xref: /linux/drivers/hid/hid-core.c (revision 172cdcaefea5c297fdb3d20b7d5aff60ae4fbce6)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *  HID support for Linux
4  *
5  *  Copyright (c) 1999 Andreas Gal
6  *  Copyright (c) 2000-2005 Vojtech Pavlik <vojtech@suse.cz>
7  *  Copyright (c) 2005 Michael Haboustak <mike-@cinci.rr.com> for Concept2, Inc
8  *  Copyright (c) 2006-2012 Jiri Kosina
9  */
10 
11 /*
12  */
13 
14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15 
16 #include <linux/module.h>
17 #include <linux/slab.h>
18 #include <linux/init.h>
19 #include <linux/kernel.h>
20 #include <linux/list.h>
21 #include <linux/mm.h>
22 #include <linux/spinlock.h>
23 #include <asm/unaligned.h>
24 #include <asm/byteorder.h>
25 #include <linux/input.h>
26 #include <linux/wait.h>
27 #include <linux/vmalloc.h>
28 #include <linux/sched.h>
29 #include <linux/semaphore.h>
30 
31 #include <linux/hid.h>
32 #include <linux/hiddev.h>
33 #include <linux/hid-debug.h>
34 #include <linux/hidraw.h>
35 
36 #include "hid-ids.h"
37 
38 /*
39  * Version Information
40  */
41 
42 #define DRIVER_DESC "HID core driver"
43 
44 int hid_debug = 0;
45 module_param_named(debug, hid_debug, int, 0600);
46 MODULE_PARM_DESC(debug, "toggle HID debugging messages");
47 EXPORT_SYMBOL_GPL(hid_debug);
48 
49 static int hid_ignore_special_drivers = 0;
50 module_param_named(ignore_special_drivers, hid_ignore_special_drivers, int, 0600);
51 MODULE_PARM_DESC(ignore_special_drivers, "Ignore any special drivers and handle all devices by generic driver");
52 
53 /*
54  * Register a new report for a device.
55  */
56 
57 struct hid_report *hid_register_report(struct hid_device *device,
58 				       unsigned int type, unsigned int id,
59 				       unsigned int application)
60 {
61 	struct hid_report_enum *report_enum = device->report_enum + type;
62 	struct hid_report *report;
63 
64 	if (id >= HID_MAX_IDS)
65 		return NULL;
66 	if (report_enum->report_id_hash[id])
67 		return report_enum->report_id_hash[id];
68 
69 	report = kzalloc(sizeof(struct hid_report), GFP_KERNEL);
70 	if (!report)
71 		return NULL;
72 
73 	if (id != 0)
74 		report_enum->numbered = 1;
75 
76 	report->id = id;
77 	report->type = type;
78 	report->size = 0;
79 	report->device = device;
80 	report->application = application;
81 	report_enum->report_id_hash[id] = report;
82 
83 	list_add_tail(&report->list, &report_enum->report_list);
84 
85 	return report;
86 }
87 EXPORT_SYMBOL_GPL(hid_register_report);
88 
89 /*
90  * Register a new field for this report.
91  */
92 
93 static struct hid_field *hid_register_field(struct hid_report *report, unsigned usages)
94 {
95 	struct hid_field *field;
96 
97 	if (report->maxfield == HID_MAX_FIELDS) {
98 		hid_err(report->device, "too many fields in report\n");
99 		return NULL;
100 	}
101 
102 	field = kzalloc((sizeof(struct hid_field) +
103 			 usages * sizeof(struct hid_usage) +
104 			 usages * sizeof(unsigned)), GFP_KERNEL);
105 	if (!field)
106 		return NULL;
107 
108 	field->index = report->maxfield++;
109 	report->field[field->index] = field;
110 	field->usage = (struct hid_usage *)(field + 1);
111 	field->value = (s32 *)(field->usage + usages);
112 	field->report = report;
113 
114 	return field;
115 }
116 
117 /*
118  * Open a collection. The type/usage is pushed on the stack.
