1 /*
2 * Copyright (c) 2001 Paul Stewart
3 * Copyright (c) 2001 Vojtech Pavlik
4 *
5 * HID char devices, giving access to raw HID device events.
6 *
7 */
8
9 /*
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 *
24 * Should you need to contact me, the author, you can do so either by
25 * e-mail - mail your message to Paul Stewart <stewart@wetlogic.net>
26 */
27
28 #include <linux/poll.h>
29 #include <linux/slab.h>
30 #include <linux/sched/signal.h>
31 #include <linux/module.h>
32 #include <linux/init.h>
33 #include <linux/input.h>
34 #include <linux/usb.h>
35 #include <linux/hid.h>
36 #include <linux/hiddev.h>
37 #include <linux/compat.h>
38 #include <linux/vmalloc.h>
39 #include <linux/nospec.h>
40 #include "usbhid.h"
41
42 #ifdef CONFIG_USB_DYNAMIC_MINORS
43 #define HIDDEV_MINOR_BASE 0
44 #define HIDDEV_MINORS 256
45 #else
46 #define HIDDEV_MINOR_BASE 96
47 #define HIDDEV_MINORS 16
48 #endif
49 #define HIDDEV_BUFFER_SIZE 2048
50
51 struct hiddev_list {
52 struct hiddev_usage_ref buffer[HIDDEV_BUFFER_SIZE];
53 int head;
54 int tail;
55 unsigned flags;
56 struct fasync_struct *fasync;
57 struct hiddev *hiddev;
58 struct list_head node;
59 struct mutex thread_lock;
60 };
61
62 /*
63 * Find a report, given the report's type and ID. The ID can be specified
64 * indirectly by REPORT_ID_FIRST (which returns the first report of the given
65 * type) or by (REPORT_ID_NEXT | old_id), which returns the next report of the
66 * given type which follows old_id.
67 */
68 static struct hid_report *
hiddev_lookup_report(struct hid_device * hid,struct hiddev_report_info * rinfo)69 hiddev_lookup_report(struct hid_device *hid, struct hiddev_report_info *rinfo)
70 {
71 unsigned int flags = rinfo->report_id & ~HID_REPORT_ID_MASK;
72 unsigned int rid = rinfo->report_id & HID_REPORT_ID_MASK;
73 struct hid_report_enum *report_enum;
74 struct hid_report *report;
75 struct list_head *list;
76
77 if (rinfo->report_type < HID_REPORT_TYPE_MIN ||
78 rinfo->report_type > HID_REPORT_TYPE_MAX)
79 return NULL;
80
81 report_enum = hid->report_enum +
82 (rinfo->report_type - HID_REPORT_TYPE_MIN);
83
84 switch (flags) {
85 case 0: /* Nothing to do -- report_id is already set correctly */
86 break;
87
88 case HID_REPORT_ID_FIRST:
89 if (list_empty(&report_enum->report_list))
90 return NULL;
91
92 list = report_enum->report_list.next;
93 report = list_entry(list, struct hid_report, list);
94 rinfo->report_id = report->id;
95 break;
96
97 case HID_REPORT_ID_NEXT:
98 report = report_enum->report_id_hash[rid];
99 if (!report)
100 return NULL;
101
102 list = report->list.next;
103 if (list == &report_enum->report_list)
104 return NULL;
105
106 report = list_entry(list, struct hid_report, list);
107 rinfo->report_id = report->id;
108 break;
109
110 default:
111 return NULL;
112 }
113
114 return report_enum->report_id_hash[rinfo->report_id];
115 }
116
117 /*
118 * Perform an exhaustive search of the report table for a usage, given its
119 * type and usage id.
