1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * HID support for Linux
4 *
5 * Copyright (c) 1999 Andreas Gal
6 * Copyright (c) 2000-2005 Vojtech Pavlik <vojtech@suse.cz>
7 * Copyright (c) 2005 Michael Haboustak <mike-@cinci.rr.com> for Concept2, Inc
8 * Copyright (c) 2006-2012 Jiri Kosina
9 */
10
11 /*
12 */
13
14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15
16 #include <linux/module.h>
17 #include <linux/slab.h>
18 #include <linux/init.h>
19 #include <linux/kernel.h>
20 #include <linux/list.h>
21 #include <linux/mm.h>
22 #include <linux/spinlock.h>
23 #include <asm/unaligned.h>
24 #include <asm/byteorder.h>
25 #include <linux/input.h>
26 #include <linux/wait.h>
27 #include <linux/vmalloc.h>
28 #include <linux/sched.h>
29 #include <linux/semaphore.h>
30
31 #include <linux/hid.h>
32 #include <linux/hiddev.h>
33 #include <linux/hid-debug.h>
34 #include <linux/hidraw.h>
35
36 #include "hid-ids.h"
37
38 /*
39 * Version Information
40 */
41
42 #define DRIVER_DESC "HID core driver"
43
44 int hid_debug = 0;
45 module_param_named(debug, hid_debug, int, 0600);
46 MODULE_PARM_DESC(debug, "toggle HID debugging messages");
47 EXPORT_SYMBOL_GPL(hid_debug);
48
49 static int hid_ignore_special_drivers = 0;
50 module_param_named(ignore_special_drivers, hid_ignore_special_drivers, int, 0600);
51 MODULE_PARM_DESC(ignore_special_drivers, "Ignore any special drivers and handle all devices by generic driver");
52
53 /*
54 * Register a new report for a device.
55 */
56
hid_register_report(struct hid_device * device,unsigned int type,unsigned int id,unsigned int application)57 struct hid_report *hid_register_report(struct hid_device *device,
58 unsigned int type, unsigned int id,
59 unsigned int application)
60 {
61 struct hid_report_enum *report_enum = device->report_enum + type;
62 struct hid_report *report;
63
64 if (id >= HID_MAX_IDS)
65 return NULL;
66 if (report_enum->report_id_hash[id])
67 return report_enum->report_id_hash[id];
68
69 report = kzalloc(sizeof(struct hid_report), GFP_KERNEL);
70 if (!report)
71 return NULL;
72
73 if (id != 0)
74 report_enum->numbered = 1;
75
76 report->id = id;
77 report->type = type;
78 report->size = 0;
79 report->device = device;
80 report->application = application;
81 report_enum->report_id_hash[id] = report;
82
83 list_add_tail(&report->list, &report_enum->report_list);
84
85 return report;
86 }
87 EXPORT_SYMBOL_GPL(hid_register_report);
88
89 /*
90 * Register a new field for this report.
91 */
92
hid_register_field(struct hid_report * report,unsigned usages)93 static struct hid_field *hid_register_field(struct hid_report *report, unsigned usages)
94 {
95 struct hid_field *field;
96
97 if (report->maxfield == HID_MAX_FIELDS) {
98 hid_err(report->device, "too many fields in report\n");
99 return NULL;
100 }
101
102 field = kzalloc((sizeof(struct hid_field) +
103 usages * sizeof(struct hid_usage) +
104 usages * sizeof(unsigned)), GFP_KERNEL);
105 if (!field)
106 return NULL;
107
108 field->index = report->maxfield++;
109 report->field[field->index] = field;
110 field->usage = (struct hid_usage *)(field + 1);
111 field->value = (s32 *)(field->usage + usages);
112 field->report = report;
113
114 return field;
115 }
116
117 /*
118 * Open a collection. The type/usage is pushed on the stack.
119 */
120
open_collection(struct hid_parser * parser,unsigned type)121 static int open_collection(struct hid_parser *parser, unsigned type)
122 {
123 struct hid_collection *collection;
124 unsigned usage;
125 int collection_index;
126
127 usage = parser->local.usage[0];
128
129 if (parser->collection_stack_ptr == parser->collection_stack_size) {
130 unsigned int *collection_stack;
131 unsigned int new_size = parser->collection_stack_size +
132 HID_COLLECTION_STACK_SIZE;
133
134 collection_stack = krealloc(parser->collection_stack,
135 new_size * sizeof(unsigned int),
136 GFP_KERNEL);
137 if (!collection_stack)
138 return -ENOMEM;
139
140 parser->collection_stack = collection_stack;
141 parser->collection_stack_size = new_size;
142 }
143
144 if (parser->device->maxcollection == parser->device->collection_size) {
145 collection = kmalloc(
146 array3_size(sizeof(struct hid_collection),
147 parser->device->collection_size,
148 2),
149 GFP_KERNEL);
150 if (collection == NULL) {
151 hid_err(parser->device, "failed to reallocate collection array\n");
152 return -ENOMEM;
153 }
154 memcpy(collection, parser->device->collection,
155 sizeof(struct hid_collection) *
156 parser->device->collection_size);
157 memset(collection + parser->device->collection_size, 0,
158 sizeof(struct hid_collection) *
159 parser->device->collection_size);
160 kfree(parser->device->collection);
161 parser->device->collection = collection;
162 parser->device->collection_size *= 2;
163 }
164
165 parser->collection_stack[parser->collection_stack_ptr++] =
166 parser->device->maxcollection;
167
168 collection_index = parser->device->maxcollection++;
169 collection = parser->device->collection + collection_index;
170 collection->type = type;
171 collection->usage = usage;
172 collection->level = parser->collection_stack_ptr - 1;
173 collection->parent_idx = (collection->level == 0) ? -1 :
174 parser->collection_stack[collection->level - 1];
175
176 if (type == HID_COLLECTION_APPLICATION)
177 parser->device->maxapplication++;
178
179 return 0;
180 }
181
182 /*
183 * Close a collection.
184 */
185
close_collection(struct hid_parser * parser)186 static int close_collection(struct hid_parser *parser)
187 {
188 if (!parser->collection_stack_ptr) {
189 hid_err(parser->device, "collection stack underflow\n");
190 return -EINVAL;
191 }
192 parser->collection_stack_ptr--;
193 return 0;
194 }
195
196 /*
197 * Climb up the stack, search for the specified collection type
198 * and return the usage.
199 */
200
hid_lookup_collection(struct hid_parser * parser,unsigned type)201 static unsigned hid_lookup_collection(struct hid_parser *parser, unsigned type)
202 {
203 struct hid_collection *collection = parser->device->collection;
204 int n;
205
206 for (n = parser->collection_stack_ptr - 1; n >= 0; n--) {
207 unsigned index = parser->collection_stack[n];
208 if (collection[index].type == type)
209 return collection[index].usage;
210 }
211 return 0; /* we know nothing about this usage type */
212 }
213
214 /*
215 * Concatenate usage which defines 16 bits or less with the
216 * currently defined usage page to form a 32 bit usage
217 */
218
complete_usage(struct hid_parser * parser,unsigned int index)219 static void complete_usage(struct hid_parser *parser, unsigned int index)
220 {
221 parser->local.usage[index] &= 0xFFFF;
222 parser->local.usage[index] |=
223 (parser->global.usage_page & 0xFFFF) << 16;
224 }
225
226 /*
227 * Add a usage to the temporary parser table.
228 */
229
hid_add_usage(struct hid_parser * parser,unsigned usage,u8 size)230 static int hid_add_usage(struct hid_parser *parser, unsigned usage, u8 size)
231 {
232 if (parser->local.usage_index >= HID_MAX_USAGES) {
233 hid_err(parser->device, "usage index exceeded\n");
234 return -1;
235 }
236 parser->local.usage[parser->local.usage_index] = usage;
237
238 /*
239 * If Usage item only includes usage id, concatenate it with
240 * currently defined usage page
241 */
242 if (size <= 2)
243 complete_usage(parser, parser->local.usage_index);
244
245 parser->local.usage_size[parser->local.usage_index] = size;
246 parser->local.collection_index[parser->local.usage_index] =
247 parser->collection_stack_ptr ?
248 parser->collection_stack[parser->collection_stack_ptr - 1] : 0;
249 parser->local.usage_index++;
250 return 0;
251 }
252
253 /*
254 * Register a new field for this report.
255 */
256
hid_add_field(struct hid_parser * parser,unsigned report_type,unsigned flags)257 static int hid_add_field(struct hid_parser *parser, unsigned report_type, unsigned flags)
258 {
259 struct hid_report *report;
260 struct hid_field *field;
261 unsigned int max_buffer_size = HID_MAX_BUFFER_SIZE;
262 unsigned int usages;
263 unsigned int offset;
264 unsigned int i;
265 unsigned int application;
266
267 application = hid_lookup_collection(parser, HID_COLLECTION_APPLICATION);
268
269 report = hid_register_report(parser->device, report_type,
270 parser->global.report_id, application);
271 if (!report) {
272 hid_err(parser->device, "hid_register_report failed\n");
273 return -1;
274 }
275
276 /* Handle both signed and unsigned cases properly */
277 if ((parser->global.logical_minimum < 0 &&
278 parser->global.logical_maximum <
279 parser->global.logical_minimum) ||
280 (parser->global.logical_minimum >= 0 &&
281 (__u32)parser->global.logical_maximum <
282 (__u32)parser->global.logical_minimum)) {
283 dbg_hid("logical range invalid 0x%x 0x%x\n",
284 parser->global.logical_minimum,
285 parser->global.logical_maximum);
286 return -1;
287 }
288
289 offset = report->size;
290 report->size += parser->global.report_size * parser->global.report_count;
291
292 if (parser->device->ll_driver->max_buffer_size)
293 max_buffer_size = parser->device->ll_driver->max_buffer_size;
294
295 /* Total size check: Allow for possible report index byte */
296 if (report->size > (max_buffer_size - 1) << 3) {
297 hid_err(parser->device, "report is too long\n");
298 return -1;
299 }
300
301 if (!parser->local.usage_index) /* Ignore padding fields */
302 return 0;
303
304 usages = max_t(unsigned, parser->local.usage_index,
305 parser->global.report_count);
306
307 field = hid_register_field(report, usages);
308 if (!field)
309 return 0;
310
311 field->physical = hid_lookup_collection(parser, HID_COLLECTION_PHYSICAL);
312 field->logical = hid_lookup_collection(parser, HID_COLLECTION_LOGICAL);
313 field->application = application;
314
315 for (i = 0; i < usages; i++) {
316 unsigned j = i;
317 /* Duplicate the last usage we parsed if we have excess values */
318 if (i >= parser->local.usage_index)
319 j = parser->local.usage_index - 1;
320 field->usage[i].hid = parser->local.usage[j];
321 field->usage[i].collection_index =
322 parser->local.collection_index[j];
323 field->usage[i].usage_index = i;
324 field->usage[i].resolution_multiplier = 1;
325 }
326
327 field->maxusage = usages;
328 field->flags = flags;
329 field->report_offset = offset;
330 field->report_type = report_type;
331 field->report_size = parser->global.report_size;
332 field->report_count = parser->global.report_count;
333 field->logical_minimum = parser->global.logical_minimum;
334 field->logical_maximum = parser->global.logical_maximum;
335 field->physical_minimum = parser->global.physical_minimum;
336 field->physical_maximum = parser->global.physical_maximum;
337 field->unit_exponent = parser->global.unit_exponent;
338 field->unit = parser->global.unit;
339
340 return 0;
341 }
342
343 /*
344 * Read data value from item.
345 */
346
item_udata(struct hid_item * item)347 static u32 item_udata(struct hid_item *item)
348 {
349 switch (item->size) {
350 case 1: return item->data.u8;
351 case 2: return item->data.u16;
352 case 4: return item->data.u32;
353 }
354 return 0;
355 }
356
item_sdata(struct hid_item * item)357 static s32 item_sdata(struct hid_item *item)
358 {
359 switch (item->size) {
360 case 1: return item->data.s8;
361 case 2: return item->data.s16;
362 case 4: return item->data.s32;
363 }
364 return 0;
365 }
366
367 /*
368 * Process a global item.
