Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * HID support for Linux
4 *
5 * Copyright (c) 1999 Andreas Gal
6 * Copyright (c) 2000-2005 Vojtech Pavlik <vojtech@suse.cz>
7 * Copyright (c) 2005 Michael Haboustak <mike-@cinci.rr.com> for Concept2, Inc
8 * Copyright (c) 2006-2012 Jiri Kosina
9 */
10
11/*
12 */
13
14#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15
16#include <linux/module.h>
17#include <linux/slab.h>
18#include <linux/init.h>
19#include <linux/kernel.h>
20#include <linux/list.h>
21#include <linux/mm.h>
22#include <linux/spinlock.h>
23#include <asm/unaligned.h>
24#include <asm/byteorder.h>
25#include <linux/input.h>
26#include <linux/wait.h>
27#include <linux/vmalloc.h>
28#include <linux/sched.h>
29#include <linux/semaphore.h>
30
31#include <linux/hid.h>
32#include <linux/hiddev.h>
33#include <linux/hid-debug.h>
34#include <linux/hidraw.h>
35
36#include "hid-ids.h"
37
38/*
39 * Version Information
40 */
41
42#define DRIVER_DESC "HID core driver"
43
44int hid_debug = 0;
45module_param_named(debug, hid_debug, int, 0600);
46MODULE_PARM_DESC(debug, "toggle HID debugging messages");
47EXPORT_SYMBOL_GPL(hid_debug);
48
49static int hid_ignore_special_drivers = 0;
50module_param_named(ignore_special_drivers, hid_ignore_special_drivers, int, 0600);
51MODULE_PARM_DESC(ignore_special_drivers, "Ignore any special drivers and handle all devices by generic driver");
52
53/*
54 * Register a new report for a device.
55 */
56
57struct hid_report *hid_register_report(struct hid_device *device,
58 unsigned int type, unsigned int id,
59 unsigned int application)
60{
61 struct hid_report_enum *report_enum = device->report_enum + type;
62 struct hid_report *report;
63
64 if (id >= HID_MAX_IDS)
65 return NULL;
66 if (report_enum->report_id_hash[id])
67 return report_enum->report_id_hash[id];
68
69 report = kzalloc(sizeof(struct hid_report), GFP_KERNEL);
70 if (!report)
71 return NULL;
72
73 if (id != 0)
74 report_enum->numbered = 1;
75
76 report->id = id;
77 report->type = type;
78 report->size = 0;
79 report->device = device;
80 report->application = application;
81 report_enum->report_id_hash[id] = report;
82
83 list_add_tail(&report->list, &report_enum->report_list);
84
85 return report;
86}
87EXPORT_SYMBOL_GPL(hid_register_report);
88
89/*
90 * Register a new field for this report.
91 */
92
93static struct hid_field *hid_register_field(struct hid_report *report, unsigned usages, unsigned values)
94{
95 struct hid_field *field;
96
97 if (report->maxfield == HID_MAX_FIELDS) {
98 hid_err(report->device, "too many fields in report\n");
99 return NULL;
100 }
101
102 field = kzalloc((sizeof(struct hid_field) +
103 usages * sizeof(struct hid_usage) +
104 values * sizeof(unsigned)), GFP_KERNEL);
105 if (!field)
106 return NULL;
107
108 field->index = report->maxfield++;
109 report->field[field->index] = field;
110 field->usage = (struct hid_usage *)(field + 1);
111 field->value = (s32 *)(field->usage + usages);
112 field->report = report;
113
114 return field;
115}
116
117/*
118 * Open a collection. The type/usage is pushed on the stack.
119 */
120
121static int open_collection(struct hid_parser *parser, unsigned type)
122{
123 struct hid_collection *collection;
124 unsigned usage;
125 int collection_index;
126
127 usage = parser->local.usage[0];
128
129 if (parser->collection_stack_ptr == parser->collection_stack_size) {
130 unsigned int *collection_stack;
131 unsigned int new_size = parser->collection_stack_size +
132 HID_COLLECTION_STACK_SIZE;
133
134 collection_stack = krealloc(parser->collection_stack,
135 new_size * sizeof(unsigned int),
136 GFP_KERNEL);
137 if (!collection_stack)
138 return -ENOMEM;
139
140 parser->collection_stack = collection_stack;
141 parser->collection_stack_size = new_size;
142 }
143
144 if (parser->device->maxcollection == parser->device->collection_size) {
145 collection = kmalloc(
146 array3_size(sizeof(struct hid_collection),
147 parser->device->collection_size,
148 2),
149 GFP_KERNEL);
150 if (collection == NULL) {
151 hid_err(parser->device, "failed to reallocate collection array\n");
152 return -ENOMEM;
153 }
154 memcpy(collection, parser->device->collection,
155 sizeof(struct hid_collection) *
156 parser->device->collection_size);
157 memset(collection + parser->device->collection_size, 0,
158 sizeof(struct hid_collection) *
159 parser->device->collection_size);
160 kfree(parser->device->collection);
161 parser->device->collection = collection;
162 parser->device->collection_size *= 2;
163 }
164
165 parser->collection_stack[parser->collection_stack_ptr++] =
166 parser->device->maxcollection;
167
168 collection_index = parser->device->maxcollection++;
169 collection = parser->device->collection + collection_index;
170 collection->type = type;
171 collection->usage = usage;
172 collection->level = parser->collection_stack_ptr - 1;
173 collection->parent_idx = (collection->level == 0) ? -1 :
174 parser->collection_stack[collection->level - 1];
175
176 if (type == HID_COLLECTION_APPLICATION)
177 parser->device->maxapplication++;
178
179 return 0;
180}
181
182/*
183 * Close a collection.
184 */
185
186static int close_collection(struct hid_parser *parser)
187{
188 if (!parser->collection_stack_ptr) {
189 hid_err(parser->device, "collection stack underflow\n");
190 return -EINVAL;
191 }
192 parser->collection_stack_ptr--;
193 return 0;
194}
195
196/*
197 * Climb up the stack, search for the specified collection type
198 * and return the usage.
199 */
200
201static unsigned hid_lookup_collection(struct hid_parser *parser, unsigned type)
202{
203 struct hid_collection *collection = parser->device->collection;
204 int n;
205
206 for (n = parser->collection_stack_ptr - 1; n >= 0; n--) {
207 unsigned index = parser->collection_stack[n];
208 if (collection[index].type == type)
209 return collection[index].usage;
210 }
211 return 0; /* we know nothing about this usage type */
212}
213
214/*
215 * Concatenate usage which defines 16 bits or less with the
216 * currently defined usage page to form a 32 bit usage
217 */
218
219static void complete_usage(struct hid_parser *parser, unsigned int index)
220{
221 parser->local.usage[index] &= 0xFFFF;
222 parser->local.usage[index] |=
223 (parser->global.usage_page & 0xFFFF) << 16;
224}
225
226/*
227 * Add a usage to the temporary parser table.
228 */
229
230static int hid_add_usage(struct hid_parser *parser, unsigned usage, u8 size)
231{
232 if (parser->local.usage_index >= HID_MAX_USAGES) {
233 hid_err(parser->device, "usage index exceeded\n");
234 return -1;
235 }
236 parser->local.usage[parser->local.usage_index] = usage;
237
238 /*
239 * If Usage item only includes usage id, concatenate it with
240 * currently defined usage page
241 */
242 if (size <= 2)
243 complete_usage(parser, parser->local.usage_index);
244
245 parser->local.usage_size[parser->local.usage_index] = size;
246 parser->local.collection_index[parser->local.usage_index] =
247 parser->collection_stack_ptr ?
248 parser->collection_stack[parser->collection_stack_ptr - 1] : 0;
249 parser->local.usage_index++;
250 return 0;
251}
252
253/*
254 * Register a new field for this report.
255 */
256
257static int hid_add_field(struct hid_parser *parser, unsigned report_type, unsigned flags)
258{
259 struct hid_report *report;
260 struct hid_field *field;
261 unsigned int usages;
262 unsigned int offset;
263 unsigned int i;
264 unsigned int application;
265
266 application = hid_lookup_collection(parser, HID_COLLECTION_APPLICATION);
267
268 report = hid_register_report(parser->device, report_type,
269 parser->global.report_id, application);
270 if (!report) {
271 hid_err(parser->device, "hid_register_report failed\n");
272 return -1;
273 }
274
275 /* Handle both signed and unsigned cases properly */
276 if ((parser->global.logical_minimum < 0 &&
277 parser->global.logical_maximum <
278 parser->global.logical_minimum) ||
279 (parser->global.logical_minimum >= 0 &&
280 (__u32)parser->global.logical_maximum <
281 (__u32)parser->global.logical_minimum)) {
282 dbg_hid("logical range invalid 0x%x 0x%x\n",
283 parser->global.logical_minimum,
284 parser->global.logical_maximum);
285 return -1;
286 }
287
288 offset = report->size;
289 report->size += parser->global.report_size * parser->global.report_count;
290
291 /* Total size check: Allow for possible report index byte */
292 if (report->size > (HID_MAX_BUFFER_SIZE - 1) << 3) {
293 hid_err(parser->device, "report is too long\n");
294 return -1;
295 }
296
297 if (!parser->local.usage_index) /* Ignore padding fields */
298 return 0;
299
300 usages = max_t(unsigned, parser->local.usage_index,
301 parser->global.report_count);
302
303 field = hid_register_field(report, usages, parser->global.report_count);
304 if (!field)
305 return 0;
306
307 field->physical = hid_lookup_collection(parser, HID_COLLECTION_PHYSICAL);
308 field->logical = hid_lookup_collection(parser, HID_COLLECTION_LOGICAL);
309 field->application = application;
310
311 for (i = 0; i < usages; i++) {
312 unsigned j = i;
313 /* Duplicate the last usage we parsed if we have excess values */
314 if (i >= parser->local.usage_index)
315 j = parser->local.usage_index - 1;
316 field->usage[i].hid = parser->local.usage[j];
317 field->usage[i].collection_index =
318 parser->local.collection_index[j];
319 field->usage[i].usage_index = i;
320 field->usage[i].resolution_multiplier = 1;
321 }
322
323 field->maxusage = usages;
324 field->flags = flags;
325 field->report_offset = offset;
326 field->report_type = report_type;
327 field->report_size = parser->global.report_size;
328 field->report_count = parser->global.report_count;
329 field->logical_minimum = parser->global.logical_minimum;
330 field->logical_maximum = parser->global.logical_maximum;
331 field->physical_minimum = parser->global.physical_minimum;
332 field->physical_maximum = parser->global.physical_maximum;
333 field->unit_exponent = parser->global.unit_exponent;
334 field->unit = parser->global.unit;
335
336 return 0;
337}
338
339/*
340 * Read data value from item.
341 */
342
343static u32 item_udata(struct hid_item *item)
344{
345 switch (item->size) {
346 case 1: return item->data.u8;
347 case 2: return item->data.u16;
348 case 4: return item->data.u32;
349 }
350 return 0;
351}
352
353static s32 item_sdata(struct hid_item *item)
354{
355 switch (item->size) {
356 case 1: return item->data.s8;
357 case 2: return item->data.s16;
358 case 4: return item->data.s32;
359 }
360 return 0;
361}
362
363/*
364 * Process a global item.
365 */
366
367static int hid_parser_global(struct hid_parser *parser, struct hid_item *item)
368{
369 __s32 raw_value;
370 switch (item->tag) {
371 case HID_GLOBAL_ITEM_TAG_PUSH:
372
373 if (parser->global_stack_ptr == HID_GLOBAL_STACK_SIZE) {
374 hid_err(parser->device, "global environment stack overflow\n");
375 return -1;
376 }
377
378 memcpy(parser->global_stack + parser->global_stack_ptr++,
379 &parser->global, sizeof(struct hid_global));
380 return 0;
381
382 case HID_GLOBAL_ITEM_TAG_POP:
383
384 if (!parser->global_stack_ptr) {
385 hid_err(parser->device, "global environment stack underflow\n");
386 return -1;
387 }
388
389 memcpy(&parser->global, parser->global_stack +
390 --parser->global_stack_ptr, sizeof(struct hid_global));
391 return 0;
392
393 case HID_GLOBAL_ITEM_TAG_USAGE_PAGE:
394 parser->global.usage_page = item_udata(item);
395 return 0;
396
397 case HID_GLOBAL_ITEM_TAG_LOGICAL_MINIMUM:
398 parser->global.logical_minimum = item_sdata(item);
399 return 0;
400
401 case HID_GLOBAL_ITEM_TAG_LOGICAL_MAXIMUM:
402 if (parser->global.logical_minimum < 0)
403 parser->global.logical_maximum = item_sdata(item);
404 else
405 parser->global.logical_maximum = item_udata(item);
406 return 0;
407
408 case HID_GLOBAL_ITEM_TAG_PHYSICAL_MINIMUM:
409 parser->global.physical_minimum = item_sdata(item);
410 return 0;
411
412 case HID_GLOBAL_ITEM_TAG_PHYSICAL_MAXIMUM:
413 if (parser->global.physical_minimum < 0)
414 parser->global.physical_maximum = item_sdata(item);
415 else
416 parser->global.physical_maximum = item_udata(item);
417 return 0;
418
419 case HID_GLOBAL_ITEM_TAG_UNIT_EXPONENT:
420 /* Many devices provide unit exponent as a two's complement
421 * nibble due to the common misunderstanding of HID
422 * specification 1.11, 6.2.2.7 Global Items. Attempt to handle
423 * both this and the standard encoding. */
424 raw_value = item_sdata(item);
425 if (!(raw_value & 0xfffffff0))
426 parser->global.unit_exponent = hid_snto32(raw_value, 4);
427 else
428 parser->global.unit_exponent = raw_value;
429 return 0;
430
431 case HID_GLOBAL_ITEM_TAG_UNIT:
432 parser->global.unit = item_udata(item);
433 return 0;
434
435 case HID_GLOBAL_ITEM_TAG_REPORT_SIZE:
436 parser->global.report_size = item_udata(item);
437 if (parser->global.report_size > 256) {
438 hid_err(parser->device, "invalid report_size %d\n",
439 parser->global.report_size);
440 return -1;
441 }
442 return 0;
443
444 case HID_GLOBAL_ITEM_TAG_REPORT_COUNT:
445 parser->global.report_count = item_udata(item);
446 if (parser->global.report_count > HID_MAX_USAGES) {
447 hid_err(parser->device, "invalid report_count %d\n",
448 parser->global.report_count);
449 return -1;
450 }
451 return 0;
452
453 case HID_GLOBAL_ITEM_TAG_REPORT_ID:
454 parser->global.report_id = item_udata(item);
455 if (parser->global.report_id == 0 ||
456 parser->global.report_id >= HID_MAX_IDS) {
457 hid_err(parser->device, "report_id %u is invalid\n",
458 parser->global.report_id);
459 return -1;
460 }
461 return 0;
462
463 default:
464 hid_err(parser->device, "unknown global tag 0x%x\n", item->tag);
465 return -1;
466 }
467}
468
469/*
470 * Process a local item.
471 */
472
473static int hid_parser_local(struct hid_parser *parser, struct hid_item *item)
474{
475 __u32 data;
476 unsigned n;
477 __u32 count;
478
479 data = item_udata(item);
480
481 switch (item->tag) {
482 case HID_LOCAL_ITEM_TAG_DELIMITER:
483
484 if (data) {
485 /*
486 * We treat items before the first delimiter
487 * as global to all usage sets (branch 0).
488 * In the moment we process only these global
489 * items and the first delimiter set.
490 */
491 if (parser->local.delimiter_depth != 0) {
492 hid_err(parser->device, "nested delimiters\n");
493 return -1;
494 }
495 parser->local.delimiter_depth++;
496 parser->local.delimiter_branch++;
497 } else {
498 if (parser->local.delimiter_depth < 1) {
499 hid_err(parser->device, "bogus close delimiter\n");
500 return -1;
501 }
502 parser->local.delimiter_depth--;
503 }
504 return 0;
505
506 case HID_LOCAL_ITEM_TAG_USAGE:
507
508 if (parser->local.delimiter_branch > 1) {
509 dbg_hid("alternative usage ignored\n");
510 return 0;
511 }
512
513 return hid_add_usage(parser, data, item->size);
514
515 case HID_LOCAL_ITEM_TAG_USAGE_MINIMUM:
516
517 if (parser->local.delimiter_branch > 1) {
518 dbg_hid("alternative usage ignored\n");
519 return 0;
520 }
521
522 parser->local.usage_minimum = data;
523 return 0;
524
525 case HID_LOCAL_ITEM_TAG_USAGE_MAXIMUM:
526
527 if (parser->local.delimiter_branch > 1) {
528 dbg_hid("alternative usage ignored\n");
529 return 0;
530 }
531
532 count = data - parser->local.usage_minimum;
533 if (count + parser->local.usage_index >= HID_MAX_USAGES) {
534 /*
535 * We do not warn if the name is not set, we are
536 * actually pre-scanning the device.
537 */
538 if (dev_name(&parser->device->dev))
539 hid_warn(parser->device,
540 "ignoring exceeding usage max\n");
541 data = HID_MAX_USAGES - parser->local.usage_index +
542 parser->local.usage_minimum - 1;
543 if (data <= 0) {
544 hid_err(parser->device,
545 "no more usage index available\n");
546 return -1;
547 }
548 }
549
550 for (n = parser->local.usage_minimum; n <= data; n++)
551 if (hid_add_usage(parser, n, item->size)) {
552 dbg_hid("hid_add_usage failed\n");
553 return -1;
554 }
555 return 0;
556
557 default:
558
559 dbg_hid("unknown local item tag 0x%x\n", item->tag);
560 return 0;
561 }
562 return 0;
563}
564
565/*
566 * Concatenate Usage Pages into Usages where relevant:
567 * As per specification, 6.2.2.8: "When the parser encounters a main item it
568 * concatenates the last declared Usage Page with a Usage to form a complete
569 * usage value."
570 */
571
572static void hid_concatenate_last_usage_page(struct hid_parser *parser)
573{
574 int i;
575 unsigned int usage_page;
576 unsigned int current_page;
577
578 if (!parser->local.usage_index)
579 return;
580
581 usage_page = parser->global.usage_page;
582
583 /*
584 * Concatenate usage page again only if last declared Usage Page
585 * has not been already used in previous usages concatenation
586 */
587 for (i = parser->local.usage_index - 1; i >= 0; i--) {
588 if (parser->local.usage_size[i] > 2)
589 /* Ignore extended usages */
590 continue;
591
592 current_page = parser->local.usage[i] >> 16;
593 if (current_page == usage_page)
594 break;
595
596 complete_usage(parser, i);
597 }
598}
599
600/*
601 * Process a main item.
602 */
603
604static int hid_parser_main(struct hid_parser *parser, struct hid_item *item)
605{
606 __u32 data;
607 int ret;
608
609 hid_concatenate_last_usage_page(parser);
610
611 data = item_udata(item);
612
613 switch (item->tag) {
614 case HID_MAIN_ITEM_TAG_BEGIN_COLLECTION:
615 ret = open_collection(parser, data & 0xff);
616 break;
617 case HID_MAIN_ITEM_TAG_END_COLLECTION:
618 ret = close_collection(parser);
619 break;
620 case HID_MAIN_ITEM_TAG_INPUT:
621 ret = hid_add_field(parser, HID_INPUT_REPORT, data);
622 break;
623 case HID_MAIN_ITEM_TAG_OUTPUT:
624 ret = hid_add_field(parser, HID_OUTPUT_REPORT, data);
625 break;
626 case HID_MAIN_ITEM_TAG_FEATURE:
627 ret = hid_add_field(parser, HID_FEATURE_REPORT, data);
628 break;
629 default:
630 hid_warn(parser->device, "unknown main item tag 0x%x\n", item->tag);
631 ret = 0;
632 }
633
634 memset(&parser->local, 0, sizeof(parser->local)); /* Reset the local parser environment */
635
636 return ret;
637}
638
639/*
640 * Process a reserved item.
641 */
642
643static int hid_parser_reserved(struct hid_parser *parser, struct hid_item *item)
644{
645 dbg_hid("reserved item type, tag 0x%x\n", item->tag);
646 return 0;
647}
648
649/*
650 * Free a report and all registered fields. The field->usage and
651 * field->value table's are allocated behind the field, so we need
652 * only to free(field) itself.
653 */
654
655static void hid_free_report(struct hid_report *report)
656{
657 unsigned n;
658
659 for (n = 0; n < report->maxfield; n++)
660 kfree(report->field[n]);
661 kfree(report);
662}
663
664/*
665 * Close report. This function returns the device
666 * state to the point prior to hid_open_report().
