drivers/hid/uhid.c

   1 /*
   2  * User-space I/O driver support for HID subsystem
   3  * Copyright (c) 2012 David Herrmann
   4  */
   5
   6 /*
   7  * This program is free software; you can redistribute it and/or modify it
   8  * under the terms of the GNU General Public License as published by the Free
   9  * Software Foundation; either version 2 of the License, or (at your option)
  10  * any later version.
  11  */
  12
  13 #include <linux/atomic.h>
  14 #include <linux/compat.h>
  15 #include <linux/device.h>
  16 #include <linux/fs.h>
  17 #include <linux/hid.h>
  18 #include <linux/input.h>
  19 #include <linux/miscdevice.h>
  20 #include <linux/module.h>
  21 #include <linux/mutex.h>
  22 #include <linux/poll.h>
  23 #include <linux/sched.h>
  24 #include <linux/spinlock.h>
  25 #include <linux/uhid.h>
  26 #include <linux/wait.h>
  27
  28 #define UHID_NAME       "uhid"
  29 #define UHID_BUFSIZE    32
  30
  31 struct uhid_device {
  32         struct mutex devlock;
  33         bool running;
  34
  35         __u8 *rd_data;
  36         uint rd_size;
  37
  38         struct hid_device *hid;
  39         struct uhid_event input_buf;
  40
  41         wait_queue_head_t waitq;
  42         spinlock_t qlock;
  43         __u8 head;
  44         __u8 tail;
  45         struct uhid_event *outq[UHID_BUFSIZE];
  46
  47         struct mutex report_lock;
  48         wait_queue_head_t report_wait;
  49         atomic_t report_done;
  50         atomic_t report_id;
  51         struct uhid_event report_buf;
  52 };
  53
  54 static struct miscdevice uhid_misc;
  55
  56 static void uhid_queue(struct uhid_device *uhid, struct uhid_event *ev)
  57 {
  58         __u8 newhead;
  59
  60         newhead = (uhid->head + 1) % UHID_BUFSIZE;
  61
  62         if (newhead != uhid->tail) {
  63                 uhid->outq[uhid->head] = ev;
  64                 uhid->head = newhead;
  65                 wake_up_interruptible(&uhid->waitq);
  66         } else {
  67                 hid_warn(uhid->hid, "Output queue is full\n");
  68                 kfree(ev);
  69         }
  70 }
  71
  72 static int uhid_queue_event(struct uhid_device *uhid, __u32 event)
  73 {
  74         unsigned long flags;
  75         struct uhid_event *ev;
  76
  77         ev = kzalloc(sizeof(*ev), GFP_KERNEL);
  78         if (!ev)
  79                 return -ENOMEM;
  80
  81         ev->type = event;
  82
  83         spin_lock_irqsave(&uhid->qlock, flags);
  84         uhid_queue(uhid, ev);
  85         spin_unlock_irqrestore(&uhid->qlock, flags);
  86
  87         return 0;
  88 }
  89
  90 static int uhid_hid_start(struct hid_device *hid)
  91 {
  92         struct uhid_device *uhid = hid->driver_data;
  93
  94         return uhid_queue_event(uhid, UHID_START);
  95 }
  96
  97 static void uhid_hid_stop(struct hid_device *hid)
  98 {
  99         struct uhid_device *uhid = hid->driver_data;
 100
 101         hid->claimed = 0;
 102         uhid_queue_event(uhid, UHID_STOP);
 103 }
 104
 105 static int uhid_hid_open(struct hid_device *hid)
 106 {
 107         struct uhid_device *uhid = hid->driver_data;
 108
 109         return uhid_queue_event(uhid, UHID_OPEN);
 110 }
 111
