1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *  HID support for Linux
4  *
5  *  Copyright (c) 1999 Andreas Gal
6  *  Copyright (c) 2000-2005 Vojtech Pavlik <vojtech@suse.cz>
7  *  Copyright (c) 2005 Michael Haboustak <mike-@cinci.rr.com> for Concept2, Inc
8  *  Copyright (c) 2006-2012 Jiri Kosina
9  */
10 
11 /*
12  */
13 
14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15 
16 #include <linux/module.h>
17 #include <linux/slab.h>
18 #include <linux/init.h>
19 #include <linux/kernel.h>
20 #include <linux/list.h>
21 #include <linux/mm.h>
22 #include <linux/spinlock.h>
23 #include <asm/unaligned.h>
24 #include <asm/byteorder.h>
25 #include <linux/input.h>
26 #include <linux/wait.h>
27 #include <linux/vmalloc.h>
28 #include <linux/sched.h>
29 #include <linux/semaphore.h>
30 
31 #include <linux/hid.h>
32 #include <linux/hiddev.h>
33 #include <linux/hid-debug.h>
34 #include <linux/hidraw.h>
35 
36 #include "hid-ids.h"
37 
38 /*
39  * Version Information
40  */
41 
42 #define DRIVER_DESC "HID core driver"
43 
44 int hid_debug = 0;
45 module_param_named(debug, hid_debug, int, 0600);
46 MODULE_PARM_DESC(debug, "toggle HID debugging messages");
47 EXPORT_SYMBOL_GPL(hid_debug);
48 
49 static int hid_ignore_special_drivers = 0;
50 module_param_named(ignore_special_drivers, hid_ignore_special_drivers, int, 0600);
51 MODULE_PARM_DESC(ignore_special_drivers, "Ignore any special drivers and handle all devices by generic driver");
52 
53 /*
54  * Register a new report for a device.
55  */
56 
hid_register_report(struct hid_device * device,unsigned int type,unsigned int id,unsigned int application)57 struct hid_report *hid_register_report(struct hid_device *device,
58 				       unsigned int type, unsigned int id,
59 				       unsigned int application)
60 {
61 	struct hid_report_enum *report_enum = device->report_enum + type;
62 	struct hid_report *report;
63 
64 	if (id >= HID_MAX_IDS)
65 		return NULL;
66 	if (report_enum->report_id_hash[id])
67 		return report_enum->report_id_hash[id];
68 
69 	report = kzalloc(sizeof(struct hid_report), GFP_KERNEL);
70 	if (!report)
71 		return NULL;
72 
73 	if (id != 0)
74 		report_enum->numbered = 1;
75 
76 	report->id = id;
77 	report->type = type;
78 	report->size = 0;
79 	report->device = device;
80 	report->application = application;
81 	report_enum->report_id_hash[id] = report;
82 
83 	list_add_tail(&report->list, &report_enum->report_list);
84 	INIT_LIST_HEAD(&report->field_entry_list);
85 
86 	return report;
87 }
88 EXPORT_SYMBOL_GPL(hid_register_report);
89 
90 /*
91  * Register a new field for this report.
92  */
93 
hid_register_field(struct hid_report * report,unsigned usages)94 static struct hid_field *hid_register_field(struct hid_report *report, unsigned usages)
95 {
96 	struct hid_field *field;
97 
98 	if (report->maxfield == HID_MAX_FIELDS) {
99 		hid_err(report->device, "too many fields in report\n");
100 		return NULL;
101 	}
102 
103 	field = kzalloc((sizeof(struct hid_field) +
104 			 usages * sizeof(struct hid_usage) +
105 			 3 * usages * sizeof(unsigned int)), GFP_KERNEL);
106 	if (!field)
107 		return NULL;
108 
109 	field->index = report->maxfield++;
110 	report->field[field->index] = field;
111 	field->usage = (struct hid_usage *)(field + 1);
112 	field->value = (s32 *)(field->usage + usages);
113 	field->new_value = (s32 *)(field->value + usages);
114 	field->usages_priorities = (s32 *)(field->new_value + usages);
115 	field->report = report;
116 
117 	return field;
118 }
119 
120 /*
121  * Open a collection. The type/usage is pushed on the stack.
122  */
123 
open_collection(struct hid_parser * parser,unsigned type)124 static int open_collection(struct hid_parser *parser, unsigned type)
125 {
126 	struct hid_collection *collection;
127 	unsigned usage;
128 	int collection_index;
129 
130 	usage = parser->local.usage[0];
131 
132 	if (parser->collection_stack_ptr == parser->collection_stack_size) {
133 		unsigned int *collection_stack;
134 		unsigned int new_size = parser->collection_stack_size +
135 					HID_COLLECTION_STACK_SIZE;
136 
137 		collection_stack = krealloc(parser->collection_stack,
138 					    new_size * sizeof(unsigned int),
139 					    GFP_KERNEL);
140 		if (!collection_stack)
141 			return -ENOMEM;
142 
143 		parser->collection_stack = collection_stack;
144 		parser->collection_stack_size = new_size;
145 	}
146 
147 	if (parser->device->maxcollection == parser->device->collection_size) {
148 		collection = kmalloc(
149 				array3_size(sizeof(struct hid_collection),
150 					    parser->device->collection_size,
151 					    2),
152 				GFP_KERNEL);
153 		if (collection == NULL) {
154 			hid_err(parser->device, "failed to reallocate collection array\n");
155 			return -ENOMEM;
156 		}
157 		memcpy(collection, parser->device->collection,
158 			sizeof(struct hid_collection) *
159 			parser->device->collection_size);
160 		memset(collection + parser->device->collection_size, 0,
161 			sizeof(struct hid_collection) *
162 			parser->device->collection_size);
163 		kfree(parser->device->collection);
164 		parser->device->collection = collection;
165 		parser->device->collection_size *= 2;
166 	}
167 
168 	parser->collection_stack[parser->collection_stack_ptr++] =
169 		parser->device->maxcollection;
170 
171 	collection_index = parser->device->maxcollection++;
172 	collection = parser->device->collection + collection_index;
173 	collection->type = type;
174 	collection->usage = usage;
175 	collection->level = parser->collection_stack_ptr - 1;
176 	collection->parent_idx = (collection->level == 0) ? -1 :
177 		parser->collection_stack[collection->level - 1];
178 
179 	if (type == HID_COLLECTION_APPLICATION)
180 		parser->device->maxapplication++;
181 
182 	return 0;
183 }
184 
185 /*
186  * Close a collection.
187  */
188 
close_collection(struct hid_parser * parser)189 static int close_collection(struct hid_parser *parser)
190 {
191 	if (!parser->collection_stack_ptr) {
192 		hid_err(parser->device, "collection stack underflow\n");
193 		return -EINVAL;
194 	}
195 	parser->collection_stack_ptr--;
196 	return 0;
197 }
198 
199 /*
200  * Climb up the stack, search for the specified collection type
201  * and return the usage.
202  */
203 
hid_lookup_collection(struct hid_parser * parser,unsigned type)204 static unsigned hid_lookup_collection(struct hid_parser *parser, unsigned type)
205 {
206 	struct hid_collection *collection = parser->device->collection;
207 	int n;
208 
209 	for (n = parser->collection_stack_ptr - 1; n >= 0; n--) {
210 		unsigned index = parser->collection_stack[n];
211 		if (collection[index].type == type)
212 			return collection[index].usage;
213 	}
214 	return 0; /* we know nothing about this usage type */
215 }
216 
217 /*
218  * Concatenate usage which defines 16 bits or less with the
219  * currently defined usage page to form a 32 bit usage
220  */
221 
complete_usage(struct hid_parser * parser,unsigned int index)222 static void complete_usage(struct hid_parser *parser, unsigned int index)
223 {
224 	parser->local.usage[index] &= 0xFFFF;
225 	parser->local.usage[index] |=
226 		(parser->global.usage_page & 0xFFFF) << 16;
227 }
228 
229 /*
230  * Add a usage to the temporary parser table.
231  */
232 
hid_add_usage(struct hid_parser * parser,unsigned usage,u8 size)233 static int hid_add_usage(struct hid_parser *parser, unsigned usage, u8 size)
234 {
235 	if (parser->local.usage_index >= HID_MAX_USAGES) {
236 		hid_err(parser->device, "usage index exceeded\n");
237 		return -1;
238 	}
239 	parser->local.usage[parser->local.usage_index] = usage;
240 
241 	/*
242 	 * If Usage item only includes usage id, concatenate it with
243 	 * currently defined usage page
244 	 */
245 	if (size <= 2)
246 		complete_usage(parser, parser->local.usage_index);
247 
248 	parser->local.usage_size[parser->local.usage_index] = size;
249 	parser->local.collection_index[parser->local.usage_index] =
250 		parser->collection_stack_ptr ?
251 		parser->collection_stack[parser->collection_stack_ptr - 1] : 0;
252 	parser->local.usage_index++;
253 	return 0;
254 }
255 
256 /*
257  * Register a new field for this report.
258  */
259 
hid_add_field(struct hid_parser * parser,unsigned report_type,unsigned flags)260 static int hid_add_field(struct hid_parser *parser, unsigned report_type, unsigned flags)
261 {
262 	struct hid_report *report;
263 	struct hid_field *field;
264 	unsigned int usages;
265 	unsigned int offset;
266 	unsigned int i;
267 	unsigned int application;
268 
269 	application = hid_lookup_collection(parser, HID_COLLECTION_APPLICATION);
270 
271 	report = hid_register_report(parser->device, report_type,
272 				     parser->global.report_id, application);
273 	if (!report) {
274 		hid_err(parser->device, "hid_register_report failed\n");
275 		return -1;
276 	}
277 
278 	/* Handle both signed and unsigned cases properly */
279 	if ((parser->global.logical_minimum < 0 &&
280 		parser->global.logical_maximum <
281 		parser->global.logical_minimum) ||
282 		(parser->global.logical_minimum >= 0 &&
283 		(__u32)parser->global.logical_maximum <
284 		(__u32)parser->global.logical_minimum)) {
285 		dbg_hid("logical range invalid 0x%x 0x%x\n",
286 			parser->global.logical_minimum,
287 			parser->global.logical_maximum);
288 		return -1;
289 	}
290 
291 	offset = report->size;
292 	report->size += parser->global.report_size * parser->global.report_count;
293 
294 	/* Total size check: Allow for possible report index byte */
295 	if (report->size > (HID_MAX_BUFFER_SIZE - 1) << 3) {
296 		hid_err(parser->device, "report is too long\n");
297 		return -1;
298 	}
299 
300 	if (!parser->local.usage_index) /* Ignore padding fields */
301 		return 0;
302 
303 	usages = max_t(unsigned, parser->local.usage_index,
304 				 parser->global.report_count);
305 
306 	field = hid_register_field(report, usages);
307 	if (!field)
308 		return 0;
309 
310 	field->physical = hid_lookup_collection(parser, HID_COLLECTION_PHYSICAL);
311 	field->logical = hid_lookup_collection(parser, HID_COLLECTION_LOGICAL);
312 	field->application = application;
313 
314 	for (i = 0; i < usages; i++) {
315 		unsigned j = i;
316 		/* Duplicate the last usage we parsed if we have excess values */
317 		if (i >= parser->local.usage_index)
318 			j = parser->local.usage_index - 1;
319 		field->usage[i].hid = parser->local.usage[j];
320 		field->usage[i].collection_index =
321 			parser->local.collection_index[j];
322 		field->usage[i].usage_index = i;
323 		field->usage[i].resolution_multiplier = 1;
324 	}
325 
326 	field->maxusage = usages;
327 	field->flags = flags;
328 	field->report_offset = offset;
329 	field->report_type = report_type;
330 	field->report_size = parser->global.report_size;
331 	field->report_count = parser->global.report_count;
332 	field->logical_minimum = parser->global.logical_minimum;
333 	field->logical_maximum = parser->global.logical_maximum;
334 	field->physical_minimum = parser->global.physical_minimum;
335 	field->physical_maximum = parser->global.physical_maximum;
336 	field->unit_exponent = parser->global.unit_exponent;
337 	field->unit = parser->global.unit;
338 
339 	return 0;
340 }
341 
342 /*
343  * Read data value from item.
344  */
345 
item_udata(struct hid_item * item)346 static u32 item_udata(struct hid_item *item)
347 {
348 	switch (item->size) {
349 	case 1: return item->data.u8;
350 	case 2: return item->data.u16;
351 	case 4: return item->data.u32;
352 	}
353 	return 0;
354 }
355 
item_sdata(struct hid_item * item)356 static s32 item_sdata(struct hid_item *item)
357 {
358 	switch (item->size) {
359 	case 1: return item->data.s8;
360 	case 2: return item->data.s16;
361 	case 4: return item->data.s32;
362 	}
363 	return 0;
364 }
365 
366 /*
367  * Process a global item.
