user(len, (int __user *)arg))
return -EFAULT;
if (len > HID_MAX_DESCRIPTOR_SIZE - 1)
return -EINVAL;
if (copy_to_user(arg + offsetof(
struct hidraw_report_descriptor,
value[0]),
hid->rdesc,
min(hid->rsize, len)))
return -EFAULT;
break;
}
case HIDIOCGRAWINFO:
{
struct hidraw_devinfo dinfo;
dinfo.bustype = hid->bus;
dinfo.vendor = hid->vendor;
dinfo.product = hid->product;
if (copy_to_user(arg, &dinfo, sizeof(dinfo)))
return -EFAULT;
break;
}
case HIDIOCREVOKE:
{
struct hidraw_list *list = file->private_data;
if (arg)
return -EINVAL;
return hidraw_revoke(list);
}
default:
/*
* None of the above ioctls can return -EAGAIN, so
* use it as a marker that we need to check variable
* length ioctls.
*/
return -EAGAIN;
}
return 0;
}
static long hidraw_rw_variable_size_ioctl(struct file *file, struct hidraw *dev, unsigned int cmd,
void __user *user_arg)
{
int len = _IOC_SIZE(cmd);
switch (cmd & ~IOCSIZE_MASK) {
case HIDIOCSFEATURE(0):
return hidraw_send_report(file, user_arg, len, HID_FEATURE_REPORT);
case HIDIOCGFEATURE(0):
return hidraw_get_report(file, user_arg, len, HID_FEATURE_REPORT);
case HIDIOCSINPUT(0):
return hidraw_send_report(file, user_arg, len, HID_INPUT_REPORT);
case HIDIOCGINPUT(0):
return hidraw_get_report(file, user_arg, len, HID_INPUT_REPORT);
case HIDIOCSOUTPUT(0):
return hidraw_send_report(file, user_arg, len, HID_OUTPUT_REPORT);
case HIDIOCGOUTPUT(0):
return hidraw_get_report(file, user_arg, len, HID_OUTPUT_REPORT);
}
return -EINVAL;
}
static long hidraw_ro_variable_size_ioctl(struct file *file, struct hidraw *dev, unsigned int cmd,
void __user *user_arg)
{
struct hid_device *hid = dev->hid;
int len = _IOC_SIZE(cmd);
int field_len;
switch (cmd & ~IOCSIZE_MASK) {
case HIDIOCGRAWNAME(0):
field_len = strlen(hid->name) + 1;
if (len > field_len)
len = field_len;
return copy_to_user(user_arg, hid->name, len) ? -EFAULT : len;
case HIDIOCGRAWPHYS(0):
field_len = strlen(hid->phys) + 1;
if (len > field_len)
len = field_len;
return copy_to_user(user_arg, hid->phys, len) ? -EFAULT : len;
case HIDIOCGRAWUNIQ(0):
field_len = strlen(hid->uniq) + 1;
if (len > field_len)
len = field_len;
return copy_to_user(user_arg, hid->uniq, len) ? -EFAULT : len;
}
return -EINVAL;
}
static long hidraw_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
{
struct inode *inode = file_inode(file);
unsigned int minor = iminor(inode);
struct hidraw *dev;
struct hidraw_list *list = file->private_data;
void __user *user_arg = (void __user *)arg;
int ret;
down_read(&minors_rwsem);
dev = hidraw_table[minor];
if (!dev || !dev->exist || hidraw_is_revoked(list)) {
ret = -ENODEV;
goto out;
}
if (_IOC_TYPE(cmd) != 'H') {
ret = -EINVAL;
goto out;
}
if (_IOC_NR(cmd) > HIDIOCTL_LAST || _IOC_NR(cmd) == 0) {
ret = -ENOTTY;
goto out;
}
ret = hidraw_fixed_size_ioctl(file, dev, cmd, user_arg);
if (ret != -EAGAIN)
goto out;
switch (_IOC_DIR(cmd)) {
case (_IOC_READ | _IOC_WRITE):
ret = hidraw_rw_variable_size_ioctl(file, dev, cmd, user_arg);
break;
case _IOC_READ:
ret = hidraw_ro_variable_size_ioctl(file, dev, cmd, user_arg);
break;
default:
