Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid
[muen/linux.git] / drivers / hid / usbhid / hiddev.c
1 /*
2  *  Copyright (c) 2001 Paul Stewart
3  *  Copyright (c) 2001 Vojtech Pavlik
4  *
5  *  HID char devices, giving access to raw HID device events.
6  *
7  */
8
9 /*
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License as published by
12  * the Free Software Foundation; either version 2 of the License, or
13  * (at your option) any later version.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License
21  * along with this program; if not, write to the Free Software
22  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23  *
24  * Should you need to contact me, the author, you can do so either by
25  * e-mail - mail your message to Paul Stewart <stewart@wetlogic.net>
26  */
27
28 #include <linux/poll.h>
29 #include <linux/slab.h>
30 #include <linux/sched/signal.h>
31 #include <linux/module.h>
32 #include <linux/init.h>
33 #include <linux/input.h>
34 #include <linux/usb.h>
35 #include <linux/hid.h>
36 #include <linux/hiddev.h>
37 #include <linux/compat.h>
38 #include <linux/vmalloc.h>
39 #include <linux/nospec.h>
40 #include "usbhid.h"
41
42 #ifdef CONFIG_USB_DYNAMIC_MINORS
43 #define HIDDEV_MINOR_BASE       0
44 #define HIDDEV_MINORS           256
45 #else
46 #define HIDDEV_MINOR_BASE       96
47 #define HIDDEV_MINORS           16
48 #endif
49 #define HIDDEV_BUFFER_SIZE      2048
50
51 struct hiddev_list {
52         struct hiddev_usage_ref buffer[HIDDEV_BUFFER_SIZE];
53         int head;
54         int tail;
55         unsigned flags;
56         struct fasync_struct *fasync;
57         struct hiddev *hiddev;
58         struct list_head node;
59         struct mutex thread_lock;
60 };
61
62 /*
63  * Find a report, given the report's type and ID.  The ID can be specified
64  * indirectly by REPORT_ID_FIRST (which returns the first report of the given
65  * type) or by (REPORT_ID_NEXT | old_id), which returns the next report of the
66  * given type which follows old_id.
67  */
68 static struct hid_report *
69 hiddev_lookup_report(struct hid_device *hid, struct hiddev_report_info *rinfo)
70 {
71         unsigned int flags = rinfo->report_id & ~HID_REPORT_ID_MASK;
72         unsigned int rid = rinfo->report_id & HID_REPORT_ID_MASK;
73         struct hid_report_enum *report_enum;
74         struct hid_report *report;
75         struct list_head *list;
76
77         if (rinfo->report_type < HID_REPORT_TYPE_MIN ||
78             rinfo->report_type > HID_REPORT_TYPE_MAX)
79                 return NULL;
80
81         report_enum = hid->report_enum +
82                 (rinfo->report_type - HID_REPORT_TYPE_MIN);
83
84         switch (flags) {
85         case 0: /* Nothing to do -- report_id is already set correctly */
86                 break;
87
88         case HID_REPORT_ID_FIRST:
89                 if (list_empty(&report_enum->report_list))
90                         return NULL;
91
92                 list = report_enum->report_list.next;
93                 report = list_entry(list, struct hid_report, list);
94                 rinfo->report_id = report->id;
95                 break;
96
97         case HID_REPORT_ID_NEXT:
98                 report = report_enum->report_id_hash[rid];
99                 if (!report)
100                         return NULL;
101
102                 list = report->list.next;
103                 if (list == &report_enum->report_list)
104                         return NULL;
105
106                 report = list_entry(list, struct hid_report, list);
107                 rinfo->report_id = report->id;
108                 break;
109
110         default:
111                 return NULL;
112         }
113
114         return report_enum->report_id_hash[rinfo->report_id];
115 }
116
117 /*
118  * Perform an exhaustive search of the report table for a usage, given its
119  * type and usage id.
