1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * HID support for Linux
4 *
5 * Copyright (c) 1999 Andreas Gal
6 * Copyright (c) 2000-2005 Vojtech Pavlik <vojtech@suse.cz>
7 * Copyright (c) 2005 Michael Haboustak <mike-@cinci.rr.com> for Concept2, Inc
8 * Copyright (c) 2006-2012 Jiri Kosina
9 */
10
11 /*
12 */
13
14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15
16 #include <linux/module.h>
17 #include <linux/slab.h>
18 #include <linux/init.h>
19 #include <linux/kernel.h>
20 #include <linux/list.h>
21 #include <linux/mm.h>
22 #include <linux/spinlock.h>
23 #include <asm/unaligned.h>
24 #include <asm/byteorder.h>
25 #include <linux/input.h>
26 #include <linux/wait.h>
27 #include <linux/vmalloc.h>
28 #include <linux/sched.h>
29 #include <linux/semaphore.h>
30
31 #include <linux/hid.h>
32 #include <linux/hiddev.h>
33 #include <linux/hid-debug.h>
34 #include <linux/hidraw.h>
35
36 #include "hid-ids.h"
37
38 /*
39 * Version Information
40 */
41
42 #define DRIVER_DESC "HID core driver"
43
44 int hid_debug = 0;
45 module_param_named(debug, hid_debug, int, 0600);
46 MODULE_PARM_DESC(debug, "toggle HID debugging messages");
47 EXPORT_SYMBOL_GPL(hid_debug);
48
49 static int hid_ignore_special_drivers = 0;
50 module_param_named(ignore_special_drivers, hid_ignore_special_drivers, int, 0600);
51 MODULE_PARM_DESC(ignore_special_drivers, "Ignore any special drivers and handle all devices by generic driver");
52
53 /*
54 * Register a new report for a device.
55 */
56
hid_register_report(struct hid_device * device,unsigned int type,unsigned int id,unsigned int application)57 struct hid_report *hid_register_report(struct hid_device *device,
58 unsigned int type, unsigned int id,
59 unsigned int application)
60 {
61 struct hid_report_enum *report_enum = device->report_enum + type;
62 struct hid_report *report;
63
64 if (id >= HID_MAX_IDS)
65 return NULL;
66 if (report_enum->report_id_hash[id])
67 return report_enum->report_id_hash[id];
68
69 report = kzalloc(sizeof(struct hid_report), GFP_KERNEL);
70 if (!report)
71 return NULL;
72
73 if (id != 0)
74 report_enum->numbered = 1;
75
76 report->id = id;
77 report->type = type;
78 report->size = 0;
79 report->device = device;
80 report->application = application;
81 report_enum->report_id_hash[id] = report;
82
83 list_add_tail(&report->list, &report_enum->report_list);
84
85 return report;
86 }
87 EXPORT_SYMBOL_GPL(hid_register_report);
88
89 /*
90 * Register a new field for this report.
91 */
92
hid_register_field(struct hid_report * report,unsigned usages,unsigned values)93 static struct hid_field *hid_register_field(struct hid_report *report, unsigned usages, unsigned values)
94 {
95 struct hid_field *field;
96
97 if (report->maxfield == HID_MAX_FIELDS) {
98 hid_err(report->device, "too many fields in report\n");
99 return NULL;
100 }
101
102 field = kzalloc((sizeof(struct hid_field) +
103 usages * sizeof(struct hid_usage) +
104 values * sizeof(unsigned)), GFP_KERNEL);
105 if (!field)
106 return NULL;
107
108 field->index = report->maxfield++;
109 report->field[field->index] = field;
110 field->usage = (struct hid_usage *)(field + 1);
111 field->value = (s32 *)(field->usage + usages);
112 field->report = report;
113
114 return field;
115 }
116
117 /*
118 * Open a collection. The type/usage is pushed on the stack.
119 */
120
open_collection(struct hid_parser * parser,unsigned type)121 static int open_collection(struct hid_parser *parser, unsigned type)
122 {
123 struct hid_collection *collection;
124 unsigned usage;
125 int collection_index;
126
127 usage = parser->local.usage[0];
128
129 if (parser->collection_stack_ptr == parser->collection_stack_size) {
130 unsigned int *collection_stack;
131 unsigned int new_size = parser->collection_stack_size +
132 HID_COLLECTION_STACK_SIZE;
133
134 collection_stack = krealloc(parser->collection_stack,
135 new_size * sizeof(unsigned int),
136 GFP_KERNEL);
137 if (!collection_stack)
138 return -ENOMEM;
139
140 parser->collection_stack = collection_stack;
141 parser->collection_stack_size = new_size;
142 }
143
144 if (parser->device->maxcollection == parser->device->collection_size) {
145 collection = kmalloc(
146 array3_size(sizeof(struct hid_collection),
147 parser->device->collection_size,
148 2),
149 GFP_KERNEL);
150 if (collection == NULL) {
151 hid_err(parser->device, "failed to reallocate collection array\n");
152 return -ENOMEM;
153 }
154 memcpy(collection, parser->device->collection,
155 sizeof(struct hid_collection) *
156 parser->device->collection_size);
157 memset(collection + parser->device->collection_size, 0,
158 sizeof(struct hid_collection) *
159 parser->device->collection_size);
160 kfree(parser->device->collection);
161 parser->device->collection = collection;
162 parser->device->collection_size *= 2;
163 }
164
165 parser->collection_stack[parser->collection_stack_ptr++] =
166 parser->device->maxcollection;
167
168 collection_index = parser->device->maxcollection++;
169 collection = parser->device->collection + collection_index;
170 collection->type = type;
171 collection->usage = usage;
172 collection->level = parser->collection_stack_ptr - 1;
173 collection->parent_idx = (collection->level == 0) ? -1 :
174 parser->collection_stack[collection->level - 1];
175
176 if (type == HID_COLLECTION_APPLICATION)
177 parser->device->maxapplication++;
178
179 return 0;
180 }
181
182 /*
183 * Close a collection.
184 */
185
close_collection(struct hid_parser * parser)186 static int close_collection(struct hid_parser *parser)
187 {
188 if (!parser->collection_stack_ptr) {
189 hid_err(parser->device, "collection stack underflow\n");
190 return -EINVAL;
191 }
192 parser->collection_stack_ptr--;
193 return 0;
194 }
195
196 /*
197 * Climb up the stack, search for the specified collection type
198 * and return the usage.
199 */
200
hid_lookup_collection(struct hid_parser * parser,unsigned type)201 static unsigned hid_lookup_collection(struct hid_parser *parser, unsigned type)
202 {
203 struct hid_collection *collection = parser->device->collection;
204 int n;
205
206 for (n = parser->collection_stack_ptr - 1; n >= 0; n--) {
207 unsigned index = parser->collection_stack[n];
208 if (collection[index].type == type)
209 return collection[index].usage;
210 }
211 return 0; /* we know nothing about this usage type */
212 }
213
214 /*
215 * Add a usage to the temporary parser table.
216 */
217
hid_add_usage(struct hid_parser * parser,unsigned usage,u8 size)218 static int hid_add_usage(struct hid_parser *parser, unsigned usage, u8 size)
219 {
220 if (parser->local.usage_index >= HID_MAX_USAGES) {
221 hid_err(parser->device, "usage index exceeded\n");
222 return -1;
223 }
224 parser->local.usage[parser->local.usage_index] = usage;
225 parser->local.usage_size[parser->local.usage_index] = size;
226 parser->local.collection_index[parser->local.usage_index] =
227 parser->collection_stack_ptr ?
228 parser->collection_stack[parser->collection_stack_ptr - 1] : 0;
229 parser->local.usage_index++;
230 return 0;
231 }
232
233 /*
234 * Register a new field for this report.
235 */
236
hid_add_field(struct hid_parser * parser,unsigned report_type,unsigned flags)237 static int hid_add_field(struct hid_parser *parser, unsigned report_type, unsigned flags)
238 {
239 struct hid_report *report;
240 struct hid_field *field;
241 unsigned int usages;
242 unsigned int offset;
243 unsigned int i;
244 unsigned int application;
245
246 application = hid_lookup_collection(parser, HID_COLLECTION_APPLICATION);
247
248 report = hid_register_report(parser->device, report_type,
249 parser->global.report_id, application);
250 if (!report) {
251 hid_err(parser->device, "hid_register_report failed\n");
252 return -1;
253 }
254
255 /* Handle both signed and unsigned cases properly */
256 if ((parser->global.logical_minimum < 0 &&
257 parser->global.logical_maximum <
258 parser->global.logical_minimum) ||
259 (parser->global.logical_minimum >= 0 &&
260 (__u32)parser->global.logical_maximum <
261 (__u32)parser->global.logical_minimum)) {
262 dbg_hid("logical range invalid 0x%x 0x%x\n",
263 parser->global.logical_minimum,
264 parser->global.logical_maximum);
265 return -1;
266 }
267
268 offset = report->size;
269 report->size += parser->global.report_size * parser->global.report_count;
270
271 if (!parser->local.usage_index) /* Ignore padding fields */
272 return 0;
273
274 usages = max_t(unsigned, parser->local.usage_index,
275 parser->global.report_count);
276
277 field = hid_register_field(report, usages, parser->global.report_count);
278 if (!field)
279 return 0;
280
281 field->physical = hid_lookup_collection(parser, HID_COLLECTION_PHYSICAL);
282 field->logical = hid_lookup_collection(parser, HID_COLLECTION_LOGICAL);
283 field->application = application;
284
285 for (i = 0; i < usages; i++) {
286 unsigned j = i;
287 /* Duplicate the last usage we parsed if we have excess values */
288 if (i >= parser->local.usage_index)
289 j = parser->local.usage_index - 1;
290 field->usage[i].hid = parser->local.usage[j];
291 field->usage[i].collection_index =
292 parser->local.collection_index[j];
293 field->usage[i].usage_index = i;
294 field->usage[i].resolution_multiplier = 1;
295 }
296
297 field->maxusage = usages;
298 field->flags = flags;
299 field->report_offset = offset;
300 field->report_type = report_type;
301 field->report_size = parser->global.report_size;
302 field->report_count = parser->global.report_count;
303 field->logical_minimum = parser->global.logical_minimum;
304 field->logical_maximum = parser->global.logical_maximum;
305 field->physical_minimum = parser->global.physical_minimum;
306 field->physical_maximum = parser->global.physical_maximum;
307 field->unit_exponent = parser->global.unit_exponent;
308 field->unit = parser->global.unit;
309
310 return 0;
311 }
312
313 /*
314 * Read data value from item.
315 */
316
item_udata(struct hid_item * item)317 static u32 item_udata(struct hid_item *item)
318 {
319 switch (item->size) {
320 case 1: return item->data.u8;
321 case 2: return item->data.u16;
322 case 4: return item->data.u32;
323 }
324 return 0;
325 }
326
item_sdata(struct hid_item * item)327 static s32 item_sdata(struct hid_item *item)
328 {
329 switch (item->size) {
330 case 1: return item->data.s8;
331 case 2: return item->data.s16;
332 case 4: return item->data.s32;
333 }
334 return 0;
335 }
336
337 /*
338 * Process a global item.
