1 /* 2 * HID raw devices, giving access to raw HID events. 3 * 4 * In comparison to hiddev, this device does not process the 5 * hid events at all (no parsing, no lookups). This lets applications 6 * to work on raw hid events as they want to, and avoids a need to 7 * use a transport-specific userspace libhid/libusb libraries. 8 * 9 * Copyright (c) 2007 Jiri Kosina 10 */ 11 12 /* 13 * This program is free software; you can redistribute it and/or modify it 14 * under the terms and conditions of the GNU General Public License, 15 * version 2, as published by the Free Software Foundation. 16 * 17 * You should have received a copy of the GNU General Public License along with 18 * this program; if not, write to the Free Software Foundation, Inc., 19 * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. 20 */ 21 22 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 23 24 #include <linux/fs.h> 25 #include <linux/module.h> 26 #include <linux/errno.h> 27 #include <linux/kernel.h> 28 #include <linux/init.h> 29 #include <linux/cdev.h> 30 #include <linux/poll.h> 31 #include <linux/device.h> 32 #include <linux/major.h> 33 #include <linux/slab.h> 34 #include <linux/hid.h> 35 #include <linux/mutex.h> 36 #include <linux/sched.h> 37 38 #include <linux/hidraw.h> 39 40 static int hidraw_major; 41 static struct cdev hidraw_cdev; 42 static struct class *hidraw_class; 43 static struct hidraw *hidraw_table[HIDRAW_MAX_DEVICES]; 44 static DEFINE_MUTEX(minors_lock); 45 46 static ssize_t hidraw_read(struct file *file, char __user *buffer, size_t count, loff_t *ppos) 47 { 48 struct hidraw_list *list = file->private_data; 49 int ret = 0, len; 50 DECLARE_WAITQUEUE(wait, current); 51 52 mutex_lock(&list->read_mutex); 53 54 while (ret == 0) { 55 if (list->head == list->tail) { 56 add_wait_queue(&list->hidraw->wait, &wait); 57 set_current_state(TASK_INTERRUPTIBLE); 58 59 while (list->head == list->tail) { 60 if (signal_pending(current)) { 61 ret = -ERESTARTSYS; 62 break; 63 } 64 if (!list->hidraw->exist) { 65 ret = -EIO; 66 break; 67 } 68 if (file->f_flags & O_NONBLOCK) { 69 ret = -EAGAIN; 70 break; 71 } 72 73 /* allow O_NONBLOCK to work well from other threads */ 74 mutex_unlock(&list->read_mutex); 75 schedule(); 76 mutex_lock(&list->read_mutex); 77 set_current_state(TASK_INTERRUPTIBLE); 78 } 79 80 set_current_state(TASK_RUNNING); 81 remove_wait_queue(&list->hidraw->wait, &wait); 82 } 83 84 if (ret) 85 goto out; 86 87 len = list->buffer[list->tail].len > count ? 88 count : list->buffer[list->tail].len; 89 90 if (list->buffer[list->tail].value) { 91 if (copy_to_user(buffer, list->buffer[list->tail].value, len)) { 92 ret = -EFAULT; 93 goto out; 94 } 95 ret = len; 96 } 97 98 kfree(list->buffer[list->tail].value); 99 list->buffer[list->tail].value = NULL; 100 list->tail = (list->tail + 1) & (HIDRAW_BUFFER_SIZE - 1); 101 } 102 out: 103 mutex_unlock(&list->read_mutex); 104 return ret; 105 } 106 107 /* The first byte is expected to be a report number. 108 * This function is to be called with the minors_lock mutex held */ 109 static ssize_t hidraw_send_report(struct file *file, const char __user *buffer, size_t count, unsigned char report_type) 110 { 111 unsigned int minor = iminor(file_inode(file)); 112 struct hid_device *dev; 113 __u8 *buf; 114 int ret = 0; 115 116 if (!hidraw_table[minor] || !hidraw_table[minor]->exist) { 117 ret = -ENODEV; 118 goto out; 119 } 120 121 dev = hidraw_table[minor]->hid; 122 123 if (!dev->hid_output_raw_report) { 124 ret = -ENODEV; 125 goto out; 126 } 127 128 if (count > HID_MAX_BUFFER_SIZE) { 129 hid_warn(dev, "pid %d passed too large report\n", 130 task_pid_nr(current)); 131 