1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * HID support for Linux
4 *
5 * Copyright (c) 1999 Andreas Gal
6 * Copyright (c) 2000-2005 Vojtech Pavlik <vojtech@suse.cz>
7 * Copyright (c) 2005 Michael Haboustak <mike-@cinci.rr.com> for Concept2, Inc
8 * Copyright (c) 2006-2012 Jiri Kosina
9 */
10
11 /*
12 */
13
14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15
16 #include <linux/module.h>
17 #include <linux/slab.h>
18 #include <linux/init.h>
19 #include <linux/kernel.h>
20 #include <linux/list.h>
21 #include <linux/mm.h>
22 #include <linux/spinlock.h>
23 #include <asm/unaligned.h>
24 #include <asm/byteorder.h>
25 #include <linux/input.h>
26 #include <linux/wait.h>
27 #include <linux/vmalloc.h>
28 #include <linux/sched.h>
29 #include <linux/semaphore.h>
30
31 #include <linux/hid.h>
32 #include <linux/hiddev.h>
33 #include <linux/hid-debug.h>
34 #include <linux/hidraw.h>
35 #include <linux/uhid.h>
36
37 #include "hid-ids.h"
38
39 /*
40 * Version Information
41 */
42
43 #define DRIVER_DESC "HID core driver"
44
45 int hid_debug = 0;
46 module_param_named(debug, hid_debug, int, 0600);
47 MODULE_PARM_DESC(debug, "toggle HID debugging messages");
48 EXPORT_SYMBOL_GPL(hid_debug);
49
50 static int hid_ignore_special_drivers = 0;
51 module_param_named(ignore_special_drivers, hid_ignore_special_drivers, int, 0600);
52 MODULE_PARM_DESC(ignore_special_drivers, "Ignore any special drivers and handle all devices by generic driver");
53
54 /*
55 * Register a new report for a device.
56 */
57
hid_register_report(struct hid_device * device,unsigned int type,unsigned int id,unsigned int application)58 struct hid_report *hid_register_report(struct hid_device *device,
59 unsigned int type, unsigned int id,
60 unsigned int application)
61 {
62 struct hid_report_enum *report_enum = device->report_enum + type;
63 struct hid_report *report;
64
65 if (id >= HID_MAX_IDS)
66 return NULL;
67 if (report_enum->report_id_hash[id])
68 return report_enum->report_id_hash[id];
69
70 report = kzalloc(sizeof(struct hid_report), GFP_KERNEL);
71 if (!report)
72 return NULL;
73
74 if (id != 0)
75 report_enum->numbered = 1;
76
77 report->id = id;
78 report->type = type;
79 report->size = 0;
80 report->device = device;
81 report->application = application;
82 report_enum->report_id_hash[id] = report;
83
84 list_add_tail(&report->list, &report_enum->report_list);
85
86 return report;
87 }
88 EXPORT_SYMBOL_GPL(hid_register_report);
89
90 /*
91 * Register a new field for this report.
92 */
93
hid_register_field(struct hid_report * report,unsigned usages)94 static struct hid_field *hid_register_field(struct hid_report *report, unsigned usages)
95 {
96 struct hid_field *field;
97
98 if (report->maxfield == HID_MAX_FIELDS) {
99 hid_err(report->device, "too many fields in report\n");
100 return NULL;
101 }
102
103 field = kzalloc((sizeof(struct hid_field) +
104 usages * sizeof(struct hid_usage) +
105 usages * sizeof(unsigned)), GFP_KERNEL);
106 if (!field)
107 return NULL;
108
109 field->index = report->maxfield++;
110 report->field[field->index] = field;
111 field->usage = (struct hid_usage *)(field + 1);
112 field->value = (s32 *)(field->usage + usages);
113 field->report = report;
114
115 return field;
116 }
117
118 /*
119 * Open a collection. The type/usage is pushed on the stack.
120 */
121
open_collection(struct hid_parser * parser,unsigned type)122 static int open_collection(struct hid_parser *parser, unsigned type)
123 {
124 struct hid_collection *collection;
125 unsigned usage;
126 int collection_index;
127
128 usage = parser->local.usage[0];
129
130 if (parser->collection_stack_ptr == parser->collection_stack_size) {
131 unsigned int *collection_stack;
132 unsigned int new_size = parser->collection_stack_size +
133 HID_COLLECTION_STACK_SIZE;
134
135 collection_stack = krealloc(parser->collection_stack,
136 new_size * sizeof(unsigned int),
137 GFP_KERNEL);
138 if (!collection_stack)
139 return -ENOMEM;
140
141 parser->collection_stack = collection_stack;
142 parser->collection_stack_size = new_size;
143 }
144
145 if (parser->device->maxcollection == parser->device->collection_size) {
146 collection = kmalloc(
147 array3_size(sizeof(struct hid_collection),
148 parser->device->collection_size,
149 2),
150 GFP_KERNEL);
151 if (collection == NULL) {
152 hid_err(parser->device, "failed to reallocate collection array\n");
153 return -ENOMEM;
154 }
155 memcpy(collection, parser->device->collection,
156 sizeof(struct hid_collection) *
157 parser->device->collection_size);
158 memset(collection + parser->device->collection_size, 0,
159 sizeof(struct hid_collection) *
160 parser->device->collection_size);
161 kfree(parser->device->collection);
162 parser->device->collection = collection;
163 parser->device->collection_size *= 2;
164 }
165
166 parser->collection_stack[parser->collection_stack_ptr++] =
167 parser->device->maxcollection;
168
169 collection_index = parser->device->maxcollection++;
170 collection = parser->device->collection + collection_index;
171 collection->type = type;
172 collection->usage = usage;
173 collection->level = parser->collection_stack_ptr - 1;
174 collection->parent_idx = (collection->level == 0) ? -1 :
175 parser->collection_stack[collection->level - 1];
176
177 if (type == HID_COLLECTION_APPLICATION)
178 parser->device->maxapplication++;
179
180 return 0;
181 }
182
183 /*
184 * Close a collection.
185 */
186
close_collection(struct hid_parser * parser)187 static int close_collection(struct hid_parser *parser)
188 {
189 if (!parser->collection_stack_ptr) {
190 hid_err(parser->device, "collection stack underflow\n");
191 return -EINVAL;
192 }
193 parser->collection_stack_ptr--;
194 return 0;
195 }
196
197 /*
198 * Climb up the stack, search for the specified collection type
199 * and return the usage.
200 */
201
hid_lookup_collection(struct hid_parser * parser,unsigned type)202 static unsigned hid_lookup_collection(struct hid_parser *parser, unsigned type)
203 {
204 struct hid_collection *collection = parser->device->collection;
205 int n;
206
207 for (n = parser->collection_stack_ptr - 1; n >= 0; n--) {
208 unsigned index = parser->collection_stack[n];
209 if (collection[index].type == type)
210 return collection[index].usage;
211 }
212 return 0; /* we know nothing about this usage type */
213 }
214
215 /*
216 * Concatenate usage which defines 16 bits or less with the
217 * currently defined usage page to form a 32 bit usage
218 */
219
complete_usage(struct hid_parser * parser,unsigned int index)220 static void complete_usage(struct hid_parser *parser, unsigned int index)
221 {
222 parser->local.usage[index] &= 0xFFFF;
223 parser->local.usage[index] |=
224 (parser->global.usage_page & 0xFFFF) << 16;
225 }
226
227 /*
228 * Add a usage to the temporary parser table.
229 */
230
hid_add_usage(struct hid_parser * parser,unsigned usage,u8 size)231 static int hid_add_usage(struct hid_parser *parser, unsigned usage, u8 size)
232 {
233 if (parser->local.usage_index >= HID_MAX_USAGES) {
234 hid_err(parser->device, "usage index exceeded\n");
235 return -1;
236 }
237 parser->local.usage[parser->local.usage_index] = usage;
238
239 /*
240 * If Usage item only includes usage id, concatenate it with
241 * currently defined usage page
242 */
243 if (size <= 2)
244 complete_usage(parser, parser->local.usage_index);
245
246 parser->local.usage_size[parser->local.usage_index] = size;
247 parser->local.collection_index[parser->local.usage_index] =
248 parser->collection_stack_ptr ?
249 parser->collection_stack[parser->collection_stack_ptr - 1] : 0;
250 parser->local.usage_index++;
251 return 0;
252 }
253
254 /*
255 * Register a new field for this report.
256 */
257
hid_add_field(struct hid_parser * parser,unsigned report_type,unsigned flags)258 static int hid_add_field(struct hid_parser *parser, unsigned report_type, unsigned flags)
259 {
260 struct hid_report *report;
261 struct hid_field *field;
262 unsigned int max_buffer_size = HID_MAX_BUFFER_SIZE;
263 unsigned int usages;
264 unsigned int offset;
265 unsigned int i;
266 unsigned int application;
267
268 application = hid_lookup_collection(parser, HID_COLLECTION_APPLICATION);
269
270 report = hid_register_report(parser->device, report_type,
271 parser->global.report_id, application);
272 if (!report) {
273 hid_err(parser->device, "hid_register_report failed\n");
274 return -1;
275 }
276
277 /* Handle both signed and unsigned cases properly */
278 if ((parser->global.logical_minimum < 0 &&
279 parser->global.logical_maximum <
280 parser->global.logical_minimum) ||
281 (parser->global.logical_minimum >= 0 &&
282 (__u32)parser->global.logical_maximum <
283 (__u32)parser->global.logical_minimum)) {
284 dbg_hid("logical range invalid 0x%x 0x%x\n",
285 parser->global.logical_minimum,
286 parser->global.logical_maximum);
287 return -1;
288 }
289
290 offset = report->size;
291 report->size += parser->global.report_size * parser->global.report_count;
292
293 if (IS_ENABLED(CONFIG_UHID) && parser->device->ll_driver == &uhid_hid_driver)
294 max_buffer_size = UHID_DATA_MAX;
295
296 /* Total size check: Allow for possible report index byte */
297 if (report->size > (max_buffer_size - 1) << 3) {
298 hid_err(parser->device, "report is too long\n");
299 return -1;
300 }
301
302 if (!parser->local.usage_index) /* Ignore padding fields */
303 return 0;
304
305 usages = max_t(unsigned, parser->local.usage_index,
306 parser->global.report_count);
307
308 field = hid_register_field(report, usages);
309 if (!field)
310 return 0;
311
312 field->physical = hid_lookup_collection(parser, HID_COLLECTION_PHYSICAL);
313 field->logical = hid_lookup_collection(parser, HID_COLLECTION_LOGICAL);
314 field->application = application;
315
316 for (i = 0; i < usages; i++) {
317 unsigned j = i;
318 /* Duplicate the last usage we parsed if we have excess values */
319 if (i >= parser->local.usage_index)
320 j = parser->local.usage_index - 1;
321 field->usage[i].hid = parser->local.usage[j];
322 field->usage[i].collection_index =
323 parser->local.collection_index[j];
324 field->usage[i].usage_index = i;
325 field->usage[i].resolution_multiplier = 1;
326 }
327
328 field->maxusage = usages;
329 field->flags = flags;
330 field->report_offset = offset;
331 field->report_type = report_type;
332 field->report_size = parser->global.report_size;
333 field->report_count = parser->global.report_count;
334 field->logical_minimum = parser->global.logical_minimum;
335 field->logical_maximum = parser->global.logical_maximum;
336 field->physical_minimum = parser->global.physical_minimum;
337 field->physical_maximum = parser->global.physical_maximum;
338 field->unit_exponent = parser->global.unit_exponent;
339 field->unit = parser->global.unit;
340
341 return 0;
342 }
343
344 /*
345 * Read data value from item.
346 */
347
item_udata(struct hid_item * item)348 static u32 item_udata(struct hid_item *item)
349 {
350 switch (item->size) {
351 case 1: return item->data.u8;
352 case 2: return item->data.u16;
353 case 4: return item->data.u32;
354 }
355 return 0;
356 }
357
item_sdata(struct hid_item * item)358 static s32 item_sdata(struct hid_item *item)
359 {
360 switch (item->size) {
361 case 1: return item->data.s8;
362 case 2: return item->data.s16;
363 case 4: return item->data.s32;
364 }
365 return 0;
366 }
367
368 /*
369 * Process a global item.