339 */
340
hid_parser_global(struct hid_parser * parser,struct hid_item * item)341 static int hid_parser_global(struct hid_parser *parser, struct hid_item *item)
342 {
343 __s32 raw_value;
344 switch (item->tag) {
345 case HID_GLOBAL_ITEM_TAG_PUSH:
346
347 if (parser->global_stack_ptr == HID_GLOBAL_STACK_SIZE) {
348 hid_err(parser->device, "global environment stack overflow\n");
349 return -1;
350 }
351
352 memcpy(parser->global_stack + parser->global_stack_ptr++,
353 &parser->global, sizeof(struct hid_global));
354 return 0;
355
356 case HID_GLOBAL_ITEM_TAG_POP:
357
358 if (!parser->global_stack_ptr) {
359 hid_err(parser->device, "global environment stack underflow\n");
360 return -1;
361 }
362
363 memcpy(&parser->global, parser->global_stack +
364 --parser->global_stack_ptr, sizeof(struct hid_global));
365 return 0;
366
367 case HID_GLOBAL_ITEM_TAG_USAGE_PAGE:
368 parser->global.usage_page = item_udata(item);
369 return 0;
370
371 case HID_GLOBAL_ITEM_TAG_LOGICAL_MINIMUM:
372 parser->global.logical_minimum = item_sdata(item);
373 return 0;
374
375 case HID_GLOBAL_ITEM_TAG_LOGICAL_MAXIMUM:
376 if (parser->global.logical_minimum < 0)
377 parser->global.logical_maximum = item_sdata(item);
378 else
379 parser->global.logical_maximum = item_udata(item);
380 return 0;
381
382 case HID_GLOBAL_ITEM_TAG_PHYSICAL_MINIMUM:
383 parser->global.physical_minimum = item_sdata(item);
384 return 0;
385
386 case HID_GLOBAL_ITEM_TAG_PHYSICAL_MAXIMUM:
387 if (parser->global.physical_minimum < 0)
388 parser->global.physical_maximum = item_sdata(item);
389 else
390 parser->global.physical_maximum = item_udata(item);
391 return 0;
392
393 case HID_GLOBAL_ITEM_TAG_UNIT_EXPONENT:
394 /* Many devices provide unit exponent as a two's complement
395 * nibble due to the common misunderstanding of HID
396 * specification 1.11, 6.2.2.7 Global Items. Attempt to handle
397 * both this and the standard encoding. */
398 raw_value = item_sdata(item);
399 if (!(raw_value & 0xfffffff0))
400 parser->global.unit_exponent = hid_snto32(raw_value, 4);
401 else
402 parser->global.unit_exponent = raw_value;
403 return 0;
404
405 case HID_GLOBAL_ITEM_TAG_UNIT:
406 parser->global.unit = item_udata(item);
407 return 0;
408
409 case HID_GLOBAL_ITEM_TAG_REPORT_SIZE:
410 parser->global.report_size = item_udata(item);
411 if (parser->global.report_size > 256) {
412 hid_err(parser->device, "invalid report_size %d\n",
413 parser->global.report_size);
414 return -1;
415 }
416 return 0;
417
418 case HID_GLOBAL_ITEM_TAG_REPORT_COUNT:
419 parser->global.report_count = item_udata(item);
420 if (parser->global.report_count > HID_MAX_USAGES) {
421 hid_err(parser->device, "invalid report_count %d\n",
422 parser->global.report_count);
423 return -1;
424 }
425 return 0;
426
427 case HID_GLOBAL_ITEM_TAG_REPORT_ID:
428 parser->global.report_id = item_udata(item);
429 if (parser->global.report_id == 0 ||
430 parser->global.report_id >= HID_MAX_IDS) {
431 hid_err(parser->device, "report_id %u is invalid\n",
432 parser->global.report_id);
433 return -1;
434 }
435 return 0;
436
437 default:
438 hid_err(parser->device, "unknown global tag 0x%x\n", item->tag);
439 return -1;
440 }
441 }
442
443 /*
444 * Process a local item.
445 */
446
hid_parser_local(struct hid_parser * parser,struct hid_item * item)447 static int hid_parser_local(struct hid_parser *parser, struct hid_item *item)
448 {
449 __u32 data;
450 unsigned n;
451 __u32 count;
452
453 data = item_udata(item);
454
455 switch (item->tag) {
456 case HID_LOCAL_ITEM_TAG_DELIMITER:
457
458 if (data) {
459 /*
460 * We treat items before the first delimiter
461 * as global to all usage sets (branch 0).
462 * In the moment we process only these global
463 * items and the first delimiter set.
464 */
465 if (parser->local.delimiter_depth != 0) {
466 hid_err(parser->device, "nested delimiters\n");
467 return -1;
468 }
469 parser->local.delimiter_depth++;
470 parser->local.delimiter_branch++;
471 } else {
472 if (parser->local.delimiter_depth < 1) {
473 hid_err(parser->device, "bogus close delimiter\n");
474 return -1;
475 }
476 parser->local.delimiter_depth--;
477 }
478 return 0;
479
480 case HID_LOCAL_ITEM_TAG_USAGE:
481
482 if (parser->local.delimiter_branch > 1) {
483 dbg_hid("alternative usage ignored\n");
484 return 0;
485 }
486
487 return hid_add_usage(parser, data, item->size);
488
489 case HID_LOCAL_ITEM_TAG_USAGE_MINIMUM:
490
491 if (parser->local.delimiter_branch > 1) {
492 dbg_hid("alternative usage ignored\n");
493 return 0;
494 }
495
496 parser->local.usage_minimum = data;
497 return 0;
498
499 case HID_LOCAL_ITEM_TAG_USAGE_MAXIMUM:
500
501 if (parser->local.delimiter_branch > 1) {
502 dbg_hid("alternative usage ignored\n");
503 return 0;
504 }
505
506 count = data - parser->local.usage_minimum;
507 if (count + parser->local.usage_index >= HID_MAX_USAGES) {
508 /*
509 * We do not warn if the name is not set, we are
510 * actually pre-scanning the device.
511 */
512 if (dev_name(&parser->device->dev))
513 hid_warn(parser->device,
514 "ignoring exceeding usage max\n");
515 data = HID_MAX_USAGES - parser->local.usage_index +
516 parser->local.usage_minimum - 1;
517 if (data <= 0) {
518 hid_err(parser->device,
519 "no more usage index available\n");
520 return -1;
521 }
522 }
523
524 for (n = parser->local.usage_minimum; n <= data; n++)
525 if (hid_add_usage(parser, n, item->size)) {
526 dbg_hid("hid_add_usage failed\n");
527 return -1;
528 }
529 return 0;
530
531 default:
532
533 dbg_hid("unknown local item tag 0x%x\n", item->tag);
534 return 0;
535 }
536 return 0;
537 }
538
539 /*
540 * Concatenate Usage Pages into Usages where relevant:
541 * As per specification, 6.2.2.8: "When the parser encounters a main item it
542 * concatenates the last declared Usage Page with a Usage to form a complete
543 * usage value."
544 */
545
hid_concatenate_usage_page(struct hid_parser * parser)546 static void hid_concatenate_usage_page(struct hid_parser *parser)
547 {
548 int i;
549
550 for (i = 0; i < parser->local.usage_index; i++)
551 if (parser->local.usage_size[i] <= 2)
552 parser->local.usage[i] += parser->global.usage_page << 16;
553 }
554
555 /*
556 * Process a main item.
557 */
558
hid_parser_main(struct hid_parser * parser,struct hid_item * item)559 static int hid_parser_main(struct hid_parser *parser, struct hid_item *item)
560 {
561 __u32 data;
562 int ret;
563
564 hid_concatenate_usage_page(parser);
565
566 data = item_udata(item);
567
568 switch (item->tag) {
569 case HID_MAIN_ITEM_TAG_BEGIN_COLLECTION:
570 ret = open_collection(parser, data & 0xff);
571 break;
572 case HID_MAIN_ITEM_TAG_END_COLLECTION:
573 ret = close_collection(parser);
574 break;
575 case HID_MAIN_ITEM_TAG_INPUT:
576 ret = hid_add_field(parser, HID_INPUT_REPORT, data);
577 break;
578 case HID_MAIN_ITEM_TAG_OUTPUT:
579 ret = hid_add_field(parser, HID_OUTPUT_REPORT, data);
580 break;
581 case HID_MAIN_ITEM_TAG_FEATURE:
582 ret = hid_add_field(parser, HID_FEATURE_REPORT, data);
583 break;
584 default:
585 hid_warn(parser->device, "unknown main item tag 0x%x\n", item->tag);
586 ret = 0;
587 }
588
589 memset(&parser->local, 0, sizeof(parser->local)); /* Reset the local parser environment */
590
591 return ret;
592 }
593
594 /*
595 * Process a reserved item.
596 */
597
hid_parser_reserved(struct hid_parser * parser,struct hid_item * item)598 static int hid_parser_reserved(struct hid_parser *parser, struct hid_item *item)
599 {
600 dbg_hid("reserved item type, tag 0x%x\n", item->tag);
601 return 0;
602 }
603
604 /*
605 * Free a report and all registered fields. The field->usage and
606 * field->value table's are allocated behind the field, so we need
607 * only to free(field) itself.
608 */
609
hid_free_report(struct hid_report * report)610 static void hid_free_report(struct hid_report *report)
611 {
612 unsigned n;
613
614 for (n = 0; n < report->maxfield; n++)
615 kfree(report->field[n]);
616 kfree(report);
617 }
618
619 /*
620 * Close report. This function returns the device
621 * state to the point prior to hid_open_report().
622 */
hid_close_report(struct hid_device * device)623 static void hid_close_report(struct hid_device *device)
624 {
625 unsigned i, j;
626
627 for (i = 0; i < HID_REPORT_TYPES; i++) {
628 struct hid_report_enum *report_enum = device->report_enum + i;
629
630 for (j = 0; j < HID_MAX_IDS; j++) {
631 struct hid_report *report = report_enum->report_id_hash[j];
632 if (report)
633 hid_free_report(report);
634 }
635 memset(report_enum, 0, sizeof(*report_enum));
636 INIT_LIST_HEAD(&report_enum->report_list);
637 }
638
639 kfree(device->rdesc);
640 device->rdesc = NULL;
641 device->rsize = 0;
642
643 kfree(device->collection);
644 device->collection = NULL;
645 device->collection_size = 0;
646 device->maxcollection = 0;
647 device->maxapplication = 0;
648
649 device->status &= ~HID_STAT_PARSED;
650 }
651
652 /*
653 * Free a device structure, all reports, and all fields.
654 */
655
hid_device_release(struct device * dev)656 static void hid_device_release(struct device *dev)
657 {
658 struct hid_device *hid = to_hid_device(dev);
659
660 hid_close_report(hid);
661 kfree(hid->dev_rdesc);
662 kfree(hid);
663 }
664
665 /*
666 * Fetch a report description item from the data stream. We support long
667 * items, though they are not used yet.