368  */
369 
hid_parser_global(struct hid_parser * parser,struct hid_item * item)370 static int hid_parser_global(struct hid_parser *parser, struct hid_item *item)
371 {
372 	__s32 raw_value;
373 	switch (item->tag) {
374 	case HID_GLOBAL_ITEM_TAG_PUSH:
375 
376 		if (parser->global_stack_ptr == HID_GLOBAL_STACK_SIZE) {
377 			hid_err(parser->device, "global environment stack overflow\n");
378 			return -1;
379 		}
380 
381 		memcpy(parser->global_stack + parser->global_stack_ptr++,
382 			&parser->global, sizeof(struct hid_global));
383 		return 0;
384 
385 	case HID_GLOBAL_ITEM_TAG_POP:
386 
387 		if (!parser->global_stack_ptr) {
388 			hid_err(parser->device, "global environment stack underflow\n");
389 			return -1;
390 		}
391 
392 		memcpy(&parser->global, parser->global_stack +
393 			--parser->global_stack_ptr, sizeof(struct hid_global));
394 		return 0;
395 
396 	case HID_GLOBAL_ITEM_TAG_USAGE_PAGE:
397 		parser->global.usage_page = item_udata(item);
398 		return 0;
399 
400 	case HID_GLOBAL_ITEM_TAG_LOGICAL_MINIMUM:
401 		parser->global.logical_minimum = item_sdata(item);
402 		return 0;
403 
404 	case HID_GLOBAL_ITEM_TAG_LOGICAL_MAXIMUM:
405 		if (parser->global.logical_minimum < 0)
406 			parser->global.logical_maximum = item_sdata(item);
407 		else
408 			parser->global.logical_maximum = item_udata(item);
409 		return 0;
410 
411 	case HID_GLOBAL_ITEM_TAG_PHYSICAL_MINIMUM:
412 		parser->global.physical_minimum = item_sdata(item);
413 		return 0;
414 
415 	case HID_GLOBAL_ITEM_TAG_PHYSICAL_MAXIMUM:
416 		if (parser->global.physical_minimum < 0)
417 			parser->global.physical_maximum = item_sdata(item);
418 		else
419 			parser->global.physical_maximum = item_udata(item);
420 		return 0;
421 
422 	case HID_GLOBAL_ITEM_TAG_UNIT_EXPONENT:
423 		/* Many devices provide unit exponent as a two's complement
424 		 * nibble due to the common misunderstanding of HID
425 		 * specification 1.11, 6.2.2.7 Global Items. Attempt to handle
426 		 * both this and the standard encoding. */
427 		raw_value = item_sdata(item);
428 		if (!(raw_value & 0xfffffff0))
429 			parser->global.unit_exponent = hid_snto32(raw_value, 4);
430 		else
431 			parser->global.unit_exponent = raw_value;
432 		return 0;
433 
434 	case HID_GLOBAL_ITEM_TAG_UNIT:
435 		parser->global.unit = item_udata(item);
436 		return 0;
437 
438 	case HID_GLOBAL_ITEM_TAG_REPORT_SIZE:
439 		parser->global.report_size = item_udata(item);
440 		if (parser->global.report_size > 256) {
441 			hid_err(parser->device, "invalid report_size %d\n",
442 					parser->global.report_size);
443 			return -1;
444 		}
445 		return 0;
446 
447 	case HID_GLOBAL_ITEM_TAG_REPORT_COUNT:
448 		parser->global.report_count = item_udata(item);
449 		if (parser->global.report_count > HID_MAX_USAGES) {
450 			hid_err(parser->device, "invalid report_count %d\n",
451 					parser->global.report_count);
452 			return -1;
453 		}
454 		return 0;
455 
456 	case HID_GLOBAL_ITEM_TAG_REPORT_ID:
457 		parser->global.report_id = item_udata(item);
458 		if (parser->global.report_id == 0 ||
459 		    parser->global.report_id >= HID_MAX_IDS) {
460 			hid_err(parser->device, "report_id %u is invalid\n",
461 				parser->global.report_id);
462 			return -1;
463 		}
464 		return 0;
465 
466 	default:
467 		hid_err(parser->device, "unknown global tag 0x%x\n", item->tag);
468 		return -1;
469 	}
470 }
471 
472 /*
473  * Process a local item.
474  */
475 
hid_parser_local(struct hid_parser * parser,struct hid_item * item)476 static int hid_parser_local(struct hid_parser *parser, struct hid_item *item)
477 {
478 	__u32 data;
479 	unsigned n;
480 	__u32 count;
481 
482 	data = item_udata(item);
483 
484 	switch (item->tag) {
485 	case HID_LOCAL_ITEM_TAG_DELIMITER:
486 
487 		if (data) {
488 			/*
489 			 * We treat items before the first delimiter
490 			 * as global to all usage sets (branch 0).
491 			 * In the moment we process only these global
492 			 * items and the first delimiter set.
493 			 */
494 			if (parser->local.delimiter_depth != 0) {
495 				hid_err(parser->device, "nested delimiters\n");
496 				return -1;
497 			}
498 			parser->local.delimiter_depth++;
499 			parser->local.delimiter_branch++;
500 		} else {
501 			if (parser->local.delimiter_depth < 1) {
502 				hid_err(parser->device, "bogus close delimiter\n");
503 				return -1;
504 			}
505 			parser->local.delimiter_depth--;
506 		}
507 		return 0;
508 
509 	case HID_LOCAL_ITEM_TAG_USAGE:
510 
511 		if (parser->local.delimiter_branch > 1) {
512 			dbg_hid("alternative usage ignored\n");
513 			return 0;
514 		}
515 
516 		return hid_add_usage(parser, data, item->size);
517 
518 	case HID_LOCAL_ITEM_TAG_USAGE_MINIMUM:
519 
520 		if (parser->local.delimiter_branch > 1) {
521 			dbg_hid("alternative usage ignored\n");
522 			return 0;
523 		}
524 
525 		parser->local.usage_minimum = data;
526 		return 0;
527 
528 	case HID_LOCAL_ITEM_TAG_USAGE_MAXIMUM:
529 
530 		if (parser->local.delimiter_branch > 1) {
531 			dbg_hid("alternative usage ignored\n");
532 			return 0;
533 		}
534 
535 		count = data - parser->local.usage_minimum;
536 		if (count + parser->local.usage_index >= HID_MAX_USAGES) {
537 			/*
538 			 * We do not warn if the name is not set, we are
539 			 * actually pre-scanning the device.
540 			 */
541 			if (dev_name(&parser->device->dev))
542 				hid_warn(parser->device,
543 					 "ignoring exceeding usage max\n");
544 			data = HID_MAX_USAGES - parser->local.usage_index +
545 				parser->local.usage_minimum - 1;
546 			if (data <= 0) {
547 				hid_err(parser->device,
548 					"no more usage index available\n");
549 				return -1;
550 			}
551 		}
552 
553 		for (n = parser->local.usage_minimum; n <= data; n++)
554 			if (hid_add_usage(parser, n, item->size)) {
555 				dbg_hid("hid_add_usage failed\n");
556 				return -1;
557 			}
558 		return 0;
559 
560 	default:
561 
562 		dbg_hid("unknown local item tag 0x%x\n", item->tag);
563 		return 0;
564 	}
565 	return 0;
566 }
567 
568 /*
569  * Concatenate Usage Pages into Usages where relevant:
570  * As per specification, 6.2.2.8: "When the parser encounters a main item it
571  * concatenates the last declared Usage Page with a Usage to form a complete
572  * usage value."
573  */
574 
hid_concatenate_last_usage_page(struct hid_parser * parser)575 static void hid_concatenate_last_usage_page(struct hid_parser *parser)
576 {
577 	int i;
578 	unsigned int usage_page;
579 	unsigned int current_page;
580 
581 	if (!parser->local.usage_index)
582 		return;
583 
584 	usage_page = parser->global.usage_page;
585 
586 	/*
587 	 * Concatenate usage page again only if last declared Usage Page
588 	 * has not been already used in previous usages concatenation
589 	 */
590 	for (i = parser->local.usage_index - 1; i >= 0; i--) {
591 		if (parser->local.usage_size[i] > 2)
592 			/* Ignore extended usages */
593 			continue;
594 
595 		current_page = parser->local.usage[i] >> 16;
596 		if (current_page == usage_page)
597 			break;
598 
599 		complete_usage(parser, i);
600 	}
601 }
602 
603 /*
604  * Process a main item.
605  */
606 
hid_parser_main(struct hid_parser * parser,struct hid_item * item)607 static int hid_parser_main(struct hid_parser *parser, struct hid_item *item)
608 {
609 	__u32 data;
610 	int ret;
611 
612 	hid_concatenate_last_usage_page(parser);
613 
614 	data = item_udata(item);
615 
616 	switch (item->tag) {
617 	case HID_MAIN_ITEM_TAG_BEGIN_COLLECTION:
618 		ret = open_collection(parser, data & 0xff);
619 		break;
620 	case HID_MAIN_ITEM_TAG_END_COLLECTION:
621 		ret = close_collection(parser);
622 		break;
623 	case HID_MAIN_ITEM_TAG_INPUT:
624 		ret = hid_add_field(parser, HID_INPUT_REPORT, data);
625 		break;
626 	case HID_MAIN_ITEM_TAG_OUTPUT:
627 		ret = hid_add_field(parser, HID_OUTPUT_REPORT, data);
628 		break;
629 	case HID_MAIN_ITEM_TAG_FEATURE:
630 		ret = hid_add_field(parser, HID_FEATURE_REPORT, data);
631 		break;
632 	default:
633 		hid_warn(parser->device, "unknown main item tag 0x%x\n", item->tag);
634 		ret = 0;
635 	}
636 
637 	memset(&parser->local, 0, sizeof(parser->local));	/* Reset the local parser environment */
638 
639 	return ret;
640 }
641 
642 /*
643  * Process a reserved item.
644  */
645 
hid_parser_reserved(struct hid_parser * parser,struct hid_item * item)646 static int hid_parser_reserved(struct hid_parser *parser, struct hid_item *item)
647 {
648 	dbg_hid("reserved item type, tag 0x%x\n", item->tag);
649 	return 0;
650 }
651 
652 /*
653  * Free a report and all registered fields. The field->usage and
654  * field->value table's are allocated behind the field, so we need
655  * only to free(field) itself.
656  */
657 
hid_free_report(struct hid_report * report)658 static void hid_free_report(struct hid_report *report)
659 {
660 	unsigned n;
661 
662 	kfree(report->field_entries);
663 
664 	for (n = 0; n < report->maxfield; n++)
665 		kfree(report->field[n]);
666 	kfree(report);
667 }
668 
669 /*
670  * Close report. This function returns the device
671  * state to the point prior to hid_open_report().
672  */
hid_close_report(struct hid_device * device)673 static void hid_close_report(struct hid_device *device)
674 {
675 	unsigned i, j;
676 
677 	for (i = 0; i < HID_REPORT_TYPES; i++) {
678 		struct hid_report_enum *report_enum = device->report_enum + i;
679 
680 		for (j = 0; j < HID_MAX_IDS; j++) {
681 			struct hid_report *report = report_enum->report_id_hash[j];
682 			if (report)
683 				hid_free_report(report);
684 		}
685 		memset(report_enum, 0, sizeof(*report_enum));
686 		INIT_LIST_HEAD(&report_enum->report_list);
687 	}
688 
689 	kfree(device->rdesc);
690 	device->rdesc = NULL;
691 	device->rsize = 0;
692 
693 	kfree(device->collection);
694 	device->collection = NULL;
695 	device->collection_size = 0;
696 	device->maxcollection = 0;
697 	device->maxapplication = 0;
698 
699 	device->status &= ~HID_STAT_PARSED;
700 }
701 
702 /*
703  * Free a device structure, all reports, and all fields.
704  */
705 
hid_device_release(struct device * dev)706 static void hid_device_release(struct device *dev)
707 {
708 	struct hid_device *hid = to_hid_device(dev);
709 
710 	hid_close_report(hid);
711 	kfree(hid->dev_rdesc);
712 	kfree(hid);
713 }
714 
715 /*
716  * Fetch a report description item from the data stream. We support long
717  * items, though they are not used yet.
718  */
719 
fetch_item(__u8 * start,__u8 * end,struct hid_item * item)720 static u8 *fetch_item(__u8 *start, __u8 *end, struct hid_item *item)
721 {
722 	u8 b;
723 
724 	if ((end - start) <= 0)
725 		return NULL;
726 
727 	b = *start++;
728 
729 	item->type = (b >> 2) & 3;
730 	item->tag  = (b >> 4) & 15;
731 
732 	if (item->tag == HID_ITEM_TAG_LONG) {
733 
734 		item->format = HID_ITEM_FORMAT_LONG;
735 
736 		if ((end - start) < 2)
737 			return NULL;
738 
739 		item->size = *start++;
740 		item->tag  = *start++;
741 
742 		if ((end - start) < item->size)
743 			return NULL;
744 
745 		item->data.longdata = start;
746 		start += item->size;
747 		return start;
748 	}
749 
750 	item->format = HID_ITEM_FORMAT_SHORT;
751 	item->size = b & 3;
752 
753 	switch (item->size) {
754 	case 0:
755 		return start;
756 
757 	case 1:
758 		if ((end - start) < 1)
759 			return NULL;
760 		item->data.u8 = *start++;
761 		return start;
762 
763 	case 2:
764 		if ((end - start) < 2)
765 			return NULL;
766 		item->data.u16 = get_unaligned_le16(start);
767 		start = (__u8 *)((__le16 *)start + 1);
768 		return start;
769 
770 	case 3:
771 		item->size++;
772 		if ((end - start) < 4)
773 			return NULL;
774 		item->data.u32 = get_unaligned_le32(start);
775 		start = (__u8 *)((__le32 *)start + 1);
776 		return start;
777 	}
778 
779 	return NULL;
780 }
781 
hid_scan_input_usage(struct hid_parser * parser,u32 usage)782 static void hid_scan_input_usage(struct hid_parser *parser, u32 usage)
783 {
784 	struct hid_device *hid = parser->device;
785 
786 	if (usage == HID_DG_CONTACTID)
787 		hid->group = HID_GROUP_MULTITOUCH;
788 }
789 
hid_scan_feature_usage(struct hid_parser * parser,u32 usage)790 static void hid_scan_feature_usage(struct hid_parser *parser, u32 usage)
791 {
792 	if (usage == 0xff0000c5 && parser->global.report_count == 256 &&
793 	    parser->global.report_size == 8)
794 		parser->scan_flags |= HID_SCAN_FLAG_MT_WIN_8;
795 
796 	if (usage == 0xff0000c6 && parser->global.report_count == 1 &&
797 	    parser->global.report_size == 8)
798 		parser->scan_flags |= HID_SCAN_FLAG_MT_WIN_8;
799 }
800 
hid_scan_collection(struct hid_parser * parser,unsigned type)801 static void hid_scan_collection(struct hid_parser *parser, unsigned type)
802 {
803 	struct hid_device *hid = parser->device;
804 	int i;
805 
806 	if (((parser->global.usage_page << 16) == HID_UP_SENSOR) &&
807 	    type == HID_COLLECTION_PHYSICAL)
808 		hid->group = HID_GROUP_SENSOR_HUB;
809 
810 	if (hid->vendor == USB_VENDOR_ID_MICROSOFT &&
811 	    hid->product == USB_DEVICE_ID_MS_POWER_COVER &&
812 	    hid->group == HID_GROUP_MULTITOUCH)
813 		hid->group = HID_GROUP_GENERIC;
814 
815 	if ((parser->global.usage_page << 16) == HID_UP_GENDESK)
816 		for (i = 0; i < parser->local.usage_index; i++)
817 			if (parser->local.usage[i] == HID_GD_POINTER)
818 				parser->scan_flags |= HID_SCAN_FLAG_GD_POINTER;
819 
820 	if ((parser->global.usage_page << 16) >= HID_UP_MSVENDOR)
821 		parser->scan_flags |= HID_SCAN_FLAG_VENDOR_SPECIFIC;
822 
823 	if ((parser->global.usage_page << 16) == HID_UP_GOOGLEVENDOR)
824 		for (i = 0; i < parser->local.usage_index; i++)
825 			if (parser->local.usage[i] ==
826 					(HID_UP_GOOGLEVENDOR | 0x0001))
827 				parser->device->group =
828 					HID_GROUP_VIVALDI;
829 }
830 
hid_scan_main(struct hid_parser * parser,struct hid_item * item)831 static int hid_scan_main(struct hid_parser *parser, struct hid_item *item)
832 {
833 	__u32 data;
834 	int i;
835 
836 	hid_concatenate_last_usage_page(parser);
837 
838 	data = item_udata(item);
839 
840 	switch (item->tag) {
841 	case HID_MAIN_ITEM_TAG_BEGIN_COLLECTION:
842 		hid_scan_collection(parser, data & 0xff);
843 		break;
844 	case HID_MAIN_ITEM_TAG_END_COLLECTION:
845 		break;
846 	case HID_MAIN_ITEM_TAG_INPUT:
847 		/* ignore constant inputs, they will be ignored by hid-input */
848 		if (data & HID_MAIN_ITEM_CONSTANT)
849 			break;
850 		for (i = 0; i < parser->local.usage_index; i++)
851 			hid_scan_input_usage(parser, parser->local.usage[i]);
852 		break;
853 	case HID_MAIN_ITEM_TAG_OUTPUT:
854 		break;
855 	case HID_MAIN_ITEM_TAG_FEATURE:
856 		for (i = 0; i < parser->local.usage_index; i++)
857 			hid_scan_feature_usage(parser, parser->local.usage[i]);
858 		break;
859 	}
860 
861 	/* Reset the local parser environment */
862 	memset(&parser->local, 0, sizeof(parser->local));
863 
864 	return 0;
865 }
866 
867 /*
868  * Scan a report descriptor before the device is added to the bus.