120  */
121 static struct hid_field *
122 hiddev_lookup_usage(struct hid_device *hid, struct hiddev_usage_ref *uref)
123 {
124         int i, j;
125         struct hid_report *report;
126         struct hid_report_enum *report_enum;
127         struct hid_field *field;
128
129         if (uref->report_type < HID_REPORT_TYPE_MIN ||
130             uref->report_type > HID_REPORT_TYPE_MAX)
131                 return NULL;
132
133         report_enum = hid->report_enum +
134                 (uref->report_type - HID_REPORT_TYPE_MIN);
135
136         list_for_each_entry(report, &report_enum->report_list, list) {
137                 for (i = 0; i < report->maxfield; i++) {
138                         field = report->field[i];
139                         for (j = 0; j < field->maxusage; j++) {
140                                 if (field->usage[j].hid == uref->usage_code) {
141                                         uref->report_id = report->id;
142                                         uref->field_index = i;
143                                         uref->usage_index = j;
144                                         return field;
145                                 }
146                         }
147                 }
148         }
149
150         return NULL;
151 }
152
153 static void hiddev_send_event(struct hid_device *hid,
154                               struct hiddev_usage_ref *uref)
155 {
156         struct hiddev *hiddev = hid->hiddev;
157         struct hiddev_list *list;
158         unsigned long flags;
159
160         spin_lock_irqsave(&hiddev->list_lock, flags);
161         list_for_each_entry(list, &hiddev->list, node) {
162                 if (uref->field_index != HID_FIELD_INDEX_NONE ||
163                     (list->flags & HIDDEV_FLAG_REPORT) != 0) {
164                         list->buffer[list->head] = *uref;
165                         list->head = (list->head + 1) &
166                                 (HIDDEV_BUFFER_SIZE - 1);
167                         kill_fasync(&list->fasync, SIGIO, POLL_IN);
168                 }
169         }
170         spin_unlock_irqrestore(&hiddev->list_lock, flags);
171
172         wake_up_interruptible(&hiddev->wait);
173 }
174
175 /*
176  * This is where hid.c calls into hiddev to pass an event that occurred over
177  * the interrupt pipe
178  */
179 void hiddev_hid_event(struct hid_device *hid, struct hid_field *field,
180                       struct hid_usage *usage, __s32 value)
181 {
182         unsigned type = field->report_type;
183         struct hiddev_usage_ref uref;
184
185         uref.report_type =
186           (type == HID_INPUT_REPORT) ? HID_REPORT_TYPE_INPUT :
187           ((type == HID_OUTPUT_REPORT) ? HID_REPORT_TYPE_OUTPUT :
188            ((type == HID_FEATURE_REPORT) ? HID_REPORT_TYPE_FEATURE : 0));
189         uref.report_id = field->report->id;
190         uref.field_index = field->index;
191         uref.usage_index = (usage - field->usage);
192         uref.usage_code = usage->hid;
193         uref.value = value;
194
195         hiddev_send_event(hid, &uref);
196 }
197 EXPORT_SYMBOL_GPL(hiddev_hid_event);
198
199 void hiddev_report_event(struct hid_device *hid, struct hid_report *report)
200 {
201         unsigned type = report->type;
202         struct hiddev_usage_ref uref;
203
204         memset(&uref, 0, sizeof(uref));
205         uref.report_type =
206           (type == HID_INPUT_REPORT) ? HID_REPORT_TYPE_INPUT :
207           ((type == HID_OUTPUT_REPORT) ? HID_REPORT_TYPE_OUTPUT :
208            ((type == HID_FEATURE_REPORT) ? HID_REPORT_TYPE_FEATURE : 0));
209         uref.report_id = report->id;
210         uref.field_index = HID_FIELD_INDEX_NONE;
211
212         hiddev_send_event(hid, &uref);
213 }
214
215 /*
216  * fasync file op
217  */
218 static int hiddev_fasync(int fd, struct file *file, int on)
219 {
220         struct hiddev_list *list = file->private_data;
