[PATCH v2] HID: hidraw - add HIDIOCREVOKE ioctl

[PATCH v2] HID: hidraw - add HIDIOCREVOKE ioctl

[Peter Hutterer]

There is a need for userspace applications to open HID devices directly.
Use-cases include configuration of gaming mice or direct access to
joystick devices. The latter is currently handled by the uaccess tag in
systemd, other devices include more custom/local configurations or just
sudo.

A better approach is what we already have for evdev devices: give the
application a file descriptor and revoke it when it may no longer access
that device.

This patch is the hidraw equivalent to the EVIOCREVOKE ioctl, see
commit c7dc65737c9a607d3e6f8478659876074ad129b8 for full details.

An MR for systemd-logind has been filed here:
https://github.com/systemd/systemd/pull/33970

hidraw_is_revoked() and hidraw_open_errno() are both defined as weak
functions to allow for a BPF program to deny access to a /dev/hidraw
device. The functions return 0 on success or a negative errno
otherwise that is returned to the caller.

As a use-case example, a gamepad-managing process could attach a BPF
program that defaults to -EACCESS for all hidraw devices except those
with ID_INPUT_JOYSTICK set by udev.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---
First version of the patch:
https://patchwork.kernel.org/project/linux-input/patch/YmEAPZKDisM2HAsG@quokka/

Changes to v1:
- add the hidraw_is_revoked and hidraw_open_errno weak functions as
  suggested by Benjamin

 drivers/hid/hidraw.c        | 52 +++++++++++++++++++++++++++++++++----
 include/linux/hidraw.h      |  1 +
 include/uapi/linux/hidraw.h |  1 +
 3 files changed, 49 insertions(+), 5 deletions(-)

diff --git ./drivers/hid/hidraw.c ../drivers/hid/hidraw.c
index 2bc762d31ac7..a9c68448cb20 100644
--- ./drivers/hid/hidraw.c
+++ ../drivers/hid/hidraw.c
@@ -38,12 +38,27 @@ static const struct class hidraw_class = {
 static struct hidraw *hidraw_table[HIDRAW_MAX_DEVICES];
 static DECLARE_RWSEM(minors_rwsem);
 
+__weak noinline bool hidraw_is_revoked(struct hidraw_list *list)
+{
+	return list->revoked;
+}
+ALLOW_ERROR_INJECTION(hidraw_is_revoked, TRUE);
+
+__weak noinline int hidraw_open_errno(__u32 major, __u32 minor)
+{
+	return 0;
+}
+ALLOW_ERROR_INJECTION(hidraw_open_errno, ERRNO);
+
 static ssize_t hidraw_read(struct file *file, char __user *buffer, size_t count, loff_t *ppos)
 {
 	struct hidraw_list *list = file->private_data;
 	int ret = 0, len;
 	DECLARE_WAITQUEUE(wait, current);
 
+	if (hidraw_is_revoked(list))
+		return -ENODEV;
+
 	mutex_lock(&list->read_mutex);
 
 	while (ret == 0) {
@@ -161,9 +176,13 @@ static ssize_t hidraw_send_report(struct file *file, const char __user *buffer,
 
 static ssize_t hidraw_write(struct file *file, const char __user *buffer, size_t count, loff_t *ppos)
 {
+	struct hidraw_list *list = file->private_data;
 	ssize_t ret;
 	down_read(&minors_rwsem);
-	ret = hidraw_send_report(file, buffer, count, HID_OUTPUT_REPORT);
+	if (hidraw_is_revoked(list))
+		ret = -ENODEV;
+	else
+		ret = hidraw_send_report(file, buffer, count, HID_OUTPUT_REPORT);
 	up_read(&minors_rwsem);
 	return ret;
 }
@@ -256,7 +275,7 @@ static __poll_t hidraw_poll(struct file *file, poll_table *wait)
 	poll_wait(file, &list->hidraw->wait, wait);
 	if (list->head != list->tail)
 		mask |= EPOLLIN | EPOLLRDNORM;
-	if (!list->hidraw->exist)
+	if (!list->hidraw->exist || hidraw_is_revoked(list))
 		mask |= EPOLLERR | EPOLLHUP;
 	return mask;
 }
@@ -267,7 +286,11 @@ static int hidraw_open(struct inode *inode, struct file *file)
 	struct hidraw *dev;
 	struct hidraw_list *list;
 	unsigned long flags;
-	int err = 0;
+	int err;
+
+	err = hidraw_open_errno(hidraw_major, minor);
+	if (err < 0)
+		return err;
 
 	if (!(list = kzalloc(sizeof(struct hidraw_list), GFP_KERNEL))) {
 		err = -ENOMEM;
@@ -320,6 +343,9 @@ static int hidraw_fasync(int fd, struct file *file, int on)
 {
 	struct hidraw_list *list = file->private_data;
 