667 */
668static void hid_close_report(struct hid_device *device)
669{
670 unsigned i, j;
671
672 for (i = 0; i < HID_REPORT_TYPES; i++) {
673 struct hid_report_enum *report_enum = device->report_enum + i;
674
675 for (j = 0; j < HID_MAX_IDS; j++) {
676 struct hid_report *report = report_enum->report_id_hash[j];
677 if (report)
678 hid_free_report(report);
679 }
680 memset(report_enum, 0, sizeof(*report_enum));
681 INIT_LIST_HEAD(&report_enum->report_list);
682 }
683
684 kfree(device->rdesc);
685 device->rdesc = NULL;
686 device->rsize = 0;
687
688 kfree(device->collection);
689 device->collection = NULL;
690 device->collection_size = 0;
691 device->maxcollection = 0;
692 device->maxapplication = 0;
693
694 device->status &= ~HID_STAT_PARSED;
695}
696
697/*
698 * Free a device structure, all reports, and all fields.
699 */
700
701static void hid_device_release(struct device *dev)
702{
703 struct hid_device *hid = to_hid_device(dev);
704
705 hid_close_report(hid);
706 kfree(hid->dev_rdesc);
707 kfree(hid);
708}
709
710/*
711 * Fetch a report description item from the data stream. We support long
712 * items, though they are not used yet.
713 */
714
715static u8 *fetch_item(__u8 *start, __u8 *end, struct hid_item *item)
716{
717 u8 b;
718
719 if ((end - start) <= 0)
720 return NULL;
721
722 b = *start++;
723
724 item->type = (b >> 2) & 3;
725 item->tag = (b >> 4) & 15;
726
727 if (item->tag == HID_ITEM_TAG_LONG) {
728
729 item->format = HID_ITEM_FORMAT_LONG;
730
731 if ((end - start) < 2)
732 return NULL;
733
734 item->size = *start++;
735 item->tag = *start++;
736
737 if ((end - start) < item->size)
738 return NULL;
739
740 item->data.longdata = start;
741 start += item->size;
742 return start;
743 }
744
745 item->format = HID_ITEM_FORMAT_SHORT;
746 item->size = b & 3;
747
748 switch (item->size) {
749 case 0:
750 return start;
751
752 case 1:
753 if ((end - start) < 1)
754 return NULL;
755 item->data.u8 = *start++;
756 return start;
757
758 case 2:
759 if ((end - start) < 2)
760 return NULL;
761 item->data.u16 = get_unaligned_le16(start);
762 start = (__u8 *)((__le16 *)start + 1);
763 return start;
764
765 case 3:
766 item->size++;
767 if ((end - start) < 4)
768 return NULL;
769 item->data.u32 = get_unaligned_le32(start);
770 start = (__u8 *)((__le32 *)start + 1);
771 return start;
772 }
773
774 return NULL;
775}
776
777static void hid_scan_input_usage(struct hid_parser *parser, u32 usage)
778{
779 struct hid_device *hid = parser->device;
780
781 if (usage == HID_DG_CONTACTID)
782 hid->group = HID_GROUP_MULTITOUCH;
783}
784
785static void hid_scan_feature_usage(struct hid_parser *parser, u32 usage)
786{
787 if (usage == 0xff0000c5 && parser->global.report_count == 256 &&
788 parser->global.report_size == 8)
789 parser->scan_flags |= HID_SCAN_FLAG_MT_WIN_8;
790
791 if (usage == 0xff0000c6 && parser->global.report_count == 1 &&
792 parser->global.report_size == 8)
793 parser->scan_flags |= HID_SCAN_FLAG_MT_WIN_8;
794}
795
796static void hid_scan_collection(struct hid_parser *parser, unsigned type)
797{
798 struct hid_device *hid = parser->device;
799 int i;
800
801 if (((parser->global.usage_page << 16) == HID_UP_SENSOR) &&
802 type == HID_COLLECTION_PHYSICAL)
803 hid->group = HID_GROUP_SENSOR_HUB;
804
805 if (hid->vendor == USB_VENDOR_ID_MICROSOFT &&
806 hid->product == USB_DEVICE_ID_MS_POWER_COVER &&
807 hid->group == HID_GROUP_MULTITOUCH)
808 hid->group = HID_GROUP_GENERIC;
809
810 if ((parser->global.usage_page << 16) == HID_UP_GENDESK)
811 for (i = 0; i < parser->local.usage_index; i++)
812 if (parser->local.usage[i] == HID_GD_POINTER)
813 parser->scan_flags |= HID_SCAN_FLAG_GD_POINTER;
814
815 if ((parser->global.usage_page << 16) >= HID_UP_MSVENDOR)
816 parser->scan_flags |= HID_SCAN_FLAG_VENDOR_SPECIFIC;
817}
818
819static int hid_scan_main(struct hid_parser *parser, struct hid_item *item)
820{
821 __u32 data;
822 int i;
823
824 hid_concatenate_last_usage_page(parser);
825
826 data = item_udata(item);
827
828 switch (item->tag) {
829 case HID_MAIN_ITEM_TAG_BEGIN_COLLECTION:
830 hid_scan_collection(parser, data & 0xff);
831 break;
832 case HID_MAIN_ITEM_TAG_END_COLLECTION:
833 break;
834 case HID_MAIN_ITEM_TAG_INPUT:
835 /* ignore constant inputs, they will be ignored by hid-input */
836 if (data & HID_MAIN_ITEM_CONSTANT)
837 break;
838 for (i = 0; i < parser->local.usage_index; i++)
839 hid_scan_input_usage(parser, parser->local.usage[i]);
840 break;
841 case HID_MAIN_ITEM_TAG_OUTPUT:
842 break;
843 case HID_MAIN_ITEM_TAG_FEATURE:
844 for (i = 0; i < parser->local.usage_index; i++)
845 hid_scan_feature_usage(parser, parser->local.usage[i]);
846 break;
847 }
848
849 /* Reset the local parser environment */
850 memset(&parser->local, 0, sizeof(parser->local));
851
852 return 0;
853}
854
855/*
856 * Scan a report descriptor before the device is added to the bus.
857 * Sets device groups and other properties that determine what driver
858 * to load.
859 */
860static int hid_scan_report(struct hid_device *hid)
861{
862 struct hid_parser *parser;
863 struct hid_item item;
864 __u8 *start = hid->dev_rdesc;
865 __u8 *end = start + hid->dev_rsize;
866 static int (*dispatch_type[])(struct hid_parser *parser,
867 struct hid_item *item) = {
868 hid_scan_main,
869 hid_parser_global,
870 hid_parser_local,
871 hid_parser_reserved
872 };
873
874 parser = vzalloc(sizeof(struct hid_parser));
875 if (!parser)
876 return -ENOMEM;
877
878 parser->device = hid;
879 hid->group = HID_GROUP_GENERIC;
880
881 /*
882 * The parsing is simpler than the one in hid_open_report() as we should
883 * be robust against hid errors. Those errors will be raised by
884 * hid_open_report() anyway.
885 */
886 while ((start = fetch_item(start, end, &item)) != NULL)
887 dispatch_type[item.type](parser, &item);
888
889 /*
890 * Handle special flags set during scanning.
891 */
892 if ((parser->scan_flags & HID_SCAN_FLAG_MT_WIN_8) &&
893 (hid->group == HID_GROUP_MULTITOUCH))
894 hid->group = HID_GROUP_MULTITOUCH_WIN_8;
895
896 /*
897 * Vendor specific handlings
898 */
899 switch (hid->vendor) {
900 case USB_VENDOR_ID_WACOM:
901 hid->group = HID_GROUP_WACOM;
902 break;
903 case USB_VENDOR_ID_SYNAPTICS:
904 if (hid->group == HID_GROUP_GENERIC)
905 if ((parser->scan_flags & HID_SCAN_FLAG_VENDOR_SPECIFIC)
906 && (parser->scan_flags & HID_SCAN_FLAG_GD_POINTER))
907 /*
908 * hid-rmi should take care of them,
909 * not hid-generic
910 */
911 hid->group = HID_GROUP_RMI;
912 break;
913 }
914
915 kfree(parser->collection_stack);
916 vfree(parser);
917 return 0;
918}
919
920/**
921 * hid_parse_report - parse device report
922 *
923 * @device: hid device
924 * @start: report start
925 * @size: report size
926 *
927 * Allocate the device report as read by the bus driver. This function should
928 * only be called from parse() in ll drivers.
929 */
930int hid_parse_report(struct hid_device *hid, __u8 *start, unsigned size)
931{
932 hid->dev_rdesc = kmemdup(start, size, GFP_KERNEL);
933 if (!hid->dev_rdesc)
934 return -ENOMEM;
935 hid->dev_rsize = size;
936 return 0;
937}
938EXPORT_SYMBOL_GPL(hid_parse_report);
939
940static const char * const hid_report_names[] = {
941 "HID_INPUT_REPORT",
942 "HID_OUTPUT_REPORT",
943 "HID_FEATURE_REPORT",
944};
945/**
946 * hid_validate_values - validate existing device report's value indexes
947 *
948 * @device: hid device
949 * @type: which report type to examine
950 * @id: which report ID to examine (0 for first)
951 * @field_index: which report field to examine
952 * @report_counts: expected number of values
953 *
954 * Validate the number of values in a given field of a given report, after
955 * parsing.
956 */
957struct hid_report *hid_validate_values(struct hid_device *hid,
958 unsigned int type, unsigned int id,
959 unsigned int field_index,
960 unsigned int report_counts)
961{
962 struct hid_report *report;
963
964 if (type > HID_FEATURE_REPORT) {
965 hid_err(hid, "invalid HID report type %u\n", type);
966 return NULL;
967 }
968
969 if (id >= HID_MAX_IDS) {
970 hid_err(hid, "invalid HID report id %u\n", id);
971 return NULL;
972 }
973
974 /*
975 * Explicitly not using hid_get_report() here since it depends on
976 * ->numbered being checked, which may not always be the case when
977 * drivers go to access report values.
978 */
979 if (id == 0) {
980 /*
981 * Validating on id 0 means we should examine the first
982 * report in the list.
983 */
984 report = list_entry(
985 hid->report_enum[type].report_list.next,
986 struct hid_report, list);
987 } else {
988 report = hid->report_enum[type].report_id_hash[id];
989 }
990 if (!report) {
991 hid_err(hid, "missing %s %u\n", hid_report_names[type], id);
992 return NULL;
993 }
994 if (report->maxfield <= field_index) {
995 hid_err(hid, "not enough fields in %s %u\n",
996 hid_report_names[type], id);
997 return NULL;
998 }
999 if (report->field[field_index]->report_count < report_counts) {
1000 hid_err(hid, "not enough values in %s %u field %u\n",
1001 hid_report_names[type], id, field_index);
1002 return NULL;
1003 }
1004 return report;
1005}
1006EXPORT_SYMBOL_GPL(hid_validate_values);
1007
1008static int hid_calculate_multiplier(struct hid_device *hid,
1009 struct hid_field *multiplier)
1010{
1011 int m;
1012 __s32 v = *multiplier->value;
1013 __s32 lmin = multiplier->logical_minimum;
1014 __s32 lmax = multiplier->logical_maximum;
1015 __s32 pmin = multiplier->physical_minimum;
1016 __s32 pmax = multiplier->physical_maximum;
1017
1018 /*
1019 * "Because OS implementations will generally divide the control's
1020 * reported count by the Effective Resolution Multiplier, designers
1021 * should take care not to establish a potential Effective
1022 * Resolution Multiplier of zero."
1023 * HID Usage Table, v1.12, Section 4.3.1, p31
1024 */
1025 if (lmax - lmin == 0)
1026 return 1;
1027 /*
1028 * Handling the unit exponent is left as an exercise to whoever
1029 * finds a device where that exponent is not 0.
1030 */
1031 m = ((v - lmin)/(lmax - lmin) * (pmax - pmin) + pmin);
1032 if (unlikely(multiplier->unit_exponent != 0)) {
1033 hid_warn(hid,
1034 "unsupported Resolution Multiplier unit exponent %d\n",
1035 multiplier->unit_exponent);
1036 }
1037
1038 /* There are no devices with an effective multiplier > 255 */
1039 if (unlikely(m == 0 || m > 255 || m < -255)) {
1040 hid_warn(hid, "unsupported Resolution Multiplier %d\n", m);
1041 m = 1;
1042 }
1043
1044 return m;
1045}
1046
1047static void hid_apply_multiplier_to_field(struct hid_device *hid,
1048 struct hid_field *field,
1049 struct hid_collection *multiplier_collection,
1050 int effective_multiplier)
1051{
1052 struct hid_collection *collection;
1053 struct hid_usage *usage;
1054 int i;
1055
1056 /*
1057 * If multiplier_collection is NULL, the multiplier applies
1058 * to all fields in the report.
1059 * Otherwise, it is the Logical Collection the multiplier applies to
1060 * but our field may be in a subcollection of that collection.
1061 */
1062 for (i = 0; i < field->maxusage; i++) {
1063 usage = &field->usage[i];
1064
1065 collection = &hid->collection[usage->collection_index];
1066 while (collection->parent_idx != -1 &&
1067 collection != multiplier_collection)
1068 collection = &hid->collection[collection->parent_idx];
1069
1070 if (collection->parent_idx != -1 ||
1071 multiplier_collection == NULL)
1072 usage->resolution_multiplier = effective_multiplier;
1073
1074 }
1075}
1076
1077static void hid_apply_multiplier(struct hid_device *hid,
1078 struct hid_field *multiplier)
1079{
1080 struct hid_report_enum *rep_enum;
1081 struct hid_report *rep;
1082 struct hid_field *field;
1083 struct hid_collection *multiplier_collection;
1084 int effective_multiplier;
1085 int i;
1086
1087 /*
1088 * "The Resolution Multiplier control must be contained in the same
1089 * Logical Collection as the control(s) to which it is to be applied.
1090 * If no Resolution Multiplier is defined, then the Resolution
1091 * Multiplier defaults to 1. If more than one control exists in a
1092 * Logical Collection, the Resolution Multiplier is associated with
1093 * all controls in the collection. If no Logical Collection is
1094 * defined, the Resolution Multiplier is associated with all
1095 * controls in the report."
1096 * HID Usage Table, v1.12, Section 4.3.1, p30
1097 *
1098 * Thus, search from the current collection upwards until we find a
1099 * logical collection. Then search all fields for that same parent
1100 * collection. Those are the fields the multiplier applies to.
1101 *
1102 * If we have more than one multiplier, it will overwrite the
1103 * applicable fields later.
1104 */
1105 multiplier_collection = &hid->collection[multiplier->usage->collection_index];
1106 while (multiplier_collection->parent_idx != -1 &&
1107 multiplier_collection->type != HID_COLLECTION_LOGICAL)
1108 multiplier_collection = &hid->collection[multiplier_collection->parent_idx];
1109
1110 effective_multiplier = hid_calculate_multiplier(hid, multiplier);
1111
1112 rep_enum = &hid->report_enum[HID_INPUT_REPORT];
1113 list_for_each_entry(rep, &rep_enum->report_list, list) {
1114 for (i = 0; i < rep->maxfield; i++) {
1115 field = rep->field[i];
1116 hid_apply_multiplier_to_field(hid, field,
1117 multiplier_collection,
1118 effective_multiplier);
1119 }
1120 }
1121}
1122
1123/*
1124 * hid_setup_resolution_multiplier - set up all resolution multipliers
1125 *
1126 * @device: hid device
1127 *
1128 * Search for all Resolution Multiplier Feature Reports and apply their
1129 * value to all matching Input items. This only updates the internal struct
1130 * fields.
1131 *
1132 * The Resolution Multiplier is applied by the hardware. If the multiplier
1133 * is anything other than 1, the hardware will send pre-multiplied events
1134 * so that the same physical interaction generates an accumulated
1135 * accumulated_value = value * * multiplier
1136 * This may be achieved by sending
1137 * - "value * multiplier" for each event, or
1138 * - "value" but "multiplier" times as frequently, or
1139 * - a combination of the above
1140 * The only guarantee is that the same physical interaction always generates
1141 * an accumulated 'value * multiplier'.
1142 *
1143 * This function must be called before any event processing and after
1144 * any SetRequest to the Resolution Multiplier.
1145 */
1146void hid_setup_resolution_multiplier(struct hid_device *hid)
1147{
1148 struct hid_report_enum *rep_enum;
1149 struct hid_report *rep;
1150 struct hid_usage *usage;
1151 int i, j;
1152
1153 rep_enum = &hid->report_enum[HID_FEATURE_REPORT];
1154 list_for_each_entry(rep, &rep_enum->report_list, list) {
1155 for (i = 0; i < rep->maxfield; i++) {
1156 /* Ignore if report count is out of bounds. */
1157 if (rep->field[i]->report_count < 1)
1158 continue;
1159
1160 for (j = 0; j < rep->field[i]->maxusage; j++) {
1161 usage = &rep->field[i]->usage[j];
1162 if (usage->hid == HID_GD_RESOLUTION_MULTIPLIER)
1163 hid_apply_multiplier(hid,
1164 rep->field[i]);
1165 }
1166 }
1167 }
1168}
1169EXPORT_SYMBOL_GPL(hid_setup_resolution_multiplier);
1170
1171/**
1172 * hid_open_report - open a driver-specific device report
1173 *
1174 * @device: hid device
1175 *
1176 * Parse a report description into a hid_device structure. Reports are
1177 * enumerated, fields are attached to these reports.
1178 * 0 returned on success, otherwise nonzero error value.
1179 *
1180 * This function (or the equivalent hid_parse() macro) should only be
1181 * called from probe() in drivers, before starting the device.
1182 */
1183int hid_open_report(struct hid_device *device)
1184{
1185 struct hid_parser *parser;
1186 struct hid_item item;
1187 unsigned int size;
1188 __u8 *start;
1189 __u8 *buf;
1190 __u8 *end;
1191 __u8 *next;
1192 int ret;
1193 static int (*dispatch_type[])(struct hid_parser *parser,
1194 struct hid_item *item) = {
1195 hid_parser_main,
1196 hid_parser_global,
1197 hid_parser_local,
1198 hid_parser_reserved
1199 };
1200
1201 if (WARN_ON(device->status & HID_STAT_PARSED))
1202 return -EBUSY;
1203
1204 start = device->dev_rdesc;
1205 if (WARN_ON(!start))
1206 return -ENODEV;
1207 size = device->dev_rsize;
1208
1209 buf = kmemdup(start, size, GFP_KERNEL);
1210 if (buf == NULL)
1211 return -ENOMEM;
1212
1213 if (device->driver->report_fixup)
1214 start = device->driver->report_fixup(device, buf, &size);
1215 else
1216 start = buf;
1217
1218 start = kmemdup(start, size, GFP_KERNEL);
1219 kfree(buf);
1220 if (start == NULL)
1221 return -ENOMEM;
1222
1223 device->rdesc = start;
1224 device->rsize = size;
1225
1226 parser = vzalloc(sizeof(struct hid_parser));
1227 if (!parser) {
1228 ret = -ENOMEM;
1229 goto alloc_err;
1230 }
1231
1232 parser->device = device;
1233
1234 end = start + size;
1235
1236 device->collection = kcalloc(HID_DEFAULT_NUM_COLLECTIONS,
1237 sizeof(struct hid_collection), GFP_KERNEL);
1238 if (!device->collection) {
1239 ret = -ENOMEM;
1240 goto err;
1241 }
1242 device->collection_size = HID_DEFAULT_NUM_COLLECTIONS;
1243
1244 ret = -EINVAL;
1245 while ((next = fetch_item(start, end, &item)) != NULL) {
1246 start = next;
1247
1248 if (item.format != HID_ITEM_FORMAT_SHORT) {
1249 hid_err(device, "unexpected long global item\n");
1250 goto err;
1251 }
1252
1253 if (dispatch_type[item.type](parser, &item)) {
1254 hid_err(device, "item %u %u %u %u parsing failed\n",
1255 item.format, (unsigned)item.size,
1256 (unsigned)item.type, (unsigned)item.tag);
1257 goto err;
1258 }
1259
1260 if (start == end) {
1261 if (parser->collection_stack_ptr) {
1262 hid_err(device, "unbalanced collection at end of report description\n");
1263 goto err;
1264 }
1265 if (parser->local.delimiter_depth) {
1266 hid_err(device, "unbalanced delimiter at end of report description\n");
1267 goto err;
1268 }
1269
1270 /*
1271 * fetch initial values in case the device's
1272 * default multiplier isn't the recommended 1
1273 */
1274 hid_setup_resolution_multiplier(device);
1275
1276 kfree(parser->collection_stack);
1277 vfree(parser);
1278 device->status |= HID_STAT_PARSED;
1279
1280 return 0;
1281 }
1282 }
1283
1284 hid_err(device, "item fetching failed at offset %u/%u\n",
1285 size - (unsigned int)(end - start), size);
1286err:
1287 kfree(parser->collection_stack);
1288alloc_err:
1289 vfree(parser);
1290 hid_close_report(device);
1291 return ret;
1292}
1293EXPORT_SYMBOL_GPL(hid_open_report);
1294
1295/*
1296 * Convert a signed n-bit integer to signed 32-bit integer. Common
1297 * cases are done through the compiler, the screwed things has to be
1298 * done by hand.