221
222         return fasync_helper(fd, file, on, &list->fasync);
223 }
224
225
226 /*
227  * release file op
228  */
229 static int hiddev_release(struct inode * inode, struct file * file)
230 {
231         struct hiddev_list *list = file->private_data;
232         unsigned long flags;
233
234         spin_lock_irqsave(&list->hiddev->list_lock, flags);
235         list_del(&list->node);
236         spin_unlock_irqrestore(&list->hiddev->list_lock, flags);
237
238         mutex_lock(&list->hiddev->existancelock);
239         if (!--list->hiddev->open) {
240                 if (list->hiddev->exist) {
241                         hid_hw_close(list->hiddev->hid);
242                         hid_hw_power(list->hiddev->hid, PM_HINT_NORMAL);
243                 } else {
244                         mutex_unlock(&list->hiddev->existancelock);
245                         kfree(list->hiddev);
246                         vfree(list);
247                         return 0;
248                 }
249         }
250
251         mutex_unlock(&list->hiddev->existancelock);
252         vfree(list);
253
254         return 0;
255 }
256
257 /*
258  * open file op
259  */
260 static int hiddev_open(struct inode *inode, struct file *file)
261 {
262         struct hiddev_list *list;
263         struct usb_interface *intf;
264         struct hid_device *hid;
265         struct hiddev *hiddev;
266         int res;
267
268         intf = usbhid_find_interface(iminor(inode));
269         if (!intf)
270                 return -ENODEV;
271         hid = usb_get_intfdata(intf);
272         hiddev = hid->hiddev;
273
274         if (!(list = vzalloc(sizeof(struct hiddev_list))))
275                 return -ENOMEM;
276         mutex_init(&list->thread_lock);
277         list->hiddev = hiddev;
278         file->private_data = list;
279
280         /*
281          * no need for locking because the USB major number
282          * is shared which usbcore guards against disconnect
283          */
284         if (list->hiddev->exist) {
285                 if (!list->hiddev->open++) {
286                         res = hid_hw_open(hiddev->hid);
287                         if (res < 0)
288                                 goto bail;
289                 }
290         } else {
291                 res = -ENODEV;
292                 goto bail;
293         }
294
295         spin_lock_irq(&list->hiddev->list_lock);
296         list_add_tail(&list->node, &hiddev->list);
297         spin_unlock_irq(&list->hiddev->list_lock);
298
299         mutex_lock(&hiddev->existancelock);
300         if (!list->hiddev->open++)
301                 if (list->hiddev->exist) {
302                         struct hid_device *hid = hiddev->hid;
303                         res = hid_hw_power(hid, PM_HINT_FULLON);
304                         if (res < 0)
305                                 goto bail_unlock;
306                         res = hid_hw_open(hid);
307                         if (res < 0)
308                                 goto bail_normal_power;
309                 }
310         mutex_unlock(&hiddev->existancelock);
311         return 0;
312 bail_normal_power:
313         hid_hw_power(hid, PM_HINT_NORMAL);
314 bail_unlock:
315         mutex_unlock(&hiddev->existancelock);
316 bail:
317         file->private_data = NULL;
318         vfree(list);
319         return res;
320 }
321
322 /*
323  * "write" file op
324  */
325 static ssize_t hiddev_write(struct file * file, const char __user * buffer, size_t count, loff_t *ppos)
326 {
327         return -EINVAL;
328 }
329
330 /*
331  * "read" file op
332  */
333 static ssize_t hiddev_read(struct file * file, char __user * buffer, size_t count, loff_t *ppos)
334 {
335         DEFINE_WAIT(wait);
336         struct hiddev_list *list = file->private_data;
337         int event_size;
338         int retval;
339
340         event_size = ((list->flags & HIDDEV_FLAG_UREF) != 0) ?
