[go: nahoru, domu]
History log of /drivers/hid/hidraw.c
Revision Date Author Comments
e534a9352237e84263cecedff283387b144b3ed8 09-Mar-2014 Benjamin Tissoires <benjamin.tissoires@redhat.com> HID: sony: do not rely on hid_output_raw_report

hid_out_raw_report is going to be obsoleted as it is not part of the
unified HID low level transport documentation
(Documentation/hid/hid-transport.txt)

To do so, we need to introduce two new quirks:
* HID_QUIRK_NO_OUTPUT_REPORTS_ON_INTR_EP: this quirks prevents the
transport driver to use the interrupt channel to send output report
(and thus force to use HID_REQ_SET_REPORT command)
* HID_QUIRK_SKIP_OUTPUT_REPORT_ID: this one forces usbhid to not
include the report ID in the buffer it sends to the device through
HID_REQ_SET_REPORT in case of an output report

This also fixes a regression introduced in commit 3a75b24949a8
(HID: hidraw: replace hid_output_raw_report() calls by appropriates ones).
The hidraw API was not able to communicate with the PS3 SixAxis
controllers in USB mode.

Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Tested-by: Antonio Ospite <ao2@ao2.it>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
47587fc098451c2100dc1fb618855fc2e2d937af 26-Feb-2014 Fernando Luis Vázquez Cao <fernando_b1@lab.ntt.co.jp> HID: hidraw: fix warning destroying hidraw device files after parent

I noticed that after hot unplugging a Logitech unifying receiver
(drivers/hid/hid-logitech-dj.c) the kernel would occasionally spew a
stack trace similar to this:

usb 1-1.1.2: USB disconnect, device number 7
WARNING: CPU: 0 PID: 2865 at fs/sysfs/group.c:216 device_del+0x40/0x1b0()
sysfs group ffffffff8187fa20 not found for kobject 'hidraw0'
[...]
CPU: 0 PID: 2865 Comm: upowerd Tainted: G W 3.14.0-rc4 #7
Hardware name: LENOVO 7783PN4/ , BIOS 9HKT43AUS 07/11/2011
0000000000000009 ffffffff814cd684 ffff880427ccfdf8 ffffffff810616e7
ffff88041ec61800 ffff880427ccfe48 ffff88041e444d80 ffff880426fab8e8
ffff880429359960 ffffffff8106174c ffffffff81714b98 0000000000000028
Call Trace:
[<ffffffff814cd684>] ? dump_stack+0x41/0x51
[<ffffffff810616e7>] ? warn_slowpath_common+0x77/0x90
[<ffffffff8106174c>] ? warn_slowpath_fmt+0x4c/0x50
[<ffffffff81374fd0>] ? device_del+0x40/0x1b0
[<ffffffff8137516f>] ? device_unregister+0x2f/0x50
[<ffffffff813751fa>] ? device_destroy+0x3a/0x40
[<ffffffffa03ca245>] ? drop_ref+0x55/0x120 [hid]
[<ffffffffa03ca3e6>] ? hidraw_release+0x96/0xb0 [hid]
[<ffffffff811929da>] ? __fput+0xca/0x210
[<ffffffff8107fe17>] ? task_work_run+0x97/0xd0
[<ffffffff810139a9>] ? do_notify_resume+0x69/0xa0
[<ffffffff814dbd22>] ? int_signal+0x12/0x17
---[ end trace 63f4a46f6566d737 ]---

During device removal hid_disconnect() is called via hid_hw_stop() to
stop the device and free all its resources, including the sysfs
files. The problem is that if a user space process, such as upowerd,
holds a reference to a hidraw file the corresponding sysfs files will
be kept around (drop_ref() does not call device_destroy() if the open
counter is not 0) and it will be usb_disconnect() who, by calling
device_del() for the USB device, will indirectly remove the sysfs
files of the hidraw device (sysfs_remove_dir() is recursive these
days). Because of this, by the time user space releases the last
reference to the hidraw file and drop_ref() tries to destroy the
device the sysfs files are already gone and the kernel will print
the warning above.

Fix this by calling device_destroy() at USB disconnect time.

Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Cc: stable@vger.kernel.org # 3.13
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
3a75b24949a8d34d2014866006e30dc69dd567c8 20-Feb-2014 Benjamin Tissoires <benjamin.tissoires@redhat.com> HID: hidraw: replace hid_output_raw_report() calls by appropriates ones

Remove hid_output_raw_report() call as it is not a ll_driver callbacj,
and switch to the hid_hw_* implementation. USB-HID used to fallback
into SET_REPORT when there were no output interrupt endpoint,
so emulating this if hid_hw_output_report() returns -ENOSYS.

Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
7e845d46b13e7730a3720e978c28117ce422edf9 05-Feb-2014 Benjamin Tissoires <benjamin.tissoires@redhat.com> HID: introduce helper to access hid_output_raw_report()

Add a helper to access hdev->hid_output_raw_report().