369 */
370
hid_parser_global(struct hid_parser * parser,struct hid_item * item)371 static int hid_parser_global(struct hid_parser *parser, struct hid_item *item)
372 {
373 __s32 raw_value;
374 switch (item->tag) {
375 case HID_GLOBAL_ITEM_TAG_PUSH:
376
377 if (parser->global_stack_ptr == HID_GLOBAL_STACK_SIZE) {
378 hid_err(parser->device, "global environment stack overflow\n");
379 return -1;
380 }
381
382 memcpy(parser->global_stack + parser->global_stack_ptr++,
383 &parser->global, sizeof(struct hid_global));
384 return 0;
385
386 case HID_GLOBAL_ITEM_TAG_POP:
387
388 if (!parser->global_stack_ptr) {
389 hid_err(parser->device, "global environment stack underflow\n");
390 return -1;
391 }
392
393 memcpy(&parser->global, parser->global_stack +
394 --parser->global_stack_ptr, sizeof(struct hid_global));
395 return 0;
396
397 case HID_GLOBAL_ITEM_TAG_USAGE_PAGE:
398 parser->global.usage_page = item_udata(item);
399 return 0;
400
401 case HID_GLOBAL_ITEM_TAG_LOGICAL_MINIMUM:
402 parser->global.logical_minimum = item_sdata(item);
403 return 0;
404
405 case HID_GLOBAL_ITEM_TAG_LOGICAL_MAXIMUM:
406 if (parser->global.logical_minimum < 0)
407 parser->global.logical_maximum = item_sdata(item);
408 else
409 parser->global.logical_maximum = item_udata(item);
410 return 0;
411
412 case HID_GLOBAL_ITEM_TAG_PHYSICAL_MINIMUM:
413 parser->global.physical_minimum = item_sdata(item);
414 return 0;
415
416 case HID_GLOBAL_ITEM_TAG_PHYSICAL_MAXIMUM:
417 if (parser->global.physical_minimum < 0)
418 parser->global.physical_maximum = item_sdata(item);
419 else
420 parser->global.physical_maximum = item_udata(item);
421 return 0;
422
423 case HID_GLOBAL_ITEM_TAG_UNIT_EXPONENT:
424 /* Many devices provide unit exponent as a two's complement
425 * nibble due to the common misunderstanding of HID
426 * specification 1.11, 6.2.2.7 Global Items. Attempt to handle
427 * both this and the standard encoding. */
428 raw_value = item_sdata(item);
429 if (!(raw_value & 0xfffffff0))
430 parser->global.unit_exponent = hid_snto32(raw_value, 4);
431 else
432 parser->global.unit_exponent = raw_value;
433 return 0;
434
435 case HID_GLOBAL_ITEM_TAG_UNIT:
436 parser->global.unit = item_udata(item);
437 return 0;
438
439 case HID_GLOBAL_ITEM_TAG_REPORT_SIZE:
440 parser->global.report_size = item_udata(item);
441 if (parser->global.report_size > 256) {
442 hid_err(parser->device, "invalid report_size %d\n",
443 parser->global.report_size);
444 return -1;
445 }
446 return 0;
447
448 case HID_GLOBAL_ITEM_TAG_REPORT_COUNT:
449 parser->global.report_count = item_udata(item);
450 if (parser->global.report_count > HID_MAX_USAGES) {
451 hid_err(parser->device, "invalid report_count %d\n",
452 parser->global.report_count);
453 return -1;
454 }
455 return 0;
456
457 case HID_GLOBAL_ITEM_TAG_REPORT_ID:
458 parser->global.report_id = item_udata(item);
459 if (parser->global.report_id == 0 ||
460 parser->global.report_id >= HID_MAX_IDS) {
461 hid_err(parser->device, "report_id %u is invalid\n",
462 parser->global.report_id);
463 return -1;
464 }
465 return 0;
466
467 default:
468 hid_err(parser->device, "unknown global tag 0x%x\n", item->tag);
469 return -1;
470 }
471 }
472
473 /*
474 * Process a local item.
475 */
476
hid_parser_local(struct hid_parser * parser,struct hid_item * item)477 static int hid_parser_local(struct hid_parser *parser, struct hid_item *item)
478 {
479 __u32 data;
480 unsigned n;
481 __u32 count;
482
483 data = item_udata(item);
484
485 switch (item->tag) {
486 case HID_LOCAL_ITEM_TAG_DELIMITER:
487
488 if (data) {
489 /*
490 * We treat items before the first delimiter
491 * as global to all usage sets (branch 0).
492 * In the moment we process only these global
493 * items and the first delimiter set.
494 */
495 if (parser->local.delimiter_depth != 0) {
496 hid_err(parser->device, "nested delimiters\n");
497 return -1;
498 }
499 parser->local.delimiter_depth++;
500 parser->local.delimiter_branch++;
501 } else {
502 if (parser->local.delimiter_depth < 1) {
503 hid_err(parser->device, "bogus close delimiter\n");
504 return -1;
505 }
506 parser->local.delimiter_depth--;
507 }
508 return 0;
509
510 case HID_LOCAL_ITEM_TAG_USAGE:
511
512 if (parser->local.delimiter_branch > 1) {
513 dbg_hid("alternative usage ignored\n");
514 return 0;
515 }
516
517 return hid_add_usage(parser, data, item->size);
518
519 case HID_LOCAL_ITEM_TAG_USAGE_MINIMUM:
520
521 if (parser->local.delimiter_branch > 1) {
522 dbg_hid("alternative usage ignored\n");
523 return 0;
524 }
525
526 parser->local.usage_minimum = data;
527 return 0;
528
529 case HID_LOCAL_ITEM_TAG_USAGE_MAXIMUM:
530
531 if (parser->local.delimiter_branch > 1) {
532 dbg_hid("alternative usage ignored\n");
533 return 0;
534 }
535
536 count = data - parser->local.usage_minimum;
537 if (count + parser->local.usage_index >= HID_MAX_USAGES) {
538 /*
539 * We do not warn if the name is not set, we are
540 * actually pre-scanning the device.
541 */
542 if (dev_name(&parser->device->dev))
543 hid_warn(parser->device,
544 "ignoring exceeding usage max\n");
545 data = HID_MAX_USAGES - parser->local.usage_index +
546 parser->local.usage_minimum - 1;
547 if (data <= 0) {
548 hid_err(parser->device,
549 "no more usage index available\n");
550 return -1;
551 }
552 }
553
554 for (n = parser->local.usage_minimum; n <= data; n++)
555 if (hid_add_usage(parser, n, item->size)) {
556 dbg_hid("hid_add_usage failed\n");
557 return -1;
558 }
559 return 0;
560
561 default:
562
563 dbg_hid("unknown local item tag 0x%x\n", item->tag);
564 return 0;
565 }
566 return 0;
567 }
568
569 /*
570 * Concatenate Usage Pages into Usages where relevant:
571 * As per specification, 6.2.2.8: "When the parser encounters a main item it
572 * concatenates the last declared Usage Page with a Usage to form a complete
573 * usage value."
574 */
575
hid_concatenate_last_usage_page(struct hid_parser * parser)576 static void hid_concatenate_last_usage_page(struct hid_parser *parser)
577 {
578 int i;
579 unsigned int usage_page;
580 unsigned int current_page;
581
582 if (!parser->local.usage_index)
583 return;
584
585 usage_page = parser->global.usage_page;
586
587 /*
588 * Concatenate usage page again only if last declared Usage Page
589 * has not been already used in previous usages concatenation
590 */
591 for (i = parser->local.usage_index - 1; i >= 0; i--) {
592 if (parser->local.usage_size[i] > 2)
593 /* Ignore extended usages */
594 continue;
595
596 current_page = parser->local.usage[i] >> 16;
597 if (current_page == usage_page)
598 break;
599
600 complete_usage(parser, i);
601 }
602 }
603
604 /*
605 * Process a main item.
606 */
607
hid_parser_main(struct hid_parser * parser,struct hid_item * item)608 static int hid_parser_main(struct hid_parser *parser, struct hid_item *item)
609 {
610 __u32 data;
611 int ret;
612
613 hid_concatenate_last_usage_page(parser);
614
615 data = item_udata(item);
616
617 switch (item->tag) {
618 case HID_MAIN_ITEM_TAG_BEGIN_COLLECTION:
619 ret = open_collection(parser, data & 0xff);
620 break;
621 case HID_MAIN_ITEM_TAG_END_COLLECTION:
622 ret = close_collection(parser);
623 break;
624 case HID_MAIN_ITEM_TAG_INPUT:
625 ret = hid_add_field(parser, HID_INPUT_REPORT, data);
626 break;
627 case HID_MAIN_ITEM_TAG_OUTPUT:
628 ret = hid_add_field(parser, HID_OUTPUT_REPORT, data);
629 break;
630 case HID_MAIN_ITEM_TAG_FEATURE:
631 ret = hid_add_field(parser, HID_FEATURE_REPORT, data);
632 break;
633 default:
634 hid_warn(parser->device, "unknown main item tag 0x%x\n", item->tag);
635 ret = 0;
636 }
637
638 memset(&parser->local, 0, sizeof(parser->local)); /* Reset the local parser environment */
639
640 return ret;
641 }
642
643 /*
644 * Process a reserved item.
645 */
646
hid_parser_reserved(struct hid_parser * parser,struct hid_item * item)647 static int hid_parser_reserved(struct hid_parser *parser, struct hid_item *item)
648 {
649 dbg_hid("reserved item type, tag 0x%x\n", item->tag);
650 return 0;
651 }
652
653 /*
654 * Free a report and all registered fields. The field->usage and
655 * field->value table's are allocated behind the field, so we need
656 * only to free(field) itself.
657 */
658
hid_free_report(struct hid_report * report)659 static void hid_free_report(struct hid_report *report)
660 {
661 unsigned n;
662
663 for (n = 0; n < report->maxfield; n++)
664 kfree(report->field[n]);
665 kfree(report);
666 }
667
668 /*
669 * Close report. This function returns the device
670 * state to the point prior to hid_open_report().
671 */
hid_close_report(struct hid_device * device)672 static void hid_close_report(struct hid_device *device)
673 {
674 unsigned i, j;
675
676 for (i = 0; i < HID_REPORT_TYPES; i++) {
677 struct hid_report_enum *report_enum = device->report_enum + i;
678
679 for (j = 0; j < HID_MAX_IDS; j++) {
680 struct hid_report *report = report_enum->report_id_hash[j];
681 if (report)
682 hid_free_report(report);
683 }
684 memset(report_enum, 0, sizeof(*report_enum));
685 INIT_LIST_HEAD(&report_enum->report_list);
686 }
687
688 kfree(device->rdesc);
689 device->rdesc = NULL;
690 device->rsize = 0;
691
692 kfree(device->collection);
693 device->collection = NULL;
694 device->collection_size = 0;
695 device->maxcollection = 0;
696 device->maxapplication = 0;
697
698 device->status &= ~HID_STAT_PARSED;
699 }
700
701 /*
702 * Free a device structure, all reports, and all fields.
703 */
704
hiddev_free(struct kref * ref)705 void hiddev_free(struct kref *ref)
706 {
707 struct hid_device *hid = container_of(ref, struct hid_device, ref);
708
709 hid_close_report(hid);
710 kfree(hid->dev_rdesc);
711 kfree(hid);
712 }
713
hid_device_release(struct device * dev)714 static void hid_device_release(struct device *dev)
715 {
716 struct hid_device *hid = to_hid_device(dev);
717
718 kref_put(&hid->ref, hiddev_free);
719 }
720
721 /*
722 * Fetch a report description item from the data stream. We support long
723 * items, though they are not used yet.