ret = -EINVAL; 132 goto out; 133 } 134 135 if (count < 2) { 136 hid_warn(dev, "pid %d passed too short report\n", 137 task_pid_nr(current)); 138 ret = -EINVAL; 139 goto out; 140 } 141 142 buf = kmalloc(count * sizeof(__u8), GFP_KERNEL); 143 if (!buf) { 144 ret = -ENOMEM; 145 goto out; 146 } 147 148 if (copy_from_user(buf, buffer, count)) { 149 ret = -EFAULT; 150 goto out_free; 151 } 152 153 ret = dev->hid_output_raw_report(dev, buf, count, report_type); 154 out_free: 155 kfree(buf); 156 out: 157 return ret; 158 } 159 160 /* the first byte is expected to be a report number */ 161 static ssize_t hidraw_write(struct file *file, const char __user *buffer, size_t count, loff_t *ppos) 162 { 163 ssize_t ret; 164 mutex_lock(&minors_lock); 165 ret = hidraw_send_report(file, buffer, count, HID_OUTPUT_REPORT); 166 mutex_unlock(&minors_lock); 167 return ret; 168 } 169 170 171 /* This function performs a Get_Report transfer over the control endpoint 172 * per section 7.2.1 of the HID specification, version 1.1. The first byte 173 * of buffer is the report number to request, or 0x0 if the defice does not 174 * use numbered reports. The report_type parameter can be HID_FEATURE_REPORT 175 * or HID_INPUT_REPORT. This function is to be called with the minors_lock 176 * mutex held. */ 177 static ssize_t hidraw_get_report(struct file *file, char __user *buffer, size_t count, unsigned char report_type) 178 { 179 unsigned int minor = iminor(file_inode(file)); 180 struct hid_device *dev; 181 __u8 *buf; 182 int ret = 0, len; 183 unsigned char report_number; 184 185 dev = hidraw_table[minor]->hid; 186 187 if (!dev->hid_get_raw_report) { 188 ret = -ENODEV; 189 goto out; 190 } 191 192 if (count > HID_MAX_BUFFER_SIZE) { 193 printk(KERN_WARNING "hidraw: pid %d passed too large report\n", 194 task_pid_nr(current)); 195 ret = -EINVAL; 196 goto out; 197 } 198 199 if (count < 2) { 200 printk(KERN_WARNING "hidraw: pid %d passed too short report\n", 201 task_pid_nr(current)); 202 ret = -EINVAL; 203 goto out; 204 } 205 206 buf = kmalloc(count * sizeof(__u8), GFP_KERNEL); 207 if (!buf) { 208 ret = -ENOMEM; 209 goto out; 210 } 211 212 /* Read the first byte from the user. This is the report number, 213 * which is passed to dev->hid_get_raw_report(). */ 214 if (copy_from_user(&report_number, buffer, 1)) { 215 ret = -EFAULT; 216 goto out_free; 217 } 218 219 ret = dev->hid_get_raw_report(dev, report_number, buf, count, report_type); 220 221 if (ret < 0) 222 goto out_free; 223 224 len = (ret < count) ? ret : count; 225 226 if (copy_to_user(buffer, buf, len)) { 227 ret = -EFAULT; 228 goto out_free; 229 } 230 231 ret = len; 232 233 out_free: 234 kfree(buf); 235 out: 236 return ret; 237 } 238 239 static unsigned int hidraw_poll(struct file *file, poll_table *wait) 240 { 241 struct hidraw_list *list = file->private_data; 242 243 poll_wait(file, &list->hidraw->wait, wait); 244 if (list->head != list->tail) 245 return POLLIN | POLLRDNORM; 246 if (!list->hidraw->exist) 247 return POLLERR | POLLHUP; 248 return 0; 249 } 250 251 static int hidraw_open(struct inode *inode, struct file *file) 252 { 253 unsigned int minor = iminor(inode); 254 struct hidraw *dev; 255 struct hidraw_list *list; 256 int err = 0; 257 258 if (!