+	if (hidraw_is_revoked(list))
+		return -ENODEV;
+
 	return fasync_helper(fd, file, on, &list->fasync);
 }
 
@@ -372,6 +398,13 @@ static int hidraw_release(struct inode * inode, struct file * file)
 	return 0;
 }
 
+static int hidraw_revoke(struct hidraw_list *list)
+{
+	list->revoked = true;
+
+	return 0;
+}
+
 static long hidraw_ioctl(struct file *file, unsigned int cmd,
 							unsigned long arg)
 {
@@ -379,11 +412,12 @@ static long hidraw_ioctl(struct file *file, unsigned int cmd,
 	unsigned int minor = iminor(inode);
 	long ret = 0;
 	struct hidraw *dev;
+	struct hidraw_list *list = file->private_data;
 	void __user *user_arg = (void __user*) arg;
 
 	down_read(&minors_rwsem);
 	dev = hidraw_table[minor];
-	if (!dev || !dev->exist) {
+	if (!dev || !dev->exist || hidraw_is_revoked(list)) {
 		ret = -ENODEV;
 		goto out;
 	}
@@ -421,6 +455,14 @@ static long hidraw_ioctl(struct file *file, unsigned int cmd,
 					ret = -EFAULT;
 				break;
 			}
+		case HIDIOCREVOKE:
+			{
+				if (user_arg)
+					ret = -EINVAL;
+				else
+					ret = hidraw_revoke(list);
+				break;
+			}
 		default:
 			{
 				struct hid_device *hid = dev->hid;
@@ -527,7 +569,7 @@ int hidraw_report_event(struct hid_device *hid, u8 *data, int len)
 	list_for_each_entry(list, &dev->list, node) {
 		int new_head = (list->head + 1) & (HIDRAW_BUFFER_SIZE - 1);
 
-		if (new_head == list->tail)
+		if (hidraw_is_revoked(list) || new_head == list->tail)
 			continue;
 
 		if (!(list->buffer[list->head].value = kmemdup(data, len, GFP_ATOMIC))) {
diff --git ./include/linux/hidraw.h ../include/linux/hidraw.h
index cd67f4ca5599..18fd30a288de 100644
--- ./include/linux/hidraw.h
+++ ../include/linux/hidraw.h
@@ -32,6 +32,7 @@ struct hidraw_list {
 	struct hidraw *hidraw;
 	struct list_head node;
 	struct mutex read_mutex;
+	bool revoked;
 };
 
 #ifdef CONFIG_HIDRAW
diff --git ./include/uapi/linux/hidraw.h ../include/uapi/linux/hidraw.h
index 33ebad81720a..d0563f251da5 100644
--- ./include/uapi/linux/hidraw.h
+++ ../include/uapi/linux/hidraw.h
@@ -46,6 +46,7 @@ struct hidraw_devinfo {
 /* The first byte of SOUTPUT and GOUTPUT is the report number */
 #define HIDIOCSOUTPUT(len)    _IOC(_IOC_WRITE|_IOC_READ, 'H', 0x0B, len)
 #define HIDIOCGOUTPUT(len)    _IOC(_IOC_WRITE|_IOC_READ, 'H', 0x0C, len)
+#define HIDIOCREVOKE	_IOW('H', 0x0D, int) /* Revoke device access */
 
 #define HIDRAW_FIRST_MINOR 0
 #define HIDRAW_MAX_DEVICES 64
-- 
2.45.2

Re: [PATCH v2] HID: hidraw - add HIDIOCREVOKE ioctl

[kernel test robot]

Hi Peter,

kernel test robot noticed the following build warnings:

