1 /*
2 * Copyright (c) 2001 Paul Stewart
3 * Copyright (c) 2001 Vojtech Pavlik
4 *
5 * HID char devices, giving access to raw HID device events.
6 *
7 */
8
9 /*
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 *
24 * Should you need to contact me, the author, you can do so either by
25 * e-mail - mail your message to Paul Stewart <stewart@wetlogic.net>
26 */
27
28 #include <linux/poll.h>
29 #include <linux/slab.h>
30 #include <linux/module.h>
31 #include <linux/init.h>
32 #include <linux/input.h>
33 #include <linux/usb.h>
34 #include <linux/hid.h>
35 #include <linux/hiddev.h>
36 #include <linux/compat.h>
37 #include <linux/vmalloc.h>
38 #include <linux/nospec.h>
39 #include "usbhid.h"
40
41 #ifdef CONFIG_USB_DYNAMIC_MINORS
42 #define HIDDEV_MINOR_BASE 0
43 #define HIDDEV_MINORS 256
44 #else
45 #define HIDDEV_MINOR_BASE 96
46 #define HIDDEV_MINORS 16
47 #endif
48 #define HIDDEV_BUFFER_SIZE 2048
49
50 struct hiddev {
51 int exist;
52 int open;
53 struct mutex existancelock;
54 wait_queue_head_t wait;
55 struct hid_device *hid;
56 struct list_head list;
57 spinlock_t list_lock;
58 };
59
60 struct hiddev_list {
61 struct hiddev_usage_ref buffer[HIDDEV_BUFFER_SIZE];
62 int head;
63 int tail;
64 unsigned flags;
65 struct fasync_struct *fasync;
66 struct hiddev *hiddev;
67 struct list_head node;
68 struct mutex thread_lock;
69 };
70
71 /*
72 * Find a report, given the report's type and ID. The ID can be specified
73 * indirectly by REPORT_ID_FIRST (which returns the first report of the given
74 * type) or by (REPORT_ID_NEXT | old_id), which returns the next report of the
75 * given type which follows old_id.
76 */
77 static struct hid_report *
hiddev_lookup_report(struct hid_device * hid,struct hiddev_report_info * rinfo)78 hiddev_lookup_report(struct hid_device *hid, struct hiddev_report_info *rinfo)
79 {
80 unsigned int flags = rinfo->report_id & ~HID_REPORT_ID_MASK;
81 unsigned int rid = rinfo->report_id & HID_REPORT_ID_MASK;
82 struct hid_report_enum *report_enum;
83 struct hid_report *report;
84 struct list_head *list;
85
86 if (rinfo->report_type < HID_REPORT_TYPE_MIN ||
87 rinfo->report_type > HID_REPORT_TYPE_MAX)
88 return NULL;
89
90 report_enum = hid->report_enum +
91 (rinfo->report_type - HID_REPORT_TYPE_MIN);
92
93 switch (flags) {
94 case 0: /* Nothing to do -- report_id is already set correctly */
95 break;
96
97 case HID_REPORT_ID_FIRST:
98 if (list_empty(&report_enum->report_list))
99 return NULL;
100
101 list = report_enum->report_list.next;
102 report = list_entry(list, struct hid_report, list);
103 rinfo->report_id = report->id;
104 break;
105
106 case HID_REPORT_ID_NEXT:
107 report = report_enum->report_id_hash[rid];
108 if (!report)
109 return NULL;
110
111 list = report->list.next;
112 if (list == &report_enum->report_list)
113 return NULL;
114
115 report = list_entry(list, struct hid_report, list);
116 rinfo->report_id = report->id;
117 break;
118
119 default:
120 return NULL;
121 }
122
123 return report_enum->report_id_hash[rinfo->report_id];
124 }
125
126 /*
127 * Perform an exhaustive search of the report table for a usage, given its
128 * type and usage id.