1299 */
1300
1301static s32 snto32(__u32 value, unsigned n)
1302{
1303 switch (n) {
1304 case 8: return ((__s8)value);
1305 case 16: return ((__s16)value);
1306 case 32: return ((__s32)value);
1307 }
1308 return value & (1 << (n - 1)) ? value | (~0U << n) : value;
1309}
1310
1311s32 hid_snto32(__u32 value, unsigned n)
1312{
1313 return snto32(value, n);
1314}
1315EXPORT_SYMBOL_GPL(hid_snto32);
1316
1317/*
1318 * Convert a signed 32-bit integer to a signed n-bit integer.
1319 */
1320
1321static u32 s32ton(__s32 value, unsigned n)
1322{
1323 s32 a = value >> (n - 1);
1324 if (a && a != -1)
1325 return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
1326 return value & ((1 << n) - 1);
1327}
1328
1329/*
1330 * Extract/implement a data field from/to a little endian report (bit array).
1331 *
1332 * Code sort-of follows HID spec:
1333 * http://www.usb.org/developers/hidpage/HID1_11.pdf
1334 *
1335 * While the USB HID spec allows unlimited length bit fields in "report
1336 * descriptors", most devices never use more than 16 bits.
1337 * One model of UPS is claimed to report "LINEV" as a 32-bit field.
1338 * Search linux-kernel and linux-usb-devel archives for "hid-core extract".
1339 */
1340
1341static u32 __extract(u8 *report, unsigned offset, int n)
1342{
1343 unsigned int idx = offset / 8;
1344 unsigned int bit_nr = 0;
1345 unsigned int bit_shift = offset % 8;
1346 int bits_to_copy = 8 - bit_shift;
1347 u32 value = 0;
1348 u32 mask = n < 32 ? (1U << n) - 1 : ~0U;
1349
1350 while (n > 0) {
1351 value |= ((u32)report[idx] >> bit_shift) << bit_nr;
1352 n -= bits_to_copy;
1353 bit_nr += bits_to_copy;
1354 bits_to_copy = 8;
1355 bit_shift = 0;
1356 idx++;
1357 }
1358
1359 return value & mask;
1360}
1361
1362u32 hid_field_extract(const struct hid_device *hid, u8 *report,
1363 unsigned offset, unsigned n)
1364{
1365 if (n > 32) {
1366 hid_warn_once(hid, "%s() called with n (%d) > 32! (%s)\n",
1367 __func__, n, current->comm);
1368 n = 32;
1369 }
1370
1371 return __extract(report, offset, n);
1372}
1373EXPORT_SYMBOL_GPL(hid_field_extract);
1374
1375/*
1376 * "implement" : set bits in a little endian bit stream.
1377 * Same concepts as "extract" (see comments above).
1378 * The data mangled in the bit stream remains in little endian
1379 * order the whole time. It make more sense to talk about
1380 * endianness of register values by considering a register
1381 * a "cached" copy of the little endian bit stream.
1382 */
1383
1384static void __implement(u8 *report, unsigned offset, int n, u32 value)
1385{
1386 unsigned int idx = offset / 8;
1387 unsigned int bit_shift = offset % 8;
1388 int bits_to_set = 8 - bit_shift;
1389
1390 while (n - bits_to_set >= 0) {
1391 report[idx] &= ~(0xff << bit_shift);
1392 report[idx] |= value << bit_shift;
1393 value >>= bits_to_set;
1394 n -= bits_to_set;
1395 bits_to_set = 8;
1396 bit_shift = 0;
1397 idx++;
1398 }
1399
1400 /* last nibble */
1401 if (n) {
1402 u8 bit_mask = ((1U << n) - 1);
1403 report[idx] &= ~(bit_mask << bit_shift);
1404 report[idx] |= value << bit_shift;
1405 }
1406}
1407
1408static void implement(const struct hid_device *hid, u8 *report,
1409 unsigned offset, unsigned n, u32 value)
1410{
1411 if (unlikely(n > 32)) {
1412 hid_warn(hid, "%s() called with n (%d) > 32! (%s)\n",
1413 __func__, n, current->comm);
1414 n = 32;
1415 } else if (n < 32) {
1416 u32 m = (1U << n) - 1;
1417
1418 if (unlikely(value > m)) {
1419 hid_warn(hid,
1420 "%s() called with too large value %d (n: %d)! (%s)\n",
1421 __func__, value, n, current->comm);
1422 WARN_ON(1);
1423 value &= m;
1424 }
1425 }
1426
1427 __implement(report, offset, n, value);
1428}
1429
1430/*
1431 * Search an array for a value.
1432 */
1433
1434static int search(__s32 *array, __s32 value, unsigned n)
1435{
1436 while (n--) {
1437 if (*array++ == value)
1438 return 0;
1439 }
1440 return -1;
1441}
1442
1443/**
1444 * hid_match_report - check if driver's raw_event should be called
1445 *
1446 * @hid: hid device
1447 * @report_type: type to match against
1448 *
1449 * compare hid->driver->report_table->report_type to report->type
1450 */
1451static int hid_match_report(struct hid_device *hid, struct hid_report *report)
1452{
1453 const struct hid_report_id *id = hid->driver->report_table;
1454
1455 if (!id) /* NULL means all */
1456 return 1;
1457
1458 for (; id->report_type != HID_TERMINATOR; id++)
1459 if (id->report_type == HID_ANY_ID ||
1460 id->report_type == report->type)
1461 return 1;
1462 return 0;
1463}
1464
1465/**
1466 * hid_match_usage - check if driver's event should be called
1467 *
1468 * @hid: hid device
1469 * @usage: usage to match against
1470 *
1471 * compare hid->driver->usage_table->usage_{type,code} to
1472 * usage->usage_{type,code}
1473 */
1474static int hid_match_usage(struct hid_device *hid, struct hid_usage *usage)
1475{
1476 const struct hid_usage_id *id = hid->driver->usage_table;
1477
1478 if (!id) /* NULL means all */
1479 return 1;
1480
1481 for (; id->usage_type != HID_ANY_ID - 1; id++)
1482 if ((id->usage_hid == HID_ANY_ID ||
1483 id->usage_hid == usage->hid) &&
1484 (id->usage_type == HID_ANY_ID ||
1485 id->usage_type == usage->type) &&
1486 (id->usage_code == HID_ANY_ID ||
1487 id->usage_code == usage->code))
1488 return 1;
1489 return 0;
1490}
1491
1492static void hid_process_event(struct hid_device *hid, struct hid_field *field,
1493 struct hid_usage *usage, __s32 value, int interrupt)
1494{
1495 struct hid_driver *hdrv = hid->driver;
1496 int ret;
1497
1498 if (!list_empty(&hid->debug_list))
1499 hid_dump_input(hid, usage, value);
1500
1501 if (hdrv && hdrv->event && hid_match_usage(hid, usage)) {
1502 ret = hdrv->event(hid, field, usage, value);
1503 if (ret != 0) {
1504 if (ret < 0)
1505 hid_err(hid, "%s's event failed with %d\n",
1506 hdrv->name, ret);
1507 return;
1508 }
1509 }
1510
1511 if (hid->claimed & HID_CLAIMED_INPUT)
1512 hidinput_hid_event(hid, field, usage, value);
1513 if (hid->claimed & HID_CLAIMED_HIDDEV && interrupt && hid->hiddev_hid_event)
1514 hid->hiddev_hid_event(hid, field, usage, value);
1515}
1516
1517/*
1518 * Analyse a received field, and fetch the data from it. The field
1519 * content is stored for next report processing (we do differential
1520 * reporting to the layer).
1521 */
1522
1523static void hid_input_field(struct hid_device *hid, struct hid_field *field,
1524 __u8 *data, int interrupt)
1525{
1526 unsigned n;
1527 unsigned count = field->report_count;
1528 unsigned offset = field->report_offset;
1529 unsigned size = field->report_size;
1530 __s32 min = field->logical_minimum;
1531 __s32 max = field->logical_maximum;
1532 __s32 *value;
1533
1534 value = kmalloc_array(count, sizeof(__s32), GFP_ATOMIC);
1535 if (!value)
1536 return;
1537
1538 for (n = 0; n < count; n++) {
1539
1540 value[n] = min < 0 ?
1541 snto32(hid_field_extract(hid, data, offset + n * size,
1542 size), size) :
1543 hid_field_extract(hid, data, offset + n * size, size);
1544
1545 /* Ignore report if ErrorRollOver */
1546 if (!(field->flags & HID_MAIN_ITEM_VARIABLE) &&
1547 value[n] >= min && value[n] <= max &&
1548 value[n] - min < field->maxusage &&
1549 field->usage[value[n] - min].hid == HID_UP_KEYBOARD + 1)
1550 goto exit;
1551 }
1552
1553 for (n = 0; n < count; n++) {
1554
1555 if (HID_MAIN_ITEM_VARIABLE & field->flags) {
1556 hid_process_event(hid, field, &field->usage[n], value[n], interrupt);
1557 continue;
1558 }
1559
1560 if (field->value[n] >= min && field->value[n] <= max
1561 && field->value[n] - min < field->maxusage
1562 && field->usage[field->value[n] - min].hid
1563 && search(value, field->value[n], count))
1564 hid_process_event(hid, field, &field->usage[field->value[n] - min], 0, interrupt);
1565
1566 if (value[n] >= min && value[n] <= max
1567 && value[n] - min < field->maxusage
1568 && field->usage[value[n] - min].hid
1569 && search(field->value, value[n], count))
1570 hid_process_event(hid, field, &field->usage[value[n] - min], 1, interrupt);
1571 }
1572
1573 memcpy(field->value, value, count * sizeof(__s32));
1574exit:
1575 kfree(value);
1576}
1577
1578/*
1579 * Output the field into the report.
1580 */
1581
1582static void hid_output_field(const struct hid_device *hid,
1583 struct hid_field *field, __u8 *data)
1584{
1585 unsigned count = field->report_count;
1586 unsigned offset = field->report_offset;
1587 unsigned size = field->report_size;
1588 unsigned n;
1589
1590 for (n = 0; n < count; n++) {
1591 if (field->logical_minimum < 0) /* signed values */
1592 implement(hid, data, offset + n * size, size,
1593 s32ton(field->value[n], size));
1594 else /* unsigned values */
1595 implement(hid, data, offset + n * size, size,
1596 field->value[n]);
1597 }
1598}
1599
1600/*
1601 * Compute the size of a report.
1602 */
1603static size_t hid_compute_report_size(struct hid_report *report)
1604{
1605 if (report->size)
1606 return ((report->size - 1) >> 3) + 1;
1607
1608 return 0;
1609}
1610
1611/*
1612 * Create a report. 'data' has to be allocated using
1613 * hid_alloc_report_buf() so that it has proper size.
1614 */
1615
1616void hid_output_report(struct hid_report *report, __u8 *data)
1617{
1618 unsigned n;
1619
1620 if (report->id > 0)
1621 *data++ = report->id;
1622
1623 memset(data, 0, hid_compute_report_size(report));
1624 for (n = 0; n < report->maxfield; n++)
1625 hid_output_field(report->device, report->field[n], data);
1626}
1627EXPORT_SYMBOL_GPL(hid_output_report);
1628
1629/*
1630 * Allocator for buffer that is going to be passed to hid_output_report()
1631 */
1632u8 *hid_alloc_report_buf(struct hid_report *report, gfp_t flags)
1633{
1634 /*
1635 * 7 extra bytes are necessary to achieve proper functionality
1636 * of implement() working on 8 byte chunks
1637 */
1638
1639 u32 len = hid_report_len(report) + 7;
1640
1641 return kmalloc(len, flags);
1642}
1643EXPORT_SYMBOL_GPL(hid_alloc_report_buf);
1644
1645/*
1646 * Set a field value. The report this field belongs to has to be
1647 * created and transferred to the device, to set this value in the
1648 * device.
1649 */
1650
1651int hid_set_field(struct hid_field *field, unsigned offset, __s32 value)
1652{
1653 unsigned size;
1654
1655 if (!field)
1656 return -1;
1657
1658 size = field->report_size;
1659
1660 hid_dump_input(field->report->device, field->usage + offset, value);
1661
1662 if (offset >= field->report_count) {
1663 hid_err(field->report->device, "offset (%d) exceeds report_count (%d)\n",
1664 offset, field->report_count);
1665 return -1;
1666 }
1667 if (field->logical_minimum < 0) {
1668 if (value != snto32(s32ton(value, size), size)) {
1669 hid_err(field->report->device, "value %d is out of range\n", value);
1670 return -1;
1671 }
1672 }
1673 field->value[offset] = value;
1674 return 0;
1675}
1676EXPORT_SYMBOL_GPL(hid_set_field);
1677
1678static struct hid_report *hid_get_report(struct hid_report_enum *report_enum,
1679 const u8 *data)
1680{
1681 struct hid_report *report;
1682 unsigned int n = 0; /* Normally report number is 0 */
1683
1684 /* Device uses numbered reports, data[0] is report number */
1685 if (report_enum->numbered)
1686 n = *data;
1687
1688 report = report_enum->report_id_hash[n];
1689 if (report == NULL)
1690 dbg_hid("undefined report_id %u received\n", n);
1691
1692 return report;
1693}
1694
1695/*
1696 * Implement a generic .request() callback, using .raw_request()
1697 * DO NOT USE in hid drivers directly, but through hid_hw_request instead.
1698 */
1699int __hid_request(struct hid_device *hid, struct hid_report *report,
1700 int reqtype)
1701{
1702 char *buf;
1703 int ret;
1704 u32 len;
1705
1706 buf = hid_alloc_report_buf(report, GFP_KERNEL);
1707 if (!buf)
1708 return -ENOMEM;
1709
1710 len = hid_report_len(report);
1711
1712 if (reqtype == HID_REQ_SET_REPORT)
1713 hid_output_report(report, buf);
1714
1715 ret = hid->ll_driver->raw_request(hid, report->id, buf, len,
1716 report->type, reqtype);
1717 if (ret < 0) {
1718 dbg_hid("unable to complete request: %d\n", ret);
1719 goto out;
1720 }
1721
1722 if (reqtype == HID_REQ_GET_REPORT)
1723 hid_input_report(hid, report->type, buf, ret, 0);
1724
1725 ret = 0;
1726
1727out:
1728 kfree(buf);
1729 return ret;
1730}
1731EXPORT_SYMBOL_GPL(__hid_request);
1732
1733int hid_report_raw_event(struct hid_device *hid, int type, u8 *data, u32 size,
1734 int interrupt)
1735{
1736 struct hid_report_enum *report_enum = hid->report_enum + type;
1737 struct hid_report *report;
1738 struct hid_driver *hdrv;
1739 unsigned int a;
1740 u32 rsize, csize = size;
1741 u8 *cdata = data;
1742 int ret = 0;
1743
1744 report = hid_get_report(report_enum, data);
1745 if (!report)
1746 goto out;
1747
1748 if (report_enum->numbered) {
1749 cdata++;
1750 csize--;
1751 }
1752
1753 rsize = hid_compute_report_size(report);
1754
1755 if (report_enum->numbered && rsize >= HID_MAX_BUFFER_SIZE)
1756 rsize = HID_MAX_BUFFER_SIZE - 1;
1757 else if (rsize > HID_MAX_BUFFER_SIZE)
1758 rsize = HID_MAX_BUFFER_SIZE;
1759
1760 if (csize < rsize) {
1761 dbg_hid("report %d is too short, (%d < %d)\n", report->id,
1762 csize, rsize);
1763 memset(cdata + csize, 0, rsize - csize);
1764 }
1765
1766 if ((hid->claimed & HID_CLAIMED_HIDDEV) && hid->hiddev_report_event)
1767 hid->hiddev_report_event(hid, report);
1768 if (hid->claimed & HID_CLAIMED_HIDRAW) {
1769 ret = hidraw_report_event(hid, data, size);
1770 if (ret)
1771 goto out;
1772 }
1773
1774 if (hid->claimed != HID_CLAIMED_HIDRAW && report->maxfield) {
1775 for (a = 0; a < report->maxfield; a++)
1776 hid_input_field(hid, report->field[a], cdata, interrupt);
1777 hdrv = hid->driver;
1778 if (hdrv && hdrv->report)
1779 hdrv->report(hid, report);
1780 }
1781
1782 if (hid->claimed & HID_CLAIMED_INPUT)
1783 hidinput_report_event(hid, report);
1784out:
1785 return ret;
1786}
1787EXPORT_SYMBOL_GPL(hid_report_raw_event);
1788
1789/**
1790 * hid_input_report - report data from lower layer (usb, bt...)
1791 *
1792 * @hid: hid device
1793 * @type: HID report type (HID_*_REPORT)
1794 * @data: report contents
1795 * @size: size of data parameter
1796 * @interrupt: distinguish between interrupt and control transfers
1797 *
1798 * This is data entry for lower layers.
