1 /* 2 * Copyright (c) 2001 Paul Stewart 3 * Copyright (c) 2001 Vojtech Pavlik 4 * 5 * HID char devices, giving access to raw HID device events. 6 * 7 */ 8 9 /* 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License as published by 12 * the Free Software Foundation; either version 2 of the License, or 13 * (at your option) any later version. 14 * 15 * This program is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 * GNU General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License 21 * along with this program; if not, write to the Free Software 22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 23 * 24 * Should you need to contact me, the author, you can do so either by 25 * e-mail - mail your message to Paul Stewart <stewart@wetlogic.net> 26 */ 27 28 #include <linux/poll.h> 29 #include <linux/slab.h> 30 #include <linux/sched/signal.h> 31 #include <linux/module.h> 32 #include <linux/init.h> 33 #include <linux/input.h> 34 #include <linux/usb.h> 35 #include <linux/hid.h> 36 #include <linux/hiddev.h> 37 #include <linux/compat.h> 38 #include <linux/vmalloc.h> 39 #include <linux/nospec.h> 40 #include "usbhid.h" 41 42 #ifdef CONFIG_USB_DYNAMIC_MINORS 43 #define HIDDEV_MINOR_BASE 0 44 #define HIDDEV_MINORS 256 45 #else 46 #define HIDDEV_MINOR_BASE 96 47 #define HIDDEV_MINORS 16 48 #endif 49 #define HIDDEV_BUFFER_SIZE 2048 50 51 struct hiddev_list { 52 struct hiddev_usage_ref buffer[HIDDEV_BUFFER_SIZE]; 53 int head; 54 int tail; 55 unsigned flags; 56 struct fasync_struct *fasync; 57 struct hiddev *hiddev; 58 struct list_head node; 59 struct mutex thread_lock; 60 }; 61 62 /* 63 * Find a report, given the report's type and ID. The ID can be specified 64 * indirectly by REPORT_ID_FIRST (which returns the first report of the given 65 * type) or by (REPORT_ID_NEXT | old_id), which returns the next report of the 66 * given type which follows old_id. 67 */ 68 static struct hid_report * 69 hiddev_lookup_report(struct hid_device *hid, struct hiddev_report_info *rinfo) 70 { 71 unsigned int flags = rinfo->report_id & ~HID_REPORT_ID_MASK; 72 unsigned int rid = rinfo->report_id & HID_REPORT_ID_MASK; 73 struct hid_report_enum *report_enum; 74 struct hid_report *report; 75 struct list_head *list; 76 77 if (rinfo->report_type < HID_REPORT_TYPE_MIN || 78 rinfo->report_type > HID_REPORT_TYPE_MAX) 79 return NULL; 80 81 report_enum = hid->report_enum + 82 (rinfo->report_type - HID_REPORT_TYPE_MIN); 83 84 switch (flags) { 85 case 0: /* Nothing to do -- report_id is already set correctly */ 86 break; 87 88 case HID_REPORT_ID_FIRST: 89 if (list_empty(&report_enum->report_list)) 90 return NULL; 91 92 list = report_enum->report_list.next; 93 report = list_entry(list, struct hid_report, list); 94 rinfo->report_id = report->id; 95 break; 96 97 case HID_REPORT_ID_NEXT: 98 report = report_enum->report_id_hash[rid]; 99 if (!report) 100 return NULL; 101 102 list = report->list.next; 103 if (list == &report_enum->report_list) 104 return NULL; 105 106 report = list_entry(list, struct hid_report, list); 107 rinfo->report_id = report->id; 108 break; 109 110 default: 111 return NULL; 112 } 113 114 return