]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blame - drivers/hid/usbhid/hiddev.c
projects / mirror_ubuntu-jammy-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
HID: fix incorrect free in hiddev
[mirror_ubuntu-jammy-kernel.git] / drivers / hid / usbhid / hiddev.c
CommitLineData
1da177e4
LT		 1/*
2 * Copyright (c) 2001 Paul Stewart
3 * Copyright (c) 2001 Vojtech Pavlik
4 *
5 * HID char devices, giving access to raw HID device events.
6 *
7 */
8
9/*
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 *
24 * Should you need to contact me, the author, you can do so either by
25 * e-mail - mail your message to Paul Stewart <stewart@wetlogic.net>
26 */
27
1da177e4
LT		 28#include <linux/poll.h>
29#include <linux/slab.h>
30#include <linux/module.h>
31#include <linux/init.h>
32#include <linux/smp_lock.h>
33#include <linux/input.h>
34#include <linux/usb.h>
dde5845a 35#include <linux/hid.h>
1da177e4 36#include <linux/hiddev.h>
bb6c8d8f 37#include <linux/compat.h>
dde5845a 38#include "usbhid.h"
1da177e4
LT		 39
40#ifdef CONFIG_USB_DYNAMIC_MINORS
41#define HIDDEV_MINOR_BASE 0
42#define HIDDEV_MINORS 256
43#else
44#define HIDDEV_MINOR_BASE 96
45#define HIDDEV_MINORS 16
46#endif
47#define HIDDEV_BUFFER_SIZE 64
48
49struct hiddev {
50 int exist;
51 int open;
07903407 52 struct mutex existancelock;
1da177e4
LT		 53 wait_queue_head_t wait;
54 struct hid_device *hid;
826d5982 55 struct list_head list;
cdcb44e8 56 spinlock_t list_lock;
1da177e4
LT		 57};
58
59struct hiddev_list {
60 struct hiddev_usage_ref buffer[HIDDEV_BUFFER_SIZE];
61 int head;
62 int tail;
63 unsigned flags;
64 struct fasync_struct *fasync;
65 struct hiddev *hiddev;
826d5982 66 struct list_head node;
07903407 67 struct mutex thread_lock;
1da177e4
LT		 68};
69
70static struct hiddev *hiddev_table[HIDDEV_MINORS];
71
72/*
73 * Find a report, given the report's type and ID. The ID can be specified
74 * indirectly by REPORT_ID_FIRST (which returns the first report of the given
75 * type) or by (REPORT_ID_NEXT | old_id), which returns the next report of the
76 * given type which follows old_id.
77 */
78static struct hid_report *
79hiddev_lookup_report(struct hid_device *hid, struct hiddev_report_info *rinfo)
80{
826d5982
DT		 81 unsigned int flags = rinfo->report_id & ~HID_REPORT_ID_MASK;
82 unsigned int rid = rinfo->report_id & HID_REPORT_ID_MASK;
1da177e4 83 struct hid_report_enum *report_enum;
826d5982 84 struct hid_report *report;
1da177e4
LT		 85 struct list_head *list;
86
87 if (rinfo->report_type < HID_REPORT_TYPE_MIN ||
826d5982
DT		 88 rinfo->report_type > HID_REPORT_TYPE_MAX)
89 return NULL;
1da177e4
LT		 90
91 report_enum = hid->report_enum +
92 (rinfo->report_type - HID_REPORT_TYPE_MIN);
93
94 switch (flags) {
95 case 0: /* Nothing to do -- report_id is already set correctly */
96 break;
97
98 case HID_REPORT_ID_FIRST:
826d5982 99 if (list_empty(&report_enum->report_list))
1da177e4 100 return NULL;
826d5982
DT		 101
102 list = report_enum->report_list.next;
103 report = list_entry(list, struct hid_report, list);
104 rinfo->report_id = report->id;
1da177e4 105 break;
05f091ab 106
1da177e4 107 case HID_REPORT_ID_NEXT:
826d5982
DT		 108 report = report_enum->report_id_hash[rid];
109 if (!report)
1da177e4 110 return NULL;
826d5982
DT		 111
112 list = report->list.next;
1da177e4
LT		 113 if (list == &report_enum->report_list)
114 return NULL;
826d5982
DT		 115
116 report = list_entry(list, struct hid_report, list);
117 rinfo->report_id = report->id;
1da177e4 118 break;
05f091ab 119
1da177e4
LT		 120 default:
121 return NULL;
122 }
123
124 return report_enum->report_id_hash[rinfo->report_id];
125}
126
127/*
128 * Perform an exhaustive search of the report table for a usage, given its
129 * type and usage id.