129 */
130 static struct hid_field *
hiddev_lookup_usage(struct hid_device * hid,struct hiddev_usage_ref * uref)131 hiddev_lookup_usage(struct hid_device *hid, struct hiddev_usage_ref *uref)
132 {
133 int i, j;
134 struct hid_report *report;
135 struct hid_report_enum *report_enum;
136 struct hid_field *field;
137
138 if (uref->report_type < HID_REPORT_TYPE_MIN ||
139 uref->report_type > HID_REPORT_TYPE_MAX)
140 return NULL;
141
142 report_enum = hid->report_enum +
143 (uref->report_type - HID_REPORT_TYPE_MIN);
144
145 list_for_each_entry(report, &report_enum->report_list, list) {
146 for (i = 0; i < report->maxfield; i++) {
147 field = report->field[i];
148 for (j = 0; j < field->maxusage; j++) {
149 if (field->usage[j].hid == uref->usage_code) {
150 uref->report_id = report->id;
151 uref->field_index = i;
152 uref->usage_index = j;
153 return field;
154 }
155 }
156 }
157 }
158
159 return NULL;
160 }
161
hiddev_send_event(struct hid_device * hid,struct hiddev_usage_ref * uref)162 static void hiddev_send_event(struct hid_device *hid,
163 struct hiddev_usage_ref *uref)
164 {
165 struct hiddev *hiddev = hid->hiddev;
166 struct hiddev_list *list;
167 unsigned long flags;
168
169 spin_lock_irqsave(&hiddev->list_lock, flags);
170 list_for_each_entry(list, &hiddev->list, node) {
171 if (uref->field_index != HID_FIELD_INDEX_NONE ||
172 (list->flags & HIDDEV_FLAG_REPORT) != 0) {
173 list->buffer[list->head] = *uref;
174 list->head = (list->head + 1) &
175 (HIDDEV_BUFFER_SIZE - 1);
176 kill_fasync(&list->fasync, SIGIO, POLL_IN);
177 }
178 }
179 spin_unlock_irqrestore(&hiddev->list_lock, flags);
180
181 wake_up_interruptible(&hiddev->wait);
182 }
183
184 /*
185 * This is where hid.c calls into hiddev to pass an event that occurred over
186 * the interrupt pipe
187 */
hiddev_hid_event(struct hid_device * hid,struct hid_field * field,struct hid_usage * usage,__s32 value)188 void hiddev_hid_event(struct hid_device *hid, struct hid_field *field,
189 struct hid_usage *usage, __s32 value)
190 {
191 unsigned type = field->report_type;
192 struct hiddev_usage_ref uref;
193
194 uref.report_type =
195 (type == HID_INPUT_REPORT) ? HID_REPORT_TYPE_INPUT :
196 ((type == HID_OUTPUT_REPORT) ? HID_REPORT_TYPE_OUTPUT :
197 ((type == HID_FEATURE_REPORT) ? HID_REPORT_TYPE_FEATURE : 0));
198 uref.report_id = field->report->id;
199 uref.field_index = field->index;
200 uref.usage_index = (usage - field->usage);
201 uref.usage_code = usage->hid;
202 uref.value = value;
203
204 hiddev_send_event(hid, &uref);
205 }
206 EXPORT_SYMBOL_GPL(hiddev_hid_event);
207
hiddev_report_event(struct hid_device * hid,struct hid_report * report)208 void hiddev_report_event(struct hid_device *hid, struct hid_report *report)
209 {
210 unsigned type = report->type;
211 struct hiddev_usage_ref uref;
212
213 memset(&uref, 0, sizeof(uref));
214 uref.report_type =
215 (type == HID_INPUT_REPORT) ? HID_REPORT_TYPE_INPUT :
216 ((type == HID_OUTPUT_REPORT) ? HID_REPORT_TYPE_OUTPUT :
217 ((type == HID_FEATURE_REPORT) ? HID_REPORT_TYPE_FEATURE : 0));
218 uref.report_id = report->id;
219 uref.field_index = HID_FIELD_INDEX_NONE;
220
221 hiddev_send_event(hid, &uref);
222 }
223
224 /*
225 * fasync file op
226 */
hiddev_fasync(int fd,struct file * file,int on)227 static int hiddev_fasync(int fd, struct file *file, int on)
228 {
229 struct hiddev_list *list = file->private_data;
230