869  * Sets device groups and other properties that determine what driver
870  * to load.
871  */
hid_scan_report(struct hid_device * hid)872 static int hid_scan_report(struct hid_device *hid)
873 {
874 	struct hid_parser *parser;
875 	struct hid_item item;
876 	__u8 *start = hid->dev_rdesc;
877 	__u8 *end = start + hid->dev_rsize;
878 	static int (*dispatch_type[])(struct hid_parser *parser,
879 				      struct hid_item *item) = {
880 		hid_scan_main,
881 		hid_parser_global,
882 		hid_parser_local,
883 		hid_parser_reserved
884 	};
885 
886 	parser = vzalloc(sizeof(struct hid_parser));
887 	if (!parser)
888 		return -ENOMEM;
889 
890 	parser->device = hid;
891 	hid->group = HID_GROUP_GENERIC;
892 
893 	/*
894 	 * The parsing is simpler than the one in hid_open_report() as we should
895 	 * be robust against hid errors. Those errors will be raised by
896 	 * hid_open_report() anyway.
897 	 */
898 	while ((start = fetch_item(start, end, &item)) != NULL)
899 		dispatch_type[item.type](parser, &item);
900 
901 	/*
902 	 * Handle special flags set during scanning.
903 	 */
904 	if ((parser->scan_flags & HID_SCAN_FLAG_MT_WIN_8) &&
905 	    (hid->group == HID_GROUP_MULTITOUCH))
906 		hid->group = HID_GROUP_MULTITOUCH_WIN_8;
907 
908 	/*
909 	 * Vendor specific handlings
910 	 */
911 	switch (hid->vendor) {
912 	case USB_VENDOR_ID_WACOM:
913 		hid->group = HID_GROUP_WACOM;
914 		break;
915 	case USB_VENDOR_ID_SYNAPTICS:
916 		if (hid->group == HID_GROUP_GENERIC)
917 			if ((parser->scan_flags & HID_SCAN_FLAG_VENDOR_SPECIFIC)
918 			    && (parser->scan_flags & HID_SCAN_FLAG_GD_POINTER))
919 				/*
920 				 * hid-rmi should take care of them,
921 				 * not hid-generic
922 				 */
923 				hid->group = HID_GROUP_RMI;
924 		break;
925 	}
926 
927 	kfree(parser->collection_stack);
928 	vfree(parser);
929 	return 0;
930 }
931 
932 /**
933  * hid_parse_report - parse device report
934  *
935  * @hid: hid device
936  * @start: report start
937  * @size: report size
938  *
939  * Allocate the device report as read by the bus driver. This function should
940  * only be called from parse() in ll drivers.
941  */
hid_parse_report(struct hid_device * hid,__u8 * start,unsigned size)942 int hid_parse_report(struct hid_device *hid, __u8 *start, unsigned size)
943 {
944 	hid->dev_rdesc = kmemdup(start, size, GFP_KERNEL);
945 	if (!hid->dev_rdesc)
946 		return -ENOMEM;
947 	hid->dev_rsize = size;
948 	return 0;
949 }
950 EXPORT_SYMBOL_GPL(hid_parse_report);
951 
952 static const char * const hid_report_names[] = {
953 	"HID_INPUT_REPORT",
954 	"HID_OUTPUT_REPORT",
955 	"HID_FEATURE_REPORT",
956 };
957 /**
958  * hid_validate_values - validate existing device report's value indexes
959  *
960  * @hid: hid device
961  * @type: which report type to examine
962  * @id: which report ID to examine (0 for first)
963  * @field_index: which report field to examine
964  * @report_counts: expected number of values
965  *
966  * Validate the number of values in a given field of a given report, after
967  * parsing.
968  */
hid_validate_values(struct hid_device * hid,unsigned int type,unsigned int id,unsigned int field_index,unsigned int report_counts)969 struct hid_report *hid_validate_values(struct hid_device *hid,
970 				       unsigned int type, unsigned int id,
971 				       unsigned int field_index,
972 				       unsigned int report_counts)
973 {
974 	struct hid_report *report;
975 
976 	if (type > HID_FEATURE_REPORT) {
977 		hid_err(hid, "invalid HID report type %u\n", type);
978 		return NULL;
979 	}
980 
981 	if (id >= HID_MAX_IDS) {
982 		hid_err(hid, "invalid HID report id %u\n", id);
983 		return NULL;
984 	}
985 
986 	/*
987 	 * Explicitly not using hid_get_report() here since it depends on
988 	 * ->numbered being checked, which may not always be the case when
989 	 * drivers go to access report values.
990 	 */
991 	if (id == 0) {
992 		/*
993 		 * Validating on id 0 means we should examine the first
994 		 * report in the list.
995 		 */
996 		report = list_entry(
997 				hid->report_enum[type].report_list.next,
998 				struct hid_report, list);
999 	} else {
1000 		report = hid->report_enum[type].report_id_hash[id];
1001 	}
1002 	if (!report) {
1003 		hid_err(hid, "missing %s %u\n", hid_report_names[type], id);
1004 		return NULL;
1005 	}
1006 	if (report->maxfield <= field_index) {
1007 		hid_err(hid, "not enough fields in %s %u\n",
1008 			hid_report_names[type], id);
1009 		return NULL;
1010 	}
1011 	if (report->field[field_index]->report_count < report_counts) {
1012 		hid_err(hid, "not enough values in %s %u field %u\n",
1013 			hid_report_names[type], id, field_index);
1014 		return NULL;
1015 	}
1016 	return report;
1017 }
1018 EXPORT_SYMBOL_GPL(hid_validate_values);
1019 
hid_calculate_multiplier(struct hid_device * hid,struct hid_field * multiplier)1020 static int hid_calculate_multiplier(struct hid_device *hid,
1021 				     struct hid_field *multiplier)
1022 {
1023 	int m;
1024 	__s32 v = *multiplier->value;
1025 	__s32 lmin = multiplier->logical_minimum;
1026 	__s32 lmax = multiplier->logical_maximum;
1027 	__s32 pmin = multiplier->physical_minimum;
1028 	__s32 pmax = multiplier->physical_maximum;
1029 
1030 	/*
1031 	 * "Because OS implementations will generally divide the control's
1032 	 * reported count by the Effective Resolution Multiplier, designers
1033 	 * should take care not to establish a potential Effective
1034 	 * Resolution Multiplier of zero."
1035 	 * HID Usage Table, v1.12, Section 4.3.1, p31
1036 	 */
1037 	if (lmax - lmin == 0)
1038 		return 1;
1039 	/*
1040 	 * Handling the unit exponent is left as an exercise to whoever
1041 	 * finds a device where that exponent is not 0.
1042 	 */
1043 	m = ((v - lmin)/(lmax - lmin) * (pmax - pmin) + pmin);
1044 	if (unlikely(multiplier->unit_exponent != 0)) {
1045 		hid_warn(hid,
1046 			 "unsupported Resolution Multiplier unit exponent %d\n",
1047 			 multiplier->unit_exponent);
1048 	}
1049 
1050 	/* There are no devices with an effective multiplier > 255 */
1051 	if (unlikely(m == 0 || m > 255 || m < -255)) {
1052 		hid_warn(hid, "unsupported Resolution Multiplier %d\n", m);
1053 		m = 1;
1054 	}
1055 
1056 	return m;
1057 }
1058 
hid_apply_multiplier_to_field(struct hid_device * hid,struct hid_field * field,struct hid_collection * multiplier_collection,int effective_multiplier)1059 static void hid_apply_multiplier_to_field(struct hid_device *hid,
1060 					  struct hid_field *field,
1061 					  struct hid_collection *multiplier_collection,
1062 					  int effective_multiplier)
1063 {
1064 	struct hid_collection *collection;
1065 	struct hid_usage *usage;
1066 	int i;
1067 
1068 	/*
1069 	 * If multiplier_collection is NULL, the multiplier applies
1070 	 * to all fields in the report.
1071 	 * Otherwise, it is the Logical Collection the multiplier applies to
1072 	 * but our field may be in a subcollection of that collection.
1073 	 */
1074 	for (i = 0; i < field->maxusage; i++) {
1075 		usage = &field->usage[i];
1076 
1077 		collection = &hid->collection[usage->collection_index];
1078 		while (collection->parent_idx != -1 &&
1079 		       collection != multiplier_collection)
1080 			collection = &hid->collection[collection->parent_idx];
1081 
1082 		if (collection->parent_idx != -1 ||
1083 		    multiplier_collection == NULL)
1084 			usage->resolution_multiplier = effective_multiplier;
1085 
1086 	}
1087 }
1088 
hid_apply_multiplier(struct hid_device * hid,struct hid_field * multiplier)1089 static void hid_apply_multiplier(struct hid_device *hid,
1090 				 struct hid_field *multiplier)
1091 {
1092 	struct hid_report_enum *rep_enum;
1093 	struct hid_report *rep;
1094 	struct hid_field *field;
1095 	struct hid_collection *multiplier_collection;
1096 	int effective_multiplier;
1097 	int i;
1098 
1099 	/*
1100 	 * "The Resolution Multiplier control must be contained in the same
1101 	 * Logical Collection as the control(s) to which it is to be applied.
1102 	 * If no Resolution Multiplier is defined, then the Resolution
1103 	 * Multiplier defaults to 1.  If more than one control exists in a
1104 	 * Logical Collection, the Resolution Multiplier is associated with
1105 	 * all controls in the collection. If no Logical Collection is
1106 	 * defined, the Resolution Multiplier is associated with all
1107 	 * controls in the report."
1108 	 * HID Usage Table, v1.12, Section 4.3.1, p30
1109 	 *
1110 	 * Thus, search from the current collection upwards until we find a
1111 	 * logical collection. Then search all fields for that same parent
1112 	 * collection. Those are the fields the multiplier applies to.
1113 	 *
1114 	 * If we have more than one multiplier, it will overwrite the
1115 	 * applicable fields later.
1116 	 */
1117 	multiplier_collection = &hid->collection[multiplier->usage->collection_index];
1118 	while (multiplier_collection->parent_idx != -1 &&
1119 	       multiplier_collection->type != HID_COLLECTION_LOGICAL)
1120 		multiplier_collection = &hid->collection[multiplier_collection->parent_idx];
1121 
1122 	effective_multiplier = hid_calculate_multiplier(hid, multiplier);
1123 
1124 	rep_enum = &hid->report_enum[HID_INPUT_REPORT];
1125 	list_for_each_entry(rep, &rep_enum->report_list, list) {
1126 		for (i = 0; i < rep->maxfield; i++) {
1127 			field = rep->field[i];
1128 			hid_apply_multiplier_to_field(hid, field,
1129 						      multiplier_collection,
1130 						      effective_multiplier);
1131 		}
1132 	}
1133 }
1134 
1135 /*
1136  * hid_setup_resolution_multiplier - set up all resolution multipliers
1137  *
1138  * @device: hid device
1139  *
1140  * Search for all Resolution Multiplier Feature Reports and apply their
1141  * value to all matching Input items. This only updates the internal struct
1142  * fields.
1143  *
1144  * The Resolution Multiplier is applied by the hardware. If the multiplier
1145  * is anything other than 1, the hardware will send pre-multiplied events
1146  * so that the same physical interaction generates an accumulated
1147  *	accumulated_value = value * * multiplier
1148  * This may be achieved by sending
1149  * - "value * multiplier" for each event, or
1150  * - "value" but "multiplier" times as frequently, or
1151  * - a combination of the above
1152  * The only guarantee is that the same physical interaction always generates
1153  * an accumulated 'value * multiplier'.