To convert the drivers, use the following snippets:

for i in drivers/hid/*.c
do
sed -i.bak "s/[^ \t]*->hid_output_raw_report(/hid_output_raw_report(/g" $i
done

Then manually fix for checkpatch.pl

Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
cafebc058bf86e63fff5354864781d3de11e41d3 05-Feb-2014 Benjamin Tissoires <benjamin.tissoires@redhat.com> HID: remove hid_get_raw_report in struct hid_device

dev->hid_get_raw_report(X) and hid_hw_raw_request(X, HID_REQ_GET_REPORT)
are strictly equivalent. Switch the hid subsystem to the hid_hw notation
and remove the field .hid_get_raw_report in struct hid_device.

Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
618345359ed99a78e63f5cef8a09a8494589ee11 06-Jan-2014 Jiri Kosina <jkosina@suse.cz> HID: hidraw: make comment more accurate and nicer

Reformat and reword some of the comments to make them more understandable.

Signed-off-by: Jiri Kosina <jkosina@suse.cz>
0f5a24c6602063e014ee48892ebf56093241106e 01-Oct-2013 Manoj Chourasia <mchourasia@nvidia.com> HID: hidraw: close underlying device at removal of last reader

Even though device exist bit is set the underlying
HW device should be closed when the last reader
of the device is closed i.e. open count drops to zero.

Signed-off-by: Manoj Chourasia <mchourasia@nvidia.com>
Reported-by: mika.westerberg@linux.intel.com
Tested-by: mika.westerberg@linux.intel.com
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
277fe44dd862412ee034470ad1c13a79d24e533b 26-Aug-2013 Yonghua Zheng <younghua.zheng@gmail.com> HID: hidraw: Add spinlock in struct hidraw to protect list

It is unsafe to call list_for_each_entry in hidraw_report_event to
traverse each hidraw_list node without a lock protection, the list
could be modified if someone calls hidraw_release and list_del to
remove itself from the list, this can cause hidraw_report_event
to touch a deleted list struct and panic.

To prevent this, introduce a spinlock in struct hidraw to protect
list from concurrent access.

Signed-off-by: Yonghua Zheng <younghua.zheng@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
212a871a3934beccf43431608c27ed2e05a476ec 22-Jul-2013 Manoj Chourasia <mchourasia@nvidia.com> HID: hidraw: correctly deallocate memory on device disconnect

This changes puts the commit 4fe9f8e203f back in place
with the fixes for slab corruption because of the commit.

When a device is unplugged, wait for all processes that
have opened the device to close before deallocating the device.

This commit was solving kernel crash because of the corruption in
rb tree of vmalloc. The rootcause was the device data pointer was
geting excessed after the memory associated with hidraw was freed.

The commit 4fe9f8e203f was buggy as it was also freeing the hidraw
first and then calling delete operation on the list associated with
that hidraw leading to slab corruption.

Signed-off-by: Manoj Chourasia <mchourasia@nvidia.com>
Tested-by: Peter Wu <lekensteyn@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
8e552e535948fe8612d36a7beaf19519140bc285 30-Jul-2013 Yonghua Zheng <younghua.zheng@gmail.com> HID: hidraw: fix improper mutex release

Mutex can not be released unless all hid_device members are properly
initialized. Otherwise it would result in a race condition that can
cause NULL pointer kernel panic issue in hidraw_open where it uses
uninitialized 'list' member in list_add_tail().

Signed-off-by: Yonghua Zheng <younghua.zheng@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
496ad9aa8ef448058e36ca7a787c61f2e63f0f54 23-Jan-2013 Al Viro <viro@zeniv.linux.org.uk> new helper: file_inode(file)

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
0f690ccf56d3166e695ad27fb0936af189250ef1 19-Feb-2013 Jiri Kosina <jkosina@suse.cz> HID: hidraw: print message when succesfully initialized

Print a message when hidraw has been succesfully initialized.

Signed-off-by: Jiri Kosina <jkosina@suse.cz>
b5531318f18b5054c0e4a82beb560a77d85948d8 28-Nov-2012 Andrew Duggan <aduggan@synaptics.com> HID: hidraw: fix signaling SIGIO when hidraw reports an event

This patch fixes sending SIGIO from hidraw_report_event by creating a fasync
handler which adds the fasync entry.

Signed-off-by: Andrew Duggan <aduggan@synaptics.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
7611e8d26d8dd0e5e132b46e905cb579daf9da1e 21-Nov-2012 Founder Fang <founder.fang@gmail.com> HID: hidraw: fix nonblock read return EAGAIN after device removed

When nonblock read the condition check (file->f_flags & O_NONBLOCK) always be
true, signal_pending and device exist checking never get a chance to run, so
the user mode code always get EAGAIN even if device removed. move nonblock mode
checking to the last can fix this problem.