231 return fasync_helper(fd, file, on, &list->fasync);
232 }
233
234
235 /*
236 * release file op
237 */
hiddev_release(struct inode * inode,struct file * file)238 static int hiddev_release(struct inode * inode, struct file * file)
239 {
240 struct hiddev_list *list = file->private_data;
241 unsigned long flags;
242
243 spin_lock_irqsave(&list->hiddev->list_lock, flags);
244 list_del(&list->node);
245 spin_unlock_irqrestore(&list->hiddev->list_lock, flags);
246
247 mutex_lock(&list->hiddev->existancelock);
248 if (!--list->hiddev->open) {
249 if (list->hiddev->exist) {
250 usbhid_close(list->hiddev->hid);
251 usbhid_put_power(list->hiddev->hid);
252 } else {
253 mutex_unlock(&list->hiddev->existancelock);
254 kfree(list->hiddev);
255 vfree(list);
256 return 0;
257 }
258 }
259
260 mutex_unlock(&list->hiddev->existancelock);
261 vfree(list);
262
263 return 0;
264 }
265
266 /*
267 * open file op
268 */
hiddev_open(struct inode * inode,struct file * file)269 static int hiddev_open(struct inode *inode, struct file *file)
270 {
271 struct hiddev_list *list;
272 struct usb_interface *intf;
273 struct hid_device *hid;
274 struct hiddev *hiddev;
275 int res;
276
277 intf = usbhid_find_interface(iminor(inode));
278 if (!intf)
279 return -ENODEV;
280 hid = usb_get_intfdata(intf);
281 hiddev = hid->hiddev;
282
283 if (!(list = vzalloc(sizeof(struct hiddev_list))))
284 return -ENOMEM;
285 mutex_init(&list->thread_lock);
286 list->hiddev = hiddev;
287 file->private_data = list;
288
289 /*
290 * no need for locking because the USB major number
291 * is shared which usbcore guards against disconnect
292 */
293 if (list->hiddev->exist) {
294 if (!list->hiddev->open++) {
295 res = usbhid_open(hiddev->hid);
296 if (res < 0) {
297 res = -EIO;
298 goto bail;
299 }
300 }
301 } else {
302 res = -ENODEV;
303 goto bail;
304 }
305
306 spin_lock_irq(&list->hiddev->list_lock);
307 list_add_tail(&list->node, &hiddev->list);
308 spin_unlock_irq(&list->hiddev->list_lock);
309
310 mutex_lock(&hiddev->existancelock);
311 /*
312 * recheck exist with existance lock held to
313 * avoid opening a disconnected device
314 */
315 if (!list->hiddev->exist) {
316 res = -ENODEV;
317 goto bail_unlock;
318 }
319 if (!list->hiddev->open++)
320 if (list->hiddev->exist) {
321 struct hid_device *hid = hiddev->hid;
322 res = usbhid_get_power(hid);
323 if (res < 0) {
324 res = -EIO;
325 goto bail_unlock;
326 }
327 usbhid_open(hid);
328 }
329 mutex_unlock(&hiddev->existancelock);
330 return 0;
331 bail_unlock:
332 mutex_unlock(&hiddev->existancelock);
333
334 spin_lock_irq(&list->hiddev->list_lock);
335 list_del(&list->node);
336 spin_unlock_irq(&list->hiddev->list_lock);
337 bail:
338 file->private_data = NULL;
339 vfree(list);
340 return res;
341 }
342
343 /*
344 * "write" file op
345 */
hiddev_write(struct file * file,const char __user * buffer,size_t count,loff_t * ppos)346 static ssize_t hiddev_write(struct file * file, const char __user * buffer, size_t count, loff_t *ppos)
347 {
348 return -EINVAL;
349 }
350
351 /*
352 * "read" file op
353 */
hiddev_read(struct file * file,char __user * buffer,size_t count,loff_t * ppos)354 static ssize_t hiddev_read(struct file * file, char __user * buffer, size_t count, loff_t *ppos)
355 {
356 DEFINE_WAIT(wait);
357 struct hiddev_list *list = file->private_data;
358 int event_size;
359 int retval;
360
361 event_size = ((list->flags & HIDDEV_FLAG_UREF) != 0) ?