370 */
371
hid_parser_global(struct hid_parser * parser,struct hid_item * item)372 static int hid_parser_global(struct hid_parser *parser, struct hid_item *item)
373 {
374 __s32 raw_value;
375 switch (item->tag) {
376 case HID_GLOBAL_ITEM_TAG_PUSH:
377
378 if (parser->global_stack_ptr == HID_GLOBAL_STACK_SIZE) {
379 hid_err(parser->device, "global environment stack overflow\n");
380 return -1;
381 }
382
383 memcpy(parser->global_stack + parser->global_stack_ptr++,
384 &parser->global, sizeof(struct hid_global));
385 return 0;
386
387 case HID_GLOBAL_ITEM_TAG_POP:
388
389 if (!parser->global_stack_ptr) {
390 hid_err(parser->device, "global environment stack underflow\n");
391 return -1;
392 }
393
394 memcpy(&parser->global, parser->global_stack +
395 --parser->global_stack_ptr, sizeof(struct hid_global));
396 return 0;
397
398 case HID_GLOBAL_ITEM_TAG_USAGE_PAGE:
399 parser->global.usage_page = item_udata(item);
400 return 0;
401
402 case HID_GLOBAL_ITEM_TAG_LOGICAL_MINIMUM:
403 parser->global.logical_minimum = item_sdata(item);
404 return 0;
405
406 case HID_GLOBAL_ITEM_TAG_LOGICAL_MAXIMUM:
407 if (parser->global.logical_minimum < 0)
408 parser->global.logical_maximum = item_sdata(item);
409 else
410 parser->global.logical_maximum = item_udata(item);
411 return 0;
412
413 case HID_GLOBAL_ITEM_TAG_PHYSICAL_MINIMUM:
414 parser->global.physical_minimum = item_sdata(item);
415 return 0;
416
417 case HID_GLOBAL_ITEM_TAG_PHYSICAL_MAXIMUM:
418 if (parser->global.physical_minimum < 0)
419 parser->global.physical_maximum = item_sdata(item);
420 else
421 parser->global.physical_maximum = item_udata(item);
422 return 0;
423
424 case HID_GLOBAL_ITEM_TAG_UNIT_EXPONENT:
425 /* Many devices provide unit exponent as a two's complement
426 * nibble due to the common misunderstanding of HID
427 * specification 1.11, 6.2.2.7 Global Items. Attempt to handle
428 * both this and the standard encoding. */
429 raw_value = item_sdata(item);
430 if (!(raw_value & 0xfffffff0))
431 parser->global.unit_exponent = hid_snto32(raw_value, 4);
432 else
433 parser->global.unit_exponent = raw_value;
434 return 0;
435
436 case HID_GLOBAL_ITEM_TAG_UNIT:
437 parser->global.unit = item_udata(item);
438 return 0;
439
440 case HID_GLOBAL_ITEM_TAG_REPORT_SIZE:
441 parser->global.report_size = item_udata(item);
442 if (parser->global.report_size > 256) {
443 hid_err(parser->device, "invalid report_size %d\n",
444 parser->global.report_size);
445 return -1;
446 }
447 return 0;
448
449 case HID_GLOBAL_ITEM_TAG_REPORT_COUNT:
450 parser->global.report_count = item_udata(item);
451 if (parser->global.report_count > HID_MAX_USAGES) {
452 hid_err(parser->device, "invalid report_count %d\n",
453 parser->global.report_count);
454 return -1;
455 }
456 return 0;
457
458 case HID_GLOBAL_ITEM_TAG_REPORT_ID:
459 parser->global.report_id = item_udata(item);
460 if (parser->global.report_id == 0 ||
461 parser->global.report_id >= HID_MAX_IDS) {
462 hid_err(parser->device, "report_id %u is invalid\n",
463 parser->global.report_id);
464 return -1;
465 }
466 return 0;
467
468 default:
469 hid_err(parser->device, "unknown global tag 0x%x\n", item->tag);
470 return -1;
471 }
472 }
473
474 /*
475 * Process a local item.
476 */
477
hid_parser_local(struct hid_parser * parser,struct hid_item * item)478 static int hid_parser_local(struct hid_parser *parser, struct hid_item *item)
479 {
480 __u32 data;
481 unsigned n;
482 __u32 count;
483
484 data = item_udata(item);
485
486 switch (item->tag) {
487 case HID_LOCAL_ITEM_TAG_DELIMITER:
488
489 if (data) {
490 /*
491 * We treat items before the first delimiter
492 * as global to all usage sets (branch 0).
493 * In the moment we process only these global
494 * items and the first delimiter set.
495 */
496 if (parser->local.delimiter_depth != 0) {
497 hid_err(parser->device, "nested delimiters\n");
498 return -1;
499 }
500 parser->local.delimiter_depth++;
501 parser->local.delimiter_branch++;
502 } else {
503 if (parser->local.delimiter_depth < 1) {
504 hid_err(parser->device, "bogus close delimiter\n");
505 return -1;
506 }
507 parser->local.delimiter_depth--;
508 }
509 return 0;
510
511 case HID_LOCAL_ITEM_TAG_USAGE:
512
513 if (parser->local.delimiter_branch > 1) {
514 dbg_hid("alternative usage ignored\n");
515 return 0;
516 }
517
518 return hid_add_usage(parser, data, item->size);
519
520 case HID_LOCAL_ITEM_TAG_USAGE_MINIMUM:
521
522 if (parser->local.delimiter_branch > 1) {
523 dbg_hid("alternative usage ignored\n");
524 return 0;
525 }
526
527 parser->local.usage_minimum = data;
528 return 0;
529
530 case HID_LOCAL_ITEM_TAG_USAGE_MAXIMUM:
531
532 if (parser->local.delimiter_branch > 1) {
533 dbg_hid("alternative usage ignored\n");
534 return 0;
535 }
536
537 count = data - parser->local.usage_minimum;
538 if (count + parser->local.usage_index >= HID_MAX_USAGES) {
539 /*
540 * We do not warn if the name is not set, we are
541 * actually pre-scanning the device.
542 */
543 if (dev_name(&parser->device->dev))
544 hid_warn(parser->device,
545 "ignoring exceeding usage max\n");
546 data = HID_MAX_USAGES - parser->local.usage_index +
547 parser->local.usage_minimum - 1;
548 if (data <= 0) {
549 hid_err(parser->device,
550 "no more usage index available\n");
551 return -1;
552 }
553 }
554
555 for (n = parser->local.usage_minimum; n <= data; n++)
556 if (hid_add_usage(parser, n, item->size)) {
557 dbg_hid("hid_add_usage failed\n");
558 return -1;
559 }
560 return 0;
561
562 default:
563
564 dbg_hid("unknown local item tag 0x%x\n", item->tag);
565 return 0;
566 }
567 return 0;
568 }
569
570 /*
571 * Concatenate Usage Pages into Usages where relevant:
572 * As per specification, 6.2.2.8: "When the parser encounters a main item it
573 * concatenates the last declared Usage Page with a Usage to form a complete
574 * usage value."
575 */
576
hid_concatenate_last_usage_page(struct hid_parser * parser)577 static void hid_concatenate_last_usage_page(struct hid_parser *parser)
578 {
579 int i;
580 unsigned int usage_page;
581 unsigned int current_page;
582
583 if (!parser->local.usage_index)
584 return;
585
586 usage_page = parser->global.usage_page;
587
588 /*
589 * Concatenate usage page again only if last declared Usage Page
590 * has not been already used in previous usages concatenation
591 */
592 for (i = parser->local.usage_index - 1; i >= 0; i--) {
593 if (parser->local.usage_size[i] > 2)
594 /* Ignore extended usages */
595 continue;
596
597 current_page = parser->local.usage[i] >> 16;
598 if (current_page == usage_page)
599 break;
600
601 complete_usage(parser, i);
602 }
603 }
604
605 /*
606 * Process a main item.
607 */
608
hid_parser_main(struct hid_parser * parser,struct hid_item * item)609 static int hid_parser_main(struct hid_parser *parser, struct hid_item *item)
610 {
611 __u32 data;
612 int ret;
613
614 hid_concatenate_last_usage_page(parser);
615
616 data = item_udata(item);
617
618 switch (item->tag) {
619 case HID_MAIN_ITEM_TAG_BEGIN_COLLECTION:
620 ret = open_collection(parser, data & 0xff);
621 break;
622 case HID_MAIN_ITEM_TAG_END_COLLECTION:
623 ret = close_collection(parser);
624 break;
625 case HID_MAIN_ITEM_TAG_INPUT:
626 ret = hid_add_field(parser, HID_INPUT_REPORT, data);
627 break;
628 case HID_MAIN_ITEM_TAG_OUTPUT:
629 ret = hid_add_field(parser, HID_OUTPUT_REPORT, data);
630 break;
631 case HID_MAIN_ITEM_TAG_FEATURE:
632 ret = hid_add_field(parser, HID_FEATURE_REPORT, data);
633 break;
634 default:
635 hid_warn(parser->device, "unknown main item tag 0x%x\n", item->tag);
636 ret = 0;
637 }
638
639 memset(&parser->local, 0, sizeof(parser->local)); /* Reset the local parser environment */
640
641 return ret;
642 }
643
644 /*
645 * Process a reserved item.
646 */
647
hid_parser_reserved(struct hid_parser * parser,struct hid_item * item)648 static int hid_parser_reserved(struct hid_parser *parser, struct hid_item *item)
649 {
650 dbg_hid("reserved item type, tag 0x%x\n", item->tag);
651 return 0;
652 }
653
654 /*
655 * Free a report and all registered fields. The field->usage and
656 * field->value table's are allocated behind the field, so we need
657 * only to free(field) itself.
658 */
659
hid_free_report(struct hid_report * report)660 static void hid_free_report(struct hid_report *report)
661 {
662 unsigned n;
663
664 for (n = 0; n < report->maxfield; n++)
665 kfree(report->field[n]);
666 kfree(report);
667 }
668
669 /*
670 * Close report. This function returns the device
671 * state to the point prior to hid_open_report().
672 */
hid_close_report(struct hid_device * device)673 static void hid_close_report(struct hid_device *device)
674 {
675 unsigned i, j;
676
677 for (i = 0; i < HID_REPORT_TYPES; i++) {
678 struct hid_report_enum *report_enum = device->report_enum + i;
679
680 for (j = 0; j < HID_MAX_IDS; j++) {
681 struct hid_report *report = report_enum->report_id_hash[j];
682 if (report)
683 hid_free_report(report);
684 }
685 memset(report_enum, 0, sizeof(*report_enum));
686 INIT_LIST_HEAD(&report_enum->report_list);
687 }
688
689 kfree(device->rdesc);
690 device->rdesc = NULL;
691 device->rsize = 0;
692
693 kfree(device->collection);
694 device->collection = NULL;
695 device->collection_size = 0;
696 device->maxcollection = 0;
697 device->maxapplication = 0;
698
699 device->status &= ~HID_STAT_PARSED;
700 }
701
702 /*
703 * Free a device structure, all reports, and all fields.
704 */
705
hid_device_release(struct device * dev)706 static void hid_device_release(struct device *dev)
707 {
708 struct hid_device *hid = to_hid_device(dev);
709
710 hid_close_report(hid);
711 kfree(hid->dev_rdesc);
712 kfree(hid);
713 }
714
715 /*
716 * Fetch a report description item from the data stream. We support long
717 * items, though they are not used yet.