Signed-off-by: Founder Fang <founder.fang@gmail.com>
Reviewed-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
df0cfd6990347c20ae031f3f34137cba274f1972 01-Nov-2012 Jiri Kosina <jkosina@suse.cz> HID: hidraw: put old deallocation mechanism in place

This basically reverts commit 4fe9f8e203fda. It causes multiple problems,
namely:

- after rmmod/modprobe cycle of bus driver, the input is not claimed any
more. This is likely because of misplaced hid_hw_close()
- it causes memory corruption on hidraw_list

As original patch author is not responding to requests to fix his patch,
and the original deallocation mechanism is not exposing any problems, I
am reverting back to it.

Signed-off-by: Jiri Kosina <jkosina@suse.cz>
4fe9f8e203fdad1524c04beb390f3c6099781ed9 22-Sep-2012 Ratan Nalumasu <ratan@google.com> HID: hidraw: don't deallocate memory when it is in use

When a device is unplugged, wait for all processes that have opened the device
to close before deallocating the device.

Signed-off-by: Ratan Nalumasu <ratan@google.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
bcb4a75bde3821cecb17a71d287abfd6ef9bd68d 15-Aug-2012 Alexey Khoroshilov <khoroshilov@ispras.ru> HID: hidraw: improve error handling in hidraw_init()

Several improvements in error handling:
- do not report success if alloc_chrdev_region() failed
- check for error code of cdev_add()
- use unregister_chrdev_region() instead of unregister_chrdev()
if class_create() failed

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
4c7b417ecb756e85dfc955b0e7a04fd45585533e 28-Jun-2012 Matthieu CASTET <matthieu.castet@parrot.com> HID: hidraw: fix list->buffer memleak

If we don't read fast enough hidraw device, hidraw_report_event
will cycle and we will leak list->buffer.
Also list->buffer are not free on release.
After this patch, kmemleak report nothing.

Signed-off-by: Matthieu CASTET <matthieu.castet@parrot.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
b6787242f32700377d3da3b8d788ab3928bab849 27-Apr-2012 Jiri Kosina <jkosina@suse.cz> HID: hidraw: add proper error handling to raw event reporting

If kmemdup() in hidraw_report_event() fails, we are not propagating
this fact properly.

Let hidraw_report_event() and hid_report_raw_event() return an error
value to the caller.

Reported-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
f554ff80339b4005856e6a86454d6ea2bb962ee5 27-Sep-2011 Amit Nagal <helloin.amit@gmail.com> HID: hidraw: open count should not increase if error

In hidraw_open, if hid_hw_power returns with error, hidraw device open count
should not increase.

Signed-off-by: Amit Nagal <helloin.amit@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
65b01bd561dc995aab116aa784f97a37f7c49a65 20-Sep-2011 James Hogan <james.hogan@imgtec.com> HID: hidraw: protect hidraw_disconnect() better

The function hidraw_disconnect() only acquires the hidraw minors_lock
when clearing the entry in hidraw_table. However the device_destroy()
call can cause a userland read/write to return with an error. It may
cause the program to release the file descripter before the disconnect
is finished. hidraw_disconnect() has already set hidraw->exist to 0,
which makes hidraw_release() kfree the hidraw structure, which
hidraw_disconnect() continues to access and even tries to kfree again.
Similarly if a hidraw_release() occurs after setting hidraw->exist to 0,
the same thing can happen.

This is fixed by expanding the mutex critical section to cover the whole
function from setting hidraw->exist to 0 to freeing the hidraw
structure, preventing a hidraw_release() from interfering.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Tested-by: David Herrmann <dh.herrmann@googlemail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
1a8962317f494ad858971fc08ba035eff658a5c9 07-Sep-2011 Amit Nagal <helloin.amit@gmail.com> HID: hidraw: free list for all error in hidraw_open

In function hidraw_open struct hidraw_list *list should be freed for
all error conditions.

Signed-off-by: Amit Nagal <helloin.amit@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
dd2ed487fdd78b50549b2ca8418875c0d9f4a30e 15-May-2011 Daniel Mack <zonque@gmail.com> HID: 'name' and 'phys' in 'struct hid_device' can never be NULL

As they are static members of fix size, there is no need to NULL-check them.

Signed-off-by: Daniel Mack <zonque@gmail.com>
Cc: Dmitry Torokhov <dtor@mail.ru>
Cc: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
d2a1cfebe38edc0bbac8f5cfbce062fe3d146d7a 27-Mar-2011 Jiri Kosina <jkosina@suse.cz> HID: hidraw: fix comments

Adjust the comments a little bit.

Signed-off-by: Jiri Kosina <jkosina@suse.cz>
b4dbde9da8ece42bbe4c70c26bac3b28dd6a3ddb 18-Jan-2011 Alan Ott <alan@signal11.us> HID: Add Support for Setting and Getting Feature Reports from hidraw

Per the HID Specification, Feature reports must be sent and received on
the Configuration endpoint (EP 0) through the Set_Report/Get_Report
interfaces. This patch adds two ioctls to hidraw to set and get feature
reports to and from the device. Modifications were made to hidraw and
usbhid.