362 sizeof(struct hiddev_usage_ref) : sizeof(struct hiddev_event);
363
364 if (count < event_size)
365 return 0;
366
367 /* lock against other threads */
368 retval = mutex_lock_interruptible(&list->thread_lock);
369 if (retval)
370 return -ERESTARTSYS;
371
372 while (retval == 0) {
373 if (list->head == list->tail) {
374 prepare_to_wait(&list->hiddev->wait, &wait, TASK_INTERRUPTIBLE);
375
376 while (list->head == list->tail) {
377 if (signal_pending(current)) {
378 retval = -ERESTARTSYS;
379 break;
380 }
381 if (!list->hiddev->exist) {
382 retval = -EIO;
383 break;
384 }
385 if (file->f_flags & O_NONBLOCK) {
386 retval = -EAGAIN;
387 break;
388 }
389
390 /* let O_NONBLOCK tasks run */
391 mutex_unlock(&list->thread_lock);
392 schedule();
393 if (mutex_lock_interruptible(&list->thread_lock)) {
394 finish_wait(&list->hiddev->wait, &wait);
395 return -EINTR;
396 }
397 set_current_state(TASK_INTERRUPTIBLE);
398 }
399 finish_wait(&list->hiddev->wait, &wait);
400
401 }
402
403 if (retval) {
404 mutex_unlock(&list->thread_lock);
405 return retval;
406 }
407
408
409 while (list->head != list->tail &&
410 retval + event_size <= count) {
411 if ((list->flags & HIDDEV_FLAG_UREF) == 0) {
412 if (list->buffer[list->tail].field_index != HID_FIELD_INDEX_NONE) {
413 struct hiddev_event event;
414
415 event.hid = list->buffer[list->tail].usage_code;
416 event.value = list->buffer[list->tail].value;
417 if (copy_to_user(buffer + retval, &event, sizeof(struct hiddev_event))) {
418 mutex_unlock(&list->thread_lock);
419 return -EFAULT;
420 }
421 retval += sizeof(struct hiddev_event);
422 }
423 } else {
424 if (list->buffer[list->tail].field_index != HID_FIELD_INDEX_NONE ||
425 (list->flags & HIDDEV_FLAG_REPORT) != 0) {
426
427 if (copy_to_user(buffer + retval, list->buffer + list->tail, sizeof(struct hiddev_usage_ref))) {
428 mutex_unlock(&list->thread_lock);
429 return -EFAULT;
430 }
431 retval += sizeof(struct hiddev_usage_ref);
432 }
433 }
434 list->tail = (list->tail + 1) & (HIDDEV_BUFFER_SIZE - 1);
435 }
436
437 }
438 mutex_unlock(&list->thread_lock);
439
440 return retval;
441 }
442
443 /*
444 * "poll" file op
445 * No kernel lock - fine
446 */
hiddev_poll(struct file * file,poll_table * wait)447 static unsigned int hiddev_poll(struct file *file, poll_table *wait)
448 {
449 struct hiddev_list *list = file->private_data;
450
451 poll_wait(file, &list->hiddev->wait, wait);
452 if (list->head != list->tail)
453 return POLLIN | POLLRDNORM;
454 if (!list->hiddev->exist)
455 return POLLERR | POLLHUP;
456 return 0;
457 }
458
459 /*
460 * "ioctl" file op
461 */
hiddev_ioctl_usage(struct hiddev * hiddev,unsigned int cmd,void __user * user_arg)462 static noinline int hiddev_ioctl_usage(struct hiddev *hiddev, unsigned int cmd, void __user *user_arg)
463 {
464 struct hid_device *hid = hiddev->hid;
465 struct hiddev_report_info rinfo;
466 struct hiddev_usage_ref_multi *uref_multi = NULL;
467 struct hiddev_usage_ref *uref;
468 struct hid_report *report;
469 struct hid_field *field;
470 int i;
471
472 uref_multi = kmalloc(sizeof(struct hiddev_usage_ref_multi), GFP_KERNEL);
473 if (!uref_multi)
474 return -ENOMEM;
475 uref = &uref_multi->uref;
476 if (cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) {
477 if (copy_from_user(uref_multi, user_arg,
478 sizeof(*uref_multi)))
479 goto fault;
480 } else {
481 if (copy_from_user(uref, user_arg, sizeof(*uref)))
482 goto fault;
483 }
484
485 switch (cmd) {
486 case HIDIOCGUCODE:
487 rinfo.report_type = uref->report_type;
488 rinfo.report_id = uref->report_id;
489 if ((report = hiddev_lookup_report(hid, &rinfo)) == NULL)