report_enum->report_id_hash[rinfo->report_id]; 115 } 116 117 /* 118 * Perform an exhaustive search of the report table for a usage, given its 119 * type and usage id. 120 */ 121 static struct hid_field * 122 hiddev_lookup_usage(struct hid_device *hid, struct hiddev_usage_ref *uref) 123 { 124 int i, j; 125 struct hid_report *report; 126 struct hid_report_enum *report_enum; 127 struct hid_field *field; 128 129 if (uref->report_type < HID_REPORT_TYPE_MIN || 130 uref->report_type > HID_REPORT_TYPE_MAX) 131 return NULL; 132 133 report_enum = hid->report_enum + 134 (uref->report_type - HID_REPORT_TYPE_MIN); 135 136 list_for_each_entry(report, &report_enum->report_list, list) { 137 for (i = 0; i < report->maxfield; i++) { 138 field = report->field[i]; 139 for (j = 0; j < field->maxusage; j++) { 140 if (field->usage[j].hid == uref->usage_code) { 141 uref->report_id = report->id; 142 uref->field_index = i; 143 uref->usage_index = j; 144 return field; 145 } 146 } 147 } 148 } 149 150 return NULL; 151 } 152 153 static void hiddev_send_event(struct hid_device *hid, 154 struct hiddev_usage_ref *uref) 155 { 156 struct hiddev *hiddev = hid->hiddev; 157 struct hiddev_list *list; 158 unsigned long flags; 159 160 spin_lock_irqsave(&hiddev->list_lock, flags); 161 list_for_each_entry(list, &hiddev->list, node) { 162 if (uref->field_index != HID_FIELD_INDEX_NONE || 163 (list->flags & HIDDEV_FLAG_REPORT) != 0) { 164 list->buffer[list->head] = *uref; 165 list->head = (list->head + 1) & 166 (HIDDEV_BUFFER_SIZE - 1); 167 kill_fasync(&list->fasync, SIGIO, POLL_IN); 168 } 169 } 170 spin_unlock_irqrestore(&hiddev->list_lock, flags); 171 172 wake_up_interruptible(&hiddev->wait); 173 } 174 175 /* 176 * This is where hid.c calls into hiddev to pass an event that occurred over 177 * the interrupt pipe 178 */ 179 void hiddev_hid_event(struct hid_device *hid, struct hid_field *field, 180 struct hid_usage *usage, __s32 value) 181 { 182 unsigned type = field->report_type; 183 struct hiddev_usage_ref uref; 184 185 uref.report_type = 186 (type == HID_INPUT_REPORT) ? HID_REPORT_TYPE_INPUT : 187 ((type == HID_OUTPUT_REPORT) ? HID_REPORT_TYPE_OUTPUT : 188 ((type == HID_FEATURE_REPORT) ? HID_REPORT_TYPE_FEATURE : 0)); 189 uref.report_id = field->report->id; 190 uref.field_index = field->index; 191 uref.usage_index = (usage - field->usage); 192 uref.usage_code = usage->hid; 193 uref.value = value; 194 195 hiddev_send_event(hid, &uref); 196 } 197 EXPORT_SYMBOL_GPL(hiddev_hid_event); 198 199 void hiddev_report_event(struct hid_device *hid, struct hid_report *report) 200 { 201 unsigned type = report->type; 202 struct hiddev_usage_ref uref; 203 204 memset(&uref, 0, sizeof(uref)); 205 uref.report_type = 206 (type == HID_INPUT_REPORT) ? HID_REPORT_TYPE_INPUT : 207 ((type == HID_OUTPUT_REPORT) ? HID_REPORT_TYPE_OUTPUT : 208 ((type == HID_FEATURE_REPORT) ? HID_REPORT_TYPE_FEATURE : 0)); 209 uref.report_id = report->id; 210 uref.field_index = HID_FIELD_INDEX_NONE; 211 212 hiddev_send_event(hid, &uref); 213 } 214 215 /* 216 * fasync file op 217 */ 218 static int hiddev_fasync(int fd, struct file *file, int on) 219 { 220 struct hiddev_list *list = file->private_data; 221 222 return fasync_helper(fd, file, on, &list->fasync); 223 } 224 225 226 /* 227 * release file op 228 */ 229 static int hiddev_release(struct inode * inode, struct file * file) 230 { 231 struct hiddev_list *list = file->private_data; 232 unsigned long flags; 233 234 spin_lock_irqsave(&list->hiddev->list_lock, flags); 235 list_del(&list->node); 236 spin_unlock_irqrestore(&list->hiddev->list_lock, flags); 237 238 mutex_lock(&list->hiddev->existancelock); 239 if (!--list->hiddev->open) { 240 if (list->hiddev->exist) { 241 hid_hw_close(list->hiddev->hid); 242 hid_hw_power(list->hiddev->hid, PM_HINT_NORMAL); 243 } else { 244 mutex_unlock(&list->hiddev->existancelock); 245 kfree(list->hiddev); 246 vfree(list); 247 return 0; 248 } 249 } 250 251 mutex_unlock(&list->hiddev->existancelock); 252 vfree(list); 253 254 return 0; 255 } 256 257 /* 258 * open file op 259 */ 260 static int hiddev_open(struct inode *inode, struct file *file) 261 { 262 struct hiddev_list *list; 263 struct usb_interface *intf; 264 struct hid_device *hid; 265 struct hiddev *hiddev; 266 int res; 267 268 intf = usbhid_find_interface(iminor(inode)); 269 if (!intf) 270 return -ENODEV; 271 hid = usb_get_intfdata(intf); 272 hiddev = hid->hiddev; 273 274 if (!(list = vzalloc(sizeof(struct hiddev_list)))) 275 return -ENOMEM; 276 mutex_init(&list->thread_lock); 277 list->hiddev = hiddev; 278 file->private_data = list; 279 280 /* 281 * no need for locking because the USB major number 282 * is shared which usbcore guards against disconnect 283 */ 284 if (list->hiddev->exist) { 285 if (!list->hiddev->open++) { 286 res = hid_hw_open(hiddev->hid); 287 if (res < 0) 288 goto bail; 289 } 290 } else { 291 res = -ENODEV; 292 goto bail; 293 } 294 295 spin_lock_irq(&list->hiddev->list_lock); 296 list_add_tail(&list->node, &hiddev->list); 297 spin_unlock_irq(&list->hiddev->list_lock); 298 299 mutex_lock(&hiddev->existancelock); 300 if (!list->hiddev->open++) 301 if (list->hiddev->exist) { 302 struct hid_device *hid = hiddev->hid; 303 res = hid_hw_power(hid, PM_HINT_FULLON); 304 if (res < 0) 305 goto bail_unlock; 306 res = hid_hw_open(hid); 307 if (res < 0) 308 goto bail_normal_power; 309 } 310 mutex_unlock(&hiddev->existancelock); 311 return 0; 312 bail_normal_power: 313 hid_hw_power(hid, PM_HINT_NORMAL); 314 bail_unlock: 315 mutex_unlock(&hiddev->existancelock); 316 bail: 317 file->private_data = NULL; 318 vfree(list); 319 return res; 320 } 321 322 /* 323 * "write" file op 324 */ 325 static ssize_t hiddev_write(struct file * file, const char __user * buffer, size_t count, loff_t *ppos) 326 { 327 return -EINVAL; 328 } 329 330 /* 331 * "read" file op 332 */ 333 static ssize_t hiddev_read(struct file * file, char __user * buffer, size_t count, loff_t *ppos) 334 { 335 DEFINE_WAIT(wait); 336 struct hiddev_list *list = file->private_data; 337 int event_size; 338 int retval; 339 340 event_size = ((list->flags & HIDDEV_FLAG_UREF) != 0) ? 