1799 */
1800int hid_input_report(struct hid_device *hid, int type, u8 *data, u32 size, int interrupt)
1801{
1802 struct hid_report_enum *report_enum;
1803 struct hid_driver *hdrv;
1804 struct hid_report *report;
1805 int ret = 0;
1806
1807 if (!hid)
1808 return -ENODEV;
1809
1810 if (down_trylock(&hid->driver_input_lock))
1811 return -EBUSY;
1812
1813 if (!hid->driver) {
1814 ret = -ENODEV;
1815 goto unlock;
1816 }
1817 report_enum = hid->report_enum + type;
1818 hdrv = hid->driver;
1819
1820 if (!size) {
1821 dbg_hid("empty report\n");
1822 ret = -1;
1823 goto unlock;
1824 }
1825
1826 /* Avoid unnecessary overhead if debugfs is disabled */
1827 if (!list_empty(&hid->debug_list))
1828 hid_dump_report(hid, type, data, size);
1829
1830 report = hid_get_report(report_enum, data);
1831
1832 if (!report) {
1833 ret = -1;
1834 goto unlock;
1835 }
1836
1837 if (hdrv && hdrv->raw_event && hid_match_report(hid, report)) {
1838 ret = hdrv->raw_event(hid, report, data, size);
1839 if (ret < 0)
1840 goto unlock;
1841 }
1842
1843 ret = hid_report_raw_event(hid, type, data, size, interrupt);
1844
1845unlock:
1846 up(&hid->driver_input_lock);
1847 return ret;
1848}
1849EXPORT_SYMBOL_GPL(hid_input_report);
1850
1851bool hid_match_one_id(const struct hid_device *hdev,
1852 const struct hid_device_id *id)
1853{
1854 return (id->bus == HID_BUS_ANY || id->bus == hdev->bus) &&
1855 (id->group == HID_GROUP_ANY || id->group == hdev->group) &&
1856 (id->vendor == HID_ANY_ID || id->vendor == hdev->vendor) &&
1857 (id->product == HID_ANY_ID || id->product == hdev->product);
1858}
1859
1860const struct hid_device_id *hid_match_id(const struct hid_device *hdev,
1861 const struct hid_device_id *id)
1862{
1863 for (; id->bus; id++)
1864 if (hid_match_one_id(hdev, id))
1865 return id;
1866
1867 return NULL;
1868}
1869
1870static const struct hid_device_id hid_hiddev_list[] = {
1871 { HID_USB_DEVICE(USB_VENDOR_ID_MGE, USB_DEVICE_ID_MGE_UPS) },
1872 { HID_USB_DEVICE(USB_VENDOR_ID_MGE, USB_DEVICE_ID_MGE_UPS1) },
1873 { }
1874};
1875
1876static bool hid_hiddev(struct hid_device *hdev)
1877{
1878 return !!hid_match_id(hdev, hid_hiddev_list);
1879}
1880
1881
1882static ssize_t
1883read_report_descriptor(struct file *filp, struct kobject *kobj,
1884 struct bin_attribute *attr,
1885 char *buf, loff_t off, size_t count)
1886{
1887 struct device *dev = kobj_to_dev(kobj);
1888 struct hid_device *hdev = to_hid_device(dev);
1889
1890 if (off >= hdev->rsize)
1891 return 0;
1892
1893 if (off + count > hdev->rsize)
1894 count = hdev->rsize - off;
1895
1896 memcpy(buf, hdev->rdesc + off, count);
1897
1898 return count;
1899}
1900
1901static ssize_t
1902show_country(struct device *dev, struct device_attribute *attr,
1903 char *buf)
1904{
1905 struct hid_device *hdev = to_hid_device(dev);
1906
1907 return sprintf(buf, "%02x\n", hdev->country & 0xff);
1908}
1909
1910static struct bin_attribute dev_bin_attr_report_desc = {
1911 .attr = { .name = "report_descriptor", .mode = 0444 },
1912 .read = read_report_descriptor,
1913 .size = HID_MAX_DESCRIPTOR_SIZE,
1914};
1915
1916static const struct device_attribute dev_attr_country = {
1917 .attr = { .name = "country", .mode = 0444 },
1918 .show = show_country,
1919};
1920
1921int hid_connect(struct hid_device *hdev, unsigned int connect_mask)
1922{
1923 static const char *types[] = { "Device", "Pointer", "Mouse", "Device",
1924 "Joystick", "Gamepad", "Keyboard", "Keypad",
1925 "Multi-Axis Controller"
1926 };
1927 const char *type, *bus;
1928 char buf[64] = "";
1929 unsigned int i;
1930 int len;
1931 int ret;
1932
1933 if (hdev->quirks & HID_QUIRK_HIDDEV_FORCE)
1934 connect_mask |= (HID_CONNECT_HIDDEV_FORCE | HID_CONNECT_HIDDEV);
1935 if (hdev->quirks & HID_QUIRK_HIDINPUT_FORCE)
1936 connect_mask |= HID_CONNECT_HIDINPUT_FORCE;
1937 if (hdev->bus != BUS_USB)
1938 connect_mask &= ~HID_CONNECT_HIDDEV;
1939 if (hid_hiddev(hdev))
1940 connect_mask |= HID_CONNECT_HIDDEV_FORCE;
1941
1942 if ((connect_mask & HID_CONNECT_HIDINPUT) && !hidinput_connect(hdev,
1943 connect_mask & HID_CONNECT_HIDINPUT_FORCE))
1944 hdev->claimed |= HID_CLAIMED_INPUT;
1945
1946 if ((connect_mask & HID_CONNECT_HIDDEV) && hdev->hiddev_connect &&
1947 !hdev->hiddev_connect(hdev,
1948 connect_mask & HID_CONNECT_HIDDEV_FORCE))
1949 hdev->claimed |= HID_CLAIMED_HIDDEV;
1950 if ((connect_mask & HID_CONNECT_HIDRAW) && !hidraw_connect(hdev))
1951 hdev->claimed |= HID_CLAIMED_HIDRAW;
1952
1953 if (connect_mask & HID_CONNECT_DRIVER)
1954 hdev->claimed |= HID_CLAIMED_DRIVER;
1955
1956 /* Drivers with the ->raw_event callback set are not required to connect
1957 * to any other listener. */
1958 if (!hdev->claimed && !hdev->driver->raw_event) {
1959 hid_err(hdev, "device has no listeners, quitting\n");
1960 return -ENODEV;
1961 }
1962
1963 if ((hdev->claimed & HID_CLAIMED_INPUT) &&
1964 (connect_mask & HID_CONNECT_FF) && hdev->ff_init)
1965 hdev->ff_init(hdev);
1966
1967 len = 0;
1968 if (hdev->claimed & HID_CLAIMED_INPUT)
1969 len += sprintf(buf + len, "input");
1970 if (hdev->claimed & HID_CLAIMED_HIDDEV)
1971 len += sprintf(buf + len, "%shiddev%d", len ? "," : "",
1972 ((struct hiddev *)hdev->hiddev)->minor);
1973 if (hdev->claimed & HID_CLAIMED_HIDRAW)
1974 len += sprintf(buf + len, "%shidraw%d", len ? "," : "",
1975 ((struct hidraw *)hdev->hidraw)->minor);
1976
1977 type = "Device";
1978 for (i = 0; i < hdev->maxcollection; i++) {
1979 struct hid_collection *col = &hdev->collection[i];
1980 if (col->type == HID_COLLECTION_APPLICATION &&
1981 (col->usage & HID_USAGE_PAGE) == HID_UP_GENDESK &&
1982 (col->usage & 0xffff) < ARRAY_SIZE(types)) {
1983 type = types[col->usage & 0xffff];
1984 break;
1985 }
1986 }
1987
1988 switch (hdev->bus) {
1989 case BUS_USB:
1990 bus = "USB";
1991 break;
1992 case BUS_BLUETOOTH:
1993 bus = "BLUETOOTH";
1994 break;
1995 case BUS_I2C:
1996 bus = "I2C";
1997 break;
1998 default:
1999 bus = "<UNKNOWN>";
2000 }
2001
2002 ret = device_create_file(&hdev->dev, &dev_attr_country);
2003 if (ret)
2004 hid_warn(hdev,
2005 "can't create sysfs country code attribute err: %d\n", ret);
2006
2007 hid_info(hdev, "%s: %s HID v%x.%02x %s [%s] on %s\n",
2008 buf, bus, hdev->version >> 8, hdev->version & 0xff,
2009 type, hdev->name, hdev->phys);
2010
2011 return 0;
2012}
2013EXPORT_SYMBOL_GPL(hid_connect);
2014
2015void hid_disconnect(struct hid_device *hdev)
2016{
2017 device_remove_file(&hdev->dev, &dev_attr_country);
2018 if (hdev->claimed & HID_CLAIMED_INPUT)
2019 hidinput_disconnect(hdev);
2020 if (hdev->claimed & HID_CLAIMED_HIDDEV)
2021 hdev->hiddev_disconnect(hdev);
2022 if (hdev->claimed & HID_CLAIMED_HIDRAW)
2023 hidraw_disconnect(hdev);
2024 hdev->claimed = 0;
2025}
2026EXPORT_SYMBOL_GPL(hid_disconnect);
2027
2028/**
2029 * hid_hw_start - start underlying HW
2030 * @hdev: hid device
2031 * @connect_mask: which outputs to connect, see HID_CONNECT_*
2032 *
2033 * Call this in probe function *after* hid_parse. This will setup HW
2034 * buffers and start the device (if not defeirred to device open).
2035 * hid_hw_stop must be called if this was successful.
2036 */
2037int hid_hw_start(struct hid_device *hdev, unsigned int connect_mask)
2038{
2039 int error;
2040
2041 error = hdev->ll_driver->start(hdev);
2042 if (error)
2043 return error;
2044
2045 if (connect_mask) {
2046 error = hid_connect(hdev, connect_mask);
2047 if (error) {
2048 hdev->ll_driver->stop(hdev);
2049 return error;
2050 }
2051 }
2052
2053 return 0;
2054}
2055EXPORT_SYMBOL_GPL(hid_hw_start);
2056
2057/**
2058 * hid_hw_stop - stop underlying HW
2059 * @hdev: hid device
2060 *
2061 * This is usually called from remove function or from probe when something
2062 * failed and hid_hw_start was called already.
2063 */
2064void hid_hw_stop(struct hid_device *hdev)
2065{
2066 hid_disconnect(hdev);
2067 hdev->ll_driver->stop(hdev);
2068}
2069EXPORT_SYMBOL_GPL(hid_hw_stop);
2070
2071/**
2072 * hid_hw_open - signal underlying HW to start delivering events
2073 * @hdev: hid device
2074 *
2075 * Tell underlying HW to start delivering events from the device.
2076 * This function should be called sometime after successful call
2077 * to hid_hw_start().
2078 */
2079int hid_hw_open(struct hid_device *hdev)
2080{
2081 int ret;
2082
2083 ret = mutex_lock_killable(&hdev->ll_open_lock);
2084 if (ret)
2085 return ret;
2086
2087 if (!hdev->ll_open_count++) {
2088 ret = hdev->ll_driver->open(hdev);
2089 if (ret)
2090 hdev->ll_open_count--;
2091 }
2092
2093 mutex_unlock(&hdev->ll_open_lock);
2094 return ret;
2095}
2096EXPORT_SYMBOL_GPL(hid_hw_open);
2097
2098/**
2099 * hid_hw_close - signal underlaying HW to stop delivering events
2100 *
2101 * @hdev: hid device
2102 *
2103 * This function indicates that we are not interested in the events
2104 * from this device anymore. Delivery of events may or may not stop,
2105 * depending on the number of users still outstanding.
2106 */
2107void hid_hw_close(struct hid_device *hdev)
2108{
2109 mutex_lock(&hdev->ll_open_lock);
2110 if (!--hdev->ll_open_count)
2111 hdev->ll_driver->close(hdev);
2112 mutex_unlock(&hdev->ll_open_lock);
2113}
2114EXPORT_SYMBOL_GPL(hid_hw_close);
2115
2116struct hid_dynid {
2117 struct list_head list;
2118 struct hid_device_id id;
2119};
2120
2121/**
2122 * store_new_id - add a new HID device ID to this driver and re-probe devices
2123 * @driver: target device driver
2124 * @buf: buffer for scanning device ID data
2125 * @count: input size
2126 *
2127 * Adds a new dynamic hid device ID to this driver,
2128 * and causes the driver to probe for all devices again.
2129 */
2130static ssize_t new_id_store(struct device_driver *drv, const char *buf,
2131 size_t count)
2132{
2133 struct hid_driver *hdrv = to_hid_driver(drv);
2134 struct hid_dynid *dynid;
2135 __u32 bus, vendor, product;
2136 unsigned long driver_data = 0;
2137 int ret;
2138
2139 ret = sscanf(buf, "%x %x %x %lx",
2140 &bus, &vendor, &product, &driver_data);
2141 if (ret < 3)
2142 return -EINVAL;
2143
2144 dynid = kzalloc(sizeof(*dynid), GFP_KERNEL);
2145 if (!dynid)
2146 return -ENOMEM;
2147
2148 dynid->id.bus = bus;
2149 dynid->id.group = HID_GROUP_ANY;
2150 dynid->id.vendor = vendor;
2151 dynid->id.product = product;
2152 dynid->id.driver_data = driver_data;
2153
2154 spin_lock(&hdrv->dyn_lock);
2155 list_add_tail(&dynid->list, &hdrv->dyn_list);
2156 spin_unlock(&hdrv->dyn_lock);
2157
2158 ret = driver_attach(&hdrv->driver);
2159
2160 return ret ? : count;
2161}
2162static DRIVER_ATTR_WO(new_id);
2163
2164static struct attribute *hid_drv_attrs[] = {
2165 &driver_attr_new_id.attr,
2166 NULL,
2167};
2168ATTRIBUTE_GROUPS(hid_drv);
2169
2170static void hid_free_dynids(struct hid_driver *hdrv)
2171{
2172 struct hid_dynid *dynid, *n;
2173
2174 spin_lock(&hdrv->dyn_lock);
2175 list_for_each_entry_safe(dynid, n, &hdrv->dyn_list, list) {
2176 list_del(&dynid->list);
2177 kfree(dynid);
2178 }
2179 spin_unlock(&hdrv->dyn_lock);
2180}
2181
2182const struct hid_device_id *hid_match_device(struct hid_device *hdev,
2183 struct hid_driver *hdrv)
2184{
2185 struct hid_dynid *dynid;
2186
2187 spin_lock(&hdrv->dyn_lock);
2188 list_for_each_entry(dynid, &hdrv->dyn_list, list) {
2189 if (hid_match_one_id(hdev, &dynid->id)) {
2190 spin_unlock(&hdrv->dyn_lock);
2191 return &dynid->id;
2192 }
2193 }
2194 spin_unlock(&hdrv->dyn_lock);
2195
2196 return hid_match_id(hdev, hdrv->id_table);
2197}
2198EXPORT_SYMBOL_GPL(hid_match_device);
2199
2200static int hid_bus_match(struct device *dev, struct device_driver *drv)
2201{
2202 struct hid_driver *hdrv = to_hid_driver(drv);
2203 struct hid_device *hdev = to_hid_device(dev);
2204
2205 return hid_match_device(hdev, hdrv) != NULL;
2206}
2207
2208/**
2209 * hid_compare_device_paths - check if both devices share the same path
2210 * @hdev_a: hid device
2211 * @hdev_b: hid device
2212 * @separator: char to use as separator
2213 *
2214 * Check if two devices share the same path up to the last occurrence of
2215 * the separator char. Both paths must exist (i.e., zero-length paths
2216 * don't match).
2217 */
2218bool hid_compare_device_paths(struct hid_device *hdev_a,
2219 struct hid_device *hdev_b, char separator)
2220{
2221 int n1 = strrchr(hdev_a->phys, separator) - hdev_a->phys;
2222 int n2 = strrchr(hdev_b->phys, separator) - hdev_b->phys;
2223
2224 if (n1 != n2 || n1 <= 0 || n2 <= 0)
2225 return false;
2226
2227 return !strncmp(hdev_a->phys, hdev_b->phys, n1);
2228}
2229EXPORT_SYMBOL_GPL(hid_compare_device_paths);
2230
2231static int hid_device_probe(struct device *dev)
2232{
2233 struct hid_driver *hdrv = to_hid_driver(dev->driver);
2234 struct hid_device *hdev = to_hid_device(dev);
2235 const struct hid_device_id *id;
2236 int ret = 0;
2237
2238 if (down_interruptible(&hdev->driver_input_lock)) {
2239 ret = -EINTR;
2240 goto end;
2241 }
2242 hdev->io_started = false;
2243
2244 clear_bit(ffs(HID_STAT_REPROBED), &hdev->status);
2245
2246 if (!hdev->driver) {
2247 id = hid_match_device(hdev, hdrv);
2248 if (id == NULL) {
2249 ret = -ENODEV;
2250 goto unlock;
2251 }
2252
2253 if (hdrv->match) {
2254 if (!hdrv->match(hdev, hid_ignore_special_drivers)) {
2255 ret = -ENODEV;
2256 goto unlock;
2257 }
2258 } else {
2259 /*
2260 * hid-generic implements .match(), so if
2261 * hid_ignore_special_drivers is set, we can safely
2262 * return.
2263 */
2264 if (hid_ignore_special_drivers) {
2265 ret = -ENODEV;
2266 goto unlock;
2267 }
2268 }
2269
2270 /* reset the quirks that has been previously set */
2271 hdev->quirks = hid_lookup_quirk(hdev);
2272 hdev->driver = hdrv;
2273 if (hdrv->probe) {
2274 ret = hdrv->probe(hdev, id);
2275 } else { /* default probe */
2276 ret = hid_open_report(hdev);
2277 if (!ret)
2278 ret = hid_hw_start(hdev, HID_CONNECT_DEFAULT);
2279 }
2280 if (ret) {
2281 hid_close_report(hdev);
2282 hdev->driver = NULL;
2283 }
2284 }
2285unlock:
2286 if (!hdev->io_started)
2287 up(&hdev->driver_input_lock);
2288end:
2289 return ret;
2290}
2291
2292static int hid_device_remove(struct device *dev)
2293{
2294 struct hid_device *hdev = to_hid_device(dev);
2295 struct hid_driver *hdrv;
2296 int ret = 0;
2297
2298 if (down_interruptible(&hdev->driver_input_lock)) {
2299 ret = -EINTR;
2300 goto end;
2301 }
2302 hdev->io_started = false;
2303
2304 hdrv = hdev->driver;
2305 if (hdrv) {
2306 if (hdrv->remove)
2307 hdrv->remove(hdev);
2308 else /* default remove */
2309 hid_hw_stop(hdev);
2310 hid_close_report(hdev);
2311 hdev->driver = NULL;
2312 }
2313
2314 if (!hdev->io_started)
2315 up(&hdev->driver_input_lock);
2316end:
2317 return ret;
2318}
2319
2320static ssize_t modalias_show(struct device *dev, struct device_attribute *a,
2321 char *buf)
2322{
2323 struct hid_device *hdev = container_of(dev, struct hid_device, dev);
2324
2325 return scnprintf(buf, PAGE_SIZE, "hid:b%04Xg%04Xv%08Xp%08X\n",
2326 hdev->bus, hdev->group, hdev->vendor, hdev->product);
2327}
2328static DEVICE_ATTR_RO(modalias);
2329
2330static struct attribute *hid_dev_attrs[] = {
2331 &dev_attr_modalias.attr,
2332 NULL,
2333};
2334static struct bin_attribute *hid_dev_bin_attrs[] = {
2335 &dev_bin_attr_report_desc,
2336 NULL
2337};
2338static const struct attribute_group hid_dev_group = {
2339 .attrs = hid_dev_attrs,
2340 .bin_attrs = hid_dev_bin_attrs,
2341};
2342__ATTRIBUTE_GROUPS(hid_dev);
2343
2344static int hid_uevent(struct device *dev, struct kobj_uevent_env *env)
2345{
2346 struct hid_device *hdev = to_hid_device(dev);
2347
2348 if (add_uevent_var(env, "HID_ID=%04X:%08X:%08X",
2349 hdev->bus, hdev->vendor, hdev->product))
2350 return -ENOMEM;
2351
2352 if (add_uevent_var(env, "HID_NAME=%s", hdev->name))
2353 return -ENOMEM;
2354
2355 if (add_uevent_var(env, "HID_PHYS=%s", hdev->phys))
2356 return -ENOMEM;
2357
2358 if (add_uevent_var(env, "HID_UNIQ=%s", hdev->uniq))
2359 return -ENOMEM;
2360
2361 if (add_uevent_var(env, "MODALIAS=hid:b%04Xg%04Xv%08Xp%08X",
2362 hdev->bus, hdev->group, hdev->vendor, hdev->product))
2363 return -ENOMEM;
2364
2365 return 0;
2366}
2367
2368struct bus_type hid_bus_type = {
2369 .name = "hid",
2370 .dev_groups = hid_dev_groups,
2371 .drv_groups = hid_drv_groups,
2372 .match = hid_bus_match,
2373 .probe = hid_device_probe,
2374 .remove = hid_device_remove,
2375 .uevent = hid_uevent,
2376};
2377EXPORT_SYMBOL(hid_bus_type);
2378
2379int hid_add_device(struct hid_device *hdev)
2380{
2381 static atomic_t id = ATOMIC_INIT(0);
2382 int ret;
2383
2384 if (WARN_ON(hdev->status & HID_STAT_ADDED))
2385 return -EBUSY;
2386
2387 hdev->quirks = hid_lookup_quirk(hdev);
2388
2389 /* we need to kill them here, otherwise they will stay allocated to
2390 * wait for coming driver */
2391 if (hid_ignore(hdev))
2392 return -ENODEV;
2393
2394 /*
2395 * Check for the mandatory transport channel.
2396 */
2397 if (!hdev->ll_driver->raw_request) {
2398 hid_err(hdev, "transport driver missing .raw_request()\n");
2399 return -EINVAL;
2400 }
2401
2402 /*
2403 * Read the device report descriptor once and use as template
2404 * for the driver-specific modifications.
2405 */
2406 ret = hdev->ll_driver->parse(hdev);
2407 if (ret)
2408 return ret;
2409 if (!hdev->dev_rdesc)
2410 return -ENODEV;
2411
2412 /*
2413 * Scan generic devices for group information
2414 */
2415 if (hid_ignore_special_drivers) {
2416 hdev->group = HID_GROUP_GENERIC;
2417 } else if (!hdev->group &&
2418 !(hdev->quirks & HID_QUIRK_HAVE_SPECIAL_DRIVER)) {
2419 ret = hid_scan_report(hdev);
2420 if (ret)
2421 hid_warn(hdev, "bad device descriptor (%d)\n", ret);
2422 }
2423
2424 /* XXX hack, any other cleaner solution after the driver core
2425 * is converted to allow more than 20 bytes as the device name? */
2426 dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
2427 hdev->vendor, hdev->product, atomic_inc_return(&id));
2428
2429 hid_debug_register(hdev, dev_name(&hdev->dev));
2430 ret = device_add(&hdev->dev);
2431 if (!ret)
2432 hdev->status |= HID_STAT_ADDED;
2433 else
2434 hid_debug_unregister(hdev);
2435
2436 return ret;
2437}
2438EXPORT_SYMBOL_GPL(hid_add_device);
2439
2440/**
2441 * hid_allocate_device - allocate new hid device descriptor
2442 *
2443 * Allocate and initialize hid device, so that hid_destroy_device might be
2444 * used to free it.
2445 *
2446 * New hid_device pointer is returned on success, otherwise ERR_PTR encoded
2447 * error value.