490 goto inval;
491
492 if (uref->field_index >= report->maxfield)
493 goto inval;
494 uref->field_index = array_index_nospec(uref->field_index,
495 report->maxfield);
496
497 field = report->field[uref->field_index];
498 if (uref->usage_index >= field->maxusage)
499 goto inval;
500 uref->usage_index = array_index_nospec(uref->usage_index,
501 field->maxusage);
502
503 uref->usage_code = field->usage[uref->usage_index].hid;
504
505 if (copy_to_user(user_arg, uref, sizeof(*uref)))
506 goto fault;
507
508 goto goodreturn;
509
510 default:
511 if (cmd != HIDIOCGUSAGE &&
512 cmd != HIDIOCGUSAGES &&
513 uref->report_type == HID_REPORT_TYPE_INPUT)
514 goto inval;
515
516 if (uref->report_id == HID_REPORT_ID_UNKNOWN) {
517 field = hiddev_lookup_usage(hid, uref);
518 if (field == NULL)
519 goto inval;
520 } else {
521 rinfo.report_type = uref->report_type;
522 rinfo.report_id = uref->report_id;
523 if ((report = hiddev_lookup_report(hid, &rinfo)) == NULL)
524 goto inval;
525
526 if (uref->field_index >= report->maxfield)
527 goto inval;
528 uref->field_index = array_index_nospec(uref->field_index,
529 report->maxfield);
530
531 field = report->field[uref->field_index];
532
533 if (cmd == HIDIOCGCOLLECTIONINDEX) {
534 if (uref->usage_index >= field->maxusage)
535 goto inval;
536 uref->usage_index =
537 array_index_nospec(uref->usage_index,
538 field->maxusage);
539 } else if (uref->usage_index >= field->report_count)
540 goto inval;
541 }
542
543 if (cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) {
544 if (uref_multi->num_values > HID_MAX_MULTI_USAGES ||
545 uref->usage_index + uref_multi->num_values >
546 field->report_count)
547 goto inval;
548
549 uref->usage_index =
550 array_index_nospec(uref->usage_index,
551 field->report_count -
552 uref_multi->num_values);
553 }
554
555 switch (cmd) {
556 case HIDIOCGUSAGE:
557 if (uref->usage_index >= field->report_count)
558 goto inval;
559 uref->value = field->value[uref->usage_index];
560 if (copy_to_user(user_arg, uref, sizeof(*uref)))
561 goto fault;
562 goto goodreturn;
563
564 case HIDIOCSUSAGE:
565 if (uref->usage_index >= field->report_count)
566 goto inval;
567 field->value[uref->usage_index] = uref->value;
568 goto goodreturn;
569
570 case HIDIOCGCOLLECTIONINDEX:
571 i = field->usage[uref->usage_index].collection_index;
572 kfree(uref_multi);
573 return i;
574 case HIDIOCGUSAGES:
575 for (i = 0; i < uref_multi->num_values; i++)
576 uref_multi->values[i] =
577 field->value[uref->usage_index + i];
578 if (copy_to_user(user_arg, uref_multi,
579 sizeof(*uref_multi)))
580 goto fault;
581 goto goodreturn;
582 case HIDIOCSUSAGES:
583 for (i = 0; i < uref_multi->num_values; i++)
584 field->value[uref->usage_index + i] =
585 uref_multi->values[i];
586 goto goodreturn;
587 }
588
589 goodreturn:
590 kfree(uref_multi);
591 return 0;
592 fault:
593 kfree(uref_multi);
594 return -EFAULT;
595 inval:
596 kfree(uref_multi);
597 return -EINVAL;
598 }
599 }
600
hiddev_ioctl_string(struct hiddev * hiddev,unsigned int cmd,void __user * user_arg)601 static noinline int hiddev_ioctl_string(struct hiddev *hiddev, unsigned int cmd, void __user *user_arg)
602 {
603 struct hid_device *hid = hiddev->hid;
604 struct usb_device *dev = hid_to_usb_dev(hid);
605 int idx, len;
606 char *buf;
607
608 if (get_user(idx, (int __user *)user_arg))
609 return -EFAULT;
610
611 if ((buf = kmalloc(HID_STRING_SIZE, GFP_KERNEL)) == NULL)
612 return -ENOMEM;
613
614 if ((len = usb_string(dev, idx, buf, HID_STRING_SIZE-1)) < 0) {
615 kfree(buf);
616 return -EINVAL;
617 }
618
619 if (copy_to_user(user_arg+sizeof(int), buf, len+1)) {
620 kfree(buf);
