2 * User-space I/O driver support for HID subsystem
3 * Copyright (c) 2012 David Herrmann
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the Free
9 * Software Foundation; either version 2 of the License, or (at your option)
13 #include <linux/atomic.h>
14 #include <linux/compat.h>
15 #include <linux/device.h>
17 #include <linux/hid.h>
18 #include <linux/input.h>
19 #include <linux/miscdevice.h>
20 #include <linux/module.h>
21 #include <linux/mutex.h>
22 #include <linux/poll.h>
23 #include <linux/sched.h>
24 #include <linux/spinlock.h>
25 #include <linux/uhid.h>
26 #include <linux/wait.h>
28 #define UHID_NAME "uhid"
29 #define UHID_BUFSIZE 32
38 struct hid_device
*hid
;
39 struct uhid_event input_buf
;
41 wait_queue_head_t waitq
;
45 struct uhid_event
*outq
[UHID_BUFSIZE
];
47 struct mutex report_lock
;
48 wait_queue_head_t report_wait
;
51 struct uhid_event report_buf
;
54 static struct miscdevice uhid_misc
;
56 static void uhid_queue(struct uhid_device
*uhid
, struct uhid_event
*ev
)
60 newhead
= (uhid
->head
+ 1) % UHID_BUFSIZE
;
62 if (newhead
!= uhid
->tail
) {
63 uhid
->outq
[uhid
->head
] = ev
;
65 wake_up_interruptible(&uhid
->waitq
);
67 hid_warn(uhid
->hid
, "Output queue is full\n");
72 static int uhid_queue_event(struct uhid_device
*uhid
, __u32 event
)
75 struct uhid_event
*ev
;
77 ev
= kzalloc(sizeof(*ev
), GFP_KERNEL
);
83 spin_lock_irqsave(&uhid
->qlock
, flags
);
85 spin_unlock_irqrestore(&uhid
->qlock
, flags
);
90 static int uhid_hid_start(struct hid_device
*hid
)
92 struct uhid_device
*uhid
= hid
->driver_data
;
94 return uhid_queue_event(uhid
, UHID_START
);
97 static void uhid_hid_stop(struct hid_device
*hid
)
99 struct uhid_device
*uhid
= hid
->driver_data
;
102 uhid_queue_event(uhid
, UHID_STOP
);
105 static int uhid_hid_open(struct hid_device
*hid
)
107 struct uhid_device
*uhid
= hid
->driver_data
;
109 return uhid_queue_event(uhid
, UHID_OPEN
);
112 static void uhid_hid_close(struct hid_device
*hid
)
114 struct uhid_device
*uhid
= hid
->driver_data
;
116 uhid_queue_event(uhid
, UHID_CLOSE
);
119 static int uhid_hid_input(struct input_dev
*input
, unsigned int type
,
120 unsigned int code
, int value
)
122 struct hid_device
*hid
= input_get_drvdata(input
);
123 struct uhid_device
*uhid
= hid
->driver_data
;
125 struct uhid_event
*ev
;
127 ev
= kzalloc(sizeof(*ev
), GFP_ATOMIC
);
131 ev
->type
= UHID_OUTPUT_EV
;
132 ev
->u
.output_ev
.type
= type
;
133 ev
->u
.output_ev
.code
= code
;
134 ev
->u
.output_ev
.value
= value
;
136 spin_lock_irqsave(&uhid
->qlock
, flags
);
137 uhid_queue(uhid
, ev
);
138 spin_unlock_irqrestore(&uhid
->qlock
, flags
);
143 static int uhid_hid_parse(struct hid_device
*hid
)
145 struct uhid_device
*uhid
= hid
->driver_data
;
147 return hid_parse_report(hid
, uhid
->rd_data
, uhid
->rd_size
);
150 static int uhid_hid_get_raw(struct hid_device
*hid
, unsigned char rnum
,
151 __u8
*buf
, size_t count
, unsigned char rtype
)
153 struct uhid_device
*uhid
= hid
->driver_data
;
155 struct uhid_event
*ev
;
158 size_t uninitialized_var(len
);
159 struct uhid_feature_answer_req
*req
;
165 case HID_FEATURE_REPORT
:
166 report_type
= UHID_FEATURE_REPORT
;
168 case HID_OUTPUT_REPORT
:
169 report_type
= UHID_OUTPUT_REPORT
;
171 case HID_INPUT_REPORT
:
172 report_type
= UHID_INPUT_REPORT
;
178 ret
= mutex_lock_interruptible(&uhid
->report_lock
);
182 ev
= kzalloc(sizeof(*ev
), GFP_KERNEL
);
188 spin_lock_irqsave(&uhid
->qlock
, flags
);
189 ev
->type
= UHID_FEATURE
;
190 ev
->u
.feature
.id
= atomic_inc_return(&uhid
->report_id
);
191 ev
->u
.feature
.rnum
= rnum
;
192 ev
->u
.feature
.rtype
= report_type
;
194 atomic_set(&uhid
->report_done
, 0);
195 uhid_queue(uhid
, ev
);
196 spin_unlock_irqrestore(&uhid
->qlock
, flags
);
198 ret
= wait_event_interruptible_timeout(uhid
->report_wait
,
199 atomic_read(&uhid
->report_done
), 5 * HZ
);
202 * Make sure "uhid->running" is cleared on shutdown before
203 * "uhid->report_done" is set.
