1 /* 2 * Copyright (c) 2001 Paul Stewart 3 * Copyright (c) 2001 Vojtech Pavlik 4 * 5 * HID char devices, giving access to raw HID device events. 6 * 7 */ 8 9 /* 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License as published by 12 * the Free Software Foundation; either version 2 of the License, or 13 * (at your option) any later version. 14 * 15 * This program is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 * GNU General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License 21 * along with this program; if not, write to the Free Software 22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 23 * 24 * Should you need to contact me, the author, you can do so either by 25 * e-mail - mail your message to Paul Stewart <stewart@wetlogic.net> 26 */ 27 28 #include <linux/poll.h> 29 #include <linux/slab.h> 30 #include <linux/sched/signal.h> 31 #include <linux/module.h> 32 #include <linux/init.h> 33 #include <linux/input.h> 34 #include <linux/usb.h> 35 #include <linux/hid.h> 36 #include <linux/hiddev.h> 37 #include <linux/compat.h> 38 #include <linux/vmalloc.h> 39 #include <linux/nospec.h> 40 #include "usbhid.h" 41 42 #ifdef CONFIG_USB_DYNAMIC_MINORS 43 #define HIDDEV_MINOR_BASE 0 44 #define HIDDEV_MINORS 256 45 #else 46 #define HIDDEV_MINOR_BASE 96 47 #define HIDDEV_MINORS 16 48 #endif 49 #define HIDDEV_BUFFER_SIZE 2048 50 51 struct hiddev_list { 52 struct hiddev_usage_ref buffer[HIDDEV_BUFFER_SIZE]; 53 int head; 54 int tail; 55 unsigned flags; 56 struct fasync_struct *fasync; 57 struct hiddev *hiddev; 58 struct list_head node; 59 struct mutex thread_lock; 60 }; 61 62 /* 63 * Find a report, given the report's type and ID. The ID can be specified 64 * indirectly by REPORT_ID_FIRST (which returns the first report of the given 65 * type) or by (REPORT_ID_NEXT | old_id), which returns the next report of the 66 * given type which follows old_id. 67 */ 68 static struct hid_report * 69 hiddev_lookup_report(struct hid_device *hid, struct hiddev_report_info *rinfo) 70 { 71 unsigned int flags = rinfo->report_id & ~HID_REPORT_ID_MASK; 72 unsigned int rid = rinfo->report_id & HID_REPORT_ID_MASK; 73 struct hid_report_enum *report_enum; 74 struct hid_report *report; 75 struct list_head *list; 76 77 if (rinfo->report_type < HID_REPORT_TYPE_MIN || 78 rinfo->report_type > HID_REPORT_TYPE_MAX) 79 return NULL; 80 81 report_enum = hid->report_enum + 82 (rinfo->report_type - HID_REPORT_TYPE_MIN); 83 84 switch (flags) { 85 case 0: /* Nothing to do -- report_id is already set correctly */ 86 break; 87 88 case HID_REPORT_ID_FIRST: 89 if (list_empty(&report_enum->report_list)) 90 return NULL; 91 92 list = report_enum->report_list.next; 93 report = list_entry(list, struct hid_report, list); 94 rinfo->report_id = report->id; 95 break; 96 97 case HID_REPORT_ID_NEXT: 98 report = report_enum->report_id_hash[rid]; 99 if (!report) 100 return NULL; 101 102 list = report->list.next; 103 if (list == &report_enum->report_list) 104 return NULL; 105 106 report = list_entry(list, struct hid_report, list); 107 rinfo->report_id = report->id; 108 break; 109 110 default: 111 return NULL; 112 } 113 114 return report_enum->report_id_hash[rinfo->report_id]; 