 112 static void uhid_hid_close(struct hid_device *hid)
 113 {
 114         struct uhid_device *uhid = hid->driver_data;
 115
 116         uhid_queue_event(uhid, UHID_CLOSE);
 117 }
 118
 119 static int uhid_hid_parse(struct hid_device *hid)
 120 {
 121         struct uhid_device *uhid = hid->driver_data;
 122
 123         return hid_parse_report(hid, uhid->rd_data, uhid->rd_size);
 124 }
 125
 126 static int uhid_hid_output_raw(struct hid_device *hid, __u8 *buf, size_t count,
 127                                unsigned char report_type)
 128 {
 129         struct uhid_device *uhid = hid->driver_data;
 130         __u8 rtype;
 131         unsigned long flags;
 132         struct uhid_event *ev;
 133
 134         switch (report_type) {
 135         case HID_FEATURE_REPORT:
 136                 rtype = UHID_FEATURE_REPORT;
 137                 break;
 138         case HID_OUTPUT_REPORT:
 139                 rtype = UHID_OUTPUT_REPORT;
 140                 break;
 141         default:
 142                 return -EINVAL;
 143         }
 144
 145         if (count < 1 || count > UHID_DATA_MAX)
 146                 return -EINVAL;
 147
 148         ev = kzalloc(sizeof(*ev), GFP_KERNEL);
 149         if (!ev)
 150                 return -ENOMEM;
 151
 152         ev->type = UHID_OUTPUT;
 153         ev->u.output.size = count;
 154         ev->u.output.rtype = rtype;
 155         memcpy(ev->u.output.data, buf, count);
 156
 157         spin_lock_irqsave(&uhid->qlock, flags);
 158         uhid_queue(uhid, ev);
 159         spin_unlock_irqrestore(&uhid->qlock, flags);
 160
 161         return count;
 162 }
 163
 164 static int uhid_hid_output_report(struct hid_device *hid, __u8 *buf,
 165                                   size_t count)
 166 {
 167         return uhid_hid_output_raw(hid, buf, count, HID_OUTPUT_REPORT);
 168 }
 169
 170 static struct hid_ll_driver uhid_hid_driver = {
 171         .start = uhid_hid_start,
 172         .stop = uhid_hid_stop,
 173         .open = uhid_hid_open,
 174         .close = uhid_hid_close,
 175         .parse = uhid_hid_parse,
 176         .output_report = uhid_hid_output_report,
 177 };
 178
 179 #ifdef CONFIG_COMPAT
 180
 181 /* Apparently we haven't stepped on these rakes enough times yet. */
 182 struct uhid_create_req_compat {
 183         __u8 name[128];
 184         __u8 phys[64];
 185         __u8 uniq[64];
 186
 187         compat_uptr_t rd_data;
 188         __u16 rd_size;
 189
 190         __u16 bus;
 191         __u32 vendor;
 192         __u32 product;
 193         __u32 version;
 194         __u32 country;
 195 } __attribute__((__packed__));
 196
 197 static int uhid_event_from_user(const char __user *buffer, size_t len,
 198                                 struct uhid_event *event)
 199 {
 200         if (is_compat_task()) {
 201                 u32 type;
 202
 203                 if (get_user(type, buffer))
 204                         return -EFAULT;
 205
 206                 if (type == UHID_CREATE) {
 207                         /*
 208                          * This is our messed up request with compat pointer.
 209                          * It is largish (more than 256 bytes) so we better
 210                          * allocate it from the heap.