206 if (!ret
|| !uhid
->running
) {
208 } else if (ret
< 0) {
211 spin_lock_irqsave(&uhid
->qlock
, flags
);
212 req
= &uhid
->report_buf
.u
.feature_answer
;
219 min_t(size_t, req
->size
, UHID_DATA_MAX
));
220 memcpy(buf
, req
->data
, len
);
223 spin_unlock_irqrestore(&uhid
->qlock
, flags
);
226 atomic_set(&uhid
->report_done
, 1);
229 mutex_unlock(&uhid
->report_lock
);
230 return ret
? ret
: len
;
233 static int uhid_hid_output_raw(struct hid_device
*hid
, __u8
*buf
, size_t count
,
234 unsigned char report_type
)
236 struct uhid_device
*uhid
= hid
->driver_data
;
239 struct uhid_event
*ev
;
241 switch (report_type
) {
242 case HID_FEATURE_REPORT
:
243 rtype
= UHID_FEATURE_REPORT
;
245 case HID_OUTPUT_REPORT
:
246 rtype
= UHID_OUTPUT_REPORT
;
252 if (count
< 1 || count
> UHID_DATA_MAX
)
255 ev
= kzalloc(sizeof(*ev
), GFP_KERNEL
);
259 ev
->type
= UHID_OUTPUT
;
260 ev
->u
.output
.size
= count
;
261 ev
->u
.output
.rtype
= rtype
;
262 memcpy(ev
->u
.output
.data
, buf
, count
);
264 spin_lock_irqsave(&uhid
->qlock
, flags
);
265 uhid_queue(uhid
, ev
);
266 spin_unlock_irqrestore(&uhid
->qlock
, flags
);
271 static struct hid_ll_driver uhid_hid_driver
= {
272 .start
= uhid_hid_start
,
273 .stop
= uhid_hid_stop
,
274 .open
= uhid_hid_open
,
275 .close
= uhid_hid_close
,
276 .hidinput_input_event
= uhid_hid_input
,
277 .parse
= uhid_hid_parse
,
282 /* Apparently we haven't stepped on these rakes enough times yet. */
283 struct uhid_create_req_compat
{
288 compat_uptr_t rd_data
;
296 } __attribute__((__packed__
));
298 static int uhid_event_from_user(const char __user
*buffer
, size_t len
,
299 struct uhid_event
*event
)
301 if (is_compat_task()) {
304 if (get_user(type
, buffer
))
307 if (type
== UHID_CREATE
) {
309 * This is our messed up request with compat pointer.
310 * It is largish (more than 256 bytes) so we better
311 * allocate it from the heap.