718 */
719
fetch_item(__u8 * start,__u8 * end,struct hid_item * item)720 static u8 *fetch_item(__u8 *start, __u8 *end, struct hid_item *item)
721 {
722 u8 b;
723
724 if ((end - start) <= 0)
725 return NULL;
726
727 b = *start++;
728
729 item->type = (b >> 2) & 3;
730 item->tag = (b >> 4) & 15;
731
732 if (item->tag == HID_ITEM_TAG_LONG) {
733
734 item->format = HID_ITEM_FORMAT_LONG;
735
736 if ((end - start) < 2)
737 return NULL;
738
739 item->size = *start++;
740 item->tag = *start++;
741
742 if ((end - start) < item->size)
743 return NULL;
744
745 item->data.longdata = start;
746 start += item->size;
747 return start;
748 }
749
750 item->format = HID_ITEM_FORMAT_SHORT;
751 item->size = b & 3;
752
753 switch (item->size) {
754 case 0:
755 return start;
756
757 case 1:
758 if ((end - start) < 1)
759 return NULL;
760 item->data.u8 = *start++;
761 return start;
762
763 case 2:
764 if ((end - start) < 2)
765 return NULL;
766 item->data.u16 = get_unaligned_le16(start);
767 start = (__u8 *)((__le16 *)start + 1);
768 return start;
769
770 case 3:
771 item->size++;
772 if ((end - start) < 4)
773 return NULL;
774 item->data.u32 = get_unaligned_le32(start);
775 start = (__u8 *)((__le32 *)start + 1);
776 return start;
777 }
778
779 return NULL;
780 }
781
hid_scan_input_usage(struct hid_parser * parser,u32 usage)782 static void hid_scan_input_usage(struct hid_parser *parser, u32 usage)
783 {
784 struct hid_device *hid = parser->device;
785
786 if (usage == HID_DG_CONTACTID)
787 hid->group = HID_GROUP_MULTITOUCH;
788 }
789
hid_scan_feature_usage(struct hid_parser * parser,u32 usage)790 static void hid_scan_feature_usage(struct hid_parser *parser, u32 usage)
791 {
792 if (usage == 0xff0000c5 && parser->global.report_count == 256 &&
793 parser->global.report_size == 8)
794 parser->scan_flags |= HID_SCAN_FLAG_MT_WIN_8;
795
796 if (usage == 0xff0000c6 && parser->global.report_count == 1 &&
797 parser->global.report_size == 8)
798 parser->scan_flags |= HID_SCAN_FLAG_MT_WIN_8;
799 }
800
hid_scan_collection(struct hid_parser * parser,unsigned type)801 static void hid_scan_collection(struct hid_parser *parser, unsigned type)
802 {
803 struct hid_device *hid = parser->device;
804 int i;
805
806 if (((parser->global.usage_page << 16) == HID_UP_SENSOR) &&
807 type == HID_COLLECTION_PHYSICAL)
808 hid->group = HID_GROUP_SENSOR_HUB;
809
810 if (hid->vendor == USB_VENDOR_ID_MICROSOFT &&
811 hid->product == USB_DEVICE_ID_MS_POWER_COVER &&
812 hid->group == HID_GROUP_MULTITOUCH)
813 hid->group = HID_GROUP_GENERIC;
814
815 if ((parser->global.usage_page << 16) == HID_UP_GENDESK)
816 for (i = 0; i < parser->local.usage_index; i++)
817 if (parser->local.usage[i] == HID_GD_POINTER)
818 parser->scan_flags |= HID_SCAN_FLAG_GD_POINTER;
819
820 if ((parser->global.usage_page << 16) >= HID_UP_MSVENDOR)
821 parser->scan_flags |= HID_SCAN_FLAG_VENDOR_SPECIFIC;
822
823 if ((parser->global.usage_page << 16) == HID_UP_GOOGLEVENDOR)
824 for (i = 0; i < parser->local.usage_index; i++)
825 if (parser->local.usage[i] ==
826 (HID_UP_GOOGLEVENDOR | 0x0001))
827 parser->device->group =
828 HID_GROUP_VIVALDI;
829 }
830
hid_scan_main(struct hid_parser * parser,struct hid_item * item)831 static int hid_scan_main(struct hid_parser *parser, struct hid_item *item)
832 {
833 __u32 data;
834 int i;
835
836 hid_concatenate_last_usage_page(parser);
837
838 data = item_udata(item);
839
840 switch (item->tag) {
841 case HID_MAIN_ITEM_TAG_BEGIN_COLLECTION:
842 hid_scan_collection(parser, data & 0xff);
843 break;
844 case HID_MAIN_ITEM_TAG_END_COLLECTION:
845 break;
846 case HID_MAIN_ITEM_TAG_INPUT:
847 /* ignore constant inputs, they will be ignored by hid-input */
848 if (data & HID_MAIN_ITEM_CONSTANT)
849 break;
850 for (i = 0; i < parser->local.usage_index; i++)
851 hid_scan_input_usage(parser, parser->local.usage[i]);
852 break;
853 case HID_MAIN_ITEM_TAG_OUTPUT:
854 break;
855 case HID_MAIN_ITEM_TAG_FEATURE:
856 for (i = 0; i < parser->local.usage_index; i++)
857 hid_scan_feature_usage(parser, parser->local.usage[i]);
858 break;
859 }
860
861 /* Reset the local parser environment */
862 memset(&parser->local, 0, sizeof(parser->local));
863
864 return 0;
865 }
866
867 /*
868 * Scan a report descriptor before the device is added to the bus.
869 * Sets device groups and other properties that determine what driver
870 * to load.
871 */
hid_scan_report(struct hid_device * hid)872 static int hid_scan_report(struct hid_device *hid)
873 {
874 struct hid_parser *parser;
875 struct hid_item item;
876 __u8 *start = hid->dev_rdesc;
877 __u8 *end = start + hid->dev_rsize;
878 static int (*dispatch_type[])(struct hid_parser *parser,
879 struct hid_item *item) = {
880 hid_scan_main,
881 hid_parser_global,
882 hid_parser_local,
883 hid_parser_reserved
884 };
885
886 parser = vzalloc(sizeof(struct hid_parser));
887 if (!parser)
888 return -ENOMEM;
889
890 parser->device = hid;
891 hid->group = HID_GROUP_GENERIC;
892
893 /*
894 * The parsing is simpler than the one in hid_open_report() as we should
895 * be robust against hid errors. Those errors will be raised by
896 * hid_open_report() anyway.
897 */
898 while ((start = fetch_item(start, end, &item)) != NULL)
899 dispatch_type[item.type](parser, &item);
900
901 /*
902 * Handle special flags set during scanning.
903 */
904 if ((parser->scan_flags & HID_SCAN_FLAG_MT_WIN_8) &&
905 (hid->group == HID_GROUP_MULTITOUCH))
906 hid->group = HID_GROUP_MULTITOUCH_WIN_8;
907
908 /*
909 * Vendor specific handlings
910 */
911 switch (hid->vendor) {
912 case USB_VENDOR_ID_WACOM:
913 hid->group = HID_GROUP_WACOM;
914 break;
915 case USB_VENDOR_ID_SYNAPTICS:
916 if (hid->group == HID_GROUP_GENERIC)
917 if ((parser->scan_flags & HID_SCAN_FLAG_VENDOR_SPECIFIC)
918 && (parser->scan_flags & HID_SCAN_FLAG_GD_POINTER))
919 /*
920 * hid-rmi should take care of them,
921 * not hid-generic
922 */
923 hid->group = HID_GROUP_RMI;
924 break;
925 }
926
927 kfree(parser->collection_stack);
928 vfree(parser);
929 return 0;
930 }
931
932 /**
933 * hid_parse_report - parse device report
934 *
935 * @hid: hid device
936 * @start: report start
937 * @size: report size
938 *
939 * Allocate the device report as read by the bus driver. This function should
940 * only be called from parse() in ll drivers.
941 */
hid_parse_report(struct hid_device * hid,__u8 * start,unsigned size)942 int hid_parse_report(struct hid_device *hid, __u8 *start, unsigned size)
943 {
944 hid->dev_rdesc = kmemdup(start, size, GFP_KERNEL);
945 if (!hid->dev_rdesc)
946 return -ENOMEM;
947 hid->dev_rsize = size;
948 return 0;
949 }
950 EXPORT_SYMBOL_GPL(hid_parse_report);
951
952 static const char * const hid_report_names[] = {
953 "HID_INPUT_REPORT",
954 "HID_OUTPUT_REPORT",
955 "HID_FEATURE_REPORT",
956 };
957 /**
958 * hid_validate_values - validate existing device report's value indexes
959 *
960 * @hid: hid device
961 * @type: which report type to examine
962 * @id: which report ID to examine (0 for first)
963 * @field_index: which report field to examine
964 * @report_counts: expected number of values
965 *
966 * Validate the number of values in a given field of a given report, after
967 * parsing.
968 */
hid_validate_values(struct hid_device * hid,unsigned int type,unsigned int id,unsigned int field_index,unsigned int report_counts)969 struct hid_report *hid_validate_values(struct hid_device *hid,
970 unsigned int type, unsigned int id,
971 unsigned int field_index,
972 unsigned int report_counts)
973 {
974 struct hid_report *report;
975
976 if (type > HID_FEATURE_REPORT) {
977 hid_err(hid, "invalid HID report type %u\n", type);
978 return NULL;
979 }
980
981 if (id >= HID_MAX_IDS) {
982 hid_err(hid, "invalid HID report id %u\n", id);
983 return NULL;
984 }
985
986 /*
987 * Explicitly not using hid_get_report() here since it depends on
988 * ->numbered being checked, which may not always be the case when
989 * drivers go to access report values.
990 */
991 if (id == 0) {
992 /*
993 * Validating on id 0 means we should examine the first
994 * report in the list.
995 */
996 report = list_first_entry_or_null(
997 &hid->report_enum[type].report_list,
998 struct hid_report, list);
999 } else {
1000 report = hid->report_enum[type].report_id_hash[id];
1001 }
1002 if (!report) {
1003 hid_err(hid, "missing %s %u\n", hid_report_names[type], id);
1004 return NULL;
1005 }
1006 if (report->maxfield <= field_index) {
1007 hid_err(hid, "not enough fields in %s %u\n",
1008 hid_report_names[type], id);
1009 return NULL;
1010 }
1011 if (report->field[field_index]->report_count < report_counts) {
1012 hid_err(hid, "not enough values in %s %u field %u\n",
1013 hid_report_names[type], id, field_index);
1014 return NULL;
1015 }
1016 return report;
1017 }
1018 EXPORT_SYMBOL_GPL(hid_validate_values);
1019
hid_calculate_multiplier(struct hid_device * hid,struct hid_field * multiplier)1020 static int hid_calculate_multiplier(struct hid_device *hid,
1021 struct hid_field *multiplier)
1022 {
1023 int m;
1024 __s32 v = *multiplier->value;
1025 __s32 lmin = multiplier->logical_minimum;
1026 __s32 lmax = multiplier->logical_maximum;
1027 __s32 pmin = multiplier->physical_minimum;
1028 __s32 pmax = multiplier->physical_maximum;
1029
1030 /*
1031 * "Because OS implementations will generally divide the control's
1032 * reported count by the Effective Resolution Multiplier, designers
1033 * should take care not to establish a potential Effective
1034 * Resolution Multiplier of zero."
1035 * HID Usage Table, v1.12, Section 4.3.1, p31
1036 */
1037 if (lmax - lmin == 0)
1038 return 1;
1039 /*
1040 * Handling the unit exponent is left as an exercise to whoever
1041 * finds a device where that exponent is not 0.
1042 */
1043 m = ((v - lmin)/(lmax - lmin) * (pmax - pmin) + pmin);
1044 if (unlikely(multiplier->unit_exponent != 0)) {
1045 hid_warn(hid,
1046 "unsupported Resolution Multiplier unit exponent %d\n",
1047 multiplier->unit_exponent);
1048 }
1049
1050 /* There are no devices with an effective multiplier > 255 */
1051 if (unlikely(m == 0 || m > 255 || m < -255)) {
1052 hid_warn(hid, "unsupported Resolution Multiplier %d\n", m);
1053 m = 1;
1054 }
1055
1056 return m;
1057 }
1058
hid_apply_multiplier_to_field(struct hid_device * hid,struct hid_field * field,struct hid_collection * multiplier_collection,int effective_multiplier)1059 static void hid_apply_multiplier_to_field(struct hid_device *hid,
1060 struct hid_field *field,
1061 struct hid_collection *multiplier_collection,
1062 int effective_multiplier)
1063 {
1064 struct hid_collection *collection;
1065 struct hid_usage *usage;
1066 int i;
1067
1068 /*
1069 * If multiplier_collection is NULL, the multiplier applies
1070 * to all fields in the report.