621 return -EFAULT;
622 }
623
624 kfree(buf);
625
626 return len;
627 }
628
hiddev_ioctl(struct file * file,unsigned int cmd,unsigned long arg)629 static long hiddev_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
630 {
631 struct hiddev_list *list = file->private_data;
632 struct hiddev *hiddev = list->hiddev;
633 struct hid_device *hid;
634 struct hiddev_collection_info cinfo;
635 struct hiddev_report_info rinfo;
636 struct hiddev_field_info finfo;
637 struct hiddev_devinfo dinfo;
638 struct hid_report *report;
639 struct hid_field *field;
640 void __user *user_arg = (void __user *)arg;
641 int i, r = -EINVAL;
642
643 /* Called without BKL by compat methods so no BKL taken */
644
645 mutex_lock(&hiddev->existancelock);
646 if (!hiddev->exist) {
647 r = -ENODEV;
648 goto ret_unlock;
649 }
650
651 hid = hiddev->hid;
652
653 switch (cmd) {
654
655 case HIDIOCGVERSION:
656 r = put_user(HID_VERSION, (int __user *)arg) ?
657 -EFAULT : 0;
658 break;
659
660 case HIDIOCAPPLICATION:
661 if (arg >= hid->maxapplication)
662 break;
663
664 for (i = 0; i < hid->maxcollection; i++)
665 if (hid->collection[i].type ==
666 HID_COLLECTION_APPLICATION && arg-- == 0)
667 break;
668
669 if (i < hid->maxcollection)
670 r = hid->collection[i].usage;
671 break;
672
673 case HIDIOCGDEVINFO:
674 {
675 struct usb_device *dev = hid_to_usb_dev(hid);
676 struct usbhid_device *usbhid = hid->driver_data;
677
678 memset(&dinfo, 0, sizeof(dinfo));
679
680 dinfo.bustype = BUS_USB;
681 dinfo.busnum = dev->bus->busnum;
682 dinfo.devnum = dev->devnum;
683 dinfo.ifnum = usbhid->ifnum;
684 dinfo.vendor = le16_to_cpu(dev->descriptor.idVendor);
685 dinfo.product = le16_to_cpu(dev->descriptor.idProduct);
686 dinfo.version = le16_to_cpu(dev->descriptor.bcdDevice);
687 dinfo.num_applications = hid->maxapplication;
688
689 r = copy_to_user(user_arg, &dinfo, sizeof(dinfo)) ?
690 -EFAULT : 0;
691 break;
692 }
693
694 case HIDIOCGFLAG:
695 r = put_user(list->flags, (int __user *)arg) ?
696 -EFAULT : 0;
697 break;
698
699 case HIDIOCSFLAG:
700 {
701 int newflags;
702
703 if (get_user(newflags, (int __user *)arg)) {
704 r = -EFAULT;
705 break;
706 }
707
708 if ((newflags & ~HIDDEV_FLAGS) != 0 ||
709 ((newflags & HIDDEV_FLAG_REPORT) != 0 &&
710 (newflags & HIDDEV_FLAG_UREF) == 0))
711 break;
712
713 list->flags = newflags;
714
715 r = 0;
716 break;
717 }
718
719 case HIDIOCGSTRING:
720 r = hiddev_ioctl_string(hiddev, cmd, user_arg);
721 break;
722
723 case HIDIOCINITREPORT:
724 usbhid_init_reports(hid);
725 r = 0;
726 break;
727
728 case HIDIOCGREPORT:
729 if (copy_from_user(&rinfo, user_arg, sizeof(rinfo))) {
730 r = -EFAULT;
731 break;
732 }
733
734 if (rinfo.report_type == HID_REPORT_TYPE_OUTPUT)
735 break;
736
737 report = hiddev_lookup_report(hid, &rinfo);
738 if (report == NULL)
739 break;
740
741 hid_hw_request(hid, report, HID_REQ_GET_REPORT);
742 hid_hw_wait(hid);
743
744 r = 0;
745 break;
746
747 case HIDIOCSREPORT:
748 if (copy_from_user(&rinfo, user_arg, sizeof(rinfo))) {
749 r = -EFAULT;
750 break;
751 }
752
753 if (rinfo.report_type == HID_REPORT_TYPE_INPUT)
754 break;
755
756 report = hiddev_lookup_report(hid, &rinfo);
757 if (report == NULL)
758 break;
759
760 hid_hw_request(hid, report, HID_REQ_SET_REPORT);
761 hid_hw_wait(hid);
762
763 r = 0;
764 break;
765
766 case HIDIOCGREPORTINFO:
767 if (copy_from_user(&rinfo, user_arg, sizeof(rinfo))) {
768 r = -EFAULT;
769 break;
770 }
771
772 report = hiddev_lookup_report(hid, &rinfo);
773 if (report == NULL)
774 break;
775
776 rinfo.num_fields = report->maxfield;
777
778 r = copy_to_user(user_arg, &rinfo, sizeof(rinfo)) ?