313 struct uhid_create_req_compat
*compat
;
315 compat
= kmalloc(sizeof(*compat
), GFP_KERNEL
);
319 buffer
+= sizeof(type
);
321 if (copy_from_user(compat
, buffer
,
322 min(len
, sizeof(*compat
)))) {
327 /* Shuffle the data over to proper structure */
330 memcpy(event
->u
.create
.name
, compat
->name
,
331 sizeof(compat
->name
));
332 memcpy(event
->u
.create
.phys
, compat
->phys
,
333 sizeof(compat
->phys
));
334 memcpy(event
->u
.create
.uniq
, compat
->uniq
,
335 sizeof(compat
->uniq
));
337 event
->u
.create
.rd_data
= compat_ptr(compat
->rd_data
);
338 event
->u
.create
.rd_size
= compat
->rd_size
;
340 event
->u
.create
.bus
= compat
->bus
;
341 event
->u
.create
.vendor
= compat
->vendor
;
342 event
->u
.create
.product
= compat
->product
;
343 event
->u
.create
.version
= compat
->version
;
344 event
->u
.create
.country
= compat
->country
;
349 /* All others can be copied directly */
352 if (copy_from_user(event
, buffer
, min(len
, sizeof(*event
))))
358 static int uhid_event_from_user(const char __user
*buffer
, size_t len
,
359 struct uhid_event
*event
)
361 if (copy_from_user(event
, buffer
, min(len
, sizeof(*event
))))
368 static int uhid_dev_create(struct uhid_device
*uhid
,
369 const struct uhid_event
*ev
)
371 struct hid_device
*hid
;
377 uhid
->rd_size
= ev
->u
.create
.rd_size
;
378 if (uhid
->rd_size
<= 0 || uhid
->rd_size
> HID_MAX_DESCRIPTOR_SIZE
)
381 uhid
->rd_data
= kmalloc(uhid
->rd_size
, GFP_KERNEL
);
385 if (copy_from_user(uhid
->rd_data
, ev
->u
.create
.rd_data
,
391 hid
= hid_allocate_device();
397 strncpy(hid
->name
, ev
->u
.create
.name
, 127);
399 strncpy(hid
->phys
, ev
->u
.create
.phys
, 63);
401 strncpy(hid
->uniq
, ev
->u
.create
.uniq
, 63);
404 hid
->ll_driver
= &uhid_hid_driver
;
405 hid
->hid_get_raw_report
= uhid_hid_get_raw
;
406 hid
->hid_output_raw_report
= uhid_hid_output_raw
;
407 hid
->bus
= ev
->u
.create
.bus
;
408 hid
->vendor
= ev
->u
.create
.vendor
;
409 hid
->product
= ev
->u
.create
.product
;
410 hid
->version
= ev
->u
.create
.version
;
411 hid
->country
= ev
->u
.create
.country
;
412 hid
->driver_data
= uhid
;
413 hid
->dev
.parent
= uhid_misc
.this_device
;
416 uhid
->running
= true;
418 ret
= hid_add_device(hid
);
420 hid_err(hid
, "Cannot register HID device\n");
427 hid_destroy_device(hid
);
429 uhid
->running
= false;
431 kfree(uhid
->rd_data
);
435 static int uhid_dev_destroy(struct uhid_device
*uhid
)
440 /* clear "running" before setting "report_done" */
441 uhid
->running
= false;
443 atomic_set(&uhid
->report_done
, 1);
444 wake_up_interruptible(&uhid
->report_wait
);
446 hid_destroy_device(uhid
->hid
);
447 kfree(uhid
->rd_data
);
452 static int uhid_dev_input(struct uhid_device
*uhid
, struct uhid_event
*ev
)
457 hid_input_report(uhid
->hid
, HID_INPUT_REPORT
, ev
->u
.input
.data
,
458 min_t(size_t, ev
->u
.input
.size
, UHID_DATA_MAX
), 0);
463 static int uhid_dev_feature_answer(struct uhid_device
*uhid
,
464 struct uhid_event
*ev
)
471 spin_lock_irqsave(&uhid
->qlock
, flags
);
473 /* id for old report; drop it silently */
474 if (atomic_read(&uhid
->report_id
) != ev
->u
.feature_answer
.id
)
476 if (atomic_read(&uhid
->report_done
))
479 memcpy(&uhid
->report_buf
, ev
, sizeof(*ev
));
480 atomic_set(&uhid
->report_done
, 1);
481 wake_up_interruptible(&uhid
->report_wait
);
484 spin_unlock_irqrestore(&uhid
->qlock
, flags
);
488 static int uhid_char_open(struct inode
*inode
, struct file