341                 sizeof(struct hiddev_usage_ref) : sizeof(struct hiddev_event);
342
343         if (count < event_size)
344                 return 0;
345
346         /* lock against other threads */
347         retval = mutex_lock_interruptible(&list->thread_lock);
348         if (retval)
349                 return -ERESTARTSYS;
350
351         while (retval == 0) {
352                 if (list->head == list->tail) {
353                         prepare_to_wait(&list->hiddev->wait, &wait, TASK_INTERRUPTIBLE);
354
355                         while (list->head == list->tail) {
356                                 if (signal_pending(current)) {
357                                         retval = -ERESTARTSYS;
358                                         break;
359                                 }
360                                 if (!list->hiddev->exist) {
361                                         retval = -EIO;
362                                         break;
363                                 }
364                                 if (file->f_flags & O_NONBLOCK) {
365                                         retval = -EAGAIN;
366                                         break;
367                                 }
368
369                                 /* let O_NONBLOCK tasks run */
370                                 mutex_unlock(&list->thread_lock);
371                                 schedule();
372                                 if (mutex_lock_interruptible(&list->thread_lock)) {
373                                         finish_wait(&list->hiddev->wait, &wait);
374                                         return -EINTR;
375                                 }
376                                 set_current_state(TASK_INTERRUPTIBLE);
377                         }
378                         finish_wait(&list->hiddev->wait, &wait);
379
380                 }
381
382                 if (retval) {
383                         mutex_unlock(&list->thread_lock);
384                         return retval;
385                 }
386
387
388                 while (list->head != list->tail &&
389                        retval + event_size <= count) {
390                         if ((list->flags & HIDDEV_FLAG_UREF) == 0) {
391                                 if (list->buffer[list->tail].field_index != HID_FIELD_INDEX_NONE) {
392                                         struct hiddev_event event;
393
394                                         event.hid = list->buffer[list->tail].usage_code;
395                                         event.value = list->buffer[list->tail].value;
396                                         if (copy_to_user(buffer + retval, &event, sizeof(struct hiddev_event))) {
397                                                 mutex_unlock(&list->thread_lock);
398                                                 return -EFAULT;
399                                         }
400                                         retval += sizeof(struct hiddev_event);
401                                 }
402                         } else {
403                                 if (list->buffer[list->tail].field_index != HID_FIELD_INDEX_NONE ||
404                                     (list->flags & HIDDEV_FLAG_REPORT) != 0) {
405
406                                         if (copy_to_user(buffer + retval, list->buffer + list->tail, sizeof(struct hiddev_usage_ref))) {
407                                                 mutex_unlock(&list->thread_lock);
408                                                 return -EFAULT;
409                                         }
410                                         retval += sizeof(struct hiddev_usage_ref);
411                                 }
412                         }
413                         list->tail = (list->tail + 1) & (HIDDEV_BUFFER_SIZE - 1);
414                 }
415
416         }
417         mutex_unlock(&list->thread_lock);
418
419         return retval;
420 }
421
422 /*
423  * "poll" file op
424  * No kernel lock - fine
425  */
426 static __poll_t hiddev_poll(struct file *file, poll_table *wait)
427 {
428         struct hiddev_list *list = file->private_data;
429
430         poll_wait(file, &list->hiddev->wait, wait);
431         if (list->head != list->tail)
432                 return EPOLLIN | EPOLLRDNORM;
433         if (!list->hiddev->exist)
434                 return EPOLLERR | EPOLLHUP;
435         return 0;
436 }
437
438 /*
439  * "ioctl" file op
440  */
441 static noinline int hiddev_ioctl_usage(struct hiddev *hiddev, unsigned int cmd, void __user *user_arg)
442 {
443         struct hid_device *hid = hiddev->hid;
444         struct hiddev_report_info rinfo;
445         struct hiddev_usage_ref_multi *uref_multi = NULL;
446         struct hiddev_usage_ref *uref;
447         struct hid_report *report;
448         struct hid_field *field;
449         int i;
450
451         uref_multi = kmalloc(sizeof(struct hiddev_usage_ref_multi), GFP_KERNEL);
452         if (!uref_multi)
453                 return -ENOMEM;
454         uref = &uref_multi->uref;
455         if (cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) {
456                 if (copy_from_user(uref_multi, user_arg,
457                                    sizeof(*uref_multi)))
458                         goto fault;
459         } else {
460                 if (copy_from_user(uref, user_arg, sizeof(*uref)))
461                         goto fault;
462         }
463
464         switch (cmd) {
465         case HIDIOCGUCODE:
466                 rinfo.report_type = uref->report_type;
467                 rinfo.report_id = uref->report_id;
468                 if ((report = hiddev_lookup_report(hid, &rinfo)) == NULL)
469                         goto inval;
470
471                 if (uref->field_index >= report->maxfield)
472                         goto inval;
473                 uref->field_index = array_index_nospec(uref->field_index,
474                                                        report->maxfield);
475
476                 field = report->field[uref->field_index];
477                 if (uref->usage_index >= field->maxusage)
478                         goto inval;
479                 uref->usage_index = array_index_nospec(uref->usage_index,
