2 * User-space I/O driver support for HID subsystem
3 * Copyright (c) 2012 David Herrmann
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the Free
9 * Software Foundation; either version 2 of the License, or (at your option)
13 #include <linux/atomic.h>
14 #include <linux/compat.h>
15 #include <linux/device.h>
17 #include <linux/hid.h>
18 #include <linux/input.h>
19 #include <linux/miscdevice.h>
20 #include <linux/module.h>
21 #include <linux/mutex.h>
22 #include <linux/poll.h>
23 #include <linux/sched.h>
24 #include <linux/spinlock.h>
25 #include <linux/uhid.h>
26 #include <linux/wait.h>
28 #define UHID_NAME "uhid"
29 #define UHID_BUFSIZE 32
38 struct hid_device
*hid
;
39 struct uhid_event input_buf
;
41 wait_queue_head_t waitq
;
45 struct uhid_event
*outq
[UHID_BUFSIZE
];
47 /* blocking GET_REPORT support; state changes protected by qlock */
48 struct mutex report_lock
;
49 wait_queue_head_t report_wait
;
52 struct uhid_event report_buf
;
55 static struct miscdevice uhid_misc
;
57 static void uhid_queue(struct uhid_device
*uhid
, struct uhid_event
*ev
)
61 newhead
= (uhid
->head
+ 1) % UHID_BUFSIZE
;
63 if (newhead
!= uhid
->tail
) {
64 uhid
->outq
[uhid
->head
] = ev
;
66 wake_up_interruptible(&uhid
->waitq
);
68 hid_warn(uhid
->hid
, "Output queue is full\n");
73 static int uhid_queue_event(struct uhid_device
*uhid
, __u32 event
)
76 struct uhid_event
*ev
;
78 ev
= kzalloc(sizeof(*ev
), GFP_KERNEL
);
84 spin_lock_irqsave(&uhid
->qlock
, flags
);
86 spin_unlock_irqrestore(&uhid
->qlock
, flags
);
91 static int uhid_hid_start(struct hid_device
*hid
)
93 struct uhid_device
*uhid
= hid
->driver_data
;
95 return uhid_queue_event(uhid
, UHID_START
);
98 static void uhid_hid_stop(struct hid_device
*hid
)
100 struct uhid_device
*uhid
= hid
->driver_data
;
103 uhid_queue_event(uhid
, UHID_STOP
);
106 static int uhid_hid_open(struct hid_device
*hid
)
108 struct uhid_device
*uhid
= hid
->driver_data
;
110 return uhid_queue_event(uhid
, UHID_OPEN
);
113 static void uhid_hid_close(struct hid_device
*hid
)
115 struct uhid_device
*uhid
= hid
->driver_data
;
117 uhid_queue_event(uhid
, UHID_CLOSE
);
120 static int uhid_hid_parse(struct hid_device
*hid
)
122 struct uhid_device
*uhid
= hid
->driver_data
;
124 return hid_parse_report(hid
, uhid
->rd_data
, uhid
->rd_size
);
127 static int uhid_hid_get_raw(struct hid_device
*hid
, unsigned char rnum
,
128 __u8
*buf
, size_t count
, unsigned char rtype
)
130 struct uhid_device
*uhid
= hid
->driver_data
;
132 struct uhid_event
*ev
;
135 size_t uninitialized_var(len
);
136 struct uhid_feature_answer_req
*req
;
142 case HID_FEATURE_REPORT
:
143 report_type
= UHID_FEATURE_REPORT
;
145 case HID_OUTPUT_REPORT
:
146 report_type
= UHID_OUTPUT_REPORT
;
148 case HID_INPUT_REPORT
:
149 report_type
= UHID_INPUT_REPORT
;
155 ret
= mutex_lock_interruptible(&uhid
->report_lock
);
159 ev
= kzalloc(sizeof(*ev
), GFP_KERNEL
);
165 spin_lock_irqsave(&uhid
->qlock
, flags
);
166 ev
->type
= UHID_FEATURE
;
167 ev
->u
.feature
.id
= ++uhid
->report_id
;
168 ev
->u
.feature
.rnum
= rnum
;
169 ev
->u
.feature
.rtype
= report_type
;
171 uhid
->report_running
= true;
172 uhid_queue(uhid
, ev
);
173 spin_unlock_irqrestore(&uhid
->qlock
, flags
);
175 ret
= wait_event_interruptible_timeout(uhid
->report_wait
,
176 !uhid
->report_running
|| !uhid
->running
,
179 if (!ret
|| !uhid
->running
) {
181 } else if (ret
< 0) {
184 spin_lock_irqsave(&uhid
->qlock
, flags