[auto build test WARNING on hid/for-next]
[also build test WARNING on linus/master v6.11-rc2 next-20240809]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Peter-Hutterer/HID-hidraw-add-HIDIOCREVOKE-ioctl/20240809-202833
base:   https://git.kernel.org/pub/scm/linux/kernel/git/hid/hid.git for-next
patch link:    https://lore.kernel.org/r/20240809100342.GA52163%40quokka
patch subject: [PATCH v2] HID: hidraw - add HIDIOCREVOKE ioctl
config: i386-randconfig-052-20240809 (https://download.01.org/0day-ci/archive/20240810/202408100004.Lp6vMaKd-lkp@intel.com/config)
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240810/202408100004.Lp6vMaKd-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202408100004.Lp6vMaKd-lkp@intel.com/

All warnings (new ones prefixed by >>):

>> drivers/hid/hidraw.c:41:22: warning: no previous prototype for 'hidraw_is_revoked' [-Wmissing-prototypes]
      41 | __weak noinline bool hidraw_is_revoked(struct hidraw_list *list)
         |                      ^~~~~~~~~~~~~~~~~
>> drivers/hid/hidraw.c:47:21: warning: no previous prototype for 'hidraw_open_errno' [-Wmissing-prototypes]
      47 | __weak noinline int hidraw_open_errno(__u32 major, __u32 minor)
         |                     ^~~~~~~~~~~~~~~~~


vim +/hidraw_is_revoked +41 drivers/hid/hidraw.c

    40	
  > 41	__weak noinline bool hidraw_is_revoked(struct hidraw_list *list)
    42	{
    43		return list->revoked;
    44	}
    45	ALLOW_ERROR_INJECTION(hidraw_is_revoked, TRUE);
    46	
  > 47	__weak noinline int hidraw_open_errno(__u32 major, __u32 minor)
    48	{
    49		return 0;
    50	}
    51	ALLOW_ERROR_INJECTION(hidraw_open_errno, ERRNO);
    52	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Re: [PATCH v2] HID: hidraw - add HIDIOCREVOKE ioctl

[kernel test robot]

Hi Peter,

kernel test robot noticed the following build warnings:

[auto build test WARNING on hid/for-next]
[also build test WARNING on linus/master v6.11-rc2 next-20240809]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Peter-Hutterer/HID-hidraw-add-HIDIOCREVOKE-ioctl/20240809-202833
base:   https://git.kernel.org/pub/scm/linux/kernel/git/hid/hid.git for-next
patch link:    https://lore.kernel.org/r/20240809100342.GA52163%40quokka
patch subject: [PATCH v2] HID: hidraw - add HIDIOCREVOKE ioctl
config: x86_64-randconfig-102-20240809 (https://download.01.org/0day-ci/archive/20240810/202408101044.nmAzxQqQ-lkp@intel.com/config)
compiler: clang version 18.1.5 (https://github.com/llvm/llvm-project 617a15a9eac96088ae5e9134248d8236e34b91b1)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240810/202408101044.nmAzxQqQ-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202408101044.nmAzxQqQ-lkp@intel.com/

All warnings (new ones prefixed by >>):

>> drivers/hid/hidraw.c:41:22: warning: no previous prototype for function 'hidraw_is_revoked' [-Wmissing-prototypes]
      41 | __weak noinline bool hidraw_is_revoked(struct hidraw_list *list)
         |                      ^
   drivers/hid/hidraw.c:41:17: note: declare 'static' if the function is not intended to be used outside of this translation unit
      41 | __weak noinline bool hidraw_is_revoked(struct hidraw_list *list)
         |                 ^
         |                 static 
>> drivers/hid/hidraw.c:47:21: warning: no previous prototype for function 'hidraw_open_errno' [-Wmissing-prototypes]
      47 | __weak noinline int hidraw_open_errno(__u32 major, __u32 minor)
         |                     ^
   drivers/hid/hidraw.c:47:17: note: declare 'static' if the function is not intended to be used outside of this translation unit
      47 | __weak noinline int hidraw_open_errno(__u32 major, __u32 minor)
         |                 ^
         |                 static 
   2 warnings generated.