(list = kzalloc(sizeof(struct hidraw_list), GFP_KERNEL))) { 259 err = -ENOMEM; 260 goto out; 261 } 262 263 mutex_lock(&minors_lock); 264 if (!hidraw_table[minor] || !hidraw_table[minor]->exist) { 265 err = -ENODEV; 266 goto out_unlock; 267 } 268 269 list->hidraw = hidraw_table[minor]; 270 mutex_init(&list->read_mutex); 271 list_add_tail(&list->node, &hidraw_table[minor]->list); 272 file->private_data = list; 273 274 dev = hidraw_table[minor]; 275 if (!dev->open++) { 276 err = hid_hw_power(dev->hid, PM_HINT_FULLON); 277 if (err < 0) { 278 dev->open--; 279 goto out_unlock; 280 } 281 282 err = hid_hw_open(dev->hid); 283 if (err < 0) { 284 hid_hw_power(dev->hid, PM_HINT_NORMAL); 285 dev->open--; 286 } 287 } 288 289 out_unlock: 290 mutex_unlock(&minors_lock); 291 out: 292 if (err < 0) 293 kfree(list); 294 return err; 295 296 } 297 298 static int hidraw_fasync(int fd, struct file *file, int on) 299 { 300 struct hidraw_list *list = file->private_data; 301 302 return fasync_helper(fd, file, on, &list->fasync); 303 } 304 305 static void drop_ref(struct hidraw *hidraw, int exists_bit) 306 { 307 if (exists_bit) { 308 hid_hw_close(hidraw->hid); 309 hidraw->exist = 0; 310 if (hidraw->open) 311 wake_up_interruptible(&hidraw->wait); 312 } else { 313 --hidraw->open; 314 } 315 316 if (!hidraw->open && !hidraw->exist) { 317 device_destroy(hidraw_class, MKDEV(hidraw_major, hidraw->minor)); 318 hidraw_table[hidraw->minor] = NULL; 319 kfree(hidraw); 320 } 321 } 322 323 static int hidraw_release(struct inode * inode, struct file * file) 324 { 325 unsigned int minor = iminor(inode); 326 struct hidraw_list *list = file->private_data; 327 328 mutex_lock(&minors_lock); 329 330 list_del(&list->node); 331 kfree(list); 332 333 drop_ref(hidraw_table[minor], 0); 334 335 mutex_unlock(&minors_lock); 336 return 0; 337 } 338 339 static long hidraw_ioctl(struct file *file, unsigned int cmd, 340 unsigned long arg) 341 { 342 struct inode *inode = file_inode(file); 343 unsigned int minor = iminor(inode); 344 long ret = 0; 345 struct hidraw *dev; 346 void __user *user_arg = (void __user*) arg; 347 348 mutex_lock(&minors_lock); 349 dev = hidraw_table[minor]; 350 if (!dev) { 351 ret = -ENODEV; 352 goto out; 353 } 354 355 switch (cmd) { 356 case HIDIOCGRDESCSIZE: 357 if (put_user(dev->hid->rsize, (int __user *)arg)) 358 ret = -EFAULT; 359 break; 360 361 case HIDIOCGRDESC: 362 { 363 __u32 len; 364 365 if (get_user(len, (int __user *)arg)) 366 ret = -EFAULT; 367 else if (len > HID_MAX_DESCRIPTOR_SIZE - 1) 368 ret = -EINVAL; 369 else if (copy_to_user(user_arg + offsetof( 370 struct hidraw_report_descriptor, 371 value[0]), 372 dev->hid->rdesc, 373 min(dev->hid->rsize, len))) 374 ret = -EFAULT; 375 break; 376 } 377 case HIDIOCGRAWINFO: 378 { 379 struct hidraw_devinfo dinfo; 380 381 dinfo.bustype = dev->hid->bus; 382 dinfo.vendor = dev->hid->vendor; 383 dinfo.product = dev->hid->product; 384 if (copy_to_user(user_arg, &dinfo, sizeof(dinfo))) 385 ret = -EFAULT; 386 break; 387 } 388 default: 389 { 390 struct hid_device *hid = dev->hid; 391 if (_IOC_TYPE(cmd) != 'H') { 392 ret = -EINVAL; 393 break; 394 } 395 396 if (_IOC_NR(cmd) == _IOC_NR(HIDIOCSFEATURE(0))) { 397 int len = _IOC_SIZE(cmd); 398 ret = hidraw_send_report(file, user_arg, len, HID_FEATURE_REPORT); 399 break; 400 } 401 if (_IOC_NR(cmd) == _IOC_NR(HIDIOCGFEATURE(0))) { 402 int len = _IOC_SIZE(cmd); 403 ret = hidraw_get_report(file, user_arg, len, HID_FEATURE_REPORT); 404 break; 405 } 406 407 /* Begin Read-only ioctls. */ 408 if (_IOC_DIR(cmd) != _IOC_READ) { 409 ret = -EINVAL; 410 break; 411 } 412 413 if (_IOC_NR(cmd) == _IOC_NR(HIDIOCGRAWNAME(0))) { 414 int len = strlen(hid->name) + 1; 415 if (len > _IOC_SIZE(cmd)) 416 len = _IOC_SIZE(cmd); 417 ret = copy_to_user(user_arg, hid->name, len) ? 418 -EFAULT : len; 419 break; 420 } 421 422 if (_IOC_NR(cmd) == _IOC_NR(HIDIOCGRAWPHYS(0))) { 423 int len = strlen(hid->phys) + 1; 424 if (len > _IOC_SIZE(cmd)) 425 len = _IOC_SIZE(cmd); 426 ret = copy_to_user(user_arg, hid->phys, len) ? 