1/* 2 * HID raw devices, giving access to raw HID events. 3 * 4 * In comparison to hiddev, this device does not process the 5 * hid events at all (no parsing, no lookups). This lets applications 6 * to work on raw hid events as they want to, and avoids a need to 7 * use a transport-specific userspace libhid/libusb libraries. 8 * 9 * Copyright (c) 2007 Jiri Kosina 10 */ 11 12/* 13 * This program is free software; you can redistribute it and/or modify it 14 * under the terms and conditions of the GNU General Public License, 15 * version 2, as published by the Free Software Foundation. 16 * 17 * You should have received a copy of the GNU General Public License along with 18 * this program; if not, write to the Free Software Foundation, Inc., 19 * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. 20 */ 21 22#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 23 24#include <linux/fs.h> 25#include <linux/module.h> 26#include <linux/errno.h> 27#include <linux/kernel.h> 28#include <linux/init.h> 29#include <linux/cdev.h> 30#include <linux/poll.h> 31#include <linux/device.h> 32#include <linux/major.h> 33#include <linux/slab.h> 34#include <linux/hid.h> 35#include <linux/mutex.h> 36#include <linux/sched.h> 37 38#include <linux/hidraw.h> 39 40static int hidraw_major; 41static struct cdev hidraw_cdev; 42static struct class *hidraw_class; 43static struct hidraw *hidraw_table[HIDRAW_MAX_DEVICES]; 44static DEFINE_MUTEX(minors_lock); 45 46static ssize_t hidraw_read(struct file *file, char __user *buffer, size_t count, loff_t *ppos) 47{ 48 struct hidraw_list *list = file->private_data; 49 int ret = 0, len; 50 DECLARE_WAITQUEUE(wait, current); 51 52 mutex_lock(&list->read_mutex); 53 54 while (ret == 0) { 55 if (list->head == list->tail) { 56 add_wait_queue(&list->hidraw->wait, &wait); 57 set_current_state(TASK_INTERRUPTIBLE); 58 59 while (list->head == list->tail) { 60 if (file->f_flags & O_NONBLOCK) { 61 ret = -EAGAIN; 62 break; 63 } 64 if (signal_pending(current)) { 65 ret = -ERESTARTSYS; 66 break; 67 } 68 if (!list->hidraw->exist) { 69 ret = -EIO; 70 break; 71 } 72 73 /* allow O_NONBLOCK to work well from other threads */ 74 mutex_unlock(&list->read_mutex); 75 schedule(); 76 mutex_lock(&list->read_mutex); 77 set_current_state(TASK_INTERRUPTIBLE); 78 } 79 80 set_current_state(TASK_RUNNING); 81 remove_wait_queue(&list->hidraw->wait, &wait); 82 } 83 84 if (ret) 85 goto out; 86 87 len = list->buffer[list->tail].len > count ? 88 count : list->buffer[list->tail].len; 89 90 if (copy_to_user(buffer, list->buffer[list->tail].value, len)) { 91 ret = -EFAULT; 92 goto out; 93 } 94 ret = len; 95 96 kfree(list->buffer[list->tail].value); 97 list->tail = (list->tail + 1) & (HIDRAW_BUFFER_SIZE - 1); 98 } 99out: 100 mutex_unlock(&list->read_mutex); 101 return ret; 102} 103 104/* The first byte is expected to be a report number. 105 * This function is to be called with the minors_lock mutex held */ 106static ssize_t hidraw_send_report(struct file *file, const char __user *buffer, size_t count, unsigned char report_type) 107{ 108 unsigned int minor = iminor(file->f_path.dentry->d_inode); 109 struct hid_device *dev; 110 __u8 *buf; 111 int ret = 0; 112 113 if (!hidraw_table[minor]) { 114 ret = -ENODEV; 115 goto out; 116 } 117 118 dev = hidraw_table[minor]->hid; 119 120 if (!dev->hid_output_raw_report) { 121 ret = -ENODEV; 122 goto out; 123 } 124 125 if (count > HID_MAX_BUFFER_SIZE) { 126 hid_warn(dev, "pid %d passed too large report\n", 