120 */
121 static struct hid_field *
hiddev_lookup_usage(struct hid_device * hid,struct hiddev_usage_ref * uref)122 hiddev_lookup_usage(struct hid_device *hid, struct hiddev_usage_ref *uref)
123 {
124 int i, j;
125 struct hid_report *report;
126 struct hid_report_enum *report_enum;
127 struct hid_field *field;
128
129 if (uref->report_type < HID_REPORT_TYPE_MIN ||
130 uref->report_type > HID_REPORT_TYPE_MAX)
131 return NULL;
132
133 report_enum = hid->report_enum +
134 (uref->report_type - HID_REPORT_TYPE_MIN);
135
136 list_for_each_entry(report, &report_enum->report_list, list) {
137 for (i = 0; i < report->maxfield; i++) {
138 field = report->field[i];
139 for (j = 0; j < field->maxusage; j++) {
140 if (field->usage[j].hid == uref->usage_code) {
141 uref->report_id = report->id;
142 uref->field_index = i;
143 uref->usage_index = j;
144 return field;
145 }
146 }
147 }
148 }
149
150 return NULL;
151 }
152
hiddev_send_event(struct hid_device * hid,struct hiddev_usage_ref * uref)153 static void hiddev_send_event(struct hid_device *hid,
154 struct hiddev_usage_ref *uref)
155 {
156 struct hiddev *hiddev = hid->hiddev;
157 struct hiddev_list *list;
158 unsigned long flags;
159
160 spin_lock_irqsave(&hiddev->list_lock, flags);
161 list_for_each_entry(list, &hiddev->list, node) {
162 if (uref->field_index != HID_FIELD_INDEX_NONE ||
163 (list->flags & HIDDEV_FLAG_REPORT) != 0) {
164 list->buffer[list->head] = *uref;
165 list->head = (list->head + 1) &
166 (HIDDEV_BUFFER_SIZE - 1);
167 kill_fasync(&list->fasync, SIGIO, POLL_IN);
168 }
169 }
170 spin_unlock_irqrestore(&hiddev->list_lock, flags);
171
172 wake_up_interruptible(&hiddev->wait);
173 }
174
175 /*
176 * This is where hid.c calls into hiddev to pass an event that occurred over
177 * the interrupt pipe
178 */
hiddev_hid_event(struct hid_device * hid,struct hid_field * field,struct hid_usage * usage,__s32 value)179 void hiddev_hid_event(struct hid_device *hid, struct hid_field *field,
180 struct hid_usage *usage, __s32 value)
181 {
182 unsigned type = field->report_type;
183 struct hiddev_usage_ref uref;
184
185 uref.report_type =
186 (type == HID_INPUT_REPORT) ? HID_REPORT_TYPE_INPUT :
187 ((type == HID_OUTPUT_REPORT) ? HID_REPORT_TYPE_OUTPUT :
188 ((type == HID_FEATURE_REPORT) ? HID_REPORT_TYPE_FEATURE : 0));
189 uref.report_id = field->report->id;
190 uref.field_index = field->index;
191 uref.usage_index = (usage - field->usage);
192 uref.usage_code = usage->hid;
193 uref.value = value;
194
195 hiddev_send_event(hid, &uref);
196 }
197 EXPORT_SYMBOL_GPL(hiddev_hid_event);
198
hiddev_report_event(struct hid_device * hid,struct hid_report * report)199 void hiddev_report_event(struct hid_device *hid, struct hid_report *report)
200 {
201 unsigned type = report->type;
202 struct hiddev_usage_ref uref;
203
204 memset(&uref, 0, sizeof(uref));
205 uref.report_type =
206 (type == HID_INPUT_REPORT) ? HID_REPORT_TYPE_INPUT :
207 ((type == HID_OUTPUT_REPORT) ? HID_REPORT_TYPE_OUTPUT :
208 ((type == HID_FEATURE_REPORT) ? HID_REPORT_TYPE_FEATURE : 0));
209 uref.report_id = report->id;
210 uref.field_index = HID_FIELD_INDEX_NONE;
211
212 hiddev_send_event(hid, &uref);
213 }
214
215 /*
216 * fasync file op
217 */
