// SPDX-License-Identifier: GPL-2.0
/* Copyright (c) 2022 Red hat */
#include "hid_bpf_helpers.h"
char _license[] SEC("license") = "GPL";
struct attach_prog_args {
int prog_fd;
unsigned int hid;
int retval;
int insert_head;
};
__u64 callback_check = 52;
__u64 callback2_check = 52;
SEC("?struct_ops/hid_device_event")
int BPF_PROG(hid_first_event, struct hid_bpf_ctx *hid_ctx, enum hid_report_type type)
{
__u8 *rw_data = hid_bpf_get_data(hid_ctx, 0 /* offset */, 3 /* size */);
if (!rw_data)
return 0; /* EPERM check */
callback_check = rw_data[1];
rw_data[2] = rw_data[1] + 5;
return hid_ctx->size;
}
SEC(".struct_ops.link")
struct hid_bpf_ops first_event = {
.hid_device_event = (void *)hid_first_event,
.hid_id = 2,
};
int __hid_subprog_first_event(struct hid_bpf_ctx *hid_ctx, enum hid_report_type type)
{
__u8 *rw_data = hid_bpf_get_data(hid_ctx, 0 /* offset */, 3 /* size */);
if (!rw_data)
return 0; /* EPERM check */
rw_data[2] = rw_data[1] + 5;
return hid_ctx->size;
}
SEC("?struct_ops/hid_device_event")
int BPF_PROG(hid_subprog_first_event, struct hid_bpf_ctx *hid_ctx, enum hid_report_type type)
{
return __hid_subprog_first_event(hid_ctx, type);
}
SEC(".struct_ops.link")
struct hid_bpf_ops subprog_first_event = {
.hid_device_event = (void *)hid_subprog_first_event,
.hid_id = 2,
};
SEC("?struct_ops/hid_device_event")
int BPF_PROG(hid_second_event, struct hid_bpf_ctx *hid_ctx, enum hid_report_type type)
{
__u8 *rw_data = hid_bpf_get_data(hid_ctx, 0 /* offset */, 4 /* size */);
if (!rw_data)
return 0; /* EPERM check */
rw_data[3] = rw_data[2] + 5;
return hid_ctx->size;
}
SEC(".struct_ops.link")
struct hid_bpf_ops second_event = {
.hid_device_event = (void *)hid_second_event,
};
SEC("?struct_ops/hid_device_event")
int BPF_PROG(hid_change_report_id, struct hid_bpf_ctx *hid_ctx, enum hid_report_type type)
{
__u8 *rw_data = hid_bpf_get_data(hid_ctx, 0 /* offset */, 3 /* size */);
if (!rw_data)
return 0; /* EPERM check */
rw_data[0] = 2;
return 9;
}
SEC(".struct_ops.link")
struct hid_bpf_ops change_report_id = {
.hid_device_event = (void *)hid_change_report_id,
};
struct hid_hw_request_syscall_args {
/* data needs to come at offset 0 so we can use it in calls */
__u8 data[10];
unsigned int hid;
int retval;
size_t size;
enum hid_report_type type;
__u8 request_type;
};
SEC("syscall")
int hid_user_raw_request(struct hid_hw_request_syscall_args *args)
{
struct hid_bpf_ctx *ctx;
const size_t size = args->size;
int i, ret = 0;
if (size > sizeof(args->data))
return -7; /* -E2BIG */
ctx = hid_bpf_allocate_context(args->hid);
if (!ctx)
return -1; /* EPERM check */
ret = hid_bpf_hw_request(ctx,
args->data,
size,
args->type,
args->request_type);
args->retval = ret;
hid_bpf_release_context(ctx);
return 0;
}
SEC("syscall")
int hid_user_output_report(struct hid_hw_request_syscall_args *args)
{
struct hid_bpf_ctx *ctx;
const size_t size = args->size;
int i, ret = 0;
if (size > sizeof(args->data))
return -7; /* -E2BIG */
ctx = hid_bpf_allocate_context(args->hid);
if (!ctx)
return -1; /* EPERM check */
ret = hid_bpf_hw_output_report(ctx,
args->data,
size);
args->retval = ret;
hid_bpf_release_context(ctx);
return 0;
}
SEC("syscall")
int hid_user_input_report(struct hid_hw_request_syscall_args *args)
{
struct hid_bpf_ctx *ctx;
const size_t size = args->size;