1071 * Otherwise, it is the Logical Collection the multiplier applies to
1072 * but our field may be in a subcollection of that collection.
1073 */
1074 for (i = 0; i < field->maxusage; i++) {
1075 usage = &field->usage[i];
1076
1077 collection = &hid->collection[usage->collection_index];
1078 while (collection->parent_idx != -1 &&
1079 collection != multiplier_collection)
1080 collection = &hid->collection[collection->parent_idx];
1081
1082 if (collection->parent_idx != -1 ||
1083 multiplier_collection == NULL)
1084 usage->resolution_multiplier = effective_multiplier;
1085
1086 }
1087 }
1088
hid_apply_multiplier(struct hid_device * hid,struct hid_field * multiplier)1089 static void hid_apply_multiplier(struct hid_device *hid,
1090 struct hid_field *multiplier)
1091 {
1092 struct hid_report_enum *rep_enum;
1093 struct hid_report *rep;
1094 struct hid_field *field;
1095 struct hid_collection *multiplier_collection;
1096 int effective_multiplier;
1097 int i;
1098
1099 /*
1100 * "The Resolution Multiplier control must be contained in the same
1101 * Logical Collection as the control(s) to which it is to be applied.
1102 * If no Resolution Multiplier is defined, then the Resolution
1103 * Multiplier defaults to 1. If more than one control exists in a
1104 * Logical Collection, the Resolution Multiplier is associated with
1105 * all controls in the collection. If no Logical Collection is
1106 * defined, the Resolution Multiplier is associated with all
1107 * controls in the report."
1108 * HID Usage Table, v1.12, Section 4.3.1, p30
1109 *
1110 * Thus, search from the current collection upwards until we find a
1111 * logical collection. Then search all fields for that same parent
1112 * collection. Those are the fields the multiplier applies to.
1113 *
1114 * If we have more than one multiplier, it will overwrite the
1115 * applicable fields later.
1116 */
1117 multiplier_collection = &hid->collection[multiplier->usage->collection_index];
1118 while (multiplier_collection->parent_idx != -1 &&
1119 multiplier_collection->type != HID_COLLECTION_LOGICAL)
1120 multiplier_collection = &hid->collection[multiplier_collection->parent_idx];
1121
1122 effective_multiplier = hid_calculate_multiplier(hid, multiplier);
1123
1124 rep_enum = &hid->report_enum[HID_INPUT_REPORT];
1125 list_for_each_entry(rep, &rep_enum->report_list, list) {
1126 for (i = 0; i < rep->maxfield; i++) {
1127 field = rep->field[i];
1128 hid_apply_multiplier_to_field(hid, field,
1129 multiplier_collection,
1130 effective_multiplier);
1131 }
1132 }
1133 }
1134
1135 /*
1136 * hid_setup_resolution_multiplier - set up all resolution multipliers
1137 *
1138 * @device: hid device
1139 *
1140 * Search for all Resolution Multiplier Feature Reports and apply their
1141 * value to all matching Input items. This only updates the internal struct
1142 * fields.
1143 *
1144 * The Resolution Multiplier is applied by the hardware. If the multiplier
1145 * is anything other than 1, the hardware will send pre-multiplied events
1146 * so that the same physical interaction generates an accumulated
1147 * accumulated_value = value * * multiplier
1148 * This may be achieved by sending
1149 * - "value * multiplier" for each event, or
1150 * - "value" but "multiplier" times as frequently, or
1151 * - a combination of the above
1152 * The only guarantee is that the same physical interaction always generates
1153 * an accumulated 'value * multiplier'.
1154 *
1155 * This function must be called before any event processing and after
1156 * any SetRequest to the Resolution Multiplier.
1157 */
hid_setup_resolution_multiplier(struct hid_device * hid)1158 void hid_setup_resolution_multiplier(struct hid_device *hid)
1159 {
1160 struct hid_report_enum *rep_enum;
1161 struct hid_report *rep;
1162 struct hid_usage *usage;
1163 int i, j;
1164
1165 rep_enum = &hid->report_enum[HID_FEATURE_REPORT];
1166 list_for_each_entry(rep, &rep_enum->report_list, list) {
1167 for (i = 0; i < rep->maxfield; i++) {
1168 /* Ignore if report count is out of bounds. */
1169 if (rep->field[i]->report_count < 1)
1170 continue;
1171
1172 for (j = 0; j < rep->field[i]->maxusage; j++) {
1173 usage = &rep->field[i]->usage[j];
1174 if (usage->hid == HID_GD_RESOLUTION_MULTIPLIER)
1175 hid_apply_multiplier(hid,
1176 rep->field[i]);
1177 }
1178 }
1179 }
1180 }
1181 EXPORT_SYMBOL_GPL(hid_setup_resolution_multiplier);
1182
1183 /**
1184 * hid_open_report - open a driver-specific device report
1185 *
1186 * @device: hid device
1187 *
1188 * Parse a report description into a hid_device structure. Reports are
1189 * enumerated, fields are attached to these reports.
1190 * 0 returned on success, otherwise nonzero error value.
1191 *
1192 * This function (or the equivalent hid_parse() macro) should only be
1193 * called from probe() in drivers, before starting the device.
1194 */
hid_open_report(struct hid_device * device)1195 int hid_open_report(struct hid_device *device)
1196 {
1197 struct hid_parser *parser;
1198 struct hid_item item;
1199 unsigned int size;
1200 __u8 *start;
1201 __u8 *buf;
1202 __u8 *end;
1203 __u8 *next;
1204 int ret;
1205 int i;
1206 static int (*dispatch_type[])(struct hid_parser *parser,
1207 struct hid_item *item) = {
1208 hid_parser_main,
1209 hid_parser_global,
1210 hid_parser_local,
1211 hid_parser_reserved
1212 };
1213
1214 if (WARN_ON(device->status & HID_STAT_PARSED))
1215 return -EBUSY;
1216
1217 start = device->dev_rdesc;
1218 if (WARN_ON(!start))
1219 return -ENODEV;
1220 size = device->dev_rsize;
1221
1222 buf = kmemdup(start, size, GFP_KERNEL);
1223 if (buf == NULL)
1224 return -ENOMEM;
1225
1226 if (device->driver->report_fixup)
1227 start = device->driver->report_fixup(device, buf, &size);
1228 else
1229 start = buf;
1230
1231 start = kmemdup(start, size, GFP_KERNEL);
1232 kfree(buf);
1233 if (start == NULL)
1234 return -ENOMEM;
1235
1236 device->rdesc = start;
1237 device->rsize = size;
1238
1239 parser = vzalloc(sizeof(struct hid_parser));
1240 if (!parser) {
1241 ret = -ENOMEM;
1242 goto alloc_err;
1243 }
1244
1245 parser->device = device;
1246
1247 end = start + size;
1248
1249 device->collection = kcalloc(HID_DEFAULT_NUM_COLLECTIONS,
1250 sizeof(struct hid_collection), GFP_KERNEL);
1251 if (!device->collection) {
1252 ret = -ENOMEM;
1253 goto err;
1254 }
1255 device->collection_size = HID_DEFAULT_NUM_COLLECTIONS;
1256 for (i = 0; i < HID_DEFAULT_NUM_COLLECTIONS; i++)
1257 device->collection[i].parent_idx = -1;
1258
1259 ret = -EINVAL;
1260 while ((next = fetch_item(start, end, &item)) != NULL) {
1261 start = next;
1262
1263 if (item.format != HID_ITEM_FORMAT_SHORT) {
1264 hid_err(device, "unexpected long global item\n");
1265 goto err;
1266 }
1267
1268 if (dispatch_type[item.type](parser, &item)) {
1269 hid_err(device, "item %u %u %u %u parsing failed\n",
1270 item.format, (unsigned)item.size,
1271 (unsigned)item.type, (unsigned)item.tag);
1272 goto err;
1273 }
1274
1275 if (start == end) {
1276 if (parser->collection_stack_ptr) {
1277 hid_err(device, "unbalanced collection at end of report description\n");
1278 goto err;
1279 }
1280 if (parser->local.delimiter_depth) {
1281 hid_err(device, "unbalanced delimiter at end of report description\n");
1282 goto err;
1283 }
1284
1285 /*
1286 * fetch initial values in case the device's
1287 * default multiplier isn't the recommended 1
1288 */
1289 hid_setup_resolution_multiplier(device);
1290
1291 kfree(parser->collection_stack);
1292 vfree(parser);
1293 device->status |= HID_STAT_PARSED;
1294
1295 return 0;
1296 }
1297 }
1298
1299 hid_err(device, "item fetching failed at offset %u/%u\n",
1300 size - (unsigned int)(end - start), size);
1301 err:
1302 kfree(parser->collection_stack);
1303 alloc_err:
1304 vfree(parser);
1305 hid_close_report(device);
1306 return ret;
1307 }
1308 EXPORT_SYMBOL_GPL(hid_open_report);
1309
1310 /*
1311 * Convert a signed n-bit integer to signed 32-bit integer. Common
1312 * cases are done through the compiler, the screwed things has to be
1313 * done by hand.
1314 */
1315
snto32(__u32 value,unsigned n)1316 static s32 snto32(__u32 value, unsigned n)
1317 {
1318 if (!value || !n)
1319 return 0;
1320
1321 if (n > 32)
1322 n = 32;
1323
1324 switch (n) {
1325 case 8: return ((__s8)value);
1326 case 16: return ((__s16)value);
1327 case 32: return ((__s32)value);
1328 }
1329 return value & (1 << (n - 1)) ? value | (~0U << n) : value;
1330 }
1331
hid_snto32(__u32 value,unsigned n)1332 s32 hid_snto32(__u32 value, unsigned n)
1333 {
1334 return snto32(value, n);
1335 }
1336 EXPORT_SYMBOL_GPL(hid_snto32);
1337
1338 /*
1339 * Convert a signed 32-bit integer to a signed n-bit integer.
1340 */
1341
s32ton(__s32 value,unsigned n)1342 static u32 s32ton(__s32 value, unsigned n)
1343 {
1344 s32 a = value >> (n - 1);
1345 if (a && a != -1)
1346 return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
1347 return value & ((1 << n) - 1);
1348 }
1349
1350 /*
1351 * Extract/implement a data field from/to a little endian report (bit array).
1352 *
1353 * Code sort-of follows HID spec:
1354 * http://www.usb.org/developers/hidpage/HID1_11.pdf
1355 *
1356 * While the USB HID spec allows unlimited length bit fields in "report
1357 * descriptors", most devices never use more than 16 bits.
1358 * One model of UPS is claimed to report "LINEV" as a 32-bit field.
1359 * Search linux-kernel and linux-usb-devel archives for "hid-core extract".
1360 */
1361
__extract(u8 * report,unsigned offset,int n)1362 static u32 __extract(u8 *report, unsigned offset, int n)
1363 {
1364 unsigned int idx = offset / 8;
1365 unsigned int bit_nr = 0;
1366 unsigned int bit_shift = offset % 8;
1367 int bits_to_copy = 8 - bit_shift;
1368 u32 value = 0;
1369 u32 mask = n < 32 ? (1U << n) - 1 : ~0U;
1370
1371 while (n > 0) {
1372 value |= ((u32)report[idx] >> bit_shift) << bit_nr;
1373 n -= bits_to_copy;
1374 bit_nr += bits_to_copy;
1375 bits_to_copy = 8;
1376 bit_shift = 0;
1377 idx++;
1378 }
1379
1380 return value & mask;
1381 }
1382
hid_field_extract(const struct hid_device * hid,u8 * report,unsigned offset,unsigned n)1383 u32 hid_field_extract(const struct hid_device *hid, u8 *report,
1384 unsigned offset, unsigned n)
1385 {
1386 if (n > 32) {
1387 hid_warn_once(hid, "%s() called with n (%d) > 32! (%s)\n",
1388 __func__, n, current->comm);
1389 n = 32;
1390 }
1391
1392 return __extract(report, offset, n);
1393 }
1394 EXPORT_SYMBOL_GPL(hid_field_extract);
1395
1396 /*
1397 * "implement" : set bits in a little endian bit stream.