hiddev_fasync(int fd,struct file * file,int on)218 static int hiddev_fasync(int fd, struct file *file, int on)
219 {
220 struct hiddev_list *list = file->private_data;
221
222 return fasync_helper(fd, file, on, &list->fasync);
223 }
224
225
226 /*
227 * release file op
228 */
hiddev_release(struct inode * inode,struct file * file)229 static int hiddev_release(struct inode * inode, struct file * file)
230 {
231 struct hiddev_list *list = file->private_data;
232 unsigned long flags;
233
234 spin_lock_irqsave(&list->hiddev->list_lock, flags);
235 list_del(&list->node);
236 spin_unlock_irqrestore(&list->hiddev->list_lock, flags);
237
238 mutex_lock(&list->hiddev->existancelock);
239 if (!--list->hiddev->open) {
240 if (list->hiddev->exist) {
241 hid_hw_close(list->hiddev->hid);
242 hid_hw_power(list->hiddev->hid, PM_HINT_NORMAL);
243 } else {
244 mutex_unlock(&list->hiddev->existancelock);
245 kfree(list->hiddev);
246 vfree(list);
247 return 0;
248 }
249 }
250
251 mutex_unlock(&list->hiddev->existancelock);
252 vfree(list);
253
254 return 0;
255 }
256
__hiddev_open(struct hiddev * hiddev,struct file * file)257 static int __hiddev_open(struct hiddev *hiddev, struct file *file)
258 {
259 struct hiddev_list *list;
260 int error;
261
262 lockdep_assert_held(&hiddev->existancelock);
263
264 list = vzalloc(sizeof(*list));
265 if (!list)
266 return -ENOMEM;
267
268 mutex_init(&list->thread_lock);
269 list->hiddev = hiddev;
270
271 if (!hiddev->open++) {
272 error = hid_hw_power(hiddev->hid, PM_HINT_FULLON);
273 if (error < 0)
274 goto err_drop_count;
275
276 error = hid_hw_open(hiddev->hid);
277 if (error < 0)
278 goto err_normal_power;
279 }
280
281 spin_lock_irq(&hiddev->list_lock);
282 list_add_tail(&list->node, &hiddev->list);
283 spin_unlock_irq(&hiddev->list_lock);
284
285 file->private_data = list;
286
287 return 0;
288
289 err_normal_power:
290 hid_hw_power(hiddev->hid, PM_HINT_NORMAL);
291 err_drop_count:
292 hiddev->open--;
293 vfree(list);
294 return error;
295 }
296
297 /*
298 * open file op
299 */
hiddev_open(struct inode * inode,struct file * file)300 static int hiddev_open(struct inode *inode, struct file *file)
301 {
302 struct usb_interface *intf;
303 struct hid_device *hid;
304 struct hiddev *hiddev;
305 int res;
306
307 intf = usbhid_find_interface(iminor(inode));
308 if (!intf)
309 return -ENODEV;
310
311 hid = usb_get_intfdata(intf);
312 hiddev = hid->hiddev;
313
314 mutex_lock(&hiddev->existancelock);
315 res = hiddev->exist ? __hiddev_open(hiddev, file) : -ENODEV;
316 mutex_unlock(&hiddev->existancelock);
317
318 return res;
319 }
320
321 /*
322 * "write" file op
323 */
hiddev_write(struct file * file,const char __user * buffer,size_t count,loff_t * ppos)324 static ssize_t hiddev_write(struct file * file, const char __user * buffer, size_t count, loff_t *ppos)
325 {
326 return -EINVAL;
327 }
328
329 /*
330 * "read" file op
331 */
hiddev_read(struct file * file,char __user * buffer,size_t count,loff_t * ppos)332 static ssize_t hiddev_read(struct file * file, char __user * buffer, size_t count, loff_t *ppos)
333 {
334 DEFINE_WAIT(wait);
335 struct hiddev_list *list = file->private_data;
336 int event_size;
337 int retval;
338
339 event_size = ((list->flags & HIDDEV_FLAG_UREF) != 0) ?