130 */
131static struct hid_field *
132hiddev_lookup_usage(struct hid_device *hid, struct hiddev_usage_ref *uref)
133{
134 int i, j;
135 struct hid_report *report;
136 struct hid_report_enum *report_enum;
137 struct hid_field *field;
138
139 if (uref->report_type < HID_REPORT_TYPE_MIN ||
826d5982
DT		 140 uref->report_type > HID_REPORT_TYPE_MAX)
141 return NULL;
1da177e4
LT		 142
143 report_enum = hid->report_enum +
144 (uref->report_type - HID_REPORT_TYPE_MIN);
145
826d5982 146 list_for_each_entry(report, &report_enum->report_list, list) {
1da177e4
LT		 147 for (i = 0; i < report->maxfield; i++) {
148 field = report->field[i];
149 for (j = 0; j < field->maxusage; j++) {
150 if (field->usage[j].hid == uref->usage_code) {
151 uref->report_id = report->id;
152 uref->field_index = i;
153 uref->usage_index = j;
154 return field;
155 }
156 }
157 }
826d5982 158 }
1da177e4
LT		 159
160 return NULL;
161}
162
163static void hiddev_send_event(struct hid_device *hid,
164 struct hiddev_usage_ref *uref)
165{
166 struct hiddev *hiddev = hid->hiddev;
826d5982 167 struct hiddev_list *list;
cdcb44e8 168 unsigned long flags;
1da177e4 169
cdcb44e8 170 spin_lock_irqsave(&hiddev->list_lock, flags);
826d5982 171 list_for_each_entry(list, &hiddev->list, node) {
1da177e4
LT		 172 if (uref->field_index != HID_FIELD_INDEX_NONE ||
173 (list->flags & HIDDEV_FLAG_REPORT) != 0) {
174 list->buffer[list->head] = *uref;
05f091ab 175 list->head = (list->head + 1) &
1da177e4
LT		 176 (HIDDEV_BUFFER_SIZE - 1);
177 kill_fasync(&list->fasync, SIGIO, POLL_IN);
178 }
1da177e4 179 }
cdcb44e8 180 spin_unlock_irqrestore(&hiddev->list_lock, flags);
1da177e4
LT		 181
182 wake_up_interruptible(&hiddev->wait);
183}
184
185/*
186 * This is where hid.c calls into hiddev to pass an event that occurred over
187 * the interrupt pipe
188 */
189void hiddev_hid_event(struct hid_device *hid, struct hid_field *field,
7d12e780 190 struct hid_usage *usage, __s32 value)
1da177e4
LT		 191{
192 unsigned type = field->report_type;
193 struct hiddev_usage_ref uref;
194
05f091ab 195 uref.report_type =
1da177e4 196 (type == HID_INPUT_REPORT) ? HID_REPORT_TYPE_INPUT :
05f091ab 197 ((type == HID_OUTPUT_REPORT) ? HID_REPORT_TYPE_OUTPUT :
826d5982 198 ((type == HID_FEATURE_REPORT) ? HID_REPORT_TYPE_FEATURE : 0));
1da177e4
LT		 199 uref.report_id = field->report->id;
200 uref.field_index = field->index;
201 uref.usage_index = (usage - field->usage);
202 uref.usage_code = usage->hid;
203 uref.value = value;
204
205 hiddev_send_event(hid, &uref);
206}
229695e5 207EXPORT_SYMBOL_GPL(hiddev_hid_event);
1da177e4
LT		 208
209void hiddev_report_event(struct hid_device *hid, struct hid_report *report)
210{
211 unsigned type = report->type;
212 struct hiddev_usage_ref uref;
213
214 memset(&uref, 0, sizeof(uref));
05f091ab 215 uref.report_type =
1da177e4 216 (type == HID_INPUT_REPORT) ? HID_REPORT_TYPE_INPUT :
05f091ab 217 ((type == HID_OUTPUT_REPORT) ? HID_REPORT_TYPE_OUTPUT :