New hidraw ioctls:
HIDIOCSFEATURE - Perform a Set_Report transfer of a Feature report.
HIDIOCGFEATURE - Perform a Get_Report transfer of a Feature report.

Signed-off-by: Alan Ott <alan@signal11.us>
Signed-off-by: Antonio Ospite <ospite@studenti.unina.it>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
3a22ebe9cc76acac2511b1d3979a35609924ce42 29-Jan-2011 Stefan Achatz <erazor_de@users.sourceforge.net> HID: hidraw: fix hidraw_disconnect()

hidraw_disconnect() first sets an entry in hidraw_table to NULL
and calls device_destroy() afterwards. The thereby called
hidraw_release() tries to read this already cleared value resulting
in never removing any device from the list.
This got fixed by changing the order of events.

Signed-off-by: Stefan Achatz <erazor_de@users.sourceforge.net>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
cf28a673666fba5770b40fb084584391f451c07d 27-Jan-2011 Alan Ott <alan@signal11.us> HID: hidraw: Replace Confusing += Operator with =

Setting of the return value of hidraw_read() uses the += operator when
= is more appropriate. There is no case where ret can be anything
other than zero when the assignment is made, making = equivalent to
+= and much more clear.

Signed-off-by: Alan Ott <alan@signal11.us>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
ae5e49c79c051ea1d5ca91cbd4a0d22189067ba3 04-Jan-2011 Alan Ott <alan@signal11.us> HID: hidraw: add compatibility ioctl() for 32-bit applications.

Added the ioctl function to the compat_ioctl pointer in the file_operations
struct. Before this, some ioctls would fail for 32-bit apps on 64-bit systems.

Signed-off-by: Alan Ott <alan@signal11.us>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
4291ee305e9bb0699504a66f0e2b7aefcf0512a5 10-Dec-2010 Joe Perches <joe@perches.com> HID: Add and use hid_<level>: dev_<level> equivalents

Neaten current uses of dev_<level> by adding and using
hid specific hid_<level> macros.

Convert existing uses of dev_<level> uses to hid_<level>.
Convert hid-pidff printk uses to hid_<level>.

Remove err_hid and use hid_err instead.

Add missing newlines to logging messages where necessary.
Coalesce format strings.

Add and use pr_fmt(fmt) KBUILD_MODNAME ": " fmt

Other miscellaneous changes:

Add const struct hid_device * argument to hid-core functions
extract() and implement() so hid_<level> can be used by them.
Fix bad indentation in hid-core hid_input_field function
that calls extract() function above.

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
5bea7660bba973dc5e8e9d92b11fb1dd5b524ebf 08-Dec-2010 Dmitry Torokhov <dmitry.torokhov@gmail.com> HID: add hid_hw_open/close/power() handlers

Instead of exposing the guts of hid->ll_driver relationship to HID
sub-drivers provide these helpers to encapsulate the details.

Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
451a3c24b0135bce54542009b5fde43846c7cf67 17-Nov-2010 Arnd Bergmann <arnd@arndb.de> BKL: remove extraneous #include <smp_lock.h>

The big kernel lock has been removed from all these files at some point,
leaving only the #include.

Remove this too as a cleanup.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
cb174681a9ececa6702f114b85bdf82144b6a5af 19-Oct-2010 Jiri Slaby <jslaby@suse.cz> HID: hidraw: fix window in hidraw_release

There is a window between hidraw_table check and its dereference.
In that window, the device may be unplugged and removed form the
system and we will then dereference NULL.

Lock that place properly so that either we get NULL and jump out or we
can work with real pointer.

Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
6038f373a3dc1f1c26496e60b6c40b164716f07e 15-Aug-2010 Arnd Bergmann <arnd@arndb.de> llseek: automatically add .llseek fop

All file_operations should get a .llseek operation so we can make
nonseekable_open the default for future file operations without a
.llseek pointer.

The three cases that we can automatically detect are no_llseek, seq_lseek
and default_llseek. For cases where we can we can automatically prove that
the file offset is always ignored, we use noop_llseek, which maintains
the current behavior of not returning an error from a seek.

New drivers should normally not use noop_llseek but instead use no_llseek
and call nonseekable_open at open time. Existing drivers can be converted
to do the same when the maintainer knows for certain that no user code
relies on calling seek on the device file.

The generated code is often incorrectly indented and right now contains
comments that clarify for each added line why a specific variant was
chosen. In the version that gets submitted upstream, the comments will
be gone and I will manually fix the indentation, because there does not
seem to be a way to do that using coccinelle.

Some amount of new code is currently sitting in linux-next that should get
the same modifications, which I will do at the end of the merge window.

Many thanks to Julia Lawall for helping me learn to write a semantic
patch that does all this.