724 */
725
fetch_item(__u8 * start,__u8 * end,struct hid_item * item)726 static u8 *fetch_item(__u8 *start, __u8 *end, struct hid_item *item)
727 {
728 u8 b;
729
730 if ((end - start) <= 0)
731 return NULL;
732
733 b = *start++;
734
735 item->type = (b >> 2) & 3;
736 item->tag = (b >> 4) & 15;
737
738 if (item->tag == HID_ITEM_TAG_LONG) {
739
740 item->format = HID_ITEM_FORMAT_LONG;
741
742 if ((end - start) < 2)
743 return NULL;
744
745 item->size = *start++;
746 item->tag = *start++;
747
748 if ((end - start) < item->size)
749 return NULL;
750
751 item->data.longdata = start;
752 start += item->size;
753 return start;
754 }
755
756 item->format = HID_ITEM_FORMAT_SHORT;
757 item->size = b & 3;
758
759 switch (item->size) {
760 case 0:
761 return start;
762
763 case 1:
764 if ((end - start) < 1)
765 return NULL;
766 item->data.u8 = *start++;
767 return start;
768
769 case 2:
770 if ((end - start) < 2)
771 return NULL;
772 item->data.u16 = get_unaligned_le16(start);
773 start = (__u8 *)((__le16 *)start + 1);
774 return start;
775
776 case 3:
777 item->size++;
778 if ((end - start) < 4)
779 return NULL;
780 item->data.u32 = get_unaligned_le32(start);
781 start = (__u8 *)((__le32 *)start + 1);
782 return start;
783 }
784
785 return NULL;
786 }
787
hid_scan_input_usage(struct hid_parser * parser,u32 usage)788 static void hid_scan_input_usage(struct hid_parser *parser, u32 usage)
789 {
790 struct hid_device *hid = parser->device;
791
792 if (usage == HID_DG_CONTACTID)
793 hid->group = HID_GROUP_MULTITOUCH;
794 }
795
hid_scan_feature_usage(struct hid_parser * parser,u32 usage)796 static void hid_scan_feature_usage(struct hid_parser *parser, u32 usage)
797 {
798 if (usage == 0xff0000c5 && parser->global.report_count == 256 &&
799 parser->global.report_size == 8)
800 parser->scan_flags |= HID_SCAN_FLAG_MT_WIN_8;
801
802 if (usage == 0xff0000c6 && parser->global.report_count == 1 &&
803 parser->global.report_size == 8)
804 parser->scan_flags |= HID_SCAN_FLAG_MT_WIN_8;
805 }
806
hid_scan_collection(struct hid_parser * parser,unsigned type)807 static void hid_scan_collection(struct hid_parser *parser, unsigned type)
808 {
809 struct hid_device *hid = parser->device;
810 int i;
811
812 if (((parser->global.usage_page << 16) == HID_UP_SENSOR) &&
813 type == HID_COLLECTION_PHYSICAL)
814 hid->group = HID_GROUP_SENSOR_HUB;
815
816 if (hid->vendor == USB_VENDOR_ID_MICROSOFT &&
817 hid->product == USB_DEVICE_ID_MS_POWER_COVER &&
818 hid->group == HID_GROUP_MULTITOUCH)
819 hid->group = HID_GROUP_GENERIC;
820
821 if ((parser->global.usage_page << 16) == HID_UP_GENDESK)
822 for (i = 0; i < parser->local.usage_index; i++)
823 if (parser->local.usage[i] == HID_GD_POINTER)
824 parser->scan_flags |= HID_SCAN_FLAG_GD_POINTER;
825
826 if ((parser->global.usage_page << 16) >= HID_UP_MSVENDOR)
827 parser->scan_flags |= HID_SCAN_FLAG_VENDOR_SPECIFIC;
828
829 if ((parser->global.usage_page << 16) == HID_UP_GOOGLEVENDOR)
830 for (i = 0; i < parser->local.usage_index; i++)
831 if (parser->local.usage[i] ==
832 (HID_UP_GOOGLEVENDOR | 0x0001))
833 parser->device->group =
834 HID_GROUP_VIVALDI;
835 }
836
hid_scan_main(struct hid_parser * parser,struct hid_item * item)837 static int hid_scan_main(struct hid_parser *parser, struct hid_item *item)
838 {
839 __u32 data;
840 int i;
841
842 hid_concatenate_last_usage_page(parser);
843
844 data = item_udata(item);
845
846 switch (item->tag) {
847 case HID_MAIN_ITEM_TAG_BEGIN_COLLECTION:
848 hid_scan_collection(parser, data & 0xff);
849 break;
850 case HID_MAIN_ITEM_TAG_END_COLLECTION:
851 break;
852 case HID_MAIN_ITEM_TAG_INPUT:
853 /* ignore constant inputs, they will be ignored by hid-input */
854 if (data & HID_MAIN_ITEM_CONSTANT)
855 break;
856 for (i = 0; i < parser->local.usage_index; i++)
857 hid_scan_input_usage(parser, parser->local.usage[i]);
858 break;
859 case HID_MAIN_ITEM_TAG_OUTPUT:
860 break;
861 case HID_MAIN_ITEM_TAG_FEATURE:
862 for (i = 0; i < parser->local.usage_index; i++)
863 hid_scan_feature_usage(parser, parser->local.usage[i]);
864 break;
865 }
866
867 /* Reset the local parser environment */
868 memset(&parser->local, 0, sizeof(parser->local));
869
870 return 0;
871 }
872
873 /*
874 * Scan a report descriptor before the device is added to the bus.
875 * Sets device groups and other properties that determine what driver
876 * to load.
877 */
hid_scan_report(struct hid_device * hid)878 static int hid_scan_report(struct hid_device *hid)
879 {
880 struct hid_parser *parser;
881 struct hid_item item;
882 __u8 *start = hid->dev_rdesc;
883 __u8 *end = start + hid->dev_rsize;
884 static int (*dispatch_type[])(struct hid_parser *parser,
885 struct hid_item *item) = {
886 hid_scan_main,
887 hid_parser_global,
888 hid_parser_local,
889 hid_parser_reserved
890 };
891
892 parser = vzalloc(sizeof(struct hid_parser));
893 if (!parser)
894 return -ENOMEM;
895
896 parser->device = hid;
897 hid->group = HID_GROUP_GENERIC;
898
899 /*
900 * The parsing is simpler than the one in hid_open_report() as we should
901 * be robust against hid errors. Those errors will be raised by
902 * hid_open_report() anyway.
903 */
904 while ((start = fetch_item(start, end, &item)) != NULL)
905 dispatch_type[item.type](parser, &item);
906
907 /*
908 * Handle special flags set during scanning.
909 */
910 if ((parser->scan_flags & HID_SCAN_FLAG_MT_WIN_8) &&
911 (hid->group == HID_GROUP_MULTITOUCH))
912 hid->group = HID_GROUP_MULTITOUCH_WIN_8;
913
914 /*
915 * Vendor specific handlings
916 */
917 switch (hid->vendor) {
918 case USB_VENDOR_ID_WACOM:
919 hid->group = HID_GROUP_WACOM;
920 break;
921 case USB_VENDOR_ID_SYNAPTICS:
922 if (hid->group == HID_GROUP_GENERIC)
923 if ((parser->scan_flags & HID_SCAN_FLAG_VENDOR_SPECIFIC)
924 && (parser->scan_flags & HID_SCAN_FLAG_GD_POINTER))
925 /*
926 * hid-rmi should take care of them,
927 * not hid-generic
928 */
929 hid->group = HID_GROUP_RMI;
930 break;
931 }
932
933 kfree(parser->collection_stack);
934 vfree(parser);
935 return 0;
936 }
937
938 /**
939 * hid_parse_report - parse device report
940 *
941 * @hid: hid device
942 * @start: report start
943 * @size: report size
944 *
945 * Allocate the device report as read by the bus driver. This function should
946 * only be called from parse() in ll drivers.
947 */
hid_parse_report(struct hid_device * hid,__u8 * start,unsigned size)948 int hid_parse_report(struct hid_device *hid, __u8 *start, unsigned size)
949 {
950 hid->dev_rdesc = kmemdup(start, size, GFP_KERNEL);
951 if (!hid->dev_rdesc)
952 return -ENOMEM;
953 hid->dev_rsize = size;
954 return 0;
955 }
956 EXPORT_SYMBOL_GPL(hid_parse_report);
957
958 static const char * const hid_report_names[] = {
959 "HID_INPUT_REPORT",
960 "HID_OUTPUT_REPORT",
961 "HID_FEATURE_REPORT",
962 };
963 /**
964 * hid_validate_values - validate existing device report's value indexes
965 *
966 * @hid: hid device
967 * @type: which report type to examine
968 * @id: which report ID to examine (0 for first)
969 * @field_index: which report field to examine
970 * @report_counts: expected number of values
971 *
972 * Validate the number of values in a given field of a given report, after
973 * parsing.
974 */
hid_validate_values(struct hid_device * hid,unsigned int type,unsigned int id,unsigned int field_index,unsigned int report_counts)975 struct hid_report *hid_validate_values(struct hid_device *hid,
976 unsigned int type, unsigned int id,
977 unsigned int field_index,
978 unsigned int report_counts)
979 {
980 struct hid_report *report;
981
982 if (type > HID_FEATURE_REPORT) {
983 hid_err(hid, "invalid HID report type %u\n", type);
984 return NULL;
985 }
986
987 if (id >= HID_MAX_IDS) {
988 hid_err(hid, "invalid HID report id %u\n", id);
989 return NULL;
990 }
991
992 /*
993 * Explicitly not using hid_get_report() here since it depends on
994 * ->numbered being checked, which may not always be the case when
995 * drivers go to access report values.
996 */
997 if (id == 0) {
998 /*
999 * Validating on id 0 means we should examine the first
1000 * report in the list.
1001 */
1002 report = list_first_entry_or_null(
1003 &hid->report_enum[type].report_list,
1004 struct hid_report, list);
1005 } else {
1006 report = hid->report_enum[type].report_id_hash[id];
1007 }
1008 if (!report) {
1009 hid_err(hid, "missing %s %u\n", hid_report_names[type], id);
1010 return NULL;
1011 }
1012 if (report->maxfield <= field_index) {
1013 hid_err(hid, "not enough fields in %s %u\n",
1014 hid_report_names[type], id);
1015 return NULL;
1016 }
1017 if (report->field[field_index]->report_count < report_counts) {
1018 hid_err(hid, "not enough values in %s %u field %u\n",
1019 hid_report_names[type], id, field_index);
1020 return NULL;
1021 }
1022 return report;
1023 }
1024 EXPORT_SYMBOL_GPL(hid_validate_values);
1025
hid_calculate_multiplier(struct hid_device * hid,struct hid_field * multiplier)1026 static int hid_calculate_multiplier(struct hid_device *hid,
1027 struct hid_field *multiplier)
1028 {
1029 int m;
1030 __s32 v = *multiplier->value;
1031 __s32 lmin = multiplier->logical_minimum;
1032 __s32 lmax = multiplier->logical_maximum;
1033 __s32 pmin = multiplier->physical_minimum;
1034 __s32 pmax = multiplier->physical_maximum;
1035
1036 /*
1037 * "Because OS implementations will generally divide the control's
1038 * reported count by the Effective Resolution Multiplier, designers
1039 * should take care not to establish a potential Effective
1040 * Resolution Multiplier of zero."
1041 * HID Usage Table, v1.12, Section 4.3.1, p31
1042 */
1043 if (lmax - lmin == 0)
1044 return 1;
1045 /*
1046 * Handling the unit exponent is left as an exercise to whoever
1047 * finds a device where that exponent is not 0.
1048 */
1049 m = ((v - lmin)/(lmax - lmin) * (pmax - pmin) + pmin);
1050 if (unlikely(multiplier->unit_exponent != 0)) {
1051 hid_warn(hid,
1052 "unsupported Resolution Multiplier unit exponent %d\n",
1053 multiplier->unit_exponent);
1054 }
1055
1056 /* There are no devices with an effective multiplier > 255 */
1057 if (unlikely(m == 0 || m > 255 || m < -255)) {
1058 hid_warn(hid, "unsupported Resolution Multiplier %d\n", m);
1059 m = 1;
1060 }
1061
1062 return m;
1063 }
1064
hid_apply_multiplier_to_field(struct hid_device * hid,struct hid_field * field,struct hid_collection * multiplier_collection,int effective_multiplier)1065 static void hid_apply_multiplier_to_field(struct hid_device *hid,
1066 struct hid_field *field,
1067 struct hid_collection *multiplier_collection,
1068 int effective_multiplier)
1069 {
1070 struct hid_collection *collection;
1071 struct hid_usage *usage;
1072 int i;
1073
1074 /*
1075 * If multiplier_collection is NULL, the multiplier applies
1076 * to all fields in the report.