668 */
669
fetch_item(__u8 * start,__u8 * end,struct hid_item * item)670 static u8 *fetch_item(__u8 *start, __u8 *end, struct hid_item *item)
671 {
672 u8 b;
673
674 if ((end - start) <= 0)
675 return NULL;
676
677 b = *start++;
678
679 item->type = (b >> 2) & 3;
680 item->tag = (b >> 4) & 15;
681
682 if (item->tag == HID_ITEM_TAG_LONG) {
683
684 item->format = HID_ITEM_FORMAT_LONG;
685
686 if ((end - start) < 2)
687 return NULL;
688
689 item->size = *start++;
690 item->tag = *start++;
691
692 if ((end - start) < item->size)
693 return NULL;
694
695 item->data.longdata = start;
696 start += item->size;
697 return start;
698 }
699
700 item->format = HID_ITEM_FORMAT_SHORT;
701 item->size = b & 3;
702
703 switch (item->size) {
704 case 0:
705 return start;
706
707 case 1:
708 if ((end - start) < 1)
709 return NULL;
710 item->data.u8 = *start++;
711 return start;
712
713 case 2:
714 if ((end - start) < 2)
715 return NULL;
716 item->data.u16 = get_unaligned_le16(start);
717 start = (__u8 *)((__le16 *)start + 1);
718 return start;
719
720 case 3:
721 item->size++;
722 if ((end - start) < 4)
723 return NULL;
724 item->data.u32 = get_unaligned_le32(start);
725 start = (__u8 *)((__le32 *)start + 1);
726 return start;
727 }
728
729 return NULL;
730 }
731
hid_scan_input_usage(struct hid_parser * parser,u32 usage)732 static void hid_scan_input_usage(struct hid_parser *parser, u32 usage)
733 {
734 struct hid_device *hid = parser->device;
735
736 if (usage == HID_DG_CONTACTID)
737 hid->group = HID_GROUP_MULTITOUCH;
738 }
739
hid_scan_feature_usage(struct hid_parser * parser,u32 usage)740 static void hid_scan_feature_usage(struct hid_parser *parser, u32 usage)
741 {
742 if (usage == 0xff0000c5 && parser->global.report_count == 256 &&
743 parser->global.report_size == 8)
744 parser->scan_flags |= HID_SCAN_FLAG_MT_WIN_8;
745 }
746
hid_scan_collection(struct hid_parser * parser,unsigned type)747 static void hid_scan_collection(struct hid_parser *parser, unsigned type)
748 {
749 struct hid_device *hid = parser->device;
750 int i;
751
752 if (((parser->global.usage_page << 16) == HID_UP_SENSOR) &&
753 type == HID_COLLECTION_PHYSICAL)
754 hid->group = HID_GROUP_SENSOR_HUB;
755
756 if (hid->vendor == USB_VENDOR_ID_MICROSOFT &&
757 hid->product == USB_DEVICE_ID_MS_POWER_COVER &&
758 hid->group == HID_GROUP_MULTITOUCH)
759 hid->group = HID_GROUP_GENERIC;
760
761 if ((parser->global.usage_page << 16) == HID_UP_GENDESK)
762 for (i = 0; i < parser->local.usage_index; i++)
763 if (parser->local.usage[i] == HID_GD_POINTER)
764 parser->scan_flags |= HID_SCAN_FLAG_GD_POINTER;
765
766 if ((parser->global.usage_page << 16) >= HID_UP_MSVENDOR)
767 parser->scan_flags |= HID_SCAN_FLAG_VENDOR_SPECIFIC;
768 }
769
hid_scan_main(struct hid_parser * parser,struct hid_item * item)770 static int hid_scan_main(struct hid_parser *parser, struct hid_item *item)
771 {
772 __u32 data;
773 int i;
774
775 hid_concatenate_usage_page(parser);
776
777 data = item_udata(item);
778
779 switch (item->tag) {
780 case HID_MAIN_ITEM_TAG_BEGIN_COLLECTION:
781 hid_scan_collection(parser, data & 0xff);
782 break;
783 case HID_MAIN_ITEM_TAG_END_COLLECTION:
784 break;
785 case HID_MAIN_ITEM_TAG_INPUT:
786 /* ignore constant inputs, they will be ignored by hid-input */
787 if (data & HID_MAIN_ITEM_CONSTANT)
788 break;
789 for (i = 0; i < parser->local.usage_index; i++)
790 hid_scan_input_usage(parser, parser->local.usage[i]);
791 break;
792 case HID_MAIN_ITEM_TAG_OUTPUT:
793 break;
794 case HID_MAIN_ITEM_TAG_FEATURE:
795 for (i = 0; i < parser->local.usage_index; i++)
796 hid_scan_feature_usage(parser, parser->local.usage[i]);
797 break;
798 }
799
800 /* Reset the local parser environment */
801 memset(&parser->local, 0, sizeof(parser->local));
802
803 return 0;
804 }
805
806 /*
807 * Scan a report descriptor before the device is added to the bus.
808 * Sets device groups and other properties that determine what driver
809 * to load.
810 */
hid_scan_report(struct hid_device * hid)811 static int hid_scan_report(struct hid_device *hid)
812 {
813 struct hid_parser *parser;
814 struct hid_item item;
815 __u8 *start = hid->dev_rdesc;
816 __u8 *end = start + hid->dev_rsize;
817 static int (*dispatch_type[])(struct hid_parser *parser,
818 struct hid_item *item) = {
819 hid_scan_main,
820 hid_parser_global,
821 hid_parser_local,
822 hid_parser_reserved
823 };
824
825 parser = vzalloc(sizeof(struct hid_parser));
826 if (!parser)
827 return -ENOMEM;
828
829 parser->device = hid;
830 hid->group = HID_GROUP_GENERIC;
831
832 /*
833 * The parsing is simpler than the one in hid_open_report() as we should
834 * be robust against hid errors. Those errors will be raised by
835 * hid_open_report() anyway.
836 */
837 while ((start = fetch_item(start, end, &item)) != NULL)
838 dispatch_type[item.type](parser, &item);
839
840 /*
841 * Handle special flags set during scanning.
842 */
843 if ((parser->scan_flags & HID_SCAN_FLAG_MT_WIN_8) &&
844 (hid->group == HID_GROUP_MULTITOUCH))
845 hid->group = HID_GROUP_MULTITOUCH_WIN_8;
846
847 /*
848 * Vendor specific handlings
849 */
850 switch (hid->vendor) {
851 case USB_VENDOR_ID_WACOM:
852 hid->group = HID_GROUP_WACOM;
853 break;
854 case USB_VENDOR_ID_SYNAPTICS:
855 if (hid->group == HID_GROUP_GENERIC)
856 if ((parser->scan_flags & HID_SCAN_FLAG_VENDOR_SPECIFIC)
857 && (parser->scan_flags & HID_SCAN_FLAG_GD_POINTER))
858 /*
859 * hid-rmi should take care of them,
860 * not hid-generic
861 */
862 hid->group = HID_GROUP_RMI;
863 break;
864 }
865
866 kfree(parser->collection_stack);
867 vfree(parser);
868 return 0;
869 }
870
871 /**
872 * hid_parse_report - parse device report
873 *
874 * @device: hid device
875 * @start: report start
876 * @size: report size
877 *
878 * Allocate the device report as read by the bus driver. This function should
879 * only be called from parse() in ll drivers.
880 */
hid_parse_report(struct hid_device * hid,__u8 * start,unsigned size)881 int hid_parse_report(struct hid_device *hid, __u8 *start, unsigned size)
882 {
883 hid->dev_rdesc = kmemdup(start, size, GFP_KERNEL);
884 if (!hid->dev_rdesc)
885 return -ENOMEM;
886 hid->dev_rsize = size;
887 return 0;
888 }
889 EXPORT_SYMBOL_GPL(hid_parse_report);
890
891 static const char * const hid_report_names[] = {
892 "HID_INPUT_REPORT",
893 "HID_OUTPUT_REPORT",
894 "HID_FEATURE_REPORT",
895 };
896 /**
897 * hid_validate_values - validate existing device report's value indexes
898 *
899 * @device: hid device
900 * @type: which report type to examine
901 * @id: which report ID to examine (0 for first)
902 * @field_index: which report field to examine
903 * @report_counts: expected number of values
904 *
905 * Validate the number of values in a given field of a given report, after
906 * parsing.
907 */
hid_validate_values(struct hid_device * hid,unsigned int type,unsigned int id,unsigned int field_index,unsigned int report_counts)908 struct hid_report *hid_validate_values(struct hid_device *hid,
909 unsigned int type, unsigned int id,
910 unsigned int field_index,
911 unsigned int report_counts)
912 {
913 struct hid_report *report;
914
915 if (type > HID_FEATURE_REPORT) {
916 hid_err(hid, "invalid HID report type %u\n", type);
917 return NULL;
918 }
919
920 if (id >= HID_MAX_IDS) {
921 hid_err(hid, "invalid HID report id %u\n", id);
922 return NULL;
923 }
924
925 /*
926 * Explicitly not using hid_get_report() here since it depends on
927 * ->numbered being checked, which may not always be the case when
928 * drivers go to access report values.
929 */
930 if (id == 0) {
931 /*
932 * Validating on id 0 means we should examine the first
933 * report in the list.
934 */
935 report = list_entry(
936 hid->report_enum[type].report_list.next,
937 struct hid_report, list);
938 } else {
939 report = hid->report_enum[type].report_id_hash[id];
940 }
941 if (!report) {
942 hid_err(hid, "missing %s %u\n", hid_report_names[type], id);
943 return NULL;
944 }
945 if (report->maxfield <= field_index) {
946 hid_err(hid, "not enough fields in %s %u\n",
947 hid_report_names[type], id);
948 return NULL;
949 }
950 if (report->field[field_index]->report_count < report_counts) {
951 hid_err(hid, "not enough values in %s %u field %u\n",
952 hid_report_names[type], id, field_index);
953 return NULL;
954 }
955 return report;
956 }
957 EXPORT_SYMBOL_GPL(hid_validate_values);
958
hid_calculate_multiplier(struct hid_device * hid,struct hid_field * multiplier)959 static int hid_calculate_multiplier(struct hid_device *hid,
960 struct hid_field *multiplier)
961 {
962 int m;
963 __s32 v = *multiplier->value;
964 __s32 lmin = multiplier->logical_minimum;
965 __s32 lmax = multiplier->logical_maximum;
966 __s32 pmin = multiplier->physical_minimum;
967 __s32 pmax = multiplier->physical_maximum;
968
969 /*
970 * "Because OS implementations will generally divide the control's
971 * reported count by the Effective Resolution Multiplier, designers
972 * should take care not to establish a potential Effective
973 * Resolution Multiplier of zero."
974 * HID Usage Table, v1.12, Section 4.3.1, p31
975 */
976 if (lmax - lmin == 0)
977 return 1;
978 /*
979 * Handling the unit exponent is left as an exercise to whoever
980 * finds a device where that exponent is not 0.
981 */
982 m = ((v - lmin)/(lmax - lmin) * (pmax - pmin) + pmin);
983 if (unlikely(multiplier->unit_exponent != 0)) {
984 hid_warn(hid,
985 "unsupported Resolution Multiplier unit exponent %d\n",
986 multiplier->unit_exponent);
987 }
988
989 /* There are no devices with an effective multiplier > 255 */
990 if (unlikely(m == 0 || m > 255 || m < -255)) {
991 hid_warn(hid, "unsupported Resolution Multiplier %d\n", m);
992 m = 1;
993 }
994
995 return m;
996 }
997
hid_apply_multiplier_to_field(struct hid_device * hid,struct hid_field * field,struct hid_collection * multiplier_collection,int effective_multiplier)998 static void hid_apply_multiplier_to_field(struct hid_device *hid,
999 struct hid_field *field,
1000 struct hid_collection *multiplier_collection,
1001 int effective_multiplier)
1002 {
1003 struct hid_collection *collection;
1004 struct hid_usage *usage;
1005 int i;
1006
1007 /*
1008 * If multiplier_collection is NULL, the multiplier applies
1009 * to all fields in the report.
1010 * Otherwise, it is the Logical Collection the multiplier applies to
1011 * but our field may be in a subcollection of that collection.
1012 */
1013 for (i = 0; i < field->maxusage; i++) {
1014 usage = &field->usage[i];
1015
1016 collection = &hid->collection[usage->collection_index];
1017 while (collection->parent_idx != -1 &&
1018 collection != multiplier_collection)
1019 collection = &hid->collection[collection->parent_idx];
1020
1021 if (collection->parent_idx != -1 ||
1022 multiplier_collection == NULL)
1023 usage->resolution_multiplier = effective_multiplier;
1024
1025 }
1026 }
1027
hid_apply_multiplier(struct hid_device * hid,struct hid_field * multiplier)1028 static void hid_apply_multiplier(struct hid_device *hid,
1029 struct hid_field *multiplier)
1030 {
1031 struct hid_report_enum *rep_enum;
1032 struct hid_report *rep;
1033 struct hid_field *field;
1034 struct hid_collection *multiplier_collection;
1035 int effective_multiplier;
1036 int i;
1037
1038 /*
1039 * "The Resolution Multiplier control must be contained in the same
1040 * Logical Collection as the control(s) to which it is to be applied.