2448 */
2449struct hid_device *hid_allocate_device(void)
2450{
2451 struct hid_device *hdev;
2452 int ret = -ENOMEM;
2453
2454 hdev = kzalloc(sizeof(*hdev), GFP_KERNEL);
2455 if (hdev == NULL)
2456 return ERR_PTR(ret);
2457
2458 device_initialize(&hdev->dev);
2459 hdev->dev.release = hid_device_release;
2460 hdev->dev.bus = &hid_bus_type;
2461 device_enable_async_suspend(&hdev->dev);
2462
2463 hid_close_report(hdev);
2464
2465 init_waitqueue_head(&hdev->debug_wait);
2466 INIT_LIST_HEAD(&hdev->debug_list);
2467 spin_lock_init(&hdev->debug_list_lock);
2468 sema_init(&hdev->driver_input_lock, 1);
2469 mutex_init(&hdev->ll_open_lock);
2470
2471 return hdev;
2472}
2473EXPORT_SYMBOL_GPL(hid_allocate_device);
2474
2475static void hid_remove_device(struct hid_device *hdev)
2476{
2477 if (hdev->status & HID_STAT_ADDED) {
2478 device_del(&hdev->dev);
2479 hid_debug_unregister(hdev);
2480 hdev->status &= ~HID_STAT_ADDED;
2481 }
2482 kfree(hdev->dev_rdesc);
2483 hdev->dev_rdesc = NULL;
2484 hdev->dev_rsize = 0;
2485}
2486
2487/**
2488 * hid_destroy_device - free previously allocated device
2489 *
2490 * @hdev: hid device
2491 *
2492 * If you allocate hid_device through hid_allocate_device, you should ever
2493 * free by this function.
2494 */
2495void hid_destroy_device(struct hid_device *hdev)
2496{
2497 hid_remove_device(hdev);
2498 put_device(&hdev->dev);
2499}
2500EXPORT_SYMBOL_GPL(hid_destroy_device);
2501
2502
2503static int __hid_bus_reprobe_drivers(struct device *dev, void *data)
2504{
2505 struct hid_driver *hdrv = data;
2506 struct hid_device *hdev = to_hid_device(dev);
2507
2508 if (hdev->driver == hdrv &&
2509 !hdrv->match(hdev, hid_ignore_special_drivers) &&
2510 !test_and_set_bit(ffs(HID_STAT_REPROBED), &hdev->status))
2511 return device_reprobe(dev);
2512
2513 return 0;
2514}
2515
2516static int __hid_bus_driver_added(struct device_driver *drv, void *data)
2517{
2518 struct hid_driver *hdrv = to_hid_driver(drv);
2519
2520 if (hdrv->match) {
2521 bus_for_each_dev(&hid_bus_type, NULL, hdrv,
2522 __hid_bus_reprobe_drivers);
2523 }
2524
2525 return 0;
2526}
2527
2528static int __bus_removed_driver(struct device_driver *drv, void *data)
2529{
2530 return bus_rescan_devices(&hid_bus_type);
2531}
2532
2533int __hid_register_driver(struct hid_driver *hdrv, struct module *owner,
2534 const char *mod_name)
2535{
2536 int ret;
2537
2538 hdrv->driver.name = hdrv->name;
2539 hdrv->driver.bus = &hid_bus_type;
2540 hdrv->driver.owner = owner;
2541 hdrv->driver.mod_name = mod_name;
2542
2543 INIT_LIST_HEAD(&hdrv->dyn_list);
2544 spin_lock_init(&hdrv->dyn_lock);
2545
2546 ret = driver_register(&hdrv->driver);
2547
2548 if (ret == 0)
2549 bus_for_each_drv(&hid_bus_type, NULL, NULL,
2550 __hid_bus_driver_added);
2551
2552 return ret;
2553}
2554EXPORT_SYMBOL_GPL(__hid_register_driver);
2555
2556void hid_unregister_driver(struct hid_driver *hdrv)
2557{
2558 driver_unregister(&hdrv->driver);
2559 hid_free_dynids(hdrv);
2560
2561 bus_for_each_drv(&hid_bus_type, NULL, hdrv, __bus_removed_driver);
2562}
2563EXPORT_SYMBOL_GPL(hid_unregister_driver);
2564
2565int hid_check_keys_pressed(struct hid_device *hid)
2566{
2567 struct hid_input *hidinput;
2568 int i;
2569
2570 if (!(hid->claimed & HID_CLAIMED_INPUT))
2571 return 0;
2572
2573 list_for_each_entry(hidinput, &hid->inputs, list) {
2574 for (i = 0; i < BITS_TO_LONGS(KEY_MAX); i++)
2575 if (hidinput->input->key[i])
2576 return 1;
2577 }
2578
2579 return 0;
2580}
2581
2582EXPORT_SYMBOL_GPL(hid_check_keys_pressed);
2583
2584static int __init hid_init(void)
2585{
2586 int ret;
2587
2588 if (hid_debug)
2589 pr_warn("hid_debug is now used solely for parser and driver debugging.\n"
2590 "debugfs is now used for inspecting the device (report descriptor, reports)\n");
2591
2592 ret = bus_register(&hid_bus_type);
2593 if (ret) {
2594 pr_err("can't register hid bus\n");
2595 goto err;
2596 }
2597
2598 ret = hidraw_init();
2599 if (ret)
2600 goto err_bus;
2601
2602 hid_debug_init();
2603
2604 return 0;
2605err_bus:
2606 bus_unregister(&hid_bus_type);
2607err:
2608 return ret;
2609}
2610
2611static void __exit hid_exit(void)
2612{
2613 hid_debug_exit();
2614 hidraw_exit();
2615 bus_unregister(&hid_bus_type);
2616 hid_quirks_exit(HID_BUS_ANY);
2617}
2618
2619module_init(hid_init);
2620module_exit(hid_exit);
2621
2622MODULE_AUTHOR("Andreas Gal");
2623MODULE_AUTHOR("Vojtech Pavlik");
2624MODULE_AUTHOR("Jiri Kosina");
2625MODULE_LICENSE("GPL");
1/*
2 * HID support for Linux
3 *
4 * Copyright (c) 1999 Andreas Gal
5 * Copyright (c) 2000-2005 Vojtech Pavlik <vojtech@suse.cz>
6 * Copyright (c) 2005 Michael Haboustak <mike-@cinci.rr.com> for Concept2, Inc
7 * Copyright (c) 2006-2012 Jiri Kosina
8 */
9
10/*
11 * This program is free software; you can redistribute it and/or modify it
12 * under the terms of the GNU General Public License as published by the Free
13 * Software Foundation; either version 2 of the License, or (at your option)
14 * any later version.
15 */
16
17#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
18
19#include <linux/module.h>
20#include <linux/slab.h>
21#include <linux/init.h>
22#include <linux/kernel.h>
23#include <linux/list.h>
24#include <linux/mm.h>
25#include <linux/spinlock.h>
26#include <asm/unaligned.h>
27#include <asm/byteorder.h>
28#include <linux/input.h>
29#include <linux/wait.h>
30#include <linux/vmalloc.h>
31#include <linux/sched.h>
32#include <linux/semaphore.h>
33
34#include <linux/hid.h>
35#include <linux/hiddev.h>
36#include <linux/hid-debug.h>
37#include <linux/hidraw.h>
38
39#include "hid-ids.h"
40
41/*
42 * Version Information
43 */
44
45#define DRIVER_DESC "HID core driver"
46
47int hid_debug = 0;
48module_param_named(debug, hid_debug, int, 0600);
49MODULE_PARM_DESC(debug, "toggle HID debugging messages");
50EXPORT_SYMBOL_GPL(hid_debug);
51
52static int hid_ignore_special_drivers = 0;
53module_param_named(ignore_special_drivers, hid_ignore_special_drivers, int, 0600);
54MODULE_PARM_DESC(ignore_special_drivers, "Ignore any special drivers and handle all devices by generic driver");
55
56/*
57 * Register a new report for a device.
58 */
59
60struct hid_report *hid_register_report(struct hid_device *device, unsigned type, unsigned id)
61{
62 struct hid_report_enum *report_enum = device->report_enum + type;
63 struct hid_report *report;
64
65 if (id >= HID_MAX_IDS)
66 return NULL;
67 if (report_enum->report_id_hash[id])
68 return report_enum->report_id_hash[id];
69
70 report = kzalloc(sizeof(struct hid_report), GFP_KERNEL);
71 if (!report)
72 return NULL;
73
74 if (id != 0)
75 report_enum->numbered = 1;
76
77 report->id = id;
78 report->type = type;
79 report->size = 0;
80 report->device = device;
81 report_enum->report_id_hash[id] = report;
82
83 list_add_tail(&report->list, &report_enum->report_list);
84
85 return report;
86}
87EXPORT_SYMBOL_GPL(hid_register_report);
88
89/*
90 * Register a new field for this report.
91 */
92
93static struct hid_field *hid_register_field(struct hid_report *report, unsigned usages, unsigned values)
94{
95 struct hid_field *field;
96
97 if (report->maxfield == HID_MAX_FIELDS) {
98 hid_err(report->device, "too many fields in report\n");
99 return NULL;
100 }
101
102 field = kzalloc((sizeof(struct hid_field) +
103 usages * sizeof(struct hid_usage) +
104 values * sizeof(unsigned)), GFP_KERNEL);
105 if (!field)
106 return NULL;
107
108 field->index = report->maxfield++;
109 report->field[field->index] = field;
110 field->usage = (struct hid_usage *)(field + 1);
111 field->value = (s32 *)(field->usage + usages);
112 field->report = report;
113
114 return field;
115}
116
117/*
118 * Open a collection. The type/usage is pushed on the stack.
119 */
120
121static int open_collection(struct hid_parser *parser, unsigned type)
122{
123 struct hid_collection *collection;
124 unsigned usage;
125
126 usage = parser->local.usage[0];
127
128 if (parser->collection_stack_ptr == HID_COLLECTION_STACK_SIZE) {
129 hid_err(parser->device, "collection stack overflow\n");
130 return -EINVAL;
131 }
132
133 if (parser->device->maxcollection == parser->device->collection_size) {
134 collection = kmalloc(sizeof(struct hid_collection) *
135 parser->device->collection_size * 2, GFP_KERNEL);
136 if (collection == NULL) {
137 hid_err(parser->device, "failed to reallocate collection array\n");
138 return -ENOMEM;
139 }
140 memcpy(collection, parser->device->collection,
141 sizeof(struct hid_collection) *
142 parser->device->collection_size);
143 memset(collection + parser->device->collection_size, 0,
144 sizeof(struct hid_collection) *
145 parser->device->collection_size);
146 kfree(parser->device->collection);
147 parser->device->collection = collection;
148 parser->device->collection_size *= 2;
149 }
150
151 parser->collection_stack[parser->collection_stack_ptr++] =
152 parser->device->maxcollection;
153
154 collection = parser->device->collection +
155 parser->device->maxcollection++;
156 collection->type = type;
157 collection->usage = usage;
158 collection->level = parser->collection_stack_ptr - 1;
159
160 if (type == HID_COLLECTION_APPLICATION)
161 parser->device->maxapplication++;
162
163 return 0;
164}
165
166/*
167 * Close a collection.
168 */
169
170static int close_collection(struct hid_parser *parser)
171{
172 if (!parser->collection_stack_ptr) {
173 hid_err(parser->device, "collection stack underflow\n");
174 return -EINVAL;
175 }
176 parser->collection_stack_ptr--;
177 return 0;
178}
179
180/*
181 * Climb up the stack, search for the specified collection type
182 * and return the usage.
183 */
184
185static unsigned hid_lookup_collection(struct hid_parser *parser, unsigned type)
186{
187 struct hid_collection *collection = parser->device->collection;
188 int n;
189
190 for (n = parser->collection_stack_ptr - 1; n >= 0; n--) {
191 unsigned index = parser->collection_stack[n];
192 if (collection[index].type == type)
193 return collection[index].usage;
194 }
195 return 0; /* we know nothing about this usage type */
196}
197
198/*
199 * Add a usage to the temporary parser table.
200 */
201
202static int hid_add_usage(struct hid_parser *parser, unsigned usage)
203{
204 if (parser->local.usage_index >= HID_MAX_USAGES) {
205 hid_err(parser->device, "usage index exceeded\n");
206 return -1;
207 }
208 parser->local.usage[parser->local.usage_index] = usage;
209 parser->local.collection_index[parser->local.usage_index] =
210 parser->collection_stack_ptr ?
211 parser->collection_stack[parser->collection_stack_ptr - 1] : 0;
212 parser->local.usage_index++;
213 return 0;
214}
215
216/*
217 * Register a new field for this report.
218 */
219
220static int hid_add_field(struct hid_parser *parser, unsigned report_type, unsigned flags)
221{
222 struct hid_report *report;
223 struct hid_field *field;
224 unsigned usages;
225 unsigned offset;
226 unsigned i;
227
228 report = hid_register_report(parser->device, report_type, parser->global.report_id);
229 if (!report) {
230 hid_err(parser->device, "hid_register_report failed\n");
231 return -1;
232 }
233
234 /* Handle both signed and unsigned cases properly */
235 if ((parser->global.logical_minimum < 0 &&
236 parser->global.logical_maximum <
237 parser->global.logical_minimum) ||
238 (parser->global.logical_minimum >= 0 &&
239 (__u32)parser->global.logical_maximum <
240 (__u32)parser->global.logical_minimum)) {
241 dbg_hid("logical range invalid 0x%x 0x%x\n",
242 parser->global.logical_minimum,
243 parser->global.logical_maximum);
244 return -1;
245 }
246
247 offset = report->size;
248 report->size += parser->global.report_size * parser->global.report_count;
249
250 if (!parser->local.usage_index) /* Ignore padding fields */
251 return 0;
252
253 usages = max_t(unsigned, parser->local.usage_index,
254 parser->global.report_count);
255
256 field = hid_register_field(report, usages, parser->global.report_count);
257 if (!field)
258 return 0;
259
260 field->physical = hid_lookup_collection(parser, HID_COLLECTION_PHYSICAL);
261 field->logical = hid_lookup_collection(parser, HID_COLLECTION_LOGICAL);
262 field->application = hid_lookup_collection(parser, HID_COLLECTION_APPLICATION);
263
264 for (i = 0; i < usages; i++) {
265 unsigned j = i;
266 /* Duplicate the last usage we parsed if we have excess values */
267 if (i >= parser->local.usage_index)
268 j = parser->local.usage_index - 1;
269 field->usage[i].hid = parser->local.usage[j];
270 field->usage[i].collection_index =
271 parser->local.collection_index[j];
272 field->usage[i].usage_index = i;
273 }
274
275 field->maxusage = usages;
276 field->flags = flags;
277 field->report_offset = offset;
278 field->report_type = report_type;
279 field->report_size = parser->global.report_size;
280 field->report_count = parser->global.report_count;
281 field->logical_minimum = parser->global.logical_minimum;
282 field->logical_maximum = parser->global.logical_maximum;
283 field->physical_minimum = parser->global.physical_minimum;
284 field->physical_maximum = parser->global.physical_maximum;
285 field->unit_exponent = parser->global.unit_exponent;
286 field->unit = parser->global.unit;
287
288 return 0;
289}
290
291/*
292 * Read data value from item.
293 */
294
295static u32 item_udata(struct hid_item *item)
296{
297 switch (item->size) {
298 case 1: return item->data.u8;
299 case 2: return item->data.u16;
300 case 4: return item->data.u32;
301 }
302 return 0;
303}
304
305static s32 item_sdata(struct hid_item *item)
306{
307 switch (item->size) {
308 case 1: return item->data.s8;
309 case 2: return item->data.s16;
310 case 4: return item->data.s32;
311 }
312 return 0;
313}
314
315/*
316 * Process a global item.
317 */
318
319static int hid_parser_global(struct hid_parser *parser, struct hid_item *item)
320{
321 __s32 raw_value;
322 switch (item->tag) {
323 case HID_GLOBAL_ITEM_TAG_PUSH:
324
325 if (parser->global_stack_ptr == HID_GLOBAL_STACK_SIZE) {
326 hid_err(parser->device, "global environment stack overflow\n");
327 return -1;
328 }
329
330 memcpy(parser->global_stack + parser->global_stack_ptr++,
331 &parser->global, sizeof(struct hid_global));
332 return 0;
333
334 case HID_GLOBAL_ITEM_TAG_POP:
335
336 if (!parser->global_stack_ptr) {
337 hid_err(parser->device, "global environment stack underflow\n");
338 return -1;
339 }
340
341 memcpy(&parser->global, parser->global_stack +
342 --parser->global_stack_ptr, sizeof(struct hid_global));
343 return 0;
344
345 case HID_GLOBAL_ITEM_TAG_USAGE_PAGE:
346 parser->global.usage_page = item_udata(item);
347 return 0;
348
349 case HID_GLOBAL_ITEM_TAG_LOGICAL_MINIMUM:
350 parser->global.logical_minimum = item_sdata(item);
351 return 0;
352
353 case HID_GLOBAL_ITEM_TAG_LOGICAL_MAXIMUM:
354 if (parser->global.logical_minimum < 0)
355 parser->global.logical_maximum = item_sdata(item);
356 else
357 parser->global.logical_maximum = item_udata(item);
358 return 0;
359
360 case HID_GLOBAL_ITEM_TAG_PHYSICAL_MINIMUM:
361 parser->global.physical_minimum = item_sdata(item);
362 return 0;
363
364 case HID_GLOBAL_ITEM_TAG_PHYSICAL_MAXIMUM:
365 if (parser->global.physical_minimum < 0)
366 parser->global.physical_maximum = item_sdata(item);
367 else
368 parser->global.physical_maximum = item_udata(item);
369 return 0;
370
371 case HID_GLOBAL_ITEM_TAG_UNIT_EXPONENT:
372 /* Many devices provide unit exponent as a two's complement
373 * nibble due to the common misunderstanding of HID
374 * specification 1.11, 6.2.2.7 Global Items. Attempt to handle
375 * both this and the standard encoding. */
376 raw_value = item_sdata(item);
377 if (!(raw_value & 0xfffffff0))
378 parser->global.unit_exponent = hid_snto32(raw_value, 4);
379 else
380 parser->global.unit_exponent = raw_value;
381 return 0;
382
383 case HID_GLOBAL_ITEM_TAG_UNIT:
384 parser->global.unit = item_udata(item);
385 return 0;
386
387 case HID_GLOBAL_ITEM_TAG_REPORT_SIZE:
388 parser->global.report_size = item_udata(item);
389 if (parser->global.report_size > 128) {
390 hid_err(parser->device, "invalid report_size %d\n",
391 parser->global.report_size);
392 return -1;
393 }
394 return 0;
395
396 case HID_GLOBAL_ITEM_TAG_REPORT_COUNT:
397 parser->global.report_count = item_udata(item);
398 if (parser->global.report_count > HID_MAX_USAGES) {
399 hid_err(parser->device, "invalid report_count %d\n",
400 parser->global.report_count);
401 return -1;
402 }
403 return 0;
404
405 case HID_GLOBAL_ITEM_TAG_REPORT_ID:
406 parser->global.report_id = item_udata(item);
407 if (parser->global.report_id == 0 ||
408 parser->global.report_id >= HID_MAX_IDS) {
409 hid_err(parser->device, "report_id %u is invalid\n",
410 parser->global.report_id);
411 return -1;
412 }
413 return 0;
414
415 default:
416 hid_err(parser->device, "unknown global tag 0x%x\n", item->tag);
417 return -1;
418 }
419}
420
421/*
422 * Process a local item.
423 */
424
425static int hid_parser_local(struct hid_parser *parser, struct hid_item *item)
426{
427 __u32 data;
428 unsigned n;
429 __u32 count;
430
431 data = item_udata(item);
432
433 switch (item->tag) {
434 case HID_LOCAL_ITEM_TAG_DELIMITER:
435
436 if (data) {
437 /*
438 * We treat items before the first delimiter
439 * as global to all usage sets (branch 0).
440 * In the moment we process only these global
441 * items and the first delimiter set.
442 */
443 if (parser->local.delimiter_depth != 0) {
444 hid_err(parser->device, "nested delimiters\n");
445 return -1;
446 }
447 parser->local.delimiter_depth++;
448 parser->local.delimiter_branch++;
449 } else {
450 if (parser->local.delimiter_depth < 1) {
451 hid_err(parser->device, "bogus close delimiter\n");
452 return -1;
453 }
454 parser->local.delimiter_depth--;
455 }
456 return 0;
457
458 case HID_LOCAL_ITEM_TAG_USAGE:
459
460 if (parser->local.delimiter_branch > 1) {
461 dbg_hid("alternative usage ignored\n");
462 return 0;
463 }
464
465 if (item->size <= 2)
466 data = (parser->global.usage_page << 16) + data;
467
468 return hid_add_usage(parser, data);
469
470 case HID_LOCAL_ITEM_TAG_USAGE_MINIMUM:
471
472 if (parser->local.delimiter_branch > 1) {
473 dbg_hid("alternative usage ignored\n");
474 return 0;
475 }
476
477 if (item->size <= 2)
478 data = (parser->global.usage_page << 16) + data;
479
480 parser->local.usage_minimum = data;
481 return 0;
482
483 case HID_LOCAL_ITEM_TAG_USAGE_MAXIMUM:
484
485 if (parser->local.delimiter_branch > 1) {
486 dbg_hid("alternative usage ignored\n");
487 return 0;
488 }
489
490 if (item->size <= 2)
491 data = (parser->global.usage_page << 16) + data;
492
493 count = data - parser->local.usage_minimum;
494 if (count + parser->local.usage_index >= HID_MAX_USAGES) {
495 /*
496 * We do not warn if the name is not set, we are
497 * actually pre-scanning the device.