341 sizeof(struct hiddev_usage_ref) : sizeof(struct hiddev_event); 342 343 if (count < event_size) 344 return 0; 345 346 /* lock against other threads */ 347 retval = mutex_lock_interruptible(&list->thread_lock); 348 if (retval) 349 return -ERESTARTSYS; 350 351 while (retval == 0) { 352 if (list->head == list->tail) { 353 prepare_to_wait(&list->hiddev->wait, &wait, TASK_INTERRUPTIBLE); 354 355 while (list->head == list->tail) { 356 if (signal_pending(current)) { 357 retval = -ERESTARTSYS; 358 break; 359 } 360 if (!list->hiddev->exist) { 361 retval = -EIO; 362 break; 363 } 364 if (file->f_flags & O_NONBLOCK) { 365 retval = -EAGAIN; 366 break; 367 } 368 369 /* let O_NONBLOCK tasks run */ 370 mutex_unlock(&list->thread_lock); 371 schedule(); 372 if (mutex_lock_interruptible(&list->thread_lock)) { 373 finish_wait(&list->hiddev->wait, &wait); 374 return -EINTR; 375 } 376 set_current_state(TASK_INTERRUPTIBLE); 377 } 378 finish_wait(&list->hiddev->wait, &wait); 379 380 } 381 382 if (retval) { 383 mutex_unlock(&list->thread_lock); 384 return retval; 385 } 386 387 388 while (list->head != list->tail && 389 retval + event_size <= count) { 390 if ((list->flags & HIDDEV_FLAG_UREF) == 0) { 391 if (list->buffer[list->tail].field_index != HID_FIELD_INDEX_NONE) { 392 struct hiddev_event event; 393 394 event.hid = list->buffer[list->tail].usage_code; 395 event.value = list->buffer[list->tail].value; 396 if (copy_to_user(buffer + retval, &event, sizeof(struct hiddev_event))) { 397 mutex_unlock(&list->thread_lock); 398 return -EFAULT; 399 } 400 retval += sizeof(struct hiddev_event); 401 } 402 } else { 403 if (list->buffer[list->tail].field_index != HID_FIELD_INDEX_NONE || 404 (list->flags & HIDDEV_FLAG_REPORT) != 0) { 405 406 if (copy_to_user(buffer + retval, list->buffer + list->tail, sizeof(struct hiddev_usage_ref))) { 407 mutex_unlock(&list->thread_lock); 408 return -EFAULT; 409 } 410 retval += sizeof(struct hiddev_usage_ref); 411 } 412 } 413 list->tail = (list->tail + 1) & (HIDDEV_BUFFER_SIZE - 1); 414 } 415 416 } 417 mutex_unlock(&list->thread_lock); 418 419 return retval; 420 } 421 422 /* 423 * "poll" file op 424 * No kernel lock - fine 425 */ 426 static __poll_t hiddev_poll(struct file *file, poll_table *wait) 427 { 428 struct hiddev_list *list = file->private_data; 429 430 poll_wait(file, &list->hiddev->wait, wait); 431 if (list->head != list->tail) 432 return EPOLLIN | EPOLLRDNORM; 433 if (!list->hiddev->exist) 434 return EPOLLERR | EPOLLHUP; 435 return 0; 436 } 437 438 /* 439 * "ioctl" file op 440 */ 441 static noinline int hiddev_ioctl_usage(struct hiddev *hiddev, unsigned int cmd, void __user *user_arg) 442 { 443 struct hid_device *hid = hiddev->hid; 444 struct hiddev_report_info rinfo; 445 struct hiddev_usage_ref_multi *uref_multi = NULL; 446 struct hiddev_usage_ref *uref; 447 struct hid_report *report; 448 struct hid_field *field; 449 int i; 450 451 uref_multi = kmalloc(sizeof(struct hiddev_usage_ref_multi), GFP_KERNEL); 452 if (!uref_multi) 453 return -ENOMEM; 454 uref = &uref_multi->uref; 455 if (cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) { 456 if (copy_from_user(uref_multi, user_arg, 457 sizeof(*uref_multi))) 458 goto fault; 459 } else { 460 if (copy_from_user(uref, user_arg, sizeof(*uref))) 461 goto fault; 462 } 463 464 switch (cmd) { 465 case HIDIOCGUCODE: 466 rinfo.report_type = uref->report_type; 467 rinfo.report_id = uref->report_id; 468 if ((report = hiddev_lookup_report(hid, &rinfo)) == NULL) 469 goto inval; 470 471 if (uref->field_index >= report->maxfield) 472 goto inval; 473 uref->field_index = array_index_nospec(uref->field_index, 474 report->maxfield); 475 476 field = report->field[uref->field_index]; 477 if (uref->usage_index >= field->maxusage) 478 goto inval; 479 uref->usage_index = array_index_nospec(uref->usage_index, 480 field->maxusage); 481 482 uref->usage_code = field->usage[uref->usage_index].hid; 483 484 if (copy_to_user(user_arg, uref, sizeof(*uref))) 485 goto fault; 486 487 goto goodreturn; 488 489 default: 490 if (cmd != HIDIOCGUSAGE && 491 cmd != HIDIOCGUSAGES && 492 uref->report_type == HID_REPORT_TYPE_INPUT) 493 goto inval; 494 495 if (uref->report_id == HID_REPORT_ID_UNKNOWN) { 496 field = hiddev_lookup_usage(hid, uref); 497 if (field == NULL) 498 goto inval; 499 } else { 500 rinfo.report_type = uref->report_type; 501 rinfo.report_id = uref->report_id; 502 if ((report = hiddev_lookup_report(hid, &rinfo)) == NULL) 503 goto inval; 504 505 if (uref->field_index >= report->maxfield) 506 goto inval; 507 uref->field_index = array_index_nospec(uref->field_index, 508 report->maxfield); 509 510 field = report->field[uref->field_index]; 511 512 if (cmd == HIDIOCGCOLLECTIONINDEX) { 513 if (uref->usage_index >= field->maxusage) 514 goto inval; 515 } else if (uref->usage_index >= field->report_count) 516 goto inval; 517 } 518 519 if ((cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) && 520 (uref_multi->num_values > HID_MAX_MULTI_USAGES || 521 uref->usage_index + uref_multi->num_values > field->report_count)) 522 goto inval; 523 524 switch (cmd) { 525 case HIDIOCGUSAGE: 526 uref->value = field->value[uref->usage_index]; 527 if (copy_to_user(user_arg, uref, sizeof(*uref))) 528 goto fault; 529 goto goodreturn; 530 531 case HIDIOCSUSAGE: 532 field->value[uref->usage_index] = uref->value; 533 goto goodreturn; 534 535 case HIDIOCGCOLLECTIONINDEX: 536 i = field->usage[uref->usage_index].collection_index; 537 kfree(uref_multi); 538 return i; 539 case HIDIOCGUSAGES: 540 for (i = 0; i < uref_multi->num_values; i++) 541 uref_multi->values[i] = 542 field->value[uref->usage_index + i]; 543 if (copy_to_user(user_arg, uref_multi, 544 sizeof(*uref_multi))) 545 goto fault; 546 goto goodreturn; 547 case HIDIOCSUSAGES: 548 for (i = 0; i < uref_multi->num_values; i++) 549 field->value[uref->usage_index + i] = 550 uref_multi->values[i]; 551 goto goodreturn; 552 } 553 554 goodreturn: 555 kfree(uref_multi); 556 return 0; 557 fault: 558 kfree(uref_multi); 559 return -EFAULT; 560 inval: 561 kfree(uref_multi); 562 return -EINVAL; 563 } 564 } 565 566 static noinline int hiddev_ioctl_string(struct hiddev *hiddev, unsigned int cmd, void __user *user_arg) 567 { 568 struct hid_device *hid = hiddev->hid; 569 struct usb_device *dev = hid_to_usb_dev(hid); 570 int idx, len; 571 char *buf; 572 573 if (get_user(idx, (int __user *)user_arg)) 574 return -EFAULT; 575 576 if ((buf = kmalloc(HID_STRING_SIZE, GFP_KERNEL)) == NULL) 577 return -ENOMEM; 578 579 if ((len = usb_string(dev, idx, buf, HID_STRING_SIZE-1)) < 0) { 580 kfree(buf); 581 return -EINVAL; 582 } 583 584 if (copy_to_user(user_arg+sizeof(int), buf, len+1)) { 585 kfree(buf); 586 return -EFAULT; 587 } 588 589 kfree(buf); 590 591 return len; 592 } 593 594 static long hiddev_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 595 { 596 struct hiddev_list *list = file->private_data; 597 struct hiddev *hiddev = list->hiddev; 598 struct hid_device *hid; 599 struct hiddev_collection_info cinfo; 600 struct hiddev_report_info rinfo; 601 struct hiddev_field_info finfo; 602 struct hiddev_devinfo dinfo; 603 struct hid_report *report; 604 struct hid_field *field; 605 void __user *user_arg = (void __user *)arg; 606 int i, r = -EINVAL; 607 608 /* Called without BKL by compat methods so no BKL taken */ 609 610 mutex_lock(&hiddev->existancelock); 611 if (!hiddev->exist) { 612 r = -ENODEV; 613 goto ret_unlock; 614 } 615 616 hid = hiddev->hid; 617 618 switch (cmd) { 619 620 case HIDIOCGVERSION: 621 r = put_user(HID_VERSION, (int __user *)arg) ? 622 -EFAULT : 0; 623 break; 624 625 case HIDIOCAPPLICATION: 626 if (arg >= hid->maxapplication) 627 break; 628 629 for (i = 0; i < hid->maxcollection; i++) 630 if (hid->collection[i].type == 631 HID_COLLECTION_APPLICATION && arg-- == 0) 632 break; 633 634 if (i < hid->maxcollection) 635 r = hid->collection[i].usage; 636 break; 637 638 case HIDIOCGDEVINFO: 639 { 640 struct usb_device *dev = hid_to_usb_dev(hid); 641 struct usbhid_device *usbhid = hid->driver_data; 642 643 memset(&dinfo, 0, sizeof(dinfo)); 644 645 dinfo.bustype = BUS_USB; 646 dinfo.busnum = dev->bus->busnum; 647 dinfo.devnum = dev->devnum; 648 dinfo.ifnum = usbhid->ifnum; 649 dinfo.vendor = le16_to_cpu(dev->descriptor.idVendor); 650 dinfo.product = le16_to_cpu(dev->descriptor.idProduct); 651 dinfo.version = le16_to_cpu(dev->descriptor.bcdDevice); 652 dinfo.num_applications = hid->maxapplication; 653 654 r = copy_to_user(user_arg, &dinfo, sizeof(dinfo)) ? 655 -EFAULT : 0; 656 break; 657 } 658 659 case HIDIOCGFLAG: 660 r = put_user(list->flags, (int __user *)arg) ? 661 -EFAULT : 0; 662 break; 663 664 case HIDIOCSFLAG: 665 { 666 int newflags; 667 668 if (get_user(newflags, (int __user *)arg)) { 669 r = -EFAULT; 670 break; 671 } 672 673 if ((newflags & ~HIDDEV_FLAGS) != 0 || 674 ((newflags & HIDDEV_FLAG_REPORT) != 0 && 675 (newflags & HIDDEV_FLAG_UREF) == 0)) 676 break; 677 678 list->flags = newflags; 679 680 r = 0; 681 break; 682 } 683 684 case HIDIOCGSTRING: 685 r = hiddev_ioctl_string(hiddev, cmd, user_arg); 686 break; 687 688 case HIDIOCINITREPORT: 689 usbhid_init_reports(hid); 690 hiddev->initialized = true; 691 r = 0; 692 break; 693 694 case HIDIOCGREPORT: 695 if (copy_from_user(&rinfo, user_arg, sizeof(rinfo))) { 696 r = -EFAULT; 697 break; 698 } 699 700 if (rinfo.report_type == HID_REPORT_TYPE_OUTPUT) 701 break; 702 703 report = hiddev_lookup_report(hid, &rinfo); 704 if (report == NULL) 705 break; 706 707 hid_hw_request(hid, report, HID_REQ_GET_REPORT); 708 hid_hw_wait(hid); 709 710 r = 0; 711 break; 712 713 case HIDIOCSREPORT: 714 if (copy_from_user(&rinfo, user_arg, sizeof(rinfo))) { 715 r = -EFAULT; 716 