===== begin semantic patch =====
// This adds an llseek= method to all file operations,
// as a preparation for making no_llseek the default.
//
// The rules are
// - use no_llseek explicitly if we do nonseekable_open
// - use seq_lseek for sequential files
// - use default_llseek if we know we access f_pos
// - use noop_llseek if we know we don't access f_pos,
// but we still want to allow users to call lseek
//
@ open1 exists @
identifier nested_open;
@@
nested_open(...)
{
<+...
nonseekable_open(...)
...+>
}

@ open exists@
identifier open_f;
identifier i, f;
identifier open1.nested_open;
@@
int open_f(struct inode *i, struct file *f)
{
<+...
(
nonseekable_open(...)
|
nested_open(...)
)
...+>
}

@ read disable optional_qualifier exists @
identifier read_f;
identifier f, p, s, off;
type ssize_t, size_t, loff_t;
expression E;
identifier func;
@@
ssize_t read_f(struct file *f, char *p, size_t s, loff_t *off)
{
<+...
(
*off = E
|
*off += E
|
func(..., off, ...)
|
E = *off
)
...+>
}

@ read_no_fpos disable optional_qualifier exists @
identifier read_f;
identifier f, p, s, off;
type ssize_t, size_t, loff_t;
@@
ssize_t read_f(struct file *f, char *p, size_t s, loff_t *off)
{
... when != off
}

@ write @
identifier write_f;
identifier f, p, s, off;
type ssize_t, size_t, loff_t;
expression E;
identifier func;
@@
ssize_t write_f(struct file *f, const char *p, size_t s, loff_t *off)
{
<+...
(
*off = E
|
*off += E
|
func(..., off, ...)
|
E = *off
)
...+>
}

@ write_no_fpos @
identifier write_f;
identifier f, p, s, off;
type ssize_t, size_t, loff_t;
@@
ssize_t write_f(struct file *f, const char *p, size_t s, loff_t *off)
{
... when != off
}

@ fops0 @
identifier fops;
@@
struct file_operations fops = {
...
};

@ has_llseek depends on fops0 @
identifier fops0.fops;
identifier llseek_f;
@@
struct file_operations fops = {
...
.llseek = llseek_f,
...
};

@ has_read depends on fops0 @
identifier fops0.fops;
identifier read_f;
@@
struct file_operations fops = {
...
.read = read_f,
...
};

@ has_write depends on fops0 @
identifier fops0.fops;
identifier write_f;
@@
struct file_operations fops = {
...
.write = write_f,
...
};

@ has_open depends on fops0 @
identifier fops0.fops;
identifier open_f;
@@
struct file_operations fops = {
...
.open = open_f,
...
};

// use no_llseek if we call nonseekable_open
////////////////////////////////////////////
@ nonseekable1 depends on !has_llseek && has_open @
identifier fops0.fops;
identifier nso ~= "nonseekable_open";
@@
struct file_operations fops = {
... .open = nso, ...
+.llseek = no_llseek, /* nonseekable */
};

@ nonseekable2 depends on !has_llseek @
identifier fops0.fops;
identifier open.open_f;
@@
struct file_operations fops = {
... .open = open_f, ...
+.llseek = no_llseek, /* open uses nonseekable */
};

// use seq_lseek for sequential files
/////////////////////////////////////
@ seq depends on !has_llseek @
identifier fops0.fops;
identifier sr ~= "seq_read";
@@
struct file_operations fops = {
... .read = sr, ...
+.llseek = seq_lseek, /* we have seq_read */
};

// use default_llseek if there is a readdir
///////////////////////////////////////////
@ fops1 depends on !has_llseek && !nonseekable1 && !nonseekable2 && !seq @
identifier fops0.fops;
identifier readdir_e;
@@
// any other fop is used that changes pos
struct file_operations fops = {
... .readdir = readdir_e, ...
+.llseek = default_llseek, /* readdir is present */
};

// use default_llseek if at least one of read/write touches f_pos
/////////////////////////////////////////////////////////////////
@ fops2 depends on !fops1 && !has_llseek && !nonseekable1 && !nonseekable2 && !seq @
identifier fops0.fops;
identifier read.read_f;
@@
// read fops use offset
struct file_operations fops = {
... .read = read_f, ...
+.llseek = default_llseek, /* read accesses f_pos */
};

@ fops3 depends on !fops1 && !fops2 && !has_llseek && !nonseekable1 && !nonseekable2 && !seq @
identifier fops0.fops;
identifier write.write_f;
@@
// write fops use offset
struct file_operations fops = {
... .write = write_f, ...
+ .llseek = default_llseek, /* write accesses f_pos */
};

// Use noop_llseek if neither read nor write accesses f_pos
///////////////////////////////////////////////////////////

@ fops4 depends on !fops1 && !fops2 && !fops3 && !has_llseek && !nonseekable1 && !nonseekable2 && !seq @
identifier fops0.fops;
identifier read_no_fpos.read_f;
identifier write_no_fpos.write_f;
@@
// write fops use offset
struct file_operations fops = {
...
.write = write_f,
.read = read_f,
...
+.llseek = noop_llseek, /* read and write both use no f_pos */
};

