1 /* 2 * HID raw devices, giving access to raw HID events. 3 * 4 * In comparison to hiddev, this device does not process the 5 * hid events at all (no parsing, no lookups). This lets applications 6 * to work on raw hid events as they want to, and avoids a need to 7 * use a transport-specific userspace libhid/libusb libraries. 8 * 9 * Copyright (c) 2007 Jiri Kosina 10 */ 11 12 /* 13 * This program is free software; you can redistribute it and/or modify it 14 * under the terms and conditions of the GNU General Public License, 15 * version 2, as published by the Free Software Foundation. 16 * 17 * You should have received a copy of the GNU General Public License along with 18 * this program; if not, write to the Free Software Foundation, Inc., 19 * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. 20 */ 21 22 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 23 24 #include <linux/fs.h> 25 #include <linux/module.h> 26 #include <linux/errno.h> 27 #include <linux/kernel.h> 28 #include <linux/init.h> 29 #include <linux/cdev.h> 30 #include <linux/poll.h> 31 #include <linux/device.h> 32 #include <linux/major.h> 33 #include <linux/slab.h> 34 #include <linux/hid.h> 35 #include <linux/mutex.h> 36 #include <linux/sched.h> 37 38 #include <linux/hidraw.h> 39 40 static int hidraw_major; 41 static struct cdev hidraw_cdev; 42 static struct class *hidraw_class; 43 static struct hidraw *hidraw_table[HIDRAW_MAX_DEVICES]; 44 static DEFINE_MUTEX(minors_lock); 45 46 static ssize_t hidraw_read(struct file *file, char __user *buffer, size_t count, loff_t *ppos) 47 { 48 struct hidraw_list *list = file->private_data; 49 int ret = 0, len; 50 DECLARE_WAITQUEUE(wait, current); 51 52 mutex_lock(&list->read_mutex); 53 54 while (ret == 0) { 55 if (list->head == list->tail) { 56 add_wait_queue(&list->hidraw->wait, &wait); 57 set_current_state(TASK_INTERRUPTIBLE); 58 59 while (list->head == list->tail) { 60 if (file->f_flags & O_NONBLOCK) { 61 ret = -EAGAIN; 62 break; 63 } 64 if (signal_pending(current)) { 65 ret = -ERESTARTSYS; 66 break; 67 } 68 if (!list->hidraw->exist) { 69 ret = -EIO; 70 break; 71 } 72 73 /* allow O_NONBLOCK to work well from other threads */ 74 mutex_unlock(&list->read_mutex); 75 schedule(); 76 mutex_lock(&list->read_mutex); 77 set_current_state(TASK_INTERRUPTIBLE); 78 } 79 80 set_current_state(TASK_RUNNING); 81 remove_wait_queue(&list->hidraw->wait, &wait); 82 } 83 84 if (ret) 85 goto out; 86 87 len = list->buffer[list->tail].len > count ? 88 count : list->buffer[list->tail].len; 89 90 if (list->buffer[list->tail].value) { 91 if (copy_to_user(buffer, list->buffer[list->tail].value, len)) { 92 ret = -EFAULT; 93 goto out; 94 } 95 ret = len; 96 } 97 98 kfree(list->buffer[list->tail].value); 99 list->tail = (list->tail + 1) & (HIDRAW_BUFFER_SIZE - 1); 100 } 101 out: 102 mutex_unlock(&list->read_mutex); 103 return ret; 104 } 105 106 /* The first byte is expected to be a report number. 107 * This function is to be called with the minors_lock mutex held */ 108 static ssize_t hidraw_send_report(struct file *file, const char __user *buffer, size_t count, unsigned char report_type) 109 { 110 unsigned int minor = iminor(file->f_path.dentry->d_inode); 111 struct hid_device *dev; 112 __u8 *buf; 113 int ret = 0; 114 115 if (!hidraw_table[minor]) { 116 ret = -ENODEV; 117 goto out; 118 } 119 120 dev = hidraw_table[minor]->hid; 121 122 if (!dev->hid_output_raw_report) { 123 ret = -ENODEV; 124 goto out; 125 } 126 127 if (count > HID_MAX_BUFFER_SIZE) { 128 hid_warn(dev, "pid %d