vim +/hidraw_is_revoked +41 drivers/hid/hidraw.c

    40	
  > 41	__weak noinline bool hidraw_is_revoked(struct hidraw_list *list)
    42	{
    43		return list->revoked;
    44	}
    45	ALLOW_ERROR_INJECTION(hidraw_is_revoked, TRUE);
    46	
  > 47	__weak noinline int hidraw_open_errno(__u32 major, __u32 minor)
    48	{
    49		return 0;
    50	}
    51	ALLOW_ERROR_INJECTION(hidraw_open_errno, ERRNO);
    52	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

[PATCH v3] HID: hidraw - add HIDIOCREVOKE ioctl

[Peter Hutterer]

There is a need for userspace applications to open HID devices directly.
Use-cases include configuration of gaming mice or direct access to
joystick devices. The latter is currently handled by the uaccess tag in
systemd, other devices include more custom/local configurations or just
sudo.

A better approach is what we already have for evdev devices: give the
application a file descriptor and revoke it when it may no longer access
that device.

This patch is the hidraw equivalent to the EVIOCREVOKE ioctl, see
commit c7dc65737c9a607d3e6f8478659876074ad129b8 for full details.

An MR for systemd-logind has been filed here:
https://github.com/systemd/systemd/pull/33970

hidraw_is_revoked() and hidraw_open_errno() are both defined as weak
functions to allow for a BPF program to deny access to a /dev/hidraw
device. The function returns 0 on success or a negative errno
otherwise that is returned to the caller.

As a use-case example, a gamepad-managing process could attach a BPF
program that defaults to -EACCESS for all hidraw devices except those
with ID_INPUT_JOYSTICK set by udev.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---
First version of the patch:
https://patchwork.kernel.org/project/linux-input/patch/YmEAPZKDisM2HAsG@quokka/

Changes to v1:
- add the hidraw_is_revoked and hidraw_open_errno weak functions as
  suggested by Benjamin

Changes to v2:
- use __bpf_hook_start/end to silence compiler warnings  (see kernel
  test bot)

 drivers/hid/hidraw.c        | 61 ++++++++++++++++++++++++++++++++++---
 include/linux/hidraw.h      |  1 +
 include/uapi/linux/hidraw.h |  1 +
 3 files changed, 58 insertions(+), 5 deletions(-)

diff --git ./drivers/hid/hidraw.c ../drivers/hid/hidraw.c
index 2bc762d31ac7..baee5417e6e2 100644
--- ./drivers/hid/hidraw.c
+++ ../drivers/hid/hidraw.c
@@ -13,6 +13,7 @@
 
 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 
+#include <linux/btf.h>
 #include <linux/fs.h>
 #include <linux/module.h>
 #include <linux/errno.h>
@@ -38,12 +39,35 @@ static const struct class hidraw_class = {
 static struct hidraw *hidraw_table[HIDRAW_MAX_DEVICES];
 static DECLARE_RWSEM(minors_rwsem);
 
+__bpf_hook_start();
+
+__weak noinline bool hidraw_is_revoked(struct hidraw_list *list)
+{
+	return list->revoked;
+}
+ALLOW_ERROR_INJECTION(hidraw_is_revoked, TRUE);
+
+__bpf_hook_end();
+
+__bpf_hook_start();
+
+__weak noinline int hidraw_open_errno(__u32 major, __u32 minor)
+{
+	return 0;
+}
+ALLOW_ERROR_INJECTION(hidraw_open_errno, ERRNO);
+
+__bpf_hook_end();
+
 static ssize_t hidraw_read(struct file *file, char __user *buffer, size_t count, loff_t *ppos)
 {
 	struct hidraw_list *list = file->private_data;
 	int ret = 0, len;
 	DECLARE_WAITQUEUE(wait, current);
 