826d5982 218 ((type == HID_FEATURE_REPORT) ? HID_REPORT_TYPE_FEATURE : 0));
1da177e4
LT		 219 uref.report_id = report->id;
220 uref.field_index = HID_FIELD_INDEX_NONE;
221
222 hiddev_send_event(hid, &uref);
223}
aa8de2f0 224
1da177e4
LT		 225/*
226 * fasync file op
227 */
228static int hiddev_fasync(int fd, struct file *file, int on)
229{
230 int retval;
231 struct hiddev_list *list = file->private_data;
826d5982 232
1da177e4 233 retval = fasync_helper(fd, file, on, &list->fasync);
826d5982 234
1da177e4
LT		 235 return retval < 0 ? retval : 0;
236}
237
238
239/*
240 * release file op
241 */
242static int hiddev_release(struct inode * inode, struct file * file)
243{
244 struct hiddev_list *list = file->private_data;
cdcb44e8 245 unsigned long flags;
1da177e4 246
cdcb44e8 247 spin_lock_irqsave(&list->hiddev->list_lock, flags);
826d5982 248 list_del(&list->node);
cdcb44e8 249 spin_unlock_irqrestore(&list->hiddev->list_lock, flags);
1da177e4
LT		 250
251 if (!--list->hiddev->open) {
05f091ab 252 if (list->hiddev->exist)
4916b3a5 253 usbhid_close(list->hiddev->hid);
1da177e4
LT		 254 else
255 kfree(list->hiddev);
256 }
257
258 kfree(list);
259
260 return 0;
261}
262
263/*
264 * open file op
265 */
826d5982
DT		 266static int hiddev_open(struct inode *inode, struct file *file)
267{
1da177e4 268 struct hiddev_list *list;
07903407 269 int res;
1da177e4
LT		 270
271 int i = iminor(inode) - HIDDEV_MINOR_BASE;
272
07903407 273 if (i >= HIDDEV_MINORS || i < 0 || !hiddev_table[i])
1da177e4
LT		 274 return -ENODEV;
275
bbdb7daf 276 if (!(list = kzalloc(sizeof(struct hiddev_list), GFP_KERNEL)))
1da177e4 277 return -ENOMEM;
07903407 278 mutex_init(&list->thread_lock);
1da177e4
LT		 279
280 list->hiddev = hiddev_table[i];
cdcb44e8 281
cdcb44e8 282
1da177e4
LT		 283 file->private_data = list;
284
07903407
ON		 285 /*
286 * no need for locking because the USB major number
287 * is shared which usbcore guards against disconnect
288 */
289 if (list->hiddev->exist) {
290 if (!list->hiddev->open++) {
291 res = usbhid_open(hiddev_table[i]->hid);
292 if (res < 0) {
293 res = -EIO;
294 goto bail;
295 }
296 }
297 } else {
298 res = -ENODEV;
299 goto bail;
300 }
301
302 spin_lock_irq(&list->hiddev->list_lock);
303 list_add_tail(&list->node, &hiddev_table[i]->list);
304 spin_unlock_irq(&list->hiddev->list_lock);
1da177e4
LT		 305
306 return 0;
07903407
ON		 307bail:
308 file->private_data = NULL;
48e7a3c9 309 kfree(list);
07903407 310 return res;
1da177e4
LT		 311}
312
313/*
314 * "write" file op
315 */
316static ssize_t hiddev_write(struct file * file, const char __user * buffer, size_t count, loff_t *ppos)
317{
318 return -EINVAL;
319}
320
321/*
322 * "read" file op
323 */
324static ssize_t hiddev_read(struct file * file, char __user * buffer, size_t count, loff_t *ppos)
325{
326 DECLARE_WAITQUEUE(wait, current);
327 struct hiddev_list *list = file->private_data;
328 int event_size;
07903407 329 int retval;
1da177e4
LT		 330
331 event_size = ((list->flags & HIDDEV_FLAG_UREF) != 0) ?