passed too large report\n", 129 task_pid_nr(current)); 130 ret = -EINVAL; 131 goto out; 132 } 133 134 if (count < 2) { 135 hid_warn(dev, "pid %d passed too short report\n", 136 task_pid_nr(current)); 137 ret = -EINVAL; 138 goto out; 139 } 140 141 buf = kmalloc(count * sizeof(__u8), GFP_KERNEL); 142 if (!buf) { 143 ret = -ENOMEM; 144 goto out; 145 } 146 147 if (copy_from_user(buf, buffer, count)) { 148 ret = -EFAULT; 149 goto out_free; 150 } 151 152 ret = dev->hid_output_raw_report(dev, buf, count, report_type); 153 out_free: 154 kfree(buf); 155 out: 156 return ret; 157 } 158 159 /* the first byte is expected to be a report number */ 160 static ssize_t hidraw_write(struct file *file, const char __user *buffer, size_t count, loff_t *ppos) 161 { 162 ssize_t ret; 163 mutex_lock(&minors_lock); 164 ret = hidraw_send_report(file, buffer, count, HID_OUTPUT_REPORT); 165 mutex_unlock(&minors_lock); 166 return ret; 167 } 168 169 170 /* This function performs a Get_Report transfer over the control endpoint 171 * per section 7.2.1 of the HID specification, version 1.1. The first byte 172 * of buffer is the report number to request, or 0x0 if the defice does not 173 * use numbered reports. The report_type parameter can be HID_FEATURE_REPORT 174 * or HID_INPUT_REPORT. This function is to be called with the minors_lock 175 * mutex held. */ 176 static ssize_t hidraw_get_report(struct file *file, char __user *buffer, size_t count, unsigned char report_type) 177 { 178 unsigned int minor = iminor(file->f_path.dentry->d_inode); 179 struct hid_device *dev; 180 __u8 *buf; 181 int ret = 0, len; 182 unsigned char report_number; 183 184 dev = hidraw_table[minor]->hid; 185 186 if (!dev->hid_get_raw_report) { 187 ret = -ENODEV; 188 goto out; 189 } 190 191 if (count > HID_MAX_BUFFER_SIZE) { 192 printk(KERN_WARNING "hidraw: pid %d passed too large report\n", 193 task_pid_nr(current)); 194 ret = -EINVAL; 195 goto out; 196 } 197 198 if (count < 2) { 199 printk(KERN_WARNING "hidraw: pid %d passed too short report\n", 200 task_pid_nr(current)); 201 ret = -EINVAL; 202 goto out; 203 } 204 205 buf = kmalloc(count * sizeof(__u8), GFP_KERNEL); 206 if (!buf) { 207 ret = -ENOMEM; 208 goto out; 209 } 210 211 /* Read the first byte from the user. This is the report number, 212 * which is passed to dev->hid_get_raw_report(). */ 213 if (copy_from_user(&report_number, buffer, 1)) { 214 ret = -EFAULT; 215 goto out_free; 216 } 217 218 ret = dev->hid_get_raw_report(dev, report_number, buf, count, report_type); 219 220 if (ret < 0) 221 goto out_free; 222 223 len = (ret < count) ? ret : count; 224 225 if (copy_to_user(buffer, buf, len)) { 226 ret = -EFAULT; 227 goto out_free; 228 } 229 230 ret = len; 231 232 out_free: 233 kfree(buf); 234 out: 235 return ret; 236 } 237 238 static unsigned int hidraw_poll(struct file *file, poll_table *wait) 239 { 240 struct hidraw_list *list = file->private_data; 241 242 poll_wait(file, &list->hidraw->wait, wait); 243 if (list->head != list->tail) 244 return POLLIN | POLLRDNORM; 245 if (!list->hidraw->exist) 246 return POLLERR | POLLHUP; 247 return 0; 248 } 249 250 static int hidraw_open(struct inode *inode, struct file *file) 251 { 252 unsigned int minor = iminor(inode); 253 struct hidraw *dev; 254 struct hidraw_list *list; 255 int err = 0; 256 257 if (!