340 sizeof(struct hiddev_usage_ref) : sizeof(struct hiddev_event);
341
342 if (count < event_size)
343 return 0;
344
345 /* lock against other threads */
346 retval = mutex_lock_interruptible(&list->thread_lock);
347 if (retval)
348 return -ERESTARTSYS;
349
350 while (retval == 0) {
351 if (list->head == list->tail) {
352 prepare_to_wait(&list->hiddev->wait, &wait, TASK_INTERRUPTIBLE);
353
354 while (list->head == list->tail) {
355 if (signal_pending(current)) {
356 retval = -ERESTARTSYS;
357 break;
358 }
359 if (!list->hiddev->exist) {
360 retval = -EIO;
361 break;
362 }
363 if (file->f_flags & O_NONBLOCK) {
364 retval = -EAGAIN;
365 break;
366 }
367
368 /* let O_NONBLOCK tasks run */
369 mutex_unlock(&list->thread_lock);
370 schedule();
371 if (mutex_lock_interruptible(&list->thread_lock)) {
372 finish_wait(&list->hiddev->wait, &wait);
373 return -EINTR;
374 }
375 set_current_state(TASK_INTERRUPTIBLE);
376 }
377 finish_wait(&list->hiddev->wait, &wait);
378
379 }
380
381 if (retval) {
382 mutex_unlock(&list->thread_lock);
383 return retval;
384 }
385
386
387 while (list->head != list->tail &&
388 retval + event_size <= count) {
389 if ((list->flags & HIDDEV_FLAG_UREF) == 0) {
390 if (list->buffer[list->tail].field_index != HID_FIELD_INDEX_NONE) {
391 struct hiddev_event event;
392
393 event.hid = list->buffer[list->tail].usage_code;
394 event.value = list->buffer[list->tail].value;
395 if (copy_to_user(buffer + retval, &event, sizeof(struct hiddev_event))) {
396 mutex_unlock(&list->thread_lock);
397 return -EFAULT;
398 }
399 retval += sizeof(struct hiddev_event);
400 }
401 } else {
402 if (list->buffer[list->tail].field_index != HID_FIELD_INDEX_NONE ||
403 (list->flags & HIDDEV_FLAG_REPORT) != 0) {
404
405 if (copy_to_user(buffer + retval, list->buffer + list->tail, sizeof(struct hiddev_usage_ref))) {
406 mutex_unlock(&list->thread_lock);
407 return -EFAULT;
408 }
409 retval += sizeof(struct hiddev_usage_ref);
410 }
411 }
412 list->tail = (list->tail + 1) & (HIDDEV_BUFFER_SIZE - 1);
413 }
414
415 }
416 mutex_unlock(&list->thread_lock);
417
418 return retval;
419 }
420
421 /*
422 * "poll" file op
423 * No kernel lock - fine
424 */
hiddev_poll(struct file * file,poll_table * wait)425 static __poll_t hiddev_poll(struct file *file, poll_table *wait)
426 {
427 struct hiddev_list *list = file->private_data;
428
429 poll_wait(file, &list->hiddev->wait, wait);
430 if (list->head != list->tail)
431 return EPOLLIN | EPOLLRDNORM;
432 if (!list->hiddev->exist)
433 return EPOLLERR | EPOLLHUP;
434 return 0;
435 }
436
437 /*
438 * "ioctl" file op
439 */
hiddev_ioctl_usage(struct hiddev * hiddev,unsigned int cmd,void __user * user_arg)440 static noinline int hiddev_ioctl_usage(struct hiddev *hiddev, unsigned int cmd, void __user *user_arg)
441 {
442 struct hid_device *hid = hiddev->hid;
443 struct hiddev_report_info rinfo;
444 struct hiddev_usage_ref_multi *uref_multi = NULL;
445 struct hiddev_usage_ref *uref;
446 struct hid_report *report;
447 struct hid_field *field;
448 int i;
449
450 uref_multi = kmalloc(sizeof(struct hiddev_usage_ref_multi), GFP_KERNEL);
451 if (!uref_multi)
452 return -ENOMEM;
453 uref = &uref_multi->uref;
454 if (cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) {
455 if (copy_from_user(uref_multi, user_arg,
456 sizeof(*uref_multi)))
457 goto fault;
458 } else {
459 if (copy_from_user(uref, user_arg, sizeof(*uref)))
460 goto fault;
461 }
462
463 switch (cmd) {
464 case HIDIOCGUCODE:
465 rinfo.report_type = uref->report_type;
466 rinfo.report_id = uref->report_id;
467 if ((report = hiddev_lookup_report(hid, &rinfo)) == NULL)
468 goto inval;
469
470 if (uref->field_index >= report->maxfield)
471 goto inval;
472 uref->field_index = array_index_nospec(uref->field_index,
473 report->maxfield);
474
475 field = report->field[uref->field_index];
476 if (uref->usage_index >= field->maxusage)
477 goto inval;
478 uref->usage_index = array_index_nospec(uref->usage_index,
479 field->maxusage);
480
481 uref->usage_code = field->usage[uref->usage_index].hid;
482
483 if (copy_to_user(user_arg, uref, sizeof(*uref)))