1154  *
1155  * This function must be called before any event processing and after
1156  * any SetRequest to the Resolution Multiplier.
1157  */
hid_setup_resolution_multiplier(struct hid_device * hid)1158 void hid_setup_resolution_multiplier(struct hid_device *hid)
1159 {
1160 	struct hid_report_enum *rep_enum;
1161 	struct hid_report *rep;
1162 	struct hid_usage *usage;
1163 	int i, j;
1164 
1165 	rep_enum = &hid->report_enum[HID_FEATURE_REPORT];
1166 	list_for_each_entry(rep, &rep_enum->report_list, list) {
1167 		for (i = 0; i < rep->maxfield; i++) {
1168 			/* Ignore if report count is out of bounds. */
1169 			if (rep->field[i]->report_count < 1)
1170 				continue;
1171 
1172 			for (j = 0; j < rep->field[i]->maxusage; j++) {
1173 				usage = &rep->field[i]->usage[j];
1174 				if (usage->hid == HID_GD_RESOLUTION_MULTIPLIER)
1175 					hid_apply_multiplier(hid,
1176 							     rep->field[i]);
1177 			}
1178 		}
1179 	}
1180 }
1181 EXPORT_SYMBOL_GPL(hid_setup_resolution_multiplier);
1182 
1183 /**
1184  * hid_open_report - open a driver-specific device report
1185  *
1186  * @device: hid device
1187  *
1188  * Parse a report description into a hid_device structure. Reports are
1189  * enumerated, fields are attached to these reports.
1190  * 0 returned on success, otherwise nonzero error value.
1191  *
1192  * This function (or the equivalent hid_parse() macro) should only be
1193  * called from probe() in drivers, before starting the device.
1194  */
hid_open_report(struct hid_device * device)1195 int hid_open_report(struct hid_device *device)
1196 {
1197 	struct hid_parser *parser;
1198 	struct hid_item item;
1199 	unsigned int size;
1200 	__u8 *start;
1201 	__u8 *buf;
1202 	__u8 *end;
1203 	__u8 *next;
1204 	int ret;
1205 	static int (*dispatch_type[])(struct hid_parser *parser,
1206 				      struct hid_item *item) = {
1207 		hid_parser_main,
1208 		hid_parser_global,
1209 		hid_parser_local,
1210 		hid_parser_reserved
1211 	};
1212 
1213 	if (WARN_ON(device->status & HID_STAT_PARSED))
1214 		return -EBUSY;
1215 
1216 	start = device->dev_rdesc;
1217 	if (WARN_ON(!start))
1218 		return -ENODEV;
1219 	size = device->dev_rsize;
1220 
1221 	buf = kmemdup(start, size, GFP_KERNEL);
1222 	if (buf == NULL)
1223 		return -ENOMEM;
1224 
1225 	if (device->driver->report_fixup)
1226 		start = device->driver->report_fixup(device, buf, &size);
1227 	else
1228 		start = buf;
1229 
1230 	start = kmemdup(start, size, GFP_KERNEL);
1231 	kfree(buf);
1232 	if (start == NULL)
1233 		return -ENOMEM;
1234 
1235 	device->rdesc = start;
1236 	device->rsize = size;
1237 
1238 	parser = vzalloc(sizeof(struct hid_parser));
1239 	if (!parser) {
1240 		ret = -ENOMEM;
1241 		goto alloc_err;
1242 	}
1243 
1244 	parser->device = device;
1245 
1246 	end = start + size;
1247 
1248 	device->collection = kcalloc(HID_DEFAULT_NUM_COLLECTIONS,
1249 				     sizeof(struct hid_collection), GFP_KERNEL);
1250 	if (!device->collection) {
1251 		ret = -ENOMEM;
1252 		goto err;
1253 	}
1254 	device->collection_size = HID_DEFAULT_NUM_COLLECTIONS;
1255 
1256 	ret = -EINVAL;
1257 	while ((next = fetch_item(start, end, &item)) != NULL) {
1258 		start = next;
1259 
1260 		if (item.format != HID_ITEM_FORMAT_SHORT) {
1261 			hid_err(device, "unexpected long global item\n");
1262 			goto err;
1263 		}
1264 
1265 		if (dispatch_type[item.type](parser, &item)) {
1266 			hid_err(device, "item %u %u %u %u parsing failed\n",
1267 				item.format, (unsigned)item.size,
1268 				(unsigned)item.type, (unsigned)item.tag);
1269 			goto err;
1270 		}
1271 
1272 		if (start == end) {
1273 			if (parser->collection_stack_ptr) {
1274 				hid_err(device, "unbalanced collection at end of report description\n");
1275 				goto err;
1276 			}
1277 			if (parser->local.delimiter_depth) {
1278 				hid_err(device, "unbalanced delimiter at end of report description\n");
1279 				goto err;
1280 			}
1281 
1282 			/*
1283 			 * fetch initial values in case the device's
1284 			 * default multiplier isn't the recommended 1
1285 			 */
1286 			hid_setup_resolution_multiplier(device);
1287 
1288 			kfree(parser->collection_stack);
1289 			vfree(parser);
1290 			device->status |= HID_STAT_PARSED;
1291 
1292 			return 0;
1293 		}
1294 	}
1295 
1296 	hid_err(device, "item fetching failed at offset %u/%u\n",
1297 		size - (unsigned int)(end - start), size);
1298 err:
1299 	kfree(parser->collection_stack);
1300 alloc_err:
1301 	vfree(parser);
1302 	hid_close_report(device);
1303 	return ret;
1304 }
1305 EXPORT_SYMBOL_GPL(hid_open_report);
1306 
1307 /*
1308  * Convert a signed n-bit integer to signed 32-bit integer. Common
1309  * cases are done through the compiler, the screwed things has to be
1310  * done by hand.
1311  */
1312 
snto32(__u32 value,unsigned n)1313 static s32 snto32(__u32 value, unsigned n)
1314 {
1315 	if (!value || !n)
1316 		return 0;
1317 
1318 	switch (n) {
1319 	case 8:  return ((__s8)value);
1320 	case 16: return ((__s16)value);
1321 	case 32: return ((__s32)value);
1322 	}
1323 	return value & (1 << (n - 1)) ? value | (~0U << n) : value;
1324 }
1325 
hid_snto32(__u32 value,unsigned n)1326 s32 hid_snto32(__u32 value, unsigned n)
1327 {
1328 	return snto32(value, n);
1329 }
1330 EXPORT_SYMBOL_GPL(hid_snto32);
1331 
1332 /*
1333  * Convert a signed 32-bit integer to a signed n-bit integer.
1334  */
1335 
s32ton(__s32 value,unsigned n)1336 static u32 s32ton(__s32 value, unsigned n)
1337 {
1338 	s32 a = value >> (n - 1);
1339 	if (a && a != -1)
1340 		return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
1341 	return value & ((1 << n) - 1);
1342 }
1343 
1344 /*
1345  * Extract/implement a data field from/to a little endian report (bit array).
1346  *
1347  * Code sort-of follows HID spec:
1348  *     http://www.usb.org/developers/hidpage/HID1_11.pdf
1349  *
1350  * While the USB HID spec allows unlimited length bit fields in "report
1351  * descriptors", most devices never use more than 16 bits.
1352  * One model of UPS is claimed to report "LINEV" as a 32-bit field.
1353  * Search linux-kernel and linux-usb-devel archives for "hid-core extract".
1354  */
1355 
__extract(u8 * report,unsigned offset,int n)1356 static u32 __extract(u8 *report, unsigned offset, int n)
1357 {
1358 	unsigned int idx = offset / 8;
1359 	unsigned int bit_nr = 0;
1360 	unsigned int bit_shift = offset % 8;
1361 	int bits_to_copy = 8 - bit_shift;
1362 	u32 value = 0;
1363 	u32 mask = n < 32 ? (1U << n) - 1 : ~0U;
1364 
1365 	while (n > 0) {
1366 		value |= ((u32)report[idx] >> bit_shift) << bit_nr;
1367 		n -= bits_to_copy;
1368 		bit_nr += bits_to_copy;
1369 		bits_to_copy = 8;
1370 		bit_shift = 0;
1371 		idx++;
1372 	}
1373 
1374 	return value & mask;
1375 }
1376 
hid_field_extract(const struct hid_device * hid,u8 * report,unsigned offset,unsigned n)1377 u32 hid_field_extract(const struct hid_device *hid, u8 *report,
1378 			unsigned offset, unsigned n)
1379 {
1380 	if (n > 32) {
1381 		hid_warn_once(hid, "%s() called with n (%d) > 32! (%s)\n",
1382 			      __func__, n, current->comm);
1383 		n = 32;
1384 	}
1385 
1386 	return __extract(report, offset, n);
1387 }
1388 EXPORT_SYMBOL_GPL(hid_field_extract);
1389 
1390 /*
1391  * "implement" : set bits in a little endian bit stream.
1392  * Same concepts as "extract" (see comments above).
1393  * The data mangled in the bit stream remains in little endian
1394  * order the whole time. It make more sense to talk about
1395  * endianness of register values by considering a register
1396  * a "cached" copy of the little endian bit stream.
1397  */
1398 
__implement(u8 * report,unsigned offset,int n,u32 value)1399 static void __implement(u8 *report, unsigned offset, int n, u32 value)
1400 {
1401 	unsigned int idx = offset / 8;
1402 	unsigned int bit_shift = offset % 8;
1403 	int bits_to_set = 8 - bit_shift;
1404 
1405 	while (n - bits_to_set >= 0) {
1406 		report[idx] &= ~(0xff << bit_shift);
1407 		report[idx] |= value << bit_shift;
1408 		value >>= bits_to_set;
1409 		n -= bits_to_set;
1410 		bits_to_set = 8;
1411 		bit_shift = 0;
1412 		idx++;
1413 	}
1414 
1415 	/* last nibble */
1416 	if (n) {
1417 		u8 bit_mask = ((1U << n) - 1);
1418 		report[idx] &= ~(bit_mask << bit_shift);
1419 		report[idx] |= value << bit_shift;
1420 	}
1421 }
1422 
implement(const struct hid_device * hid,u8 * report,unsigned offset,unsigned n,u32 value)1423 static void implement(const struct hid_device *hid, u8 *report,
1424 		      unsigned offset, unsigned n, u32 value)
1425 {
1426 	if (unlikely(n > 32)) {
1427 		hid_warn(hid, "%s() called with n (%d) > 32! (%s)\n",
1428 			 __func__, n, current->comm);
1429 		n = 32;
1430 	} else if (n < 32) {
1431 		u32 m = (1U << n) - 1;
1432 
1433 		if (unlikely(value > m)) {
1434 			hid_warn(hid,
1435 				 "%s() called with too large value %d (n: %d)! (%s)\n",
1436 				 __func__, value, n, current->comm);
1437 			WARN_ON(1);
1438 			value &= m;
1439 		}
1440 	}
1441 
1442 	__implement(report, offset, n, value);
1443 }
1444 
1445 /*
1446  * Search an array for a value.
1447  */
1448 
search(__s32 * array,__s32 value,unsigned n)1449 static int search(__s32 *array, __s32 value, unsigned n)
1450 {
1451 	while (n--) {
1452 		if (*array++ == value)
1453 			return 0;
1454 	}
1455 	return -1;
1456 }
1457 
1458 /**
1459  * hid_match_report - check if driver's raw_event should be called
1460  *
1461  * @hid: hid device
1462  * @report: hid report to match against
1463  *
1464  * compare hid->driver->report_table->report_type to report->type
1465  */
hid_match_report(struct hid_device * hid,struct hid_report * report)1466 static int hid_match_report(struct hid_device *hid, struct hid_report *report)
1467 {
1468 	const struct hid_report_id *id = hid->driver->report_table;
1469 
1470 	if (!id) /* NULL means all */
1471 		return 1;
1472 
1473 	for (; id->report_type != HID_TERMINATOR; id++)
1474 		if (id->report_type == HID_ANY_ID ||
1475 				id->report_type == report->type)
1476 			return 1;
1477 	return 0;
1478 }
1479 
1480 /**
1481  * hid_match_usage - check if driver's event should be called
1482  *
1483  * @hid: hid device
1484  * @usage: usage to match against
1485  *
1486  * compare hid->driver->usage_table->usage_{type,code} to
1487  * usage->usage_{type,code}
1488  */
hid_match_usage(struct hid_device * hid,struct hid_usage * usage)1489 static int hid_match_usage(struct hid_device *hid, struct hid_usage *usage)
1490 {
1491 	const struct hid_usage_id *id = hid->driver->usage_table;
1492 
1493 	if (!id) /* NULL means all */
1494 		return 1;
1495 
1496 	for (; id->usage_type != HID_ANY_ID - 1; id++)
1497 		if ((id->usage_hid == HID_ANY_ID ||
1498 				id->usage_hid == usage->hid) &&
1499 				(id->usage_type == HID_ANY_ID ||
1500 				id->usage_type == usage->type) &&
1501 				(id->usage_code == HID_ANY_ID ||
1502 				 id->usage_code == usage->code))
1503 			return 1;
1504 	return 0;
1505 }
1506 
hid_process_event(struct hid_device * hid,struct hid_field * field,struct hid_usage * usage,__s32 value,int interrupt)1507 static void hid_process_event(struct hid_device *hid, struct hid_field *field,
1508 		struct hid_usage *usage, __s32 value, int interrupt)
1509 {
1510 	struct hid_driver *hdrv = hid->driver;
1511 	int ret;
1512 
1513 	if (!list_empty(&hid->debug_list))
1514 		hid_dump_input(hid, usage, value);
1515 
1516 	if (hdrv && hdrv->event && hid_match_usage(hid, usage)) {
1517 		ret = hdrv->event(hid, field, usage, value);
1518 		if (ret != 0) {
1519 			if (ret < 0)
1520 				hid_err(hid, "%s's event failed with %d\n",
1521 						hdrv->name, ret);
1522 			return;
1523 		}
1524 	}
1525 
1526 	if (hid->claimed & HID_CLAIMED_INPUT)
1527 		hidinput_hid_event(hid, field, usage, value);
1528 	if (hid->claimed & HID_CLAIMED_HIDDEV && interrupt && hid->hiddev_hid_event)
1529 		hid->hiddev_hid_event(hid, field, usage, value);
1530 }
1531 
1532 /*
1533  * Checks if the given value is valid within this field
1534  */
hid_array_value_is_valid(struct hid_field * field,__s32 value)1535 static inline int hid_array_value_is_valid(struct hid_field *field,
1536 					   __s32 value)
1537 {
1538 	__s32 min = field->logical_minimum;
1539 
1540 	/*
1541 	 * Value needs to be between logical min and max, and
1542 	 * (value - min) is used as an index in the usage array.