1077 * Otherwise, it is the Logical Collection the multiplier applies to
1078 * but our field may be in a subcollection of that collection.
1079 */
1080 for (i = 0; i < field->maxusage; i++) {
1081 usage = &field->usage[i];
1082
1083 collection = &hid->collection[usage->collection_index];
1084 while (collection->parent_idx != -1 &&
1085 collection != multiplier_collection)
1086 collection = &hid->collection[collection->parent_idx];
1087
1088 if (collection->parent_idx != -1 ||
1089 multiplier_collection == NULL)
1090 usage->resolution_multiplier = effective_multiplier;
1091
1092 }
1093 }
1094
hid_apply_multiplier(struct hid_device * hid,struct hid_field * multiplier)1095 static void hid_apply_multiplier(struct hid_device *hid,
1096 struct hid_field *multiplier)
1097 {
1098 struct hid_report_enum *rep_enum;
1099 struct hid_report *rep;
1100 struct hid_field *field;
1101 struct hid_collection *multiplier_collection;
1102 int effective_multiplier;
1103 int i;
1104
1105 /*
1106 * "The Resolution Multiplier control must be contained in the same
1107 * Logical Collection as the control(s) to which it is to be applied.
1108 * If no Resolution Multiplier is defined, then the Resolution
1109 * Multiplier defaults to 1. If more than one control exists in a
1110 * Logical Collection, the Resolution Multiplier is associated with
1111 * all controls in the collection. If no Logical Collection is
1112 * defined, the Resolution Multiplier is associated with all
1113 * controls in the report."
1114 * HID Usage Table, v1.12, Section 4.3.1, p30
1115 *
1116 * Thus, search from the current collection upwards until we find a
1117 * logical collection. Then search all fields for that same parent
1118 * collection. Those are the fields the multiplier applies to.
1119 *
1120 * If we have more than one multiplier, it will overwrite the
1121 * applicable fields later.
1122 */
1123 multiplier_collection = &hid->collection[multiplier->usage->collection_index];
1124 while (multiplier_collection->parent_idx != -1 &&
1125 multiplier_collection->type != HID_COLLECTION_LOGICAL)
1126 multiplier_collection = &hid->collection[multiplier_collection->parent_idx];
1127 if (multiplier_collection->type != HID_COLLECTION_LOGICAL)
1128 multiplier_collection = NULL;
1129
1130 effective_multiplier = hid_calculate_multiplier(hid, multiplier);
1131
1132 rep_enum = &hid->report_enum[HID_INPUT_REPORT];
1133 list_for_each_entry(rep, &rep_enum->report_list, list) {
1134 for (i = 0; i < rep->maxfield; i++) {
1135 field = rep->field[i];
1136 hid_apply_multiplier_to_field(hid, field,
1137 multiplier_collection,
1138 effective_multiplier);
1139 }
1140 }
1141 }
1142
1143 /*
1144 * hid_setup_resolution_multiplier - set up all resolution multipliers
1145 *
1146 * @device: hid device
1147 *
1148 * Search for all Resolution Multiplier Feature Reports and apply their
1149 * value to all matching Input items. This only updates the internal struct
1150 * fields.
1151 *
1152 * The Resolution Multiplier is applied by the hardware. If the multiplier
1153 * is anything other than 1, the hardware will send pre-multiplied events
1154 * so that the same physical interaction generates an accumulated
1155 * accumulated_value = value * * multiplier
1156 * This may be achieved by sending
1157 * - "value * multiplier" for each event, or
1158 * - "value" but "multiplier" times as frequently, or
1159 * - a combination of the above
1160 * The only guarantee is that the same physical interaction always generates
1161 * an accumulated 'value * multiplier'.
1162 *
1163 * This function must be called before any event processing and after
1164 * any SetRequest to the Resolution Multiplier.
1165 */
hid_setup_resolution_multiplier(struct hid_device * hid)1166 void hid_setup_resolution_multiplier(struct hid_device *hid)
1167 {
1168 struct hid_report_enum *rep_enum;
1169 struct hid_report *rep;
1170 struct hid_usage *usage;
1171 int i, j;
1172
1173 rep_enum = &hid->report_enum[HID_FEATURE_REPORT];
1174 list_for_each_entry(rep, &rep_enum->report_list, list) {
1175 for (i = 0; i < rep->maxfield; i++) {
1176 /* Ignore if report count is out of bounds. */
1177 if (rep->field[i]->report_count < 1)
1178 continue;
1179
1180 for (j = 0; j < rep->field[i]->maxusage; j++) {
1181 usage = &rep->field[i]->usage[j];
1182 if (usage->hid == HID_GD_RESOLUTION_MULTIPLIER)
1183 hid_apply_multiplier(hid,
1184 rep->field[i]);
1185 }
1186 }
1187 }
1188 }
1189 EXPORT_SYMBOL_GPL(hid_setup_resolution_multiplier);
1190
1191 /**
1192 * hid_open_report - open a driver-specific device report
1193 *
1194 * @device: hid device
1195 *
1196 * Parse a report description into a hid_device structure. Reports are
1197 * enumerated, fields are attached to these reports.
1198 * 0 returned on success, otherwise nonzero error value.
1199 *
1200 * This function (or the equivalent hid_parse() macro) should only be
1201 * called from probe() in drivers, before starting the device.
1202 */
hid_open_report(struct hid_device * device)1203 int hid_open_report(struct hid_device *device)
1204 {
1205 struct hid_parser *parser;
1206 struct hid_item item;
1207 unsigned int size;
1208 __u8 *start;
1209 __u8 *buf;
1210 __u8 *end;
1211 __u8 *next;
1212 int ret;
1213 int i;
1214 static int (*dispatch_type[])(struct hid_parser *parser,
1215 struct hid_item *item) = {
1216 hid_parser_main,
1217 hid_parser_global,
1218 hid_parser_local,
1219 hid_parser_reserved
1220 };
1221
1222 if (WARN_ON(device->status & HID_STAT_PARSED))
1223 return -EBUSY;
1224
1225 start = device->dev_rdesc;
1226 if (WARN_ON(!start))
1227 return -ENODEV;
1228 size = device->dev_rsize;
1229
1230 buf = kmemdup(start, size, GFP_KERNEL);
1231 if (buf == NULL)
1232 return -ENOMEM;
1233
1234 if (device->driver->report_fixup)
1235 start = device->driver->report_fixup(device, buf, &size);
1236 else
1237 start = buf;
1238
1239 start = kmemdup(start, size, GFP_KERNEL);
1240 kfree(buf);
1241 if (start == NULL)
1242 return -ENOMEM;
1243
1244 device->rdesc = start;
1245 device->rsize = size;
1246
1247 parser = vzalloc(sizeof(struct hid_parser));
1248 if (!parser) {
1249 ret = -ENOMEM;
1250 goto alloc_err;
1251 }
1252
1253 parser->device = device;
1254
1255 end = start + size;
1256
1257 device->collection = kcalloc(HID_DEFAULT_NUM_COLLECTIONS,
1258 sizeof(struct hid_collection), GFP_KERNEL);
1259 if (!device->collection) {
1260 ret = -ENOMEM;
1261 goto err;
1262 }
1263 device->collection_size = HID_DEFAULT_NUM_COLLECTIONS;
1264 for (i = 0; i < HID_DEFAULT_NUM_COLLECTIONS; i++)
1265 device->collection[i].parent_idx = -1;
1266
1267 ret = -EINVAL;
1268 while ((next = fetch_item(start, end, &item)) != NULL) {
1269 start = next;
1270
1271 if (item.format != HID_ITEM_FORMAT_SHORT) {
1272 hid_err(device, "unexpected long global item\n");
1273 goto err;
1274 }
1275
1276 if (dispatch_type[item.type](parser, &item)) {
1277 hid_err(device, "item %u %u %u %u parsing failed\n",
1278 item.format, (unsigned)item.size,
1279 (unsigned)item.type, (unsigned)item.tag);
1280 goto err;
1281 }
1282
1283 if (start == end) {
1284 if (parser->collection_stack_ptr) {
1285 hid_err(device, "unbalanced collection at end of report description\n");
1286 goto err;
1287 }
1288 if (parser->local.delimiter_depth) {
1289 hid_err(device, "unbalanced delimiter at end of report description\n");
1290 goto err;
1291 }
1292
1293 /*
1294 * fetch initial values in case the device's
1295 * default multiplier isn't the recommended 1
1296 */
1297 hid_setup_resolution_multiplier(device);
1298
1299 kfree(parser->collection_stack);
1300 vfree(parser);
1301 device->status |= HID_STAT_PARSED;
1302
1303 return 0;
1304 }
1305 }
1306
1307 hid_err(device, "item fetching failed at offset %u/%u\n",
1308 size - (unsigned int)(end - start), size);
1309 err:
1310 kfree(parser->collection_stack);
1311 alloc_err:
1312 vfree(parser);
1313 hid_close_report(device);
1314 return ret;
1315 }
1316 EXPORT_SYMBOL_GPL(hid_open_report);
1317
1318 /*
1319 * Convert a signed n-bit integer to signed 32-bit integer. Common
1320 * cases are done through the compiler, the screwed things has to be
1321 * done by hand.
1322 */
1323
snto32(__u32 value,unsigned n)1324 static s32 snto32(__u32 value, unsigned n)
1325 {
1326 if (!value || !n)
1327 return 0;
1328
1329 if (n > 32)
1330 n = 32;
1331
1332 switch (n) {
1333 case 8: return ((__s8)value);
1334 case 16: return ((__s16)value);
1335 case 32: return ((__s32)value);
1336 }
1337 return value & (1 << (n - 1)) ? value | (~0U << n) : value;
1338 }
1339
hid_snto32(__u32 value,unsigned n)1340 s32 hid_snto32(__u32 value, unsigned n)
1341 {
1342 return snto32(value, n);
1343 }
1344 EXPORT_SYMBOL_GPL(hid_snto32);
1345
1346 /*
1347 * Convert a signed 32-bit integer to a signed n-bit integer.
1348 */
1349
s32ton(__s32 value,unsigned n)1350 static u32 s32ton(__s32 value, unsigned n)
1351 {
1352 s32 a = value >> (n - 1);
1353 if (a && a != -1)
1354 return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
1355 return value & ((1 << n) - 1);
1356 }
1357
1358 /*
1359 * Extract/implement a data field from/to a little endian report (bit array).
1360 *
1361 * Code sort-of follows HID spec:
1362 * http://www.usb.org/developers/hidpage/HID1_11.pdf
1363 *
1364 * While the USB HID spec allows unlimited length bit fields in "report
1365 * descriptors", most devices never use more than 16 bits.
1366 * One model of UPS is claimed to report "LINEV" as a 32-bit field.
1367 * Search linux-kernel and linux-usb-devel archives for "hid-core extract".
1368 */
1369
__extract(u8 * report,unsigned offset,int n)1370 static u32 __extract(u8 *report, unsigned offset, int n)
1371 {
1372 unsigned int idx = offset / 8;
1373 unsigned int bit_nr = 0;
1374 unsigned int bit_shift = offset % 8;
1375 int bits_to_copy = 8 - bit_shift;
1376 u32 value = 0;
1377 u32 mask = n < 32 ? (1U << n) - 1 : ~0U;
1378
1379 while (n > 0) {
1380 value |= ((u32)report[idx] >> bit_shift) << bit_nr;
1381 n -= bits_to_copy;
1382 bit_nr += bits_to_copy;
1383 bits_to_copy = 8;
1384 bit_shift = 0;
1385 idx++;
1386 }
1387
1388 return value & mask;
1389 }
1390
hid_field_extract(const struct hid_device * hid,u8 * report,unsigned offset,unsigned n)1391 u32 hid_field_extract(const struct hid_device *hid, u8 *report,
1392 unsigned offset, unsigned n)
1393 {
1394 if (n > 32) {
1395 hid_warn_once(hid, "%s() called with n (%d) > 32! (%s)\n",
1396 __func__, n, current->comm);
1397 n = 32;
1398 }
1399
1400 return __extract(report, offset, n);
1401 }
1402 EXPORT_SYMBOL_GPL(hid_field_extract);
1403
1404 /*
1405 * "implement" : set bits in a little endian bit stream.