779 -EFAULT : 0;
780 break;
781
782 case HIDIOCGFIELDINFO:
783 if (copy_from_user(&finfo, user_arg, sizeof(finfo))) {
784 r = -EFAULT;
785 break;
786 }
787
788 rinfo.report_type = finfo.report_type;
789 rinfo.report_id = finfo.report_id;
790
791 report = hiddev_lookup_report(hid, &rinfo);
792 if (report == NULL)
793 break;
794
795 if (finfo.field_index >= report->maxfield)
796 break;
797 finfo.field_index = array_index_nospec(finfo.field_index,
798 report->maxfield);
799
800 field = report->field[finfo.field_index];
801 memset(&finfo, 0, sizeof(finfo));
802 finfo.report_type = rinfo.report_type;
803 finfo.report_id = rinfo.report_id;
804 finfo.field_index = field->report_count - 1;
805 finfo.maxusage = field->maxusage;
806 finfo.flags = field->flags;
807 finfo.physical = field->physical;
808 finfo.logical = field->logical;
809 finfo.application = field->application;
810 finfo.logical_minimum = field->logical_minimum;
811 finfo.logical_maximum = field->logical_maximum;
812 finfo.physical_minimum = field->physical_minimum;
813 finfo.physical_maximum = field->physical_maximum;
814 finfo.unit_exponent = field->unit_exponent;
815 finfo.unit = field->unit;
816
817 r = copy_to_user(user_arg, &finfo, sizeof(finfo)) ?
818 -EFAULT : 0;
819 break;
820
821 case HIDIOCGUCODE:
822 /* fall through */
823 case HIDIOCGUSAGE:
824 case HIDIOCSUSAGE:
825 case HIDIOCGUSAGES:
826 case HIDIOCSUSAGES:
827 case HIDIOCGCOLLECTIONINDEX:
828 r = hiddev_ioctl_usage(hiddev, cmd, user_arg);
829 break;
830
831 case HIDIOCGCOLLECTIONINFO:
832 if (copy_from_user(&cinfo, user_arg, sizeof(cinfo))) {
833 r = -EFAULT;
834 break;
835 }
836
837 if (cinfo.index >= hid->maxcollection)
838 break;
839 cinfo.index = array_index_nospec(cinfo.index,
840 hid->maxcollection);
841
842 cinfo.type = hid->collection[cinfo.index].type;
843 cinfo.usage = hid->collection[cinfo.index].usage;
844 cinfo.level = hid->collection[cinfo.index].level;
845
846 r = copy_to_user(user_arg, &cinfo, sizeof(cinfo)) ?
847 -EFAULT : 0;
848 break;
849
850 default:
851 if (_IOC_TYPE(cmd) != 'H' || _IOC_DIR(cmd) != _IOC_READ)
852 break;
853
854 if (_IOC_NR(cmd) == _IOC_NR(HIDIOCGNAME(0))) {
855 int len = strlen(hid->name) + 1;
856 if (len > _IOC_SIZE(cmd))
857 len = _IOC_SIZE(cmd);
858 r = copy_to_user(user_arg, hid->name, len) ?