480                                                        field->maxusage);
481
482                 uref->usage_code = field->usage[uref->usage_index].hid;
483
484                 if (copy_to_user(user_arg, uref, sizeof(*uref)))
485                         goto fault;
486
487                 goto goodreturn;
488
489         default:
490                 if (cmd != HIDIOCGUSAGE &&
491                     cmd != HIDIOCGUSAGES &&
492                     uref->report_type == HID_REPORT_TYPE_INPUT)
493                         goto inval;
494
495                 if (uref->report_id == HID_REPORT_ID_UNKNOWN) {
496                         field = hiddev_lookup_usage(hid, uref);
497                         if (field == NULL)
498                                 goto inval;
499                 } else {
500                         rinfo.report_type = uref->report_type;
501                         rinfo.report_id = uref->report_id;
502                         if ((report = hiddev_lookup_report(hid, &rinfo)) == NULL)
503                                 goto inval;
504
505                         if (uref->field_index >= report->maxfield)
506                                 goto inval;
507                         uref->field_index = array_index_nospec(uref->field_index,
508                                                                report->maxfield);
509
510                         field = report->field[uref->field_index];
511
512                         if (cmd == HIDIOCGCOLLECTIONINDEX) {
513                                 if (uref->usage_index >= field->maxusage)
514                                         goto inval;
515                                 uref->usage_index =
516                                         array_index_nospec(uref->usage_index,
517                                                            field->maxusage);
518                         } else if (uref->usage_index >= field->report_count)
519                                 goto inval;
520                 }
521
522                 if (cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) {
523                         if (uref_multi->num_values > HID_MAX_MULTI_USAGES ||
524                             uref->usage_index + uref_multi->num_values >
525                             field->report_count)
526                                 goto inval;
527
528                         uref->usage_index =
529                                 array_index_nospec(uref->usage_index,
530                                                    field->report_count -
531                                                    uref_multi->num_values);
532                 }
533
534                 switch (cmd) {
535                 case HIDIOCGUSAGE:
536                         uref->value = field->value[uref->usage_index];
537                         if (copy_to_user(user_arg, uref, sizeof(*uref)))
538                                 goto fault;
539                         goto goodreturn;
540
541                 case HIDIOCSUSAGE:
542                         field->value[uref->usage_index] = uref->value;
543                         goto goodreturn;
544
545                 case HIDIOCGCOLLECTIONINDEX:
546                         i = field->usage[uref->usage_index].collection_index;
547                         kfree(uref_multi);
548                         return i;
549                 case HIDIOCGUSAGES:
550                         for (i = 0; i < uref_multi->num_values; i++)
551                                 uref_multi->values[i] =
552                                     field->value[uref->usage_index + i];
553                         if (copy_to_user(user_arg, uref_multi,
554                                          sizeof(*uref_multi)))
555                                 goto fault;
556                         goto goodreturn;
557                 case HIDIOCSUSAGES:
558                         for (i = 0; i < uref_multi->num_values; i++)
559                                 field->value[uref->usage_index + i] =
560                                     uref_multi->values[i];
561                         goto goodreturn;
562                 }
563
564 goodreturn:
565                 kfree(uref_multi);
566                 return 0;
567 fault:
568                 kfree(uref_multi);
569                 return -EFAULT;
570 inval:
571                 kfree(uref_multi);
572                 return -EINVAL;
573         }
574 }
575
576 static noinline int hiddev_ioctl_string(struct hiddev *hiddev, unsigned int cmd, void __user *user_arg)
577 {
578         struct hid_device *hid = hiddev->hid;
579         struct usb_device *dev = hid_to_usb_dev(hid);
580         int idx, len;
581         char *buf;
582
583         if (get_user(idx, (int __user *)user_arg))
584                 return -EFAULT;
585
586         if ((buf = kmalloc(HID_STRING_SIZE, GFP_KERNEL)) == NULL)
587                 return -ENOMEM;
588
589         if ((len = usb_string(dev, idx, buf, HID_STRING_SIZE-1)) < 0) {
590                 kfree(buf);
591                 return -EINVAL;
592         }
593
594         if (copy_to_user(user_arg+sizeof(int), buf, len+1)) {
595                 kfree(buf);
596                 return -EFAULT;
597         }
598
599         kfree(buf);
600
601         return len;
602 }
603
604 static long hiddev_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
605 {
606         struct hiddev_list *list = file->private_data;
607         struct hiddev *hiddev = list->hiddev;
608         struct hid_device *hid;
609         struct hiddev_collection_info cinfo;
610         struct hiddev_report_info rinfo;
611         struct hiddev_field_info finfo;
612         struct hiddev_devinfo dinfo;
613         struct hid_report *report;
614         struct hid_field *field;
615         void __user *user_arg = (void __user *)arg;
616         int i, r = -EINVAL;
617
618         /* Called without BKL by compat methods so no BKL taken */
619
620         mutex_lock(&hiddev->existancelock);
621         if (!hiddev->exist) {
622                 r = -ENODEV;
623                 goto ret_unlock;
624         }
625
626         hid = hiddev->hid;
627
628         switch (cmd) {
629
630         case HIDIOCGVERSION:
631                 r = put_user(HID_VERSION, (int __user *)arg) ?