int i, ret = 0;
if (size > sizeof(args->data))
return -7; /* -E2BIG */
ctx = hid_bpf_allocate_context(args->hid);
if (!ctx)
return -1; /* EPERM check */
ret = hid_bpf_input_report(ctx, HID_INPUT_REPORT, args->data, size);
args->retval = ret;
hid_bpf_release_context(ctx);
return 0;
}
static const __u8 rdesc[] = {
0x05, 0x01, /* USAGE_PAGE (Generic Desktop) */
0x09, 0x32, /* USAGE (Z) */
0x95, 0x01, /* REPORT_COUNT (1) */
0x81, 0x06, /* INPUT (Data,Var,Rel) */
0x06, 0x00, 0xff, /* Usage Page (Vendor Defined Page 1) */
0x19, 0x01, /* USAGE_MINIMUM (1) */
0x29, 0x03, /* USAGE_MAXIMUM (3) */
0x15, 0x00, /* LOGICAL_MINIMUM (0) */
0x25, 0x01, /* LOGICAL_MAXIMUM (1) */
0x95, 0x03, /* REPORT_COUNT (3) */
0x75, 0x01, /* REPORT_SIZE (1) */
0x91, 0x02, /* Output (Data,Var,Abs) */
0x95, 0x01, /* REPORT_COUNT (1) */
0x75, 0x05, /* REPORT_SIZE (5) */
0x91, 0x01, /* Output (Cnst,Var,Abs) */
0x06, 0x00, 0xff, /* Usage Page (Vendor Defined Page 1) */
0x19, 0x06, /* USAGE_MINIMUM (6) */
0x29, 0x08, /* USAGE_MAXIMUM (8) */
0x15, 0x00, /* LOGICAL_MINIMUM (0) */
0x25, 0x01, /* LOGICAL_MAXIMUM (1) */
0x95, 0x03, /* REPORT_COUNT (3) */
0x75, 0x01, /* REPORT_SIZE (1) */
0xb1, 0x02, /* Feature (Data,Var,Abs) */
0x95, 0x01, /* REPORT_COUNT (1) */
0x75, 0x05, /* REPORT_SIZE (5) */
0x91, 0x01, /* Output (Cnst,Var,Abs) */
0xc0, /* END_COLLECTION */
0xc0, /* END_COLLECTION */
};
/*
* the following program is marked as sleepable (struct_ops.s).
* This is not strictly mandatory but is a nice test for
* sleepable struct_ops
*/
SEC("?struct_ops.s/hid_rdesc_fixup")
int BPF_PROG(hid_rdesc_fixup, struct hid_bpf_ctx *hid_ctx)
{
__u8 *data = hid_bpf_get_data(hid_ctx, 0 /* offset */, 4096 /* size */);
if (!data)
return 0; /* EPERM check */
callback2_check = data[4];
/* insert rdesc at offset 73 */
__builtin_memcpy(&data[73], rdesc, sizeof(rdesc));
/* Change Usage Vendor globally */
data[4] = 0x42;
return sizeof(rdesc) + 73;
}
SEC(".struct_ops.link")
struct hid_bpf_ops rdesc_fixup = {
.hid_rdesc_fixup = (void *)hid_rdesc_fixup,
};
SEC("?struct_ops/hid_device_event")
int BPF_PROG(hid_test_insert1, struct hid_bpf_ctx *hid_ctx, enum hid_report_type type)
{
__u8 *data = hid_bpf_get_data(hid_ctx, 0 /* offset */, 4 /* size */);
if (!data)
return 0; /* EPERM check */
/* we need to be run first */
if (data[2] || data[3])
return -1;
data[1] = 1;
return 0;
}
SEC(".struct_ops.link")
struct hid_bpf_ops test_insert1 = {
.hid_device_event = (void *)hid_test_insert1,
.flags = BPF_F_BEFORE,
};
SEC("?struct_ops/hid_device_event")
int BPF_PROG(hid_test_insert2, struct hid_bpf_ctx *hid_ctx, enum hid_report_type type)
{
__u8 *data = hid_bpf_get_data(hid_ctx, 0 /* offset */, 4 /* size */);
if (!data)
return 0; /* EPERM check */
/* after insert0 and before insert2 */
if (!data[1] || data[3])
return -1;
data[2] = 2;
return 0;
}
SEC(".struct_ops.link")
struct hid_bpf_ops test_insert2 = {
.hid_device_event = (void *)hid_test_insert2,
};
SEC("?struct_ops/hid_device_event")
int BPF_PROG(hid_test_insert3, struct hid_bpf_ctx *hid_ctx, enum hid_report_type type)
{
__u8 *data = hid_bpf_get_data(hid_ctx, 0 /* offset */, 4 /* size */);
if (!data)
return 0; /* EPERM check */
/* at the end */
if (!data[1] || !data[2])
return -1;
data[3] = 3;
return 0;
}
SEC(".struct_ops.link")