1398 * Same concepts as "extract" (see comments above).
1399 * The data mangled in the bit stream remains in little endian
1400 * order the whole time. It make more sense to talk about
1401 * endianness of register values by considering a register
1402 * a "cached" copy of the little endian bit stream.
1403 */
1404
__implement(u8 * report,unsigned offset,int n,u32 value)1405 static void __implement(u8 *report, unsigned offset, int n, u32 value)
1406 {
1407 unsigned int idx = offset / 8;
1408 unsigned int bit_shift = offset % 8;
1409 int bits_to_set = 8 - bit_shift;
1410
1411 while (n - bits_to_set >= 0) {
1412 report[idx] &= ~(0xff << bit_shift);
1413 report[idx] |= value << bit_shift;
1414 value >>= bits_to_set;
1415 n -= bits_to_set;
1416 bits_to_set = 8;
1417 bit_shift = 0;
1418 idx++;
1419 }
1420
1421 /* last nibble */
1422 if (n) {
1423 u8 bit_mask = ((1U << n) - 1);
1424 report[idx] &= ~(bit_mask << bit_shift);
1425 report[idx] |= value << bit_shift;
1426 }
1427 }
1428
implement(const struct hid_device * hid,u8 * report,unsigned offset,unsigned n,u32 value)1429 static void implement(const struct hid_device *hid, u8 *report,
1430 unsigned offset, unsigned n, u32 value)
1431 {
1432 if (unlikely(n > 32)) {
1433 hid_warn(hid, "%s() called with n (%d) > 32! (%s)\n",
1434 __func__, n, current->comm);
1435 n = 32;
1436 } else if (n < 32) {
1437 u32 m = (1U << n) - 1;
1438
1439 if (unlikely(value > m)) {
1440 hid_warn(hid,
1441 "%s() called with too large value %d (n: %d)! (%s)\n",
1442 __func__, value, n, current->comm);
1443 WARN_ON(1);
1444 value &= m;
1445 }
1446 }
1447
1448 __implement(report, offset, n, value);
1449 }
1450
1451 /*
1452 * Search an array for a value.
1453 */
1454
search(__s32 * array,__s32 value,unsigned n)1455 static int search(__s32 *array, __s32 value, unsigned n)
1456 {
1457 while (n--) {
1458 if (*array++ == value)
1459 return 0;
1460 }
1461 return -1;
1462 }
1463
1464 /**
1465 * hid_match_report - check if driver's raw_event should be called
1466 *
1467 * @hid: hid device
1468 * @report: hid report to match against
1469 *
1470 * compare hid->driver->report_table->report_type to report->type
1471 */
hid_match_report(struct hid_device * hid,struct hid_report * report)1472 static int hid_match_report(struct hid_device *hid, struct hid_report *report)
1473 {
1474 const struct hid_report_id *id = hid->driver->report_table;
1475
1476 if (!id) /* NULL means all */
1477 return 1;
1478
1479 for (; id->report_type != HID_TERMINATOR; id++)
1480 if (id->report_type == HID_ANY_ID ||
1481 id->report_type == report->type)
1482 return 1;
1483 return 0;
1484 }
1485
1486 /**
1487 * hid_match_usage - check if driver's event should be called
1488 *
1489 * @hid: hid device
1490 * @usage: usage to match against
1491 *
1492 * compare hid->driver->usage_table->usage_{type,code} to
1493 * usage->usage_{type,code}
1494 */
hid_match_usage(struct hid_device * hid,struct hid_usage * usage)1495 static int hid_match_usage(struct hid_device *hid, struct hid_usage *usage)
1496 {
1497 const struct hid_usage_id *id = hid->driver->usage_table;
1498
1499 if (!id) /* NULL means all */
1500 return 1;
1501
1502 for (; id->usage_type != HID_ANY_ID - 1; id++)
1503 if ((id->usage_hid == HID_ANY_ID ||
1504 id->usage_hid == usage->hid) &&
1505 (id->usage_type == HID_ANY_ID ||
1506 id->usage_type == usage->type) &&
1507 (id->usage_code == HID_ANY_ID ||
1508 id->usage_code == usage->code))
1509 return 1;
1510 return 0;
1511 }
1512
hid_process_event(struct hid_device * hid,struct hid_field * field,struct hid_usage * usage,__s32 value,int interrupt)1513 static void hid_process_event(struct hid_device *hid, struct hid_field *field,
1514 struct hid_usage *usage, __s32 value, int interrupt)
1515 {
1516 struct hid_driver *hdrv = hid->driver;
1517 int ret;
1518
1519 if (!list_empty(&hid->debug_list))
1520 hid_dump_input(hid, usage, value);
1521
1522 if (hdrv && hdrv->event && hid_match_usage(hid, usage)) {
1523 ret = hdrv->event(hid, field, usage, value);
1524 if (ret != 0) {
1525 if (ret < 0)
1526 hid_err(hid, "%s's event failed with %d\n",
1527 hdrv->name, ret);
1528 return;
1529 }
1530 }
1531
1532 if (hid->claimed & HID_CLAIMED_INPUT)
1533 hidinput_hid_event(hid, field, usage, value);
1534 if (hid->claimed & HID_CLAIMED_HIDDEV && interrupt && hid->hiddev_hid_event)
1535 hid->hiddev_hid_event(hid, field, usage, value);
1536 }
1537
1538 /*
1539 * Analyse a received field, and fetch the data from it. The field
1540 * content is stored for next report processing (we do differential
1541 * reporting to the layer).
1542 */
1543
hid_input_field(struct hid_device * hid,struct hid_field * field,__u8 * data,int interrupt)1544 static void hid_input_field(struct hid_device *hid, struct hid_field *field,
1545 __u8 *data, int interrupt)
1546 {
1547 unsigned n;
1548 unsigned count = field->report_count;
1549 unsigned offset = field->report_offset;
1550 unsigned size = field->report_size;
1551 __s32 min = field->logical_minimum;
1552 __s32 max = field->logical_maximum;
1553 __s32 *value;
1554
1555 value = kmalloc_array(count, sizeof(__s32), GFP_ATOMIC);
1556 if (!value)
1557 return;
1558
1559 for (n = 0; n < count; n++) {
1560
1561 value[n] = min < 0 ?
1562 snto32(hid_field_extract(hid, data, offset + n * size,
1563 size), size) :
1564 hid_field_extract(hid, data, offset + n * size, size);
1565
1566 /* Ignore report if ErrorRollOver */
1567 if (!(field->flags & HID_MAIN_ITEM_VARIABLE) &&
1568 value[n] >= min && value[n] <= max &&
1569 value[n] - min < field->maxusage &&
1570 field->usage[value[n] - min].hid == HID_UP_KEYBOARD + 1)
1571 goto exit;
1572 }
1573
1574 for (n = 0; n < count; n++) {
1575
1576 if (HID_MAIN_ITEM_VARIABLE & field->flags) {
1577 hid_process_event(hid, field, &field->usage[n], value[n], interrupt);
1578 continue;
1579 }
1580
1581 if (field->value[n] >= min && field->value[n] <= max
1582 && field->value[n] - min < field->maxusage
1583 && field->usage[field->value[n] - min].hid
1584 && search(value, field->value[n], count))
1585 hid_process_event(hid, field, &field->usage[field->value[n] - min], 0, interrupt);
1586
1587 if (value[n] >= min && value[n] <= max
1588 && value[n] - min < field->maxusage
1589 && field->usage[value[n] - min].hid
1590 && search(field->value, value[n], count))
1591 hid_process_event(hid, field, &field->usage[value[n] - min], 1, interrupt);
1592 }
1593
1594 memcpy(field->value, value, count * sizeof(__s32));
1595 exit:
1596 kfree(value);
1597 }
1598
1599 /*
1600 * Output the field into the report.
1601 */
1602
hid_output_field(const struct hid_device * hid,struct hid_field * field,__u8 * data)1603 static void hid_output_field(const struct hid_device *hid,
1604 struct hid_field *field, __u8 *data)
1605 {
1606 unsigned count = field->report_count;
1607 unsigned offset = field->report_offset;
1608 unsigned size = field->report_size;
1609 unsigned n;
1610
1611 for (n = 0; n < count; n++) {
1612 if (field->logical_minimum < 0) /* signed values */
1613 implement(hid, data, offset + n * size, size,
1614 s32ton(field->value[n], size));
1615 else /* unsigned values */
1616 implement(hid, data, offset + n * size, size,
1617 field->value[n]);
1618 }
1619 }
1620
1621 /*
1622 * Compute the size of a report.
1623 */
hid_compute_report_size(struct hid_report * report)1624 static size_t hid_compute_report_size(struct hid_report *report)
1625 {
1626 if (report->size)
1627 return ((report->size - 1) >> 3) + 1;
1628
1629 return 0;
1630 }
1631
1632 /*
1633 * Create a report. 'data' has to be allocated using
1634 * hid_alloc_report_buf() so that it has proper size.
1635 */
1636
hid_output_report(struct hid_report * report,__u8 * data)1637 void hid_output_report(struct hid_report *report, __u8 *data)
1638 {
1639 unsigned n;
1640
1641 if (report->id > 0)
1642 *data++ = report->id;
1643
1644 memset(data, 0, hid_compute_report_size(report));
1645 for (n = 0; n < report->maxfield; n++)
1646 hid_output_field(report->device, report->field[n], data);
1647 }
1648 EXPORT_SYMBOL_GPL(hid_output_report);
1649
1650 /*
1651 * Allocator for buffer that is going to be passed to hid_output_report()
1652 */
hid_alloc_report_buf(struct hid_report * report,gfp_t flags)1653 u8 *hid_alloc_report_buf(struct hid_report *report, gfp_t flags)
1654 {
1655 /*
1656 * 7 extra bytes are necessary to achieve proper functionality
1657 * of implement() working on 8 byte chunks
1658 */
1659
1660 u32 len = hid_report_len(report) + 7;
1661
1662 return kmalloc(len, flags);
1663 }
1664 EXPORT_SYMBOL_GPL(hid_alloc_report_buf);
1665
1666 /*
1667 * Set a field value. The report this field belongs to has to be
1668 * created and transferred to the device, to set this value in the
1669 * device.
1670 */
1671
hid_set_field(struct hid_field * field,unsigned offset,__s32 value)1672 int hid_set_field(struct hid_field *field, unsigned offset, __s32 value)
1673 {
1674 unsigned size;
1675
1676 if (!field)
1677 return -1;
1678
1679 size = field->report_size;
1680
1681 hid_dump_input(field->report->device, field->usage + offset, value);
1682
1683 if (offset >= field->report_count) {
1684 hid_err(field->report->device, "offset (%d) exceeds report_count (%d)\n",
1685 offset, field->report_count);
1686 return -1;
1687 }
1688 if (field->logical_minimum < 0) {
1689 if (value != snto32(s32ton(value, size), size)) {
1690 hid_err(field->report->device, "value %d is out of range\n", value);
1691 return -1;
1692 }
1693 }
1694 field->value[offset] = value;
1695 return 0;
1696 }
1697 EXPORT_SYMBOL_GPL(hid_set_field);
1698
hid_get_report(struct hid_report_enum * report_enum,const u8 * data)1699 static struct hid_report *hid_get_report(struct hid_report_enum *report_enum,
1700 const u8 *data)
1701 {
1702 struct hid_report *report;
1703 unsigned int n = 0; /* Normally report number is 0 */
1704
1705 /* Device uses numbered reports, data[0] is report number */
1706 if (report_enum->numbered)
1707 n = *data;
1708
1709 report = report_enum->report_id_hash[n];
1710 if (report == NULL)
1711 dbg_hid("undefined report_id %u received\n", n);
1712
1713 return report;
1714 }
1715
1716 /*
1717 * Implement a generic .request() callback, using .raw_request()
1718 * DO NOT USE in hid drivers directly, but through hid_hw_request instead.