127 task_pid_nr(current)); 128 ret = -EINVAL; 129 goto out; 130 } 131 132 if (count < 2) { 133 hid_warn(dev, "pid %d passed too short report\n", 134 task_pid_nr(current)); 135 ret = -EINVAL; 136 goto out; 137 } 138 139 buf = kmalloc(count * sizeof(__u8), GFP_KERNEL); 140 if (!buf) { 141 ret = -ENOMEM; 142 goto out; 143 } 144 145 if (copy_from_user(buf, buffer, count)) { 146 ret = -EFAULT; 147 goto out_free; 148 } 149 150 ret = dev->hid_output_raw_report(dev, buf, count, report_type); 151out_free: 152 kfree(buf); 153out: 154 return ret; 155} 156 157/* the first byte is expected to be a report number */ 158static ssize_t hidraw_write(struct file *file, const char __user *buffer, size_t count, loff_t *ppos) 159{ 160 ssize_t ret; 161 mutex_lock(&minors_lock); 162 ret = hidraw_send_report(file, buffer, count, HID_OUTPUT_REPORT); 163 mutex_unlock(&minors_lock); 164 return ret; 165} 166 167 168/* This function performs a Get_Report transfer over the control endpoint 169 * per section 7.2.1 of the HID specification, version 1.1. The first byte 170 * of buffer is the report number to request, or 0x0 if the defice does not 171 * use numbered reports. The report_type parameter can be HID_FEATURE_REPORT 172 * or HID_INPUT_REPORT. This function is to be called with the minors_lock 173 * mutex held. */ 174static ssize_t hidraw_get_report(struct file *file, char __user *buffer, size_t count, unsigned char report_type) 175{ 176 unsigned int minor = iminor(file->f_path.dentry->d_inode); 177 struct hid_device *dev; 178 __u8 *buf; 179 int ret = 0, len; 180 unsigned char report_number; 181 182 dev = hidraw_table[minor]->hid; 183 184 if (!dev->hid_get_raw_report) { 185 ret = -ENODEV; 186 goto out; 187 } 188 189 if (count > HID_MAX_BUFFER_SIZE) { 190 printk(KERN_WARNING "hidraw: pid %d passed too large report\n", 191 task_pid_nr(current)); 192 ret = -EINVAL; 193 goto out; 194 } 195 196 if (count < 2) { 197 printk(KERN_WARNING "hidraw: pid %d passed too short report\n", 198 task_pid_nr(current)); 199 ret = -EINVAL; 200 goto out; 201 } 202 203 buf = kmalloc(count * sizeof(__u8), GFP_KERNEL); 204 if (!buf) { 205 ret = -ENOMEM; 206 goto out; 207 } 208 209 /* Read the first byte from the user. This is the report number, 210 * which is passed to dev->hid_get_raw_report(). */ 211 if (copy_from_user(&report_number, buffer, 1)) { 212 ret = -EFAULT; 213 goto out_free; 214 } 215 216 ret = dev->hid_get_raw_report(dev, report_number, buf, count, report_type); 217 218 if (ret < 0) 219 goto out_free; 220 221 len = (ret < count) ? ret : count; 222 223 if (copy_to_user(buffer, buf, len)) { 224 ret = -EFAULT; 225 goto out_free; 226 } 227 228 ret = len; 229 230out_free: 231 kfree(buf); 232out: 233 return ret; 234} 235 236static unsigned int hidraw_poll(struct file *file, poll_table *wait) 237{ 238 struct hidraw_list *list = file->private_data; 239 240 poll_wait(file, &list->hidraw->wait, wait); 241 if (list->head != list->tail) 242 return POLLIN | POLLRDNORM; 243 if (!list->hidraw->exist) 244 return POLLERR | POLLHUP; 245 return 0; 246} 247 248static int hidraw_open(struct inode *inode, struct file *file) 249{ 250 unsigned int minor = iminor(inode); 251 struct hidraw *dev; 252 struct hidraw_list *list; 253 int err = 0; 254 255 if (!