struct hid_bpf_ops test_insert3 = {
.hid_device_event = (void *)hid_test_insert3,
};
SEC("?struct_ops/hid_hw_request")
int BPF_PROG(hid_test_filter_raw_request, struct hid_bpf_ctx *hctx, unsigned char reportnum,
enum hid_report_type rtype, enum hid_class_request reqtype, __u64 source)
{
return -20;
}
SEC(".struct_ops.link")
struct hid_bpf_ops test_filter_raw_request = {
.hid_hw_request = (void *)hid_test_filter_raw_request,
};
static struct file *current_file;
SEC("fentry/hidraw_open")
int BPF_PROG(hidraw_open, struct inode *inode, struct file *file)
{
current_file = file;
return 0;
}
SEC("?struct_ops.s/hid_hw_request")
int BPF_PROG(hid_test_hidraw_raw_request, struct hid_bpf_ctx *hctx, unsigned char reportnum,
enum hid_report_type rtype, enum hid_class_request reqtype, __u64 source)
{
__u8 *data = hid_bpf_get_data(hctx, 0 /* offset */, 3 /* size */);
int ret;
if (!data)
return 0; /* EPERM check */
/* check if the incoming request comes from our hidraw operation */
if (source == (__u64)current_file) {
data[0] = reportnum;
ret = hid_bpf_hw_request(hctx, data, 2, rtype, reqtype);
if (ret != 2)
return -1;
data[0] = reportnum + 1;
data[1] = reportnum + 2;
data[2] = reportnum + 3;
return 3;
}
return 0;
}
SEC(".struct_ops.link")
struct hid_bpf_ops test_hidraw_raw_request = {
.hid_hw_request = (void *)hid_test_hidraw_raw_request,
};
SEC("?struct_ops.s/hid_hw_request")
int BPF_PROG(hid_test_infinite_loop_raw_request, struct hid_bpf_ctx *hctx, unsigned char reportnum,
enum hid_report_type rtype, enum hid_class_request reqtype, __u64 source)
{
__u8 *data = hid_bpf_get_data(hctx, 0 /* offset */, 3 /* size */);
int ret;
if (!data)
return 0; /* EPERM check */
/* always forward the request as-is to the device, hid-bpf should prevent
* infinite loops.
*/
data[0] = reportnum;
ret = hid_bpf_hw_request(hctx, data, 2, rtype, reqtype);
if (ret == 2)
return 3;
return 0;
}
SEC(".struct_ops.link")
struct hid_bpf_ops test_infinite_loop_raw_request = {
.hid_hw_request = (void *)hid_test_infinite_loop_raw_request,
};
SEC("?struct_ops/hid_hw_output_report")
int BPF_PROG(hid_test_filter_output_report, struct hid_bpf_ctx *hctx, unsigned char reportnum,
enum hid_report_type rtype, enum hid_class_request reqtype, __u64 source)
{
return -25;
}
SEC(".struct_ops.link")
struct hid_bpf_ops test_filter_output_report = {
.hid_hw_output_report = (void *)hid_test_filter_output_report,
};
SEC("?struct_ops.s/hid_hw_output_report")
int BPF_PROG(hid_test_hidraw_output_report, struct hid_bpf_ctx *hctx, __u64 source)
{
__u8 *data = hid_bpf_get_data(hctx, 0 /* offset */, 3 /* size */);
int ret;
if (!data)
return 0; /* EPERM check */
/* check if the incoming request comes from our hidraw operation */
if (source == (__u64)current_file)
return hid_bpf_hw_output_report(hctx, data, 2);
return 0;
}
SEC(".struct_ops.link")
struct hid_bpf_ops test_hidraw_output_report = {
.hid_hw_output_report = (void *)hid_test_hidraw_output_report,
};
SEC("?struct_ops.s/hid_hw_output_report")
int BPF_PROG(hid_test_infinite_loop_output_report, struct hid_bpf_ctx *hctx, __u64 source)
{
__u8 *data = hid_bpf_get_data(hctx, 0 /* offset */, 3 /* size */);
int ret;
if (!data)
return 0; /* EPERM check */
/* always forward the request as-is to the device, hid-bpf should prevent
* infinite loops.