);
185 req
= &uhid
->report_buf
.u
.feature_answer
;
192 min_t(size_t, req
->size
, UHID_DATA_MAX
));
193 memcpy(buf
, req
->data
, len
);
196 spin_unlock_irqrestore(&uhid
->qlock
, flags
);
199 uhid
->report_running
= false;
202 mutex_unlock(&uhid
->report_lock
);
203 return ret
? ret
: len
;
206 static int uhid_hid_output_raw(struct hid_device
*hid
, __u8
*buf
, size_t count
,
207 unsigned char report_type
)
209 struct uhid_device
*uhid
= hid
->driver_data
;
212 struct uhid_event
*ev
;
214 switch (report_type
) {
215 case HID_FEATURE_REPORT
:
216 rtype
= UHID_FEATURE_REPORT
;
218 case HID_OUTPUT_REPORT
:
219 rtype
= UHID_OUTPUT_REPORT
;
225 if (count
< 1 || count
> UHID_DATA_MAX
)
228 ev
= kzalloc(sizeof(*ev
), GFP_KERNEL
);
232 ev
->type
= UHID_OUTPUT
;
233 ev
->u
.output
.size
= count
;
234 ev
->u
.output
.rtype
= rtype
;
235 memcpy(ev
->u
.output
.data
, buf
, count
);
237 spin_lock_irqsave(&uhid
->qlock
, flags
);
238 uhid_queue(uhid
, ev
);
239 spin_unlock_irqrestore(&uhid
->qlock
, flags
);
244 static int uhid_hid_output_report(struct hid_device
*hid
, __u8
*buf
,
247 return uhid_hid_output_raw(hid
, buf
, count
, HID_OUTPUT_REPORT
);
250 static int uhid_raw_request(struct hid_device
*hid
, unsigned char reportnum
,
251 __u8
*buf
, size_t len
, unsigned char rtype
,
255 case HID_REQ_GET_REPORT
:
256 return uhid_hid_get_raw(hid
, reportnum
, buf
, len
, rtype
);
257 case HID_REQ_SET_REPORT
:
258 /* TODO: implement proper SET_REPORT functionality */
265 static struct hid_ll_driver uhid_hid_driver
= {
266 .start
= uhid_hid_start
,
267 .stop
= uhid_hid_stop
,
268 .open
= uhid_hid_open
,
269 .close
= uhid_hid_close
,
270 .parse
= uhid_hid_parse
,
271 .output_report
= uhid_hid_output_report
,
272 .raw_request
= uhid_raw_request
,
277 /* Apparently we haven't stepped on these rakes enough times yet. */
278 struct uhid_create_req_compat
{
283 compat_uptr_t rd_data
;
291 } __attribute__((__packed__
));
293 static int uhid_event_from_user(const char __user
*buffer
, size_t len
,
294 struct uhid_event
*event
)
296 if (is_compat_task()) {
299 if (get_user(type
, buffer
))
302 if (type
== UHID_CREATE
) {
304 * This is our messed up request with compat pointer.
305 * It is largish (more than 256 bytes) so we better
306 * allocate it from the heap.
308 struct uhid_create_req_compat
*compat
;
310 compat
= kzalloc(sizeof(*compat
), GFP_KERNEL
);
314 buffer
+= sizeof(type
);
316 if (copy_from_user(compat
, buffer
,
317 min(len
, sizeof(*compat
)))) {
322 /* Shuffle the data over to proper structure */
325 memcpy(event
->u
.create
.name
, compat
->name
,
326 sizeof(compat
->name
));
327 memcpy(event
->u
.create
.phys
, compat
->phys
,
328 sizeof(compat
->phys
));
329 memcpy(event
->u
.create
.uniq
, compat
->uniq
,
330 sizeof(compat
->uniq
));
332 event
->u
.create
.rd_data
= compat_ptr(compat
->rd_data
);
333 event
->u
.create
.rd_size
= compat
->rd_size
;
335 event
->u
.create
.bus
= compat
->bus
;
336 event
->u
.create
.vendor
= compat
->vendor
;
337 event
->u
.create
.product
= compat
->product
;
338 event
->u
.create
.version
= compat
->version
;
339 event
->u
.create
.country
= compat
->country
;
344 /* All others can be copied directly */
347 if (copy_from_user(event
, buffer
, min(len
, sizeof(*event
))))
353 static int uhid_event_from_user(const char __user
*buffer
, size_t len
,
354 struct uhid_event
*event
)
356 if (copy_from_user(event
, buffer
, min(len
, sizeof(*event