break; 717 } 718 719 if (rinfo.report_type == HID_REPORT_TYPE_INPUT) 720 break; 721 722 report = hiddev_lookup_report(hid, &rinfo); 723 if (report == NULL) 724 break; 725 726 hid_hw_request(hid, report, HID_REQ_SET_REPORT); 727 hid_hw_wait(hid); 728 729 r = 0; 730 break; 731 732 case HIDIOCGREPORTINFO: 733 if (copy_from_user(&rinfo, user_arg, sizeof(rinfo))) { 734 r = -EFAULT; 735 break; 736 } 737 738 report = hiddev_lookup_report(hid, &rinfo); 739 if (report == NULL) 740 break; 741 742 rinfo.num_fields = report->maxfield; 743 744 r = copy_to_user(user_arg, &rinfo, sizeof(rinfo)) ? 745 -EFAULT : 0; 746 break; 747 748 case HIDIOCGFIELDINFO: 749 if (copy_from_user(&finfo, user_arg, sizeof(finfo))) { 750 r = -EFAULT; 751 break; 752 } 753 754 rinfo.report_type = finfo.report_type; 755 rinfo.report_id = finfo.report_id; 756 757 report = hiddev_lookup_report(hid, &rinfo); 758 if (report == NULL) 759 break; 760 761 if (finfo.field_index >= report->maxfield) 762 break; 763 finfo.field_index = array_index_nospec(finfo.field_index, 764 report->maxfield); 765 766 field = report->field[finfo.field_index]; 767 memset(&finfo, 0, sizeof(finfo)); 768 finfo.report_type = rinfo.report_type; 769 finfo.report_id = rinfo.report_id; 770 finfo.field_index = field->report_count - 1; 771 finfo.maxusage = field->maxusage; 772 finfo.flags = field->flags; 773 finfo.physical = field->physical; 774 finfo.logical = field->logical; 775 finfo.application = field->application; 776 finfo.logical_minimum = field->logical_minimum; 777 finfo.logical_maximum = field->logical_maximum; 778 finfo.physical_minimum = field->physical_minimum; 779 finfo.physical_maximum = field->physical_maximum; 780 finfo.unit_exponent = field->unit_exponent; 781 finfo.unit = field->unit; 782 783 r = copy_to_user(user_arg, &finfo, sizeof(finfo)) ? 784 -EFAULT : 0; 785 break; 786 787 case HIDIOCGUCODE: 788 /* fall through */ 789 case HIDIOCGUSAGE: 790 case HIDIOCSUSAGE: 791 case HIDIOCGUSAGES: 792 case HIDIOCSUSAGES: 793 case HIDIOCGCOLLECTIONINDEX: 794 if (!hiddev->initialized) { 795 usbhid_init_reports(hid); 796 hiddev->initialized = true; 797 } 798 r = hiddev_ioctl_usage(hiddev, cmd, user_arg); 799 break; 800 801 case HIDIOCGCOLLECTIONINFO: 802 if (copy_from_user(&cinfo, user_arg, sizeof(cinfo))) { 803 r = -EFAULT; 804 break; 805 } 806 807 if (cinfo.index >= hid->maxcollection) 808 break; 809 cinfo.index = array_index_nospec(cinfo.index, 810 hid->maxcollection); 811 812 cinfo.type = hid->collection[cinfo.index].type; 813 cinfo.usage = hid->collection[cinfo.index].usage; 814 cinfo.level = hid->collection[cinfo.index].level; 815 816 r = copy_to_user(user_arg, &cinfo, sizeof(cinfo)) ? 817 -EFAULT : 0; 818 break; 819 820 default: 821 if (_IOC_TYPE(cmd) != 'H' || _IOC_DIR(cmd) != _IOC_READ) 822 break; 823 824 if (_IOC_NR(cmd) == _IOC_NR(HIDIOCGNAME(0))) { 825 int len = strlen(hid->name) + 1; 826 if (len > _IOC_SIZE(cmd)) 827 len = _IOC_SIZE(cmd); 828 r = copy_to_user(user_arg, hid->name, len) ? 829 -EFAULT : len; 830 break; 831 } 832 833 if (_IOC_NR(cmd) == _IOC_NR(HIDIOCGPHYS(0))) { 834 int len = strlen(hid->phys) + 1; 835 if (len > _IOC_SIZE(cmd)) 836 len = _IOC_SIZE(cmd); 837 r = copy_to_user(user_arg, hid->phys, len) ? 