119  */
120 
121 static int open_collection(struct hid_parser *parser, unsigned type)
122 {
123 	struct hid_collection *collection;
124 	unsigned usage;
125 	int collection_index;
126 
127 	usage = parser->local.usage[0];
128 
129 	if (parser->collection_stack_ptr == parser->collection_stack_size) {
130 		unsigned int *collection_stack;
131 		unsigned int new_size = parser->collection_stack_size +
132 					HID_COLLECTION_STACK_SIZE;
133 
134 		collection_stack = krealloc(parser->collection_stack,
135 					    new_size * sizeof(unsigned int),
136 					    GFP_KERNEL);
137 		if (!collection_stack)
138 			return -ENOMEM;
139 
140 		parser->collection_stack = collection_stack;
141 		parser->collection_stack_size = new_size;
142 	}
143 
144 	if (parser->device->maxcollection == parser->device->collection_size) {
145 		collection = kmalloc(
146 				array3_size(sizeof(struct hid_collection),
147 					    parser->device->collection_size,
148 					    2),
149 				GFP_KERNEL);
150 		if (collection == NULL) {
151 			hid_err(parser->device, "failed to reallocate collection array\n");
152 			return -ENOMEM;
153 		}
154 		memcpy(collection, parser->device->collection,
155 			sizeof(struct hid_collection) *
156 			parser->device->collection_size);
157 		memset(collection + parser->device->collection_size, 0,
158 			sizeof(struct hid_collection) *
159 			parser->device->collection_size);
160 		kfree(parser->device->collection);
161 		parser->device->collection = collection;
162 		parser->device->collection_size *= 2;
163 	}
164 
165 	parser->collection_stack[parser->collection_stack_ptr++] =
166 		parser->device->maxcollection;
167 
168 	collection_index = parser->device->maxcollection++;
169 	collection = parser->device->collection + collection_index;
170 	collection->type = type;
171 	collection->usage = usage;
172 	collection->level = parser->collection_stack_ptr - 1;
173 	collection->parent_idx = (collection->level == 0) ? -1 :
174 		parser->collection_stack[collection->level - 1];
175 
176 	if (type == HID_COLLECTION_APPLICATION)
177 		parser->device->maxapplication++;
178 
179 	return 0;
180 }
181 
182 /*
183  * Close a collection.
184  */
185 
186 static int close_collection(struct hid_parser *parser)
187 {
188 	if (!parser->collection_stack_ptr) {
189 		hid_err(parser->device, "collection stack underflow\n");
190 		return -EINVAL;
191 	}
192 	parser->collection_stack_ptr--;
193 	return 0;
194 }
195 
196 /*
197  * Climb up the stack, search for the specified collection type
198  * and return the usage.
199  */
200 
201 static unsigned hid_lookup_collection(struct hid_parser *parser, unsigned type)
202 {
203 	struct hid_collection *collection = parser->device->collection;
204 	int n;
205 
206 	for (n = parser->collection_stack_ptr - 1; n >= 0; n--) {
207 		unsigned index = parser->collection_stack[n];
208 		if (collection[index].type == type)
209 			return collection[index].usage;
210 	}
211 	return 0; /* we know nothing about this usage type */
212 }
213 
214 /*
215  * Concatenate usage which defines 16 bits or less with the
216  * currently defined usage page to form a 32 bit usage
217  */
218 
219 static void complete_usage(struct hid_parser *parser, unsigned int index)
220 {
221 	parser->local.usage[index] &= 0xFFFF;
222 	parser->local.usage[index] |=
223 		(parser->global.usage_page & 0xFFFF) << 16;
224 }
225 
226 /*
227  * Add a usage to the temporary parser table.
228  */
229 
230 static int hid_add_usage(struct hid_parser *parser, unsigned usage, u8 size)
231 {
232 	if (parser->local.usage_index >= HID_MAX_USAGES) {
233 		hid_err(parser->device, "usage index exceeded\n");
234 		return -1;
235 	}
236 	parser->local.usage[parser->local.usage_index] = usage;
237 
238 	/*
239 	 * If Usage item only includes usage id, concatenate it with
240 	 * currently defined usage page
241 	 */
242 	if (size <= 2)
243 		complete_usage(parser, parser->local.usage_index);
244 
245 	parser->local.usage_size[parser->local.usage_index] = size;
246 	parser->local.collection_index[parser->local.usage_index] =
247 		parser->collection_stack_ptr ?