498 */
499 if (dev_name(&parser->device->dev))
500 hid_warn(parser->device,
501 "ignoring exceeding usage max\n");
502 data = HID_MAX_USAGES - parser->local.usage_index +
503 parser->local.usage_minimum - 1;
504 if (data <= 0) {
505 hid_err(parser->device,
506 "no more usage index available\n");
507 return -1;
508 }
509 }
510
511 for (n = parser->local.usage_minimum; n <= data; n++)
512 if (hid_add_usage(parser, n)) {
513 dbg_hid("hid_add_usage failed\n");
514 return -1;
515 }
516 return 0;
517
518 default:
519
520 dbg_hid("unknown local item tag 0x%x\n", item->tag);
521 return 0;
522 }
523 return 0;
524}
525
526/*
527 * Process a main item.
528 */
529
530static int hid_parser_main(struct hid_parser *parser, struct hid_item *item)
531{
532 __u32 data;
533 int ret;
534
535 data = item_udata(item);
536
537 switch (item->tag) {
538 case HID_MAIN_ITEM_TAG_BEGIN_COLLECTION:
539 ret = open_collection(parser, data & 0xff);
540 break;
541 case HID_MAIN_ITEM_TAG_END_COLLECTION:
542 ret = close_collection(parser);
543 break;
544 case HID_MAIN_ITEM_TAG_INPUT:
545 ret = hid_add_field(parser, HID_INPUT_REPORT, data);
546 break;
547 case HID_MAIN_ITEM_TAG_OUTPUT:
548 ret = hid_add_field(parser, HID_OUTPUT_REPORT, data);
549 break;
550 case HID_MAIN_ITEM_TAG_FEATURE:
551 ret = hid_add_field(parser, HID_FEATURE_REPORT, data);
552 break;
553 default:
554 hid_warn(parser->device, "unknown main item tag 0x%x\n", item->tag);
555 ret = 0;
556 }
557
558 memset(&parser->local, 0, sizeof(parser->local)); /* Reset the local parser environment */
559
560 return ret;
561}
562
563/*
564 * Process a reserved item.
565 */
566
567static int hid_parser_reserved(struct hid_parser *parser, struct hid_item *item)
568{
569 dbg_hid("reserved item type, tag 0x%x\n", item->tag);
570 return 0;
571}
572
573/*
574 * Free a report and all registered fields. The field->usage and
575 * field->value table's are allocated behind the field, so we need
576 * only to free(field) itself.
577 */
578
579static void hid_free_report(struct hid_report *report)
580{
581 unsigned n;
582
583 for (n = 0; n < report->maxfield; n++)
584 kfree(report->field[n]);
585 kfree(report);
586}
587
588/*
589 * Close report. This function returns the device
590 * state to the point prior to hid_open_report().
591 */
592static void hid_close_report(struct hid_device *device)
593{
594 unsigned i, j;
595
596 for (i = 0; i < HID_REPORT_TYPES; i++) {
597 struct hid_report_enum *report_enum = device->report_enum + i;
598
599 for (j = 0; j < HID_MAX_IDS; j++) {
600 struct hid_report *report = report_enum->report_id_hash[j];
601 if (report)
602 hid_free_report(report);
603 }
604 memset(report_enum, 0, sizeof(*report_enum));
605 INIT_LIST_HEAD(&report_enum->report_list);
606 }
607
608 kfree(device->rdesc);
609 device->rdesc = NULL;
610 device->rsize = 0;
611
612 kfree(device->collection);
613 device->collection = NULL;
614 device->collection_size = 0;
615 device->maxcollection = 0;
616 device->maxapplication = 0;
617
618 device->status &= ~HID_STAT_PARSED;
619}
620
621/*
622 * Free a device structure, all reports, and all fields.
623 */
624
625static void hid_device_release(struct device *dev)
626{
627 struct hid_device *hid = to_hid_device(dev);
628
629 hid_close_report(hid);
630 kfree(hid->dev_rdesc);
631 kfree(hid);
632}
633
634/*
635 * Fetch a report description item from the data stream. We support long
636 * items, though they are not used yet.
637 */
638
639static u8 *fetch_item(__u8 *start, __u8 *end, struct hid_item *item)
640{
641 u8 b;
642
643 if ((end - start) <= 0)
644 return NULL;
645
646 b = *start++;
647
648 item->type = (b >> 2) & 3;
649 item->tag = (b >> 4) & 15;
650
651 if (item->tag == HID_ITEM_TAG_LONG) {
652
653 item->format = HID_ITEM_FORMAT_LONG;
654
655 if ((end - start) < 2)
656 return NULL;
657
658 item->size = *start++;
659 item->tag = *start++;
660
661 if ((end - start) < item->size)
662 return NULL;
663
664 item->data.longdata = start;
665 start += item->size;
666 return start;
667 }
668
669 item->format = HID_ITEM_FORMAT_SHORT;
670 item->size = b & 3;
671
672 switch (item->size) {
673 case 0:
674 return start;
675
676 case 1:
677 if ((end - start) < 1)
678 return NULL;
679 item->data.u8 = *start++;
680 return start;
681
682 case 2:
683 if ((end - start) < 2)
684 return NULL;
685 item->data.u16 = get_unaligned_le16(start);
686 start = (__u8 *)((__le16 *)start + 1);
687 return start;
688
689 case 3:
690 item->size++;
691 if ((end - start) < 4)
692 return NULL;
693 item->data.u32 = get_unaligned_le32(start);
694 start = (__u8 *)((__le32 *)start + 1);
695 return start;
696 }
697
698 return NULL;
699}
700
701static void hid_scan_input_usage(struct hid_parser *parser, u32 usage)
702{
703 struct hid_device *hid = parser->device;
704
705 if (usage == HID_DG_CONTACTID)
706 hid->group = HID_GROUP_MULTITOUCH;
707}
708
709static void hid_scan_feature_usage(struct hid_parser *parser, u32 usage)
710{
711 if (usage == 0xff0000c5 && parser->global.report_count == 256 &&
712 parser->global.report_size == 8)
713 parser->scan_flags |= HID_SCAN_FLAG_MT_WIN_8;
714}
715
716static void hid_scan_collection(struct hid_parser *parser, unsigned type)
717{
718 struct hid_device *hid = parser->device;
719 int i;
720
721 if (((parser->global.usage_page << 16) == HID_UP_SENSOR) &&
722 type == HID_COLLECTION_PHYSICAL)
723 hid->group = HID_GROUP_SENSOR_HUB;
724
725 if (hid->vendor == USB_VENDOR_ID_MICROSOFT &&
726 hid->product == USB_DEVICE_ID_MS_POWER_COVER &&
727 hid->group == HID_GROUP_MULTITOUCH)
728 hid->group = HID_GROUP_GENERIC;
729
730 if ((parser->global.usage_page << 16) == HID_UP_GENDESK)
731 for (i = 0; i < parser->local.usage_index; i++)
732 if (parser->local.usage[i] == HID_GD_POINTER)
733 parser->scan_flags |= HID_SCAN_FLAG_GD_POINTER;
734
735 if ((parser->global.usage_page << 16) >= HID_UP_MSVENDOR)
736 parser->scan_flags |= HID_SCAN_FLAG_VENDOR_SPECIFIC;
737}
738
739static int hid_scan_main(struct hid_parser *parser, struct hid_item *item)
740{
741 __u32 data;
742 int i;
743
744 data = item_udata(item);
745
746 switch (item->tag) {
747 case HID_MAIN_ITEM_TAG_BEGIN_COLLECTION:
748 hid_scan_collection(parser, data & 0xff);
749 break;
750 case HID_MAIN_ITEM_TAG_END_COLLECTION:
751 break;
752 case HID_MAIN_ITEM_TAG_INPUT:
753 /* ignore constant inputs, they will be ignored by hid-input */
754 if (data & HID_MAIN_ITEM_CONSTANT)
755 break;
756 for (i = 0; i < parser->local.usage_index; i++)
757 hid_scan_input_usage(parser, parser->local.usage[i]);
758 break;
759 case HID_MAIN_ITEM_TAG_OUTPUT:
760 break;
761 case HID_MAIN_ITEM_TAG_FEATURE:
762 for (i = 0; i < parser->local.usage_index; i++)
763 hid_scan_feature_usage(parser, parser->local.usage[i]);
764 break;
765 }
766
767 /* Reset the local parser environment */
768 memset(&parser->local, 0, sizeof(parser->local));
769
770 return 0;
771}
772
773/*
774 * Scan a report descriptor before the device is added to the bus.
775 * Sets device groups and other properties that determine what driver
776 * to load.
777 */
778static int hid_scan_report(struct hid_device *hid)
779{
780 struct hid_parser *parser;
781 struct hid_item item;
782 __u8 *start = hid->dev_rdesc;
783 __u8 *end = start + hid->dev_rsize;
784 static int (*dispatch_type[])(struct hid_parser *parser,
785 struct hid_item *item) = {
786 hid_scan_main,
787 hid_parser_global,
788 hid_parser_local,
789 hid_parser_reserved
790 };
791
792 parser = vzalloc(sizeof(struct hid_parser));
793 if (!parser)
794 return -ENOMEM;
795
796 parser->device = hid;
797 hid->group = HID_GROUP_GENERIC;
798
799 /*
800 * The parsing is simpler than the one in hid_open_report() as we should
801 * be robust against hid errors. Those errors will be raised by
802 * hid_open_report() anyway.
803 */
804 while ((start = fetch_item(start, end, &item)) != NULL)
805 dispatch_type[item.type](parser, &item);
806
807 /*
808 * Handle special flags set during scanning.
809 */
810 if ((parser->scan_flags & HID_SCAN_FLAG_MT_WIN_8) &&
811 (hid->group == HID_GROUP_MULTITOUCH))
812 hid->group = HID_GROUP_MULTITOUCH_WIN_8;
813
814 /*
815 * Vendor specific handlings
816 */
817 switch (hid->vendor) {
818 case USB_VENDOR_ID_WACOM:
819 hid->group = HID_GROUP_WACOM;
820 break;
821 case USB_VENDOR_ID_SYNAPTICS:
822 if (hid->group == HID_GROUP_GENERIC)
823 if ((parser->scan_flags & HID_SCAN_FLAG_VENDOR_SPECIFIC)
824 && (parser->scan_flags & HID_SCAN_FLAG_GD_POINTER))
825 /*
826 * hid-rmi should take care of them,
827 * not hid-generic
828 */
829 hid->group = HID_GROUP_RMI;
830 break;
831 }
832
833 vfree(parser);
834 return 0;
835}
836
837/**
838 * hid_parse_report - parse device report
839 *
840 * @device: hid device
841 * @start: report start
842 * @size: report size
843 *
844 * Allocate the device report as read by the bus driver. This function should
845 * only be called from parse() in ll drivers.
846 */
847int hid_parse_report(struct hid_device *hid, __u8 *start, unsigned size)
848{
849 hid->dev_rdesc = kmemdup(start, size, GFP_KERNEL);
850 if (!hid->dev_rdesc)
851 return -ENOMEM;
852 hid->dev_rsize = size;
853 return 0;
854}
855EXPORT_SYMBOL_GPL(hid_parse_report);
856
857static const char * const hid_report_names[] = {
858 "HID_INPUT_REPORT",
859 "HID_OUTPUT_REPORT",
860 "HID_FEATURE_REPORT",
861};
862/**
863 * hid_validate_values - validate existing device report's value indexes
864 *
865 * @device: hid device
866 * @type: which report type to examine
867 * @id: which report ID to examine (0 for first)
868 * @field_index: which report field to examine
869 * @report_counts: expected number of values
870 *
871 * Validate the number of values in a given field of a given report, after
872 * parsing.
873 */
874struct hid_report *hid_validate_values(struct hid_device *hid,
875 unsigned int type, unsigned int id,
876 unsigned int field_index,
877 unsigned int report_counts)
878{
879 struct hid_report *report;
880
881 if (type > HID_FEATURE_REPORT) {
882 hid_err(hid, "invalid HID report type %u\n", type);
883 return NULL;
884 }
885
886 if (id >= HID_MAX_IDS) {
887 hid_err(hid, "invalid HID report id %u\n", id);
888 return NULL;
889 }
890
891 /*
892 * Explicitly not using hid_get_report() here since it depends on
893 * ->numbered being checked, which may not always be the case when
894 * drivers go to access report values.
895 */
896 if (id == 0) {
897 /*
898 * Validating on id 0 means we should examine the first
899 * report in the list.
900 */
901 report = list_entry(
902 hid->report_enum[type].report_list.next,
903 struct hid_report, list);
904 } else {
905 report = hid->report_enum[type].report_id_hash[id];
906 }
907 if (!report) {
908 hid_err(hid, "missing %s %u\n", hid_report_names[type], id);
909 return NULL;
910 }
911 if (report->maxfield <= field_index) {
912 hid_err(hid, "not enough fields in %s %u\n",
913 hid_report_names[type], id);
914 return NULL;
915 }
916 if (report->field[field_index]->report_count < report_counts) {
917 hid_err(hid, "not enough values in %s %u field %u\n",
918 hid_report_names[type], id, field_index);
919 return NULL;
920 }
921 return report;
922}
923EXPORT_SYMBOL_GPL(hid_validate_values);
924
925/**
926 * hid_open_report - open a driver-specific device report
927 *
928 * @device: hid device
929 *
930 * Parse a report description into a hid_device structure. Reports are
931 * enumerated, fields are attached to these reports.
932 * 0 returned on success, otherwise nonzero error value.
933 *
934 * This function (or the equivalent hid_parse() macro) should only be
935 * called from probe() in drivers, before starting the device.
936 */
937int hid_open_report(struct hid_device *device)
938{
939 struct hid_parser *parser;
940 struct hid_item item;
941 unsigned int size;
942 __u8 *start;
943 __u8 *buf;
944 __u8 *end;
945 int ret;
946 static int (*dispatch_type[])(struct hid_parser *parser,
947 struct hid_item *item) = {
948 hid_parser_main,
949 hid_parser_global,
950 hid_parser_local,
951 hid_parser_reserved
952 };
953
954 if (WARN_ON(device->status & HID_STAT_PARSED))
955 return -EBUSY;
956
957 start = device->dev_rdesc;
958 if (WARN_ON(!start))
959 return -ENODEV;
960 size = device->dev_rsize;
961
962 buf = kmemdup(start, size, GFP_KERNEL);
963 if (buf == NULL)
964 return -ENOMEM;
965
966 if (device->driver->report_fixup)
967 start = device->driver->report_fixup(device, buf, &size);
968 else
969 start = buf;
970
971 start = kmemdup(start, size, GFP_KERNEL);
972 kfree(buf);
973 if (start == NULL)
974 return -ENOMEM;
975
976 device->rdesc = start;
977 device->rsize = size;
978
979 parser = vzalloc(sizeof(struct hid_parser));
980 if (!parser) {
981 ret = -ENOMEM;
982 goto err;
983 }
984
985 parser->device = device;
986
987 end = start + size;
988
989 device->collection = kcalloc(HID_DEFAULT_NUM_COLLECTIONS,
990 sizeof(struct hid_collection), GFP_KERNEL);
991 if (!device->collection) {
992 ret = -ENOMEM;
993 goto err;
994 }
995 device->collection_size = HID_DEFAULT_NUM_COLLECTIONS;
996
997 ret = -EINVAL;
998 while ((start = fetch_item(start, end, &item)) != NULL) {
999
1000 if (item.format != HID_ITEM_FORMAT_SHORT) {
1001 hid_err(device, "unexpected long global item\n");
1002 goto err;
1003 }
1004
1005 if (dispatch_type[item.type](parser, &item)) {
1006 hid_err(device, "item %u %u %u %u parsing failed\n",
1007 item.format, (unsigned)item.size,
1008 (unsigned)item.type, (unsigned)item.tag);
1009 goto err;
1010 }
1011
1012 if (start == end) {
1013 if (parser->collection_stack_ptr) {
1014 hid_err(device, "unbalanced collection at end of report description\n");
1015 goto err;
1016 }
1017 if (parser->local.delimiter_depth) {
1018 hid_err(device, "unbalanced delimiter at end of report description\n");
1019 goto err;
1020 }
1021 vfree(parser);
1022 device->status |= HID_STAT_PARSED;
1023 return 0;
1024 }
1025 }
1026
1027 hid_err(device, "item fetching failed at offset %d\n", (int)(end - start));
1028err:
1029 vfree(parser);
1030 hid_close_report(device);
1031 return ret;
1032}
1033EXPORT_SYMBOL_GPL(hid_open_report);
1034
1035/*
1036 * Convert a signed n-bit integer to signed 32-bit integer. Common
1037 * cases are done through the compiler, the screwed things has to be
1038 * done by hand.
1039 */
1040
1041static s32 snto32(__u32 value, unsigned n)
1042{
1043 switch (n) {
1044 case 8: return ((__s8)value);
1045 case 16: return ((__s16)value);
1046 case 32: return ((__s32)value);
1047 }
1048 return value & (1 << (n - 1)) ? value | (~0U << n) : value;
1049}
1050
1051s32 hid_snto32(__u32 value, unsigned n)
1052{
1053 return snto32(value, n);
1054}
1055EXPORT_SYMBOL_GPL(hid_snto32);
1056
1057/*
1058 * Convert a signed 32-bit integer to a signed n-bit integer.
1059 */
1060
1061static u32 s32ton(__s32 value, unsigned n)
1062{
1063 s32 a = value >> (n - 1);
1064 if (a && a != -1)
1065 return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
1066 return value & ((1 << n) - 1);
1067}
1068
1069/*
1070 * Extract/implement a data field from/to a little endian report (bit array).
1071 *
1072 * Code sort-of follows HID spec:
1073 * http://www.usb.org/developers/hidpage/HID1_11.pdf
1074 *
1075 * While the USB HID spec allows unlimited length bit fields in "report
1076 * descriptors", most devices never use more than 16 bits.
1077 * One model of UPS is claimed to report "LINEV" as a 32-bit field.
1078 * Search linux-kernel and linux-usb-devel archives for "hid-core extract".
1079 */
1080
1081static u32 __extract(u8 *report, unsigned offset, int n)
1082{
1083 unsigned int idx = offset / 8;
1084 unsigned int bit_nr = 0;
1085 unsigned int bit_shift = offset % 8;
1086 int bits_to_copy = 8 - bit_shift;
1087 u32 value = 0;
1088 u32 mask = n < 32 ? (1U << n) - 1 : ~0U;
1089
1090 while (n > 0) {
1091 value |= ((u32)report[idx] >> bit_shift) << bit_nr;
1092 n -= bits_to_copy;
1093 bit_nr += bits_to_copy;
1094 bits_to_copy = 8;
1095 bit_shift = 0;
1096 idx++;
1097 }
1098
1099 return value & mask;
1100}
1101
1102u32 hid_field_extract(const struct hid_device *hid, u8 *report,
1103 unsigned offset, unsigned n)
1104{
1105 if (n > 32) {
1106 hid_warn(hid, "hid_field_extract() called with n (%d) > 32! (%s)\n",
1107 n, current->comm);
1108 n = 32;
1109 }
1110
1111 return __extract(report, offset, n);
1112}
1113EXPORT_SYMBOL_GPL(hid_field_extract);
1114
1115/*
1116 * "implement" : set bits in a little endian bit stream.
1117 * Same concepts as "extract" (see comments above).
1118 * The data mangled in the bit stream remains in little endian
1119 * order the whole time. It make more sense to talk about
1120 * endianness of register values by considering a register
1121 * a "cached" copy of the little endian bit stream.