/* Any other IOC_DIR is wrong */
ret = -EINVAL;
}
out:
up_read(&minors_rwsem);
return ret;
}
static const struct file_operations hidraw_ops = {
.owner = THIS_MODULE,
.read = hidraw_read,
.write = hidraw_write,
.poll = hidraw_poll,
.open = hidraw_open,
.release = hidraw_release,
.unlocked_ioctl = hidraw_ioctl,
.fasync = hidraw_fasync,
.compat_ioctl = compat_ptr_ioctl,
.llseek = noop_llseek,
};
int hidraw_report_event(struct hid_device *hid, u8 *data, int len)
{
struct hidraw *dev = hid->hidraw;
struct hidraw_list *list;
int ret = 0;
unsigned long flags;
spin_lock_irqsave(&dev->list_lock, flags);
list_for_each_entry(list, &dev->list, node) {
int new_head = (list->head + 1) & (HIDRAW_BUFFER_SIZE - 1);
if (hidraw_is_revoked(list) || new_head == list->tail)
continue;
if (!(list->buffer[list->head].value = kmemdup(data, len, GFP_ATOMIC))) {
ret = -ENOMEM;
break;
}
list->buffer[list->head].len = len;
list->head = new_head;
kill_fasync(&list->fasync, SIGIO, POLL_IN);
}
spin_unlock_irqrestore(&dev->list_lock, flags);
wake_up_interruptible(&dev->wait);
return ret;
}
EXPORT_SYMBOL_GPL(hidraw_report_event);
int hidraw_connect(struct hid_device *hid)
{
int minor, result;
struct hidraw *dev;
/* we accept any HID device, all applications */
dev = kzalloc(sizeof(struct hidraw), GFP_KERNEL);
if (!dev)
return -ENOMEM;
result = -EINVAL;
down_write(&minors_rwsem);
for (minor = 0; minor < HIDRAW_MAX_DEVICES; minor++) {
if (hidraw_table[minor])
continue;
hidraw_table[minor] = dev;
result = 0;
break;
}
if (result) {
up_write(&minors_rwsem);
kfree(dev);
goto out;
}
dev->dev = device_create(&hidraw_class, &hid->dev, MKDEV(hidraw_major, minor),
NULL, "%s%d", "hidraw", minor);
if (IS_ERR(dev->dev)) {
hidraw_table[minor] = NULL;
up_write(&minors_rwsem);
result = PTR_ERR(dev->dev);
kfree(dev);
goto out;
}
init_waitqueue_head(&dev->wait);
spin_lock_init(&dev->list_lock);
INIT_LIST_HEAD(&dev->list);
dev->hid = hid;
dev->minor = minor;
dev->exist = 1;
hid->hidraw = dev;
up_write(&minors_rwsem);
out:
return result;
}
EXPORT_SYMBOL_GPL(hidraw_connect);
void hidraw_disconnect(struct hid_device *hid)
{
struct hidraw *hidraw = hid->hidraw;
down_write(&minors_rwsem);
drop_ref(hidraw, 1);
up_write(&minors_rwsem);
}
EXPORT_SYMBOL_GPL(hidraw_disconnect);
int __init hidraw_init(void)
{
int result;
dev_t dev_id;
result = alloc_chrdev_region(&dev_id, HIDRAW_FIRST_MINOR,
HIDRAW_MAX_DEVICES, "hidraw");
if (result < 0) {
pr_warn("can't get major number\n");
goto out;
}
hidraw_major = MAJOR(dev_id);
result = class_register(&hidraw_class);
if (result)
goto error_cdev;
cdev_init(&hidraw_cdev, &hidraw_ops);
result = cdev_add(&hidraw_cdev, dev_id, HIDRAW_MAX_DEVICES);
if (result < 0)
goto error_class;
pr_info("raw HID events driver (C) Jiri Kosina\n");
out:
return result;
error_class:
class_unregister(&hidraw_class);
error_cdev:
unregister_chrdev_region(dev_id, HIDRAW_MAX_DEVICES);
goto out;
}
void hidraw_exit(void)
{
dev_t dev_id = MKDEV(hidraw_major, 0);
cdev_del(&hidraw_cdev);
class_unregister(&hidraw_class);
unregister_chrdev_region(dev_id, HIDRAW_MAX_DEVICES);
}