On Fri, Mar 18, 2022 at 10:19 PM Song Liu song@kernel.org wrote:
On Fri, Mar 18, 2022 at 9:18 AM Benjamin Tissoires benjamin.tissoires@redhat.com wrote:
When we process an incoming HID report, it is common to have to account for fields that are not aligned in the report. HID is using 2 helpers hid_field_extract() and implement() to pick up any data at any offset within the report.
Export those 2 helpers in BPF programs so users can also rely on them. The second net worth advantage of those helpers is that now we can fetch data anywhere in the report without knowing at compile time the location of it. The boundary checks are done in hid-bpf.c, to prevent a memory leak.
The third exported helper allows to communicate with the HID device. We give a data buffer, and call either HID_GET_REPORT or HID_SET_REPORT on the device.
Signed-off-by: Benjamin Tissoires benjamin.tissoires@redhat.com
changes in v3:
- renamed hid_{get|set}_data into hid_{get|set}_bits
- squashed with bpf/hid: add bpf_hid_raw_request helper function
changes in v2:
- split the patch with libbpf and HID left outside.
include/linux/bpf-hid.h | 6 +++ include/uapi/linux/bpf.h | 36 +++++++++++++++++ kernel/bpf/hid.c | 73 ++++++++++++++++++++++++++++++++++ tools/include/uapi/linux/bpf.h | 36 +++++++++++++++++ 4 files changed, 151 insertions(+)
diff --git a/include/linux/bpf-hid.h b/include/linux/bpf-hid.h index 7f596554fe8c..82b7466b5008 100644 --- a/include/linux/bpf-hid.h +++ b/include/linux/bpf-hid.h @@ -102,6 +102,12 @@ struct bpf_hid_hooks { int (*pre_link_attach)(struct hid_device *hdev, enum bpf_hid_attach_type type); void (*post_link_attach)(struct hid_device *hdev, enum bpf_hid_attach_type type); void (*array_detach)(struct hid_device *hdev, enum bpf_hid_attach_type type);
int (*hid_get_bits)(struct hid_device *hdev, u8 *buf, size_t buf_size,u64 offset, u32 n, u32 *data);int (*hid_set_bits)(struct hid_device *hdev, u8 *buf, size_t buf_size,u64 offset, u32 n, u32 data);int (*hid_raw_request)(struct hid_device *hdev, u8 *buf, size_t size,u8 rtype, u8 reqtype);};
#ifdef CONFIG_BPF diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index 0e8438e93768..41ab1d068369 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -5155,6 +5155,39 @@ union bpf_attr {
by a call to bpf_hid_discard;ReturnThe pointer to the data. On error, a null value is returned.
- int bpf_hid_get_bits(void *ctx, u64 offset, u32 n, u32 *data)
Description
Get the data of size n (in bits) at the given offset (bits) in the
ctx->event.data field and store it into data.
n must be less or equal than 32, and we can address with bit
precision the value in the buffer. data must be a pointer
to a u32.
Return
The length of data copied into data. On error, a negative value
is returned.
- int bpf_hid_set_bits(void *ctx, u64 offset, u32 n, u32 data)
Description
Set the data of size n (in bits) at the given offset (bits) in the
ctx->event.data field.
n must be less or equal than 32, and we can address with bit
precision the value in the buffer.
Return
The length of data copied into ctx->event.data. On error, a negative
value is returned.
Please use annotations like *offset*.
Ack
- int bpf_hid_raw_request(void *ctx, void *buf, u64 size, u8 report_type, u8 request_type)
Description
communicate with the HID device
report_type is one of HID_INPUT_REPORT, HID_OUTPUT_REPORT, HID_FEATURE_REPORT
request_type is one of HID_REQ_SET_REPORT or HID_REQ_GET_REPORT
Return
0 on success.*/
negative value on error.#define __BPF_FUNC_MAPPER(FN) \ FN(unspec), \ @@ -5352,6 +5385,9 @@ union bpf_attr { FN(skb_set_tstamp), \ FN(ima_file_hash), \ FN(hid_get_data), \
FN(hid_get_bits), \FN(hid_set_bits), \FN(hid_raw_request), \ /* *//* integer value in 'imm' field of BPF_CALL instruction selects which helper diff --git a/kernel/bpf/hid.c b/kernel/bpf/hid.c index 2dfeaaa8a83f..30a62e8e0f0a 100644 --- a/kernel/bpf/hid.c +++ b/kernel/bpf/hid.c @@ -66,12 +66,85 @@ static const struct bpf_func_proto bpf_hid_get_data_proto = { .arg3_type = ARG_CONST_ALLOC_SIZE_OR_ZERO, };
+BPF_CALL_4(bpf_hid_get_bits, struct hid_bpf_ctx_kern*, ctx, u64, offset, u32, n, u32*, data) +{
if (!hid_hooks.hid_get_bits)return -EOPNOTSUPP;Shall we also check offset and n are valid here?