1041 * If no Resolution Multiplier is defined, then the Resolution
1042 * Multiplier defaults to 1. If more than one control exists in a
1043 * Logical Collection, the Resolution Multiplier is associated with
1044 * all controls in the collection. If no Logical Collection is
1045 * defined, the Resolution Multiplier is associated with all
1046 * controls in the report."
1047 * HID Usage Table, v1.12, Section 4.3.1, p30
1048 *
1049 * Thus, search from the current collection upwards until we find a
1050 * logical collection. Then search all fields for that same parent
1051 * collection. Those are the fields the multiplier applies to.
1052 *
1053 * If we have more than one multiplier, it will overwrite the
1054 * applicable fields later.
1055 */
1056 multiplier_collection = &hid->collection[multiplier->usage->collection_index];
1057 while (multiplier_collection->parent_idx != -1 &&
1058 multiplier_collection->type != HID_COLLECTION_LOGICAL)
1059 multiplier_collection = &hid->collection[multiplier_collection->parent_idx];
1060
1061 effective_multiplier = hid_calculate_multiplier(hid, multiplier);
1062
1063 rep_enum = &hid->report_enum[HID_INPUT_REPORT];
1064 list_for_each_entry(rep, &rep_enum->report_list, list) {
1065 for (i = 0; i < rep->maxfield; i++) {
1066 field = rep->field[i];
1067 hid_apply_multiplier_to_field(hid, field,
1068 multiplier_collection,
1069 effective_multiplier);
1070 }
1071 }
1072 }
1073
1074 /*
1075 * hid_setup_resolution_multiplier - set up all resolution multipliers
1076 *
1077 * @device: hid device
1078 *
1079 * Search for all Resolution Multiplier Feature Reports and apply their
1080 * value to all matching Input items. This only updates the internal struct
1081 * fields.
1082 *
1083 * The Resolution Multiplier is applied by the hardware. If the multiplier
1084 * is anything other than 1, the hardware will send pre-multiplied events
1085 * so that the same physical interaction generates an accumulated
1086 * accumulated_value = value * * multiplier
1087 * This may be achieved by sending
1088 * - "value * multiplier" for each event, or
1089 * - "value" but "multiplier" times as frequently, or
1090 * - a combination of the above
1091 * The only guarantee is that the same physical interaction always generates
1092 * an accumulated 'value * multiplier'.
1093 *
1094 * This function must be called before any event processing and after
1095 * any SetRequest to the Resolution Multiplier.
1096 */
hid_setup_resolution_multiplier(struct hid_device * hid)1097 void hid_setup_resolution_multiplier(struct hid_device *hid)
1098 {
1099 struct hid_report_enum *rep_enum;
1100 struct hid_report *rep;
1101 struct hid_usage *usage;
1102 int i, j;
1103
1104 rep_enum = &hid->report_enum[HID_FEATURE_REPORT];
1105 list_for_each_entry(rep, &rep_enum->report_list, list) {
1106 for (i = 0; i < rep->maxfield; i++) {
1107 /* Ignore if report count is out of bounds. */
1108 if (rep->field[i]->report_count < 1)
1109 continue;
1110
1111 for (j = 0; j < rep->field[i]->maxusage; j++) {
1112 usage = &rep->field[i]->usage[j];
1113 if (usage->hid == HID_GD_RESOLUTION_MULTIPLIER)
1114 hid_apply_multiplier(hid,
1115 rep->field[i]);
1116 }
1117 }
1118 }
1119 }
1120 EXPORT_SYMBOL_GPL(hid_setup_resolution_multiplier);
1121
1122 /**
1123 * hid_open_report - open a driver-specific device report
1124 *
1125 * @device: hid device
1126 *
1127 * Parse a report description into a hid_device structure. Reports are
1128 * enumerated, fields are attached to these reports.
1129 * 0 returned on success, otherwise nonzero error value.
1130 *
1131 * This function (or the equivalent hid_parse() macro) should only be
1132 * called from probe() in drivers, before starting the device.
1133 */
hid_open_report(struct hid_device * device)1134 int hid_open_report(struct hid_device *device)
1135 {
1136 struct hid_parser *parser;
1137 struct hid_item item;
1138 unsigned int size;
1139 __u8 *start;
1140 __u8 *buf;
1141 __u8 *end;
1142 __u8 *next;
1143 int ret;
1144 static int (*dispatch_type[])(struct hid_parser *parser,
1145 struct hid_item *item) = {
1146 hid_parser_main,
1147 hid_parser_global,
1148 hid_parser_local,
1149 hid_parser_reserved
1150 };
1151
1152 if (WARN_ON(device->status & HID_STAT_PARSED))
1153 return -EBUSY;
1154
1155 start = device->dev_rdesc;
1156 if (WARN_ON(!start))
1157 return -ENODEV;
1158 size = device->dev_rsize;
1159
1160 buf = kmemdup(start, size, GFP_KERNEL);
1161 if (buf == NULL)
1162 return -ENOMEM;
1163
1164 if (device->driver->report_fixup)
1165 start = device->driver->report_fixup(device, buf, &size);
1166 else
1167 start = buf;
1168
1169 start = kmemdup(start, size, GFP_KERNEL);
1170 kfree(buf);
1171 if (start == NULL)
1172 return -ENOMEM;
1173
1174 device->rdesc = start;
1175 device->rsize = size;
1176
1177 parser = vzalloc(sizeof(struct hid_parser));
1178 if (!parser) {
1179 ret = -ENOMEM;
1180 goto alloc_err;
1181 }
1182
1183 parser->device = device;
1184
1185 end = start + size;
1186
1187 device->collection = kcalloc(HID_DEFAULT_NUM_COLLECTIONS,
1188 sizeof(struct hid_collection), GFP_KERNEL);
1189 if (!device->collection) {
1190 ret = -ENOMEM;
1191 goto err;
1192 }
1193 device->collection_size = HID_DEFAULT_NUM_COLLECTIONS;
1194
1195 ret = -EINVAL;
1196 while ((next = fetch_item(start, end, &item)) != NULL) {
1197 start = next;
1198
1199 if (item.format != HID_ITEM_FORMAT_SHORT) {
1200 hid_err(device, "unexpected long global item\n");
1201 goto err;
1202 }
1203
1204 if (dispatch_type[item.type](parser, &item)) {
1205 hid_err(device, "item %u %u %u %u parsing failed\n",
1206 item.format, (unsigned)item.size,
1207 (unsigned)item.type, (unsigned)item.tag);
1208 goto err;
1209 }
1210
1211 if (start == end) {
1212 if (parser->collection_stack_ptr) {
1213 hid_err(device, "unbalanced collection at end of report description\n");
1214 goto err;
1215 }
1216 if (parser->local.delimiter_depth) {
1217 hid_err(device, "unbalanced delimiter at end of report description\n");
1218 goto err;
1219 }
1220
1221 /*
1222 * fetch initial values in case the device's
1223 * default multiplier isn't the recommended 1
1224 */
1225 hid_setup_resolution_multiplier(device);
1226
1227 kfree(parser->collection_stack);
1228 vfree(parser);
1229 device->status |= HID_STAT_PARSED;
1230
1231 return 0;
1232 }
1233 }
1234
1235 hid_err(device, "item fetching failed at offset %u/%u\n",
1236 size - (unsigned int)(end - start), size);
1237 err:
1238 kfree(parser->collection_stack);
1239 alloc_err:
1240 vfree(parser);
1241 hid_close_report(device);
1242 return ret;
1243 }
1244 EXPORT_SYMBOL_GPL(hid_open_report);
1245
1246 /*
1247 * Convert a signed n-bit integer to signed 32-bit integer. Common
1248 * cases are done through the compiler, the screwed things has to be
1249 * done by hand.
1250 */
1251
snto32(__u32 value,unsigned n)1252 static s32 snto32(__u32 value, unsigned n)
1253 {
1254 switch (n) {
1255 case 8: return ((__s8)value);
1256 case 16: return ((__s16)value);
1257 case 32: return ((__s32)value);
1258 }
1259 return value & (1 << (n - 1)) ? value | (~0U << n) : value;
1260 }
1261
hid_snto32(__u32 value,unsigned n)1262 s32 hid_snto32(__u32 value, unsigned n)
1263 {
1264 return snto32(value, n);
1265 }
1266 EXPORT_SYMBOL_GPL(hid_snto32);
1267
1268 /*
1269 * Convert a signed 32-bit integer to a signed n-bit integer.
1270 */
1271
s32ton(__s32 value,unsigned n)1272 static u32 s32ton(__s32 value, unsigned n)
1273 {
1274 s32 a = value >> (n - 1);
1275 if (a && a != -1)
1276 return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
1277 return value & ((1 << n) - 1);
1278 }
1279
1280 /*
1281 * Extract/implement a data field from/to a little endian report (bit array).
1282 *
1283 * Code sort-of follows HID spec:
1284 * http://www.usb.org/developers/hidpage/HID1_11.pdf
1285 *
1286 * While the USB HID spec allows unlimited length bit fields in "report
1287 * descriptors", most devices never use more than 16 bits.
1288 * One model of UPS is claimed to report "LINEV" as a 32-bit field.
1289 * Search linux-kernel and linux-usb-devel archives for "hid-core extract".
1290 */
1291
__extract(u8 * report,unsigned offset,int n)1292 static u32 __extract(u8 *report, unsigned offset, int n)
1293 {
1294 unsigned int idx = offset / 8;
1295 unsigned int bit_nr = 0;
1296 unsigned int bit_shift = offset % 8;
1297 int bits_to_copy = 8 - bit_shift;
1298 u32 value = 0;
1299 u32 mask = n < 32 ? (1U << n) - 1 : ~0U;
1300
1301 while (n > 0) {
1302 value |= ((u32)report[idx] >> bit_shift) << bit_nr;
1303 n -= bits_to_copy;
1304 bit_nr += bits_to_copy;
1305 bits_to_copy = 8;
1306 bit_shift = 0;
1307 idx++;
1308 }
1309
1310 return value & mask;
1311 }
1312
hid_field_extract(const struct hid_device * hid,u8 * report,unsigned offset,unsigned n)1313 u32 hid_field_extract(const struct hid_device *hid, u8 *report,
1314 unsigned offset, unsigned n)
1315 {
1316 if (n > 32) {
1317 hid_warn_once(hid, "%s() called with n (%d) > 32! (%s)\n",
1318 __func__, n, current->comm);
1319 n = 32;
1320 }
1321
1322 return __extract(report, offset, n);
1323 }
1324 EXPORT_SYMBOL_GPL(hid_field_extract);
1325
1326 /*
1327 * "implement" : set bits in a little endian bit stream.
1328 * Same concepts as "extract" (see comments above).
1329 * The data mangled in the bit stream remains in little endian
1330 * order the whole time. It make more sense to talk about
1331 * endianness of register values by considering a register
1332 * a "cached" copy of the little endian bit stream.