332 sizeof(struct hiddev_usage_ref) : sizeof(struct hiddev_event);
333
334 if (count < event_size)
335 return 0;
336
07903407
ON		 337 /* lock against other threads */
338 retval = mutex_lock_interruptible(&list->thread_lock);
339 if (retval)
340 return -ERESTARTSYS;
341
1da177e4
LT		 342 while (retval == 0) {
343 if (list->head == list->tail) {
07903407 344 prepare_to_wait(&list->hiddev->wait, &wait, TASK_INTERRUPTIBLE);
05f091ab 345
1da177e4
LT		 346 while (list->head == list->tail) {
347 if (file->f_flags & O_NONBLOCK) {
348 retval = -EAGAIN;
349 break;
350 }
351 if (signal_pending(current)) {
352 retval = -ERESTARTSYS;
353 break;
354 }
355 if (!list->hiddev->exist) {
356 retval = -EIO;
357 break;
358 }
05f091ab 359
07903407
ON		 360 /* let O_NONBLOCK tasks run */
361 mutex_unlock(&list->thread_lock);
1da177e4 362 schedule();
07903407
ON		 363 if (mutex_lock_interruptible(&list->thread_lock))
364 return -EINTR;
48d70552 365 set_current_state(TASK_INTERRUPTIBLE);
1da177e4 366 }
07903407 367 finish_wait(&list->hiddev->wait, &wait);
1da177e4 368
1da177e4
LT		 369 }
370
07903407
ON		 371 if (retval) {
372 mutex_unlock(&list->thread_lock);
1da177e4 373 return retval;
07903407 374 }
1da177e4
LT		 375
376
05f091ab 377 while (list->head != list->tail &&
1da177e4
LT		 378 retval + event_size <= count) {
379 if ((list->flags & HIDDEV_FLAG_UREF) == 0) {
07903407 380 if (list->buffer[list->tail].field_index != HID_FIELD_INDEX_NONE) {
1da177e4 381 struct hiddev_event event;
07903407 382
1da177e4
LT		 383 event.hid = list->buffer[list->tail].usage_code;
384 event.value = list->buffer[list->tail].value;
07903407
ON		 385 if (copy_to_user(buffer + retval, &event, sizeof(struct hiddev_event))) {
386 mutex_unlock(&list->thread_lock);
1da177e4 387 return -EFAULT;
07903407 388 }
1da177e4
LT		 389 retval += sizeof(struct hiddev_event);
390 }
391 } else {
392 if (list->buffer[list->tail].field_index != HID_FIELD_INDEX_NONE ||
393 (list->flags & HIDDEV_FLAG_REPORT) != 0) {
07903407
ON		 394
395 if (copy_to_user(buffer + retval, list->buffer + list->tail, sizeof(struct hiddev_usage_ref))) {
396 mutex_unlock(&list->thread_lock);
1da177e4 397 return -EFAULT;
07903407 398 }
1da177e4
LT		 399 retval += sizeof(struct hiddev_usage_ref);
400 }
401 }
402 list->tail = (list->tail + 1) & (HIDDEV_BUFFER_SIZE - 1);
403 }
404
405 }
07903407 406 mutex_unlock(&list->thread_lock);
1da177e4
LT		 407
408 return retval;
409}
410
411/*
412 * "poll" file op
413 * No kernel lock - fine
414 */
415static unsigned int hiddev_poll(struct file *file, poll_table *wait)
416{
417 struct hiddev_list *list = file->private_data;
826d5982 418
1da177e4
LT		 419 poll_wait(file, &list->hiddev->wait, wait);
420 if (list->head != list->tail)
421 return POLLIN | POLLRDNORM;
422 if (!list->hiddev->exist)
423 return POLLERR | POLLHUP;
424 return 0;
425}
426
427/*
428 * "ioctl" file op
429 */
cf2a299e
JD		 430static noinline int hiddev_ioctl_usage(struct hiddev *hiddev, unsigned int cmd, void __user *user_arg)
431{
432 struct hid_device *hid = hiddev->hid;
433 struct hiddev_report_info rinfo;
434 struct hiddev_usage_ref_multi *uref_multi = NULL;
435 struct hiddev_usage_ref *uref;
436 struct hid_report *report;
437 struct hid_field *field;
438 int i;
439
440 uref_multi = kmalloc(sizeof(struct hiddev_usage_ref_multi), GFP_KERNEL);
441 if (!uref_multi)
442 return -ENOMEM;
7961df16 443 lock_kernel();
cf2a299e
JD		 444 uref = &uref_multi->uref;