1543 	 * This array is of size field->maxusage
1544 	 */
1545 	return value >= min &&
1546 	       value <= field->logical_maximum &&
1547 	       value - min < field->maxusage;
1548 }
1549 
1550 /*
1551  * Fetch the field from the data. The field content is stored for next
1552  * report processing (we do differential reporting to the layer).
1553  */
hid_input_fetch_field(struct hid_device * hid,struct hid_field * field,__u8 * data)1554 static void hid_input_fetch_field(struct hid_device *hid,
1555 				  struct hid_field *field,
1556 				  __u8 *data)
1557 {
1558 	unsigned n;
1559 	unsigned count = field->report_count;
1560 	unsigned offset = field->report_offset;
1561 	unsigned size = field->report_size;
1562 	__s32 min = field->logical_minimum;
1563 	__s32 *value;
1564 
1565 	value = field->new_value;
1566 	memset(value, 0, count * sizeof(__s32));
1567 	field->ignored = false;
1568 
1569 	for (n = 0; n < count; n++) {
1570 
1571 		value[n] = min < 0 ?
1572 			snto32(hid_field_extract(hid, data, offset + n * size,
1573 			       size), size) :
1574 			hid_field_extract(hid, data, offset + n * size, size);
1575 
1576 		/* Ignore report if ErrorRollOver */
1577 		if (!(field->flags & HID_MAIN_ITEM_VARIABLE) &&
1578 		    hid_array_value_is_valid(field, value[n]) &&
1579 		    field->usage[value[n] - min].hid == HID_UP_KEYBOARD + 1) {
1580 			field->ignored = true;
1581 			return;
1582 		}
1583 	}
1584 }
1585 
1586 /*
1587  * Process a received variable field.
1588  */
1589 
hid_input_var_field(struct hid_device * hid,struct hid_field * field,int interrupt)1590 static void hid_input_var_field(struct hid_device *hid,
1591 				struct hid_field *field,
1592 				int interrupt)
1593 {
1594 	unsigned int count = field->report_count;
1595 	__s32 *value = field->new_value;
1596 	unsigned int n;
1597 
1598 	for (n = 0; n < count; n++)
1599 		hid_process_event(hid,
1600 				  field,
1601 				  &field->usage[n],
1602 				  value[n],
1603 				  interrupt);
1604 
1605 	memcpy(field->value, value, count * sizeof(__s32));
1606 }
1607 
1608 /*
1609  * Process a received array field. The field content is stored for
1610  * next report processing (we do differential reporting to the layer).
1611  */
1612 
hid_input_array_field(struct hid_device * hid,struct hid_field * field,int interrupt)1613 static void hid_input_array_field(struct hid_device *hid,
1614 				  struct hid_field *field,
1615 				  int interrupt)
1616 {
1617 	unsigned int n;
1618 	unsigned int count = field->report_count;
1619 	__s32 min = field->logical_minimum;
1620 	__s32 *value;
1621 
1622 	value = field->new_value;
1623 
1624 	/* ErrorRollOver */
1625 	if (field->ignored)
1626 		return;
1627 
1628 	for (n = 0; n < count; n++) {
1629 		if (hid_array_value_is_valid(field, field->value[n]) &&
1630 		    search(value, field->value[n], count))
1631 			hid_process_event(hid,
1632 					  field,
1633 					  &field->usage[field->value[n] - min],
1634 					  0,
1635 					  interrupt);
1636 
1637 		if (hid_array_value_is_valid(field, value[n]) &&
1638 		    search(field->value, value[n], count))
1639 			hid_process_event(hid,
1640 					  field,
1641 					  &field->usage[value[n] - min],
1642 					  1,
1643 					  interrupt);
1644 	}
1645 
1646 	memcpy(field->value, value, count * sizeof(__s32));
1647 }
1648 
1649 /*
1650  * Analyse a received report, and fetch the data from it. The field
1651  * content is stored for next report processing (we do differential
1652  * reporting to the layer).
1653  */
hid_process_report(struct hid_device * hid,struct hid_report * report,__u8 * data,int interrupt)1654 static void hid_process_report(struct hid_device *hid,
1655 			       struct hid_report *report,
1656 			       __u8 *data,
1657 			       int interrupt)
1658 {
1659 	unsigned int a;
1660 	struct hid_field_entry *entry;
1661 	struct hid_field *field;
1662 
1663 	/* first retrieve all incoming values in data */
1664 	for (a = 0; a < report->maxfield; a++)
1665 		hid_input_fetch_field(hid, field = report->field[a], data);
1666 
1667 	if (!list_empty(&report->field_entry_list)) {
1668 		/* INPUT_REPORT, we have a priority list of fields */
1669 		list_for_each_entry(entry,
1670 				    &report->field_entry_list,
1671 				    list) {
1672 			field = entry->field;
1673 
1674 			if (field->flags & HID_MAIN_ITEM_VARIABLE)
1675 				hid_process_event(hid,
1676 						  field,
1677 						  &field->usage[entry->index],
1678 						  field->new_value[entry->index],
1679 						  interrupt);
1680 			else
1681 				hid_input_array_field(hid, field, interrupt);
1682 		}
1683 
1684 		/* we need to do the memcpy at the end for var items */
1685 		for (a = 0; a < report->maxfield; a++) {
1686 			field = report->field[a];
1687 
1688 			if (field->flags & HID_MAIN_ITEM_VARIABLE)
1689 				memcpy(field->value, field->new_value,
1690 				       field->report_count * sizeof(__s32));
1691 		}
1692 	} else {
1693 		/* FEATURE_REPORT, regular processing */
1694 		for (a = 0; a < report->maxfield; a++) {
1695 			field = report->field[a];
1696 
1697 			if (field->flags & HID_MAIN_ITEM_VARIABLE)
1698 				hid_input_var_field(hid, field, interrupt);
1699 			else
1700 				hid_input_array_field(hid, field, interrupt);
1701 		}
1702 	}
1703 }
1704 
1705 /*
1706  * Insert a given usage_index in a field in the list
1707  * of processed usages in the report.
1708  *
1709  * The elements of lower priority score are processed
1710  * first.
1711  */
__hid_insert_field_entry(struct hid_device * hid,struct hid_report * report,struct hid_field_entry * entry,struct hid_field * field,unsigned int usage_index)1712 static void __hid_insert_field_entry(struct hid_device *hid,
1713 				     struct hid_report *report,
1714 				     struct hid_field_entry *entry,
1715 				     struct hid_field *field,
1716 				     unsigned int usage_index)
1717 {
1718 	struct hid_field_entry *next;
1719 
1720 	entry->field = field;
1721 	entry->index = usage_index;
1722 	entry->priority = field->usages_priorities[usage_index];
1723 
1724 	/* insert the element at the correct position */
1725 	list_for_each_entry(next,
1726 			    &report->field_entry_list,
1727 			    list) {
1728 		/*
1729 		 * the priority of our element is strictly higher
1730 		 * than the next one, insert it before
1731 		 */
1732 		if (entry->priority > next->priority) {
1733 			list_add_tail(&entry->list, &next->list);
1734 			return;
1735 		}
1736 	}
1737 
1738 	/* lowest priority score: insert at the end */
1739 	list_add_tail(&entry->list, &report->field_entry_list);
1740 }
1741 
hid_report_process_ordering(struct hid_device * hid,struct hid_report * report)1742 static void hid_report_process_ordering(struct hid_device *hid,
1743 					struct hid_report *report)
1744 {
1745 	struct hid_field *field;
1746 	struct hid_field_entry *entries;
1747 	unsigned int a, u, usages;
1748 	unsigned int count = 0;
1749 
1750 	/* count the number of individual fields in the report */
1751 	for (a = 0; a < report->maxfield; a++) {
1752 		field = report->field[a];
1753 
1754 		if (field->flags & HID_MAIN_ITEM_VARIABLE)
1755 			count += field->report_count;
1756 		else
1757 			count++;
1758 	}
1759 
1760 	/* allocate the memory to process the fields */
1761 	entries = kcalloc(count, sizeof(*entries), GFP_KERNEL);
1762 	if (!entries)
1763 		return;
1764 
1765 	report->field_entries = entries;
1766 
1767 	/*
1768 	 * walk through all fields in the report and
1769 	 * store them by priority order in report->field_entry_list
1770 	 *
1771 	 * - Var elements are individualized (field + usage_index)
1772 	 * - Arrays are taken as one, we can not chose an order for them
1773 	 */
1774 	usages = 0;
1775 	for (a = 0; a < report->maxfield; a++) {
1776 		field = report->field[a];
1777 
1778 		if (field->flags & HID_MAIN_ITEM_VARIABLE) {
1779 			for (u = 0; u < field->report_count; u++) {
1780 				__hid_insert_field_entry(hid, report,
1781 							 &entries[usages],
1782 							 field, u);
1783 				usages++;
1784 			}
1785 		} else {
1786 			__hid_insert_field_entry(hid, report, &entries[usages],
1787 						 field, 0);
1788 			usages++;
1789 		}
1790 	}
1791 }
1792 
hid_process_ordering(struct hid_device * hid)1793 static void hid_process_ordering(struct hid_device *hid)
1794 {
1795 	struct hid_report *report;
1796 	struct hid_report_enum *report_enum = &hid->report_enum[HID_INPUT_REPORT];
1797 
1798 	list_for_each_entry(report, &report_enum->report_list, list)
1799 		hid_report_process_ordering(hid, report);
1800 }
1801 
1802 /*
1803  * Output the field into the report.
1804  */
1805 
hid_output_field(const struct hid_device * hid,struct hid_field * field,__u8 * data)1806 static void hid_output_field(const struct hid_device *hid,
1807 			     struct hid_field *field, __u8 *data)
1808 {
1809 	unsigned count = field->report_count;
1810 	unsigned offset = field->report_offset;
1811 	unsigned size = field->report_size;
1812 	unsigned n;
1813 
1814 	for (n = 0; n < count; n++) {
1815 		if (field->logical_minimum < 0)	/* signed values */
1816 			implement(hid, data, offset + n * size, size,
1817 				  s32ton(field->value[n], size));
1818 		else				/* unsigned values */
1819 			implement(hid, data, offset + n * size, size,
1820 				  field->value[n]);
1821 	}
1822 }
1823 
1824 /*
1825  * Compute the size of a report.
1826  */
hid_compute_report_size(struct hid_report * report)1827 static size_t hid_compute_report_size(struct hid_report *report)
1828 {
1829 	if (report->size)
1830 		return ((report->size - 1) >> 3) + 1;
1831 
1832 	return 0;
1833 }
1834 
1835 /*
1836  * Create a report. 'data' has to be allocated using
1837  * hid_alloc_report_buf() so that it has proper size.
1838  */
1839 
hid_output_report(struct hid_report * report,__u8 * data)1840 void hid_output_report(struct hid_report *report, __u8 *data)
1841 {
1842 	unsigned n;
1843 
1844 	if (report->id > 0)
1845 		*data++ = report->id;
1846 
1847 	memset(data, 0, hid_compute_report_size(report));
1848 	for (n = 0; n < report->maxfield; n++)
1849 		hid_output_field(report->device, report->field[n], data);
1850 }
1851 EXPORT_SYMBOL_GPL(hid_output_report);
1852 
1853 /*
1854  * Allocator for buffer that is going to be passed to hid_output_report()
1855  */
hid_alloc_report_buf(struct hid_report * report,gfp_t flags)1856 u8 *hid_alloc_report_buf(struct hid_report *report, gfp_t flags)
1857 {
1858 	/*
1859 	 * 7 extra bytes are necessary to achieve proper functionality
1860 	 * of implement() working on 8 byte chunks
1861 	 */
1862 
1863 	u32 len = hid_report_len(report) + 7;
1864 
1865 	return kmalloc(len, flags);
1866 }
1867 EXPORT_SYMBOL_GPL(hid_alloc_report_buf);
1868 
1869 /*
1870  * Set a field value. The report this field belongs to has to be
1871  * created and transferred to the device, to set this value in the
1872  * device.
1873  */
1874 
hid_set_field(struct hid_field * field,unsigned offset,__s32 value)1875 int hid_set_field(struct hid_field *field, unsigned offset, __s32 value)
1876 {
1877 	unsigned size;
1878 
1879 	if (!field)
1880 		return -1;
1881 
1882 	size = field->report_size;
1883 
1884 	hid_dump_input(field->report->device, field->usage + offset, value);
1885 
1886 	if (offset >= field->report_count) {
1887 		hid_err(field->report->device, "offset (%d) exceeds report_count (%d)\n",
1888 				offset, field->report_count);
1889 		return -1;
1890 	}
1891 	if (field->logical_minimum < 0) {
1892 		if (value != snto32(s32ton(value, size), size)) {
1893 			hid_err(field->report->device, "value %d is out of range\n", value);
1894 			return -1;
1895 		}
1896 	}
1897 	field->value[offset] = value;
1898 	return 0;
1899 }
1900 EXPORT_SYMBOL_GPL(hid_set_field);
1901 
hid_get_report(struct hid_report_enum * report_enum,const u8 * data)1902 static struct hid_report *hid_get_report(struct hid_report_enum *report_enum,
1903 		const u8 *data)
1904 {
1905 	struct hid_report *report;
1906 	unsigned int n = 0;	/* Normally report number is 0 */
1907 
1908 	/* Device uses numbered reports, data[0] is report number */
1909 	if (report_enum->numbered)
1910 		n = *data;
1911 
1912 	report = report_enum->report_id_hash[n];
1913 	if (report == NULL)
1914 		dbg_hid("undefined report_id %u received\n", n);
1915 
1916 	return report;
1917 }
1918 
1919 /*
1920  * Implement a generic .request() callback, using .raw_request()
1921  * DO NOT USE in hid drivers directly, but through hid_hw_request instead.