1333 */
1334
__implement(u8 * report,unsigned offset,int n,u32 value)1335 static void __implement(u8 *report, unsigned offset, int n, u32 value)
1336 {
1337 unsigned int idx = offset / 8;
1338 unsigned int bit_shift = offset % 8;
1339 int bits_to_set = 8 - bit_shift;
1340
1341 while (n - bits_to_set >= 0) {
1342 report[idx] &= ~(0xff << bit_shift);
1343 report[idx] |= value << bit_shift;
1344 value >>= bits_to_set;
1345 n -= bits_to_set;
1346 bits_to_set = 8;
1347 bit_shift = 0;
1348 idx++;
1349 }
1350
1351 /* last nibble */
1352 if (n) {
1353 u8 bit_mask = ((1U << n) - 1);
1354 report[idx] &= ~(bit_mask << bit_shift);
1355 report[idx] |= value << bit_shift;
1356 }
1357 }
1358
implement(const struct hid_device * hid,u8 * report,unsigned offset,unsigned n,u32 value)1359 static void implement(const struct hid_device *hid, u8 *report,
1360 unsigned offset, unsigned n, u32 value)
1361 {
1362 if (unlikely(n > 32)) {
1363 hid_warn(hid, "%s() called with n (%d) > 32! (%s)\n",
1364 __func__, n, current->comm);
1365 n = 32;
1366 } else if (n < 32) {
1367 u32 m = (1U << n) - 1;
1368
1369 if (unlikely(value > m)) {
1370 hid_warn(hid,
1371 "%s() called with too large value %d (n: %d)! (%s)\n",
1372 __func__, value, n, current->comm);
1373 WARN_ON(1);
1374 value &= m;
1375 }
1376 }
1377
1378 __implement(report, offset, n, value);
1379 }
1380
1381 /*
1382 * Search an array for a value.
1383 */
1384
search(__s32 * array,__s32 value,unsigned n)1385 static int search(__s32 *array, __s32 value, unsigned n)
1386 {
1387 while (n--) {
1388 if (*array++ == value)
1389 return 0;
1390 }
1391 return -1;
1392 }
1393
1394 /**
1395 * hid_match_report - check if driver's raw_event should be called
1396 *
1397 * @hid: hid device
1398 * @report_type: type to match against
1399 *
1400 * compare hid->driver->report_table->report_type to report->type
1401 */
hid_match_report(struct hid_device * hid,struct hid_report * report)1402 static int hid_match_report(struct hid_device *hid, struct hid_report *report)
1403 {
1404 const struct hid_report_id *id = hid->driver->report_table;
1405
1406 if (!id) /* NULL means all */
1407 return 1;
1408
1409 for (; id->report_type != HID_TERMINATOR; id++)
1410 if (id->report_type == HID_ANY_ID ||
1411 id->report_type == report->type)
1412 return 1;
1413 return 0;
1414 }
1415
1416 /**
1417 * hid_match_usage - check if driver's event should be called
1418 *
1419 * @hid: hid device
1420 * @usage: usage to match against
1421 *
1422 * compare hid->driver->usage_table->usage_{type,code} to
1423 * usage->usage_{type,code}
1424 */
hid_match_usage(struct hid_device * hid,struct hid_usage * usage)1425 static int hid_match_usage(struct hid_device *hid, struct hid_usage *usage)
1426 {
1427 const struct hid_usage_id *id = hid->driver->usage_table;
1428
1429 if (!id) /* NULL means all */
1430 return 1;
1431
1432 for (; id->usage_type != HID_ANY_ID - 1; id++)
1433 if ((id->usage_hid == HID_ANY_ID ||
1434 id->usage_hid == usage->hid) &&
1435 (id->usage_type == HID_ANY_ID ||
1436 id->usage_type == usage->type) &&
1437 (id->usage_code == HID_ANY_ID ||
1438 id->usage_code == usage->code))
1439 return 1;
1440 return 0;
1441 }
1442
hid_process_event(struct hid_device * hid,struct hid_field * field,struct hid_usage * usage,__s32 value,int interrupt)1443 static void hid_process_event(struct hid_device *hid, struct hid_field *field,
1444 struct hid_usage *usage, __s32 value, int interrupt)
1445 {
1446 struct hid_driver *hdrv = hid->driver;
1447 int ret;
1448
1449 if (!list_empty(&hid->debug_list))
1450 hid_dump_input(hid, usage, value);
1451
1452 if (hdrv && hdrv->event && hid_match_usage(hid, usage)) {
1453 ret = hdrv->event(hid, field, usage, value);
1454 if (ret != 0) {
1455 if (ret < 0)
1456 hid_err(hid, "%s's event failed with %d\n",
1457 hdrv->name, ret);
1458 return;
1459 }
1460 }
1461
1462 if (hid->claimed & HID_CLAIMED_INPUT)
1463 hidinput_hid_event(hid, field, usage, value);
1464 if (hid->claimed & HID_CLAIMED_HIDDEV && interrupt && hid->hiddev_hid_event)
1465 hid->hiddev_hid_event(hid, field, usage, value);
1466 }
1467
1468 /*
1469 * Analyse a received field, and fetch the data from it. The field
1470 * content is stored for next report processing (we do differential
1471 * reporting to the layer).
1472 */
1473
hid_input_field(struct hid_device * hid,struct hid_field * field,__u8 * data,int interrupt)1474 static void hid_input_field(struct hid_device *hid, struct hid_field *field,
1475 __u8 *data, int interrupt)
1476 {
1477 unsigned n;
1478 unsigned count = field->report_count;
1479 unsigned offset = field->report_offset;
1480 unsigned size = field->report_size;
1481 __s32 min = field->logical_minimum;
1482 __s32 max = field->logical_maximum;
1483 __s32 *value;
1484
1485 value = kmalloc_array(count, sizeof(__s32), GFP_ATOMIC);
1486 if (!value)
1487 return;
1488
1489 for (n = 0; n < count; n++) {
1490
1491 value[n] = min < 0 ?
1492 snto32(hid_field_extract(hid, data, offset + n * size,
1493 size), size) :
1494 hid_field_extract(hid, data, offset + n * size, size);
1495
1496 /* Ignore report if ErrorRollOver */
1497 if (!(field->flags & HID_MAIN_ITEM_VARIABLE) &&
1498 value[n] >= min && value[n] <= max &&
1499 value[n] - min < field->maxusage &&
1500 field->usage[value[n] - min].hid == HID_UP_KEYBOARD + 1)
1501 goto exit;
1502 }
1503
1504 for (n = 0; n < count; n++) {
1505
1506 if (HID_MAIN_ITEM_VARIABLE & field->flags) {
1507 hid_process_event(hid, field, &field->usage[n], value[n], interrupt);
1508 continue;
1509 }
1510
1511 if (field->value[n] >= min && field->value[n] <= max
1512 && field->value[n] - min < field->maxusage
1513 && field->usage[field->value[n] - min].hid
1514 && search(value, field->value[n], count))
1515 hid_process_event(hid, field, &field->usage[field->value[n] - min], 0, interrupt);
1516
1517 if (value[n] >= min && value[n] <= max
1518 && value[n] - min < field->maxusage
1519 && field->usage[value[n] - min].hid
1520 && search(field->value, value[n], count))
1521 hid_process_event(hid, field, &field->usage[value[n] - min], 1, interrupt);
1522 }
1523
1524 memcpy(field->value, value, count * sizeof(__s32));
1525 exit:
1526 kfree(value);
1527 }
1528
1529 /*
1530 * Output the field into the report.
1531 */
1532
hid_output_field(const struct hid_device * hid,struct hid_field * field,__u8 * data)1533 static void hid_output_field(const struct hid_device *hid,
1534 struct hid_field *field, __u8 *data)
1535 {
1536 unsigned count = field->report_count;
1537 unsigned offset = field->report_offset;
1538 unsigned size = field->report_size;
1539 unsigned n;
1540
1541 for (n = 0; n < count; n++) {
1542 if (field->logical_minimum < 0) /* signed values */
1543 implement(hid, data, offset + n * size, size,
1544 s32ton(field->value[n], size));
1545 else /* unsigned values */
1546 implement(hid, data, offset + n * size, size,
1547 field->value[n]);
1548 }
1549 }
1550
1551 /*
1552 * Create a report. 'data' has to be allocated using
1553 * hid_alloc_report_buf() so that it has proper size.
1554 */
1555
hid_output_report(struct hid_report * report,__u8 * data)1556 void hid_output_report(struct hid_report *report, __u8 *data)
1557 {
1558 unsigned n;
1559
1560 if (report->id > 0)
1561 *data++ = report->id;
1562
1563 memset(data, 0, ((report->size - 1) >> 3) + 1);
1564 for (n = 0; n < report->maxfield; n++)
1565 hid_output_field(report->device, report->field[n], data);
1566 }
1567 EXPORT_SYMBOL_GPL(hid_output_report);
1568
1569 /*
1570 * Allocator for buffer that is going to be passed to hid_output_report()
1571 */
hid_alloc_report_buf(struct hid_report * report,gfp_t flags)1572 u8 *hid_alloc_report_buf(struct hid_report *report, gfp_t flags)
1573 {
1574 /*
1575 * 7 extra bytes are necessary to achieve proper functionality
1576 * of implement() working on 8 byte chunks
1577 */
1578
1579 u32 len = hid_report_len(report) + 7;
1580
1581 return kmalloc(len, flags);
1582 }
1583 EXPORT_SYMBOL_GPL(hid_alloc_report_buf);
1584
1585 /*
1586 * Set a field value. The report this field belongs to has to be
1587 * created and transferred to the device, to set this value in the
1588 * device.
1589 */
1590
hid_set_field(struct hid_field * field,unsigned offset,__s32 value)1591 int hid_set_field(struct hid_field *field, unsigned offset, __s32 value)
1592 {
1593 unsigned size;
1594
1595 if (!field)
1596 return -1;
1597
1598 size = field->report_size;
1599
1600 hid_dump_input(field->report->device, field->usage + offset, value);
1601
1602 if (offset >= field->report_count) {
1603 hid_err(field->report->device, "offset (%d) exceeds report_count (%d)\n",
1604 offset, field->report_count);
1605 return -1;
1606 }
1607 if (field->logical_minimum < 0) {
1608 if (value != snto32(s32ton(value, size), size)) {
1609 hid_err(field->report->device, "value %d is out of range\n", value);
1610 return -1;
1611 }
1612 }
1613 field->value[offset] = value;
1614 return 0;
1615 }
1616 EXPORT_SYMBOL_GPL(hid_set_field);
1617
hid_get_report(struct hid_report_enum * report_enum,const u8 * data)1618 static struct hid_report *hid_get_report(struct hid_report_enum *report_enum,
1619 const u8 *data)
1620 {
1621 struct hid_report *report;
1622 unsigned int n = 0; /* Normally report number is 0 */
1623
1624 /* Device uses numbered reports, data[0] is report number */
1625 if (report_enum->numbered)
1626 n = *data;
1627
1628 report = report_enum->report_id_hash[n];
1629 if (report == NULL)
1630 dbg_hid("undefined report_id %u received\n", n);
1631
1632 return report;
1633 }
1634
1635 /*
1636 * Implement a generic .request() callback, using .raw_request()
1637 * DO NOT USE in hid drivers directly, but through hid_hw_request instead.