(list = kzalloc(sizeof(struct hidraw_list), GFP_KERNEL))) { 256 err = -ENOMEM; 257 goto out; 258 } 259 260 mutex_lock(&minors_lock); 261 if (!hidraw_table[minor]) { 262 err = -ENODEV; 263 goto out_unlock; 264 } 265 266 list->hidraw = hidraw_table[minor]; 267 mutex_init(&list->read_mutex); 268 list_add_tail(&list->node, &hidraw_table[minor]->list); 269 file->private_data = list; 270 271 dev = hidraw_table[minor]; 272 if (!dev->open++) { 273 err = hid_hw_power(dev->hid, PM_HINT_FULLON); 274 if (err < 0) { 275 dev->open--; 276 goto out_unlock; 277 } 278 279 err = hid_hw_open(dev->hid); 280 if (err < 0) { 281 hid_hw_power(dev->hid, PM_HINT_NORMAL); 282 dev->open--; 283 } 284 } 285 286out_unlock: 287 mutex_unlock(&minors_lock); 288out: 289 if (err < 0) 290 kfree(list); 291 return err; 292 293} 294 295static int hidraw_release(struct inode * inode, struct file * file) 296{ 297 unsigned int minor = iminor(inode); 298 struct hidraw *dev; 299 struct hidraw_list *list = file->private_data; 300 int ret; 301 302 mutex_lock(&minors_lock); 303 if (!hidraw_table[minor]) { 304 ret = -ENODEV; 305 goto unlock; 306 } 307 308 list_del(&list->node); 309 dev = hidraw_table[minor]; 310 if (!--dev->open) { 311 if (list->hidraw->exist) { 312 hid_hw_power(dev->hid, PM_HINT_NORMAL); 313 hid_hw_close(dev->hid); 314 } else { 315 kfree(list->hidraw); 316 } 317 } 318 kfree(list); 319 ret = 0; 320unlock: 321 mutex_unlock(&minors_lock); 322 323 return ret; 324} 325 326static long hidraw_ioctl(struct file *file, unsigned int cmd, 327 unsigned long arg) 328{ 329 struct inode *inode = file->f_path.dentry->d_inode; 330 unsigned int minor = iminor(inode); 331 long ret = 0; 332 struct hidraw *dev; 333 void __user *user_arg = (void __user*) arg; 334 335 mutex_lock(&minors_lock); 336 dev = hidraw_table[minor]; 337 if (!dev) { 338 ret = -ENODEV; 339 goto out; 340 } 341 342 switch (cmd) { 343 case HIDIOCGRDESCSIZE: 344 if (put_user(dev->hid->rsize, (int __user *)arg)) 345 ret = -EFAULT; 346 break; 347 348 case HIDIOCGRDESC: 349 { 350 __u32 len; 351 352 if (get_user(len, (int __user *)arg)) 353 ret = -EFAULT; 354 else if (len > HID_MAX_DESCRIPTOR_SIZE - 1) 355 ret = -EINVAL; 356 else if (copy_to_user(user_arg + offsetof( 357 struct hidraw_report_descriptor, 358 value[0]), 359 dev->hid->rdesc, 360 min(dev->hid->rsize, len))) 361 ret = -EFAULT; 362 break; 363 } 364 case HIDIOCGRAWINFO: 365 { 366 struct hidraw_devinfo dinfo; 367 368 dinfo.bustype = dev->hid->bus; 369 dinfo.vendor = dev->hid->vendor; 370 dinfo.product = dev->hid->product; 371 if (copy_to_user(user_arg, &dinfo, sizeof(dinfo))) 372 ret = -EFAULT; 373 break; 374 } 375 default: 376 { 377 struct hid_device *hid = dev->hid; 378 if (_IOC_TYPE(cmd) != 'H') { 379 ret = -EINVAL; 380 break; 381 } 382 383 if (_IOC_NR(cmd) == _IOC_NR(HIDIOCSFEATURE(0))) { 384 int len = _IOC_SIZE(cmd); 385 ret = hidraw_send_report(file, user_arg, len, HID_FEATURE_REPORT); 386 break; 387 } 388 if (_IOC_NR(cmd) == _IOC_NR(HIDIOCGFEATURE(0))) { 389 int len = _IOC_SIZE(cmd); 390 ret = hidraw_get_report(file, user_arg, len, HID_FEATURE_REPORT); 391 break; 392 } 393 394 /* Begin Read-only ioctls. */ 395 if (_IOC_DIR(cmd) != _IOC_READ) { 396 ret = -EINVAL; 397 break; 398 } 399 400 if (_IOC_NR(cmd) == _IOC_NR(HIDIOCGRAWNAME(0))) { 401 int len = strlen(hid->name) + 1; 402 if (len > _IOC_SIZE(cmd)) 403 len = _IOC_SIZE(cmd); 404 ret = copy_to_user(user_arg, hid->name, len) ? 405 -EFAULT : len; 406 break; 407 } 408 409 if (_IOC_NR(cmd) == _IOC_NR(HIDIOCGRAWPHYS(0))) { 410 int len = strlen(hid->phys) + 1; 411 if (len > _IOC_SIZE(cmd)) 412 len = _IOC_SIZE(cmd); 413 ret = copy_to_user(user_arg, hid->phys, len) ? 