*file
)
490 struct uhid_device
*uhid
;
492 uhid
= kzalloc(sizeof(*uhid
), GFP_KERNEL
);
496 mutex_init(&uhid
->devlock
);
497 mutex_init(&uhid
->report_lock
);
498 spin_lock_init(&uhid
->qlock
);
499 init_waitqueue_head(&uhid
->waitq
);
500 init_waitqueue_head(&uhid
->report_wait
);
501 uhid
->running
= false;
502 atomic_set(&uhid
->report_done
, 1);
504 file
->private_data
= uhid
;
505 nonseekable_open(inode
, file
);
510 static int uhid_char_release(struct inode
*inode
, struct file
*file
)
512 struct uhid_device
*uhid
= file
->private_data
;
515 uhid_dev_destroy(uhid
);
517 for (i
= 0; i
< UHID_BUFSIZE
; ++i
)
518 kfree(uhid
->outq
[i
]);
525 static ssize_t
uhid_char_read(struct file
*file
, char __user
*buffer
,
526 size_t count
, loff_t
*ppos
)
528 struct uhid_device
*uhid
= file
->private_data
;
533 /* they need at least the "type" member of uhid_event */
534 if (count
< sizeof(__u32
))
538 if (file
->f_flags
& O_NONBLOCK
) {
539 if (uhid
->head
== uhid
->tail
)
542 ret
= wait_event_interruptible(uhid
->waitq
,
543 uhid
->head
!= uhid
->tail
);
548 ret
= mutex_lock_interruptible(&uhid
->devlock
);
552 if (uhid
->head
== uhid
->tail
) {
553 mutex_unlock(&uhid
->devlock
);
556 len
= min(count
, sizeof(**uhid
->outq
));
557 if (copy_to_user(buffer
, uhid
->outq
[uhid
->tail
], len
)) {
560 kfree(uhid
->outq
[uhid
->tail
]);
561 uhid
->outq
[uhid
->tail
] = NULL
;
563 spin_lock_irqsave(&uhid
->qlock
, flags
);
564 uhid
->tail
= (uhid
->tail
+ 1) % UHID_BUFSIZE
;
565 spin_unlock_irqrestore(&uhid
->qlock
, flags
);
569 mutex_unlock(&uhid
->devlock
);
570 return ret
? ret
: len
;
573 static ssize_t
uhid_char_write(struct file
*file
, const char __user
*buffer
,
574 size_t count
, loff_t
*ppos
)
576 struct uhid_device
*uhid
= file
->private_data
;
580 /* we need at least the "type" member of uhid_event */
581 if (count
< sizeof(__u32
))
584 ret
= mutex_lock_interruptible(&uhid
->devlock
);
588 memset(&uhid
->input_buf
, 0, sizeof(uhid
->input_buf
));
589 len
= min(count
, sizeof(uhid
->input_buf
));
591 ret
= uhid_event_from_user(buffer
, len
, &uhid
->input_buf
);
595 switch (uhid
->input_buf
.type
) {
597 ret
= uhid_dev_create(uhid
, &uhid
->input_buf
);
600 ret
= uhid_dev_destroy(uhid
);
603 ret
= uhid_dev_input(uhid
, &uhid
->input_buf
);
605 case UHID_FEATURE_ANSWER
:
606 ret
= uhid_dev_feature_answer(uhid
, &uhid
->input_buf
);
613 mutex_unlock(&uhid
->devlock
);
615 /* return "count" not "len" to not confuse the caller */
616 return ret
? ret
: count
;
619 static unsigned int uhid_char_poll(struct file
*file
, poll_table
*wait
)
621 struct uhid_device
*uhid
= file
->private_data
;
623 poll_wait(file
, &uhid
->waitq
, wait
);
625 if (uhid
->head
!= uhid
->tail
)
626 return POLLIN
| POLLRDNORM
;
631 static const struct file_operations uhid_fops
= {
632 .owner
= THIS_MODULE
,
633 .open
= uhid_char_open
,
634 .release
= uhid_char_release
,
635 .read
= uhid_char_read
,
636 .write
= uhid_char_write
,
637 .poll
= uhid_char_poll
,
641 static struct miscdevice uhid_misc
= {
643 .minor
= MISC_DYNAMIC_MINOR
,
647 static int __init
uhid_init(void)
649 return misc_register(&uhid_misc
);
652 static void __exit
uhid_exit(void)
654 misc_deregister(&uhid_misc
);
657 module_init(uhid_init
);
658 module_exit(uhid_exit
);
659 MODULE_LICENSE("GPL");
660 MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>");
661 MODULE_DESCRIPTION("User-space I/O driver support for HID subsystem");