484 goto fault;
485
486 goto goodreturn;
487
488 default:
489 if (cmd != HIDIOCGUSAGE &&
490 cmd != HIDIOCGUSAGES &&
491 uref->report_type == HID_REPORT_TYPE_INPUT)
492 goto inval;
493
494 if (uref->report_id == HID_REPORT_ID_UNKNOWN) {
495 field = hiddev_lookup_usage(hid, uref);
496 if (field == NULL)
497 goto inval;
498 } else {
499 rinfo.report_type = uref->report_type;
500 rinfo.report_id = uref->report_id;
501 if ((report = hiddev_lookup_report(hid, &rinfo)) == NULL)
502 goto inval;
503
504 if (uref->field_index >= report->maxfield)
505 goto inval;
506 uref->field_index = array_index_nospec(uref->field_index,
507 report->maxfield);
508
509 field = report->field[uref->field_index];
510
511 if (cmd == HIDIOCGCOLLECTIONINDEX) {
512 if (uref->usage_index >= field->maxusage)
513 goto inval;
514 uref->usage_index =
515 array_index_nospec(uref->usage_index,
516 field->maxusage);
517 } else if (uref->usage_index >= field->report_count)
518 goto inval;
519 }
520
521 if (cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) {
522 if (uref_multi->num_values > HID_MAX_MULTI_USAGES ||
523 uref->usage_index + uref_multi->num_values >
524 field->report_count)
525 goto inval;
526
527 uref->usage_index =
528 array_index_nospec(uref->usage_index,
529 field->report_count -
530 uref_multi->num_values);
531 }
532
533 switch (cmd) {
534 case HIDIOCGUSAGE:
535 if (uref->usage_index >= field->report_count)
536 goto inval;
537 uref->value = field->value[uref->usage_index];
538 if (copy_to_user(user_arg, uref, sizeof(*uref)))
539 goto fault;
540 goto goodreturn;
541
542 case HIDIOCSUSAGE:
543 if (uref->usage_index >= field->report_count)
544 goto inval;
545 field->value[uref->usage_index] = uref->value;
546 goto goodreturn;
547
548 case HIDIOCGCOLLECTIONINDEX:
549 i = field->usage[uref->usage_index].collection_index;
550 kfree(uref_multi);
551 return i;
552 case HIDIOCGUSAGES:
553 for (i = 0; i < uref_multi->num_values; i++)
554 uref_multi->values[i] =
555 field->value[uref->usage_index + i];
556 if (copy_to_user(user_arg, uref_multi,
557 sizeof(*uref_multi)))
558 goto fault;
559 goto goodreturn;
560 case HIDIOCSUSAGES:
561 for (i = 0; i < uref_multi->num_values; i++)
562 field->value[uref->usage_index + i] =
563 uref_multi->values[i];
564 goto goodreturn;
565 }
566
567 goodreturn:
568 kfree(uref_multi);
569 return 0;
570 fault:
571 kfree(uref_multi);
572 return -EFAULT;
573 inval:
574 kfree(uref_multi);
575 return -EINVAL;
576 }
577 }
578
hiddev_ioctl_string(struct hiddev * hiddev,unsigned int cmd,void __user * user_arg)579 static noinline int hiddev_ioctl_string(struct hiddev *hiddev, unsigned int cmd, void __user *user_arg)
580 {
581 struct hid_device *hid = hiddev->hid;
582 struct usb_device *dev = hid_to_usb_dev(hid);
583 int idx, len;
584 char *buf;
585
586 if (get_user(idx, (int __user *)user_arg))
587 return -EFAULT;
588
589 if ((buf = kmalloc(HID_STRING_SIZE, GFP_KERNEL)) == NULL)
590 return -ENOMEM;
591
592 if ((len = usb_string(dev, idx, buf, HID_STRING_SIZE-1)) < 0) {
593 kfree(buf);
594 return -EINVAL;
595 }
596
597 if (copy_to_user(user_arg+sizeof(int), buf, len+1)) {
598 kfree(buf);
599 return -EFAULT;
600 }
601
602 kfree(buf);
603
604 return len;
605 }
606
hiddev_ioctl(struct file * file,unsigned int cmd,unsigned long arg)607 static long hiddev_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
608 {
609 struct hiddev_list *list = file->private_data;
610 struct hiddev *hiddev = list->hiddev;
611 struct hid_device *hid;
612 struct hiddev_collection_info cinfo;
613 struct hiddev_report_info rinfo;
614 struct hiddev_field_info finfo;
615 struct hiddev_devinfo dinfo;
616 struct hid_report *report;
617 struct hid_field *field;
618 void __user *user_arg = (void __user *)arg;
619 int i, r = -EINVAL;
620
621 /* Called without BKL by compat methods so no BKL taken */
622
623 mutex_lock(&hiddev->existancelock);
624 if (!hiddev->exist) {
625 r = -ENODEV;
626 goto ret_unlock;
627 }
628
629 hid = hiddev->hid;
630
631 switch (cmd) {
632
633 case HIDIOCGVERSION:
634 r = put_user(HID_VERSION, (int __user *)arg) ?