1719 */
__hid_request(struct hid_device * hid,struct hid_report * report,int reqtype)1720 int __hid_request(struct hid_device *hid, struct hid_report *report,
1721 int reqtype)
1722 {
1723 char *buf;
1724 int ret;
1725 u32 len;
1726
1727 buf = hid_alloc_report_buf(report, GFP_KERNEL);
1728 if (!buf)
1729 return -ENOMEM;
1730
1731 len = hid_report_len(report);
1732
1733 if (reqtype == HID_REQ_SET_REPORT)
1734 hid_output_report(report, buf);
1735
1736 ret = hid->ll_driver->raw_request(hid, report->id, buf, len,
1737 report->type, reqtype);
1738 if (ret < 0) {
1739 dbg_hid("unable to complete request: %d\n", ret);
1740 goto out;
1741 }
1742
1743 if (reqtype == HID_REQ_GET_REPORT)
1744 hid_input_report(hid, report->type, buf, ret, 0);
1745
1746 ret = 0;
1747
1748 out:
1749 kfree(buf);
1750 return ret;
1751 }
1752 EXPORT_SYMBOL_GPL(__hid_request);
1753
hid_report_raw_event(struct hid_device * hid,int type,u8 * data,u32 size,int interrupt)1754 int hid_report_raw_event(struct hid_device *hid, int type, u8 *data, u32 size,
1755 int interrupt)
1756 {
1757 struct hid_report_enum *report_enum = hid->report_enum + type;
1758 struct hid_report *report;
1759 struct hid_driver *hdrv;
1760 int max_buffer_size = HID_MAX_BUFFER_SIZE;
1761 unsigned int a;
1762 u32 rsize, csize = size;
1763 u8 *cdata = data;
1764 int ret = 0;
1765
1766 report = hid_get_report(report_enum, data);
1767 if (!report)
1768 goto out;
1769
1770 if (report_enum->numbered) {
1771 cdata++;
1772 csize--;
1773 }
1774
1775 rsize = hid_compute_report_size(report);
1776
1777 if (IS_ENABLED(CONFIG_UHID) && hid->ll_driver == &uhid_hid_driver)
1778 max_buffer_size = UHID_DATA_MAX;
1779
1780 if (report_enum->numbered && rsize >= max_buffer_size)
1781 rsize = max_buffer_size - 1;
1782 else if (rsize > max_buffer_size)
1783 rsize = max_buffer_size;
1784
1785 if (csize < rsize) {
1786 dbg_hid("report %d is too short, (%d < %d)\n", report->id,
1787 csize, rsize);
1788 memset(cdata + csize, 0, rsize - csize);
1789 }
1790
1791 if ((hid->claimed & HID_CLAIMED_HIDDEV) && hid->hiddev_report_event)
1792 hid->hiddev_report_event(hid, report);
1793 if (hid->claimed & HID_CLAIMED_HIDRAW) {
1794 ret = hidraw_report_event(hid, data, size);
1795 if (ret)
1796 goto out;
1797 }
1798
1799 if (hid->claimed != HID_CLAIMED_HIDRAW && report->maxfield) {
1800 for (a = 0; a < report->maxfield; a++)
1801 hid_input_field(hid, report->field[a], cdata, interrupt);
1802 hdrv = hid->driver;
1803 if (hdrv && hdrv->report)
1804 hdrv->report(hid, report);
1805 }
1806
1807 if (hid->claimed & HID_CLAIMED_INPUT)
1808 hidinput_report_event(hid, report);
1809 out:
1810 return ret;
1811 }
1812 EXPORT_SYMBOL_GPL(hid_report_raw_event);
1813
1814 /**
1815 * hid_input_report - report data from lower layer (usb, bt...)
1816 *
1817 * @hid: hid device
1818 * @type: HID report type (HID_*_REPORT)
1819 * @data: report contents
1820 * @size: size of data parameter
1821 * @interrupt: distinguish between interrupt and control transfers
1822 *
1823 * This is data entry for lower layers.
1824 */
hid_input_report(struct hid_device * hid,int type,u8 * data,u32 size,int interrupt)1825 int hid_input_report(struct hid_device *hid, int type, u8 *data, u32 size, int interrupt)
1826 {
1827 struct hid_report_enum *report_enum;
1828 struct hid_driver *hdrv;
1829 struct hid_report *report;
1830 int ret = 0;
1831
1832 if (!hid)
1833 return -ENODEV;
1834
1835 if (down_trylock(&hid->driver_input_lock))
1836 return -EBUSY;
1837
1838 if (!hid->driver) {
1839 ret = -ENODEV;
1840 goto unlock;
1841 }
1842 report_enum = hid->report_enum + type;
1843 hdrv = hid->driver;
1844
1845 if (!size) {
1846 dbg_hid("empty report\n");
1847 ret = -1;
1848 goto unlock;
1849 }
1850
1851 /* Avoid unnecessary overhead if debugfs is disabled */
1852 if (!list_empty(&hid->debug_list))
1853 hid_dump_report(hid, type, data, size);
1854
1855 report = hid_get_report(report_enum, data);
1856
1857 if (!report) {
1858 ret = -1;
1859 goto unlock;
1860 }
1861
1862 if (hdrv && hdrv->raw_event && hid_match_report(hid, report)) {
1863 ret = hdrv->raw_event(hid, report, data, size);
1864 if (ret < 0)
1865 goto unlock;
1866 }
1867
1868 ret = hid_report_raw_event(hid, type, data, size, interrupt);
1869
1870 unlock:
1871 up(&hid->driver_input_lock);
1872 return ret;
1873 }
1874 EXPORT_SYMBOL_GPL(hid_input_report);
1875
hid_match_one_id(const struct hid_device * hdev,const struct hid_device_id * id)1876 bool hid_match_one_id(const struct hid_device *hdev,
1877 const struct hid_device_id *id)
1878 {
1879 return (id->bus == HID_BUS_ANY || id->bus == hdev->bus) &&
1880 (id->group == HID_GROUP_ANY || id->group == hdev->group) &&
1881 (id->vendor == HID_ANY_ID || id->vendor == hdev->vendor) &&
1882 (id->product == HID_ANY_ID || id->product == hdev->product);
1883 }
1884
hid_match_id(const struct hid_device * hdev,const struct hid_device_id * id)1885 const struct hid_device_id *hid_match_id(const struct hid_device *hdev,
1886 const struct hid_device_id *id)
1887 {
1888 for (; id->bus; id++)
1889 if (hid_match_one_id(hdev, id))
1890 return id;
1891
1892 return NULL;
1893 }
1894
1895 static const struct hid_device_id hid_hiddev_list[] = {
1896 { HID_USB_DEVICE(USB_VENDOR_ID_MGE, USB_DEVICE_ID_MGE_UPS) },
1897 { HID_USB_DEVICE(USB_VENDOR_ID_MGE, USB_DEVICE_ID_MGE_UPS1) },
1898 { }
1899 };
1900
hid_hiddev(struct hid_device * hdev)1901 static bool hid_hiddev(struct hid_device *hdev)
1902 {
1903 return !!hid_match_id(hdev, hid_hiddev_list);
1904 }
1905
1906
1907 static ssize_t
read_report_descriptor(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)1908 read_report_descriptor(struct file *filp, struct kobject *kobj,
1909 struct bin_attribute *attr,
1910 char *buf, loff_t off, size_t count)
1911 {
1912 struct device *dev = kobj_to_dev(kobj);
1913 struct hid_device *hdev = to_hid_device(dev);
1914
1915 if (off >= hdev->rsize)
1916 return 0;
1917
1918 if (off + count > hdev->rsize)
1919 count = hdev->rsize - off;
1920
1921 memcpy(buf, hdev->rdesc + off, count);
1922
1923 return count;
1924 }
1925
1926 static ssize_t
show_country(struct device * dev,struct device_attribute * attr,char * buf)1927 show_country(struct device *dev, struct device_attribute *attr,
1928 char *buf)
1929 {
1930 struct hid_device *hdev = to_hid_device(dev);
1931
1932 return sprintf(buf, "%02x\n", hdev->country & 0xff);
1933 }
1934
1935 static struct bin_attribute dev_bin_attr_report_desc = {
1936 .attr = { .name = "report_descriptor", .mode = 0444 },
1937 .read = read_report_descriptor,
1938 .size = HID_MAX_DESCRIPTOR_SIZE,
1939 };
1940
1941 static const struct device_attribute dev_attr_country = {
1942 .attr = { .name = "country", .mode = 0444 },
1943 .show = show_country,
1944 };
1945
hid_connect(struct hid_device * hdev,unsigned int connect_mask)1946 int hid_connect(struct hid_device *hdev, unsigned int connect_mask)
1947 {
1948 static const char *types[] = { "Device", "Pointer", "Mouse", "Device",
1949 "Joystick", "Gamepad", "Keyboard", "Keypad",
1950 "Multi-Axis Controller"
1951 };
1952 const char *type, *bus;
1953 char buf[64] = "";
1954 unsigned int i;
1955 int len;
1956 int ret;
1957
1958 if (hdev->quirks & HID_QUIRK_HIDDEV_FORCE)
1959 connect_mask |= (HID_CONNECT_HIDDEV_FORCE | HID_CONNECT_HIDDEV);
1960 if (hdev->quirks & HID_QUIRK_HIDINPUT_FORCE)
1961 connect_mask |= HID_CONNECT_HIDINPUT_FORCE;
1962 if (hdev->bus != BUS_USB)
1963 connect_mask &= ~HID_CONNECT_HIDDEV;
1964 if (hid_hiddev(hdev))
1965 connect_mask |= HID_CONNECT_HIDDEV_FORCE;
1966
1967 if ((connect_mask & HID_CONNECT_HIDINPUT) && !hidinput_connect(hdev,
1968 connect_mask & HID_CONNECT_HIDINPUT_FORCE))
1969 hdev->claimed |= HID_CLAIMED_INPUT;
1970
1971 if ((connect_mask & HID_CONNECT_HIDDEV) && hdev->hiddev_connect &&
1972 !hdev->hiddev_connect(hdev,
1973 connect_mask & HID_CONNECT_HIDDEV_FORCE))
1974 hdev->claimed |= HID_CLAIMED_HIDDEV;
1975 if ((connect_mask & HID_CONNECT_HIDRAW) && !hidraw_connect(hdev))
1976 hdev->claimed |= HID_CLAIMED_HIDRAW;
1977
1978 if (connect_mask & HID_CONNECT_DRIVER)
1979 hdev->claimed |= HID_CLAIMED_DRIVER;
1980
1981 /* Drivers with the ->raw_event callback set are not required to connect
1982 * to any other listener. */
1983 if (!hdev->claimed && !hdev->driver->raw_event) {
1984 hid_err(hdev, "device has no listeners, quitting\n");
1985 return -ENODEV;
1986 }
1987
1988 if ((hdev->claimed & HID_CLAIMED_INPUT) &&
1989 (connect_mask & HID_CONNECT_FF) && hdev->ff_init)
1990 hdev->ff_init(hdev);
1991
1992 len = 0;
1993 if (hdev->claimed & HID_CLAIMED_INPUT)
1994 len += sprintf(buf + len, "input");
1995 if (hdev->claimed & HID_CLAIMED_HIDDEV)
1996 len += sprintf(buf + len, "%shiddev%d", len ? "," : "",
1997 ((struct hiddev *)hdev->hiddev)->minor);
1998 if (hdev->claimed & HID_CLAIMED_HIDRAW)
1999 len += sprintf(buf + len, "%shidraw%d", len ? "," : "",
2000 ((struct hidraw *)hdev->hidraw)->minor);
2001
2002 type = "Device";
2003 for (i = 0; i < hdev->maxcollection; i++) {
2004 struct hid_collection *col = &hdev->collection[i];
2005 if (col->type == HID_COLLECTION_APPLICATION &&
2006 (col->usage & HID_USAGE_PAGE) == HID_UP_GENDESK &&
2007 (col->usage & 0xffff) < ARRAY_SIZE(types)) {
2008 type = types[col->usage & 0xffff];
2009 break;
2010 }
2011 }
2012
2013 switch (hdev->bus) {
2014 case BUS_USB:
2015 bus = "USB";
2016 break;
2017 case BUS_BLUETOOTH:
2018 bus = "BLUETOOTH";
2019 break;
2020 case BUS_I2C:
2021 bus = "I2C";
2022 break;
2023 case BUS_VIRTUAL:
2024 bus = "VIRTUAL";
2025 break;
2026 default:
2027 bus = "<UNKNOWN>";
2028 }
2029
2030 ret = device_create_file(&hdev->dev, &dev_attr_country);
2031 if (ret)
2032 hid_warn(hdev,
2033 "can't create sysfs country code attribute err: %d\n", ret);
2034
2035 hid_info(hdev, "%s: %s HID v%x.%02x %s [%s] on %s\n",
2036 buf, bus, hdev->version >> 8, hdev->version & 0xff,
2037 type, hdev->name, hdev->phys);
2038
2039 return 0;
2040 }
2041 EXPORT_SYMBOL_GPL(hid_connect);
2042
hid_disconnect(struct hid_device * hdev)2043 void hid_disconnect(struct hid_device *hdev)
2044 {
2045 device_remove_file(&hdev->dev, &dev_attr_country);
2046 if (hdev->claimed & HID_CLAIMED_INPUT)
2047 hidinput_disconnect(hdev);
2048 if (hdev->claimed & HID_CLAIMED_HIDDEV)
2049 hdev->hiddev_disconnect(hdev);
2050 if (hdev->claimed & HID_CLAIMED_HIDRAW)
2051 hidraw_disconnect(hdev);
2052 hdev->claimed = 0;
2053 }
2054 EXPORT_SYMBOL_GPL(hid_disconnect);
2055
2056 /**
2057 * hid_hw_start - start underlying HW
2058 * @hdev: hid device
2059 * @connect_mask: which outputs to connect, see HID_CONNECT_*
2060 *
2061 * Call this in probe function *after* hid_parse. This will setup HW
2062 * buffers and start the device (if not defeirred to device open).