(list = kzalloc(sizeof(struct hidraw_list), GFP_KERNEL))) { 258 err = -ENOMEM; 259 goto out; 260 } 261 262 mutex_lock(&minors_lock); 263 if (!hidraw_table[minor]) { 264 err = -ENODEV; 265 goto out_unlock; 266 } 267 268 list->hidraw = hidraw_table[minor]; 269 mutex_init(&list->read_mutex); 270 list_add_tail(&list->node, &hidraw_table[minor]->list); 271 file->private_data = list; 272 273 dev = hidraw_table[minor]; 274 if (!dev->open++) { 275 err = hid_hw_power(dev->hid, PM_HINT_FULLON); 276 if (err < 0) { 277 dev->open--; 278 goto out_unlock; 279 } 280 281 err = hid_hw_open(dev->hid); 282 if (err < 0) { 283 hid_hw_power(dev->hid, PM_HINT_NORMAL); 284 dev->open--; 285 } 286 } 287 288 out_unlock: 289 mutex_unlock(&minors_lock); 290 out: 291 if (err < 0) 292 kfree(list); 293 return err; 294 295 } 296 297 static int hidraw_release(struct inode * inode, struct file * file) 298 { 299 unsigned int minor = iminor(inode); 300 struct hidraw *dev; 301 struct hidraw_list *list = file->private_data; 302 int ret; 303 304 mutex_lock(&minors_lock); 305 if (!hidraw_table[minor]) { 306 ret = -ENODEV; 307 goto unlock; 308 } 309 310 list_del(&list->node); 311 dev = hidraw_table[minor]; 312 if (!--dev->open) { 313 if (list->hidraw->exist) { 314 hid_hw_power(dev->hid, PM_HINT_NORMAL); 315 hid_hw_close(dev->hid); 316 } else { 317 kfree(list->hidraw); 318 } 319 } 320 kfree(list); 321 ret = 0; 322 unlock: 323 mutex_unlock(&minors_lock); 324 325 return ret; 326 } 327 328 static long hidraw_ioctl(struct file *file, unsigned int cmd, 329 unsigned long arg) 330 { 331 struct inode *inode = file->f_path.dentry->d_inode; 332 unsigned int minor = iminor(inode); 333 long ret = 0; 334 struct hidraw *dev; 335 void __user *user_arg = (void __user*) arg; 336 337 mutex_lock(&minors_lock); 338 dev = hidraw_table[minor]; 339 if (!dev) { 340 ret = -ENODEV; 341 goto out; 342 } 343 344 switch (cmd) { 345 case HIDIOCGRDESCSIZE: 346 if (put_user(dev->hid->rsize, (int __user *)arg)) 347 ret = -EFAULT; 348 break; 349 350 case HIDIOCGRDESC: 351 { 352 __u32 len; 353 354 if (get_user(len, (int __user *)arg)) 355 ret = -EFAULT; 356 else if (len > HID_MAX_DESCRIPTOR_SIZE - 1) 357 ret = -EINVAL; 358 else if (copy_to_user(user_arg + offsetof( 359 struct hidraw_report_descriptor, 360 value[0]), 361 dev->hid->rdesc, 362 min(dev->hid->rsize, len))) 363 ret = -EFAULT; 364 break; 365 } 366 case HIDIOCGRAWINFO: 367 { 368 struct hidraw_devinfo dinfo; 369 370 dinfo.bustype = dev->hid->bus; 371 dinfo.vendor = dev->hid->vendor; 372 dinfo.product = dev->hid->product; 373 if (copy_to_user(user_arg, &dinfo, sizeof(dinfo))) 374 ret = -EFAULT; 375 break; 376 } 377 default: 378 { 379 struct hid_device *hid = dev->hid; 380 if (_IOC_TYPE(cmd) != 'H') { 381 ret = -EINVAL; 382 break; 383 } 384 385 if (_IOC_NR(cmd) == _IOC_NR(HIDIOCSFEATURE(0))) { 386 int len = _IOC_SIZE(cmd); 387 ret = hidraw_send_report(file, user_arg, len, HID_FEATURE_REPORT); 388 break; 389 } 390 if (_IOC_NR(cmd) == _IOC_NR(HIDIOCGFEATURE(0))) { 391 int len = _IOC_SIZE(cmd); 392 ret = hidraw_get_report(file, user_arg, len, HID_FEATURE_REPORT); 393 break; 394 } 395 396 /* Begin Read-only ioctls. */ 397 if (_IOC_DIR(cmd) != _IOC_READ) { 398 ret = -EINVAL; 399 break; 400 } 401 402 if (_IOC_NR(cmd) == _IOC_NR(HIDIOCGRAWNAME(0))) { 403 int len = strlen(hid->name) + 1; 404 if (len > _IOC_SIZE(cmd)) 405 len = _IOC_SIZE(cmd); 406 ret = copy_to_user(user_arg, hid->name, len) ? 407 -EFAULT : len; 408 break; 409 } 410 411 if (_IOC_NR(cmd) == _IOC_NR(HIDIOCGRAWPHYS(0))) { 412 int len = strlen(hid->phys) + 1; 413 if (len > _IOC_SIZE(cmd)) 414 len = _IOC_SIZE(cmd); 415 ret = copy_to_user(user_arg, hid->phys, len) ? 