248 		parser->collection_stack[parser->collection_stack_ptr - 1] : 0;
249 	parser->local.usage_index++;
250 	return 0;
251 }
252 
253 /*
254  * Register a new field for this report.
255  */
256 
257 static int hid_add_field(struct hid_parser *parser, unsigned report_type, unsigned flags)
258 {
259 	struct hid_report *report;
260 	struct hid_field *field;
261 	unsigned int usages;
262 	unsigned int offset;
263 	unsigned int i;
264 	unsigned int application;
265 
266 	application = hid_lookup_collection(parser, HID_COLLECTION_APPLICATION);
267 
268 	report = hid_register_report(parser->device, report_type,
269 				     parser->global.report_id, application);
270 	if (!report) {
271 		hid_err(parser->device, "hid_register_report failed\n");
272 		return -1;
273 	}
274 
275 	/* Handle both signed and unsigned cases properly */
276 	if ((parser->global.logical_minimum < 0 &&
277 		parser->global.logical_maximum <
278 		parser->global.logical_minimum) ||
279 		(parser->global.logical_minimum >= 0 &&
280 		(__u32)parser->global.logical_maximum <
281 		(__u32)parser->global.logical_minimum)) {
282 		dbg_hid("logical range invalid 0x%x 0x%x\n",
283 			parser->global.logical_minimum,
284 			parser->global.logical_maximum);
285 		return -1;
286 	}
287 
288 	offset = report->size;
289 	report->size += parser->global.report_size * parser->global.report_count;
290 
291 	/* Total size check: Allow for possible report index byte */
292 	if (report->size > (HID_MAX_BUFFER_SIZE - 1) << 3) {
293 		hid_err(parser->device, "report is too long\n");
294 		return -1;
295 	}
296 
297 	if (!parser->local.usage_index) /* Ignore padding fields */
298 		return 0;
299 
300 	usages = max_t(unsigned, parser->local.usage_index,
301 				 parser->global.report_count);
302 
303 	field = hid_register_field(report, usages);
304 	if (!field)
305 		return 0;
306 
307 	field->physical = hid_lookup_collection(parser, HID_COLLECTION_PHYSICAL);
308 	field->logical = hid_lookup_collection(parser, HID_COLLECTION_LOGICAL);
309 	field->application = application;
310 
311 	for (i = 0; i < usages; i++) {
312 		unsigned j = i;
313 		/* Duplicate the last usage we parsed if we have excess values */
314 		if (i >= parser->local.usage_index)
315 			j = parser->local.usage_index - 1;
316 		field->usage[i].hid = parser->local.usage[j];
317 		field->usage[i].collection_index =
318 			parser->local.collection_index[j];
319 		field->usage[i].usage_index = i;
320 		field->usage[i].resolution_multiplier = 1;
321 	}
322 
323 	field->maxusage = usages;
324 	field->flags = flags;
325 	field->report_offset = offset;
326 	field->report_type = report_type;
327 	field->report_size = parser->global.report_size;
328 	field->report_count = parser->global.report_count;
329 	field->logical_minimum = parser->global.logical_minimum;
330 	field->logical_maximum = parser->global.logical_maximum;
331 	field->physical_minimum = parser->global.physical_minimum;
332 	field->physical_maximum = parser->global.physical_maximum;
333 	field->unit_exponent = parser->global.unit_exponent;
334 	field->unit = parser->global.unit;
335 
336 	return 0;
337 }
338 
339 /*
340  * Read data value from item.
341  */
342 
343 static u32 item_udata(struct hid_item *item)
344 {
345 	switch (item->size) {
346 	case 1: return item->data.u8;
347 	case 2: return item->data.u16;
348 	case 4: return item->data.u32;
349 	}
350 	return 0;
351 }
352 
353 static s32 item_sdata(struct hid_item *item)
354 {
355 	switch (item->size) {
356 	case 1: return item->data.s8;
357 	case 2: return item->data.s16;
358 	case 4: return item->data.s32;
359 	}
360 	return 0;
361 }
362 
363 /*
364  * Process a global item.