2063 * hid_hw_stop must be called if this was successful.
2064 */
hid_hw_start(struct hid_device * hdev,unsigned int connect_mask)2065 int hid_hw_start(struct hid_device *hdev, unsigned int connect_mask)
2066 {
2067 int error;
2068
2069 error = hdev->ll_driver->start(hdev);
2070 if (error)
2071 return error;
2072
2073 if (connect_mask) {
2074 error = hid_connect(hdev, connect_mask);
2075 if (error) {
2076 hdev->ll_driver->stop(hdev);
2077 return error;
2078 }
2079 }
2080
2081 return 0;
2082 }
2083 EXPORT_SYMBOL_GPL(hid_hw_start);
2084
2085 /**
2086 * hid_hw_stop - stop underlying HW
2087 * @hdev: hid device
2088 *
2089 * This is usually called from remove function or from probe when something
2090 * failed and hid_hw_start was called already.
2091 */
hid_hw_stop(struct hid_device * hdev)2092 void hid_hw_stop(struct hid_device *hdev)
2093 {
2094 hid_disconnect(hdev);
2095 hdev->ll_driver->stop(hdev);
2096 }
2097 EXPORT_SYMBOL_GPL(hid_hw_stop);
2098
2099 /**
2100 * hid_hw_open - signal underlying HW to start delivering events
2101 * @hdev: hid device
2102 *
2103 * Tell underlying HW to start delivering events from the device.
2104 * This function should be called sometime after successful call
2105 * to hid_hw_start().
2106 */
hid_hw_open(struct hid_device * hdev)2107 int hid_hw_open(struct hid_device *hdev)
2108 {
2109 int ret;
2110
2111 ret = mutex_lock_killable(&hdev->ll_open_lock);
2112 if (ret)
2113 return ret;
2114
2115 if (!hdev->ll_open_count++) {
2116 ret = hdev->ll_driver->open(hdev);
2117 if (ret)
2118 hdev->ll_open_count--;
2119 }
2120
2121 mutex_unlock(&hdev->ll_open_lock);
2122 return ret;
2123 }
2124 EXPORT_SYMBOL_GPL(hid_hw_open);
2125
2126 /**
2127 * hid_hw_close - signal underlaying HW to stop delivering events
2128 *
2129 * @hdev: hid device
2130 *
2131 * This function indicates that we are not interested in the events
2132 * from this device anymore. Delivery of events may or may not stop,
2133 * depending on the number of users still outstanding.
2134 */
hid_hw_close(struct hid_device * hdev)2135 void hid_hw_close(struct hid_device *hdev)
2136 {
2137 mutex_lock(&hdev->ll_open_lock);
2138 if (!--hdev->ll_open_count)
2139 hdev->ll_driver->close(hdev);
2140 mutex_unlock(&hdev->ll_open_lock);
2141 }
2142 EXPORT_SYMBOL_GPL(hid_hw_close);
2143
2144 struct hid_dynid {
2145 struct list_head list;
2146 struct hid_device_id id;
2147 };
2148
2149 /**
2150 * store_new_id - add a new HID device ID to this driver and re-probe devices
2151 * @drv: target device driver
2152 * @buf: buffer for scanning device ID data
2153 * @count: input size
2154 *
2155 * Adds a new dynamic hid device ID to this driver,
2156 * and causes the driver to probe for all devices again.
2157 */
new_id_store(struct device_driver * drv,const char * buf,size_t count)2158 static ssize_t new_id_store(struct device_driver *drv, const char *buf,
2159 size_t count)
2160 {
2161 struct hid_driver *hdrv = to_hid_driver(drv);
2162 struct hid_dynid *dynid;
2163 __u32 bus, vendor, product;
2164 unsigned long driver_data = 0;
2165 int ret;
2166
2167 ret = sscanf(buf, "%x %x %x %lx",
2168 &bus, &vendor, &product, &driver_data);
2169 if (ret < 3)
2170 return -EINVAL;
2171
2172 dynid = kzalloc(sizeof(*dynid), GFP_KERNEL);
2173 if (!dynid)
2174 return -ENOMEM;
2175
2176 dynid->id.bus = bus;
2177 dynid->id.group = HID_GROUP_ANY;
2178 dynid->id.vendor = vendor;
2179 dynid->id.product = product;
2180 dynid->id.driver_data = driver_data;
2181
2182 spin_lock(&hdrv->dyn_lock);
2183 list_add_tail(&dynid->list, &hdrv->dyn_list);
2184 spin_unlock(&hdrv->dyn_lock);
2185
2186 ret = driver_attach(&hdrv->driver);
2187
2188 return ret ? : count;
2189 }
2190 static DRIVER_ATTR_WO(new_id);
2191
2192 static struct attribute *hid_drv_attrs[] = {
2193 &driver_attr_new_id.attr,
2194 NULL,
2195 };
2196 ATTRIBUTE_GROUPS(hid_drv);
2197
hid_free_dynids(struct hid_driver * hdrv)2198 static void hid_free_dynids(struct hid_driver *hdrv)
2199 {
2200 struct hid_dynid *dynid, *n;
2201
2202 spin_lock(&hdrv->dyn_lock);
2203 list_for_each_entry_safe(dynid, n, &hdrv->dyn_list, list) {
2204 list_del(&dynid->list);
2205 kfree(dynid);
2206 }
2207 spin_unlock(&hdrv->dyn_lock);
2208 }
2209
hid_match_device(struct hid_device * hdev,struct hid_driver * hdrv)2210 const struct hid_device_id *hid_match_device(struct hid_device *hdev,
2211 struct hid_driver *hdrv)
2212 {
2213 struct hid_dynid *dynid;
2214
2215 spin_lock(&hdrv->dyn_lock);
2216 list_for_each_entry(dynid, &hdrv->dyn_list, list) {
2217 if (hid_match_one_id(hdev, &dynid->id)) {
2218 spin_unlock(&hdrv->dyn_lock);
2219 return &dynid->id;
2220 }
2221 }
2222 spin_unlock(&hdrv->dyn_lock);
2223
2224 return hid_match_id(hdev, hdrv->id_table);
2225 }
2226 EXPORT_SYMBOL_GPL(hid_match_device);
2227
hid_bus_match(struct device * dev,struct device_driver * drv)2228 static int hid_bus_match(struct device *dev, struct device_driver *drv)
2229 {
2230 struct hid_driver *hdrv = to_hid_driver(drv);
2231 struct hid_device *hdev = to_hid_device(dev);
2232
2233 return hid_match_device(hdev, hdrv) != NULL;
2234 }
2235
2236 /**
2237 * hid_compare_device_paths - check if both devices share the same path
2238 * @hdev_a: hid device
2239 * @hdev_b: hid device
2240 * @separator: char to use as separator
2241 *
2242 * Check if two devices share the same path up to the last occurrence of
2243 * the separator char. Both paths must exist (i.e., zero-length paths
2244 * don't match).
2245 */
hid_compare_device_paths(struct hid_device * hdev_a,struct hid_device * hdev_b,char separator)2246 bool hid_compare_device_paths(struct hid_device *hdev_a,
2247 struct hid_device *hdev_b, char separator)
2248 {
2249 int n1 = strrchr(hdev_a->phys, separator) - hdev_a->phys;
2250 int n2 = strrchr(hdev_b->phys, separator) - hdev_b->phys;
2251
2252 if (n1 != n2 || n1 <= 0 || n2 <= 0)
2253 return false;
2254
2255 return !strncmp(hdev_a->phys, hdev_b->phys, n1);
2256 }
2257 EXPORT_SYMBOL_GPL(hid_compare_device_paths);
2258
hid_device_probe(struct device * dev)2259 static int hid_device_probe(struct device *dev)
2260 {
2261 struct hid_driver *hdrv = to_hid_driver(dev->driver);
2262 struct hid_device *hdev = to_hid_device(dev);
2263 const struct hid_device_id *id;
2264 int ret = 0;
2265
2266 if (down_interruptible(&hdev->driver_input_lock)) {
2267 ret = -EINTR;
2268 goto end;
2269 }
2270 hdev->io_started = false;
2271
2272 clear_bit(ffs(HID_STAT_REPROBED), &hdev->status);
2273
2274 if (!hdev->driver) {
2275 id = hid_match_device(hdev, hdrv);
2276 if (id == NULL) {
2277 ret = -ENODEV;
2278 goto unlock;
2279 }
2280
2281 if (hdrv->match) {
2282 if (!hdrv->match(hdev, hid_ignore_special_drivers)) {
2283 ret = -ENODEV;
2284 goto unlock;
2285 }
2286 } else {
2287 /*
2288 * hid-generic implements .match(), so if
2289 * hid_ignore_special_drivers is set, we can safely
2290 * return.