635 -EFAULT : 0;
636 break;
637
638 case HIDIOCAPPLICATION:
639 if (arg >= hid->maxapplication)
640 break;
641
642 for (i = 0; i < hid->maxcollection; i++)
643 if (hid->collection[i].type ==
644 HID_COLLECTION_APPLICATION && arg-- == 0)
645 break;
646
647 if (i < hid->maxcollection)
648 r = hid->collection[i].usage;
649 break;
650
651 case HIDIOCGDEVINFO:
652 {
653 struct usb_device *dev = hid_to_usb_dev(hid);
654 struct usbhid_device *usbhid = hid->driver_data;
655
656 memset(&dinfo, 0, sizeof(dinfo));
657
658 dinfo.bustype = BUS_USB;
659 dinfo.busnum = dev->bus->busnum;
660 dinfo.devnum = dev->devnum;
661 dinfo.ifnum = usbhid->ifnum;
662 dinfo.vendor = le16_to_cpu(dev->descriptor.idVendor);
663 dinfo.product = le16_to_cpu(dev->descriptor.idProduct);
664 dinfo.version = le16_to_cpu(dev->descriptor.bcdDevice);
665 dinfo.num_applications = hid->maxapplication;
666
667 r = copy_to_user(user_arg, &dinfo, sizeof(dinfo)) ?
668 -EFAULT : 0;
669 break;
670 }
671
672 case HIDIOCGFLAG:
673 r = put_user(list->flags, (int __user *)arg) ?
674 -EFAULT : 0;
675 break;
676
677 case HIDIOCSFLAG:
678 {
679 int newflags;
680
681 if (get_user(newflags, (int __user *)arg)) {
682 r = -EFAULT;
683 break;
684 }
685
686 if ((newflags & ~HIDDEV_FLAGS) != 0 ||
687 ((newflags & HIDDEV_FLAG_REPORT) != 0 &&
688 (newflags & HIDDEV_FLAG_UREF) == 0))
689 break;
690
691 list->flags = newflags;
692
693 r = 0;
694 break;
695 }
696
697 case HIDIOCGSTRING:
698 r = hiddev_ioctl_string(hiddev, cmd, user_arg);
699 break;
700
701 case HIDIOCINITREPORT:
702 usbhid_init_reports(hid);
703 hiddev->initialized = true;
704 r = 0;
705 break;
706
707 case HIDIOCGREPORT:
708 if (copy_from_user(&rinfo, user_arg, sizeof(rinfo))) {
709 r = -EFAULT;
710 break;
711 }
712
713 if (rinfo.report_type == HID_REPORT_TYPE_OUTPUT)
714 break;
715
716 report = hiddev_lookup_report(hid, &rinfo);
717 if (report == NULL)
718 break;
719
720 hid_hw_request(hid, report, HID_REQ_GET_REPORT);
721 hid_hw_wait(hid);
722
723 r = 0;
724 break;
725
726 case HIDIOCSREPORT:
727 if (copy_from_user(&rinfo, user_arg, sizeof(rinfo))) {
728 r = -EFAULT;
729 break;
730 }
731
732 if (rinfo.report_type == HID_REPORT_TYPE_INPUT)
733 break;
734
735 report = hiddev_lookup_report(hid, &rinfo);
736 if (report == NULL)
737 break;
738
739 hid_hw_request(hid, report, HID_REQ_SET_REPORT);
740 hid_hw_wait(hid);
741
742 r = 0;
743 break;
744
745 case HIDIOCGREPORTINFO:
746 if (copy_from_user(&rinfo, user_arg, sizeof(rinfo))) {
747 r = -EFAULT;
748 break;
749 }
750
751 report = hiddev_lookup_report(hid, &rinfo);
752 if (report == NULL)
753 break;
754
755 rinfo.num_fields = report->maxfield;
756
757 r = copy_to_user(user_arg, &rinfo, sizeof(rinfo)) ?