365  */
366 
367 static int hid_parser_global(struct hid_parser *parser, struct hid_item *item)
368 {
369 	__s32 raw_value;
370 	switch (item->tag) {
371 	case HID_GLOBAL_ITEM_TAG_PUSH:
372 
373 		if (parser->global_stack_ptr == HID_GLOBAL_STACK_SIZE) {
374 			hid_err(parser->device, "global environment stack overflow\n");
375 			return -1;
376 		}
377 
378 		memcpy(parser->global_stack + parser->global_stack_ptr++,
379 			&parser->global, sizeof(struct hid_global));
380 		return 0;
381 
382 	case HID_GLOBAL_ITEM_TAG_POP:
383 
384 		if (!parser->global_stack_ptr) {
385 			hid_err(parser->device, "global environment stack underflow\n");
386 			return -1;
387 		}
388 
389 		memcpy(&parser->global, parser->global_stack +
390 			--parser->global_stack_ptr, sizeof(struct hid_global));
391 		return 0;
392 
393 	case HID_GLOBAL_ITEM_TAG_USAGE_PAGE:
394 		parser->global.usage_page = item_udata(item);
395 		return 0;
396 
397 	case HID_GLOBAL_ITEM_TAG_LOGICAL_MINIMUM:
398 		parser->global.logical_minimum = item_sdata(item);
399 		return 0;
400 
401 	case HID_GLOBAL_ITEM_TAG_LOGICAL_MAXIMUM:
402 		if (parser->global.logical_minimum < 0)
403 			parser->global.logical_maximum = item_sdata(item);
404 		else
405 			parser->global.logical_maximum = item_udata(item);
406 		return 0;
407 
408 	case HID_GLOBAL_ITEM_TAG_PHYSICAL_MINIMUM:
409 		parser->global.physical_minimum = item_sdata(item);
410 		return 0;
411 
412 	case HID_GLOBAL_ITEM_TAG_PHYSICAL_MAXIMUM:
413 		if (parser->global.physical_minimum < 0)
414 			parser->global.physical_maximum = item_sdata(item);
415 		else
416 			parser->global.physical_maximum = item_udata(item);
417 		return 0;
418 
419 	case HID_GLOBAL_ITEM_TAG_UNIT_EXPONENT:
420 		/* Many devices provide unit exponent as a two's complement
421 		 * nibble due to the common misunderstanding of HID
422 		 * specification 1.11, 6.2.2.7 Global Items. Attempt to handle
423 		 * both this and the standard encoding. */
424 		raw_value = item_sdata(item);
425 		if (!(raw_value & 0xfffffff0))
426 			parser->global.unit_exponent = hid_snto32(raw_value, 4);
427 		else
428 			parser->global.unit_exponent = raw_value;
429 		return 0;
430 
431 	case HID_GLOBAL_ITEM_TAG_UNIT:
432 		parser->global.unit = item_udata(item);
433 		return 0;
434 
435 	case HID_GLOBAL_ITEM_TAG_REPORT_SIZE:
436 		parser->global.report_size = item_udata(item);
437 		if (parser->global.report_size > 256) {
438 			hid_err(parser->device, "invalid report_size %d\n",
439 					parser->global.report_size);
440 			return -1;
441 		}
442 		return 0;
443 
444 	case HID_GLOBAL_ITEM_TAG_REPORT_COUNT:
445 		parser->global.report_count = item_udata(item);
446 		if (parser->global.report_count > HID_MAX_USAGES) {
447 			hid_err(parser->device, "invalid report_count %d\n",
448 					parser->global.report_count);
449 			return -1;
450 		}
451 		return 0;
452 
453 	case HID_GLOBAL_ITEM_TAG_REPORT_ID:
454 		parser->global.report_id = item_udata(item);
455 		if (parser->global.report_id == 0 ||
456 		    parser->global.report_id >= HID_MAX_IDS) {
457 			hid_err(parser->device, "report_id %u is invalid\n",
458 				parser->global.report_id);
459 			return -1;
460 		}
461 		return 0;
462 
463 	default:
464 		hid_err(parser->device, "unknown global tag 0x%x\n", item->tag);
465 		return -1;
466 	}
467 }
468 
469 /*
470  * Process a local item.