115 } 116 117 /* 118 * Perform an exhaustive search of the report table for a usage, given its 119 * type and usage id. 120 */ 121 static struct hid_field * 122 hiddev_lookup_usage(struct hid_device *hid, struct hiddev_usage_ref *uref) 123 { 124 int i, j; 125 struct hid_report *report; 126 struct hid_report_enum *report_enum; 127 struct hid_field *field; 128 129 if (uref->report_type < HID_REPORT_TYPE_MIN || 130 uref->report_type > HID_REPORT_TYPE_MAX) 131 return NULL; 132 133 report_enum = hid->report_enum + 134 (uref->report_type - HID_REPORT_TYPE_MIN); 135 136 list_for_each_entry(report, &report_enum->report_list, list) { 137 for (i = 0; i < report->maxfield; i++) { 138 field = report->field[i]; 139 for (j = 0; j < field->maxusage; j++) { 140 if (field->usage[j].hid == uref->usage_code) { 141 uref->report_id = report->id; 142 uref->field_index = i; 143 uref->usage_index = j; 144 return field; 145 } 146 } 147 } 148 } 149 150 return NULL; 151 } 152 153 static void hiddev_send_event(struct hid_device *hid, 154 struct hiddev_usage_ref *uref) 155 { 156 struct hiddev *hiddev = hid->hiddev; 157 struct hiddev_list *list; 158 unsigned long flags; 159 160 spin_lock_irqsave(&hiddev->list_lock, flags); 161 list_for_each_entry(list, &hiddev->list, node) { 162 if (uref->field_index != HID_FIELD_INDEX_NONE || 163 (list->flags & HIDDEV_FLAG_REPORT) != 0) { 164 list->buffer[list->head] = *uref; 165 list->head = (list->head + 1) & 166 (HIDDEV_BUFFER_SIZE - 1); 167 kill_fasync(&list->fasync, SIGIO, POLL_IN); 168 } 169 } 170 spin_unlock_irqrestore(&hiddev->list_lock, flags); 171 172 wake_up_interruptible(&hiddev->wait); 173 } 174 175 /* 176 * This is where hid.c calls into hiddev to pass an event that occurred over 177 * the interrupt pipe 178 */ 179 void hiddev_hid_event(struct hid_device *hid, struct hid_field *field, 180 struct hid_usage *usage, __s32 value) 181 { 182 unsigned type = field->report_type; 183 struct hiddev_usage_ref uref; 184 185 uref.report_type = 186 (type == HID_INPUT_REPORT) ? HID_REPORT_TYPE_INPUT : 187 ((type == HID_OUTPUT_REPORT) ? HID_REPORT_TYPE_OUTPUT : 188 ((type == HID_FEATURE_REPORT) ? HID_REPORT_TYPE_FEATURE : 0)); 189 uref.report_id = field->report->id; 190 uref.field_index = field->index; 191 uref.usage_index = (usage - field->usage); 192 uref.usage_code = usage->hid; 193 uref.value = value; 194 195 hiddev_send_event(hid, &uref); 196 } 197 EXPORT_SYMBOL_GPL(hiddev_hid_event); 198 199 void hiddev_report_event(struct hid_device *hid, struct hid_report *report) 200 { 201 unsigned type = report->type; 202 struct hiddev_usage_ref uref; 203 204 memset(&uref, 0, sizeof(uref)); 205 uref.report_type = 206 (type == HID_INPUT_REPORT) ? HID_REPORT_TYPE_INPUT : 207 ((type == HID_OUTPUT_REPORT) ? HID_REPORT_TYPE_OUTPUT : 208 ((type == HID_FEATURE_REPORT) ? HID_REPORT_TYPE_FEATURE : 0)); 209 uref.report_id = report->id; 210 uref.field_index = HID_FIELD_INDEX_NONE; 211 212 hiddev_send_event(hid, &uref); 213 } 214 215 /* 216 * fasync file op 217 */ 218 static int hiddev_fasync(int fd, struct file *file, int on) 219 { 220 struct hiddev_list *list = file->private_data; 221 222 return fasync_helper(fd, file, on, &list->fasync); 223 } 224 225 226 /* 227 * release file op 228 */ 229 static int hiddev_release(struct inode * inode, struct file * file) 230 { 231 struct hiddev_list *list = file->private_data; 232 unsigned long flags; 233 234 spin_lock_irqsave(&list->hiddev->list_lock, flags); 235 list_del(&list->node); 236 spin_unlock_irqrestore(&list->hiddev->list_lock, flags); 237 238 mutex_lock(&list->hiddev->existancelock); 239 if (!