I've decided to put these tests in the HID code. The argument being that HID knows about the context and what is put where, when the BPF part is just the stub.
[few seconds later]
... and probably not a good answer because the line below has ctx->data and allocated_size.
I can easily change that in v4 (same for bpf_hid_set_bits).
return hid_hooks.hid_get_bits(ctx->hdev,ctx->data,ctx->allocated_size,offset, n,data);+}
+static const struct bpf_func_proto bpf_hid_get_bits_proto = {
.func = bpf_hid_get_bits,.gpl_only = true,.ret_type = RET_INTEGER,.arg1_type = ARG_PTR_TO_CTX,.arg2_type = ARG_ANYTHING,.arg3_type = ARG_ANYTHING,.arg4_type = ARG_PTR_TO_INT,+};
+BPF_CALL_4(bpf_hid_set_bits, struct hid_bpf_ctx_kern*, ctx, u64, offset, u32, n, u32, data) +{
if (!hid_hooks.hid_set_bits)return -EOPNOTSUPP;hid_hooks.hid_set_bits(ctx->hdev,ctx->data,ctx->allocated_size,offset, n,data);return 0;+}
+static const struct bpf_func_proto bpf_hid_set_bits_proto = {
.func = bpf_hid_set_bits,.gpl_only = true,.ret_type = RET_INTEGER,.arg1_type = ARG_PTR_TO_CTX,.arg2_type = ARG_ANYTHING,.arg3_type = ARG_ANYTHING,.arg4_type = ARG_ANYTHING,+};
+BPF_CALL_5(bpf_hid_raw_request, struct hid_bpf_ctx_kern*, ctx, void*, buf, u64, size,
u8, report_type, u8, request_type)+{
if (!hid_hooks.hid_raw_request)return -EOPNOTSUPP;return hid_hooks.hid_raw_request(ctx->hdev, buf, size, report_type, request_type);+}
+static const struct bpf_func_proto bpf_hid_raw_request_proto = {
.func = bpf_hid_raw_request,.gpl_only = true, /* hid_raw_request is EXPORT_SYMBOL_GPL */.ret_type = RET_INTEGER,.arg1_type = ARG_PTR_TO_CTX,.arg2_type = ARG_PTR_TO_MEM,.arg3_type = ARG_CONST_SIZE_OR_ZERO,.arg4_type = ARG_ANYTHING,.arg5_type = ARG_ANYTHING,+};
static const struct bpf_func_proto * hid_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) { switch (func_id) { case BPF_FUNC_hid_get_data: return &bpf_hid_get_data_proto;
case BPF_FUNC_hid_get_bits:return &bpf_hid_get_bits_proto;case BPF_FUNC_hid_set_bits:return &bpf_hid_set_bits_proto;case BPF_FUNC_hid_raw_request:if (prog->expected_attach_type != BPF_HID_DEVICE_EVENT)return &bpf_hid_raw_request_proto;return NULL; default: return bpf_base_func_proto(func_id); }diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h index 0e8438e93768..41ab1d068369 100644 --- a/tools/include/uapi/linux/bpf.h +++ b/tools/include/uapi/linux/bpf.h @@ -5155,6 +5155,39 @@ union bpf_attr {
by a call to bpf_hid_discard;ReturnThe pointer to the data. On error, a null value is returned.
- int bpf_hid_get_bits(void *ctx, u64 offset, u32 n, u32 *data)
Description
Get the data of size n (in bits) at the given offset (bits) in the
ctx->event.data field and store it into data.
n must be less or equal than 32, and we can address with bit
precision the value in the buffer. data must be a pointer
to a u32.
Return
The length of data copied into data. On error, a negative value
is returned.
- int bpf_hid_set_bits(void *ctx, u64 offset, u32 n, u32 data)
Description
Set the data of size n (in bits) at the given offset (bits) in the
ctx->event.data field.
n must be less or equal than 32, and we can address with bit
precision the value in the buffer.
Return
The length of data copied into ctx->event.data. On error, a negative
value is returned.
- int bpf_hid_raw_request(void *ctx, void *buf, u64 size, u8 report_type, u8 request_type)
Description
communicate with the HID device
report_type is one of HID_INPUT_REPORT, HID_OUTPUT_REPORT, HID_FEATURE_REPORT
request_type is one of HID_REQ_SET_REPORT or HID_REQ_GET_REPORT
Return
0 on success.*/
negative value on error.#define __BPF_FUNC_MAPPER(FN) \ FN(unspec), \ @@ -5352,6 +5385,9 @@ union bpf_attr { FN(skb_set_tstamp), \ FN(ima_file_hash), \ FN(hid_get_data), \
FN(hid_get_bits), \FN(hid_set_bits), \FN(hid_raw_request), \ /* *//* integer value in 'imm' field of BPF_CALL instruction selects which helper
2.35.1