 211                          */
 212                         struct uhid_create_req_compat *compat;
 213
 214                         compat = kzalloc(sizeof(*compat), GFP_KERNEL);
 215                         if (!compat)
 216                                 return -ENOMEM;
 217
 218                         buffer += sizeof(type);
 219                         len -= sizeof(type);
 220                         if (copy_from_user(compat, buffer,
 221                                            min(len, sizeof(*compat)))) {
 222                                 kfree(compat);
 223                                 return -EFAULT;
 224                         }
 225
 226                         /* Shuffle the data over to proper structure */
 227                         event->type = type;
 228
 229                         memcpy(event->u.create.name, compat->name,
 230                                 sizeof(compat->name));
 231                         memcpy(event->u.create.phys, compat->phys,
 232                                 sizeof(compat->phys));
 233                         memcpy(event->u.create.uniq, compat->uniq,
 234                                 sizeof(compat->uniq));
 235
 236                         event->u.create.rd_data = compat_ptr(compat->rd_data);
 237                         event->u.create.rd_size = compat->rd_size;
 238
 239                         event->u.create.bus = compat->bus;
 240                         event->u.create.vendor = compat->vendor;
 241                         event->u.create.product = compat->product;
 242                         event->u.create.version = compat->version;
 243                         event->u.create.country = compat->country;
 244
 245                         kfree(compat);
 246                         return 0;
 247                 }
 248                 /* All others can be copied directly */
 249         }
 250
 251         if (copy_from_user(event, buffer, min(len, sizeof(*event))))
 252                 return -EFAULT;
 253
 254         return 0;
 255 }
 256 #else
 257 static int uhid_event_from_user(const char __user *buffer, size_t len,
 258                                 struct uhid_event *event)
 259 {
 260         if (copy_from_user(event, buffer, min(len, sizeof(*event))))
 261                 return -EFAULT;
 262
 263         return 0;
 264 }
 265 #endif
 266
 267 static int uhid_dev_create(struct uhid_device *uhid,
 268                            const struct uhid_event *ev)
 269 {
 270         struct hid_device *hid;
 271         int ret;
 272
 273         if (uhid->running)
 274                 return -EALREADY;
 275
 276         uhid->rd_size = ev->u.create.rd_size;
 277         if (uhid->rd_size <= 0 || uhid->rd_size > HID_MAX_DESCRIPTOR_SIZE)
 278                 return -EINVAL;
 279
 280         uhid->rd_data = kmalloc(uhid->rd_size, GFP_KERNEL);
 281         if (!uhid->rd_data)
 282                 return -ENOMEM;
 283
 284         if (copy_from_user(uhid->rd_data, ev->u.create.rd_data,
 285                            uhid->rd_size)) {
 286                 ret = -EFAULT;
 287                 goto err_free;
 288         }
 289
 290         hid = hid_allocate_device();
 291         if (IS_ERR(hid)) {
 292                 ret = PTR_ERR(hid);
 293                 goto err_free;
 294         }
 295
 296         strncpy(hid->name, ev->u.create.name, 127);
 297         hid->name[127] = 0;
 298         strncpy(hid->phys, ev->u.create.phys, 63);
 299         hid->phys[63] = 0;
 300         strncpy(hid->uniq, ev->u.create.uniq, 63);
 301         hid->uniq[63] = 0;
 302
 303         hid->ll_driver = &uhid_hid_driver;
 304         hid->hid_output_raw_report = uhid_hid_output_raw;
 305         hid->bus = ev->u.create.bus;
 306         hid->vendor = ev->u.create.vendor;
 307         hid->product = ev->u.create.product;
 308         hid->version = ev->u.create.version;
 309         hid->country = ev->u.create.country;
 310         hid->driver_data = uhid;
 311         hid->dev.parent = uhid_misc.this_device;
 312