758 -EFAULT : 0;
759 break;
760
761 case HIDIOCGFIELDINFO:
762 if (copy_from_user(&finfo, user_arg, sizeof(finfo))) {
763 r = -EFAULT;
764 break;
765 }
766
767 rinfo.report_type = finfo.report_type;
768 rinfo.report_id = finfo.report_id;
769
770 report = hiddev_lookup_report(hid, &rinfo);
771 if (report == NULL)
772 break;
773
774 if (finfo.field_index >= report->maxfield)
775 break;
776 finfo.field_index = array_index_nospec(finfo.field_index,
777 report->maxfield);
778
779 field = report->field[finfo.field_index];
780 memset(&finfo, 0, sizeof(finfo));
781 finfo.report_type = rinfo.report_type;
782 finfo.report_id = rinfo.report_id;
783 finfo.field_index = field->report_count - 1;
784 finfo.maxusage = field->maxusage;
785 finfo.flags = field->flags;
786 finfo.physical = field->physical;
787 finfo.logical = field->logical;
788 finfo.application = field->application;
789 finfo.logical_minimum = field->logical_minimum;
790 finfo.logical_maximum = field->logical_maximum;
791 finfo.physical_minimum = field->physical_minimum;
792 finfo.physical_maximum = field->physical_maximum;
793 finfo.unit_exponent = field->unit_exponent;
794 finfo.unit = field->unit;
795
796 r = copy_to_user(user_arg, &finfo, sizeof(finfo)) ?
797 -EFAULT : 0;
798 break;
799
800 case HIDIOCGUCODE:
801 /* fall through */
802 case HIDIOCGUSAGE:
803 case HIDIOCSUSAGE:
804 case HIDIOCGUSAGES:
805 case HIDIOCSUSAGES:
806 case HIDIOCGCOLLECTIONINDEX:
807 if (!hiddev->initialized) {
808 usbhid_init_reports(hid);
809 hiddev->initialized = true;
810 }
811 r = hiddev_ioctl_usage(hiddev, cmd, user_arg);
812 break;
813
814 case HIDIOCGCOLLECTIONINFO:
815 if (copy_from_user(&cinfo, user_arg, sizeof(cinfo))) {
816 r = -EFAULT;
817 break;
818 }
819
820 if (cinfo.index >= hid->maxcollection)
821 break;
822 cinfo.index = array_index_nospec(cinfo.index,
823 hid->maxcollection);
824
825 cinfo.type = hid->collection[cinfo.index].type;
826 cinfo.usage = hid->collection[cinfo.index].usage;
827 cinfo.level = hid->collection[cinfo.index].level;
828
829 r = copy_to_user(user_arg, &cinfo, sizeof(cinfo)) ?
830 -EFAULT : 0;
831 break;
832
833 default:
834 if (_IOC_TYPE(cmd) != 'H' || _IOC_DIR(cmd) != _IOC_READ)
835 break;
836
837 if (_IOC_NR(cmd) == _IOC_NR(HIDIOCGNAME(0))) {
838 int len = strlen(hid->name) + 1;
839 if (len > _IOC_SIZE(cmd))
840 len = _IOC_SIZE(cmd);
841 r = copy_to_user(user_arg, hid->name, len) ?
842 -EFAULT : len;
843 break;
844 }
845
846 if (_IOC_NR(cmd) == _IOC_NR(HIDIOCGPHYS(0))) {
847 int len = strlen(hid->phys) + 1;
848 if (len > _IOC_SIZE(cmd))
849 len = _IOC_SIZE(cmd);
850 r = copy_to_user(user_arg, hid->phys, len) ?