1638 */
__hid_request(struct hid_device * hid,struct hid_report * report,int reqtype)1639 int __hid_request(struct hid_device *hid, struct hid_report *report,
1640 int reqtype)
1641 {
1642 char *buf;
1643 int ret;
1644 u32 len;
1645
1646 buf = hid_alloc_report_buf(report, GFP_KERNEL);
1647 if (!buf)
1648 return -ENOMEM;
1649
1650 len = hid_report_len(report);
1651
1652 if (reqtype == HID_REQ_SET_REPORT)
1653 hid_output_report(report, buf);
1654
1655 ret = hid->ll_driver->raw_request(hid, report->id, buf, len,
1656 report->type, reqtype);
1657 if (ret < 0) {
1658 dbg_hid("unable to complete request: %d\n", ret);
1659 goto out;
1660 }
1661
1662 if (reqtype == HID_REQ_GET_REPORT)
1663 hid_input_report(hid, report->type, buf, ret, 0);
1664
1665 ret = 0;
1666
1667 out:
1668 kfree(buf);
1669 return ret;
1670 }
1671 EXPORT_SYMBOL_GPL(__hid_request);
1672
hid_report_raw_event(struct hid_device * hid,int type,u8 * data,u32 size,int interrupt)1673 int hid_report_raw_event(struct hid_device *hid, int type, u8 *data, u32 size,
1674 int interrupt)
1675 {
1676 struct hid_report_enum *report_enum = hid->report_enum + type;
1677 struct hid_report *report;
1678 struct hid_driver *hdrv;
1679 unsigned int a;
1680 u32 rsize, csize = size;
1681 u8 *cdata = data;
1682 int ret = 0;
1683
1684 report = hid_get_report(report_enum, data);
1685 if (!report)
1686 goto out;
1687
1688 if (report_enum->numbered) {
1689 cdata++;
1690 csize--;
1691 }
1692
1693 rsize = ((report->size - 1) >> 3) + 1;
1694
1695 if (rsize > HID_MAX_BUFFER_SIZE)
1696 rsize = HID_MAX_BUFFER_SIZE;
1697
1698 if (csize < rsize) {
1699 dbg_hid("report %d is too short, (%d < %d)\n", report->id,
1700 csize, rsize);
1701 memset(cdata + csize, 0, rsize - csize);
1702 }
1703
1704 if ((hid->claimed & HID_CLAIMED_HIDDEV) && hid->hiddev_report_event)
1705 hid->hiddev_report_event(hid, report);
1706 if (hid->claimed & HID_CLAIMED_HIDRAW) {
1707 ret = hidraw_report_event(hid, data, size);
1708 if (ret)
1709 goto out;
1710 }
1711
1712 if (hid->claimed != HID_CLAIMED_HIDRAW && report->maxfield) {
1713 for (a = 0; a < report->maxfield; a++)
1714 hid_input_field(hid, report->field[a], cdata, interrupt);
1715 hdrv = hid->driver;
1716 if (hdrv && hdrv->report)
1717 hdrv->report(hid, report);
1718 }
1719
1720 if (hid->claimed & HID_CLAIMED_INPUT)
1721 hidinput_report_event(hid, report);
1722 out:
1723 return ret;
1724 }
1725 EXPORT_SYMBOL_GPL(hid_report_raw_event);
1726
1727 /**
1728 * hid_input_report - report data from lower layer (usb, bt...)
1729 *
1730 * @hid: hid device
1731 * @type: HID report type (HID_*_REPORT)
1732 * @data: report contents
1733 * @size: size of data parameter
1734 * @interrupt: distinguish between interrupt and control transfers
1735 *
1736 * This is data entry for lower layers.
1737 */
hid_input_report(struct hid_device * hid,int type,u8 * data,u32 size,int interrupt)1738 int hid_input_report(struct hid_device *hid, int type, u8 *data, u32 size, int interrupt)
1739 {
1740 struct hid_report_enum *report_enum;
1741 struct hid_driver *hdrv;
1742 struct hid_report *report;
1743 int ret = 0;
1744
1745 if (!hid)
1746 return -ENODEV;
1747
1748 if (down_trylock(&hid->driver_input_lock))
1749 return -EBUSY;
1750
1751 if (!hid->driver) {
1752 ret = -ENODEV;
1753 goto unlock;
1754 }
1755 report_enum = hid->report_enum + type;
1756 hdrv = hid->driver;
1757
1758 if (!size) {
1759 dbg_hid("empty report\n");
1760 ret = -1;
1761 goto unlock;
1762 }
1763
1764 /* Avoid unnecessary overhead if debugfs is disabled */
1765 if (!list_empty(&hid->debug_list))
1766 hid_dump_report(hid, type, data, size);
1767
1768 report = hid_get_report(report_enum, data);
1769
1770 if (!report) {
1771 ret = -1;
1772 goto unlock;
1773 }
1774
1775 if (hdrv && hdrv->raw_event && hid_match_report(hid, report)) {
1776 ret = hdrv->raw_event(hid, report, data, size);
1777 if (ret < 0)
1778 goto unlock;
1779 }
1780
1781 ret = hid_report_raw_event(hid, type, data, size, interrupt);
1782
1783 unlock:
1784 up(&hid->driver_input_lock);
1785 return ret;
1786 }
1787 EXPORT_SYMBOL_GPL(hid_input_report);
1788
hid_match_one_id(const struct hid_device * hdev,const struct hid_device_id * id)1789 bool hid_match_one_id(const struct hid_device *hdev,
1790 const struct hid_device_id *id)
1791 {
1792 return (id->bus == HID_BUS_ANY || id->bus == hdev->bus) &&
1793 (id->group == HID_GROUP_ANY || id->group == hdev->group) &&
1794 (id->vendor == HID_ANY_ID || id->vendor == hdev->vendor) &&
1795 (id->product == HID_ANY_ID || id->product == hdev->product);
1796 }
1797
hid_match_id(const struct hid_device * hdev,const struct hid_device_id * id)1798 const struct hid_device_id *hid_match_id(const struct hid_device *hdev,
1799 const struct hid_device_id *id)
1800 {
1801 for (; id->bus; id++)
1802 if (hid_match_one_id(hdev, id))
1803 return id;
1804
1805 return NULL;
1806 }
1807
1808 static const struct hid_device_id hid_hiddev_list[] = {
1809 { HID_USB_DEVICE(USB_VENDOR_ID_MGE, USB_DEVICE_ID_MGE_UPS) },
1810 { HID_USB_DEVICE(USB_VENDOR_ID_MGE, USB_DEVICE_ID_MGE_UPS1) },
1811 { }
1812 };
1813
hid_hiddev(struct hid_device * hdev)1814 static bool hid_hiddev(struct hid_device *hdev)
1815 {
1816 return !!hid_match_id(hdev, hid_hiddev_list);
1817 }
1818
1819
1820 static ssize_t
read_report_descriptor(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)1821 read_report_descriptor(struct file *filp, struct kobject *kobj,
1822 struct bin_attribute *attr,
1823 char *buf, loff_t off, size_t count)
1824 {
1825 struct device *dev = kobj_to_dev(kobj);
1826 struct hid_device *hdev = to_hid_device(dev);
1827
1828 if (off >= hdev->rsize)
1829 return 0;
1830
1831 if (off + count > hdev->rsize)
1832 count = hdev->rsize - off;
1833
1834 memcpy(buf, hdev->rdesc + off, count);
1835
1836 return count;
1837 }
1838
1839 static ssize_t
show_country(struct device * dev,struct device_attribute * attr,char * buf)1840 show_country(struct device *dev, struct device_attribute *attr,
1841 char *buf)
1842 {
1843 struct hid_device *hdev = to_hid_device(dev);
1844
1845 return sprintf(buf, "%02x\n", hdev->country & 0xff);
1846 }
1847
1848 static struct bin_attribute dev_bin_attr_report_desc = {
1849 .attr = { .name = "report_descriptor", .mode = 0444 },
1850 .read = read_report_descriptor,
1851 .size = HID_MAX_DESCRIPTOR_SIZE,
1852 };
1853
1854 static const struct device_attribute dev_attr_country = {
1855 .attr = { .name = "country", .mode = 0444 },
1856 .show = show_country,
1857 };
1858
hid_connect(struct hid_device * hdev,unsigned int connect_mask)1859 int hid_connect(struct hid_device *hdev, unsigned int connect_mask)
1860 {
1861 static const char *types[] = { "Device", "Pointer", "Mouse", "Device",
1862 "Joystick", "Gamepad", "Keyboard", "Keypad",
1863 "Multi-Axis Controller"
1864 };
1865 const char *type, *bus;
1866 char buf[64] = "";
1867 unsigned int i;
1868 int len;
1869 int ret;
1870
1871 if (hdev->quirks & HID_QUIRK_HIDDEV_FORCE)
1872 connect_mask |= (HID_CONNECT_HIDDEV_FORCE | HID_CONNECT_HIDDEV);
1873 if (hdev->quirks & HID_QUIRK_HIDINPUT_FORCE)
1874 connect_mask |= HID_CONNECT_HIDINPUT_FORCE;
1875 if (hdev->bus != BUS_USB)
1876 connect_mask &= ~HID_CONNECT_HIDDEV;
1877 if (hid_hiddev(hdev))
1878 connect_mask |= HID_CONNECT_HIDDEV_FORCE;
1879
1880 if ((connect_mask & HID_CONNECT_HIDINPUT) && !hidinput_connect(hdev,
1881 connect_mask & HID_CONNECT_HIDINPUT_FORCE))
1882 hdev->claimed |= HID_CLAIMED_INPUT;
1883
1884 if ((connect_mask & HID_CONNECT_HIDDEV) && hdev->hiddev_connect &&
1885 !hdev->hiddev_connect(hdev,
1886 connect_mask & HID_CONNECT_HIDDEV_FORCE))
1887 hdev->claimed |= HID_CLAIMED_HIDDEV;
1888 if ((connect_mask & HID_CONNECT_HIDRAW) && !hidraw_connect(hdev))
1889 hdev->claimed |= HID_CLAIMED_HIDRAW;
1890
1891 if (connect_mask & HID_CONNECT_DRIVER)
1892 hdev->claimed |= HID_CLAIMED_DRIVER;
1893
1894 /* Drivers with the ->raw_event callback set are not required to connect
1895 * to any other listener. */
1896 if (!hdev->claimed && !hdev->driver->raw_event) {
1897 hid_err(hdev, "device has no listeners, quitting\n");
1898 return -ENODEV;
1899 }
1900
1901 if ((hdev->claimed & HID_CLAIMED_INPUT) &&
1902 (connect_mask & HID_CONNECT_FF) && hdev->ff_init)
1903 hdev->ff_init(hdev);
1904
1905 len = 0;
1906 if (hdev->claimed & HID_CLAIMED_INPUT)
1907 len += sprintf(buf + len, "input");
1908 if (hdev->claimed & HID_CLAIMED_HIDDEV)
1909 len += sprintf(buf + len, "%shiddev%d", len ? "," : "",
1910 ((struct hiddev *)hdev->hiddev)->minor);
1911 if (hdev->claimed & HID_CLAIMED_HIDRAW)
1912 len += sprintf(buf + len, "%shidraw%d", len ? "," : "",
1913 ((struct hidraw *)hdev->hidraw)->minor);
1914
1915 type = "Device";
1916 for (i = 0; i < hdev->maxcollection; i++) {
1917 struct hid_collection *col = &hdev->collection[i];
1918 if (col->type == HID_COLLECTION_APPLICATION &&
1919 (col->usage & HID_USAGE_PAGE) == HID_UP_GENDESK &&
1920 (col->usage & 0xffff) < ARRAY_SIZE(types)) {
1921 type = types[col->usage & 0xffff];
1922 break;
1923 }
1924 }
1925
1926 switch (hdev->bus) {
1927 case BUS_USB:
1928 bus = "USB";
1929 break;
1930 case BUS_BLUETOOTH:
1931 bus = "BLUETOOTH";
1932 break;
1933 case BUS_I2C:
1934 bus = "I2C";
1935 break;
1936 default:
1937 bus = "<UNKNOWN>";
1938 }
1939
1940 ret = device_create_file(&hdev->dev, &dev_attr_country);
1941 if (ret)
1942 hid_warn(hdev,
1943 "can't create sysfs country code attribute err: %d\n", ret);
1944
1945 hid_info(hdev, "%s: %s HID v%x.%02x %s [%s] on %s\n",
1946 buf, bus, hdev->version >> 8, hdev->version & 0xff,
1947 type, hdev->name, hdev->phys);
1948
1949 return 0;
1950 }
1951 EXPORT_SYMBOL_GPL(hid_connect);
1952
hid_disconnect(struct hid_device * hdev)1953 void hid_disconnect(struct hid_device *hdev)
1954 {
1955 device_remove_file(&hdev->dev, &dev_attr_country);
1956 if (hdev->claimed & HID_CLAIMED_INPUT)
1957 hidinput_disconnect(hdev);
1958 if (hdev->claimed & HID_CLAIMED_HIDDEV)
1959 hdev->hiddev_disconnect(hdev);
1960 if (hdev->claimed & HID_CLAIMED_HIDRAW)
1961 hidraw_disconnect(hdev);
1962 hdev->claimed = 0;
1963 }
1964 EXPORT_SYMBOL_GPL(hid_disconnect);
1965
1966 /**
1967 * hid_hw_start - start underlying HW
1968 * @hdev: hid device
1969 * @connect_mask: which outputs to connect, see HID_CONNECT_*
1970 *
1971 * Call this in probe function *after* hid_parse. This will setup HW
1972 * buffers and start the device (if not defeirred to device open).