427 -EFAULT : len; 428 break; 429 } 430 } 431 432 ret = -ENOTTY; 433 } 434 out: 435 mutex_unlock(&minors_lock); 436 return ret; 437 } 438 439 static const struct file_operations hidraw_ops = { 440 .owner = THIS_MODULE, 441 .read = hidraw_read, 442 .write = hidraw_write, 443 .poll = hidraw_poll, 444 .open = hidraw_open, 445 .release = hidraw_release, 446 .unlocked_ioctl = hidraw_ioctl, 447 .fasync = hidraw_fasync, 448 #ifdef CONFIG_COMPAT 449 .compat_ioctl = hidraw_ioctl, 450 #endif 451 .llseek = noop_llseek, 452 }; 453 454 int hidraw_report_event(struct hid_device *hid, u8 *data, int len) 455 { 456 struct hidraw *dev = hid->hidraw; 457 struct hidraw_list *list; 458 int ret = 0; 459 460 list_for_each_entry(list, &dev->list, node) { 461 int new_head = (list->head + 1) & (HIDRAW_BUFFER_SIZE - 1); 462 463 if (new_head == list->tail) 464 continue; 465 466 if (!(list->buffer[list->head].value = kmemdup(data, len, GFP_ATOMIC))) { 467 ret = -ENOMEM; 468 break; 469 } 470 list->buffer[list->head].len = len; 471 list->head = new_head; 472 kill_fasync(&list->fasync, SIGIO, POLL_IN); 473 } 474 475 wake_up_interruptible(&dev->wait); 476 return ret; 477 } 478 EXPORT_SYMBOL_GPL(hidraw_report_event); 479 480 int hidraw_connect(struct hid_device *hid) 481 { 482 int minor, result; 483 struct hidraw *dev; 484 485 /* we accept any HID device, no matter the applications */ 486 487 dev = kzalloc(sizeof(struct hidraw), GFP_KERNEL); 488 if (!dev) 489 return -ENOMEM; 490 491 result = -EINVAL; 492 493 mutex_lock(&minors_lock); 494 495 for (minor = 0; minor < HIDRAW_MAX_DEVICES; minor++) { 496 if (hidraw_table[minor]) 497 continue; 498 hidraw_table[minor] = dev; 499 result = 0; 500 break; 501 } 502 503 if (result) { 504 mutex_unlock(&minors_lock); 505 kfree(dev); 506 goto out; 507 } 508 509 dev->dev = device_create(hidraw_class, &hid->dev, MKDEV(hidraw_major, minor), 510 NULL, "%s%d", "hidraw", minor); 511 512 if (IS_ERR(dev->dev)) { 513 hidraw_table[minor] = NULL; 514 mutex_unlock(&minors_lock); 515 result = PTR_ERR(dev->dev); 516 kfree(dev); 517 goto out; 518 } 519 520 mutex_unlock(&minors_lock); 521 init_waitqueue_head(&dev->wait); 522 INIT_LIST_HEAD(&dev->list); 523 524 dev->hid = hid; 525 dev->minor = minor; 526 527 dev->exist = 1; 528 hid->hidraw = dev; 529 530 out: 531 return result; 532 533 } 534 EXPORT_SYMBOL_GPL(hidraw_connect); 535 536 void hidraw_disconnect(struct hid_device *hid) 537 { 538 struct hidraw *hidraw = hid->hidraw; 539 540 mutex_lock(&minors_lock); 541 542 drop_ref(hidraw, 1); 543 544 mutex_unlock(&minors_lock); 545 } 546 EXPORT_SYMBOL_GPL(hidraw_disconnect); 547 548 int __init hidraw_init(void) 549 { 550 int result; 551 dev_t dev_id; 552 553 result = alloc_chrdev_region(&dev_id, HIDRAW_FIRST_MINOR, 554 HIDRAW_MAX_DEVICES, "hidraw"); 555 556 hidraw_major = MAJOR(dev_id); 557 558 if (result < 0) { 559 pr_warn("can't get major number\n"); 560 goto out; 561 } 562 563 hidraw_class = class_create(THIS_MODULE, "hidraw"); 564 if (IS_ERR(hidraw_class)) { 565 result = PTR_ERR(hidraw_class); 566 goto error_cdev; 567 } 568 569 cdev_init(&hidraw_cdev, &hidraw_ops); 570 result = cdev_add(&hidraw_cdev, dev_id, HIDRAW_MAX_DEVICES); 571 if (result < 0) 572 goto error_class; 573 574 printk(KERN_INFO "hidraw: raw HID events driver (C) Jiri Kosina\n"); 575 out: 576 return result; 577 578 error_class: 579 class_destroy(hidraw_class); 580 error_cdev: 581 unregister_chrdev_region(dev_id, HIDRAW_MAX_DEVICES); 582 goto out; 583 } 584 585 void hidraw_exit(void) 586 { 587 dev_t dev_id = MKDEV(hidraw_major, 0); 588 589 cdev_del(&hidraw_cdev); 590 class_destroy(hidraw_class); 591 unregister_chrdev_region(dev_id, HIDRAW_MAX_DEVICES); 592 593 } 594