445 if (cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) {
446 if (copy_from_user(uref_multi, user_arg,
447 sizeof(*uref_multi)))
448 goto fault;
449 } else {
450 if (copy_from_user(uref, user_arg, sizeof(*uref)))
451 goto fault;
452 }
453
454 switch (cmd) {
455 case HIDIOCGUCODE:
456 rinfo.report_type = uref->report_type;
457 rinfo.report_id = uref->report_id;
458 if ((report = hiddev_lookup_report(hid, &rinfo)) == NULL)
459 goto inval;
460
461 if (uref->field_index >= report->maxfield)
462 goto inval;
463
464 field = report->field[uref->field_index];
465 if (uref->usage_index >= field->maxusage)
466 goto inval;
467
468 uref->usage_code = field->usage[uref->usage_index].hid;
469
470 if (copy_to_user(user_arg, uref, sizeof(*uref)))
471 goto fault;
472
eb991089 473 goto goodreturn;
cf2a299e
JD		 474
475 default:
476 if (cmd != HIDIOCGUSAGE &&
477 cmd != HIDIOCGUSAGES &&
478 uref->report_type == HID_REPORT_TYPE_INPUT)
479 goto inval;
480
481 if (uref->report_id == HID_REPORT_ID_UNKNOWN) {
482 field = hiddev_lookup_usage(hid, uref);
483 if (field == NULL)
484 goto inval;
485 } else {
486 rinfo.report_type = uref->report_type;
487 rinfo.report_id = uref->report_id;
488 if ((report = hiddev_lookup_report(hid, &rinfo)) == NULL)
489 goto inval;
490
491 if (uref->field_index >= report->maxfield)
492 goto inval;
493
494 field = report->field[uref->field_index];
495
496 if (cmd == HIDIOCGCOLLECTIONINDEX) {
497 if (uref->usage_index >= field->maxusage)
498 goto inval;
499 } else if (uref->usage_index >= field->report_count)
500 goto inval;
501
502 else if ((cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) &&
503 (uref_multi->num_values > HID_MAX_MULTI_USAGES ||
504 uref->usage_index + uref_multi->num_values > field->report_count))
505 goto inval;
506 }
507
508 switch (cmd) {
509 case HIDIOCGUSAGE:
510 uref->value = field->value[uref->usage_index];
511 if (copy_to_user(user_arg, uref, sizeof(*uref)))
512 goto fault;
513 goto goodreturn;
514
515 case HIDIOCSUSAGE:
516 field->value[uref->usage_index] = uref->value;
517 goto goodreturn;
518
519 case HIDIOCGCOLLECTIONINDEX:
520 kfree(uref_multi);
521 return field->usage[uref->usage_index].collection_index;
522 case HIDIOCGUSAGES:
523 for (i = 0; i < uref_multi->num_values; i++)
524 uref_multi->values[i] =
525 field->value[uref->usage_index + i];
526 if (copy_to_user(user_arg, uref_multi,
527 sizeof(*uref_multi)))
528 goto fault;
529 goto goodreturn;
530 case HIDIOCSUSAGES:
531 for (i = 0; i < uref_multi->num_values; i++)
532 field->value[uref->usage_index + i] =
533 uref_multi->values[i];
534 goto goodreturn;
535 }
536
537goodreturn:
7961df16 538 unlock_kernel();
cf2a299e
JD		 539 kfree(uref_multi);
540 return 0;
541fault:
7961df16 542 unlock_kernel();
cf2a299e
JD		 543 kfree(uref_multi);
544 return -EFAULT;
545inval:
7961df16 546 unlock_kernel();
cf2a299e
JD		 547 kfree(uref_multi);
548 return -EINVAL;
549 }
550}
551
552static noinline int hiddev_ioctl_string(struct hiddev *hiddev, unsigned int cmd, void __user *user_arg)
553{
554 struct hid_device *hid = hiddev->hid;
555 struct usb_device *dev = hid_to_usb_dev(hid);
556 int idx, len;
557 char *buf;
558
559 if (get_user(idx, (int __user *)user_arg))
560 return -EFAULT;
561
562 if ((buf = kmalloc(HID_STRING_SIZE, GFP_KERNEL)) == NULL)
563 return -ENOMEM;
564
565 if ((len = usb_string(dev, idx, buf, HID_STRING_SIZE-1)) < 0) {
566 kfree(buf);
567 return -EINVAL;
568 }
569
570 if (copy_to_user(user_arg+sizeof(int), buf, len+1)) {
571 kfree(buf);