1122 */
1123
1124static void __implement(u8 *report, unsigned offset, int n, u32 value)
1125{
1126 unsigned int idx = offset / 8;
1127 unsigned int bit_shift = offset % 8;
1128 int bits_to_set = 8 - bit_shift;
1129
1130 while (n - bits_to_set >= 0) {
1131 report[idx] &= ~(0xff << bit_shift);
1132 report[idx] |= value << bit_shift;
1133 value >>= bits_to_set;
1134 n -= bits_to_set;
1135 bits_to_set = 8;
1136 bit_shift = 0;
1137 idx++;
1138 }
1139
1140 /* last nibble */
1141 if (n) {
1142 u8 bit_mask = ((1U << n) - 1);
1143 report[idx] &= ~(bit_mask << bit_shift);
1144 report[idx] |= value << bit_shift;
1145 }
1146}
1147
1148static void implement(const struct hid_device *hid, u8 *report,
1149 unsigned offset, unsigned n, u32 value)
1150{
1151 if (unlikely(n > 32)) {
1152 hid_warn(hid, "%s() called with n (%d) > 32! (%s)\n",
1153 __func__, n, current->comm);
1154 n = 32;
1155 } else if (n < 32) {
1156 u32 m = (1U << n) - 1;
1157
1158 if (unlikely(value > m)) {
1159 hid_warn(hid,
1160 "%s() called with too large value %d (n: %d)! (%s)\n",
1161 __func__, value, n, current->comm);
1162 WARN_ON(1);
1163 value &= m;
1164 }
1165 }
1166
1167 __implement(report, offset, n, value);
1168}
1169
1170/*
1171 * Search an array for a value.
1172 */
1173
1174static int search(__s32 *array, __s32 value, unsigned n)
1175{
1176 while (n--) {
1177 if (*array++ == value)
1178 return 0;
1179 }
1180 return -1;
1181}
1182
1183/**
1184 * hid_match_report - check if driver's raw_event should be called
1185 *
1186 * @hid: hid device
1187 * @report_type: type to match against
1188 *
1189 * compare hid->driver->report_table->report_type to report->type
1190 */
1191static int hid_match_report(struct hid_device *hid, struct hid_report *report)
1192{
1193 const struct hid_report_id *id = hid->driver->report_table;
1194
1195 if (!id) /* NULL means all */
1196 return 1;
1197
1198 for (; id->report_type != HID_TERMINATOR; id++)
1199 if (id->report_type == HID_ANY_ID ||
1200 id->report_type == report->type)
1201 return 1;
1202 return 0;
1203}
1204
1205/**
1206 * hid_match_usage - check if driver's event should be called
1207 *
1208 * @hid: hid device
1209 * @usage: usage to match against
1210 *
1211 * compare hid->driver->usage_table->usage_{type,code} to
1212 * usage->usage_{type,code}
1213 */
1214static int hid_match_usage(struct hid_device *hid, struct hid_usage *usage)
1215{
1216 const struct hid_usage_id *id = hid->driver->usage_table;
1217
1218 if (!id) /* NULL means all */
1219 return 1;
1220
1221 for (; id->usage_type != HID_ANY_ID - 1; id++)
1222 if ((id->usage_hid == HID_ANY_ID ||
1223 id->usage_hid == usage->hid) &&
1224 (id->usage_type == HID_ANY_ID ||
1225 id->usage_type == usage->type) &&
1226 (id->usage_code == HID_ANY_ID ||
1227 id->usage_code == usage->code))
1228 return 1;
1229 return 0;
1230}
1231
1232static void hid_process_event(struct hid_device *hid, struct hid_field *field,
1233 struct hid_usage *usage, __s32 value, int interrupt)
1234{
1235 struct hid_driver *hdrv = hid->driver;
1236 int ret;
1237
1238 if (!list_empty(&hid->debug_list))
1239 hid_dump_input(hid, usage, value);
1240
1241 if (hdrv && hdrv->event && hid_match_usage(hid, usage)) {
1242 ret = hdrv->event(hid, field, usage, value);
1243 if (ret != 0) {
1244 if (ret < 0)
1245 hid_err(hid, "%s's event failed with %d\n",
1246 hdrv->name, ret);
1247 return;
1248 }
1249 }
1250
1251 if (hid->claimed & HID_CLAIMED_INPUT)
1252 hidinput_hid_event(hid, field, usage, value);
1253 if (hid->claimed & HID_CLAIMED_HIDDEV && interrupt && hid->hiddev_hid_event)
1254 hid->hiddev_hid_event(hid, field, usage, value);
1255}
1256
1257/*
1258 * Analyse a received field, and fetch the data from it. The field
1259 * content is stored for next report processing (we do differential
1260 * reporting to the layer).
1261 */
1262
1263static void hid_input_field(struct hid_device *hid, struct hid_field *field,
1264 __u8 *data, int interrupt)
1265{
1266 unsigned n;
1267 unsigned count = field->report_count;
1268 unsigned offset = field->report_offset;
1269 unsigned size = field->report_size;
1270 __s32 min = field->logical_minimum;
1271 __s32 max = field->logical_maximum;
1272 __s32 *value;
1273
1274 value = kmalloc(sizeof(__s32) * count, GFP_ATOMIC);
1275 if (!value)
1276 return;
1277
1278 for (n = 0; n < count; n++) {
1279
1280 value[n] = min < 0 ?
1281 snto32(hid_field_extract(hid, data, offset + n * size,
1282 size), size) :
1283 hid_field_extract(hid, data, offset + n * size, size);
1284
1285 /* Ignore report if ErrorRollOver */
1286 if (!(field->flags & HID_MAIN_ITEM_VARIABLE) &&
1287 value[n] >= min && value[n] <= max &&
1288 value[n] - min < field->maxusage &&
1289 field->usage[value[n] - min].hid == HID_UP_KEYBOARD + 1)
1290 goto exit;
1291 }
1292
1293 for (n = 0; n < count; n++) {
1294
1295 if (HID_MAIN_ITEM_VARIABLE & field->flags) {
1296 hid_process_event(hid, field, &field->usage[n], value[n], interrupt);
1297 continue;
1298 }
1299
1300 if (field->value[n] >= min && field->value[n] <= max
1301 && field->value[n] - min < field->maxusage
1302 && field->usage[field->value[n] - min].hid
1303 && search(value, field->value[n], count))
1304 hid_process_event(hid, field, &field->usage[field->value[n] - min], 0, interrupt);
1305
1306 if (value[n] >= min && value[n] <= max
1307 && value[n] - min < field->maxusage
1308 && field->usage[value[n] - min].hid
1309 && search(field->value, value[n], count))
1310 hid_process_event(hid, field, &field->usage[value[n] - min], 1, interrupt);
1311 }
1312
1313 memcpy(field->value, value, count * sizeof(__s32));
1314exit:
1315 kfree(value);
1316}
1317
1318/*
1319 * Output the field into the report.
1320 */
1321
1322static void hid_output_field(const struct hid_device *hid,
1323 struct hid_field *field, __u8 *data)
1324{
1325 unsigned count = field->report_count;
1326 unsigned offset = field->report_offset;
1327 unsigned size = field->report_size;
1328 unsigned n;
1329
1330 for (n = 0; n < count; n++) {
1331 if (field->logical_minimum < 0) /* signed values */
1332 implement(hid, data, offset + n * size, size,
1333 s32ton(field->value[n], size));
1334 else /* unsigned values */
1335 implement(hid, data, offset + n * size, size,
1336 field->value[n]);
1337 }
1338}
1339
1340/*
1341 * Create a report. 'data' has to be allocated using
1342 * hid_alloc_report_buf() so that it has proper size.
1343 */
1344
1345void hid_output_report(struct hid_report *report, __u8 *data)
1346{
1347 unsigned n;
1348
1349 if (report->id > 0)
1350 *data++ = report->id;
1351
1352 memset(data, 0, ((report->size - 1) >> 3) + 1);
1353 for (n = 0; n < report->maxfield; n++)
1354 hid_output_field(report->device, report->field[n], data);
1355}
1356EXPORT_SYMBOL_GPL(hid_output_report);
1357
1358/*
1359 * Allocator for buffer that is going to be passed to hid_output_report()
1360 */
1361u8 *hid_alloc_report_buf(struct hid_report *report, gfp_t flags)
1362{
1363 /*
1364 * 7 extra bytes are necessary to achieve proper functionality
1365 * of implement() working on 8 byte chunks
1366 */
1367
1368 u32 len = hid_report_len(report) + 7;
1369
1370 return kmalloc(len, flags);
1371}
1372EXPORT_SYMBOL_GPL(hid_alloc_report_buf);
1373
1374/*
1375 * Set a field value. The report this field belongs to has to be
1376 * created and transferred to the device, to set this value in the
1377 * device.
1378 */
1379
1380int hid_set_field(struct hid_field *field, unsigned offset, __s32 value)
1381{
1382 unsigned size;
1383
1384 if (!field)
1385 return -1;
1386
1387 size = field->report_size;
1388
1389 hid_dump_input(field->report->device, field->usage + offset, value);
1390
1391 if (offset >= field->report_count) {
1392 hid_err(field->report->device, "offset (%d) exceeds report_count (%d)\n",
1393 offset, field->report_count);
1394 return -1;
1395 }
1396 if (field->logical_minimum < 0) {
1397 if (value != snto32(s32ton(value, size), size)) {
1398 hid_err(field->report->device, "value %d is out of range\n", value);
1399 return -1;
1400 }
1401 }
1402 field->value[offset] = value;
1403 return 0;
1404}
1405EXPORT_SYMBOL_GPL(hid_set_field);
1406
1407static struct hid_report *hid_get_report(struct hid_report_enum *report_enum,
1408 const u8 *data)
1409{
1410 struct hid_report *report;
1411 unsigned int n = 0; /* Normally report number is 0 */
1412
1413 /* Device uses numbered reports, data[0] is report number */
1414 if (report_enum->numbered)
1415 n = *data;
1416
1417 report = report_enum->report_id_hash[n];
1418 if (report == NULL)
1419 dbg_hid("undefined report_id %u received\n", n);
1420
1421 return report;
1422}
1423
1424/*
1425 * Implement a generic .request() callback, using .raw_request()
1426 * DO NOT USE in hid drivers directly, but through hid_hw_request instead.
1427 */
1428void __hid_request(struct hid_device *hid, struct hid_report *report,
1429 int reqtype)
1430{
1431 char *buf;
1432 int ret;
1433 u32 len;
1434
1435 buf = hid_alloc_report_buf(report, GFP_KERNEL);
1436 if (!buf)
1437 return;
1438
1439 len = hid_report_len(report);
1440
1441 if (reqtype == HID_REQ_SET_REPORT)
1442 hid_output_report(report, buf);
1443
1444 ret = hid->ll_driver->raw_request(hid, report->id, buf, len,
1445 report->type, reqtype);
1446 if (ret < 0) {
1447 dbg_hid("unable to complete request: %d\n", ret);
1448 goto out;
1449 }
1450
1451 if (reqtype == HID_REQ_GET_REPORT)
1452 hid_input_report(hid, report->type, buf, ret, 0);
1453
1454out:
1455 kfree(buf);
1456}
1457EXPORT_SYMBOL_GPL(__hid_request);
1458
1459int hid_report_raw_event(struct hid_device *hid, int type, u8 *data, u32 size,
1460 int interrupt)
1461{
1462 struct hid_report_enum *report_enum = hid->report_enum + type;
1463 struct hid_report *report;
1464 struct hid_driver *hdrv;
1465 unsigned int a;
1466 u32 rsize, csize = size;
1467 u8 *cdata = data;
1468 int ret = 0;
1469
1470 report = hid_get_report(report_enum, data);
1471 if (!report)
1472 goto out;
1473
1474 if (report_enum->numbered) {
1475 cdata++;
1476 csize--;
1477 }
1478
1479 rsize = ((report->size - 1) >> 3) + 1;
1480
1481 if (rsize > HID_MAX_BUFFER_SIZE)
1482 rsize = HID_MAX_BUFFER_SIZE;
1483
1484 if (csize < rsize) {
1485 dbg_hid("report %d is too short, (%d < %d)\n", report->id,
1486 csize, rsize);
1487 memset(cdata + csize, 0, rsize - csize);
1488 }
1489
1490 if ((hid->claimed & HID_CLAIMED_HIDDEV) && hid->hiddev_report_event)
1491 hid->hiddev_report_event(hid, report);
1492 if (hid->claimed & HID_CLAIMED_HIDRAW) {
1493 ret = hidraw_report_event(hid, data, size);
1494 if (ret)
1495 goto out;
1496 }
1497
1498 if (hid->claimed != HID_CLAIMED_HIDRAW && report->maxfield) {
1499 for (a = 0; a < report->maxfield; a++)
1500 hid_input_field(hid, report->field[a], cdata, interrupt);
1501 hdrv = hid->driver;
1502 if (hdrv && hdrv->report)
1503 hdrv->report(hid, report);
1504 }
1505
1506 if (hid->claimed & HID_CLAIMED_INPUT)
1507 hidinput_report_event(hid, report);
1508out:
1509 return ret;
1510}
1511EXPORT_SYMBOL_GPL(hid_report_raw_event);
1512
1513/**
1514 * hid_input_report - report data from lower layer (usb, bt...)
1515 *
1516 * @hid: hid device
1517 * @type: HID report type (HID_*_REPORT)
1518 * @data: report contents
1519 * @size: size of data parameter
1520 * @interrupt: distinguish between interrupt and control transfers
1521 *
1522 * This is data entry for lower layers.
1523 */
1524int hid_input_report(struct hid_device *hid, int type, u8 *data, u32 size, int interrupt)
1525{
1526 struct hid_report_enum *report_enum;
1527 struct hid_driver *hdrv;
1528 struct hid_report *report;
1529 int ret = 0;
1530
1531 if (!hid)
1532 return -ENODEV;
1533
1534 if (down_trylock(&hid->driver_input_lock))
1535 return -EBUSY;
1536
1537 if (!hid->driver) {
1538 ret = -ENODEV;
1539 goto unlock;
1540 }
1541 report_enum = hid->report_enum + type;
1542 hdrv = hid->driver;
1543
1544 if (!size) {
1545 dbg_hid("empty report\n");
1546 ret = -1;
1547 goto unlock;
1548 }
1549
1550 /* Avoid unnecessary overhead if debugfs is disabled */
1551 if (!list_empty(&hid->debug_list))
1552 hid_dump_report(hid, type, data, size);
1553
1554 report = hid_get_report(report_enum, data);
1555
1556 if (!report) {
1557 ret = -1;
1558 goto unlock;
1559 }
1560
1561 if (hdrv && hdrv->raw_event && hid_match_report(hid, report)) {
1562 ret = hdrv->raw_event(hid, report, data, size);
1563 if (ret < 0)
1564 goto unlock;
1565 }
1566
1567 ret = hid_report_raw_event(hid, type, data, size, interrupt);
1568
1569unlock:
1570 up(&hid->driver_input_lock);
1571 return ret;
1572}
1573EXPORT_SYMBOL_GPL(hid_input_report);
1574
1575bool hid_match_one_id(const struct hid_device *hdev,
1576 const struct hid_device_id *id)
1577{
1578 return (id->bus == HID_BUS_ANY || id->bus == hdev->bus) &&
1579 (id->group == HID_GROUP_ANY || id->group == hdev->group) &&
1580 (id->vendor == HID_ANY_ID || id->vendor == hdev->vendor) &&
1581 (id->product == HID_ANY_ID || id->product == hdev->product);
1582}
1583
1584const struct hid_device_id *hid_match_id(const struct hid_device *hdev,
1585 const struct hid_device_id *id)
1586{
1587 for (; id->bus; id++)
1588 if (hid_match_one_id(hdev, id))
1589 return id;
1590
1591 return NULL;
1592}
1593
1594static const struct hid_device_id hid_hiddev_list[] = {
1595 { HID_USB_DEVICE(USB_VENDOR_ID_MGE, USB_DEVICE_ID_MGE_UPS) },
1596 { HID_USB_DEVICE(USB_VENDOR_ID_MGE, USB_DEVICE_ID_MGE_UPS1) },
1597 { }
1598};
1599
1600static bool hid_hiddev(struct hid_device *hdev)
1601{
1602 return !!hid_match_id(hdev, hid_hiddev_list);
1603}
1604
1605
1606static ssize_t
1607read_report_descriptor(struct file *filp, struct kobject *kobj,
1608 struct bin_attribute *attr,
1609 char *buf, loff_t off, size_t count)
1610{
1611 struct device *dev = kobj_to_dev(kobj);
1612 struct hid_device *hdev = to_hid_device(dev);
1613
1614 if (off >= hdev->rsize)
1615 return 0;
1616
1617 if (off + count > hdev->rsize)
1618 count = hdev->rsize - off;
1619
1620 memcpy(buf, hdev->rdesc + off, count);
1621
1622 return count;
1623}
1624
1625static ssize_t
1626show_country(struct device *dev, struct device_attribute *attr,
1627 char *buf)
1628{
1629 struct hid_device *hdev = to_hid_device(dev);
1630
1631 return sprintf(buf, "%02x\n", hdev->country & 0xff);
1632}
1633
1634static struct bin_attribute dev_bin_attr_report_desc = {
1635 .attr = { .name = "report_descriptor", .mode = 0444 },
1636 .read = read_report_descriptor,
1637 .size = HID_MAX_DESCRIPTOR_SIZE,
1638};
1639
1640static const struct device_attribute dev_attr_country = {
1641 .attr = { .name = "country", .mode = 0444 },
1642 .show = show_country,
1643};
1644
1645int hid_connect(struct hid_device *hdev, unsigned int connect_mask)
1646{
1647 static const char *types[] = { "Device", "Pointer", "Mouse", "Device",
1648 "Joystick", "Gamepad", "Keyboard", "Keypad",
1649 "Multi-Axis Controller"
1650 };
1651 const char *type, *bus;
1652 char buf[64] = "";
1653 unsigned int i;
1654 int len;
1655 int ret;
1656
1657 if (hdev->quirks & HID_QUIRK_HIDDEV_FORCE)
1658 connect_mask |= (HID_CONNECT_HIDDEV_FORCE | HID_CONNECT_HIDDEV);
1659 if (hdev->quirks & HID_QUIRK_HIDINPUT_FORCE)
1660 connect_mask |= HID_CONNECT_HIDINPUT_FORCE;
1661 if (hdev->bus != BUS_USB)
1662 connect_mask &= ~HID_CONNECT_HIDDEV;
1663 if (hid_hiddev(hdev))
1664 connect_mask |= HID_CONNECT_HIDDEV_FORCE;
1665
1666 if ((connect_mask & HID_CONNECT_HIDINPUT) && !hidinput_connect(hdev,
1667 connect_mask & HID_CONNECT_HIDINPUT_FORCE))
1668 hdev->claimed |= HID_CLAIMED_INPUT;
1669
1670 if ((connect_mask & HID_CONNECT_HIDDEV) && hdev->hiddev_connect &&
1671 !hdev->hiddev_connect(hdev,
1672 connect_mask & HID_CONNECT_HIDDEV_FORCE))
1673 hdev->claimed |= HID_CLAIMED_HIDDEV;
1674 if ((connect_mask & HID_CONNECT_HIDRAW) && !hidraw_connect(hdev))
1675 hdev->claimed |= HID_CLAIMED_HIDRAW;
1676
1677 if (connect_mask & HID_CONNECT_DRIVER)
1678 hdev->claimed |= HID_CLAIMED_DRIVER;
1679
1680 /* Drivers with the ->raw_event callback set are not required to connect
1681 * to any other listener. */
1682 if (!hdev->claimed && !hdev->driver->raw_event) {
1683 hid_err(hdev, "device has no listeners, quitting\n");
1684 return -ENODEV;
1685 }
1686
1687 if ((hdev->claimed & HID_CLAIMED_INPUT) &&
1688 (connect_mask & HID_CONNECT_FF) && hdev->ff_init)
1689 hdev->ff_init(hdev);
1690
1691 len = 0;
1692 if (hdev->claimed & HID_CLAIMED_INPUT)
1693 len += sprintf(buf + len, "input");
1694 if (hdev->claimed & HID_CLAIMED_HIDDEV)
1695 len += sprintf(buf + len, "%shiddev%d", len ? "," : "",
1696 ((struct hiddev *)hdev->hiddev)->minor);
1697 if (hdev->claimed & HID_CLAIMED_HIDRAW)
1698 len += sprintf(buf + len, "%shidraw%d", len ? "," : "",
1699 ((struct hidraw *)hdev->hidraw)->minor);
1700
1701 type = "Device";
1702 for (i = 0; i < hdev->maxcollection; i++) {
1703 struct hid_collection *col = &hdev->collection[i];
1704 if (col->type == HID_COLLECTION_APPLICATION &&
1705 (col->usage & HID_USAGE_PAGE) == HID_UP_GENDESK &&
1706 (col->usage & 0xffff) < ARRAY_SIZE(types)) {
1707 type = types[col->usage & 0xffff];
1708 break;
1709 }
1710 }
1711
1712 switch (hdev->bus) {
1713 case BUS_USB:
1714 bus = "USB";
1715 break;
1716 case BUS_BLUETOOTH:
1717 bus = "BLUETOOTH";
1718 break;
1719 case BUS_I2C:
1720 bus = "I2C";
1721 break;
1722 default:
1723 bus = "<UNKNOWN>";
1724 }
1725
1726 ret = device_create_file(&hdev->dev, &dev_attr_country);
1727 if (ret)
1728 hid_warn(hdev,
1729 "can't create sysfs country code attribute err: %d\n", ret);
1730
1731 hid_info(hdev, "%s: %s HID v%x.%02x %s [%s] on %s\n",
1732 buf, bus, hdev->version >> 8, hdev->version & 0xff,
1733 type, hdev->name, hdev->phys);
1734
1735 return 0;
1736}
1737EXPORT_SYMBOL_GPL(hid_connect);
1738
1739void hid_disconnect(struct hid_device *hdev)
1740{
1741 device_remove_file(&hdev->dev, &dev_attr_country);
1742 if (hdev->claimed & HID_CLAIMED_INPUT)
1743 hidinput_disconnect(hdev);
1744 if (hdev->claimed & HID_CLAIMED_HIDDEV)
1745 hdev->hiddev_disconnect(hdev);
1746 if (hdev->claimed & HID_CLAIMED_HIDRAW)
1747 hidraw_disconnect(hdev);
1748 hdev->claimed = 0;
1749}
1750EXPORT_SYMBOL_GPL(hid_disconnect);
1751
1752/**
1753 * hid_hw_start - start underlying HW
1754 * @hdev: hid device
1755 * @connect_mask: which outputs to connect, see HID_CONNECT_*
1756 *
1757 * Call this in probe function *after* hid_parse. This will setup HW
1758 * buffers and start the device (if not defeirred to device open).