851 -EFAULT : len;
852 break;
853 }
854 }
855
856 ret_unlock:
857 mutex_unlock(&hiddev->existancelock);
858 return r;
859 }
860
861 #ifdef CONFIG_COMPAT
hiddev_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)862 static long hiddev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
863 {
864 return hiddev_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
865 }
866 #endif
867
868 static const struct file_operations hiddev_fops = {
869 .owner = THIS_MODULE,
870 .read = hiddev_read,
871 .write = hiddev_write,
872 .poll = hiddev_poll,
873 .open = hiddev_open,
874 .release = hiddev_release,
875 .unlocked_ioctl = hiddev_ioctl,
876 .fasync = hiddev_fasync,
877 #ifdef CONFIG_COMPAT
878 .compat_ioctl = hiddev_compat_ioctl,
879 #endif
880 .llseek = noop_llseek,
881 };
882
hiddev_devnode(struct device * dev,umode_t * mode)883 static char *hiddev_devnode(struct device *dev, umode_t *mode)
884 {
885 return kasprintf(GFP_KERNEL, "usb/%s", dev_name(dev));
886 }
887
888 static struct usb_class_driver hiddev_class = {
889 .name = "hiddev%d",
890 .devnode = hiddev_devnode,
891 .fops = &hiddev_fops,
892 .minor_base = HIDDEV_MINOR_BASE,
893 };
894
895 /*
896 * This is where hid.c calls us to connect a hid device to the hiddev driver
897 */
hiddev_connect(struct hid_device * hid,unsigned int force)898 int hiddev_connect(struct hid_device *hid, unsigned int force)
899 {
900 struct hiddev *hiddev;
901 struct usbhid_device *usbhid = hid->driver_data;
902 int retval;
903
904 if (!force) {
905 unsigned int i;
906 for (i = 0; i < hid->maxcollection; i++)
907 if (hid->collection[i].type ==
908 HID_COLLECTION_APPLICATION &&
909 !IS_INPUT_APPLICATION(hid->collection[i].usage))
910 break;
911
912 if (i == hid->maxcollection)
913 return -1;
914 }
915
916 if (!(hiddev = kzalloc(sizeof(struct hiddev), GFP_KERNEL)))
917 return -1;
918
919 init_waitqueue_head(&hiddev->wait);
920 INIT_LIST_HEAD(&hiddev->list);
921 spin_lock_init(&hiddev->list_lock);
922 mutex_init(&hiddev->existancelock);
923 hid->hiddev = hiddev;
924 hiddev->hid = hid;
925 hiddev->exist = 1;
926 retval = usb_register_dev(usbhid->intf, &hiddev_class);
927 if (retval) {
928 hid_err(hid, "Not able to get a minor for this device\n");
929 hid->hiddev = NULL;
930 kfree(hiddev);
931 return -1;
932 }
933
934 /*
935 * If HID_QUIRK_NO_INIT_REPORTS is set, make sure we don't initialize
936 * the reports.
937 */
938 hiddev->initialized = hid->quirks & HID_QUIRK_NO_INIT_REPORTS;
939
940 hiddev->minor = usbhid->intf->minor;
941
942 return 0;
943 }
944
945 /*
946 * This is where hid.c calls us to disconnect a hiddev device from the
947 * corresponding hid device (usually because the usb device has disconnected)
948 */
949 static struct usb_class_driver hiddev_class;
hiddev_disconnect(struct hid_device * hid)950 void hiddev_disconnect(struct hid_device *hid)
951 {
952 struct hiddev *hiddev = hid->hiddev;
953 struct usbhid_device *usbhid = hid->driver_data;
954
955 usb_deregister_dev(usbhid->intf, &hiddev_class);
956
957 mutex_lock(&hiddev->existancelock);
958 hiddev->exist = 0;
959
960 if (hiddev->open) {
961 hid_hw_close(hiddev->hid);
962 wake_up_interruptible(&hiddev->wait);
963 mutex_unlock(&hiddev->existancelock);
964 } else {
965 mutex_unlock(&hiddev->existancelock);
966 kfree(hiddev);
967 }
968 }
969