572 return -EFAULT;
573 }
574
575 kfree(buf);
576
577 return len;
578}
579
7961df16 580static long hiddev_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1da177e4
LT		 581{
582 struct hiddev_list *list = file->private_data;
583 struct hiddev *hiddev = list->hiddev;
584 struct hid_device *hid = hiddev->hid;
be820975 585 struct usb_device *dev = hid_to_usb_dev(hid);
1da177e4
LT		 586 struct hiddev_collection_info cinfo;
587 struct hiddev_report_info rinfo;
588 struct hiddev_field_info finfo;
1da177e4
LT		 589 struct hiddev_devinfo dinfo;
590 struct hid_report *report;
591 struct hid_field *field;
4916b3a5 592 struct usbhid_device *usbhid = hid->driver_data;
1da177e4 593 void __user *user_arg = (void __user *)arg;
07903407 594 int i, r;
7961df16
AC		 595
596 /* Called without BKL by compat methods so no BKL taken */
1da177e4 597
7961df16 598 /* FIXME: Who or what stop this racing with a disconnect ?? */
1da177e4
LT		 599 if (!hiddev->exist)
600 return -EIO;
601
602 switch (cmd) {
603
604 case HIDIOCGVERSION:
605 return put_user(HID_VERSION, (int __user *)arg);
606
607 case HIDIOCAPPLICATION:
608 if (arg < 0 || arg >= hid->maxapplication)
609 return -EINVAL;
610
611 for (i = 0; i < hid->maxcollection; i++)
05f091ab 612 if (hid->collection[i].type ==
1da177e4
LT		 613 HID_COLLECTION_APPLICATION && arg-- == 0)
614 break;
05f091ab 615
1da177e4
LT		 616 if (i == hid->maxcollection)
617 return -EINVAL;
618
619 return hid->collection[i].usage;
620
621 case HIDIOCGDEVINFO:
622 dinfo.bustype = BUS_USB;
623 dinfo.busnum = dev->bus->busnum;
624 dinfo.devnum = dev->devnum;
4916b3a5 625 dinfo.ifnum = usbhid->ifnum;
1da177e4
LT		 626 dinfo.vendor = le16_to_cpu(dev->descriptor.idVendor);
627 dinfo.product = le16_to_cpu(dev->descriptor.idProduct);
628 dinfo.version = le16_to_cpu(dev->descriptor.bcdDevice);
629 dinfo.num_applications = hid->maxapplication;
630 if (copy_to_user(user_arg, &dinfo, sizeof(dinfo)))
631 return -EFAULT;
632
633 return 0;
634
635 case HIDIOCGFLAG:
636 if (put_user(list->flags, (int __user *)arg))
637 return -EFAULT;
638
639 return 0;
640
641 case HIDIOCSFLAG:
642 {
643 int newflags;
644 if (get_user(newflags, (int __user *)arg))
645 return -EFAULT;
646
647 if ((newflags & ~HIDDEV_FLAGS) != 0 ||
648 ((newflags & HIDDEV_FLAG_REPORT) != 0 &&
649 (newflags & HIDDEV_FLAG_UREF) == 0))
650 return -EINVAL;
651
652 list->flags = newflags;
653
654 return 0;
655 }
656
657 case HIDIOCGSTRING:
07903407 658 mutex_lock(&hiddev->existancelock);
be5d0c83 659 if (hiddev->exist)
07903407
ON		 660 r = hiddev_ioctl_string(hiddev, cmd, user_arg);
661 else
662 r = -ENODEV;
663 mutex_unlock(&hiddev->existancelock);
664 return r;
1da177e4
LT		 665
666 case HIDIOCINITREPORT:
07903407
ON		 667 mutex_lock(&hiddev->existancelock);
668 if (!hiddev->exist) {
669 mutex_unlock(&hiddev->existancelock);
670 return -ENODEV;
671 }
4916b3a5 672 usbhid_init_reports(hid);
07903407 673 mutex_unlock(&hiddev->existancelock);
1da177e4
LT		 674
675 return 0;
676
677 case HIDIOCGREPORT:
678 if (copy_from_user(&rinfo, user_arg, sizeof(rinfo)))
679 return -EFAULT;
680
681 if (rinfo.report_type == HID_REPORT_TYPE_OUTPUT)
682 return -EINVAL;
683
684 if ((report = hiddev_lookup_report(hid, &rinfo)) == NULL)
685 return -EINVAL;
686
07903407
ON		 687 mutex_lock(&hiddev->existancelock);
688 if (hiddev->exist) {
689 usbhid_submit_report(hid, report, USB_DIR_IN);
690 usbhid_wait_io(hid);
691 }
692 mutex_unlock(&hiddev->existancelock);
1da177e4
LT		 693