+	if (hidraw_is_revoked(list))
+		return -ENODEV;
+
 	mutex_lock(&list->read_mutex);
 
 	while (ret == 0) {
@@ -161,9 +185,13 @@ static ssize_t hidraw_send_report(struct file *file, const char __user *buffer,
 
 static ssize_t hidraw_write(struct file *file, const char __user *buffer, size_t count, loff_t *ppos)
 {
+	struct hidraw_list *list = file->private_data;
 	ssize_t ret;
 	down_read(&minors_rwsem);
-	ret = hidraw_send_report(file, buffer, count, HID_OUTPUT_REPORT);
+	if (hidraw_is_revoked(list))
+		ret = -ENODEV;
+	else
+		ret = hidraw_send_report(file, buffer, count, HID_OUTPUT_REPORT);
 	up_read(&minors_rwsem);
 	return ret;
 }
@@ -256,7 +284,7 @@ static __poll_t hidraw_poll(struct file *file, poll_table *wait)
 	poll_wait(file, &list->hidraw->wait, wait);
 	if (list->head != list->tail)
 		mask |= EPOLLIN | EPOLLRDNORM;
-	if (!list->hidraw->exist)
+	if (!list->hidraw->exist || hidraw_is_revoked(list))
 		mask |= EPOLLERR | EPOLLHUP;
 	return mask;
 }
@@ -267,7 +295,11 @@ static int hidraw_open(struct inode *inode, struct file *file)
 	struct hidraw *dev;
 	struct hidraw_list *list;
 	unsigned long flags;
-	int err = 0;
+	int err;
+
+	err = hidraw_open_errno(hidraw_major, minor);
+	if (err < 0)
+		return err;
 
 	if (!(list = kzalloc(sizeof(struct hidraw_list), GFP_KERNEL))) {
 		err = -ENOMEM;
@@ -320,6 +352,9 @@ static int hidraw_fasync(int fd, struct file *file, int on)
 {
 	struct hidraw_list *list = file->private_data;
 
+	if (hidraw_is_revoked(list))
+		return -ENODEV;
+
 	return fasync_helper(fd, file, on, &list->fasync);
 }
 
@@ -372,6 +407,13 @@ static int hidraw_release(struct inode * inode, struct file * file)
 	return 0;
 }
 
+static int hidraw_revoke(struct hidraw_list *list)
+{
+	list->revoked = true;
+
+	return 0;
+}
+
 static long hidraw_ioctl(struct file *file, unsigned int cmd,
 							unsigned long arg)
 {
@@ -379,11 +421,12 @@ static long hidraw_ioctl(struct file *file, unsigned int cmd,
 	unsigned int minor = iminor(inode);
 	long ret = 0;
 	struct hidraw *dev;
+	struct hidraw_list *list = file->private_data;
 	void __user *user_arg = (void __user*) arg;
 
 	down_read(&minors_rwsem);
 	dev = hidraw_table[minor];
-	if (!dev || !dev->exist) {
+	if (!dev || !dev->exist || hidraw_is_revoked(list)) {
 		ret = -ENODEV;
 		goto out;
 	}
@@ -421,6 +464,14 @@ static long hidraw_ioctl(struct file *file, unsigned int cmd,
 					ret = -EFAULT;
 				break;
 			}
+		case HIDIOCREVOKE:
+			{
+				if (user_arg)
+					ret = -EINVAL;
+				else
+					ret = hidraw_revoke(list);
+				break;
+			}
 		default:
 			{
 				struct hid_device *hid = dev->hid;
@@ -527,7 +578,7 @@ int hidraw_report_event(struct hid_device *hid, u8 *data, int len)
 	list_for_each_entry(list, &dev->list, node) {
 		int new_head = (list->head + 1) & (HIDRAW_BUFFER_SIZE - 1);
 
-		if (new_head == list->tail)
+		if (hidraw_is_revoked(list) || new_head == list->tail)
 			continue;
 
 		if (!(list->buffer[list->head].value = kmemdup(data, len, GFP_ATOMIC))) {
diff --git ./include/linux/hidraw.h ../include/linux/hidraw.h
index cd67f4ca5599..18fd30a288de 100644
--- ./include/linux/hidraw.h
+++ ../include/linux/hidraw.h
@@ -32,6 +32,7 @@ struct hidraw_list {
 	struct hidraw *hidraw;
 	struct list_head node;
 	struct mutex read_mutex;
+	bool revoked;
 };
 
 #ifdef CONFIG_HIDRAW
diff --git ./include/uapi/linux/hidraw.h ../include/uapi/linux/hidraw.h
index 33ebad81720a..d0563f251da5 100644
--- ./include/uapi/linux/hidraw.h
+++ ../include/uapi/linux/hidraw.h
@@ -46,6 +46,7 @@ struct hidraw_devinfo {
 /* The first byte of SOUTPUT and GOUTPUT is the report number */
 #define HIDIOCSOUTPUT(len)    _IOC(_IOC_WRITE|_IOC_READ, 'H', 0x0B, len)
 #define HIDIOCGOUTPUT(len)    _IOC(_IOC_WRITE|_IOC_READ, 'H', 0x0C, len)
+#define HIDIOCREVOKE	_IOW('H', 0x0D, int) /* Revoke device access */
 