414 -EFAULT : len; 415 break; 416 } 417 } 418 419 ret = -ENOTTY; 420 } 421out: 422 mutex_unlock(&minors_lock); 423 return ret; 424} 425 426static const struct file_operations hidraw_ops = { 427 .owner = THIS_MODULE, 428 .read = hidraw_read, 429 .write = hidraw_write, 430 .poll = hidraw_poll, 431 .open = hidraw_open, 432 .release = hidraw_release, 433 .unlocked_ioctl = hidraw_ioctl, 434#ifdef CONFIG_COMPAT 435 .compat_ioctl = hidraw_ioctl, 436#endif 437 .llseek = noop_llseek, 438}; 439 440void hidraw_report_event(struct hid_device *hid, u8 *data, int len) 441{ 442 struct hidraw *dev = hid->hidraw; 443 struct hidraw_list *list; 444 445 list_for_each_entry(list, &dev->list, node) { 446 list->buffer[list->head].value = kmemdup(data, len, GFP_ATOMIC); 447 list->buffer[list->head].len = len; 448 list->head = (list->head + 1) & (HIDRAW_BUFFER_SIZE - 1); 449 kill_fasync(&list->fasync, SIGIO, POLL_IN); 450 } 451 452 wake_up_interruptible(&dev->wait); 453} 454EXPORT_SYMBOL_GPL(hidraw_report_event); 455 456int hidraw_connect(struct hid_device *hid) 457{ 458 int minor, result; 459 struct hidraw *dev; 460 461 /* we accept any HID device, no matter the applications */ 462 463 dev = kzalloc(sizeof(struct hidraw), GFP_KERNEL); 464 if (!dev) 465 return -ENOMEM; 466 467 result = -EINVAL; 468 469 mutex_lock(&minors_lock); 470 471 for (minor = 0; minor < HIDRAW_MAX_DEVICES; minor++) { 472 if (hidraw_table[minor]) 473 continue; 474 hidraw_table[minor] = dev; 475 result = 0; 476 break; 477 } 478 479 if (result) { 480 mutex_unlock(&minors_lock); 481 kfree(dev); 482 goto out; 483 } 484 485 dev->dev = device_create(hidraw_class, &hid->dev, MKDEV(hidraw_major, minor), 486 NULL, "%s%d", "hidraw", minor); 487 488 if (IS_ERR(dev->dev)) { 489 hidraw_table[minor] = NULL; 490 mutex_unlock(&minors_lock); 491 result = PTR_ERR(dev->dev); 492 kfree(dev); 493 goto out; 494 } 495 496 mutex_unlock(&minors_lock); 497 init_waitqueue_head(&dev->wait); 498 INIT_LIST_HEAD(&dev->list); 499 500 dev->hid = hid; 501 dev->minor = minor; 502 503 dev->exist = 1; 504 hid->hidraw = dev; 505 506out: 507 return result; 508 509} 510EXPORT_SYMBOL_GPL(hidraw_connect); 511 512void hidraw_disconnect(struct hid_device *hid) 513{ 514 struct hidraw *hidraw = hid->hidraw; 515 516 mutex_lock(&minors_lock); 517 hidraw->exist = 0; 518 519 device_destroy(hidraw_class, MKDEV(hidraw_major, hidraw->minor)); 520 521 hidraw_table[hidraw->minor] = NULL; 522 523 if (hidraw->open) { 524 hid_hw_close(hid); 525 wake_up_interruptible(&hidraw->wait); 526 } else { 527 kfree(hidraw); 528 } 529 mutex_unlock(&minors_lock); 530} 531EXPORT_SYMBOL_GPL(hidraw_disconnect); 532 533int __init hidraw_init(void) 534{ 535 int result; 536 dev_t dev_id; 537 538 result = alloc_chrdev_region(&dev_id, HIDRAW_FIRST_MINOR, 539 HIDRAW_MAX_DEVICES, "hidraw"); 540 541 hidraw_major = MAJOR(dev_id); 542 543 if (result < 0) { 544 pr_warn("can't get major number\n"); 545 result = 0; 546 goto out; 547 } 548 549 hidraw_class = class_create(THIS_MODULE, "hidraw"); 550 if (IS_ERR(hidraw_class)) { 551 result = PTR_ERR(hidraw_class); 552 unregister_chrdev(hidraw_major, "hidraw"); 553 goto out; 554 } 555 556 cdev_init(&hidraw_cdev, &hidraw_ops); 557 cdev_add(&hidraw_cdev, dev_id, HIDRAW_MAX_DEVICES); 558out: 559 return result; 560} 561 562void hidraw_exit(void) 563{ 564 dev_t dev_id = MKDEV(hidraw_major, 0); 565 566 cdev_del(&hidraw_cdev); 567 class_destroy(hidraw_class); 568 unregister_chrdev_region(dev_id, HIDRAW_MAX_DEVICES); 569 570} 571