694 return 0;
695
696 case HIDIOCSREPORT:
697 if (copy_from_user(&rinfo, user_arg, sizeof(rinfo)))
698 return -EFAULT;
699
700 if (rinfo.report_type == HID_REPORT_TYPE_INPUT)
701 return -EINVAL;
702
703 if ((report = hiddev_lookup_report(hid, &rinfo)) == NULL)
704 return -EINVAL;
705
07903407
ON		 706 mutex_lock(&hiddev->existancelock);
707 if (hiddev->exist) {
708 usbhid_submit_report(hid, report, USB_DIR_OUT);
709 usbhid_wait_io(hid);
710 }
711 mutex_unlock(&hiddev->existancelock);
1da177e4
LT		 712
713 return 0;
714
715 case HIDIOCGREPORTINFO:
716 if (copy_from_user(&rinfo, user_arg, sizeof(rinfo)))
717 return -EFAULT;
718
719 if ((report = hiddev_lookup_report(hid, &rinfo)) == NULL)
720 return -EINVAL;
721
722 rinfo.num_fields = report->maxfield;
723
724 if (copy_to_user(user_arg, &rinfo, sizeof(rinfo)))
725 return -EFAULT;
726
727 return 0;
728
729 case HIDIOCGFIELDINFO:
730 if (copy_from_user(&finfo, user_arg, sizeof(finfo)))
731 return -EFAULT;
732 rinfo.report_type = finfo.report_type;
733 rinfo.report_id = finfo.report_id;
734 if ((report = hiddev_lookup_report(hid, &rinfo)) == NULL)
735 return -EINVAL;
736
737 if (finfo.field_index >= report->maxfield)
738 return -EINVAL;
739
740 field = report->field[finfo.field_index];
741 memset(&finfo, 0, sizeof(finfo));
742 finfo.report_type = rinfo.report_type;
743 finfo.report_id = rinfo.report_id;
744 finfo.field_index = field->report_count - 1;
745 finfo.maxusage = field->maxusage;
746 finfo.flags = field->flags;
747 finfo.physical = field->physical;
748 finfo.logical = field->logical;
749 finfo.application = field->application;
750 finfo.logical_minimum = field->logical_minimum;
751 finfo.logical_maximum = field->logical_maximum;
752 finfo.physical_minimum = field->physical_minimum;
753 finfo.physical_maximum = field->physical_maximum;
754 finfo.unit_exponent = field->unit_exponent;
755 finfo.unit = field->unit;
756
757 if (copy_to_user(user_arg, &finfo, sizeof(finfo)))
758 return -EFAULT;
759
760 return 0;
761
762 case HIDIOCGUCODE:
cf2a299e 763 /* fall through */
1da177e4
LT		 764 case HIDIOCGUSAGE:
765 case HIDIOCSUSAGE:
766 case HIDIOCGUSAGES:
767 case HIDIOCSUSAGES:
768 case HIDIOCGCOLLECTIONINDEX:
07903407
ON		 769 mutex_lock(&hiddev->existancelock);
770 if (hiddev->exist)
771 r = hiddev_ioctl_usage(hiddev, cmd, user_arg);
772 else
773 r = -ENODEV;
774 mutex_unlock(&hiddev->existancelock);
775 return r;
1da177e4
LT		 776
777 case HIDIOCGCOLLECTIONINFO:
778 if (copy_from_user(&cinfo, user_arg, sizeof(cinfo)))
779 return -EFAULT;
780
781 if (cinfo.index >= hid->maxcollection)
782 return -EINVAL;
783
784 cinfo.type = hid->collection[cinfo.index].type;
785 cinfo.usage = hid->collection[cinfo.index].usage;
786 cinfo.level = hid->collection[cinfo.index].level;
787
788 if (copy_to_user(user_arg, &cinfo, sizeof(cinfo)))
789 return -EFAULT;
790 return 0;
791
792 default:
793
794 if (_IOC_TYPE(cmd) != 'H' || _IOC_DIR(cmd) != _IOC_READ)
795 return -EINVAL;
796
797 if (_IOC_NR(cmd) == _IOC_NR(HIDIOCGNAME(0))) {
798 int len;
799 if (!hid->name)
800 return 0;
801 len = strlen(hid->name) + 1;
802 if (len > _IOC_SIZE(cmd))
803 len = _IOC_SIZE(cmd);
804 return copy_to_user(user_arg, hid->name, len) ?
805 -EFAULT : len;
806 }
807
808 if (_IOC_NR(cmd) == _IOC_NR(HIDIOCGPHYS(0))) {
809 int len;
810 if (!hid->phys)
811 return 0;
812 len = strlen(hid->phys) + 1;
813 if (len > _IOC_SIZE(cmd))
814 len = _IOC_SIZE(cmd);
815 return copy_to_user(user_arg, hid->phys, len) ?