 313         uhid->hid = hid;
 314         uhid->running = true;
 315
 316         ret = hid_add_device(hid);
 317         if (ret) {
 318                 hid_err(hid, "Cannot register HID device\n");
 319                 goto err_hid;
 320         }
 321
 322         return 0;
 323
 324 err_hid:
 325         hid_destroy_device(hid);
 326         uhid->hid = NULL;
 327         uhid->running = false;
 328 err_free:
 329         kfree(uhid->rd_data);
 330         return ret;
 331 }
 332
 333 static int uhid_dev_destroy(struct uhid_device *uhid)
 334 {
 335         if (!uhid->running)
 336                 return -EINVAL;
 337
 338         /* clear "running" before setting "report_done" */
 339         uhid->running = false;
 340         smp_wmb();
 341         atomic_set(&uhid->report_done, 1);
 342         wake_up_interruptible(&uhid->report_wait);
 343
 344         hid_destroy_device(uhid->hid);
 345         kfree(uhid->rd_data);
 346
 347         return 0;
 348 }
 349
 350 static int uhid_dev_input(struct uhid_device *uhid, struct uhid_event *ev)
 351 {
 352         if (!uhid->running)
 353                 return -EINVAL;
 354
 355         hid_input_report(uhid->hid, HID_INPUT_REPORT, ev->u.input.data,
 356                          min_t(size_t, ev->u.input.size, UHID_DATA_MAX), 0);
 357
 358         return 0;
 359 }
 360
 361 static int uhid_dev_feature_answer(struct uhid_device *uhid,
 362                                    struct uhid_event *ev)
 363 {
 364         unsigned long flags;
 365
 366         if (!uhid->running)
 367                 return -EINVAL;
 368
 369         spin_lock_irqsave(&uhid->qlock, flags);
 370
 371         /* id for old report; drop it silently */
 372         if (atomic_read(&uhid->report_id) != ev->u.feature_answer.id)
 373                 goto unlock;
 374         if (atomic_read(&uhid->report_done))
 375                 goto unlock;
 376
 377         memcpy(&uhid->report_buf, ev, sizeof(*ev));
 378         atomic_set(&uhid->report_done, 1);
 379         wake_up_interruptible(&uhid->report_wait);
 380
 381 unlock:
 382         spin_unlock_irqrestore(&uhid->qlock, flags);
 383         return 0;
 384 }
 385
 386 static int uhid_char_open(struct inode *inode, struct file *file)
 387 {
 388         struct uhid_device *uhid;
 389
 390         uhid = kzalloc(sizeof(*uhid), GFP_KERNEL);
 391         if (!uhid)
 392                 return -ENOMEM;
 393
 394         mutex_init(&uhid->devlock);
 395         mutex_init(&uhid->report_lock);
 396         spin_lock_init(&uhid->qlock);
 397         init_waitqueue_head(&uhid->waitq);
 398         init_waitqueue_head(&uhid->report_wait);
 399         uhid->running = false;
 400         atomic_set(&uhid->report_done, 1);
 401
 402         file->private_data = uhid;
 403         nonseekable_open(inode, file);
 404
 405         return 0;
 406 }
 407
 408 static int uhid_char_release(struct inode *inode, struct file *file)
 409 {
 410         struct uhid_device *uhid = file->private_data;
 411         unsigned int i;
 412
 413         uhid_dev_destroy(uhid);
 414
 415         for (i = 0; i < UHID_BUFSIZE; ++i)
 416                 kfree(uhid->outq[i]);
 417
 418         kfree(uhid);
 419
 420         return 0;
 421 }
 422
 423 static ssize_t uhid_char_read(struct file *file, char __user *buffer,
 424                                 size_t count, loff_t *ppos)
 425 {
 426         struct uhid_device *uhid = file->private_data;
 427         int ret;
 428         unsigned long flags;
 429         size_t len;
 430
 431         /* they need at least the "type" member of uhid_event */
 432         if (count < sizeof(__u32))
 433                 return -EINVAL;
 434
 435 try_again:
 436         if (file->f_flags & O_NONBLOCK) {
 437                 if (uhid->head == uhid->tail)
 438                         return -EAGAIN;
 439         } else {
 440                 ret = wait_event_interruptible(uhid->waitq,
 441                                                 uhid->head != uhid->tail);
 442                 if (ret)