1406 * Same concepts as "extract" (see comments above).
1407 * The data mangled in the bit stream remains in little endian
1408 * order the whole time. It make more sense to talk about
1409 * endianness of register values by considering a register
1410 * a "cached" copy of the little endian bit stream.
1411 */
1412
__implement(u8 * report,unsigned offset,int n,u32 value)1413 static void __implement(u8 *report, unsigned offset, int n, u32 value)
1414 {
1415 unsigned int idx = offset / 8;
1416 unsigned int bit_shift = offset % 8;
1417 int bits_to_set = 8 - bit_shift;
1418
1419 while (n - bits_to_set >= 0) {
1420 report[idx] &= ~(0xff << bit_shift);
1421 report[idx] |= value << bit_shift;
1422 value >>= bits_to_set;
1423 n -= bits_to_set;
1424 bits_to_set = 8;
1425 bit_shift = 0;
1426 idx++;
1427 }
1428
1429 /* last nibble */
1430 if (n) {
1431 u8 bit_mask = ((1U << n) - 1);
1432 report[idx] &= ~(bit_mask << bit_shift);
1433 report[idx] |= value << bit_shift;
1434 }
1435 }
1436
implement(const struct hid_device * hid,u8 * report,unsigned offset,unsigned n,u32 value)1437 static void implement(const struct hid_device *hid, u8 *report,
1438 unsigned offset, unsigned n, u32 value)
1439 {
1440 if (unlikely(n > 32)) {
1441 hid_warn(hid, "%s() called with n (%d) > 32! (%s)\n",
1442 __func__, n, current->comm);
1443 n = 32;
1444 } else if (n < 32) {
1445 u32 m = (1U << n) - 1;
1446
1447 if (unlikely(value > m)) {
1448 hid_warn(hid,
1449 "%s() called with too large value %d (n: %d)! (%s)\n",
1450 __func__, value, n, current->comm);
1451 value &= m;
1452 }
1453 }
1454
1455 __implement(report, offset, n, value);
1456 }
1457
1458 /*
1459 * Search an array for a value.
1460 */
1461
search(__s32 * array,__s32 value,unsigned n)1462 static int search(__s32 *array, __s32 value, unsigned n)
1463 {
1464 while (n--) {
1465 if (*array++ == value)
1466 return 0;
1467 }
1468 return -1;
1469 }
1470
1471 /**
1472 * hid_match_report - check if driver's raw_event should be called
1473 *
1474 * @hid: hid device
1475 * @report: hid report to match against
1476 *
1477 * compare hid->driver->report_table->report_type to report->type
1478 */
hid_match_report(struct hid_device * hid,struct hid_report * report)1479 static int hid_match_report(struct hid_device *hid, struct hid_report *report)
1480 {
1481 const struct hid_report_id *id = hid->driver->report_table;
1482
1483 if (!id) /* NULL means all */
1484 return 1;
1485
1486 for (; id->report_type != HID_TERMINATOR; id++)
1487 if (id->report_type == HID_ANY_ID ||
1488 id->report_type == report->type)
1489 return 1;
1490 return 0;
1491 }
1492
1493 /**
1494 * hid_match_usage - check if driver's event should be called
1495 *
1496 * @hid: hid device
1497 * @usage: usage to match against
1498 *
1499 * compare hid->driver->usage_table->usage_{type,code} to
1500 * usage->usage_{type,code}
1501 */
hid_match_usage(struct hid_device * hid,struct hid_usage * usage)1502 static int hid_match_usage(struct hid_device *hid, struct hid_usage *usage)
1503 {
1504 const struct hid_usage_id *id = hid->driver->usage_table;
1505
1506 if (!id) /* NULL means all */
1507 return 1;
1508
1509 for (; id->usage_type != HID_ANY_ID - 1; id++)
1510 if ((id->usage_hid == HID_ANY_ID ||
1511 id->usage_hid == usage->hid) &&
1512 (id->usage_type == HID_ANY_ID ||
1513 id->usage_type == usage->type) &&
1514 (id->usage_code == HID_ANY_ID ||
1515 id->usage_code == usage->code))
1516 return 1;
1517 return 0;
1518 }
1519
hid_process_event(struct hid_device * hid,struct hid_field * field,struct hid_usage * usage,__s32 value,int interrupt)1520 static void hid_process_event(struct hid_device *hid, struct hid_field *field,
1521 struct hid_usage *usage, __s32 value, int interrupt)
1522 {
1523 struct hid_driver *hdrv = hid->driver;
1524 int ret;
1525
1526 if (!list_empty(&hid->debug_list))
1527 hid_dump_input(hid, usage, value);
1528
1529 if (hdrv && hdrv->event && hid_match_usage(hid, usage)) {
1530 ret = hdrv->event(hid, field, usage, value);
1531 if (ret != 0) {
1532 if (ret < 0)
1533 hid_err(hid, "%s's event failed with %d\n",
1534 hdrv->name, ret);
1535 return;
1536 }
1537 }
1538
1539 if (hid->claimed & HID_CLAIMED_INPUT)
1540 hidinput_hid_event(hid, field, usage, value);
1541 if (hid->claimed & HID_CLAIMED_HIDDEV && interrupt && hid->hiddev_hid_event)
1542 hid->hiddev_hid_event(hid, field, usage, value);
1543 }
1544
1545 /*
1546 * Analyse a received field, and fetch the data from it. The field
1547 * content is stored for next report processing (we do differential
1548 * reporting to the layer).
1549 */
1550
hid_input_field(struct hid_device * hid,struct hid_field * field,__u8 * data,int interrupt)1551 static void hid_input_field(struct hid_device *hid, struct hid_field *field,
1552 __u8 *data, int interrupt)
1553 {
1554 unsigned n;
1555 unsigned count = field->report_count;
1556 unsigned offset = field->report_offset;
1557 unsigned size = field->report_size;
1558 __s32 min = field->logical_minimum;
1559 __s32 max = field->logical_maximum;
1560 __s32 *value;
1561
1562 value = kmalloc_array(count, sizeof(__s32), GFP_ATOMIC);
1563 if (!value)
1564 return;
1565
1566 for (n = 0; n < count; n++) {
1567
1568 value[n] = min < 0 ?
1569 snto32(hid_field_extract(hid, data, offset + n * size,
1570 size), size) :
1571 hid_field_extract(hid, data, offset + n * size, size);
1572
1573 /* Ignore report if ErrorRollOver */
1574 if (!(field->flags & HID_MAIN_ITEM_VARIABLE) &&
1575 value[n] >= min && value[n] <= max &&
1576 value[n] - min < field->maxusage &&
1577 field->usage[value[n] - min].hid == HID_UP_KEYBOARD + 1)
1578 goto exit;
1579 }
1580
1581 for (n = 0; n < count; n++) {
1582
1583 if (HID_MAIN_ITEM_VARIABLE & field->flags) {
1584 hid_process_event(hid, field, &field->usage[n], value[n], interrupt);
1585 continue;
1586 }
1587
1588 if (field->value[n] >= min && field->value[n] <= max
1589 && field->value[n] - min < field->maxusage
1590 && field->usage[field->value[n] - min].hid
1591 && search(value, field->value[n], count))
1592 hid_process_event(hid, field, &field->usage[field->value[n] - min], 0, interrupt);
1593
1594 if (value[n] >= min && value[n] <= max
1595 && value[n] - min < field->maxusage
1596 && field->usage[value[n] - min].hid
1597 && search(field->value, value[n], count))
1598 hid_process_event(hid, field, &field->usage[value[n] - min], 1, interrupt);
1599 }
1600
1601 memcpy(field->value, value, count * sizeof(__s32));
1602 exit:
1603 kfree(value);
1604 }
1605
1606 /*
1607 * Output the field into the report.
1608 */
1609
hid_output_field(const struct hid_device * hid,struct hid_field * field,__u8 * data)1610 static void hid_output_field(const struct hid_device *hid,
1611 struct hid_field *field, __u8 *data)
1612 {
1613 unsigned count = field->report_count;
1614 unsigned offset = field->report_offset;
1615 unsigned size = field->report_size;
1616 unsigned n;
1617
1618 for (n = 0; n < count; n++) {
1619 if (field->logical_minimum < 0) /* signed values */
1620 implement(hid, data, offset + n * size, size,
1621 s32ton(field->value[n], size));
1622 else /* unsigned values */
1623 implement(hid, data, offset + n * size, size,
1624 field->value[n]);
1625 }
1626 }
1627
1628 /*
1629 * Compute the size of a report.
1630 */
hid_compute_report_size(struct hid_report * report)1631 static size_t hid_compute_report_size(struct hid_report *report)
1632 {
1633 if (report->size)
1634 return ((report->size - 1) >> 3) + 1;
1635
1636 return 0;
1637 }
1638
1639 /*
1640 * Create a report. 'data' has to be allocated using
1641 * hid_alloc_report_buf() so that it has proper size.
1642 */
1643
hid_output_report(struct hid_report * report,__u8 * data)1644 void hid_output_report(struct hid_report *report, __u8 *data)
1645 {
1646 unsigned n;
1647
1648 if (report->id > 0)
1649 *data++ = report->id;
1650
1651 memset(data, 0, hid_compute_report_size(report));
1652 for (n = 0; n < report->maxfield; n++)
1653 hid_output_field(report->device, report->field[n], data);
1654 }
1655 EXPORT_SYMBOL_GPL(hid_output_report);
1656
1657 /*
1658 * Allocator for buffer that is going to be passed to hid_output_report()
1659 */
hid_alloc_report_buf(struct hid_report * report,gfp_t flags)1660 u8 *hid_alloc_report_buf(struct hid_report *report, gfp_t flags)
1661 {
1662 /*
1663 * 7 extra bytes are necessary to achieve proper functionality
1664 * of implement() working on 8 byte chunks
1665 * 1 extra byte for the report ID if it is null (not used) so
1666 * we can reserve that extra byte in the first position of the buffer
1667 * when sending it to .raw_request()
1668 */
1669
1670 u32 len = hid_report_len(report) + 7 + (report->id == 0);
1671
1672 return kzalloc(len, flags);
1673 }
1674 EXPORT_SYMBOL_GPL(hid_alloc_report_buf);
1675
1676 /*
1677 * Set a field value. The report this field belongs to has to be
1678 * created and transferred to the device, to set this value in the
1679 * device.
1680 */
1681
hid_set_field(struct hid_field * field,unsigned offset,__s32 value)1682 int hid_set_field(struct hid_field *field, unsigned offset, __s32 value)
1683 {
1684 unsigned size;
1685
1686 if (!field)
1687 return -1;
1688
1689 size = field->report_size;
1690
1691 hid_dump_input(field->report->device, field->usage + offset, value);
1692
1693 if (offset >= field->report_count) {
1694 hid_err(field->report->device, "offset (%d) exceeds report_count (%d)\n",
1695 offset, field->report_count);
1696 return -1;
1697 }
1698 if (field->logical_minimum < 0) {
1699 if (value != snto32(s32ton(value, size), size)) {
1700 hid_err(field->report->device, "value %d is out of range\n", value);
1701 return -1;
1702 }
1703 }
1704 field->value[offset] = value;
1705 return 0;
1706 }
1707 EXPORT_SYMBOL_GPL(hid_set_field);
1708
hid_get_report(struct hid_report_enum * report_enum,const u8 * data)1709 static struct hid_report *hid_get_report(struct hid_report_enum *report_enum,
1710 const u8 *data)
1711 {
1712 struct hid_report *report;
1713 unsigned int n = 0; /* Normally report number is 0 */
1714
1715 /* Device uses numbered reports, data[0] is report number */
1716 if (report_enum->numbered)
1717 n = *data;
1718
1719 report = report_enum->report_id_hash[n];
1720 if (report == NULL)
1721 dbg_hid("undefined report_id %u received\n", n);
1722
1723 return report;
1724 }
1725
1726 /*
1727 * Implement a generic .request() callback, using .raw_request()
1728 * DO NOT USE in hid drivers directly, but through hid_hw_request instead.