816 -EFAULT : len;
817 }
818 }
819 return -EINVAL;
820}
821
bb6c8d8f
PL		 822#ifdef CONFIG_COMPAT
823static long hiddev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
824{
88af45ba 825 return hiddev_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
bb6c8d8f
PL		 826}
827#endif
828
066202dd 829static const struct file_operations hiddev_fops = {
1da177e4
LT		 830 .owner = THIS_MODULE,
831 .read = hiddev_read,
832 .write = hiddev_write,
833 .poll = hiddev_poll,
834 .open = hiddev_open,
835 .release = hiddev_release,
7961df16 836 .unlocked_ioctl = hiddev_ioctl,
1da177e4 837 .fasync = hiddev_fasync,
bb6c8d8f
PL		 838#ifdef CONFIG_COMPAT
839 .compat_ioctl = hiddev_compat_ioctl,
840#endif
1da177e4
LT		 841};
842
843static struct usb_class_driver hiddev_class = {
d6e5bcf4 844 .name = "hiddev%d",
1da177e4 845 .fops = &hiddev_fops,
05f091ab 846 .minor_base = HIDDEV_MINOR_BASE,
1da177e4
LT		 847};
848
849/*
850 * This is where hid.c calls us to connect a hid device to the hiddev driver
851 */
93c10132 852int hiddev_connect(struct hid_device *hid, unsigned int force)
1da177e4
LT		 853{
854 struct hiddev *hiddev;
4916b3a5 855 struct usbhid_device *usbhid = hid->driver_data;
1da177e4
LT		 856 int retval;
857
93c10132
JS		 858 if (!force) {
859 unsigned int i;
860 for (i = 0; i < hid->maxcollection; i++)
861 if (hid->collection[i].type ==
862 HID_COLLECTION_APPLICATION &&
863 !IS_INPUT_APPLICATION(hid->collection[i].usage))
864 break;
1da177e4 865
93c10132
JS		 866 if (i == hid->maxcollection)
867 return -1;
868 }
1da177e4 869
bbdb7daf 870 if (!(hiddev = kzalloc(sizeof(struct hiddev), GFP_KERNEL)))
1da177e4 871 return -1;
1da177e4 872
1da177e4 873 init_waitqueue_head(&hiddev->wait);
826d5982 874 INIT_LIST_HEAD(&hiddev->list);
cdcb44e8 875 spin_lock_init(&hiddev->list_lock);
07903407 876 mutex_init(&hiddev->existancelock);
76052749 877 hid->hiddev = hiddev;
1da177e4
LT		 878 hiddev->hid = hid;
879 hiddev->exist = 1;
880
07903407
ON		 881 retval = usb_register_dev(usbhid->intf, &hiddev_class);
882 if (retval) {
883 err_hid("Not able to get a minor for this device.");
76052749 884 hid->hiddev = NULL;
07903407
ON		 885 kfree(hiddev);
886 return -1;
887 } else {
888 hid->minor = usbhid->intf->minor;
889 hiddev_table[usbhid->intf->minor - HIDDEV_MINOR_BASE] = hiddev;
890 }
826d5982 891
1da177e4
LT		 892 return 0;
893}
894
895/*
896 * This is where hid.c calls us to disconnect a hiddev device from the
897 * corresponding hid device (usually because the usb device has disconnected)
898 */
899static struct usb_class_driver hiddev_class;
900void hiddev_disconnect(struct hid_device *hid)
901{
902 struct hiddev *hiddev = hid->hiddev;
4916b3a5 903 struct usbhid_device *usbhid = hid->driver_data;
1da177e4 904
07903407 905 mutex_lock(&hiddev->existancelock);
1da177e4 906 hiddev->exist = 0;
07903407 907 mutex_unlock(&hiddev->existancelock);
1da177e4
LT		 908
909 hiddev_table[hiddev->hid->minor - HIDDEV_MINOR_BASE] = NULL;
4916b3a5 910 usb_deregister_dev(usbhid->intf, &hiddev_class);
1da177e4
LT		 911
912 if (hiddev->open) {
4916b3a5 913 usbhid_close(hiddev->hid);
1da177e4
LT		 914 wake_up_interruptible(&hiddev->wait);
915 } else {
916 kfree(hiddev);
917 }
918}
919
920/* Currently this driver is a USB driver. It's not a conventional one in
921 * the sense that it doesn't probe at the USB level. Instead it waits to
922 * be connected by HID through the hiddev_connect / hiddev_disconnect
923 * routines. The reason to register as a USB device is to gain part of the
924 * minor number space from the USB major.
925 *
926 * In theory, should the HID code be generalized to more than one physical
927 * medium (say, IEEE 1384), this driver will probably need to register its
928 * own major number, and in doing so, no longer need to register with USB.
929 * At that point the probe routine and hiddev_driver struct below will no
930 * longer be useful.
931 */
932
933
934/* We never attach in this manner, and rely on HID to connect us. This
935 * is why there is no disconnect routine defined in the usb_driver either.
936 */
05f091ab 937static int hiddev_usbd_probe(struct usb_interface *intf,
1da177e4
LT		 938 const struct usb_device_id *hiddev_info)
939{
940 return -ENODEV;
941}
942
943
944static /* const */ struct usb_driver hiddev_driver = {
1da177e4
LT		 945 .name = "hiddev",
946 .probe = hiddev_usbd_probe,
947};
948
949int __init hiddev_init(void)
950{
1da177e4
LT		 951 return usb_register(&hiddev_driver);
952}
953
954void hiddev_exit(void)
955{
956 usb_deregister(&hiddev_driver);
1da177e4 957}
Ubuntu Jammy Linux kernel mirror