1922  */
__hid_request(struct hid_device * hid,struct hid_report * report,int reqtype)1923 int __hid_request(struct hid_device *hid, struct hid_report *report,
1924 		int reqtype)
1925 {
1926 	char *buf;
1927 	int ret;
1928 	u32 len;
1929 
1930 	buf = hid_alloc_report_buf(report, GFP_KERNEL);
1931 	if (!buf)
1932 		return -ENOMEM;
1933 
1934 	len = hid_report_len(report);
1935 
1936 	if (reqtype == HID_REQ_SET_REPORT)
1937 		hid_output_report(report, buf);
1938 
1939 	ret = hid->ll_driver->raw_request(hid, report->id, buf, len,
1940 					  report->type, reqtype);
1941 	if (ret < 0) {
1942 		dbg_hid("unable to complete request: %d\n", ret);
1943 		goto out;
1944 	}
1945 
1946 	if (reqtype == HID_REQ_GET_REPORT)
1947 		hid_input_report(hid, report->type, buf, ret, 0);
1948 
1949 	ret = 0;
1950 
1951 out:
1952 	kfree(buf);
1953 	return ret;
1954 }
1955 EXPORT_SYMBOL_GPL(__hid_request);
1956 
hid_report_raw_event(struct hid_device * hid,int type,u8 * data,u32 size,int interrupt)1957 int hid_report_raw_event(struct hid_device *hid, int type, u8 *data, u32 size,
1958 		int interrupt)
1959 {
1960 	struct hid_report_enum *report_enum = hid->report_enum + type;
1961 	struct hid_report *report;
1962 	struct hid_driver *hdrv;
1963 	u32 rsize, csize = size;
1964 	u8 *cdata = data;
1965 	int ret = 0;
1966 
1967 	report = hid_get_report(report_enum, data);
1968 	if (!report)
1969 		goto out;
1970 
1971 	if (report_enum->numbered) {
1972 		cdata++;
1973 		csize--;
1974 	}
1975 
1976 	rsize = hid_compute_report_size(report);
1977 
1978 	if (report_enum->numbered && rsize >= HID_MAX_BUFFER_SIZE)
1979 		rsize = HID_MAX_BUFFER_SIZE - 1;
1980 	else if (rsize > HID_MAX_BUFFER_SIZE)
1981 		rsize = HID_MAX_BUFFER_SIZE;
1982 
1983 	if (csize < rsize) {
1984 		dbg_hid("report %d is too short, (%d < %d)\n", report->id,
1985 				csize, rsize);
1986 		memset(cdata + csize, 0, rsize - csize);
1987 	}
1988 
1989 	if ((hid->claimed & HID_CLAIMED_HIDDEV) && hid->hiddev_report_event)
1990 		hid->hiddev_report_event(hid, report);
1991 	if (hid->claimed & HID_CLAIMED_HIDRAW) {
1992 		ret = hidraw_report_event(hid, data, size);
1993 		if (ret)
1994 			goto out;
1995 	}
1996 
1997 	if (hid->claimed != HID_CLAIMED_HIDRAW && report->maxfield) {
1998 		hid_process_report(hid, report, cdata, interrupt);
1999 		hdrv = hid->driver;
2000 		if (hdrv && hdrv->report)
2001 			hdrv->report(hid, report);
2002 	}
2003 
2004 	if (hid->claimed & HID_CLAIMED_INPUT)
2005 		hidinput_report_event(hid, report);
2006 out:
2007 	return ret;
2008 }
2009 EXPORT_SYMBOL_GPL(hid_report_raw_event);
2010 
2011 /**
2012  * hid_input_report - report data from lower layer (usb, bt...)
2013  *
2014  * @hid: hid device
2015  * @type: HID report type (HID_*_REPORT)
2016  * @data: report contents
2017  * @size: size of data parameter
2018  * @interrupt: distinguish between interrupt and control transfers
2019  *
2020  * This is data entry for lower layers.
2021  */
hid_input_report(struct hid_device * hid,int type,u8 * data,u32 size,int interrupt)2022 int hid_input_report(struct hid_device *hid, int type, u8 *data, u32 size, int interrupt)
2023 {
2024 	struct hid_report_enum *report_enum;
2025 	struct hid_driver *hdrv;
2026 	struct hid_report *report;
2027 	int ret = 0;
2028 
2029 	if (!hid)
2030 		return -ENODEV;
2031 
2032 	if (down_trylock(&hid->driver_input_lock))
2033 		return -EBUSY;
2034 
2035 	if (!hid->driver) {
2036 		ret = -ENODEV;
2037 		goto unlock;
2038 	}
2039 	report_enum = hid->report_enum + type;
2040 	hdrv = hid->driver;
2041 
2042 	if (!size) {
2043 		dbg_hid("empty report\n");
2044 		ret = -1;
2045 		goto unlock;
2046 	}
2047 
2048 	/* Avoid unnecessary overhead if debugfs is disabled */
2049 	if (!list_empty(&hid->debug_list))
2050 		hid_dump_report(hid, type, data, size);
2051 
2052 	report = hid_get_report(report_enum, data);
2053 
2054 	if (!report) {
2055 		ret = -1;
2056 		goto unlock;
2057 	}
2058 
2059 	if (hdrv && hdrv->raw_event && hid_match_report(hid, report)) {
2060 		ret = hdrv->raw_event(hid, report, data, size);
2061 		if (ret < 0)
2062 			goto unlock;
2063 	}
2064 
2065 	ret = hid_report_raw_event(hid, type, data, size, interrupt);
2066 
2067 unlock:
2068 	up(&hid->driver_input_lock);
2069 	return ret;
2070 }
2071 EXPORT_SYMBOL_GPL(hid_input_report);
2072 
hid_match_one_id(const struct hid_device * hdev,const struct hid_device_id * id)2073 bool hid_match_one_id(const struct hid_device *hdev,
2074 		      const struct hid_device_id *id)
2075 {
2076 	return (id->bus == HID_BUS_ANY || id->bus == hdev->bus) &&
2077 		(id->group == HID_GROUP_ANY || id->group == hdev->group) &&
2078 		(id->vendor == HID_ANY_ID || id->vendor == hdev->vendor) &&
2079 		(id->product == HID_ANY_ID || id->product == hdev->product);
2080 }
2081 
hid_match_id(const struct hid_device * hdev,const struct hid_device_id * id)2082 const struct hid_device_id *hid_match_id(const struct hid_device *hdev,
2083 		const struct hid_device_id *id)
2084 {
2085 	for (; id->bus; id++)
2086 		if (hid_match_one_id(hdev, id))
2087 			return id;
2088 
2089 	return NULL;
2090 }
2091 
2092 static const struct hid_device_id hid_hiddev_list[] = {
2093 	{ HID_USB_DEVICE(USB_VENDOR_ID_MGE, USB_DEVICE_ID_MGE_UPS) },
2094 	{ HID_USB_DEVICE(USB_VENDOR_ID_MGE, USB_DEVICE_ID_MGE_UPS1) },
2095 	{ }
2096 };
2097 
hid_hiddev(struct hid_device * hdev)2098 static bool hid_hiddev(struct hid_device *hdev)
2099 {
2100 	return !!hid_match_id(hdev, hid_hiddev_list);
2101 }
2102 
2103 
2104 static ssize_t
read_report_descriptor(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)2105 read_report_descriptor(struct file *filp, struct kobject *kobj,
2106 		struct bin_attribute *attr,
2107 		char *buf, loff_t off, size_t count)
2108 {
2109 	struct device *dev = kobj_to_dev(kobj);
2110 	struct hid_device *hdev = to_hid_device(dev);
2111 
2112 	if (off >= hdev->rsize)
2113 		return 0;
2114 
2115 	if (off + count > hdev->rsize)
2116 		count = hdev->rsize - off;
2117 
2118 	memcpy(buf, hdev->rdesc + off, count);
2119 
2120 	return count;
2121 }
2122 
2123 static ssize_t
show_country(struct device * dev,struct device_attribute * attr,char * buf)2124 show_country(struct device *dev, struct device_attribute *attr,
2125 		char *buf)
2126 {
2127 	struct hid_device *hdev = to_hid_device(dev);
2128 
2129 	return sprintf(buf, "%02x\n", hdev->country & 0xff);
2130 }
2131 
2132 static struct bin_attribute dev_bin_attr_report_desc = {
2133 	.attr = { .name = "report_descriptor", .mode = 0444 },
2134 	.read = read_report_descriptor,
2135 	.size = HID_MAX_DESCRIPTOR_SIZE,
2136 };
2137 
2138 static const struct device_attribute dev_attr_country = {
2139 	.attr = { .name = "country", .mode = 0444 },
2140 	.show = show_country,
2141 };
2142 
hid_connect(struct hid_device * hdev,unsigned int connect_mask)2143 int hid_connect(struct hid_device *hdev, unsigned int connect_mask)
2144 {
2145 	static const char *types[] = { "Device", "Pointer", "Mouse", "Device",
2146 		"Joystick", "Gamepad", "Keyboard", "Keypad",
2147 		"Multi-Axis Controller"
2148 	};
2149 	const char *type, *bus;
2150 	char buf[64] = "";
2151 	unsigned int i;
2152 	int len;
2153 	int ret;
2154 
2155 	if (hdev->quirks & HID_QUIRK_HIDDEV_FORCE)
2156 		connect_mask |= (HID_CONNECT_HIDDEV_FORCE | HID_CONNECT_HIDDEV);
2157 	if (hdev->quirks & HID_QUIRK_HIDINPUT_FORCE)
2158 		connect_mask |= HID_CONNECT_HIDINPUT_FORCE;
2159 	if (hdev->bus != BUS_USB)
2160 		connect_mask &= ~HID_CONNECT_HIDDEV;
2161 	if (hid_hiddev(hdev))
2162 		connect_mask |= HID_CONNECT_HIDDEV_FORCE;
2163 
2164 	if ((connect_mask & HID_CONNECT_HIDINPUT) && !hidinput_connect(hdev,
2165 				connect_mask & HID_CONNECT_HIDINPUT_FORCE))
2166 		hdev->claimed |= HID_CLAIMED_INPUT;
2167 
2168 	if ((connect_mask & HID_CONNECT_HIDDEV) && hdev->hiddev_connect &&
2169 			!hdev->hiddev_connect(hdev,
2170 				connect_mask & HID_CONNECT_HIDDEV_FORCE))
2171 		hdev->claimed |= HID_CLAIMED_HIDDEV;
2172 	if ((connect_mask & HID_CONNECT_HIDRAW) && !hidraw_connect(hdev))
2173 		hdev->claimed |= HID_CLAIMED_HIDRAW;
2174 
2175 	if (connect_mask & HID_CONNECT_DRIVER)
2176 		hdev->claimed |= HID_CLAIMED_DRIVER;
2177 
2178 	/* Drivers with the ->raw_event callback set are not required to connect
2179 	 * to any other listener. */
2180 	if (!hdev->claimed && !hdev->driver->raw_event) {
2181 		hid_err(hdev, "device has no listeners, quitting\n");
2182 		return -ENODEV;
2183 	}
2184 
2185 	hid_process_ordering(hdev);
2186 
2187 	if ((hdev->claimed & HID_CLAIMED_INPUT) &&
2188 			(connect_mask & HID_CONNECT_FF) && hdev->ff_init)
2189 		hdev->ff_init(hdev);
2190 
2191 	len = 0;
2192 	if (hdev->claimed & HID_CLAIMED_INPUT)
2193 		len += sprintf(buf + len, "input");
2194 	if (hdev->claimed & HID_CLAIMED_HIDDEV)
2195 		len += sprintf(buf + len, "%shiddev%d", len ? "," : "",
2196 				((struct hiddev *)hdev->hiddev)->minor);
2197 	if (hdev->claimed & HID_CLAIMED_HIDRAW)
2198 		len += sprintf(buf + len, "%shidraw%d", len ? "," : "",
2199 				((struct hidraw *)hdev->hidraw)->minor);
2200 
2201 	type = "Device";
2202 	for (i = 0; i < hdev->maxcollection; i++) {
2203 		struct hid_collection *col = &hdev->collection[i];
2204 		if (col->type == HID_COLLECTION_APPLICATION &&
2205 		   (col->usage & HID_USAGE_PAGE) == HID_UP_GENDESK &&
2206 		   (col->usage & 0xffff) < ARRAY_SIZE(types)) {
2207 			type = types[col->usage & 0xffff];
2208 			break;
2209 		}
2210 	}
2211 
2212 	switch (hdev->bus) {
2213 	case BUS_USB:
2214 		bus = "USB";
2215 		break;
2216 	case BUS_BLUETOOTH:
2217 		bus = "BLUETOOTH";
2218 		break;
2219 	case BUS_I2C:
2220 		bus = "I2C";
2221 		break;
2222 	case BUS_VIRTUAL:
2223 		bus = "VIRTUAL";
2224 		break;
2225 	case BUS_INTEL_ISHTP:
2226 	case BUS_AMD_SFH:
2227 		bus = "SENSOR HUB";
2228 		break;
2229 	default:
2230 		bus = "<UNKNOWN>";
2231 	}
2232 
2233 	ret = device_create_file(&hdev->dev, &dev_attr_country);
2234 	if (ret)
2235 		hid_warn(hdev,
2236 			 "can't create sysfs country code attribute err: %d\n", ret);
2237 
2238 	hid_info(hdev, "%s: %s HID v%x.%02x %s [%s] on %s\n",
2239 		 buf, bus, hdev->version >> 8, hdev->version & 0xff,
2240 		 type, hdev->name, hdev->phys);
2241 
2242 	return 0;
2243 }
2244 EXPORT_SYMBOL_GPL(hid_connect);
2245 
hid_disconnect(struct hid_device * hdev)2246 void hid_disconnect(struct hid_device *hdev)
2247 {
2248 	device_remove_file(&hdev->dev, &dev_attr_country);
2249 	if (hdev->claimed & HID_CLAIMED_INPUT)
2250 		hidinput_disconnect(hdev);
2251 	if (hdev->claimed & HID_CLAIMED_HIDDEV)
2252 		hdev->hiddev_disconnect(hdev);
2253 	if (hdev->claimed & HID_CLAIMED_HIDRAW)
2254 		hidraw_disconnect(hdev);
2255 	hdev->claimed = 0;
2256 }
2257 EXPORT_SYMBOL_GPL(hid_disconnect);
2258 
2259 /**
2260  * hid_hw_start - start underlying HW
2261  * @hdev: hid device
2262  * @connect_mask: which outputs to connect, see HID_CONNECT_*
2263  *
2264  * Call this in probe function *after* hid_parse. This will setup HW
2265  * buffers and start the device (if not defeirred to device open).