2291 */
2292 if (hid_ignore_special_drivers) {
2293 ret = -ENODEV;
2294 goto unlock;
2295 }
2296 }
2297
2298 /* reset the quirks that has been previously set */
2299 hdev->quirks = hid_lookup_quirk(hdev);
2300 hdev->driver = hdrv;
2301 if (hdrv->probe) {
2302 ret = hdrv->probe(hdev, id);
2303 } else { /* default probe */
2304 ret = hid_open_report(hdev);
2305 if (!ret)
2306 ret = hid_hw_start(hdev, HID_CONNECT_DEFAULT);
2307 }
2308 if (ret) {
2309 hid_close_report(hdev);
2310 hdev->driver = NULL;
2311 }
2312 }
2313 unlock:
2314 if (!hdev->io_started)
2315 up(&hdev->driver_input_lock);
2316 end:
2317 return ret;
2318 }
2319
hid_device_remove(struct device * dev)2320 static int hid_device_remove(struct device *dev)
2321 {
2322 struct hid_device *hdev = to_hid_device(dev);
2323 struct hid_driver *hdrv;
2324
2325 down(&hdev->driver_input_lock);
2326 hdev->io_started = false;
2327
2328 hdrv = hdev->driver;
2329 if (hdrv) {
2330 if (hdrv->remove)
2331 hdrv->remove(hdev);
2332 else /* default remove */
2333 hid_hw_stop(hdev);
2334 hid_close_report(hdev);
2335 hdev->driver = NULL;
2336 }
2337
2338 if (!hdev->io_started)
2339 up(&hdev->driver_input_lock);
2340
2341 return 0;
2342 }
2343
modalias_show(struct device * dev,struct device_attribute * a,char * buf)2344 static ssize_t modalias_show(struct device *dev, struct device_attribute *a,
2345 char *buf)
2346 {
2347 struct hid_device *hdev = container_of(dev, struct hid_device, dev);
2348
2349 return scnprintf(buf, PAGE_SIZE, "hid:b%04Xg%04Xv%08Xp%08X\n",
2350 hdev->bus, hdev->group, hdev->vendor, hdev->product);
2351 }
2352 static DEVICE_ATTR_RO(modalias);
2353
2354 static struct attribute *hid_dev_attrs[] = {
2355 &dev_attr_modalias.attr,
2356 NULL,
2357 };
2358 static struct bin_attribute *hid_dev_bin_attrs[] = {
2359 &dev_bin_attr_report_desc,
2360 NULL
2361 };
2362 static const struct attribute_group hid_dev_group = {
2363 .attrs = hid_dev_attrs,
2364 .bin_attrs = hid_dev_bin_attrs,
2365 };
2366 __ATTRIBUTE_GROUPS(hid_dev);
2367
hid_uevent(struct device * dev,struct kobj_uevent_env * env)2368 static int hid_uevent(struct device *dev, struct kobj_uevent_env *env)
2369 {
2370 struct hid_device *hdev = to_hid_device(dev);
2371
2372 if (add_uevent_var(env, "HID_ID=%04X:%08X:%08X",
2373 hdev->bus, hdev->vendor, hdev->product))
2374 return -ENOMEM;
2375
2376 if (add_uevent_var(env, "HID_NAME=%s", hdev->name))
2377 return -ENOMEM;
2378
2379 if (add_uevent_var(env, "HID_PHYS=%s", hdev->phys))
2380 return -ENOMEM;
2381
2382 if (add_uevent_var(env, "HID_UNIQ=%s", hdev->uniq))
2383 return -ENOMEM;
2384
2385 if (add_uevent_var(env, "MODALIAS=hid:b%04Xg%04Xv%08Xp%08X",
2386 hdev->bus, hdev->group, hdev->vendor, hdev->product))
2387 return -ENOMEM;
2388
2389 return 0;
2390 }
2391
2392 struct bus_type hid_bus_type = {
2393 .name = "hid",
2394 .dev_groups = hid_dev_groups,
2395 .drv_groups = hid_drv_groups,
2396 .match = hid_bus_match,
2397 .probe = hid_device_probe,
2398 .remove = hid_device_remove,
2399 .uevent = hid_uevent,
2400 };
2401 EXPORT_SYMBOL(hid_bus_type);
2402
hid_add_device(struct hid_device * hdev)2403 int hid_add_device(struct hid_device *hdev)
2404 {
2405 static atomic_t id = ATOMIC_INIT(0);
2406 int ret;
2407
2408 if (WARN_ON(hdev->status & HID_STAT_ADDED))
2409 return -EBUSY;
2410
2411 hdev->quirks = hid_lookup_quirk(hdev);
2412
2413 /* we need to kill them here, otherwise they will stay allocated to
2414 * wait for coming driver */
2415 if (hid_ignore(hdev))
2416 return -ENODEV;
2417
2418 /*
2419 * Check for the mandatory transport channel.
2420 */
2421 if (!hdev->ll_driver->raw_request) {
2422 hid_err(hdev, "transport driver missing .raw_request()\n");
2423 return -EINVAL;
2424 }
2425
2426 /*
2427 * Read the device report descriptor once and use as template
2428 * for the driver-specific modifications.
2429 */
2430 ret = hdev->ll_driver->parse(hdev);
2431 if (ret)
2432 return ret;
2433 if (!hdev->dev_rdesc)
2434 return -ENODEV;
2435
2436 /*
2437 * Scan generic devices for group information
2438 */
2439 if (hid_ignore_special_drivers) {
2440 hdev->group = HID_GROUP_GENERIC;
2441 } else if (!hdev->group &&
2442 !(hdev->quirks & HID_QUIRK_HAVE_SPECIAL_DRIVER)) {
2443 ret = hid_scan_report(hdev);
2444 if (ret)
2445 hid_warn(hdev, "bad device descriptor (%d)\n", ret);
2446 }
2447
2448 /* XXX hack, any other cleaner solution after the driver core
2449 * is converted to allow more than 20 bytes as the device name? */
2450 dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
2451 hdev->vendor, hdev->product, atomic_inc_return(&id));
2452
2453 hid_debug_register(hdev, dev_name(&hdev->dev));
2454 ret = device_add(&hdev->dev);
2455 if (!ret)
2456 hdev->status |= HID_STAT_ADDED;
2457 else
2458 hid_debug_unregister(hdev);
2459
2460 return ret;
2461 }
2462 EXPORT_SYMBOL_GPL(hid_add_device);
2463
2464 /**
2465 * hid_allocate_device - allocate new hid device descriptor
2466 *
2467 * Allocate and initialize hid device, so that hid_destroy_device might be
2468 * used to free it.
2469 *
2470 * New hid_device pointer is returned on success, otherwise ERR_PTR encoded
2471 * error value.
2472 */
hid_allocate_device(void)2473 struct hid_device *hid_allocate_device(void)
2474 {
2475 struct hid_device *hdev;
2476 int ret = -ENOMEM;
2477
2478 hdev = kzalloc(sizeof(*hdev), GFP_KERNEL);
2479 if (hdev == NULL)
2480 return ERR_PTR(ret);
2481
2482 device_initialize(&hdev->dev);
2483 hdev->dev.release = hid_device_release;
2484 hdev->dev.bus = &hid_bus_type;
2485 device_enable_async_suspend(&hdev->dev);
2486
2487 hid_close_report(hdev);
2488
2489 init_waitqueue_head(&hdev->debug_wait);
2490 INIT_LIST_HEAD(&hdev->debug_list);
2491 spin_lock_init(&hdev->debug_list_lock);
2492 sema_init(&hdev->driver_input_lock, 1);
2493 mutex_init(&hdev->ll_open_lock);
2494
2495 return hdev;
2496 }
2497 EXPORT_SYMBOL_GPL(hid_allocate_device);
2498
hid_remove_device(struct hid_device * hdev)2499 static void hid_remove_device(struct hid_device *hdev)
2500 {
2501 if (hdev->status & HID_STAT_ADDED) {
2502 device_del(&hdev->dev);
2503 hid_debug_unregister(hdev);
2504 hdev->status &= ~HID_STAT_ADDED;
2505 }
2506 kfree(hdev->dev_rdesc);
2507 hdev->dev_rdesc = NULL;
2508 hdev->dev_rsize = 0;
2509 }
2510
2511 /**
2512 * hid_destroy_device - free previously allocated device
2513 *
2514 * @hdev: hid device
2515 *
2516 * If you allocate hid_device through hid_allocate_device, you should ever
2517 * free by this function.
2518 */
hid_destroy_device(struct hid_device * hdev)2519 void hid_destroy_device(struct hid_device *hdev)
2520 {
2521 hid_remove_device(hdev);
2522 put_device(&hdev->dev);
2523 }
2524 EXPORT_SYMBOL_GPL(hid_destroy_device);
2525
2526
__hid_bus_reprobe_drivers(struct device * dev,void * data)2527 static int __hid_bus_reprobe_drivers(struct device *dev, void *data)
2528 {
2529 struct hid_driver *hdrv = data;
2530 struct hid_device *hdev = to_hid_device(dev);
2531
2532 if (hdev->driver == hdrv &&
2533 !hdrv->match(hdev, hid_ignore_special_drivers) &&
2534 !test_and_set_bit(ffs(HID_STAT_REPROBED), &hdev->status))
2535 return device_reprobe(dev);
2536
2537 return 0;
2538 }
2539
__hid_bus_driver_added(struct device_driver * drv,void * data)2540 static int __hid_bus_driver_added(struct device_driver *drv, void *data)
2541 {
2542 struct hid_driver *hdrv = to_hid_driver(drv);
2543
2544 if (hdrv->match) {
2545 bus_for_each_dev(&hid_bus_type, NULL, hdrv,
2546 __hid_bus_reprobe_drivers);
2547 }
2548
2549 return 0;
2550 }
2551
__bus_removed_driver(struct device_driver * drv,void * data)2552 static int __bus_removed_driver(struct device_driver *drv, void *data)
2553 {
2554 return bus_rescan_devices(&hid_bus_type);
2555 }
2556
__hid_register_driver(struct hid_driver * hdrv,struct module * owner,const char * mod_name)2557 int __hid_register_driver(struct hid_driver *hdrv, struct module *owner,
2558 const char *mod_name)
2559 {
2560 int ret;
2561
2562 hdrv->driver.name = hdrv->name;
2563 hdrv->driver.bus = &hid_bus_type;
2564 hdrv->driver.owner = owner;
2565 hdrv->driver.mod_name = mod_name;
2566
2567 INIT_LIST_HEAD(&hdrv->dyn_list);
2568 spin_lock_init(&hdrv->dyn_lock);
2569
2570 ret = driver_register(&hdrv->driver);
2571
2572 if (ret == 0)
2573 bus_for_each_drv(&hid_bus_type, NULL, NULL,
2574 __hid_bus_driver_added);
2575
2576 return ret;
2577 }
2578 EXPORT_SYMBOL_GPL(__hid_register_driver);
2579
hid_unregister_driver(struct hid_driver * hdrv)2580 void hid_unregister_driver(struct hid_driver *hdrv)
2581 {
2582 driver_unregister(&hdrv->driver);
2583 hid_free_dynids(hdrv);
2584
2585 bus_for_each_drv(&hid_bus_type, NULL, hdrv, __bus_removed_driver);
2586 }
2587 EXPORT_SYMBOL_GPL(hid_unregister_driver);
2588
hid_check_keys_pressed(struct hid_device * hid)2589 int hid_check_keys_pressed(struct hid_device *hid)
2590 {
2591 struct hid_input *hidinput;
2592 int i;
2593
2594 if (!(hid->claimed & HID_CLAIMED_INPUT))
2595 return 0;
2596
2597 list_for_each_entry(hidinput, &hid->inputs, list) {
2598 for (i = 0; i < BITS_TO_LONGS(KEY_MAX); i++)
2599 if (hidinput->input->key[i])
2600 return 1;
2601 }
2602
2603 return 0;
2604 }
2605
2606 EXPORT_SYMBOL_GPL(hid_check_keys_pressed);
2607
hid_init(void)2608 static int __init hid_init(void)
2609 {
2610 int ret;
2611
2612 if (hid_debug)
2613 pr_warn("hid_debug is now used solely for parser and driver debugging.\n"
2614 "debugfs is now used for inspecting the device (report descriptor, reports)\n");
2615
2616 ret = bus_register(&hid_bus_type);
2617 if (ret) {
2618 pr_err("can't register hid bus\n");
2619 goto err;
2620 }
2621
2622 ret = hidraw_init();
2623 if (ret)
2624 goto err_bus;
2625
2626 hid_debug_init();
2627
2628 return 0;
2629 err_bus:
2630 bus_unregister(&hid_bus_type);
2631 err:
2632 return ret;
2633 }
2634
hid_exit(void)2635 static void __exit hid_exit(void)
2636 {
2637 hid_debug_exit();
2638 hidraw_exit();
2639 bus_unregister(&hid_bus_type);
2640 hid_quirks_exit(HID_BUS_ANY);
2641 }
2642
2643 module_init(hid_init);
2644 module_exit(hid_exit);
2645
2646 MODULE_AUTHOR("Andreas Gal");
2647 MODULE_AUTHOR("Vojtech Pavlik");
2648 MODULE_AUTHOR("Jiri Kosina");
2649 MODULE_LICENSE("GPL");
2650