--list->hiddev->open) { 240 if (list->hiddev->exist) { 241 hid_hw_close(list->hiddev->hid); 242 hid_hw_power(list->hiddev->hid, PM_HINT_NORMAL); 243 } else { 244 mutex_unlock(&list->hiddev->existancelock); 245 kfree(list->hiddev); 246 vfree(list); 247 return 0; 248 } 249 } 250 251 mutex_unlock(&list->hiddev->existancelock); 252 vfree(list); 253 254 return 0; 255 } 256 257 /* 258 * open file op 259 */ 260 static int hiddev_open(struct inode *inode, struct file *file) 261 { 262 struct hiddev_list *list; 263 struct usb_interface *intf; 264 struct hid_device *hid; 265 struct hiddev *hiddev; 266 int res; 267 268 intf = usbhid_find_interface(iminor(inode)); 269 if (!intf) 270 return -ENODEV; 271 hid = usb_get_intfdata(intf); 272 hiddev = hid->hiddev; 273 274 if (!(list = vzalloc(sizeof(struct hiddev_list)))) 275 return -ENOMEM; 276 mutex_init(&list->thread_lock); 277 list->hiddev = hiddev; 278 file->private_data = list; 279 280 /* 281 * no need for locking because the USB major number 282 * is shared which usbcore guards against disconnect 283 */ 284 if (list->hiddev->exist) { 285 if (!list->hiddev->open++) { 286 res = hid_hw_open(hiddev->hid); 287 if (res < 0) 288 goto bail; 289 } 290 } else { 291 res = -ENODEV; 292 goto bail; 293 } 294 295 spin_lock_irq(&list->hiddev->list_lock); 296 list_add_tail(&list->node, &hiddev->list); 297 spin_unlock_irq(&list->hiddev->list_lock); 298 299 mutex_lock(&hiddev->existancelock); 300 if (!list->hiddev->open++) 301 if (list->hiddev->exist) { 302 struct hid_device *hid = hiddev->hid; 303 res = hid_hw_power(hid, PM_HINT_FULLON); 304 if (res < 0) 305 goto bail_unlock; 306 res = hid_hw_open(hid); 307 if (res < 0) 308 goto bail_normal_power; 309 } 310 mutex_unlock(&hiddev->existancelock); 311 return 0; 312 bail_normal_power: 313 hid_hw_power(hid, PM_HINT_NORMAL); 314 bail_unlock: 315 mutex_unlock(&hiddev->existancelock); 316 bail: 317 file->private_data = NULL; 318 vfree(list); 319 return res; 320 } 321 322 /* 323 * "write" file op 324 */ 325 static ssize_t hiddev_write(struct file * file, const char __user * buffer, size_t count, loff_t *ppos) 326 { 327 return -EINVAL; 328 } 329 330 /* 331 * "read" file op 332 */ 333 static ssize_t hiddev_read(struct file * file, char __user * buffer, size_t count, loff_t *ppos) 334 { 335 DEFINE_WAIT(wait); 336 struct hiddev_list *list = file->private_data; 337 int event_size; 338 int retval; 339 340 event_size = ((list->flags & HIDDEV_FLAG_UREF) != 0) ? 