2266  * hid_hw_stop must be called if this was successful.
2267  */
hid_hw_start(struct hid_device * hdev,unsigned int connect_mask)2268 int hid_hw_start(struct hid_device *hdev, unsigned int connect_mask)
2269 {
2270 	int error;
2271 
2272 	error = hdev->ll_driver->start(hdev);
2273 	if (error)
2274 		return error;
2275 
2276 	if (connect_mask) {
2277 		error = hid_connect(hdev, connect_mask);
2278 		if (error) {
2279 			hdev->ll_driver->stop(hdev);
2280 			return error;
2281 		}
2282 	}
2283 
2284 	return 0;
2285 }
2286 EXPORT_SYMBOL_GPL(hid_hw_start);
2287 
2288 /**
2289  * hid_hw_stop - stop underlying HW
2290  * @hdev: hid device
2291  *
2292  * This is usually called from remove function or from probe when something
2293  * failed and hid_hw_start was called already.
2294  */
hid_hw_stop(struct hid_device * hdev)2295 void hid_hw_stop(struct hid_device *hdev)
2296 {
2297 	hid_disconnect(hdev);
2298 	hdev->ll_driver->stop(hdev);
2299 }
2300 EXPORT_SYMBOL_GPL(hid_hw_stop);
2301 
2302 /**
2303  * hid_hw_open - signal underlying HW to start delivering events
2304  * @hdev: hid device
2305  *
2306  * Tell underlying HW to start delivering events from the device.
2307  * This function should be called sometime after successful call
2308  * to hid_hw_start().
2309  */
hid_hw_open(struct hid_device * hdev)2310 int hid_hw_open(struct hid_device *hdev)
2311 {
2312 	int ret;
2313 
2314 	ret = mutex_lock_killable(&hdev->ll_open_lock);
2315 	if (ret)
2316 		return ret;
2317 
2318 	if (!hdev->ll_open_count++) {
2319 		ret = hdev->ll_driver->open(hdev);
2320 		if (ret)
2321 			hdev->ll_open_count--;
2322 	}
2323 
2324 	mutex_unlock(&hdev->ll_open_lock);
2325 	return ret;
2326 }
2327 EXPORT_SYMBOL_GPL(hid_hw_open);
2328 
2329 /**
2330  * hid_hw_close - signal underlaying HW to stop delivering events
2331  *
2332  * @hdev: hid device
2333  *
2334  * This function indicates that we are not interested in the events
2335  * from this device anymore. Delivery of events may or may not stop,
2336  * depending on the number of users still outstanding.
2337  */
hid_hw_close(struct hid_device * hdev)2338 void hid_hw_close(struct hid_device *hdev)
2339 {
2340 	mutex_lock(&hdev->ll_open_lock);
2341 	if (!--hdev->ll_open_count)
2342 		hdev->ll_driver->close(hdev);
2343 	mutex_unlock(&hdev->ll_open_lock);
2344 }
2345 EXPORT_SYMBOL_GPL(hid_hw_close);
2346 
2347 /**
2348  * hid_hw_request - send report request to device
2349  *
2350  * @hdev: hid device
2351  * @report: report to send
2352  * @reqtype: hid request type
2353  */
hid_hw_request(struct hid_device * hdev,struct hid_report * report,int reqtype)2354 void hid_hw_request(struct hid_device *hdev,
2355 		    struct hid_report *report, int reqtype)
2356 {
2357 	if (hdev->ll_driver->request)
2358 		return hdev->ll_driver->request(hdev, report, reqtype);
2359 
2360 	__hid_request(hdev, report, reqtype);
2361 }
2362 EXPORT_SYMBOL_GPL(hid_hw_request);
2363 
2364 /**
2365  * hid_hw_raw_request - send report request to device
2366  *
2367  * @hdev: hid device
2368  * @reportnum: report ID
2369  * @buf: in/out data to transfer
2370  * @len: length of buf
2371  * @rtype: HID report type
2372  * @reqtype: HID_REQ_GET_REPORT or HID_REQ_SET_REPORT
2373  *
2374  * Return: count of data transferred, negative if error
2375  *
2376  * Same behavior as hid_hw_request, but with raw buffers instead.
2377  */
hid_hw_raw_request(struct hid_device * hdev,unsigned char reportnum,__u8 * buf,size_t len,unsigned char rtype,int reqtype)2378 int hid_hw_raw_request(struct hid_device *hdev,
2379 		       unsigned char reportnum, __u8 *buf,
2380 		       size_t len, unsigned char rtype, int reqtype)
2381 {
2382 	if (len < 1 || len > HID_MAX_BUFFER_SIZE || !buf)
2383 		return -EINVAL;
2384 
2385 	return hdev->ll_driver->raw_request(hdev, reportnum, buf, len,
2386 					    rtype, reqtype);
2387 }
2388 EXPORT_SYMBOL_GPL(hid_hw_raw_request);
2389 
2390 /**
2391  * hid_hw_output_report - send output report to device
2392  *
2393  * @hdev: hid device
2394  * @buf: raw data to transfer
2395  * @len: length of buf
2396  *
2397  * Return: count of data transferred, negative if error
2398  */
hid_hw_output_report(struct hid_device * hdev,__u8 * buf,size_t len)2399 int hid_hw_output_report(struct hid_device *hdev, __u8 *buf, size_t len)
2400 {
2401 	if (len < 1 || len > HID_MAX_BUFFER_SIZE || !buf)
2402 		return -EINVAL;
2403 
2404 	if (hdev->ll_driver->output_report)
2405 		return hdev->ll_driver->output_report(hdev, buf, len);
2406 
2407 	return -ENOSYS;
2408 }
2409 EXPORT_SYMBOL_GPL(hid_hw_output_report);
2410 
2411 #ifdef CONFIG_PM
hid_driver_suspend(struct hid_device * hdev,pm_message_t state)2412 int hid_driver_suspend(struct hid_device *hdev, pm_message_t state)
2413 {
2414 	if (hdev->driver && hdev->driver->suspend)
2415 		return hdev->driver->suspend(hdev, state);
2416 
2417 	return 0;
2418 }
2419 EXPORT_SYMBOL_GPL(hid_driver_suspend);
2420 
hid_driver_reset_resume(struct hid_device * hdev)2421 int hid_driver_reset_resume(struct hid_device *hdev)
2422 {
2423 	if (hdev->driver && hdev->driver->reset_resume)
2424 		return hdev->driver->reset_resume(hdev);
2425 
2426 	return 0;
2427 }
2428 EXPORT_SYMBOL_GPL(hid_driver_reset_resume);
2429 
hid_driver_resume(struct hid_device * hdev)2430 int hid_driver_resume(struct hid_device *hdev)
2431 {
2432 	if (hdev->driver && hdev->driver->resume)
2433 		return hdev->driver->resume(hdev);
2434 
2435 	return 0;
2436 }
2437 EXPORT_SYMBOL_GPL(hid_driver_resume);
2438 #endif /* CONFIG_PM */
2439 
2440 struct hid_dynid {
2441 	struct list_head list;
2442 	struct hid_device_id id;
2443 };
2444 
2445 /**
2446  * new_id_store - add a new HID device ID to this driver and re-probe devices
2447  * @drv: target device driver
2448  * @buf: buffer for scanning device ID data
2449  * @count: input size
2450  *
2451  * Adds a new dynamic hid device ID to this driver,
2452  * and causes the driver to probe for all devices again.
2453  */
new_id_store(struct device_driver * drv,const char * buf,size_t count)2454 static ssize_t new_id_store(struct device_driver *drv, const char *buf,
2455 		size_t count)
2456 {
2457 	struct hid_driver *hdrv = to_hid_driver(drv);
2458 	struct hid_dynid *dynid;
2459 	__u32 bus, vendor, product;
2460 	unsigned long driver_data = 0;
2461 	int ret;
2462 
2463 	ret = sscanf(buf, "%x %x %x %lx",
2464 			&bus, &vendor, &product, &driver_data);
2465 	if (ret < 3)
2466 		return -EINVAL;
2467 
2468 	dynid = kzalloc(sizeof(*dynid), GFP_KERNEL);
2469 	if (!dynid)
2470 		return -ENOMEM;
2471 
2472 	dynid->id.bus = bus;
2473 	dynid->id.group = HID_GROUP_ANY;
2474 	dynid->id.vendor = vendor;
2475 	dynid->id.product = product;
2476 	dynid->id.driver_data = driver_data;
2477 
2478 	spin_lock(&hdrv->dyn_lock);
2479 	list_add_tail(&dynid->list, &hdrv->dyn_list);
2480 	spin_unlock(&hdrv->dyn_lock);
2481 
2482 	ret = driver_attach(&hdrv->driver);
2483 
2484 	return ret ? : count;
2485 }
2486 static DRIVER_ATTR_WO(new_id);
2487 
2488 static struct attribute *hid_drv_attrs[] = {
2489 	&driver_attr_new_id.attr,
2490 	NULL,
2491 };
2492 ATTRIBUTE_GROUPS(hid_drv);
2493 
hid_free_dynids(struct hid_driver * hdrv)2494 static void hid_free_dynids(struct hid_driver *hdrv)
2495 {
2496 	struct hid_dynid *dynid, *n;
2497 
2498 	spin_lock(&hdrv->dyn_lock);
2499 	list_for_each_entry_safe(dynid, n, &hdrv->dyn_list, list) {
2500 		list_del(&dynid->list);
2501 		kfree(dynid);
2502 	}
2503 	spin_unlock(&hdrv->dyn_lock);
2504 }
2505 
hid_match_device(struct hid_device * hdev,struct hid_driver * hdrv)2506 const struct hid_device_id *hid_match_device(struct hid_device *hdev,
2507 					     struct hid_driver *hdrv)
2508 {
2509 	struct hid_dynid *dynid;
2510 
2511 	spin_lock(&hdrv->dyn_lock);
2512 	list_for_each_entry(dynid, &hdrv->dyn_list, list) {
2513 		if (hid_match_one_id(hdev, &dynid->id)) {
2514 			spin_unlock(&hdrv->dyn_lock);
2515 			return &dynid->id;
2516 		}
2517 	}
2518 	spin_unlock(&hdrv->dyn_lock);
2519 
2520 	return hid_match_id(hdev, hdrv->id_table);
2521 }
2522 EXPORT_SYMBOL_GPL(hid_match_device);
2523 
hid_bus_match(struct device * dev,struct device_driver * drv)2524 static int hid_bus_match(struct device *dev, struct device_driver *drv)
2525 {
2526 	struct hid_driver *hdrv = to_hid_driver(drv);
2527 	struct hid_device *hdev = to_hid_device(dev);
2528 
2529 	return hid_match_device(hdev, hdrv) != NULL;
2530 }
2531 
2532 /**
2533  * hid_compare_device_paths - check if both devices share the same path
2534  * @hdev_a: hid device
2535  * @hdev_b: hid device
2536  * @separator: char to use as separator
2537  *
2538  * Check if two devices share the same path up to the last occurrence of
2539  * the separator char. Both paths must exist (i.e., zero-length paths
2540  * don't match).
2541  */
hid_compare_device_paths(struct hid_device * hdev_a,struct hid_device * hdev_b,char separator)2542 bool hid_compare_device_paths(struct hid_device *hdev_a,
2543 			      struct hid_device *hdev_b, char separator)
2544 {
2545 	int n1 = strrchr(hdev_a->phys, separator) - hdev_a->phys;
2546 	int n2 = strrchr(hdev_b->phys, separator) - hdev_b->phys;
2547 
2548 	if (n1 != n2 || n1 <= 0 || n2 <= 0)
2549 		return false;
2550 
2551 	return !strncmp(hdev_a->phys, hdev_b->phys, n1);
2552 }
2553 EXPORT_SYMBOL_GPL(hid_compare_device_paths);
2554 
hid_device_probe(struct device * dev)2555 static int hid_device_probe(struct device *dev)
2556 {
2557 	struct hid_driver *hdrv = to_hid_driver(dev->driver);
2558 	struct hid_device *hdev = to_hid_device(dev);
2559 	const struct hid_device_id *id;
2560 	int ret = 0;
2561 
2562 	if (down_interruptible(&hdev->driver_input_lock)) {
2563 		ret = -EINTR;
2564 		goto end;
2565 	}
2566 	hdev->io_started = false;
2567 
2568 	clear_bit(ffs(HID_STAT_REPROBED), &hdev->status);
2569 
2570 	if (!hdev->driver) {
2571 		id = hid_match_device(hdev, hdrv);
2572 		if (id == NULL) {
2573 			ret = -ENODEV;
2574 			goto unlock;
2575 		}
2576 
2577 		if (hdrv->match) {
2578 			if (!hdrv->match(hdev, hid_ignore_special_drivers)) {
2579 				ret = -ENODEV;
2580 				goto unlock;
2581 			}
2582 		} else {
2583 			/*
2584 			 * hid-generic implements .match(), so if
2585 			 * hid_ignore_special_drivers is set, we can safely
2586 			 * return.