838 -EFAULT : len; 839 break; 840 } 841 } 842 843 ret_unlock: 844 mutex_unlock(&hiddev->existancelock); 845 return r; 846 } 847 848 #ifdef CONFIG_COMPAT 849 static long hiddev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 850 { 851 return hiddev_ioctl(file, cmd, (unsigned long)compat_ptr(arg)); 852 } 853 #endif 854 855 static const struct file_operations hiddev_fops = { 856 .owner = THIS_MODULE, 857 .read = hiddev_read, 858 .write = hiddev_write, 859 .poll = hiddev_poll, 860 .open = hiddev_open, 861 .release = hiddev_release, 862 .unlocked_ioctl = hiddev_ioctl, 863 .fasync = hiddev_fasync, 864 #ifdef CONFIG_COMPAT 865 .compat_ioctl = hiddev_compat_ioctl, 866 #endif 867 .llseek = noop_llseek, 868 }; 869 870 static char *hiddev_devnode(struct device *dev, umode_t *mode) 871 { 872 return kasprintf(GFP_KERNEL, "usb/%s", dev_name(dev)); 873 } 874 875 static struct usb_class_driver hiddev_class = { 876 .name = "hiddev%d", 877 .devnode = hiddev_devnode, 878 .fops = &hiddev_fops, 879 .minor_base = HIDDEV_MINOR_BASE, 880 }; 881 882 /* 883 * This is where hid.c calls us to connect a hid device to the hiddev driver 884 */ 885 int hiddev_connect(struct hid_device *hid, unsigned int force) 886 { 887 struct hiddev *hiddev; 888 struct usbhid_device *usbhid = hid->driver_data; 889 int retval; 890 891 if (!force) { 892 unsigned int i; 893 for (i = 0; i < hid->maxcollection; i++) 894 if (hid->collection[i].type == 895 HID_COLLECTION_APPLICATION && 896 !IS_INPUT_APPLICATION(hid->collection[i].usage)) 897 break; 898 899 if (i == hid->maxcollection) 900 return -1; 901 } 902 903 if (!(hiddev = kzalloc(sizeof(struct hiddev), GFP_KERNEL))) 904 return -1; 905 906 init_waitqueue_head(&hiddev->wait); 907 INIT_LIST_HEAD(&hiddev->list); 908 spin_lock_init(&hiddev->list_lock); 909 mutex_init(&hiddev->existancelock); 910 hid->hiddev = hiddev; 911 hiddev->hid = hid; 912 hiddev->exist = 1; 913 retval = usb_register_dev(usbhid->intf, &hiddev_class); 914 if (retval) { 915 hid_err(hid, "Not able to get a minor for this device\n"); 916 hid->hiddev = NULL; 917 kfree(hiddev); 918 return -1; 919 } 920 921 /* 922 * If HID_QUIRK_NO_INIT_REPORTS is set, make sure we don't initialize 923 * the reports. 924 */ 925 hiddev->initialized = hid->quirks & HID_QUIRK_NO_INIT_REPORTS; 926 927 hiddev->minor = usbhid->intf->minor; 928 929 return 0; 930 } 931 932 /* 933 * This is where hid.c calls us to disconnect a hiddev device from the 934 * corresponding hid device (usually because the usb device has disconnected) 935 */ 936 static struct usb_class_driver hiddev_class; 937 void hiddev_disconnect(struct hid_device *hid) 938 { 939 struct hiddev *hiddev = hid->hiddev; 940 struct usbhid_device *usbhid = hid->driver_data; 941 942 usb_deregister_dev(usbhid->intf, &hiddev_class); 943 944 mutex_lock(&hiddev->existancelock); 945 hiddev->exist = 0; 946 947 if (hiddev->open) { 948 mutex_unlock(&hiddev->existancelock); 949 hid_hw_close(hiddev->hid); 950 wake_up_interruptible(&hiddev->wait); 951 } else { 952 mutex_unlock(&hiddev->existancelock); 953 kfree(hiddev); 954 } 955 } 956