1729 */
__hid_request(struct hid_device * hid,struct hid_report * report,int reqtype)1730 int __hid_request(struct hid_device *hid, struct hid_report *report,
1731 int reqtype)
1732 {
1733 char *buf;
1734 int ret;
1735 u32 len;
1736
1737 buf = hid_alloc_report_buf(report, GFP_KERNEL);
1738 if (!buf)
1739 return -ENOMEM;
1740
1741 len = hid_report_len(report);
1742
1743 if (reqtype == HID_REQ_SET_REPORT)
1744 hid_output_report(report, buf);
1745
1746 ret = hid_hw_raw_request(hid, report->id, buf, len, report->type, reqtype);
1747 if (ret < 0) {
1748 dbg_hid("unable to complete request: %d\n", ret);
1749 goto out;
1750 }
1751
1752 if (reqtype == HID_REQ_GET_REPORT)
1753 hid_input_report(hid, report->type, buf, ret, 0);
1754
1755 ret = 0;
1756
1757 out:
1758 kfree(buf);
1759 return ret;
1760 }
1761 EXPORT_SYMBOL_GPL(__hid_request);
1762
hid_report_raw_event(struct hid_device * hid,int type,u8 * data,u32 size,int interrupt)1763 int hid_report_raw_event(struct hid_device *hid, int type, u8 *data, u32 size,
1764 int interrupt)
1765 {
1766 struct hid_report_enum *report_enum = hid->report_enum + type;
1767 struct hid_report *report;
1768 struct hid_driver *hdrv;
1769 int max_buffer_size = HID_MAX_BUFFER_SIZE;
1770 unsigned int a;
1771 u32 rsize, csize = size;
1772 u8 *cdata = data;
1773 int ret = 0;
1774
1775 report = hid_get_report(report_enum, data);
1776 if (!report)
1777 goto out;
1778
1779 if (report_enum->numbered) {
1780 cdata++;
1781 csize--;
1782 }
1783
1784 rsize = hid_compute_report_size(report);
1785
1786 if (hid->ll_driver->max_buffer_size)
1787 max_buffer_size = hid->ll_driver->max_buffer_size;
1788
1789 if (report_enum->numbered && rsize >= max_buffer_size)
1790 rsize = max_buffer_size - 1;
1791 else if (rsize > max_buffer_size)
1792 rsize = max_buffer_size;
1793
1794 if (csize < rsize) {
1795 dbg_hid("report %d is too short, (%d < %d)\n", report->id,
1796 csize, rsize);
1797 memset(cdata + csize, 0, rsize - csize);
1798 }
1799
1800 if ((hid->claimed & HID_CLAIMED_HIDDEV) && hid->hiddev_report_event)
1801 hid->hiddev_report_event(hid, report);
1802 if (hid->claimed & HID_CLAIMED_HIDRAW) {
1803 ret = hidraw_report_event(hid, data, size);
1804 if (ret)
1805 goto out;
1806 }
1807
1808 if (hid->claimed != HID_CLAIMED_HIDRAW && report->maxfield) {
1809 for (a = 0; a < report->maxfield; a++)
1810 hid_input_field(hid, report->field[a], cdata, interrupt);
1811 hdrv = hid->driver;
1812 if (hdrv && hdrv->report)
1813 hdrv->report(hid, report);
1814 }
1815
1816 if (hid->claimed & HID_CLAIMED_INPUT)
1817 hidinput_report_event(hid, report);
1818 out:
1819 return ret;
1820 }
1821 EXPORT_SYMBOL_GPL(hid_report_raw_event);
1822
1823 /**
1824 * hid_input_report - report data from lower layer (usb, bt...)
1825 *
1826 * @hid: hid device
1827 * @type: HID report type (HID_*_REPORT)
1828 * @data: report contents
1829 * @size: size of data parameter
1830 * @interrupt: distinguish between interrupt and control transfers
1831 *
1832 * This is data entry for lower layers.
1833 */
hid_input_report(struct hid_device * hid,int type,u8 * data,u32 size,int interrupt)1834 int hid_input_report(struct hid_device *hid, int type, u8 *data, u32 size, int interrupt)
1835 {
1836 struct hid_report_enum *report_enum;
1837 struct hid_driver *hdrv;
1838 struct hid_report *report;
1839 int ret = 0;
1840
1841 if (!hid)
1842 return -ENODEV;
1843
1844 if (down_trylock(&hid->driver_input_lock))
1845 return -EBUSY;
1846
1847 if (!hid->driver) {
1848 ret = -ENODEV;
1849 goto unlock;
1850 }
1851 report_enum = hid->report_enum + type;
1852 hdrv = hid->driver;
1853
1854 if (!size) {
1855 dbg_hid("empty report\n");
1856 ret = -1;
1857 goto unlock;
1858 }
1859
1860 /* Avoid unnecessary overhead if debugfs is disabled */
1861 if (!list_empty(&hid->debug_list))
1862 hid_dump_report(hid, type, data, size);
1863
1864 report = hid_get_report(report_enum, data);
1865
1866 if (!report) {
1867 ret = -1;
1868 goto unlock;
1869 }
1870
1871 if (hdrv && hdrv->raw_event && hid_match_report(hid, report)) {
1872 ret = hdrv->raw_event(hid, report, data, size);
1873 if (ret < 0)
1874 goto unlock;
1875 }
1876
1877 ret = hid_report_raw_event(hid, type, data, size, interrupt);
1878
1879 unlock:
1880 up(&hid->driver_input_lock);
1881 return ret;
1882 }
1883 EXPORT_SYMBOL_GPL(hid_input_report);
1884
hid_match_one_id(const struct hid_device * hdev,const struct hid_device_id * id)1885 bool hid_match_one_id(const struct hid_device *hdev,
1886 const struct hid_device_id *id)
1887 {
1888 return (id->bus == HID_BUS_ANY || id->bus == hdev->bus) &&
1889 (id->group == HID_GROUP_ANY || id->group == hdev->group) &&
1890 (id->vendor == HID_ANY_ID || id->vendor == hdev->vendor) &&
1891 (id->product == HID_ANY_ID || id->product == hdev->product);
1892 }
1893
hid_match_id(const struct hid_device * hdev,const struct hid_device_id * id)1894 const struct hid_device_id *hid_match_id(const struct hid_device *hdev,
1895 const struct hid_device_id *id)
1896 {
1897 for (; id->bus; id++)
1898 if (hid_match_one_id(hdev, id))
1899 return id;
1900
1901 return NULL;
1902 }
1903
1904 static const struct hid_device_id hid_hiddev_list[] = {
1905 { HID_USB_DEVICE(USB_VENDOR_ID_MGE, USB_DEVICE_ID_MGE_UPS) },
1906 { HID_USB_DEVICE(USB_VENDOR_ID_MGE, USB_DEVICE_ID_MGE_UPS1) },
1907 { }
1908 };
1909
hid_hiddev(struct hid_device * hdev)1910 static bool hid_hiddev(struct hid_device *hdev)
1911 {
1912 return !!hid_match_id(hdev, hid_hiddev_list);
1913 }
1914
1915
1916 static ssize_t
read_report_descriptor(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)1917 read_report_descriptor(struct file *filp, struct kobject *kobj,
1918 struct bin_attribute *attr,
1919 char *buf, loff_t off, size_t count)
1920 {
1921 struct device *dev = kobj_to_dev(kobj);
1922 struct hid_device *hdev = to_hid_device(dev);
1923
1924 if (off >= hdev->rsize)
1925 return 0;
1926
1927 if (off + count > hdev->rsize)
1928 count = hdev->rsize - off;
1929
1930 memcpy(buf, hdev->rdesc + off, count);
1931
1932 return count;
1933 }
1934
1935 static ssize_t
show_country(struct device * dev,struct device_attribute * attr,char * buf)1936 show_country(struct device *dev, struct device_attribute *attr,
1937 char *buf)
1938 {
1939 struct hid_device *hdev = to_hid_device(dev);
1940
1941 return sprintf(buf, "%02x\n", hdev->country & 0xff);
1942 }
1943
1944 static struct bin_attribute dev_bin_attr_report_desc = {
1945 .attr = { .name = "report_descriptor", .mode = 0444 },
1946 .read = read_report_descriptor,
1947 .size = HID_MAX_DESCRIPTOR_SIZE,
1948 };
1949
1950 static const struct device_attribute dev_attr_country = {
1951 .attr = { .name = "country", .mode = 0444 },
1952 .show = show_country,
1953 };
1954
hid_connect(struct hid_device * hdev,unsigned int connect_mask)1955 int hid_connect(struct hid_device *hdev, unsigned int connect_mask)
1956 {
1957 static const char *types[] = { "Device", "Pointer", "Mouse", "Device",
1958 "Joystick", "Gamepad", "Keyboard", "Keypad",
1959 "Multi-Axis Controller"
1960 };
1961 const char *type, *bus;
1962 char buf[64] = "";
1963 unsigned int i;
1964 int len;
1965 int ret;
1966
1967 if (hdev->quirks & HID_QUIRK_HIDDEV_FORCE)
1968 connect_mask |= (HID_CONNECT_HIDDEV_FORCE | HID_CONNECT_HIDDEV);
1969 if (hdev->quirks & HID_QUIRK_HIDINPUT_FORCE)
1970 connect_mask |= HID_CONNECT_HIDINPUT_FORCE;
1971 if (hdev->bus != BUS_USB)
1972 connect_mask &= ~HID_CONNECT_HIDDEV;
1973 if (hid_hiddev(hdev))
1974 connect_mask |= HID_CONNECT_HIDDEV_FORCE;
1975
1976 if ((connect_mask & HID_CONNECT_HIDINPUT) && !hidinput_connect(hdev,
1977 connect_mask & HID_CONNECT_HIDINPUT_FORCE))
1978 hdev->claimed |= HID_CLAIMED_INPUT;
1979
1980 if ((connect_mask & HID_CONNECT_HIDDEV) && hdev->hiddev_connect &&
1981 !hdev->hiddev_connect(hdev,
1982 connect_mask & HID_CONNECT_HIDDEV_FORCE))
1983 hdev->claimed |= HID_CLAIMED_HIDDEV;
1984 if ((connect_mask & HID_CONNECT_HIDRAW) && !hidraw_connect(hdev))
1985 hdev->claimed |= HID_CLAIMED_HIDRAW;
1986
1987 if (connect_mask & HID_CONNECT_DRIVER)
1988 hdev->claimed |= HID_CLAIMED_DRIVER;
1989
1990 /* Drivers with the ->raw_event callback set are not required to connect
1991 * to any other listener. */
1992 if (!hdev->claimed && !hdev->driver->raw_event) {
1993 hid_err(hdev, "device has no listeners, quitting\n");
1994 return -ENODEV;
1995 }
1996
1997 if ((hdev->claimed & HID_CLAIMED_INPUT) &&
1998 (connect_mask & HID_CONNECT_FF) && hdev->ff_init)
1999 hdev->ff_init(hdev);
2000
2001 len = 0;
2002 if (hdev->claimed & HID_CLAIMED_INPUT)
2003 len += sprintf(buf + len, "input");
2004 if (hdev->claimed & HID_CLAIMED_HIDDEV)
2005 len += sprintf(buf + len, "%shiddev%d", len ? "," : "",
2006 ((struct hiddev *)hdev->hiddev)->minor);
2007 if (hdev->claimed & HID_CLAIMED_HIDRAW)
2008 len += sprintf(buf + len, "%shidraw%d", len ? "," : "",
2009 ((struct hidraw *)hdev->hidraw)->minor);
2010
2011 type = "Device";
2012 for (i = 0; i < hdev->maxcollection; i++) {
2013 struct hid_collection *col = &hdev->collection[i];
2014 if (col->type == HID_COLLECTION_APPLICATION &&
2015 (col->usage & HID_USAGE_PAGE) == HID_UP_GENDESK &&
2016 (col->usage & 0xffff) < ARRAY_SIZE(types)) {
2017 type = types[col->usage & 0xffff];
2018 break;
2019 }
2020 }
2021
2022 switch (hdev->bus) {
2023 case BUS_USB:
2024 bus = "USB";
2025 break;
2026 case BUS_BLUETOOTH:
2027 bus = "BLUETOOTH";
2028 break;
2029 case BUS_I2C:
2030 bus = "I2C";
2031 break;
2032 case BUS_VIRTUAL:
2033 bus = "VIRTUAL";
2034 break;
2035 default:
2036 bus = "<UNKNOWN>";
2037 }
2038
2039 ret = device_create_file(&hdev->dev, &dev_attr_country);
2040 if (ret)
2041 hid_warn(hdev,
2042 "can't create sysfs country code attribute err: %d\n", ret);
2043
2044 hid_info(hdev, "%s: %s HID v%x.%02x %s [%s] on %s\n",
2045 buf, bus, hdev->version >> 8, hdev->version & 0xff,
2046 type, hdev->name, hdev->phys);
2047
2048 return 0;
2049 }
2050 EXPORT_SYMBOL_GPL(hid_connect);
2051
hid_disconnect(struct hid_device * hdev)2052 void hid_disconnect(struct hid_device *hdev)
2053 {
2054 device_remove_file(&hdev->dev, &dev_attr_country);
2055 if (hdev->claimed & HID_CLAIMED_INPUT)
2056 hidinput_disconnect(hdev);
2057 if (hdev->claimed & HID_CLAIMED_HIDDEV)
2058 hdev->hiddev_disconnect(hdev);
2059 if (hdev->claimed & HID_CLAIMED_HIDRAW)
2060 hidraw_disconnect(hdev);
2061 hdev->claimed = 0;
2062 }
2063 EXPORT_SYMBOL_GPL(hid_disconnect);
2064
2065 /**
2066 * hid_hw_start - start underlying HW
2067 * @hdev: hid device
2068 * @connect_mask: which outputs to connect, see HID_CONNECT_*
2069 *
2070 * Call this in probe function *after* hid_parse. This will setup HW
2071 * buffers and start the device (if not defeirred to device open).