859 -EFAULT : len;
860 break;
861 }
862
863 if (_IOC_NR(cmd) == _IOC_NR(HIDIOCGPHYS(0))) {
864 int len = strlen(hid->phys) + 1;
865 if (len > _IOC_SIZE(cmd))
866 len = _IOC_SIZE(cmd);
867 r = copy_to_user(user_arg, hid->phys, len) ?
868 -EFAULT : len;
869 break;
870 }
871 }
872
873 ret_unlock:
874 mutex_unlock(&hiddev->existancelock);
875 return r;
876 }
877
878 #ifdef CONFIG_COMPAT
hiddev_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)879 static long hiddev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
880 {
881 return hiddev_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
882 }
883 #endif
884
885 static const struct file_operations hiddev_fops = {
886 .owner = THIS_MODULE,
887 .read = hiddev_read,
888 .write = hiddev_write,
889 .poll = hiddev_poll,
890 .open = hiddev_open,
891 .release = hiddev_release,
892 .unlocked_ioctl = hiddev_ioctl,
893 .fasync = hiddev_fasync,
894 #ifdef CONFIG_COMPAT
895 .compat_ioctl = hiddev_compat_ioctl,
896 #endif
897 .llseek = noop_llseek,
898 };
899
hiddev_devnode(struct device * dev,umode_t * mode)900 static char *hiddev_devnode(struct device *dev, umode_t *mode)
901 {
902 return kasprintf(GFP_KERNEL, "usb/%s", dev_name(dev));
903 }
904
905 static struct usb_class_driver hiddev_class = {
906 .name = "hiddev%d",
907 .devnode = hiddev_devnode,
908 .fops = &hiddev_fops,
909 .minor_base = HIDDEV_MINOR_BASE,
910 };
911
912 /*
913 * This is where hid.c calls us to connect a hid device to the hiddev driver
914 */
hiddev_connect(struct hid_device * hid,unsigned int force)915 int hiddev_connect(struct hid_device *hid, unsigned int force)
916 {
917 struct hiddev *hiddev;
918 struct usbhid_device *usbhid = hid->driver_data;
919 int retval;
920
921 if (!force) {
922 unsigned int i;
923 for (i = 0; i < hid->maxcollection; i++)
924 if (hid->collection[i].type ==
925 HID_COLLECTION_APPLICATION &&
926 !IS_INPUT_APPLICATION(hid->collection[i].usage))
927 break;
928
929 if (i == hid->maxcollection)
930 return -1;
931 }
932
933 if (!(hiddev = kzalloc(sizeof(struct hiddev), GFP_KERNEL)))
934 return -1;
935
936 init_waitqueue_head(&hiddev->wait);
937 INIT_LIST_HEAD(&hiddev->list);
938 spin_lock_init(&hiddev->list_lock);
939 mutex_init(&hiddev->existancelock);
940 hid->hiddev = hiddev;
941 hiddev->hid = hid;
942 hiddev->exist = 1;
943 retval = usb_register_dev(usbhid->intf, &hiddev_class);
944 if (retval) {
945 hid_err(hid, "Not able to get a minor for this device\n");
946 hid->hiddev = NULL;
947 kfree(hiddev);
948 return -1;
949 }
950 return 0;
951 }
952
953 /*
954 * This is where hid.c calls us to disconnect a hiddev device from the
955 * corresponding hid device (usually because the usb device has disconnected)
956 */
957 static struct usb_class_driver hiddev_class;
hiddev_disconnect(struct hid_device * hid)958 void hiddev_disconnect(struct hid_device *hid)
959 {
960 struct hiddev *hiddev = hid->hiddev;
961 struct usbhid_device *usbhid = hid->driver_data;
962
963 usb_deregister_dev(usbhid->intf, &hiddev_class);
964
965 mutex_lock(&hiddev->existancelock);
966 hiddev->exist = 0;
967
968 if (hiddev->open) {
969 usbhid_close(hiddev->hid);
970 wake_up_interruptible(&hiddev->wait);
971 mutex_unlock(&hiddev->existancelock);
972 } else {
973 mutex_unlock(&hiddev->existancelock);
974 kfree(hiddev);
975 }
976 }
977