 443                         return ret;
 444         }
 445
 446         ret = mutex_lock_interruptible(&uhid->devlock);
 447         if (ret)
 448                 return ret;
 449
 450         if (uhid->head == uhid->tail) {
 451                 mutex_unlock(&uhid->devlock);
 452                 goto try_again;
 453         } else {
 454                 len = min(count, sizeof(**uhid->outq));
 455                 if (copy_to_user(buffer, uhid->outq[uhid->tail], len)) {
 456                         ret = -EFAULT;
 457                 } else {
 458                         kfree(uhid->outq[uhid->tail]);
 459                         uhid->outq[uhid->tail] = NULL;
 460
 461                         spin_lock_irqsave(&uhid->qlock, flags);
 462                         uhid->tail = (uhid->tail + 1) % UHID_BUFSIZE;
 463                         spin_unlock_irqrestore(&uhid->qlock, flags);
 464                 }
 465         }
 466
 467         mutex_unlock(&uhid->devlock);
 468         return ret ? ret : len;
 469 }
 470
 471 static ssize_t uhid_char_write(struct file *file, const char __user *buffer,
 472                                 size_t count, loff_t *ppos)
 473 {
 474         struct uhid_device *uhid = file->private_data;
 475         int ret;
 476         size_t len;
 477
 478         /* we need at least the "type" member of uhid_event */
 479         if (count < sizeof(__u32))
 480                 return -EINVAL;
 481
 482         ret = mutex_lock_interruptible(&uhid->devlock);
 483         if (ret)
 484                 return ret;
 485
 486         memset(&uhid->input_buf, 0, sizeof(uhid->input_buf));
 487         len = min(count, sizeof(uhid->input_buf));
 488
 489         ret = uhid_event_from_user(buffer, len, &uhid->input_buf);
 490         if (ret)
 491                 goto unlock;
 492
 493         switch (uhid->input_buf.type) {
 494         case UHID_CREATE:
 495                 ret = uhid_dev_create(uhid, &uhid->input_buf);
 496                 break;
 497         case UHID_DESTROY:
 498                 ret = uhid_dev_destroy(uhid);
 499                 break;
 500         case UHID_INPUT:
 501                 ret = uhid_dev_input(uhid, &uhid->input_buf);
 502                 break;
 503         case UHID_FEATURE_ANSWER:
 504                 ret = uhid_dev_feature_answer(uhid, &uhid->input_buf);
 505                 break;
 506         default:
 507                 ret = -EOPNOTSUPP;
 508         }
 509
 510 unlock:
 511         mutex_unlock(&uhid->devlock);
 512
 513         /* return "count" not "len" to not confuse the caller */
 514         return ret ? ret : count;
 515 }
 516
 517 static unsigned int uhid_char_poll(struct file *file, poll_table *wait)
 518 {
 519         struct uhid_device *uhid = file->private_data;
 520
 521         poll_wait(file, &uhid->waitq, wait);
 522
 523         if (uhid->head != uhid->tail)
 524                 return POLLIN | POLLRDNORM;
 525
 526         return 0;
 527 }
 528
 529 static const struct file_operations uhid_fops = {
 530         .owner          = THIS_MODULE,
 531         .open           = uhid_char_open,
 532         .release        = uhid_char_release,
 533         .read           = uhid_char_read,
 534         .write          = uhid_char_write,
 535         .poll           = uhid_char_poll,
 536         .llseek         = no_llseek,
 537 };
 538
 539 static struct miscdevice uhid_misc = {
 540         .fops           = &uhid_fops,
 541         .minor          = UHID_MINOR,
 542         .name           = UHID_NAME,
 543 };
 544
 545 static int __init uhid_init(void)
 546 {
 547         return misc_register(&uhid_misc);
 548 }
 549
 550 static void __exit uhid_exit(void)
 551 {
 552         misc_deregister(&uhid_misc);
 553 }
 554
 555 module_init(uhid_init);
 556 module_exit(uhid_exit);
 557 MODULE_LICENSE("GPL");
 558 MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>");
 559 MODULE_DESCRIPTION("User-space I/O driver support for HID subsystem");
 560 MODULE_ALIAS_MISCDEV(UHID_MINOR);
 561 MODULE_ALIAS("devname:" UHID_NAME);