2072 * hid_hw_stop must be called if this was successful.
2073 */
hid_hw_start(struct hid_device * hdev,unsigned int connect_mask)2074 int hid_hw_start(struct hid_device *hdev, unsigned int connect_mask)
2075 {
2076 int error;
2077
2078 error = hdev->ll_driver->start(hdev);
2079 if (error)
2080 return error;
2081
2082 if (connect_mask) {
2083 error = hid_connect(hdev, connect_mask);
2084 if (error) {
2085 hdev->ll_driver->stop(hdev);
2086 return error;
2087 }
2088 }
2089
2090 return 0;
2091 }
2092 EXPORT_SYMBOL_GPL(hid_hw_start);
2093
2094 /**
2095 * hid_hw_stop - stop underlying HW
2096 * @hdev: hid device
2097 *
2098 * This is usually called from remove function or from probe when something
2099 * failed and hid_hw_start was called already.
2100 */
hid_hw_stop(struct hid_device * hdev)2101 void hid_hw_stop(struct hid_device *hdev)
2102 {
2103 hid_disconnect(hdev);
2104 hdev->ll_driver->stop(hdev);
2105 }
2106 EXPORT_SYMBOL_GPL(hid_hw_stop);
2107
2108 /**
2109 * hid_hw_open - signal underlying HW to start delivering events
2110 * @hdev: hid device
2111 *
2112 * Tell underlying HW to start delivering events from the device.
2113 * This function should be called sometime after successful call
2114 * to hid_hw_start().
2115 */
hid_hw_open(struct hid_device * hdev)2116 int hid_hw_open(struct hid_device *hdev)
2117 {
2118 int ret;
2119
2120 ret = mutex_lock_killable(&hdev->ll_open_lock);
2121 if (ret)
2122 return ret;
2123
2124 if (!hdev->ll_open_count++) {
2125 ret = hdev->ll_driver->open(hdev);
2126 if (ret)
2127 hdev->ll_open_count--;
2128 }
2129
2130 mutex_unlock(&hdev->ll_open_lock);
2131 return ret;
2132 }
2133 EXPORT_SYMBOL_GPL(hid_hw_open);
2134
2135 /**
2136 * hid_hw_close - signal underlaying HW to stop delivering events
2137 *
2138 * @hdev: hid device
2139 *
2140 * This function indicates that we are not interested in the events
2141 * from this device anymore. Delivery of events may or may not stop,
2142 * depending on the number of users still outstanding.
2143 */
hid_hw_close(struct hid_device * hdev)2144 void hid_hw_close(struct hid_device *hdev)
2145 {
2146 mutex_lock(&hdev->ll_open_lock);
2147 if (!--hdev->ll_open_count)
2148 hdev->ll_driver->close(hdev);
2149 mutex_unlock(&hdev->ll_open_lock);
2150 }
2151 EXPORT_SYMBOL_GPL(hid_hw_close);
2152
2153 struct hid_dynid {
2154 struct list_head list;
2155 struct hid_device_id id;
2156 };
2157
2158 /**
2159 * store_new_id - add a new HID device ID to this driver and re-probe devices
2160 * @drv: target device driver
2161 * @buf: buffer for scanning device ID data
2162 * @count: input size
2163 *
2164 * Adds a new dynamic hid device ID to this driver,
2165 * and causes the driver to probe for all devices again.
2166 */
new_id_store(struct device_driver * drv,const char * buf,size_t count)2167 static ssize_t new_id_store(struct device_driver *drv, const char *buf,
2168 size_t count)
2169 {
2170 struct hid_driver *hdrv = to_hid_driver(drv);
2171 struct hid_dynid *dynid;
2172 __u32 bus, vendor, product;
2173 unsigned long driver_data = 0;
2174 int ret;
2175
2176 ret = sscanf(buf, "%x %x %x %lx",
2177 &bus, &vendor, &product, &driver_data);
2178 if (ret < 3)
2179 return -EINVAL;
2180
2181 dynid = kzalloc(sizeof(*dynid), GFP_KERNEL);
2182 if (!dynid)
2183 return -ENOMEM;
2184
2185 dynid->id.bus = bus;
2186 dynid->id.group = HID_GROUP_ANY;
2187 dynid->id.vendor = vendor;
2188 dynid->id.product = product;
2189 dynid->id.driver_data = driver_data;
2190
2191 spin_lock(&hdrv->dyn_lock);
2192 list_add_tail(&dynid->list, &hdrv->dyn_list);
2193 spin_unlock(&hdrv->dyn_lock);
2194
2195 ret = driver_attach(&hdrv->driver);
2196
2197 return ret ? : count;
2198 }
2199 static DRIVER_ATTR_WO(new_id);
2200
2201 static struct attribute *hid_drv_attrs[] = {
2202 &driver_attr_new_id.attr,
2203 NULL,
2204 };
2205 ATTRIBUTE_GROUPS(hid_drv);
2206
hid_free_dynids(struct hid_driver * hdrv)2207 static void hid_free_dynids(struct hid_driver *hdrv)
2208 {
2209 struct hid_dynid *dynid, *n;
2210
2211 spin_lock(&hdrv->dyn_lock);
2212 list_for_each_entry_safe(dynid, n, &hdrv->dyn_list, list) {
2213 list_del(&dynid->list);
2214 kfree(dynid);
2215 }
2216 spin_unlock(&hdrv->dyn_lock);
2217 }
2218
hid_match_device(struct hid_device * hdev,struct hid_driver * hdrv)2219 const struct hid_device_id *hid_match_device(struct hid_device *hdev,
2220 struct hid_driver *hdrv)
2221 {
2222 struct hid_dynid *dynid;
2223
2224 spin_lock(&hdrv->dyn_lock);
2225 list_for_each_entry(dynid, &hdrv->dyn_list, list) {
2226 if (hid_match_one_id(hdev, &dynid->id)) {
2227 spin_unlock(&hdrv->dyn_lock);
2228 return &dynid->id;
2229 }
2230 }
2231 spin_unlock(&hdrv->dyn_lock);
2232
2233 return hid_match_id(hdev, hdrv->id_table);
2234 }
2235 EXPORT_SYMBOL_GPL(hid_match_device);
2236
hid_bus_match(struct device * dev,struct device_driver * drv)2237 static int hid_bus_match(struct device *dev, struct device_driver *drv)
2238 {
2239 struct hid_driver *hdrv = to_hid_driver(drv);
2240 struct hid_device *hdev = to_hid_device(dev);
2241
2242 return hid_match_device(hdev, hdrv) != NULL;
2243 }
2244
2245 /**
2246 * hid_compare_device_paths - check if both devices share the same path
2247 * @hdev_a: hid device
2248 * @hdev_b: hid device
2249 * @separator: char to use as separator
2250 *
2251 * Check if two devices share the same path up to the last occurrence of
2252 * the separator char. Both paths must exist (i.e., zero-length paths
2253 * don't match).
2254 */
hid_compare_device_paths(struct hid_device * hdev_a,struct hid_device * hdev_b,char separator)2255 bool hid_compare_device_paths(struct hid_device *hdev_a,
2256 struct hid_device *hdev_b, char separator)
2257 {
2258 int n1 = strrchr(hdev_a->phys, separator) - hdev_a->phys;
2259 int n2 = strrchr(hdev_b->phys, separator) - hdev_b->phys;
2260
2261 if (n1 != n2 || n1 <= 0 || n2 <= 0)
2262 return false;
2263
2264 return !strncmp(hdev_a->phys, hdev_b->phys, n1);
2265 }
2266 EXPORT_SYMBOL_GPL(hid_compare_device_paths);
2267
hid_device_probe(struct device * dev)2268 static int hid_device_probe(struct device *dev)
2269 {
2270 struct hid_driver *hdrv = to_hid_driver(dev->driver);
2271 struct hid_device *hdev = to_hid_device(dev);
2272 const struct hid_device_id *id;
2273 int ret = 0;
2274
2275 if (down_interruptible(&hdev->driver_input_lock)) {
2276 ret = -EINTR;
2277 goto end;
2278 }
2279 hdev->io_started = false;
2280
2281 clear_bit(ffs(HID_STAT_REPROBED), &hdev->status);
2282
2283 if (!hdev->driver) {
2284 id = hid_match_device(hdev, hdrv);
2285 if (id == NULL) {
2286 ret = -ENODEV;
2287 goto unlock;
2288 }
2289
2290 if (hdrv->match) {
2291 if (!hdrv->match(hdev, hid_ignore_special_drivers)) {
2292 ret = -ENODEV;
2293 goto unlock;
2294 }
2295 } else {
2296 /*
2297 * hid-generic implements .match(), so if
2298 * hid_ignore_special_drivers is set, we can safely
2299 * return.