@ depends on has_write && !has_read && !fops1 && !fops2 && !has_llseek && !nonseekable1 && !nonseekable2 && !seq @
identifier fops0.fops;
identifier write_no_fpos.write_f;
@@
struct file_operations fops = {
... .write = write_f, ...
+.llseek = noop_llseek, /* write uses no f_pos */
};

@ depends on has_read && !has_write && !fops1 && !fops2 && !has_llseek && !nonseekable1 && !nonseekable2 && !seq @
identifier fops0.fops;
identifier read_no_fpos.read_f;
@@
struct file_operations fops = {
... .read = read_f, ...
+.llseek = noop_llseek, /* read uses no f_pos */
};

@ depends on !has_read && !has_write && !fops1 && !fops2 && !has_llseek && !nonseekable1 && !nonseekable2 && !seq @
identifier fops0.fops;
@@
struct file_operations fops = {
...
+.llseek = noop_llseek, /* no read or write fn */
};
===== End semantic patch =====

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Cc: Julia Lawall <julia@diku.dk>
Cc: Christoph Hellwig <hch@infradead.org>
e42dee9a99a3ecd32b5c027e8f7411fb5bc11eb6 05-Oct-2010 Antonio Ospite <ospite@studenti.unina.it> HID: hidraw, fix a NULL pointer dereference in hidraw_write

BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
IP: [<ffffffffa0f0a625>] hidraw_write+0x3b/0x116 [hid]
[...]

This is reproducible by disconnecting the device while userspace writes
to dev node in a loop and doesn't check return values in order to exit
the loop.

Signed-off-by: Antonio Ospite <ospite@studenti.unina.it>
Cc: stable@kernel.org
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
d20d5ffab92f00188f360c44c791a5ffb988247c 05-Oct-2010 Antonio Ospite <ospite@studenti.unina.it> HID: hidraw, fix a NULL pointer dereference in hidraw_ioctl

BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
IP: [<ffffffffa02c66b4>] hidraw_ioctl+0xfc/0x32c [hid]
[...]

This is reproducible by disconnecting the device while userspace does
ioctl in a loop and doesn't check return values in order to exit the
loop.

Signed-off-by: Antonio Ospite <ospite@studenti.unina.it>
Cc: stable@kernel.org
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
83efb8fe671af3c7b5613868aadc93ce973b6c3d 19-May-2010 Stefan Achatz <erazor_de@users.sourceforge.net> HID: remove unused variable from hidraw_read

Removed unused variable from hidraw_read.

Signed-off-by: Stefan Achatz <erazor_de@users.sourceforge.net>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
81cd584394e54514c57b18e0f23e0b5ca40070b2 30-Apr-2010 Antonio Ospite <ospite@studenti.unina.it> HID: hidraw: fix indentation

Signed-off-by: Antonio Ospite <ospite@studenti.unina.it>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
5a0e3ad6af8660be21ca98a971cd00f331318c05 24-Mar-2010 Tejun Heo <tj@kernel.org> include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h

percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.

percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.

http://userweb.kernel.org/~tj/misc/slabh-sweep.py

The script does the followings.

* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.

* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.

* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.

The conversion was done in the following steps.

1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.

2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.

3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.

4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.

5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.

6. percpu.h was updated not to include slab.h.

7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).

* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig

8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.

Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.

Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
0a504541b3ba593535d70f3124546e5e471a175e 25-Mar-2010 Jiri Kosina <jkosina@suse.cz> HID: remove excessive _EMERG messages from hidraw

We don't need to shout loudly when device gets disconnected
while hidraw node has been open, as this is properly handled
in disconnect() and protected by minors_lock already.

Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2e57480b2a717916510b0c23b2851398a4cbd958 25-Mar-2010 Jiri Kosina <jkosina@suse.cz> HID: remove BKL from hidraw

Remove BKL from hidraw, which is possible through fixing the
locking of minors_lock mutex properly -- it is now used to
guard all accessess to hidraw_table[], preventing it to becoming
NULL unexpectedly by unregistering the device.

Signed-off-by: Jiri Kosina <jkosina@suse.cz>
d4bfa033ed84e0ae446eff445d107ffd5ee78df3 29-Jan-2010 Jiri Kosina <jkosina@suse.cz> HID: make raw reports possible for both feature and output reports

In commit 2da31939a42 ("Bluetooth: Implement raw output support for HIDP
layer"), support for Bluetooth hid_output_raw_report was added, but it
pushes the data to the intr socket instead of the ctrl one. This has been
fixed by 6bf8268f9a91f1 ("Bluetooth: Use the control channel for raw HID reports")

Still, it is necessary to distinguish whether the report in question should be
either FEATURE or OUTPUT. For this, we have to extend the generic HID API,
so that hid_output_raw_report() callback provides means to specify this
value so that it can be passed down to lower level hardware drivers (currently
Bluetooth and USB).