1973 * hid_hw_stop must be called if this was successful.
1974 */
hid_hw_start(struct hid_device * hdev,unsigned int connect_mask)1975 int hid_hw_start(struct hid_device *hdev, unsigned int connect_mask)
1976 {
1977 int error;
1978
1979 error = hdev->ll_driver->start(hdev);
1980 if (error)
1981 return error;
1982
1983 if (connect_mask) {
1984 error = hid_connect(hdev, connect_mask);
1985 if (error) {
1986 hdev->ll_driver->stop(hdev);
1987 return error;
1988 }
1989 }
1990
1991 return 0;
1992 }
1993 EXPORT_SYMBOL_GPL(hid_hw_start);
1994
1995 /**
1996 * hid_hw_stop - stop underlying HW
1997 * @hdev: hid device
1998 *
1999 * This is usually called from remove function or from probe when something
2000 * failed and hid_hw_start was called already.
2001 */
hid_hw_stop(struct hid_device * hdev)2002 void hid_hw_stop(struct hid_device *hdev)
2003 {
2004 hid_disconnect(hdev);
2005 hdev->ll_driver->stop(hdev);
2006 }
2007 EXPORT_SYMBOL_GPL(hid_hw_stop);
2008
2009 /**
2010 * hid_hw_open - signal underlying HW to start delivering events
2011 * @hdev: hid device
2012 *
2013 * Tell underlying HW to start delivering events from the device.
2014 * This function should be called sometime after successful call
2015 * to hid_hw_start().
2016 */
hid_hw_open(struct hid_device * hdev)2017 int hid_hw_open(struct hid_device *hdev)
2018 {
2019 int ret;
2020
2021 ret = mutex_lock_killable(&hdev->ll_open_lock);
2022 if (ret)
2023 return ret;
2024
2025 if (!hdev->ll_open_count++) {
2026 ret = hdev->ll_driver->open(hdev);
2027 if (ret)
2028 hdev->ll_open_count--;
2029 }
2030
2031 mutex_unlock(&hdev->ll_open_lock);
2032 return ret;
2033 }
2034 EXPORT_SYMBOL_GPL(hid_hw_open);
2035
2036 /**
2037 * hid_hw_close - signal underlaying HW to stop delivering events
2038 *
2039 * @hdev: hid device
2040 *
2041 * This function indicates that we are not interested in the events
2042 * from this device anymore. Delivery of events may or may not stop,
2043 * depending on the number of users still outstanding.
2044 */
hid_hw_close(struct hid_device * hdev)2045 void hid_hw_close(struct hid_device *hdev)
2046 {
2047 mutex_lock(&hdev->ll_open_lock);
2048 if (!--hdev->ll_open_count)
2049 hdev->ll_driver->close(hdev);
2050 mutex_unlock(&hdev->ll_open_lock);
2051 }
2052 EXPORT_SYMBOL_GPL(hid_hw_close);
2053
2054 struct hid_dynid {
2055 struct list_head list;
2056 struct hid_device_id id;
2057 };
2058
2059 /**
2060 * store_new_id - add a new HID device ID to this driver and re-probe devices
2061 * @driver: target device driver
2062 * @buf: buffer for scanning device ID data
2063 * @count: input size
2064 *
2065 * Adds a new dynamic hid device ID to this driver,
2066 * and causes the driver to probe for all devices again.
2067 */
new_id_store(struct device_driver * drv,const char * buf,size_t count)2068 static ssize_t new_id_store(struct device_driver *drv, const char *buf,
2069 size_t count)
2070 {
2071 struct hid_driver *hdrv = to_hid_driver(drv);
2072 struct hid_dynid *dynid;
2073 __u32 bus, vendor, product;
2074 unsigned long driver_data = 0;
2075 int ret;
2076
2077 ret = sscanf(buf, "%x %x %x %lx",
2078 &bus, &vendor, &product, &driver_data);
2079 if (ret < 3)
2080 return -EINVAL;
2081
2082 dynid = kzalloc(sizeof(*dynid), GFP_KERNEL);
2083 if (!dynid)
2084 return -ENOMEM;
2085
2086 dynid->id.bus = bus;
2087 dynid->id.group = HID_GROUP_ANY;
2088 dynid->id.vendor = vendor;
2089 dynid->id.product = product;
2090 dynid->id.driver_data = driver_data;
2091
2092 spin_lock(&hdrv->dyn_lock);
2093 list_add_tail(&dynid->list, &hdrv->dyn_list);
2094 spin_unlock(&hdrv->dyn_lock);
2095
2096 ret = driver_attach(&hdrv->driver);
2097
2098 return ret ? : count;
2099 }
2100 static DRIVER_ATTR_WO(new_id);
2101
2102 static struct attribute *hid_drv_attrs[] = {
2103 &driver_attr_new_id.attr,
2104 NULL,
2105 };
2106 ATTRIBUTE_GROUPS(hid_drv);
2107
hid_free_dynids(struct hid_driver * hdrv)2108 static void hid_free_dynids(struct hid_driver *hdrv)
2109 {
2110 struct hid_dynid *dynid, *n;
2111
2112 spin_lock(&hdrv->dyn_lock);
2113 list_for_each_entry_safe(dynid, n, &hdrv->dyn_list, list) {
2114 list_del(&dynid->list);
2115 kfree(dynid);
2116 }
2117 spin_unlock(&hdrv->dyn_lock);
2118 }
2119
hid_match_device(struct hid_device * hdev,struct hid_driver * hdrv)2120 const struct hid_device_id *hid_match_device(struct hid_device *hdev,
2121 struct hid_driver *hdrv)
2122 {
2123 struct hid_dynid *dynid;
2124
2125 spin_lock(&hdrv->dyn_lock);
2126 list_for_each_entry(dynid, &hdrv->dyn_list, list) {
2127 if (hid_match_one_id(hdev, &dynid->id)) {
2128 spin_unlock(&hdrv->dyn_lock);
2129 return &dynid->id;
2130 }
2131 }
2132 spin_unlock(&hdrv->dyn_lock);
2133
2134 return hid_match_id(hdev, hdrv->id_table);
2135 }
2136 EXPORT_SYMBOL_GPL(hid_match_device);
2137
hid_bus_match(struct device * dev,struct device_driver * drv)2138 static int hid_bus_match(struct device *dev, struct device_driver *drv)
2139 {
2140 struct hid_driver *hdrv = to_hid_driver(drv);
2141 struct hid_device *hdev = to_hid_device(dev);
2142
2143 return hid_match_device(hdev, hdrv) != NULL;
2144 }
2145
2146 /**
2147 * hid_compare_device_paths - check if both devices share the same path
2148 * @hdev_a: hid device
2149 * @hdev_b: hid device
2150 * @separator: char to use as separator
2151 *
2152 * Check if two devices share the same path up to the last occurrence of
2153 * the separator char. Both paths must exist (i.e., zero-length paths
2154 * don't match).
2155 */
hid_compare_device_paths(struct hid_device * hdev_a,struct hid_device * hdev_b,char separator)2156 bool hid_compare_device_paths(struct hid_device *hdev_a,
2157 struct hid_device *hdev_b, char separator)
2158 {
2159 int n1 = strrchr(hdev_a->phys, separator) - hdev_a->phys;
2160 int n2 = strrchr(hdev_b->phys, separator) - hdev_b->phys;
2161
2162 if (n1 != n2 || n1 <= 0 || n2 <= 0)
2163 return false;
2164
2165 return !strncmp(hdev_a->phys, hdev_b->phys, n1);
2166 }
2167 EXPORT_SYMBOL_GPL(hid_compare_device_paths);
2168
hid_device_probe(struct device * dev)2169 static int hid_device_probe(struct device *dev)
2170 {
2171 struct hid_driver *hdrv = to_hid_driver(dev->driver);
2172 struct hid_device *hdev = to_hid_device(dev);
2173 const struct hid_device_id *id;
2174 int ret = 0;
2175
2176 if (down_interruptible(&hdev->driver_input_lock)) {
2177 ret = -EINTR;
2178 goto end;
2179 }
2180 hdev->io_started = false;
2181
2182 clear_bit(ffs(HID_STAT_REPROBED), &hdev->status);
2183
2184 if (!hdev->driver) {
2185 id = hid_match_device(hdev, hdrv);
2186 if (id == NULL) {
2187 ret = -ENODEV;
2188 goto unlock;
2189 }
2190
2191 if (hdrv->match) {
2192 if (!hdrv->match(hdev, hid_ignore_special_drivers)) {
2193 ret = -ENODEV;
2194 goto unlock;
2195 }
2196 } else {
2197 /*
2198 * hid-generic implements .match(), so if
2199 * hid_ignore_special_drivers is set, we can safely
2200 * return.