341 sizeof(struct hiddev_usage_ref) : sizeof(struct hiddev_event); 342 343 if (count < event_size) 344 return 0; 345 346 /* lock against other threads */ 347 retval = mutex_lock_interruptible(&list->thread_lock); 348 if (retval) 349 return -ERESTARTSYS; 350 351 while (retval == 0) { 352 if (list->head == list->tail) { 353 prepare_to_wait(&list->hiddev->wait, &wait, TASK_INTERRUPTIBLE); 354 355 while (list->head == list->tail) { 356 if (signal_pending(current)) { 357 retval = -ERESTARTSYS; 358 break; 359 } 360 if (!list->hiddev->exist) { 361 retval = -EIO; 362 break; 363 } 364 if (file->f_flags & O_NONBLOCK) { 365 retval = -EAGAIN; 366 break; 367 } 368 369 /* let O_NONBLOCK tasks run */ 370 mutex_unlock(&list->thread_lock); 371 schedule(); 372 if (mutex_lock_interruptible(&list->thread_lock)) { 373 finish_wait(&list->hiddev->wait, &wait); 374 return -EINTR; 375 } 376 set_current_state(TASK_INTERRUPTIBLE); 377 } 378 finish_wait(&list->hiddev->wait, &wait); 379 380 } 381 382 if (retval) { 383 mutex_unlock(&list->thread_lock); 384 return retval; 385 } 386 387 388 while (list->head != list->tail && 389 retval + event_size <= count) { 390 if ((list->flags & HIDDEV_FLAG_UREF) == 0) { 391 if (list->buffer[list->tail].field_index != HID_FIELD_INDEX_NONE) { 392 struct hiddev_event event; 393 394 event.hid = list->buffer[list->tail].usage_code; 395 event.value = list->buffer[list->tail].value; 396 if (copy_to_user(buffer + retval, &event, sizeof(struct hiddev_event))) { 397 mutex_unlock(&list->thread_lock); 398 return -EFAULT; 399 } 400 retval += sizeof(struct hiddev_event); 401 } 402 } else { 403 if (list->buffer[list->tail].field_index != HID_FIELD_INDEX_NONE || 404 (list->flags & HIDDEV_FLAG_REPORT) != 0) { 405 406 if (copy_to_user(buffer + retval, list->buffer + list->tail, sizeof(struct hiddev_usage_ref))) { 407 mutex_unlock(&list->thread_lock); 408 return -EFAULT; 409 } 410 retval += sizeof(struct hiddev_usage_ref); 411 } 412 } 413 list->tail = (list->tail + 1) & (HIDDEV_BUFFER_SIZE - 1); 414 } 415 416 } 417 mutex_unlock(&list->thread_lock); 418 419 return retval; 420 } 421 422 /* 423 * "poll" file op 424 * No kernel lock - fine 425 */ 426 static __poll_t hiddev_poll(struct file *file, poll_table *wait) 427 { 428 struct hiddev_list *list = file->private_data; 429 430 poll_wait(file, &list->hiddev->wait, wait); 431 if (list->head != list->tail) 432 return EPOLLIN | EPOLLRDNORM; 433 if (!list->hiddev->exist) 434 return EPOLLERR | EPOLLHUP; 435 return 0; 436 } 437 438 /* 439 * "ioctl" file op 440 */ 441 static noinline int hiddev_ioctl_usage(struct hiddev *hiddev, unsigned int cmd, void __user *user_arg) 442 { 443 struct hid_device *hid = hiddev->hid; 444 struct hiddev_report_info rinfo; 445 struct hiddev_usage_ref_multi *uref_multi = NULL; 446 struct hiddev_usage_ref *uref; 447 struct hid_report *report; 448 struct hid_field *field; 449 int i; 450 451 uref_multi = kmalloc(sizeof(struct hiddev_usage_ref_multi), GFP_KERNEL); 452 if (!uref_multi) 453 return -ENOMEM; 454 uref = &uref_multi->uref; 455 if (cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) { 456 if (copy_from_user(uref_multi, user_arg, 457 sizeof(*uref_multi))) 458 goto fault; 459 } else { 460 if (copy_from_user(uref, user_arg, sizeof(*uref))) 461 goto fault; 462 } 463 464 switch (cmd) { 465 case HIDIOCGUCODE: 466 rinfo.report_type = uref->report_type; 467 rinfo.report_id = uref->report_id; 468 if ((report = hiddev_lookup_report(hid, &rinfo)) == NULL) 