2300 */
2301 if (hid_ignore_special_drivers) {
2302 ret = -ENODEV;
2303 goto unlock;
2304 }
2305 }
2306
2307 /* reset the quirks that has been previously set */
2308 hdev->quirks = hid_lookup_quirk(hdev);
2309 hdev->driver = hdrv;
2310 if (hdrv->probe) {
2311 ret = hdrv->probe(hdev, id);
2312 } else { /* default probe */
2313 ret = hid_open_report(hdev);
2314 if (!ret)
2315 ret = hid_hw_start(hdev, HID_CONNECT_DEFAULT);
2316 }
2317 if (ret) {
2318 hid_close_report(hdev);
2319 hdev->driver = NULL;
2320 }
2321 }
2322 unlock:
2323 if (!hdev->io_started)
2324 up(&hdev->driver_input_lock);
2325 end:
2326 return ret;
2327 }
2328
hid_device_remove(struct device * dev)2329 static int hid_device_remove(struct device *dev)
2330 {
2331 struct hid_device *hdev = to_hid_device(dev);
2332 struct hid_driver *hdrv;
2333
2334 down(&hdev->driver_input_lock);
2335 hdev->io_started = false;
2336
2337 hdrv = hdev->driver;
2338 if (hdrv) {
2339 if (hdrv->remove)
2340 hdrv->remove(hdev);
2341 else /* default remove */
2342 hid_hw_stop(hdev);
2343 hid_close_report(hdev);
2344 hdev->driver = NULL;
2345 }
2346
2347 if (!hdev->io_started)
2348 up(&hdev->driver_input_lock);
2349
2350 return 0;
2351 }
2352
modalias_show(struct device * dev,struct device_attribute * a,char * buf)2353 static ssize_t modalias_show(struct device *dev, struct device_attribute *a,
2354 char *buf)
2355 {
2356 struct hid_device *hdev = container_of(dev, struct hid_device, dev);
2357
2358 return scnprintf(buf, PAGE_SIZE, "hid:b%04Xg%04Xv%08Xp%08X\n",
2359 hdev->bus, hdev->group, hdev->vendor, hdev->product);
2360 }
2361 static DEVICE_ATTR_RO(modalias);
2362
2363 static struct attribute *hid_dev_attrs[] = {
2364 &dev_attr_modalias.attr,
2365 NULL,
2366 };
2367 static struct bin_attribute *hid_dev_bin_attrs[] = {
2368 &dev_bin_attr_report_desc,
2369 NULL
2370 };
2371 static const struct attribute_group hid_dev_group = {
2372 .attrs = hid_dev_attrs,
2373 .bin_attrs = hid_dev_bin_attrs,
2374 };
2375 __ATTRIBUTE_GROUPS(hid_dev);
2376
hid_uevent(struct device * dev,struct kobj_uevent_env * env)2377 static int hid_uevent(struct device *dev, struct kobj_uevent_env *env)
2378 {
2379 struct hid_device *hdev = to_hid_device(dev);
2380
2381 if (add_uevent_var(env, "HID_ID=%04X:%08X:%08X",
2382 hdev->bus, hdev->vendor, hdev->product))
2383 return -ENOMEM;
2384
2385 if (add_uevent_var(env, "HID_NAME=%s", hdev->name))
2386 return -ENOMEM;
2387
2388 if (add_uevent_var(env, "HID_PHYS=%s", hdev->phys))
2389 return -ENOMEM;
2390
2391 if (add_uevent_var(env, "HID_UNIQ=%s", hdev->uniq))
2392 return -ENOMEM;
2393
2394 if (add_uevent_var(env, "MODALIAS=hid:b%04Xg%04Xv%08Xp%08X",
2395 hdev->bus, hdev->group, hdev->vendor, hdev->product))
2396 return -ENOMEM;
2397
2398 return 0;
2399 }
2400
2401 struct bus_type hid_bus_type = {
2402 .name = "hid",
2403 .dev_groups = hid_dev_groups,
2404 .drv_groups = hid_drv_groups,
2405 .match = hid_bus_match,
2406 .probe = hid_device_probe,
2407 .remove = hid_device_remove,
2408 .uevent = hid_uevent,
2409 };
2410 EXPORT_SYMBOL(hid_bus_type);
2411
hid_add_device(struct hid_device * hdev)2412 int hid_add_device(struct hid_device *hdev)
2413 {
2414 static atomic_t id = ATOMIC_INIT(0);
2415 int ret;
2416
2417 if (WARN_ON(hdev->status & HID_STAT_ADDED))
2418 return -EBUSY;
2419
2420 hdev->quirks = hid_lookup_quirk(hdev);
2421
2422 /* we need to kill them here, otherwise they will stay allocated to
2423 * wait for coming driver */
2424 if (hid_ignore(hdev))
2425 return -ENODEV;
2426
2427 /*
2428 * Check for the mandatory transport channel.
2429 */
2430 if (!hdev->ll_driver->raw_request) {
2431 hid_err(hdev, "transport driver missing .raw_request()\n");
2432 return -EINVAL;
2433 }
2434
2435 /*
2436 * Read the device report descriptor once and use as template
2437 * for the driver-specific modifications.
2438 */
2439 ret = hdev->ll_driver->parse(hdev);
2440 if (ret)
2441 return ret;
2442 if (!hdev->dev_rdesc)
2443 return -ENODEV;
2444
2445 /*
2446 * Scan generic devices for group information
2447 */
2448 if (hid_ignore_special_drivers) {
2449 hdev->group = HID_GROUP_GENERIC;
2450 } else if (!hdev->group &&
2451 !(hdev->quirks & HID_QUIRK_HAVE_SPECIAL_DRIVER)) {
2452 ret = hid_scan_report(hdev);
2453 if (ret)
2454 hid_warn(hdev, "bad device descriptor (%d)\n", ret);
2455 }
2456
2457 hdev->id = atomic_inc_return(&id);
2458
2459 /* XXX hack, any other cleaner solution after the driver core
2460 * is converted to allow more than 20 bytes as the device name? */
2461 dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
2462 hdev->vendor, hdev->product, hdev->id);
2463
2464 hid_debug_register(hdev, dev_name(&hdev->dev));
2465 ret = device_add(&hdev->dev);
2466 if (!ret)
2467 hdev->status |= HID_STAT_ADDED;
2468 else
2469 hid_debug_unregister(hdev);
2470
2471 return ret;
2472 }
2473 EXPORT_SYMBOL_GPL(hid_add_device);
2474
2475 /**
2476 * hid_allocate_device - allocate new hid device descriptor
2477 *
2478 * Allocate and initialize hid device, so that hid_destroy_device might be
2479 * used to free it.
2480 *
2481 * New hid_device pointer is returned on success, otherwise ERR_PTR encoded
2482 * error value.
2483 */
hid_allocate_device(void)2484 struct hid_device *hid_allocate_device(void)
2485 {
2486 struct hid_device *hdev;
2487 int ret = -ENOMEM;
2488
2489 hdev = kzalloc(sizeof(*hdev), GFP_KERNEL);
2490 if (hdev == NULL)
2491 return ERR_PTR(ret);
2492
2493 device_initialize(&hdev->dev);
2494 hdev->dev.release = hid_device_release;
2495 hdev->dev.bus = &hid_bus_type;
2496 device_enable_async_suspend(&hdev->dev);
2497
2498 hid_close_report(hdev);
2499
2500 init_waitqueue_head(&hdev->debug_wait);
2501 INIT_LIST_HEAD(&hdev->debug_list);
2502 spin_lock_init(&hdev->debug_list_lock);
2503 sema_init(&hdev->driver_input_lock, 1);
2504 mutex_init(&hdev->ll_open_lock);
2505 kref_init(&hdev->ref);
2506
2507 return hdev;
2508 }
2509 EXPORT_SYMBOL_GPL(hid_allocate_device);
2510
hid_remove_device(struct hid_device * hdev)2511 static void hid_remove_device(struct hid_device *hdev)
2512 {
2513 if (hdev->status & HID_STAT_ADDED) {
2514 device_del(&hdev->dev);
2515 hid_debug_unregister(hdev);
2516 hdev->status &= ~HID_STAT_ADDED;
2517 }
2518 kfree(hdev->dev_rdesc);
2519 hdev->dev_rdesc = NULL;
2520 hdev->dev_rsize = 0;
2521 }
2522
2523 /**
2524 * hid_destroy_device - free previously allocated device
2525 *
2526 * @hdev: hid device
2527 *
2528 * If you allocate hid_device through hid_allocate_device, you should ever
2529 * free by this function.
2530 */
hid_destroy_device(struct hid_device * hdev)2531 void hid_destroy_device(struct hid_device *hdev)
2532 {
2533 hid_remove_device(hdev);
2534 put_device(&hdev->dev);
2535 }
2536 EXPORT_SYMBOL_GPL(hid_destroy_device);
2537
2538
__hid_bus_reprobe_drivers(struct device * dev,void * data)2539 static int __hid_bus_reprobe_drivers(struct device *dev, void *data)
2540 {
2541 struct hid_driver *hdrv = data;
2542 struct hid_device *hdev = to_hid_device(dev);
2543
2544 if (hdev->driver == hdrv &&
2545 !hdrv->match(hdev, hid_ignore_special_drivers) &&
2546 !test_and_set_bit(ffs(HID_STAT_REPROBED), &hdev->status))
2547 return device_reprobe(dev);
2548
2549 return 0;
2550 }
2551
__hid_bus_driver_added(struct device_driver * drv,void * data)2552 static int __hid_bus_driver_added(struct device_driver *drv, void *data)
2553 {
2554 struct hid_driver *hdrv = to_hid_driver(drv);
2555
2556 if (hdrv->match) {
2557 bus_for_each_dev(&hid_bus_type, NULL, hdrv,
2558 __hid_bus_reprobe_drivers);
2559 }
2560
2561 return 0;
2562 }
2563
__bus_removed_driver(struct device_driver * drv,void * data)2564 static int __bus_removed_driver(struct device_driver *drv, void *data)
2565 {
2566 return bus_rescan_devices(&hid_bus_type);
2567 }
2568
__hid_register_driver(struct hid_driver * hdrv,struct module * owner,const char * mod_name)2569 int __hid_register_driver(struct hid_driver *hdrv, struct module *owner,
2570 const char *mod_name)
2571 {
2572 int ret;
2573
2574 hdrv->driver.name = hdrv->name;
2575 hdrv->driver.bus = &hid_bus_type;
2576 hdrv->driver.owner = owner;
2577 hdrv->driver.mod_name = mod_name;
2578
2579 INIT_LIST_HEAD(&hdrv->dyn_list);
2580 spin_lock_init(&hdrv->dyn_lock);
2581
2582 ret = driver_register(&hdrv->driver);
2583
2584 if (ret == 0)
2585 bus_for_each_drv(&hid_bus_type, NULL, NULL,
2586 __hid_bus_driver_added);
2587
2588 return ret;
2589 }
2590 EXPORT_SYMBOL_GPL(__hid_register_driver);
2591
hid_unregister_driver(struct hid_driver * hdrv)2592 void hid_unregister_driver(struct hid_driver *hdrv)
2593 {
2594 driver_unregister(&hdrv->driver);
2595 hid_free_dynids(hdrv);
2596
2597 bus_for_each_drv(&hid_bus_type, NULL, hdrv, __bus_removed_driver);
2598 }
2599 EXPORT_SYMBOL_GPL(hid_unregister_driver);
2600
hid_check_keys_pressed(struct hid_device * hid)2601 int hid_check_keys_pressed(struct hid_device *hid)
2602 {
2603 struct hid_input *hidinput;
2604 int i;
2605
2606 if (!(hid->claimed & HID_CLAIMED_INPUT))
2607 return 0;
2608
2609 list_for_each_entry(hidinput, &hid->inputs, list) {
2610 for (i = 0; i < BITS_TO_LONGS(KEY_MAX); i++)
2611 if (hidinput->input->key[i])
2612 return 1;
2613 }
2614
2615 return 0;
2616 }
2617
2618 EXPORT_SYMBOL_GPL(hid_check_keys_pressed);
2619
hid_init(void)2620 static int __init hid_init(void)
2621 {
2622 int ret;
2623
2624 if (hid_debug)
2625 pr_warn("hid_debug is now used solely for parser and driver debugging.\n"
2626 "debugfs is now used for inspecting the device (report descriptor, reports)\n");
2627
2628 ret = bus_register(&hid_bus_type);
2629 if (ret) {
2630 pr_err("can't register hid bus\n");
2631 goto err;
2632 }
2633
2634 ret = hidraw_init();
2635 if (ret)
2636 goto err_bus;
2637
2638 hid_debug_init();
2639
2640 return 0;
2641 err_bus:
2642 bus_unregister(&hid_bus_type);
2643 err:
2644 return ret;
2645 }
2646
hid_exit(void)2647 static void __exit hid_exit(void)
2648 {
2649 hid_debug_exit();
2650 hidraw_exit();
2651 bus_unregister(&hid_bus_type);
2652 hid_quirks_exit(HID_BUS_ANY);
2653 }
2654
2655 module_init(hid_init);
2656 module_exit(hid_exit);
2657
2658 MODULE_AUTHOR("Andreas Gal");
2659 MODULE_AUTHOR("Vojtech Pavlik");
2660 MODULE_AUTHOR("Jiri Kosina");
2661 MODULE_LICENSE("GPL");
2662