471  */
472 
473 static int hid_parser_local(struct hid_parser *parser, struct hid_item *item)
474 {
475 	__u32 data;
476 	unsigned n;
477 	__u32 count;
478 
479 	data = item_udata(item);
480 
481 	switch (item->tag) {
482 	case HID_LOCAL_ITEM_TAG_DELIMITER:
483 
484 		if (data) {
485 			/*
486 			 * We treat items before the first delimiter
487 			 * as global to all usage sets (branch 0).
488 			 * In the moment we process only these global
489 			 * items and the first delimiter set.
490 			 */
491 			if (parser->local.delimiter_depth != 0) {
492 				hid_err(parser->device, "nested delimiters\n");
493 				return -1;
494 			}
495 			parser->local.delimiter_depth++;
496 			parser->local.delimiter_branch++;
497 		} else {
498 			if (parser->local.delimiter_depth < 1) {
499 				hid_err(parser->device, "bogus close delimiter\n");
500 				return -1;
501 			}
502 			parser->local.delimiter_depth--;
503 		}
504 		return 0;
505 
506 	case HID_LOCAL_ITEM_TAG_USAGE:
507 
508 		if (parser->local.delimiter_branch > 1) {
509 			dbg_hid("alternative usage ignored\n");
510 			return 0;
511 		}
512 
513 		return hid_add_usage(parser, data, item->size);
514 
515 	case HID_LOCAL_ITEM_TAG_USAGE_MINIMUM:
516 
517 		if (parser->local.delimiter_branch > 1) {
518 			dbg_hid("alternative usage ignored\n");
519 			return 0;
520 		}
521 
522 		parser->local.usage_minimum = data;
523 		return 0;
524 
525 	case HID_LOCAL_ITEM_TAG_USAGE_MAXIMUM:
526 
527 		if (parser->local.delimiter_branch > 1) {
528 			dbg_hid("alternative usage ignored\n");
529 			return 0;
530 		}
531 
532 		count = data - parser->local.usage_minimum;
533 		if (count + parser->local.usage_index >= HID_MAX_USAGES) {
534 			/*
535 			 * We do not warn if the name is not set, we are
536 			 * actually pre-scanning the device.
537 			 */
538 			if (dev_name(&parser->device->dev))
539 				hid_warn(parser->device,
540 					 "ignoring exceeding usage max\n");
541 			data = HID_MAX_USAGES - parser->local.usage_index +
542 				parser->local.usage_minimum - 1;
543 			if (data <= 0) {
544 				hid_err(parser->device,
545 					"no more usage index available\n");
546 				return -1;
547 			}
548 		}
549 
550 		for (n = parser->local.usage_minimum; n <= data; n++)
551 			if (hid_add_usage(parser, n, item->size)) {
552 				dbg_hid("hid_add_usage failed\n");
553 				return -1;
554 			}
555 		return 0;
556 
557 	default:
558 
559 		dbg_hid("unknown local item tag 0x%x\n", item->tag);
560 		return 0;
561 	}
562 	return 0;
563 }
564 
565 /*
566  * Concatenate Usage Pages into Usages where relevant:
567  * As per specification, 6.2.2.8: "When the parser encounters a main item it
568  * concatenates the last declared Usage Page with a Usage to form a complete
569  * usage value."
570  */
571 
572 static void hid_concatenate_last_usage_page(struct hid_parser *parser)
573 {
574 	int i;
575 	unsigned int usage_page;
576 	unsigned int current_page;
577 
578 	if (!parser->local.usage_index)
579 		return;
580 
581 	usage_page = parser->global.usage_page;
582 
583 	/*
584 	 * Concatenate usage page again only if last declared Usage Page
585 	 * has not been already used in previous usages concatenation
586 	 */
587 	for (i = parser->local.usage_index - 1; i >= 0; i--) {
588 		if (parser->local.usage_size[i] > 2)
589 			/* Ignore extended usages */
590 			continue;
591 
592 		current_page = parser->local.usage[i] >> 16;
593 		if (current_page == usage_page)
594 			break;
595 
596 		complete_usage(parser, i);
597 	}
598 }
599 
600 /*
601  * Process a main item.