*/
ret = hid_bpf_hw_output_report(hctx, data, 2);
if (ret == 2)
return 2;
return 0;
}
SEC(".struct_ops.link")
struct hid_bpf_ops test_infinite_loop_output_report = {
.hid_hw_output_report = (void *)hid_test_infinite_loop_output_report,
};
struct elem {
struct bpf_wq work;
};
struct {
__uint(type, BPF_MAP_TYPE_HASH);
__uint(max_entries, 1);
__type(key, int);
__type(value, struct elem);
} hmap SEC(".maps");
static int wq_cb_sleepable(void *map, int *key, void *work)
{
__u8 buf[9] = {2, 3, 4, 5, 6, 7, 8, 9, 10};
struct hid_bpf_ctx *hid_ctx;
hid_ctx = hid_bpf_allocate_context(*key);
if (!hid_ctx)
return 0; /* EPERM check */
hid_bpf_input_report(hid_ctx, HID_INPUT_REPORT, buf, sizeof(buf));
hid_bpf_release_context(hid_ctx);
return 0;
}
static int test_inject_input_report_callback(int *key)
{
struct elem init = {}, *val;
struct bpf_wq *wq;
if (bpf_map_update_elem(&hmap, key, &init, 0))
return -1;
val = bpf_map_lookup_elem(&hmap, key);
if (!val)
return -2;
wq = &val->work;
if (bpf_wq_init(wq, &hmap, 0) != 0)
return -3;
if (bpf_wq_set_callback(wq, wq_cb_sleepable, 0))
return -4;
if (bpf_wq_start(wq, 0))
return -5;
return 0;
}
SEC("?struct_ops/hid_device_event")
int BPF_PROG(hid_test_multiply_events_wq, struct hid_bpf_ctx *hid_ctx, enum hid_report_type type)
{
__u8 *data = hid_bpf_get_data(hid_ctx, 0 /* offset */, 9 /* size */);
int hid = hid_ctx->hid->id;
int ret;
if (!data)
return 0; /* EPERM check */
if (data[0] != 1)
return 0;
ret = test_inject_input_report_callback(&hid);
if (ret)
return ret;
data[1] += 5;
return 0;
}
SEC(".struct_ops.link")
struct hid_bpf_ops test_multiply_events_wq = {
.hid_device_event = (void *)hid_test_multiply_events_wq,
};
SEC("?struct_ops/hid_device_event")
int BPF_PROG(hid_test_multiply_events, struct hid_bpf_ctx *hid_ctx, enum hid_report_type type)
{
__u8 *data = hid_bpf_get_data(hid_ctx, 0 /* offset */, 9 /* size */);
__u8 buf[9];
int ret;
if (!data)
return 0; /* EPERM check */
if (data[0] != 1)
return 0;
/*
* we have to use an intermediate buffer as hid_bpf_input_report
* will memset data to \0
*/
__builtin_memcpy(buf, data, sizeof(buf));
buf[0] = 2;
buf[1] += 5;
ret = hid_bpf_try_input_report(hid_ctx, HID_INPUT_REPORT, buf, sizeof(buf));
if (ret < 0)
return ret;
/*
* In real world we should reset the original buffer as data might be garbage now,
* but it actually now has the content of 'buf'
*/
data[1] += 5;
return 9;
}
SEC(".struct_ops.link")
struct hid_bpf_ops test_multiply_events = {
.hid_device_event = (void *)hid_test_multiply_events,
};
SEC("?struct_ops/hid_device_event")
int BPF_PROG(hid_test_infinite_loop_input_report, struct hid_bpf_ctx *hctx,
enum hid_report_type report_type, __u64 source)
{
__u8 *data = hid_bpf_get_data(hctx, 0 /* offset */, 6 /* size */);
__u8 buf[6];
if (!data)
return 0; /* EPERM check */
/*
* we have to use an intermediate buffer as hid_bpf_input_report
* will memset data to \0
*/
__builtin_memcpy(buf, data, sizeof(buf));
/* always forward the request as-is to the device, hid-bpf should prevent
* infinite loops.
* the return value is ignored so the event is passing to userspace.
*/
hid_bpf_try_input_report(hctx, report_type, buf, sizeof(buf));
/* each time we process the event, we increment by one data[1]:
* after each successful call to hid_bpf_try_input_report, buf
* has been memcopied into data by the kernel.
*/
data[1] += 1;
return 0;
}
SEC(".struct_ops.link")
struct hid_bpf_ops test_infinite_loop_input_report = {
.hid_device_event = (void *)hid_test_infinite_loop_input_report,
};