469 goto inval; 470 471 if (uref->field_index >= report->maxfield) 472 goto inval; 473 uref->field_index = array_index_nospec(uref->field_index, 474 report->maxfield); 475 476 field = report->field[uref->field_index]; 477 if (uref->usage_index >= field->maxusage) 478 goto inval; 479 uref->usage_index = array_index_nospec(uref->usage_index, 480 field->maxusage); 481 482 uref->usage_code = field->usage[uref->usage_index].hid; 483 484 if (copy_to_user(user_arg, uref, sizeof(*uref))) 485 goto fault; 486 487 goto goodreturn; 488 489 default: 490 if (cmd != HIDIOCGUSAGE && 491 cmd != HIDIOCGUSAGES && 492 uref->report_type == HID_REPORT_TYPE_INPUT) 493 goto inval; 494 495 if (uref->report_id == HID_REPORT_ID_UNKNOWN) { 496 field = hiddev_lookup_usage(hid, uref); 497 if (field == NULL) 498 goto inval; 499 } else { 500 rinfo.report_type = uref->report_type; 501 rinfo.report_id = uref->report_id; 502 if ((report = hiddev_lookup_report(hid, &rinfo)) == NULL) 503 goto inval; 504 505 if (uref->field_index >= report->maxfield) 506 goto inval; 507 uref->field_index = array_index_nospec(uref->field_index, 508 report->maxfield); 509 510 field = report->field[uref->field_index]; 511 512 if (cmd == HIDIOCGCOLLECTIONINDEX) { 513 if (uref->usage_index >= field->maxusage) 514 goto inval; 515 uref->usage_index = 516 array_index_nospec(uref->usage_index, 517 field->maxusage); 518 } else if (uref->usage_index >= field->report_count) 519 goto inval; 520 } 521 522 if (cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) { 523 if (uref_multi->num_values > HID_MAX_MULTI_USAGES || 524 uref->usage_index + uref_multi->num_values > 525 field->report_count) 526 goto inval; 527 528 uref->usage_index = 529 array_index_nospec(uref->usage_index, 530 field->report_count - 531 uref_multi->num_values); 532 } 533 534 switch (cmd) { 535 case HIDIOCGUSAGE: 536 uref->value = field->value[uref->usage_index]; 537 if (copy_to_user(user_arg, uref, sizeof(*uref))) 538 goto fault; 539 goto goodreturn; 540 541 case HIDIOCSUSAGE: 542 field->value[uref->usage_index] = uref->value; 543 goto goodreturn; 544 545 case HIDIOCGCOLLECTIONINDEX: 546 i = field->usage[uref->usage_index].collection_index; 547 kfree(uref_multi); 548 return i; 549 case HIDIOCGUSAGES: 550 for (i = 0; i < uref_multi->num_values; i++) 551 uref_multi->values[i] = 552 field->value[uref->usage_index + i]; 553 if (copy_to_user(user_arg, uref_multi, 554 sizeof(*uref_multi))) 555 goto fault; 556 goto goodreturn; 557 case HIDIOCSUSAGES: 558 for (i = 0; i < uref_multi->num_values; i++) 559 field->value[uref->usage_index + i] = 560 uref_multi->values[i]; 561 goto goodreturn; 562 } 563 564 goodreturn: 565 kfree(uref_multi); 566 return 0; 567 fault: 568 kfree(uref_multi); 569 return -EFAULT; 570 inval: 571 kfree(uref_multi); 572 return -EINVAL; 573 } 574 } 575 576 static noinline int hiddev_ioctl_string(struct hiddev *hiddev, unsigned int cmd, void __user *user_arg) 577 { 578 struct hid_device *hid = hiddev->hid; 579 struct usb_device *dev = hid_to_usb_dev(hid); 580 int idx, len; 581 char *buf; 582 583 if (get_user(idx, (int __user *)user_arg)) 584 return -EFAULT; 585 586 if ((buf = kmalloc(HID_STRING_SIZE, GFP_KERNEL)) == NULL) 587 return -ENOMEM; 588 589 if ((len = usb_string(dev, idx, buf, HID_STRING_SIZE-1)) < 0) { 590 kfree(buf); 591 return -EINVAL; 592 } 593 594 if (copy_to_user(user_arg+sizeof(int), buf, len+1)) { 595 kfree(buf); 596 return -EFAULT; 597 } 598 599 kfree(buf); 600 601 return len; 602 } 603 604 static long hiddev_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 605 { 606 struct hiddev_list *list = file->private_data; 607 struct hiddev *hiddev = list->hiddev; 608 struct hid_device *hid; 609 struct hiddev_collection_info cinfo; 610 struct hiddev_report_info rinfo; 611 struct hiddev_field_info finfo; 612 struct hiddev_devinfo dinfo; 613 struct hid_report *report; 614 struct hid_field *field; 615 void __user *user_arg = (void __user *)arg; 616 int i, r = -EINVAL; 617 618 /* Called without BKL by compat methods so no BKL taken */ 619 620 mutex_lock(&hiddev->existancelock); 621 if (!hiddev->exist) { 622 r = -ENODEV; 623 goto ret_unlock; 624 } 625 626 hid = hiddev->hid; 627 628 switch (cmd) { 629 630 case HIDIOCGVERSION: 631 r = put_user(HID_VERSION, (int __user *)arg) ? 632 -EFAULT : 0; 633 break; 634 635 case HIDIOCAPPLICATION: 636 if (arg >= hid->maxapplication) 637 break; 638 639 for (i = 0; i < hid->maxcollection; i++) 640 if (hid->collection[i].type == 641 HID_COLLECTION_APPLICATION && arg-- == 0) 642 break; 643 644 if (i < hid->maxcollection) 645 r = hid->collection[i].usage; 646 break; 647 648 case HIDIOCGDEVINFO: 649 { 650 struct usb_device *dev = hid_to_usb_dev(hid); 651 struct usbhid_device *usbhid = hid->driver_data; 652 653 memset(&dinfo, 0, sizeof(dinfo)); 654 655 dinfo.bustype = BUS_USB; 656 dinfo.busnum = dev->bus->busnum; 657 dinfo.devnum = dev->devnum; 658 dinfo.ifnum = usbhid->ifnum; 659 dinfo.vendor = le16_to_cpu(dev->descriptor.idVendor); 660 dinfo.product = le16_to_cpu(dev->descriptor.idProduct); 661 dinfo.version = le16_to_cpu(dev->descriptor.bcdDevice); 662 dinfo.num_applications = hid->maxapplication; 663 664 r = copy_to_user(user_arg, &dinfo, sizeof(dinfo)) ? 665 -EFAULT : 0; 666 break; 667 } 668 669 case HIDIOCGFLAG: 670 r = put_user(list->flags, (int __user *)arg) ? 671 -EFAULT : 0; 672 break; 673 674 case HIDIOCSFLAG: 675 { 676 int newflags; 677 678 if (get_user(newflags, (int __user *)arg)) { 679 r = -EFAULT; 680 break; 681 } 682 683 if ((newflags & ~HIDDEV_FLAGS) != 0 || 684 ((newflags & HIDDEV_FLAG_REPORT) != 0 && 685 (newflags & HIDDEV_FLAG_UREF) == 0)) 686 break; 687 688 list->flags = newflags; 689 690 r = 0; 691 break; 692 } 693 694 case HIDIOCGSTRING: 695 r = hiddev_ioctl_string(hiddev, cmd, user_arg); 696 break; 697 698 case HIDIOCINITREPORT: 699 usbhid_init_reports(hid); 700 hiddev->initialized = true; 701 r = 0; 702 break; 703 704 case HIDIOCGREPORT: 705 if (copy_from_user(&rinfo, user_arg, sizeof(rinfo))) { 706 r = -EFAULT; 707 break; 708 } 709 710 if (rinfo.report_type == HID_REPORT_TYPE_OUTPUT) 711 break; 712 713 report = hiddev_lookup_report(hid, &rinfo); 714 if (report == NULL) 715 break; 716 717 hid_hw_request(hid, report, HID_REQ_GET_REPORT); 718 hid_hw_wait(hid); 719 720 r = 0; 721 break; 722 723 case HIDIOCSREPORT: 724 if (copy_from_user(&rinfo, user_arg, sizeof(rinfo))) { 725 r = -EFAULT; 726 break; 727 } 728 729 if (rinfo.report_type == HID_REPORT_TYPE_INPUT) 730 break; 731 732 report = hiddev_lookup_report(hid, &rinfo); 733 if (report == NULL) 734 break; 735 736 hid_hw_request(hid, report, HID_REQ_SET_REPORT); 737 hid_hw_wait(hid); 738 739 r = 0; 740 break; 741 742 case HIDIOCGREPORTINFO: 743 if (copy_from_user(&rinfo, user_arg, sizeof(rinfo))) { 744 r = -EFAULT; 745 break; 746 } 747 748 report = hiddev_lookup_report(hid, &rinfo); 749 if (report == NULL) 750 break; 751 752 rinfo.num_fields = report->maxfield; 753 754 r = copy_to_user(user_arg, &rinfo, sizeof(rinfo)) ? 755 -EFAULT : 0; 756 break; 757 758 case HIDIOCGFIELDINFO: 759 if (copy_from_user(&finfo, user_arg, sizeof(finfo))) { 760 r = -EFAULT; 761 break; 762 } 763 764 rinfo.report_type = finfo.report_type; 765 rinfo.report_id = finfo.report_id; 766 767 report = hiddev_lookup_report(hid, &rinfo); 768 if (report == NULL) 769 break; 770 771 if (finfo.field_index >= report->maxfield) 772 break; 773 finfo.field_index = array_index_nospec(finfo.field_index, 774 report->maxfield); 775 776 field = report->field[finfo.field_index]; 777 memset(&finfo, 0, sizeof(finfo)); 778 finfo.report_type = rinfo.report_type; 779 finfo.report_id = rinfo.report_id; 780 finfo.field_index = field->report_count - 1; 781 finfo.maxusage = field->maxusage; 782 finfo.flags = field->flags; 783 finfo.physical = field->physical; 784 finfo.logical = field->logical; 785 finfo.application = field->application; 786 finfo.logical_minimum = field->logical_minimum; 787 finfo.logical_maximum = field->logical_maximum; 788 finfo.physical_minimum = field->physical_minimum; 789 finfo.physical_maximum = field->physical_maximum; 790 finfo.unit_exponent = field->unit_exponent; 791 finfo.unit = field->unit; 792 793 r = copy_to_user(user_arg, &finfo, sizeof(finfo)) ? 794 -EFAULT : 0; 795 break; 796 797 case HIDIOCGUCODE: 798 /* fall through */ 799 case HIDIOCGUSAGE: 800 case HIDIOCSUSAGE: 801 case HIDIOCGUSAGES: 802 case HIDIOCSUSAGES: 803 case HIDIOCGCOLLECTIONINDEX: 804 if (!hiddev->initialized) { 805 usbhid_init_reports(hid); 806 hiddev->initialized = true; 807 } 808 r = hiddev_ioctl_usage(hiddev, cmd, user_arg); 809 break; 810 811 case HIDIOCGCOLLECTIONINFO: 812 if (copy_from_user(&cinfo, user_arg, sizeof(cinfo))) { 813 r = -EFAULT; 814 break; 815 } 816 817 if (cinfo.index >= hid->maxcollection) 818 break; 819 cinfo.index = array_index_nospec(cinfo.index, 820 hid->maxcollection); 821 822 cinfo.type = hid->collection[cinfo.index].type; 823 cinfo.usage = hid->collection[cinfo.index].usage; 824 cinfo.level = hid->collection[cinfo.index].level; 825 826 r = copy_to_user(user_arg, &cinfo, sizeof(cinfo)) ? 827 -EFAULT : 0; 828 break; 829 830 default: 831 if (_IOC_TYPE(cmd) != 'H' || _IOC_DIR(cmd) != _IOC_READ) 832 break; 833 834 if (_IOC_NR(cmd) == _IOC_NR(HIDIOCGNAME(0))) { 835 int len = strlen(hid->name) + 1; 836 if (len > _IOC_SIZE(cmd)) 837 len = _IOC_SIZE(cmd); 838 r = copy_to_user(user_arg, hid->name, len) ? 839 -EFAULT : len; 840 break; 841 } 842 843 if (_IOC_NR(cmd) == _IOC_NR(HIDIOCGPHYS(0))) { 844 int len = strlen(hid->phys) + 1; 845 if (len > _IOC_SIZE(cmd)) 846 len = _IOC_SIZE(cmd); 847 r = copy_to_user(user_arg, hid->phys, len) ? 