602  */
603 
604 static int hid_parser_main(struct hid_parser *parser, struct hid_item *item)
605 {
606 	__u32 data;
607 	int ret;
608 
609 	hid_concatenate_last_usage_page(parser);
610 
611 	data = item_udata(item);
612 
613 	switch (item->tag) {
614 	case HID_MAIN_ITEM_TAG_BEGIN_COLLECTION:
615 		ret = open_collection(parser, data & 0xff);
616 		break;
617 	case HID_MAIN_ITEM_TAG_END_COLLECTION:
618 		ret = close_collection(parser);
619 		break;
620 	case HID_MAIN_ITEM_TAG_INPUT:
621 		ret = hid_add_field(parser, HID_INPUT_REPORT, data);
622 		break;
623 	case HID_MAIN_ITEM_TAG_OUTPUT:
624 		ret = hid_add_field(parser, HID_OUTPUT_REPORT, data);
625 		break;
626 	case HID_MAIN_ITEM_TAG_FEATURE:
627 		ret = hid_add_field(parser, HID_FEATURE_REPORT, data);
628 		break;
629 	default:
630 		hid_warn(parser->device, "unknown main item tag 0x%x\n", item->tag);
631 		ret = 0;
632 	}
633 
634 	memset(&parser->local, 0, sizeof(parser->local));	/* Reset the local parser environment */
635 
636 	return ret;
637 }
638 
639 /*
640  * Process a reserved item.
641  */
642 
643 static int hid_parser_reserved(struct hid_parser *parser, struct hid_item *item)
644 {
645 	dbg_hid("reserved item type, tag 0x%x\n", item->tag);
646 	return 0;
647 }
648 
649 /*
650  * Free a report and all registered fields. The field->usage and
651  * field->value table's are allocated behind the field, so we need
652  * only to free(field) itself.
653  */
654 
655 static void hid_free_report(struct hid_report *report)
656 {
657 	unsigned n;
658 
659 	for (n = 0; n < report->maxfield; n++)
660 		kfree(report->field[n]);
661 	kfree(report);
662 }
663 
664 /*
665  * Close report. This function returns the device
666  * state to the point prior to hid_open_report().
667  */
668 static void hid_close_report(struct hid_device *device)
669 {
670 	unsigned i, j;
671 
672 	for (i = 0; i < HID_REPORT_TYPES; i++) {
673 		struct hid_report_enum *report_enum = device->report_enum + i;
674 
675 		for (j = 0; j < HID_MAX_IDS; j++) {
676 			struct hid_report *report = report_enum->report_id_hash[j];
677 			if (report)
678 				hid_free_report(report);
679 		}
680 		memset(report_enum, 0, sizeof(*report_enum));
681 		INIT_LIST_HEAD(&report_enum->report_list);
682 	}
683 
684 	kfree(device->rdesc);
685 	device->rdesc = NULL;
686 	device->rsize = 0;
687 
688 	kfree(device->collection);
689 	device->collection = NULL;
690 	device->collection_size = 0;
691 	device->maxcollection = 0;
692 	device->maxapplication = 0;
693 
694 	device->status &= ~HID_STAT_PARSED;
695 }
696 
697 /*
698  * Free a device structure, all reports, and all fields.
699  */
700 
701 static void hid_device_release(struct device *dev)
702 {
703 	struct hid_device *hid = to_hid_device(dev);
704 
705 	hid_close_report(hid);
706 	kfree(hid->dev_rdesc);
707 	kfree(hid);
708 }
709 
710 /*
711  * Fetch a report description item from the data stream. We support long
712  * items, though they are not used yet.