632                         -EFAULT : 0;
633                 break;
634
635         case HIDIOCAPPLICATION:
636                 if (arg >= hid->maxapplication)
637                         break;
638
639                 for (i = 0; i < hid->maxcollection; i++)
640                         if (hid->collection[i].type ==
641                             HID_COLLECTION_APPLICATION && arg-- == 0)
642                                 break;
643
644                 if (i < hid->maxcollection)
645                         r = hid->collection[i].usage;
646                 break;
647
648         case HIDIOCGDEVINFO:
649                 {
650                         struct usb_device *dev = hid_to_usb_dev(hid);
651                         struct usbhid_device *usbhid = hid->driver_data;
652
653                         memset(&dinfo, 0, sizeof(dinfo));
654
655                         dinfo.bustype = BUS_USB;
656                         dinfo.busnum = dev->bus->busnum;
657                         dinfo.devnum = dev->devnum;
658                         dinfo.ifnum = usbhid->ifnum;
659                         dinfo.vendor = le16_to_cpu(dev->descriptor.idVendor);
660                         dinfo.product = le16_to_cpu(dev->descriptor.idProduct);
661                         dinfo.version = le16_to_cpu(dev->descriptor.bcdDevice);
662                         dinfo.num_applications = hid->maxapplication;
663
664                         r = copy_to_user(user_arg, &dinfo, sizeof(dinfo)) ?
665                                 -EFAULT : 0;
666                         break;
667                 }
668
669         case HIDIOCGFLAG:
670                 r = put_user(list->flags, (int __user *)arg) ?
671                         -EFAULT : 0;
672                 break;
673
674         case HIDIOCSFLAG:
675                 {
676                         int newflags;
677
678                         if (get_user(newflags, (int __user *)arg)) {
679                                 r = -EFAULT;
680                                 break;
681                         }
682
683                         if ((newflags & ~HIDDEV_FLAGS) != 0 ||
684                             ((newflags & HIDDEV_FLAG_REPORT) != 0 &&
685                              (newflags & HIDDEV_FLAG_UREF) == 0))
686                                 break;
687
688                         list->flags = newflags;
689
690                         r = 0;
691                         break;
692                 }
693
694         case HIDIOCGSTRING:
695                 r = hiddev_ioctl_string(hiddev, cmd, user_arg);
696                 break;
697
698         case HIDIOCINITREPORT:
699                 usbhid_init_reports(hid);
700                 hiddev->initialized = true;
701                 r = 0;
702                 break;
703
704         case HIDIOCGREPORT:
705                 if (copy_from_user(&rinfo, user_arg, sizeof(rinfo))) {
706                         r = -EFAULT;
707                         break;
708                 }
709
710                 if (rinfo.report_type == HID_REPORT_TYPE_OUTPUT)
711                         break;
712
713                 report = hiddev_lookup_report(hid, &rinfo);
714                 if (report == NULL)
715                         break;
716
717                 hid_hw_request(hid, report, HID_REQ_GET_REPORT);
718                 hid_hw_wait(hid);
719
720                 r = 0;
721                 break;
722
723         case HIDIOCSREPORT:
724                 if (copy_from_user(&rinfo, user_arg, sizeof(rinfo))) {
725                         r = -EFAULT;
726                         break;
727                 }
728
729                 if (rinfo.report_type == HID_REPORT_TYPE_INPUT)
730                         break;
731
732                 report = hiddev_lookup_report(hid, &rinfo);
733                 if (report == NULL)
734                         break;
735
736                 hid_hw_request(hid, report, HID_REQ_SET_REPORT);
737                 hid_hw_wait(hid);
738
739                 r = 0;
740                 break;
741
742         case HIDIOCGREPORTINFO:
743                 if (copy_from_user(&rinfo, user_arg, sizeof(rinfo))) {
744                         r = -EFAULT;
745                         break;
746                 }
747
748                 report = hiddev_lookup_report(hid, &rinfo);
749                 if (report == NULL)
750                         break;
751
752                 rinfo.num_fields = report->maxfield;
753
754                 r = copy_to_user(user_arg, &rinfo, sizeof(rinfo)) ?
