#include <linux/major.h>
#include <linux/hid.h>
#include <linux/mutex.h>
+#include <linux/smp_lock.h>
#include <linux/hidraw.h>
if (count > HID_MIN_BUFFER_SIZE) {
printk(KERN_WARNING "hidraw: pid %d passed too large report\n",
- current->pid);
+ task_pid_nr(current));
return -EINVAL;
}
if (count < 2) {
printk(KERN_WARNING "hidraw: pid %d passed too short report\n",
- current->pid);
+ task_pid_nr(current));
return -EINVAL;
}
struct hidraw_list *list;
int err = 0;
+ lock_kernel();
if (!(list = kzalloc(sizeof(struct hidraw_list), GFP_KERNEL))) {
err = -ENOMEM;
goto out;
out_unlock:
spin_unlock(&minors_lock);
out:
+ unlock_kernel();
return err;
}
if (get_user(len, (int __user *)arg))
return -EFAULT;
- if (copy_to_user(*((__u8 **)(user_arg +
- sizeof(__u32))),
- dev->hid->rdesc, len))
+
+ if (len > HID_MAX_DESCRIPTOR_SIZE - 1)
+ return -EINVAL;
+
+ if (copy_to_user(user_arg + offsetof(
+ struct hidraw_report_descriptor,
+ value[0]),
+ dev->hid->rdesc,
+ min(dev->hid->rsize, len)))
return -EFAULT;
return 0;
}
goto out;
}
- dev->dev = device_create(hidraw_class, NULL, MKDEV(hidraw_major, minor),
- "%s%d", "hidraw", minor);
+ dev->dev = device_create_drvdata(hidraw_class, NULL,
+ MKDEV(hidraw_major, minor), NULL,
+ "%s%d", "hidraw", minor);
if (IS_ERR(dev->dev)) {
spin_lock(&minors_lock);