2587 			 */
2588 			if (hid_ignore_special_drivers) {
2589 				ret = -ENODEV;
2590 				goto unlock;
2591 			}
2592 		}
2593 
2594 		/* reset the quirks that has been previously set */
2595 		hdev->quirks = hid_lookup_quirk(hdev);
2596 		hdev->driver = hdrv;
2597 		if (hdrv->probe) {
2598 			ret = hdrv->probe(hdev, id);
2599 		} else { /* default probe */
2600 			ret = hid_open_report(hdev);
2601 			if (!ret)
2602 				ret = hid_hw_start(hdev, HID_CONNECT_DEFAULT);
2603 		}
2604 		if (ret) {
2605 			hid_close_report(hdev);
2606 			hdev->driver = NULL;
2607 		}
2608 	}
2609 unlock:
2610 	if (!hdev->io_started)
2611 		up(&hdev->driver_input_lock);
2612 end:
2613 	return ret;
2614 }
2615 
hid_device_remove(struct device * dev)2616 static void hid_device_remove(struct device *dev)
2617 {
2618 	struct hid_device *hdev = to_hid_device(dev);
2619 	struct hid_driver *hdrv;
2620 
2621 	down(&hdev->driver_input_lock);
2622 	hdev->io_started = false;
2623 
2624 	hdrv = hdev->driver;
2625 	if (hdrv) {
2626 		if (hdrv->remove)
2627 			hdrv->remove(hdev);
2628 		else /* default remove */
2629 			hid_hw_stop(hdev);
2630 		hid_close_report(hdev);
2631 		hdev->driver = NULL;
2632 	}
2633 
2634 	if (!hdev->io_started)
2635 		up(&hdev->driver_input_lock);
2636 }
2637 
modalias_show(struct device * dev,struct device_attribute * a,char * buf)2638 static ssize_t modalias_show(struct device *dev, struct device_attribute *a,
2639 			     char *buf)
2640 {
2641 	struct hid_device *hdev = container_of(dev, struct hid_device, dev);
2642 
2643 	return scnprintf(buf, PAGE_SIZE, "hid:b%04Xg%04Xv%08Xp%08X\n",
2644 			 hdev->bus, hdev->group, hdev->vendor, hdev->product);
2645 }
2646 static DEVICE_ATTR_RO(modalias);
2647 
2648 static struct attribute *hid_dev_attrs[] = {
2649 	&dev_attr_modalias.attr,
2650 	NULL,
2651 };
2652 static struct bin_attribute *hid_dev_bin_attrs[] = {
2653 	&dev_bin_attr_report_desc,
2654 	NULL
2655 };
2656 static const struct attribute_group hid_dev_group = {
2657 	.attrs = hid_dev_attrs,
2658 	.bin_attrs = hid_dev_bin_attrs,
2659 };
2660 __ATTRIBUTE_GROUPS(hid_dev);
2661 
hid_uevent(struct device * dev,struct kobj_uevent_env * env)2662 static int hid_uevent(struct device *dev, struct kobj_uevent_env *env)
2663 {
2664 	struct hid_device *hdev = to_hid_device(dev);
2665 
2666 	if (add_uevent_var(env, "HID_ID=%04X:%08X:%08X",
2667 			hdev->bus, hdev->vendor, hdev->product))
2668 		return -ENOMEM;
2669 
2670 	if (add_uevent_var(env, "HID_NAME=%s", hdev->name))
2671 		return -ENOMEM;
2672 
2673 	if (add_uevent_var(env, "HID_PHYS=%s", hdev->phys))
2674 		return -ENOMEM;
2675 
2676 	if (add_uevent_var(env, "HID_UNIQ=%s", hdev->uniq))
2677 		return -ENOMEM;
2678 
2679 	if (add_uevent_var(env, "MODALIAS=hid:b%04Xg%04Xv%08Xp%08X",
2680 			   hdev->bus, hdev->group, hdev->vendor, hdev->product))
2681 		return -ENOMEM;
2682 
2683 	return 0;
2684 }
2685 
2686 struct bus_type hid_bus_type = {
2687 	.name		= "hid",
2688 	.dev_groups	= hid_dev_groups,
2689 	.drv_groups	= hid_drv_groups,
2690 	.match		= hid_bus_match,
2691 	.probe		= hid_device_probe,
2692 	.remove		= hid_device_remove,
2693 	.uevent		= hid_uevent,
2694 };
2695 EXPORT_SYMBOL(hid_bus_type);
2696 
hid_add_device(struct hid_device * hdev)2697 int hid_add_device(struct hid_device *hdev)
2698 {
2699 	static atomic_t id = ATOMIC_INIT(0);
2700 	int ret;
2701 
2702 	if (WARN_ON(hdev->status & HID_STAT_ADDED))
2703 		return -EBUSY;
2704 
2705 	hdev->quirks = hid_lookup_quirk(hdev);
2706 
2707 	/* we need to kill them here, otherwise they will stay allocated to
2708 	 * wait for coming driver */
2709 	if (hid_ignore(hdev))
2710 		return -ENODEV;
2711 
2712 	/*
2713 	 * Check for the mandatory transport channel.
2714 	 */
2715 	 if (!hdev->ll_driver->raw_request) {
2716 		hid_err(hdev, "transport driver missing .raw_request()\n");
2717 		return -EINVAL;
2718 	 }
2719 
2720 	/*
2721 	 * Read the device report descriptor once and use as template
2722 	 * for the driver-specific modifications.
2723 	 */
2724 	ret = hdev->ll_driver->parse(hdev);
2725 	if (ret)
2726 		return ret;
2727 	if (!hdev->dev_rdesc)
2728 		return -ENODEV;
2729 
2730 	/*
2731 	 * Scan generic devices for group information
2732 	 */
2733 	if (hid_ignore_special_drivers) {
2734 		hdev->group = HID_GROUP_GENERIC;
2735 	} else if (!hdev->group &&
2736 		   !(hdev->quirks & HID_QUIRK_HAVE_SPECIAL_DRIVER)) {
2737 		ret = hid_scan_report(hdev);
2738 		if (ret)
2739 			hid_warn(hdev, "bad device descriptor (%d)\n", ret);
2740 	}
2741 
2742 	/* XXX hack, any other cleaner solution after the driver core
2743 	 * is converted to allow more than 20 bytes as the device name? */
2744 	dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
2745 		     hdev->vendor, hdev->product, atomic_inc_return(&id));
2746 
2747 	hid_debug_register(hdev, dev_name(&hdev->dev));
2748 	ret = device_add(&hdev->dev);
2749 	if (!ret)
2750 		hdev->status |= HID_STAT_ADDED;
2751 	else
2752 		hid_debug_unregister(hdev);
2753 
2754 	return ret;
2755 }
2756 EXPORT_SYMBOL_GPL(hid_add_device);
2757 
2758 /**
2759  * hid_allocate_device - allocate new hid device descriptor
2760  *
2761  * Allocate and initialize hid device, so that hid_destroy_device might be
2762  * used to free it.
2763  *
2764  * New hid_device pointer is returned on success, otherwise ERR_PTR encoded
2765  * error value.
2766  */
hid_allocate_device(void)2767 struct hid_device *hid_allocate_device(void)
2768 {
2769 	struct hid_device *hdev;
2770 	int ret = -ENOMEM;
2771 
2772 	hdev = kzalloc(sizeof(*hdev), GFP_KERNEL);
2773 	if (hdev == NULL)
2774 		return ERR_PTR(ret);
2775 
2776 	device_initialize(&hdev->dev);
2777 	hdev->dev.release = hid_device_release;
2778 	hdev->dev.bus = &hid_bus_type;
2779 	device_enable_async_suspend(&hdev->dev);
2780 
2781 	hid_close_report(hdev);
2782 
2783 	init_waitqueue_head(&hdev->debug_wait);
2784 	INIT_LIST_HEAD(&hdev->debug_list);
2785 	spin_lock_init(&hdev->debug_list_lock);
2786 	sema_init(&hdev->driver_input_lock, 1);
2787 	mutex_init(&hdev->ll_open_lock);
2788 
2789 	return hdev;
2790 }
2791 EXPORT_SYMBOL_GPL(hid_allocate_device);
2792 
hid_remove_device(struct hid_device * hdev)2793 static void hid_remove_device(struct hid_device *hdev)
2794 {
2795 	if (hdev->status & HID_STAT_ADDED) {
2796 		device_del(&hdev->dev);
2797 		hid_debug_unregister(hdev);
2798 		hdev->status &= ~HID_STAT_ADDED;
2799 	}
2800 	kfree(hdev->dev_rdesc);
2801 	hdev->dev_rdesc = NULL;
2802 	hdev->dev_rsize = 0;
2803 }
2804 
2805 /**
2806  * hid_destroy_device - free previously allocated device
2807  *
2808  * @hdev: hid device
2809  *
2810  * If you allocate hid_device through hid_allocate_device, you should ever
2811  * free by this function.
2812  */
hid_destroy_device(struct hid_device * hdev)2813 void hid_destroy_device(struct hid_device *hdev)
2814 {
2815 	hid_remove_device(hdev);
2816 	put_device(&hdev->dev);
2817 }
2818 EXPORT_SYMBOL_GPL(hid_destroy_device);
2819 
2820 
__hid_bus_reprobe_drivers(struct device * dev,void * data)2821 static int __hid_bus_reprobe_drivers(struct device *dev, void *data)
2822 {
2823 	struct hid_driver *hdrv = data;
2824 	struct hid_device *hdev = to_hid_device(dev);
2825 
2826 	if (hdev->driver == hdrv &&
2827 	    !hdrv->match(hdev, hid_ignore_special_drivers) &&
2828 	    !test_and_set_bit(ffs(HID_STAT_REPROBED), &hdev->status))
2829 		return device_reprobe(dev);
2830 
2831 	return 0;
2832 }
2833 
__hid_bus_driver_added(struct device_driver * drv,void * data)2834 static int __hid_bus_driver_added(struct device_driver *drv, void *data)
2835 {
2836 	struct hid_driver *hdrv = to_hid_driver(drv);
2837 
2838 	if (hdrv->match) {
2839 		bus_for_each_dev(&hid_bus_type, NULL, hdrv,
2840 				 __hid_bus_reprobe_drivers);
2841 	}
2842 
2843 	return 0;
2844 }
2845 
__bus_removed_driver(struct device_driver * drv,void * data)2846 static int __bus_removed_driver(struct device_driver *drv, void *data)
2847 {
2848 	return bus_rescan_devices(&hid_bus_type);
2849 }
2850 
__hid_register_driver(struct hid_driver * hdrv,struct module * owner,const char * mod_name)2851 int __hid_register_driver(struct hid_driver *hdrv, struct module *owner,
2852 		const char *mod_name)
2853 {
2854 	int ret;
2855 
2856 	hdrv->driver.name = hdrv->name;
2857 	hdrv->driver.bus = &hid_bus_type;
2858 	hdrv->driver.owner = owner;
2859 	hdrv->driver.mod_name = mod_name;
2860 
2861 	INIT_LIST_HEAD(&hdrv->dyn_list);
2862 	spin_lock_init(&hdrv->dyn_lock);
2863 
2864 	ret = driver_register(&hdrv->driver);
2865 
2866 	if (ret == 0)
2867 		bus_for_each_drv(&hid_bus_type, NULL, NULL,
2868 				 __hid_bus_driver_added);
2869 
2870 	return ret;
2871 }
2872 EXPORT_SYMBOL_GPL(__hid_register_driver);
2873 
hid_unregister_driver(struct hid_driver * hdrv)2874 void hid_unregister_driver(struct hid_driver *hdrv)
2875 {
2876 	driver_unregister(&hdrv->driver);
2877 	hid_free_dynids(hdrv);
2878 
2879 	bus_for_each_drv(&hid_bus_type, NULL, hdrv, __bus_removed_driver);
2880 }
2881 EXPORT_SYMBOL_GPL(hid_unregister_driver);
2882 
hid_check_keys_pressed(struct hid_device * hid)2883 int hid_check_keys_pressed(struct hid_device *hid)
2884 {
2885 	struct hid_input *hidinput;
2886 	int i;
2887 
2888 	if (!(hid->claimed & HID_CLAIMED_INPUT))
2889 		return 0;
2890 
2891 	list_for_each_entry(hidinput, &hid->inputs, list) {
2892 		for (i = 0; i < BITS_TO_LONGS(KEY_MAX); i++)
2893 			if (hidinput->input->key[i])
2894 				return 1;
2895 	}
2896 
2897 	return 0;
2898 }
2899 EXPORT_SYMBOL_GPL(hid_check_keys_pressed);
2900 
hid_init(void)2901 static int __init hid_init(void)
2902 {
2903 	int ret;
2904 
2905 	if (hid_debug)
2906 		pr_warn("hid_debug is now used solely for parser and driver debugging.\n"
2907 			"debugfs is now used for inspecting the device (report descriptor, reports)\n");
2908 
2909 	ret = bus_register(&hid_bus_type);
2910 	if (ret) {
2911 		pr_err("can't register hid bus\n");
2912 		goto err;
2913 	}
2914 
2915 	ret = hidraw_init();
2916 	if (ret)
2917 		goto err_bus;
2918 
2919 	hid_debug_init();
2920 
2921 	return 0;
2922 err_bus:
2923 	bus_unregister(&hid_bus_type);
2924 err:
2925 	return ret;
2926 }
2927 
hid_exit(void)2928 static void __exit hid_exit(void)
2929 {
2930 	hid_debug_exit();
2931 	hidraw_exit();
2932 	bus_unregister(&hid_bus_type);
2933 	hid_quirks_exit(HID_BUS_ANY);
2934 }
2935 
2936 module_init(hid_init);
2937 module_exit(hid_exit);
2938 
2939 MODULE_AUTHOR("Andreas Gal");
2940 MODULE_AUTHOR("Vojtech Pavlik");
2941 MODULE_AUTHOR("Jiri Kosina");
2942 MODULE_LICENSE("GPL");
2943