755                         -EFAULT : 0;
756                 break;
757
758         case HIDIOCGFIELDINFO:
759                 if (copy_from_user(&finfo, user_arg, sizeof(finfo))) {
760                         r = -EFAULT;
761                         break;
762                 }
763
764                 rinfo.report_type = finfo.report_type;
765                 rinfo.report_id = finfo.report_id;
766
767                 report = hiddev_lookup_report(hid, &rinfo);
768                 if (report == NULL)
769                         break;
770
771                 if (finfo.field_index >= report->maxfield)
772                         break;
773                 finfo.field_index = array_index_nospec(finfo.field_index,
774                                                        report->maxfield);
775
776                 field = report->field[finfo.field_index];
777                 memset(&finfo, 0, sizeof(finfo));
778                 finfo.report_type = rinfo.report_type;
779                 finfo.report_id = rinfo.report_id;
780                 finfo.field_index = field->report_count - 1;
781                 finfo.maxusage = field->maxusage;
782                 finfo.flags = field->flags;
783                 finfo.physical = field->physical;
784                 finfo.logical = field->logical;
785                 finfo.application = field->application;
786                 finfo.logical_minimum = field->logical_minimum;
787                 finfo.logical_maximum = field->logical_maximum;
788                 finfo.physical_minimum = field->physical_minimum;
789                 finfo.physical_maximum = field->physical_maximum;
790                 finfo.unit_exponent = field->unit_exponent;
791                 finfo.unit = field->unit;
792
793                 r = copy_to_user(user_arg, &finfo, sizeof(finfo)) ?
794                         -EFAULT : 0;
795                 break;
796
797         case HIDIOCGUCODE:
798                 /* fall through */
799         case HIDIOCGUSAGE:
800         case HIDIOCSUSAGE:
801         case HIDIOCGUSAGES:
802         case HIDIOCSUSAGES:
803         case HIDIOCGCOLLECTIONINDEX:
804                 if (!hiddev->initialized) {
805                         usbhid_init_reports(hid);
806                         hiddev->initialized = true;
807                 }
808                 r = hiddev_ioctl_usage(hiddev, cmd, user_arg);
809                 break;
810
811         case HIDIOCGCOLLECTIONINFO:
812                 if (copy_from_user(&cinfo, user_arg, sizeof(cinfo))) {
813                         r = -EFAULT;
814                         break;
815                 }
816
817                 if (cinfo.index >= hid->maxcollection)
818                         break;
819                 cinfo.index = array_index_nospec(cinfo.index,
820                                                  hid->maxcollection);
821
822                 cinfo.type = hid->collection[cinfo.index].type;
823                 cinfo.usage = hid->collection[cinfo.index].usage;
824                 cinfo.level = hid->collection[cinfo.index].level;
825
826                 r = copy_to_user(user_arg, &cinfo, sizeof(cinfo)) ?
827                         -EFAULT : 0;
828                 break;
829
830         default:
831                 if (_IOC_TYPE(cmd) != 'H' || _IOC_DIR(cmd) != _IOC_READ)
832                         break;
833
834                 if (_IOC_NR(cmd) == _IOC_NR(HIDIOCGNAME(0))) {
835                         int len = strlen(hid->name) + 1;
836                         if (len > _IOC_SIZE(cmd))
837                                  len = _IOC_SIZE(cmd);
838                         r = copy_to_user(user_arg, hid->name, len) ?