Based on original patch by Bastien Nocera <hadess@hadess.net>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
b0e14951ee0f6c29abc64b92ec7075a159ede37c 12-Oct-2009 Jiri Kosina <jkosina@suse.cz> HID: fix possible deadlock in hidraw_read

If the loop in hidraw_read() loops more than once, then we might
end up trying to acquire already locked mutex, casuing a deadlock.

Reported-by: iceberg <iceberg@ispras.ru>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
a99bbaf5ee6bad1aca0c88ea65ec6e5373e86184 04-Oct-2009 Alexey Dobriyan <adobriyan@gmail.com> headers: remove sched.h from poll.h

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
bbe281fad65f2eda1792d70763663a1b729fc03c 04-Jun-2009 Jiri Kosina <jkosina@suse.cz> HID: hidraw -- fix comment about accepted devices

hidraw accepts any devices, no matter if the device has
already been claimed by other HID driver (hid-input, hidraw), and
this is intended to stay. Fix up the comment to reflect reality.

Signed-off-by: Jiri Kosina <jkosina@suse.cz>
38089c658bf372adc2bd7b3597fceac0c7cecca6 07-Apr-2009 Dan Carpenter <error27@gmail.com> HID: hidraw -- fix missing unlocks in unlocked_ioctl

There were 2 places that returned directly instead of releasing their
locks. I sent a fix for this file earlier but ended up missing these
spots. I think what happened is that I have improved my checker script
since then... Or maybe I just screwed up.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
0361a28d3f9a4315a100c7b37ba0b55cfe15fe07 17-Dec-2008 Oliver Neukum <oliver@neukum.org> HID: autosuspend support for USB HID

This uses the USB busy mechanism for aggessive autosuspend of USB
HID devices. It autosuspends all opened devices supporting remote wakeup
after a timeout unless

- output is being done to the device
- a key is being held down (remote wakeup isn't triggered upon key release)
- LED(s) are lit
- hiddev is opened

As in the current driver closed devices will be autosuspended even if they
don't support remote wakeup.

The patch is quite large because output to devices is done in hard interrupt
context meaning a lot a queuing and locking had to be touched. The LED stuff
has been solved by means of a simple counter. Additions to the generic HID code
could be avoided. In addition it now covers hidraw. It contains an embryonic
version of an API to let the generic HID code tell the lower levels which
capabilities with respect to power management are needed.

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
dfd395aff4cb16d2480b280064bea1b19ededef1 03-Feb-2009 Dan Carpenter <error27@gmail.com> HID: unlock properly on error paths in hidraw_ioctl()

We can't return immediately because lock_kernel() is held.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
b8a832b1c0a70531b4bd69a67aa0bf72f6f2dc34 15-Dec-2008 Oliver Neukum <oliver@neukum.org> HID: fix reference count leak hidraw

The hidraw subsystem has a bug that prevents the close syscall from ever
reaching the low level driver, leading to a resource leak. Fix by replacing
postdecrement with predecrement.

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
aae6c286dad33c7f2c6992b9e310a371f2ae377e 04-Dec-2008 Jiri Kosina <jkosina@suse.cz> HID: set proper dev.parent in hidraw

We need to properly set parent of the hidraw device (which is the
corresponding physical device itself) in order to hidraw devices not
end up under virtual device tree.

Reported-by: Kay Sievers <kay.sievers@vrfy.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
9188e79ec3fd43a0a605274324aecfb731baa88b 12-Nov-2008 Jiri Kosina <jkosina@suse.cz> HID: add phys and name ioctls to hidraw

The hiddev interface provides ioctl() calls which can be used
to obtain phys and raw name of the underlying device.

Add the corresponding support also into hidraw.

Signed-off-by: Jiri Kosina <jkosina@suse.cz>
7d672cd7506165818aacf97fdc448cffc72bde37 31-Oct-2008 Oliver Neukum <oliver@neukum.org> HID: fix locking in hidraw_open()

As open needs to sleep hidraw was wrong to call it with a spinlock held.
Furthermore, open can of course fail which needs to be handled.

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
0f2c5945a917e776ccd394f0e1924e9502c2795f 23-Oct-2008 Jiri Slaby <jirislaby@gmail.com> HID: fix lock imbalance in hidraw

Add omitted unlock_kernel() to hidraw_ioctl().
Added in 979c407e3b89b606e810fa494ef316896eadbfad
(HID: Push down BKL into ioctl handler in hidraw).

Corresponing sparse warning:
drivers/hid/hidraw.c:267:9: warning: context imbalance in 'hidraw_ioctl': wrong count at exit
drivers/hid/hidraw.c:267:9: context 'kernel_lock': wanted 0, got 1

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
140ae3eb6feb6ae96ba1ff073049beb985ea00e8 17-Oct-2008 Jiri Slaby <jirislaby@gmail.com> HID: fix hidraw_exit section mismatch

hidraw_exit() marked as __exit is called from __init function
from HID core. Remove the section placement from that function.

Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
a9b12619f7b6f19c871437ec24a088787a04b1de 22-Jul-2008 Greg Kroah-Hartman <gregkh@suse.de> device create: misc: convert device_create_drvdata to device_create

Now that device_create() has been audited, rename things back to the
original call to be sane.

Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2b107d629dc0c35de606bb7b010b829cd247a93a 17-Sep-2008 Jiri Kosina <jkosina@suse.cz> HID: fix incorrent length condition in hidraw_write()

The bound check on the buffer length

if (count > HID_MIN_BUFFER_SIZE)

is of course incorrent, the proper check is

if (count > HID_MAX_BUFFER_SIZE)

Fix it.

Reported-by: Jerry Ryle <jerry@mindtribe.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
c500c9714011edab021591340042787722db9cf0 16-May-2008 Jiri Slaby <jirislaby@gmail.com> HID: hid, make parsing event driven

Next step for complete hid bus, this patch includes:
- call parser either from probe or from hid-core if there is no probe.
- add ll_driver structure and centralize some stuff there (open, close...)
- split and merge usb_hid_configure and hid_probe into several functions
to allow hooks/fixes between them

Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
4db1c62c9991e62b441672db7f227e722776adc4 24-Jun-2008 Jiri Kosina <jkosina@suse.cz> HID: fix memory leak in hidraw_release

hidraw_release() forgot to free the linked list structure, causing memory
leak.

Reported-by: Juan Marcos Diez Esteban <juan_m_diez@yahoo.es>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
979c407e3b89b606e810fa494ef316896eadbfad 26-May-2008 Alan Cox <alan@lxorguk.ukuu.org.uk> HID: Push down BKL into ioctl handler in hidraw

In this case I simply wrapped it as code review suggests the locking
already terminally broken and I didn't want to make it first. See added
comment

Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
0fd15a18d876a9571cc5b88a5d1716dfccb8e493 21-May-2008 Greg Kroah-Hartman <gregkh@suse.de> device create: hid: convert device_create to device_create_drvdata

device_create() is race-prone, so use the race-free
device_create_drvdata() instead as device_create() is going away.

Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
702e57d9ef7002f8d362faa6ddebc59e6d43fa05 15-May-2008 Jonathan Corbet <corbet@lwn.net> HID: cdev lock_kernel() pushdown

Signed-off-by: Jonathan Corbet <corbet@lwn.net>
ba25f9dcc4ea6e30839fcab5a5516f2176d5bfed 19-Oct-2007 Pavel Emelyanov <xemul@openvz.org> Use helpers to obtain task pid in printks

The task_struct->pid member is going to be deprecated, so start
using the helpers (task_pid_nr/task_pid_vnr/task_pid_nr_ns) in
the kernel.

The first thing to start with is the pid, printed to dmesg - in
this case we may safely use task_pid_nr(). Besides, printks produce
more (much more) than a half of all the explicit pid usage.

[akpm@linux-foundation.org: git-drm went and changed lots of stuff]
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Cc: Dave Airlie <airlied@linux.ie>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
57d292bd7e6e72898e533687af481603597b1ca7 15-Oct-2007 Jiri Kosina <jkosina@suse.cz> HID: fix HIDIOCGRDESC memory access in hidraw

Fix bogus copying of data into userspace when HIDIOCGRDESC is issued.
HID-transport layer makes sure that dev->hid->rdesc is not larger than
HID_MAX_DESCRIPTOR_SIZE.

Noticed-by: Al Viro <viro@ftp.linux.org.uk>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
709d27c04f4eccbc99d57a5569bce028915a4345 27-Sep-2007 Mariusz Kozlowski <m.kozlowski@tuxland.pl> HID: hidraw_connect() memleak fix

It looks like hidraw_connect() is leaking memory in case of failure.
Also it should return -ENOMEM when kzalloc fails.

Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
86166b7bcda0bcb53525114fa1c87ac432be478e 14-May-2007 Jiri Kosina <jkosina@suse.cz> HID: add hidraw interface

hidraw is an interface that is going to obsolete hiddev one
day.

Many userland applications are using libusb instead of using
kernel-provided hiddev interface. This is caused by various
reasons - the HID parser in kernel doesn't handle all the
HID hardware on the planet properly, some devices might require
its own specific quirks/drivers, etc.

hiddev interface tries to do its best to parse all the received
reports properly, and presents only parsed usages into userspace.
This is however often not enough, and that's the reason why
many userland applications just don't use hiddev at all, and
rather use libusb to read raw USB events and process them on
their own.

Another drawback of hiddev is that it is USB-specific.

hidraw interface provides userspace readers with really raw HID
reports, no matter what the low-level transport layer is (USB/BT),
and gives the userland applications all the freedom to process
the HID reports in a way they wish to.

Signed-off-by: Jiri Kosina <jkosina@suse.cz>