848 -EFAULT : len; 849 break; 850 } 851 } 852 853 ret_unlock: 854 mutex_unlock(&hiddev->existancelock); 855 return r; 856 } 857 858 #ifdef CONFIG_COMPAT 859 static long hiddev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 860 { 861 return hiddev_ioctl(file, cmd, (unsigned long)compat_ptr(arg)); 862 } 863 #endif 864 865 static const struct file_operations hiddev_fops = { 866 .owner = THIS_MODULE, 867 .read = hiddev_read, 868 .write = hiddev_write, 869 .poll = hiddev_poll, 870 .open = hiddev_open, 871 .release = hiddev_release, 872 .unlocked_ioctl = hiddev_ioctl, 873 .fasync = hiddev_fasync, 874 #ifdef CONFIG_COMPAT 875 .compat_ioctl = hiddev_compat_ioctl, 876 #endif 877 .llseek = noop_llseek, 878 }; 879 880 static char *hiddev_devnode(struct device *dev, umode_t *mode) 881 { 882 return kasprintf(GFP_KERNEL, "usb/%s", dev_name(dev)); 883 } 884 885 static struct usb_class_driver hiddev_class = { 886 .name = "hiddev%d", 887 .devnode = hiddev_devnode, 888 .fops = &hiddev_fops, 889 .minor_base = HIDDEV_MINOR_BASE, 890 }; 891 892 /* 893 * This is where hid.c calls us to connect a hid device to the hiddev driver 894 */ 895 int hiddev_connect(struct hid_device *hid, unsigned int force) 896 { 897 struct hiddev *hiddev; 898 struct usbhid_device *usbhid = hid->driver_data; 899 int retval; 900 901 if (!force) { 902 unsigned int i; 903 for (i = 0; i < hid->maxcollection; i++) 904 if (hid->collection[i].type == 905 HID_COLLECTION_APPLICATION && 906 !IS_INPUT_APPLICATION(hid->collection[i].usage)) 907 break; 908 909 if (i == hid->maxcollection) 910 return -1; 911 } 912 913 if (!(hiddev = kzalloc(sizeof(struct hiddev), GFP_KERNEL))) 914 return -1; 915 916 init_waitqueue_head(&hiddev->wait); 917 INIT_LIST_HEAD(&hiddev->list); 918 spin_lock_init(&hiddev->list_lock); 919 mutex_init(&hiddev->existancelock); 920 hid->hiddev = hiddev; 921 hiddev->hid = hid; 922 hiddev->exist = 1; 923 retval = usb_register_dev(usbhid->intf, &hiddev_class); 924 if (retval) { 925 hid_err(hid, "Not able to get a minor for this device\n"); 926 hid->hiddev = NULL; 927 kfree(hiddev); 928 return -1; 929 } 930 931 /* 932 * If HID_QUIRK_NO_INIT_REPORTS is set, make sure we don't initialize 933 * the reports. 934 */ 935 hiddev->initialized = hid->quirks & HID_QUIRK_NO_INIT_REPORTS; 936 937 hiddev->minor = usbhid->intf->minor; 938 939 return 0; 940 } 941 942 /* 943 * This is where hid.c calls us to disconnect a hiddev device from the 944 * corresponding hid device (usually because the usb device has disconnected) 945 */ 946 static struct usb_class_driver hiddev_class; 947 void hiddev_disconnect(struct hid_device *hid) 948 { 949 struct hiddev *hiddev = hid->hiddev; 950 struct usbhid_device *usbhid = hid->driver_data; 951 952 usb_deregister_dev(usbhid->intf, &hiddev_class); 953 954 mutex_lock(&hiddev->existancelock); 955 hiddev->exist = 0; 956 957 if (hiddev->open) { 958 mutex_unlock(&hiddev->existancelock); 959 hid_hw_close(hiddev->hid); 960 wake_up_interruptible(&hiddev->wait); 961 } else { 962 mutex_unlock(&hiddev->existancelock); 963 kfree(hiddev); 964 } 965 } 966