 #define HIDRAW_FIRST_MINOR 0
 #define HIDRAW_MAX_DEVICES 64
-- 
2.45.2

Re: [PATCH v3] HID: hidraw - add HIDIOCREVOKE ioctl

[Jiri Kosina]

On Mon, 12 Aug 2024, Peter Hutterer wrote:

> There is a need for userspace applications to open HID devices directly.
> Use-cases include configuration of gaming mice or direct access to
> joystick devices. The latter is currently handled by the uaccess tag in
> systemd, other devices include more custom/local configurations or just
> sudo.
> 
> A better approach is what we already have for evdev devices: give the
> application a file descriptor and revoke it when it may no longer access
> that device.
> 
> This patch is the hidraw equivalent to the EVIOCREVOKE ioctl, see
> commit c7dc65737c9a607d3e6f8478659876074ad129b8 for full details.
> 
> An MR for systemd-logind has been filed here:
> https://github.com/systemd/systemd/pull/33970
> 
> hidraw_is_revoked() and hidraw_open_errno() are both defined as weak
> functions to allow for a BPF program to deny access to a /dev/hidraw
> device. The function returns 0 on success or a negative errno
> otherwise that is returned to the caller.
> 
> As a use-case example, a gamepad-managing process could attach a BPF
> program that defaults to -EACCESS for all hidraw devices except those
> with ID_INPUT_JOYSTICK set by udev.
> 
> Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>

Thanks Peter. Now queued in hid.git#for-6.12/hidraw.

-- 
Jiri Kosina
SUSE Labs

Re: [PATCH v3] HID: hidraw - add HIDIOCREVOKE ioctl

[Peter Hutterer]

Hi Jiri,

On Wed, Aug 21, 2024 at 02:31:32AM +0200, Jiri Kosina wrote:
> On Mon, 12 Aug 2024, Peter Hutterer wrote:
> 
> > There is a need for userspace applications to open HID devices directly.
> > Use-cases include configuration of gaming mice or direct access to
> > joystick devices. The latter is currently handled by the uaccess tag in
> > systemd, other devices include more custom/local configurations or just
> > sudo.
> > 
> > A better approach is what we already have for evdev devices: give the
> > application a file descriptor and revoke it when it may no longer access
> > that device.
> > 
> > This patch is the hidraw equivalent to the EVIOCREVOKE ioctl, see
> > commit c7dc65737c9a607d3e6f8478659876074ad129b8 for full details.
> > 
> > An MR for systemd-logind has been filed here:
> > https://github.com/systemd/systemd/pull/33970
> > 
> > hidraw_is_revoked() and hidraw_open_errno() are both defined as weak
> > functions to allow for a BPF program to deny access to a /dev/hidraw
> > device. The function returns 0 on success or a negative errno
> > otherwise that is returned to the caller.
> > 
> > As a use-case example, a gamepad-managing process could attach a BPF
> > program that defaults to -EACCESS for all hidraw devices except those
> > with ID_INPUT_JOYSTICK set by udev.
> > 
> > Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
> 
> Thanks Peter. Now queued in hid.git#for-6.12/hidraw.

Benjamin just messaged me about a HID CI pipeline failure caused by this
patch, looks like it's buggy. Can you please revert it again?  I'll send
out a fixed version ASAP, thanks.

Cheeres,
  Peter

Re: [PATCH v3] HID: hidraw - add HIDIOCREVOKE ioctl

[Jiri Kosina]

On Wed, 21 Aug 2024, Peter Hutterer wrote:

> Benjamin just messaged me about a HID CI pipeline failure caused by this
> patch, looks like it's buggy. Can you please revert it again?  I'll send
> out a fixed version ASAP, thanks.

OK, thanks for the report. It's now reverted in for-next, and branch 
for-6.12/hidraw is dropped.

-- 
Jiri Kosina
SUSE Labs