416 -EFAULT : len; 417 break; 418 } 419 } 420 421 ret = -ENOTTY; 422 } 423 out: 424 mutex_unlock(&minors_lock); 425 return ret; 426 } 427 428 static const struct file_operations hidraw_ops = { 429 .owner = THIS_MODULE, 430 .read = hidraw_read, 431 .write = hidraw_write, 432 .poll = hidraw_poll, 433 .open = hidraw_open, 434 .release = hidraw_release, 435 .unlocked_ioctl = hidraw_ioctl, 436 #ifdef CONFIG_COMPAT 437 .compat_ioctl = hidraw_ioctl, 438 #endif 439 .llseek = noop_llseek, 440 }; 441 442 int hidraw_report_event(struct hid_device *hid, u8 *data, int len) 443 { 444 struct hidraw *dev = hid->hidraw; 445 struct hidraw_list *list; 446 int ret = 0; 447 448 list_for_each_entry(list, &dev->list, node) { 449 if (!(list->buffer[list->head].value = kmemdup(data, len, GFP_ATOMIC))) { 450 ret = -ENOMEM; 451 break; 452 } 453 list->buffer[list->head].len = len; 454 list->head = (list->head + 1) & (HIDRAW_BUFFER_SIZE - 1); 455 kill_fasync(&list->fasync, SIGIO, POLL_IN); 456 } 457 458 wake_up_interruptible(&dev->wait); 459 return ret; 460 } 461 EXPORT_SYMBOL_GPL(hidraw_report_event); 462 463 int hidraw_connect(struct hid_device *hid) 464 { 465 int minor, result; 466 struct hidraw *dev; 467 468 /* we accept any HID device, no matter the applications */ 469 470 dev = kzalloc(sizeof(struct hidraw), GFP_KERNEL); 471 if (!dev) 472 return -ENOMEM; 473 474 result = -EINVAL; 475 476 mutex_lock(&minors_lock); 477 478 for (minor = 0; minor < HIDRAW_MAX_DEVICES; minor++) { 479 if (hidraw_table[minor]) 480 continue; 481 hidraw_table[minor] = dev; 482 result = 0; 483 break; 484 } 485 486 if (result) { 487 mutex_unlock(&minors_lock); 488 kfree(dev); 489 goto out; 490 } 491 492 dev->dev = device_create(hidraw_class, &hid->dev, MKDEV(hidraw_major, minor), 493 NULL, "%s%d", "hidraw", minor); 494 495 if (IS_ERR(dev->dev)) { 496 hidraw_table[minor] = NULL; 497 mutex_unlock(&minors_lock); 498 result = PTR_ERR(dev->dev); 499 kfree(dev); 500 goto out; 501 } 502 503 mutex_unlock(&minors_lock); 504 init_waitqueue_head(&dev->wait); 505 INIT_LIST_HEAD(&dev->list); 506 507 dev->hid = hid; 508 dev->minor = minor; 509 510 dev->exist = 1; 511 hid->hidraw = dev; 512 513 out: 514 return result; 515 516 } 517 EXPORT_SYMBOL_GPL(hidraw_connect); 518 519 void hidraw_disconnect(struct hid_device *hid) 520 { 521 struct hidraw *hidraw = hid->hidraw; 522 523 mutex_lock(&minors_lock); 524 hidraw->exist = 0; 525 526 device_destroy(hidraw_class, MKDEV(hidraw_major, hidraw->minor)); 527 528 hidraw_table[hidraw->minor] = NULL; 529 530 if (hidraw->open) { 531 hid_hw_close(hid); 532 wake_up_interruptible(&hidraw->wait); 533 } else { 534 kfree(hidraw); 535 } 536 mutex_unlock(&minors_lock); 537 } 538 EXPORT_SYMBOL_GPL(hidraw_disconnect); 539 540 int __init hidraw_init(void) 541 { 542 int result; 543 dev_t dev_id; 544 545 result = alloc_chrdev_region(&dev_id, HIDRAW_FIRST_MINOR, 546 HIDRAW_MAX_DEVICES, "hidraw"); 547 548 hidraw_major = MAJOR(dev_id); 549 550 if (result < 0) { 551 pr_warn("can't get major number\n"); 552 result = 0; 553 goto out; 554 } 555 556 hidraw_class = class_create(THIS_MODULE, "hidraw"); 557 if (IS_ERR(hidraw_class)) { 558 result = PTR_ERR(hidraw_class); 559 unregister_chrdev(hidraw_major, "hidraw"); 560 goto out; 561 } 562 563 cdev_init(&hidraw_cdev, &hidraw_ops); 564 cdev_add(&hidraw_cdev, dev_id, HIDRAW_MAX_DEVICES); 565 out: 566 return result; 567 } 568 569 void hidraw_exit(void) 570 { 571 dev_t dev_id = MKDEV(hidraw_major, 0); 572 573 cdev_del(&hidraw_cdev); 574 class_destroy(hidraw_class); 575 unregister_chrdev_region(dev_id, HIDRAW_MAX_DEVICES); 576 577 } 578