))))
363 static int uhid_dev_create2(struct uhid_device
*uhid
,
364 const struct uhid_event
*ev
)
366 struct hid_device
*hid
;
374 rd_size
= ev
->u
.create2
.rd_size
;
375 if (rd_size
<= 0 || rd_size
> HID_MAX_DESCRIPTOR_SIZE
)
378 rd_data
= kmemdup(ev
->u
.create2
.rd_data
, rd_size
, GFP_KERNEL
);
382 uhid
->rd_size
= rd_size
;
383 uhid
->rd_data
= rd_data
;
385 hid
= hid_allocate_device();
391 len
= min(sizeof(hid
->name
), sizeof(ev
->u
.create2
.name
)) - 1;
392 strncpy(hid
->name
, ev
->u
.create2
.name
, len
);
393 len
= min(sizeof(hid
->phys
), sizeof(ev
->u
.create2
.phys
)) - 1;
394 strncpy(hid
->phys
, ev
->u
.create2
.phys
, len
);
395 len
= min(sizeof(hid
->uniq
), sizeof(ev
->u
.create2
.uniq
)) - 1;
396 strncpy(hid
->uniq
, ev
->u
.create2
.uniq
, len
);
398 hid
->ll_driver
= &uhid_hid_driver
;
399 hid
->bus
= ev
->u
.create2
.bus
;
400 hid
->vendor
= ev
->u
.create2
.vendor
;
401 hid
->product
= ev
->u
.create2
.product
;
402 hid
->version
= ev
->u
.create2
.version
;
403 hid
->country
= ev
->u
.create2
.country
;
404 hid
->driver_data
= uhid
;
405 hid
->dev
.parent
= uhid_misc
.this_device
;
408 uhid
->running
= true;
410 ret
= hid_add_device(hid
);
412 hid_err(hid
, "Cannot register HID device\n");
419 hid_destroy_device(hid
);
421 uhid
->running
= false;
423 kfree(uhid
->rd_data
);
424 uhid
->rd_data
= NULL
;
429 static int uhid_dev_create(struct uhid_device
*uhid
,
430 struct uhid_event
*ev
)
432 struct uhid_create_req orig
;
436 if (orig
.rd_size
<= 0 || orig
.rd_size
> HID_MAX_DESCRIPTOR_SIZE
)
438 if (copy_from_user(&ev
->u
.create2
.rd_data
, orig
.rd_data
, orig
.rd_size
))
441 memcpy(ev
->u
.create2
.name
, orig
.name
, sizeof(orig
.name
));
442 memcpy(ev
->u
.create2
.phys
, orig
.phys
, sizeof(orig
.phys
));
443 memcpy(ev
->u
.create2
.uniq
, orig
.uniq
, sizeof(orig
.uniq
));
444 ev
->u
.create2
.rd_size
= orig
.rd_size
;
445 ev
->u
.create2
.bus
= orig
.bus
;
446 ev
->u
.create2
.vendor
= orig
.vendor
;
447 ev
->u
.create2
.product
= orig
.product
;
448 ev
->u
.create2
.version
= orig
.version
;
449 ev
->u
.create2
.country
= orig
.country
;
451 return uhid_dev_create2(uhid
, ev
);
454 static int uhid_dev_destroy(struct uhid_device
*uhid
)
459 uhid
->running
= false;
460 wake_up_interruptible(&uhid
->report_wait
);
462 hid_destroy_device(uhid
->hid
);
463 kfree(uhid
->rd_data
);
468 static int uhid_dev_input(struct uhid_device
*uhid
, struct uhid_event
*ev
)
473 hid_input_report(uhid
->hid
, HID_INPUT_REPORT
, ev
->u
.input
.data
,
474 min_t(size_t, ev
->u
.input
.size
, UHID_DATA_MAX
), 0);
479 static int uhid_dev_input2(struct uhid_device
*uhid
, struct uhid_event
*ev
)
484 hid_input_report(uhid
->hid
, HID_INPUT_REPORT
, ev
->u
.input2
.data
,
485 min_t(size_t, ev
->u
.input2
.size
, UHID_DATA_MAX
), 0);
490 static int uhid_dev_feature_answer(struct uhid_device
*uhid
,
491 struct uhid_event
*ev
)
498 spin_lock_irqsave(&uhid
->qlock
, flags
);
500 /* id for old report; drop it silently */
501 if (uhid
->report_id
!= ev
->u
.feature_answer
.id
)
503 if (!uhid
->report_running
)
506 memcpy(&uhid
->report_buf
, ev
, sizeof(*ev
));
507 uhid
->report_running
= false;
508 wake_up_interruptible(&uhid
->report_wait
);
511 spin_unlock_irqrestore(&uhid
->qlock
, flags
);
515 static int uhid_char_open(struct inode
*inode
, struct file
*file
)
517 struct uhid_device
*uhid
;
519 uhid
= kzalloc(sizeof(*uhid
), GFP_KERNEL
);
523 mutex_init(&uhid