2201 */
2202 if (hid_ignore_special_drivers) {
2203 ret = -ENODEV;
2204 goto unlock;
2205 }
2206 }
2207
2208 /* reset the quirks that has been previously set */
2209 hdev->quirks = hid_lookup_quirk(hdev);
2210 hdev->driver = hdrv;
2211 if (hdrv->probe) {
2212 ret = hdrv->probe(hdev, id);
2213 } else { /* default probe */
2214 ret = hid_open_report(hdev);
2215 if (!ret)
2216 ret = hid_hw_start(hdev, HID_CONNECT_DEFAULT);
2217 }
2218 if (ret) {
2219 hid_close_report(hdev);
2220 hdev->driver = NULL;
2221 }
2222 }
2223 unlock:
2224 if (!hdev->io_started)
2225 up(&hdev->driver_input_lock);
2226 end:
2227 return ret;
2228 }
2229
hid_device_remove(struct device * dev)2230 static int hid_device_remove(struct device *dev)
2231 {
2232 struct hid_device *hdev = to_hid_device(dev);
2233 struct hid_driver *hdrv;
2234 int ret = 0;
2235
2236 if (down_interruptible(&hdev->driver_input_lock)) {
2237 ret = -EINTR;
2238 goto end;
2239 }
2240 hdev->io_started = false;
2241
2242 hdrv = hdev->driver;
2243 if (hdrv) {
2244 if (hdrv->remove)
2245 hdrv->remove(hdev);
2246 else /* default remove */
2247 hid_hw_stop(hdev);
2248 hid_close_report(hdev);
2249 hdev->driver = NULL;
2250 }
2251
2252 if (!hdev->io_started)
2253 up(&hdev->driver_input_lock);
2254 end:
2255 return ret;
2256 }
2257
modalias_show(struct device * dev,struct device_attribute * a,char * buf)2258 static ssize_t modalias_show(struct device *dev, struct device_attribute *a,
2259 char *buf)
2260 {
2261 struct hid_device *hdev = container_of(dev, struct hid_device, dev);
2262
2263 return scnprintf(buf, PAGE_SIZE, "hid:b%04Xg%04Xv%08Xp%08X\n",
2264 hdev->bus, hdev->group, hdev->vendor, hdev->product);
2265 }
2266 static DEVICE_ATTR_RO(modalias);
2267
2268 static struct attribute *hid_dev_attrs[] = {
2269 &dev_attr_modalias.attr,
2270 NULL,
2271 };
2272 static struct bin_attribute *hid_dev_bin_attrs[] = {
2273 &dev_bin_attr_report_desc,
2274 NULL
2275 };
2276 static const struct attribute_group hid_dev_group = {
2277 .attrs = hid_dev_attrs,
2278 .bin_attrs = hid_dev_bin_attrs,
2279 };
2280 __ATTRIBUTE_GROUPS(hid_dev);
2281
hid_uevent(struct device * dev,struct kobj_uevent_env * env)2282 static int hid_uevent(struct device *dev, struct kobj_uevent_env *env)
2283 {
2284 struct hid_device *hdev = to_hid_device(dev);
2285
2286 if (add_uevent_var(env, "HID_ID=%04X:%08X:%08X",
2287 hdev->bus, hdev->vendor, hdev->product))
2288 return -ENOMEM;
2289
2290 if (add_uevent_var(env, "HID_NAME=%s", hdev->name))
2291 return -ENOMEM;
2292
2293 if (add_uevent_var(env, "HID_PHYS=%s", hdev->phys))
2294 return -ENOMEM;
2295
2296 if (add_uevent_var(env, "HID_UNIQ=%s", hdev->uniq))
2297 return -ENOMEM;
2298
2299 if (add_uevent_var(env, "MODALIAS=hid:b%04Xg%04Xv%08Xp%08X",
2300 hdev->bus, hdev->group, hdev->vendor, hdev->product))
2301 return -ENOMEM;
2302
2303 return 0;
2304 }
2305
2306 struct bus_type hid_bus_type = {
2307 .name = "hid",
2308 .dev_groups = hid_dev_groups,
2309 .drv_groups = hid_drv_groups,
2310 .match = hid_bus_match,
2311 .probe = hid_device_probe,
2312 .remove = hid_device_remove,
2313 .uevent = hid_uevent,
2314 };
2315 EXPORT_SYMBOL(hid_bus_type);
2316
hid_add_device(struct hid_device * hdev)2317 int hid_add_device(struct hid_device *hdev)
2318 {
2319 static atomic_t id = ATOMIC_INIT(0);
2320 int ret;
2321
2322 if (WARN_ON(hdev->status & HID_STAT_ADDED))
2323 return -EBUSY;
2324
2325 hdev->quirks = hid_lookup_quirk(hdev);
2326
2327 /* we need to kill them here, otherwise they will stay allocated to
2328 * wait for coming driver */
2329 if (hid_ignore(hdev))
2330 return -ENODEV;
2331
2332 /*
2333 * Check for the mandatory transport channel.
2334 */
2335 if (!hdev->ll_driver->raw_request) {
2336 hid_err(hdev, "transport driver missing .raw_request()\n");
2337 return -EINVAL;
2338 }
2339
2340 /*
2341 * Read the device report descriptor once and use as template
2342 * for the driver-specific modifications.
2343 */
2344 ret = hdev->ll_driver->parse(hdev);
2345 if (ret)
2346 return ret;
2347 if (!hdev->dev_rdesc)
2348 return -ENODEV;
2349
2350 /*
2351 * Scan generic devices for group information
2352 */
2353 if (hid_ignore_special_drivers) {
2354 hdev->group = HID_GROUP_GENERIC;
2355 } else if (!hdev->group &&
2356 !(hdev->quirks & HID_QUIRK_HAVE_SPECIAL_DRIVER)) {
2357 ret = hid_scan_report(hdev);
2358 if (ret)
2359 hid_warn(hdev, "bad device descriptor (%d)\n", ret);
2360 }
2361
2362 /* XXX hack, any other cleaner solution after the driver core
2363 * is converted to allow more than 20 bytes as the device name? */
2364 dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
2365 hdev->vendor, hdev->product, atomic_inc_return(&id));
2366
2367 hid_debug_register(hdev, dev_name(&hdev->dev));
2368 ret = device_add(&hdev->dev);
2369 if (!ret)
2370 hdev->status |= HID_STAT_ADDED;
2371 else
2372 hid_debug_unregister(hdev);
2373
2374 return ret;
2375 }
2376 EXPORT_SYMBOL_GPL(hid_add_device);
2377
2378 /**
2379 * hid_allocate_device - allocate new hid device descriptor
2380 *
2381 * Allocate and initialize hid device, so that hid_destroy_device might be
2382 * used to free it.
2383 *
2384 * New hid_device pointer is returned on success, otherwise ERR_PTR encoded
2385 * error value.
2386 */
hid_allocate_device(void)2387 struct hid_device *hid_allocate_device(void)
2388 {
2389 struct hid_device *hdev;
2390 int ret = -ENOMEM;
2391
2392 hdev = kzalloc(sizeof(*hdev), GFP_KERNEL);
2393 if (hdev == NULL)
2394 return ERR_PTR(ret);
2395
2396 device_initialize(&hdev->dev);
2397 hdev->dev.release = hid_device_release;
2398 hdev->dev.bus = &hid_bus_type;
2399 device_enable_async_suspend(&hdev->dev);
2400
2401 hid_close_report(hdev);
2402
2403 init_waitqueue_head(&hdev->debug_wait);
2404 INIT_LIST_HEAD(&hdev->debug_list);
2405 spin_lock_init(&hdev->debug_list_lock);
2406 sema_init(&hdev->driver_input_lock, 1);
2407 mutex_init(&hdev->ll_open_lock);
2408
2409 return hdev;
2410 }
2411 EXPORT_SYMBOL_GPL(hid_allocate_device);
2412
hid_remove_device(struct hid_device * hdev)2413 static void hid_remove_device(struct hid_device *hdev)
2414 {
2415 if (hdev->status & HID_STAT_ADDED) {
2416 device_del(&hdev->dev);
2417 hid_debug_unregister(hdev);
2418 hdev->status &= ~HID_STAT_ADDED;
2419 }
2420 kfree(hdev->dev_rdesc);
2421 hdev->dev_rdesc = NULL;
2422 hdev->dev_rsize = 0;
2423 }
2424
2425 /**
2426 * hid_destroy_device - free previously allocated device
2427 *
2428 * @hdev: hid device
2429 *
2430 * If you allocate hid_device through hid_allocate_device, you should ever
2431 * free by this function.
2432 */
hid_destroy_device(struct hid_device * hdev)2433 void hid_destroy_device(struct hid_device *hdev)
2434 {
2435 hid_remove_device(hdev);
2436 put_device(&hdev->dev);
2437 }
2438 EXPORT_SYMBOL_GPL(hid_destroy_device);
2439
2440
__hid_bus_reprobe_drivers(struct device * dev,void * data)2441 static int __hid_bus_reprobe_drivers(struct device *dev, void *data)
2442 {
2443 struct hid_driver *hdrv = data;
2444 struct hid_device *hdev = to_hid_device(dev);
2445
2446 if (hdev->driver == hdrv &&
2447 !hdrv->match(hdev, hid_ignore_special_drivers) &&
2448 !test_and_set_bit(ffs(HID_STAT_REPROBED), &hdev->status))
2449 return device_reprobe(dev);
2450
2451 return 0;
2452 }
2453
__hid_bus_driver_added(struct device_driver * drv,void * data)2454 static int __hid_bus_driver_added(struct device_driver *drv, void *data)
2455 {
2456 struct hid_driver *hdrv = to_hid_driver(drv);
2457
2458 if (hdrv->match) {
2459 bus_for_each_dev(&hid_bus_type, NULL, hdrv,
2460 __hid_bus_reprobe_drivers);
2461 }
2462
2463 return 0;
2464 }
2465
__bus_removed_driver(struct device_driver * drv,void * data)2466 static int __bus_removed_driver(struct device_driver *drv, void *data)
2467 {
2468 return bus_rescan_devices(&hid_bus_type);
2469 }
2470
__hid_register_driver(struct hid_driver * hdrv,struct module * owner,const char * mod_name)2471 int __hid_register_driver(struct hid_driver *hdrv, struct module *owner,
2472 const char *mod_name)
2473 {
2474 int ret;
2475
2476 hdrv->driver.name = hdrv->name;
2477 hdrv->driver.bus = &hid_bus_type;
2478 hdrv->driver.owner = owner;
2479 hdrv->driver.mod_name = mod_name;
2480
2481 INIT_LIST_HEAD(&hdrv->dyn_list);
2482 spin_lock_init(&hdrv->dyn_lock);
2483
2484 ret = driver_register(&hdrv->driver);
2485
2486 if (ret == 0)
2487 bus_for_each_drv(&hid_bus_type, NULL, NULL,
2488 __hid_bus_driver_added);
2489
2490 return ret;
2491 }
2492 EXPORT_SYMBOL_GPL(__hid_register_driver);
2493
hid_unregister_driver(struct hid_driver * hdrv)2494 void hid_unregister_driver(struct hid_driver *hdrv)
2495 {
2496 driver_unregister(&hdrv->driver);
2497 hid_free_dynids(hdrv);
2498
2499 bus_for_each_drv(&hid_bus_type, NULL, hdrv, __bus_removed_driver);
2500 }
2501 EXPORT_SYMBOL_GPL(hid_unregister_driver);
2502
hid_check_keys_pressed(struct hid_device * hid)2503 int hid_check_keys_pressed(struct hid_device *hid)
2504 {
2505 struct hid_input *hidinput;
2506 int i;
2507
2508 if (!(hid->claimed & HID_CLAIMED_INPUT))
2509 return 0;
2510
2511 list_for_each_entry(hidinput, &hid->inputs, list) {
2512 for (i = 0; i < BITS_TO_LONGS(KEY_MAX); i++)
2513 if (hidinput->input->key[i])
2514 return 1;
2515 }
2516
2517 return 0;
2518 }
2519
2520 EXPORT_SYMBOL_GPL(hid_check_keys_pressed);
2521
hid_init(void)2522 static int __init hid_init(void)
2523 {
2524 int ret;
2525
2526 if (hid_debug)
2527 pr_warn("hid_debug is now used solely for parser and driver debugging.\n"
2528 "debugfs is now used for inspecting the device (report descriptor, reports)\n");
2529
2530 ret = bus_register(&hid_bus_type);
2531 if (ret) {
2532 pr_err("can't register hid bus\n");
2533 goto err;
2534 }
2535
2536 ret = hidraw_init();
2537 if (ret)
2538 goto err_bus;
2539
2540 hid_debug_init();
2541
2542 return 0;
2543 err_bus:
2544 bus_unregister(&hid_bus_type);
2545 err:
2546 return ret;
2547 }
2548
hid_exit(void)2549 static void __exit hid_exit(void)
2550 {
2551 hid_debug_exit();
2552 hidraw_exit();
2553 bus_unregister(&hid_bus_type);
2554 hid_quirks_exit(HID_BUS_ANY);
2555 }
2556
2557 module_init(hid_init);
2558 module_exit(hid_exit);
2559
2560 MODULE_AUTHOR("Andreas Gal");
2561 MODULE_AUTHOR("Vojtech Pavlik");
2562 MODULE_AUTHOR("Jiri Kosina");
2563 MODULE_LICENSE("GPL");
2564