1759 * hid_hw_stop must be called if this was successful.
1760 */
1761int hid_hw_start(struct hid_device *hdev, unsigned int connect_mask)
1762{
1763 int error;
1764
1765 error = hdev->ll_driver->start(hdev);
1766 if (error)
1767 return error;
1768
1769 if (connect_mask) {
1770 error = hid_connect(hdev, connect_mask);
1771 if (error) {
1772 hdev->ll_driver->stop(hdev);
1773 return error;
1774 }
1775 }
1776
1777 return 0;
1778}
1779EXPORT_SYMBOL_GPL(hid_hw_start);
1780
1781/**
1782 * hid_hw_stop - stop underlying HW
1783 * @hdev: hid device
1784 *
1785 * This is usually called from remove function or from probe when something
1786 * failed and hid_hw_start was called already.
1787 */
1788void hid_hw_stop(struct hid_device *hdev)
1789{
1790 hid_disconnect(hdev);
1791 hdev->ll_driver->stop(hdev);
1792}
1793EXPORT_SYMBOL_GPL(hid_hw_stop);
1794
1795/**
1796 * hid_hw_open - signal underlying HW to start delivering events
1797 * @hdev: hid device
1798 *
1799 * Tell underlying HW to start delivering events from the device.
1800 * This function should be called sometime after successful call
1801 * to hid_hiw_start().
1802 */
1803int hid_hw_open(struct hid_device *hdev)
1804{
1805 int ret;
1806
1807 ret = mutex_lock_killable(&hdev->ll_open_lock);
1808 if (ret)
1809 return ret;
1810
1811 if (!hdev->ll_open_count++) {
1812 ret = hdev->ll_driver->open(hdev);
1813 if (ret)
1814 hdev->ll_open_count--;
1815 }
1816
1817 mutex_unlock(&hdev->ll_open_lock);
1818 return ret;
1819}
1820EXPORT_SYMBOL_GPL(hid_hw_open);
1821
1822/**
1823 * hid_hw_close - signal underlaying HW to stop delivering events
1824 *
1825 * @hdev: hid device
1826 *
1827 * This function indicates that we are not interested in the events
1828 * from this device anymore. Delivery of events may or may not stop,
1829 * depending on the number of users still outstanding.
1830 */
1831void hid_hw_close(struct hid_device *hdev)
1832{
1833 mutex_lock(&hdev->ll_open_lock);
1834 if (!--hdev->ll_open_count)
1835 hdev->ll_driver->close(hdev);
1836 mutex_unlock(&hdev->ll_open_lock);
1837}
1838EXPORT_SYMBOL_GPL(hid_hw_close);
1839
1840struct hid_dynid {
1841 struct list_head list;
1842 struct hid_device_id id;
1843};
1844
1845/**
1846 * store_new_id - add a new HID device ID to this driver and re-probe devices
1847 * @driver: target device driver
1848 * @buf: buffer for scanning device ID data
1849 * @count: input size
1850 *
1851 * Adds a new dynamic hid device ID to this driver,
1852 * and causes the driver to probe for all devices again.
1853 */
1854static ssize_t new_id_store(struct device_driver *drv, const char *buf,
1855 size_t count)
1856{
1857 struct hid_driver *hdrv = to_hid_driver(drv);
1858 struct hid_dynid *dynid;
1859 __u32 bus, vendor, product;
1860 unsigned long driver_data = 0;
1861 int ret;
1862
1863 ret = sscanf(buf, "%x %x %x %lx",
1864 &bus, &vendor, &product, &driver_data);
1865 if (ret < 3)
1866 return -EINVAL;
1867
1868 dynid = kzalloc(sizeof(*dynid), GFP_KERNEL);
1869 if (!dynid)
1870 return -ENOMEM;
1871
1872 dynid->id.bus = bus;
1873 dynid->id.group = HID_GROUP_ANY;
1874 dynid->id.vendor = vendor;
1875 dynid->id.product = product;
1876 dynid->id.driver_data = driver_data;
1877
1878 spin_lock(&hdrv->dyn_lock);
1879 list_add_tail(&dynid->list, &hdrv->dyn_list);
1880 spin_unlock(&hdrv->dyn_lock);
1881
1882 ret = driver_attach(&hdrv->driver);
1883
1884 return ret ? : count;
1885}
1886static DRIVER_ATTR_WO(new_id);
1887
1888static struct attribute *hid_drv_attrs[] = {
1889 &driver_attr_new_id.attr,
1890 NULL,
1891};
1892ATTRIBUTE_GROUPS(hid_drv);
1893
1894static void hid_free_dynids(struct hid_driver *hdrv)
1895{
1896 struct hid_dynid *dynid, *n;
1897
1898 spin_lock(&hdrv->dyn_lock);
1899 list_for_each_entry_safe(dynid, n, &hdrv->dyn_list, list) {
1900 list_del(&dynid->list);
1901 kfree(dynid);
1902 }
1903 spin_unlock(&hdrv->dyn_lock);
1904}
1905
1906const struct hid_device_id *hid_match_device(struct hid_device *hdev,
1907 struct hid_driver *hdrv)
1908{
1909 struct hid_dynid *dynid;
1910
1911 spin_lock(&hdrv->dyn_lock);
1912 list_for_each_entry(dynid, &hdrv->dyn_list, list) {
1913 if (hid_match_one_id(hdev, &dynid->id)) {
1914 spin_unlock(&hdrv->dyn_lock);
1915 return &dynid->id;
1916 }
1917 }
1918 spin_unlock(&hdrv->dyn_lock);
1919
1920 return hid_match_id(hdev, hdrv->id_table);
1921}
1922EXPORT_SYMBOL_GPL(hid_match_device);
1923
1924static int hid_bus_match(struct device *dev, struct device_driver *drv)
1925{
1926 struct hid_driver *hdrv = to_hid_driver(drv);
1927 struct hid_device *hdev = to_hid_device(dev);
1928
1929 return hid_match_device(hdev, hdrv) != NULL;
1930}
1931
1932static int hid_device_probe(struct device *dev)
1933{
1934 struct hid_driver *hdrv = to_hid_driver(dev->driver);
1935 struct hid_device *hdev = to_hid_device(dev);
1936 const struct hid_device_id *id;
1937 int ret = 0;
1938
1939 if (down_interruptible(&hdev->driver_input_lock)) {
1940 ret = -EINTR;
1941 goto end;
1942 }
1943 hdev->io_started = false;
1944
1945 if (!hdev->driver) {
1946 id = hid_match_device(hdev, hdrv);
1947 if (id == NULL) {
1948 ret = -ENODEV;
1949 goto unlock;
1950 }
1951
1952 if (hdrv->match) {
1953 if (!hdrv->match(hdev, hid_ignore_special_drivers)) {
1954 ret = -ENODEV;
1955 goto unlock;
1956 }
1957 } else {
1958 /*
1959 * hid-generic implements .match(), so if
1960 * hid_ignore_special_drivers is set, we can safely
1961 * return.
1962 */
1963 if (hid_ignore_special_drivers) {
1964 ret = -ENODEV;
1965 goto unlock;
1966 }
1967 }
1968
1969 /* reset the quirks that has been previously set */
1970 hdev->quirks = hid_lookup_quirk(hdev);
1971 hdev->driver = hdrv;
1972 if (hdrv->probe) {
1973 ret = hdrv->probe(hdev, id);
1974 } else { /* default probe */
1975 ret = hid_open_report(hdev);
1976 if (!ret)
1977 ret = hid_hw_start(hdev, HID_CONNECT_DEFAULT);
1978 }
1979 if (ret) {
1980 hid_close_report(hdev);
1981 hdev->driver = NULL;
1982 }
1983 }
1984unlock:
1985 if (!hdev->io_started)
1986 up(&hdev->driver_input_lock);
1987end:
1988 return ret;
1989}
1990
1991static int hid_device_remove(struct device *dev)
1992{
1993 struct hid_device *hdev = to_hid_device(dev);
1994 struct hid_driver *hdrv;
1995 int ret = 0;
1996
1997 if (down_interruptible(&hdev->driver_input_lock)) {
1998 ret = -EINTR;
1999 goto end;
2000 }
2001 hdev->io_started = false;
2002
2003 hdrv = hdev->driver;
2004 if (hdrv) {
2005 if (hdrv->remove)
2006 hdrv->remove(hdev);
2007 else /* default remove */
2008 hid_hw_stop(hdev);
2009 hid_close_report(hdev);
2010 hdev->driver = NULL;
2011 }
2012
2013 if (!hdev->io_started)
2014 up(&hdev->driver_input_lock);
2015end:
2016 return ret;
2017}
2018
2019static ssize_t modalias_show(struct device *dev, struct device_attribute *a,
2020 char *buf)
2021{
2022 struct hid_device *hdev = container_of(dev, struct hid_device, dev);
2023
2024 return scnprintf(buf, PAGE_SIZE, "hid:b%04Xg%04Xv%08Xp%08X\n",
2025 hdev->bus, hdev->group, hdev->vendor, hdev->product);
2026}
2027static DEVICE_ATTR_RO(modalias);
2028
2029static struct attribute *hid_dev_attrs[] = {
2030 &dev_attr_modalias.attr,
2031 NULL,
2032};
2033static struct bin_attribute *hid_dev_bin_attrs[] = {
2034 &dev_bin_attr_report_desc,
2035 NULL
2036};
2037static const struct attribute_group hid_dev_group = {
2038 .attrs = hid_dev_attrs,
2039 .bin_attrs = hid_dev_bin_attrs,
2040};
2041__ATTRIBUTE_GROUPS(hid_dev);
2042
2043static int hid_uevent(struct device *dev, struct kobj_uevent_env *env)
2044{
2045 struct hid_device *hdev = to_hid_device(dev);
2046
2047 if (add_uevent_var(env, "HID_ID=%04X:%08X:%08X",
2048 hdev->bus, hdev->vendor, hdev->product))
2049 return -ENOMEM;
2050
2051 if (add_uevent_var(env, "HID_NAME=%s", hdev->name))
2052 return -ENOMEM;
2053
2054 if (add_uevent_var(env, "HID_PHYS=%s", hdev->phys))
2055 return -ENOMEM;
2056
2057 if (add_uevent_var(env, "HID_UNIQ=%s", hdev->uniq))
2058 return -ENOMEM;
2059
2060 if (add_uevent_var(env, "MODALIAS=hid:b%04Xg%04Xv%08Xp%08X",
2061 hdev->bus, hdev->group, hdev->vendor, hdev->product))
2062 return -ENOMEM;
2063
2064 return 0;
2065}
2066
2067struct bus_type hid_bus_type = {
2068 .name = "hid",
2069 .dev_groups = hid_dev_groups,
2070 .drv_groups = hid_drv_groups,
2071 .match = hid_bus_match,
2072 .probe = hid_device_probe,
2073 .remove = hid_device_remove,
2074 .uevent = hid_uevent,
2075};
2076EXPORT_SYMBOL(hid_bus_type);
2077
2078int hid_add_device(struct hid_device *hdev)
2079{
2080 static atomic_t id = ATOMIC_INIT(0);
2081 int ret;
2082
2083 if (WARN_ON(hdev->status & HID_STAT_ADDED))
2084 return -EBUSY;
2085
2086 hdev->quirks = hid_lookup_quirk(hdev);
2087
2088 /* we need to kill them here, otherwise they will stay allocated to
2089 * wait for coming driver */
2090 if (hid_ignore(hdev))
2091 return -ENODEV;
2092
2093 /*
2094 * Check for the mandatory transport channel.
2095 */
2096 if (!hdev->ll_driver->raw_request) {
2097 hid_err(hdev, "transport driver missing .raw_request()\n");
2098 return -EINVAL;
2099 }
2100
2101 /*
2102 * Read the device report descriptor once and use as template
2103 * for the driver-specific modifications.
2104 */
2105 ret = hdev->ll_driver->parse(hdev);
2106 if (ret)
2107 return ret;
2108 if (!hdev->dev_rdesc)
2109 return -ENODEV;
2110
2111 /*
2112 * Scan generic devices for group information
2113 */
2114 if (hid_ignore_special_drivers) {
2115 hdev->group = HID_GROUP_GENERIC;
2116 } else if (!hdev->group &&
2117 !(hdev->quirks & HID_QUIRK_HAVE_SPECIAL_DRIVER)) {
2118 ret = hid_scan_report(hdev);
2119 if (ret)
2120 hid_warn(hdev, "bad device descriptor (%d)\n", ret);
2121 }
2122
2123 /* XXX hack, any other cleaner solution after the driver core
2124 * is converted to allow more than 20 bytes as the device name? */
2125 dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
2126 hdev->vendor, hdev->product, atomic_inc_return(&id));
2127
2128 hid_debug_register(hdev, dev_name(&hdev->dev));
2129 ret = device_add(&hdev->dev);
2130 if (!ret)
2131 hdev->status |= HID_STAT_ADDED;
2132 else
2133 hid_debug_unregister(hdev);
2134
2135 return ret;
2136}
2137EXPORT_SYMBOL_GPL(hid_add_device);
2138
2139/**
2140 * hid_allocate_device - allocate new hid device descriptor
2141 *
2142 * Allocate and initialize hid device, so that hid_destroy_device might be
2143 * used to free it.
2144 *
2145 * New hid_device pointer is returned on success, otherwise ERR_PTR encoded
2146 * error value.
2147 */
2148struct hid_device *hid_allocate_device(void)
2149{
2150 struct hid_device *hdev;
2151 int ret = -ENOMEM;
2152
2153 hdev = kzalloc(sizeof(*hdev), GFP_KERNEL);
2154 if (hdev == NULL)
2155 return ERR_PTR(ret);
2156
2157 device_initialize(&hdev->dev);
2158 hdev->dev.release = hid_device_release;
2159 hdev->dev.bus = &hid_bus_type;
2160 device_enable_async_suspend(&hdev->dev);
2161
2162 hid_close_report(hdev);
2163
2164 init_waitqueue_head(&hdev->debug_wait);
2165 INIT_LIST_HEAD(&hdev->debug_list);
2166 spin_lock_init(&hdev->debug_list_lock);
2167 sema_init(&hdev->driver_input_lock, 1);
2168 mutex_init(&hdev->ll_open_lock);
2169
2170 return hdev;
2171}
2172EXPORT_SYMBOL_GPL(hid_allocate_device);
2173
2174static void hid_remove_device(struct hid_device *hdev)
2175{
2176 if (hdev->status & HID_STAT_ADDED) {
2177 device_del(&hdev->dev);
2178 hid_debug_unregister(hdev);
2179 hdev->status &= ~HID_STAT_ADDED;
2180 }
2181 kfree(hdev->dev_rdesc);
2182 hdev->dev_rdesc = NULL;
2183 hdev->dev_rsize = 0;
2184}
2185
2186/**
2187 * hid_destroy_device - free previously allocated device
2188 *
2189 * @hdev: hid device
2190 *
2191 * If you allocate hid_device through hid_allocate_device, you should ever
2192 * free by this function.
2193 */
2194void hid_destroy_device(struct hid_device *hdev)
2195{
2196 hid_remove_device(hdev);
2197 put_device(&hdev->dev);
2198}
2199EXPORT_SYMBOL_GPL(hid_destroy_device);
2200
2201
2202static int __hid_bus_reprobe_drivers(struct device *dev, void *data)
2203{
2204 struct hid_driver *hdrv = data;
2205 struct hid_device *hdev = to_hid_device(dev);
2206
2207 if (hdev->driver == hdrv &&
2208 !hdrv->match(hdev, hid_ignore_special_drivers))
2209 return device_reprobe(dev);
2210
2211 return 0;
2212}
2213
2214static int __hid_bus_driver_added(struct device_driver *drv, void *data)
2215{
2216 struct hid_driver *hdrv = to_hid_driver(drv);
2217
2218 if (hdrv->match) {
2219 bus_for_each_dev(&hid_bus_type, NULL, hdrv,
2220 __hid_bus_reprobe_drivers);
2221 }
2222
2223 return 0;
2224}
2225
2226static int __bus_removed_driver(struct device_driver *drv, void *data)
2227{
2228 return bus_rescan_devices(&hid_bus_type);
2229}
2230
2231int __hid_register_driver(struct hid_driver *hdrv, struct module *owner,
2232 const char *mod_name)
2233{
2234 int ret;
2235
2236 hdrv->driver.name = hdrv->name;
2237 hdrv->driver.bus = &hid_bus_type;
2238 hdrv->driver.owner = owner;
2239 hdrv->driver.mod_name = mod_name;
2240
2241 INIT_LIST_HEAD(&hdrv->dyn_list);
2242 spin_lock_init(&hdrv->dyn_lock);
2243
2244 ret = driver_register(&hdrv->driver);
2245
2246 if (ret == 0)
2247 bus_for_each_drv(&hid_bus_type, NULL, NULL,
2248 __hid_bus_driver_added);
2249
2250 return ret;
2251}
2252EXPORT_SYMBOL_GPL(__hid_register_driver);
2253
2254void hid_unregister_driver(struct hid_driver *hdrv)
2255{
2256 driver_unregister(&hdrv->driver);
2257 hid_free_dynids(hdrv);
2258
2259 bus_for_each_drv(&hid_bus_type, NULL, hdrv, __bus_removed_driver);
2260}
2261EXPORT_SYMBOL_GPL(hid_unregister_driver);
2262
2263int hid_check_keys_pressed(struct hid_device *hid)
2264{
2265 struct hid_input *hidinput;
2266 int i;
2267
2268 if (!(hid->claimed & HID_CLAIMED_INPUT))
2269 return 0;
2270
2271 list_for_each_entry(hidinput, &hid->inputs, list) {
2272 for (i = 0; i < BITS_TO_LONGS(KEY_MAX); i++)
2273 if (hidinput->input->key[i])
2274 return 1;
2275 }
2276
2277 return 0;
2278}
2279
2280EXPORT_SYMBOL_GPL(hid_check_keys_pressed);
2281
2282static int __init hid_init(void)
2283{
2284 int ret;
2285
2286 if (hid_debug)
2287 pr_warn("hid_debug is now used solely for parser and driver debugging.\n"
2288 "debugfs is now used for inspecting the device (report descriptor, reports)\n");
2289
2290 ret = bus_register(&hid_bus_type);
2291 if (ret) {
2292 pr_err("can't register hid bus\n");
2293 goto err;
2294 }
2295
2296 ret = hidraw_init();
2297 if (ret)
2298 goto err_bus;
2299
2300 hid_debug_init();
2301
2302 return 0;
2303err_bus:
2304 bus_unregister(&hid_bus_type);
2305err:
2306 return ret;
2307}
2308
2309static void __exit hid_exit(void)
2310{
2311 hid_debug_exit();
2312 hidraw_exit();
2313 bus_unregister(&hid_bus_type);
2314 hid_quirks_exit(HID_BUS_ANY);
2315}
2316
2317module_init(hid_init);
2318module_exit(hid_exit);
2319
2320MODULE_AUTHOR("Andreas Gal");
2321MODULE_AUTHOR("Vojtech Pavlik");
2322MODULE_AUTHOR("Jiri Kosina");
2323MODULE_LICENSE("GPL");