839                                 -EFAULT : len;
840                         break;
841                 }
842
843                 if (_IOC_NR(cmd) == _IOC_NR(HIDIOCGPHYS(0))) {
844                         int len = strlen(hid->phys) + 1;
845                         if (len > _IOC_SIZE(cmd))
846                                 len = _IOC_SIZE(cmd);
847                         r = copy_to_user(user_arg, hid->phys, len) ?
848                                 -EFAULT : len;
849                         break;
850                 }
851         }
852
853 ret_unlock:
854         mutex_unlock(&hiddev->existancelock);
855         return r;
856 }
857
858 #ifdef CONFIG_COMPAT
859 static long hiddev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
860 {
861         return hiddev_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
862 }
863 #endif
864
865 static const struct file_operations hiddev_fops = {
866         .owner =        THIS_MODULE,
867         .read =         hiddev_read,
868         .write =        hiddev_write,
869         .poll =         hiddev_poll,
870         .open =         hiddev_open,
871         .release =      hiddev_release,
872         .unlocked_ioctl =       hiddev_ioctl,
873         .fasync =       hiddev_fasync,
874 #ifdef CONFIG_COMPAT
875         .compat_ioctl   = hiddev_compat_ioctl,
876 #endif
877         .llseek         = noop_llseek,
878 };
879
880 static char *hiddev_devnode(struct device *dev, umode_t *mode)
881 {
882         return kasprintf(GFP_KERNEL, "usb/%s", dev_name(dev));
883 }
884
885 static struct usb_class_driver hiddev_class = {
886         .name =         "hiddev%d",
887         .devnode =      hiddev_devnode,
888         .fops =         &hiddev_fops,
889         .minor_base =   HIDDEV_MINOR_BASE,
890 };
891
892 /*
893  * This is where hid.c calls us to connect a hid device to the hiddev driver
894  */
895 int hiddev_connect(struct hid_device *hid, unsigned int force)
896 {
897         struct hiddev *hiddev;
898         struct usbhid_device *usbhid = hid->driver_data;
899         int retval;
900
901         if (!force) {
902                 unsigned int i;
903                 for (i = 0; i < hid->maxcollection; i++)
904                         if (hid->collection[i].type ==
905                             HID_COLLECTION_APPLICATION &&
906                             !IS_INPUT_APPLICATION(hid->collection[i].usage))
907                                 break;
908
909                 if (i == hid->maxcollection)
910                         return -1;
911         }
912
913         if (!(hiddev = kzalloc(sizeof(struct hiddev), GFP_KERNEL)))
914                 return -1;
915
916         init_waitqueue_head(&hiddev->wait);
917         INIT_LIST_HEAD(&hiddev->list);
918         spin_lock_init(&hiddev->list_lock);
919         mutex_init(&hiddev->existancelock);
920         hid->hiddev = hiddev;
921         hiddev->hid = hid;
922         hiddev->exist = 1;
923         retval = usb_register_dev(usbhid->intf, &hiddev_class);
924         if (retval) {
925                 hid_err(hid, "Not able to get a minor for this device\n");
926                 hid->hiddev = NULL;
927                 kfree(hiddev);
928                 return -1;
929         }
930
931         /*
932          * If HID_QUIRK_NO_INIT_REPORTS is set, make sure we don't initialize
933          * the reports.
934          */
935         hiddev->initialized = hid->quirks & HID_QUIRK_NO_INIT_REPORTS;
936
937         hiddev->minor = usbhid->intf->minor;
938
939         return 0;
940 }
941
942 /*
943  * This is where hid.c calls us to disconnect a hiddev device from the
944  * corresponding hid device (usually because the usb device has disconnected)
945  */
946 static struct usb_class_driver hiddev_class;
947 void hiddev_disconnect(struct hid_device *hid)
948 {
949         struct hiddev *hiddev = hid->hiddev;
950         struct usbhid_device *usbhid = hid->driver_data;
951
952         usb_deregister_dev(usbhid->intf, &hiddev_class);
953
954         mutex_lock(&hiddev->existancelock);
955         hiddev->exist = 0;
956
957         if (hiddev->open) {
958                 mutex_unlock(&hiddev->existancelock);
959                 hid_hw_close(hiddev->hid);
960                 wake_up_interruptible(&hiddev->wait);
961         } else {
962                 mutex_unlock(&hiddev->existancelock);
963                 kfree(hiddev);
964         }
965 }