->devlock
);
524 mutex_init(&uhid
->report_lock
);
525 spin_lock_init(&uhid
->qlock
);
526 init_waitqueue_head(&uhid
->waitq
);
527 init_waitqueue_head(&uhid
->report_wait
);
528 uhid
->running
= false;
530 file
->private_data
= uhid
;
531 nonseekable_open(inode
, file
);
536 static int uhid_char_release(struct inode
*inode
, struct file
*file
)
538 struct uhid_device
*uhid
= file
->private_data
;
541 uhid_dev_destroy(uhid
);
543 for (i
= 0; i
< UHID_BUFSIZE
; ++i
)
544 kfree(uhid
->outq
[i
]);
551 static ssize_t
uhid_char_read(struct file
*file
, char __user
*buffer
,
552 size_t count
, loff_t
*ppos
)
554 struct uhid_device
*uhid
= file
->private_data
;
559 /* they need at least the "type" member of uhid_event */
560 if (count
< sizeof(__u32
))
564 if (file
->f_flags
& O_NONBLOCK
) {
565 if (uhid
->head
== uhid
->tail
)
568 ret
= wait_event_interruptible(uhid
->waitq
,
569 uhid
->head
!= uhid
->tail
);
574 ret
= mutex_lock_interruptible(&uhid
->devlock
);
578 if (uhid
->head
== uhid
->tail
) {
579 mutex_unlock(&uhid
->devlock
);
582 len
= min(count
, sizeof(**uhid
->outq
));
583 if (copy_to_user(buffer
, uhid
->outq
[uhid
->tail
], len
)) {
586 kfree(uhid
->outq
[uhid
->tail
]);
587 uhid
->outq
[uhid
->tail
] = NULL
;
589 spin_lock_irqsave(&uhid
->qlock
, flags
);
590 uhid
->tail
= (uhid
->tail
+ 1) % UHID_BUFSIZE
;
591 spin_unlock_irqrestore(&uhid
->qlock
, flags
);
595 mutex_unlock(&uhid
->devlock
);
596 return ret
? ret
: len
;
599 static ssize_t
uhid_char_write(struct file
*file
, const char __user
*buffer
,
600 size_t count
, loff_t
*ppos
)
602 struct uhid_device
*uhid
= file
->private_data
;
606 /* we need at least the "type" member of uhid_event */
607 if (count
< sizeof(__u32
))
610 ret
= mutex_lock_interruptible(&uhid
->devlock
);
614 memset(&uhid
->input_buf
, 0, sizeof(uhid
->input_buf
));
615 len
= min(count
, sizeof(uhid
->input_buf
));
617 ret
= uhid_event_from_user(buffer
, len
, &uhid
->input_buf
);
621 switch (uhid
->input_buf
.type
) {
623 ret
= uhid_dev_create(uhid
, &uhid
->input_buf
);
626 ret
= uhid_dev_create2(uhid
, &uhid
->input_buf
);
629 ret
= uhid_dev_destroy(uhid
);
632 ret
= uhid_dev_input(uhid
, &uhid
->input_buf
);
635 ret
= uhid_dev_input2(uhid
, &uhid
->input_buf
);
637 case UHID_FEATURE_ANSWER
:
638 ret
= uhid_dev_feature_answer(uhid
, &uhid
->input_buf
);
645 mutex_unlock(&uhid
->devlock
);
647 /* return "count" not "len" to not confuse the caller */
648 return ret
? ret
: count
;
651 static unsigned int uhid_char_poll(struct file
*file
, poll_table
*wait
)
653 struct uhid_device
*uhid
= file
->private_data
;
655 poll_wait(file
, &uhid
->waitq
, wait
);
657 if (uhid
->head
!= uhid
->tail
)
658 return POLLIN
| POLLRDNORM
;
663 static const struct file_operations uhid_fops
= {
664 .owner
= THIS_MODULE
,
665 .open
= uhid_char_open
,
666 .release
= uhid_char_release
,
667 .read
= uhid_char_read
,
668 .write
= uhid_char_write
,
669 .poll
= uhid_char_poll
,
673 static struct miscdevice uhid_misc
= {
679 static int __init
uhid_init(void)
681 return misc_register(&uhid_misc
);
684 static void __exit
uhid_exit(void)
686 misc_deregister(&uhid_misc
);
689 module_init(uhid_init
);
690 module_exit(uhid_exit
);
691 MODULE_LICENSE("GPL");
692 MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>");
693 MODULE_DESCRIPTION("User-space I/O driver support for HID subsystem");
694 MODULE_ALIAS_MISCDEV(UHID_MINOR
);
695 MODULE_ALIAS("devname:" UHID_NAME
);