713  */
714 
715 static u8 *fetch_item(__u8 *start, __u8 *end, struct hid_item *item)
716 {
717 	u8 b;
718 
719 	if ((end - start) <= 0)
720 		return NULL;
721 
722 	b = *start++;
723 
724 	item->type = (b >> 2) & 3;
725 	item->tag  = (b >> 4) & 15;
726 
727 	if (item->tag == HID_ITEM_TAG_LONG) {
728 
729 		item->format = HID_ITEM_FORMAT_LONG;
730 
731 		if ((end - start) < 2)
732 			return NULL;
733 
734 		item->size = *start++;
735 		item->tag  = *start++;
736 
737 		if ((end - start) < item->size)
738 			return NULL;
739 
740 		item->data.longdata = start;
741 		start += item->size;
742 		return start;
743 	}
744 
745 	item->format = HID_ITEM_FORMAT_SHORT;
746 	item->size = b & 3;
747 
748 	switch (item->size) {
749 	case 0:
750 		return start;
751 
752 	case 1:
753 		if ((end - start) < 1)
754 			return NULL;
755 		item->data.u8 = *start++;
756 		return start;
757 
758 	case 2:
759 		if ((end - start) < 2)
760 			return NULL;
761 		item->data.u16 = get_unaligned_le16(start);
762 		start = (__u8 *)((__le16 *)start + 1);
763 		return start;
764 
765 	case 3:
766 		item->size++;
767 		if ((end - start) < 4)
768 			return NULL;
769 		item->data.u32 = get_unaligned_le32(start);
770 		start = (__u8 *)((__le32 *)start + 1);
771 		return start;
772 	}
773 
774 	return NULL;
775 }
776 
777 static void hid_scan_input_usage(struct hid_parser *parser, u32 usage)
778 {
779 	struct hid_device *hid = parser->device;
780 
781 	if (usage == HID_DG_CONTACTID)
782 		hid->group = HID_GROUP_MULTITOUCH;
783 }
784 
785 static void hid_scan_feature_usage(struct hid_parser *parser, u32 usage)
786 {
787 	if (usage == 0xff0000c5 && parser->global.report_count == 256 &&
788 	    parser->global.report_size == 8)
789 		parser->scan_flags |= HID_SCAN_FLAG_MT_WIN_8;
790 
791 	if (usage == 0xff0000c6 && parser->global.report_count == 1 &&
792 	    parser->global.report_size == 8)
793 		parser->scan_flags |= HID_SCAN_FLAG_MT_WIN_8;
794 }
795 
796 static void hid_scan_collection(struct hid_parser *parser, unsigned type)
797 {
798 	struct hid_device *hid = parser->device;
799 	int i;
800 
801 	if (((parser->global.usage_page << 16) == HID_UP_SENSOR) &&
802 	    type == HID_COLLECTION_PHYSICAL)
803 		hid->group = HID_GROUP_SENSOR_HUB;
804 
805 	if (hid->vendor == USB_VENDOR_ID_MICROSOFT &&
806 	    hid->product == USB_DEVICE_ID_MS_POWER_COVER &&
807 	    hid->group == HID_GROUP_MULTITOUCH)
808 		hid->group = HID_GROUP_GENERIC;
809 
810 	if ((parser->global.usage_page << 16) == HID_UP_GENDESK)
811 		for (i = 0; i < parser->local.usage_index; i++)
812 			if (parser->local.usage[i] == HID_GD_POINTER)
813 				parser->scan_flags |= HID_SCAN_FLAG_GD_POINTER;
814 
815 	if ((parser->global.usage_page << 16) >= HID_UP_MSVENDOR)
816 		parser->scan_flags |= HID_SCAN_FLAG_VENDOR_SPECIFIC;
817 
818 	if ((parser->global.usage_page << 16) == HID_UP_GOOGLEVENDOR)
819 		for (i = 0; i < parser->local.usage_index; i++)
820 			if (parser->local.usage[i] ==
821 					(HID_UP_GOOGLEVENDOR | 0x0001))
822 				parser->device->group =
823 					HID_GROUP_VIVALDI;
824 }
825 
826 static int hid_scan_main(struct hid_parser *parser, struct hid_item *item)
827 {
828 	__u32 data;
829 	int i;
830 
831 	hid_concatenate_last_usage_page(parser);
832 
833 	data = item_udata(item);
834 
835 	switch (item->tag) {
836 	case HID_MAIN_ITEM_TAG_BEGIN_COLLECTION:
837 		hid_scan_collection(parser, data & 0xff);
838 		break;
839 	case HID_MAIN_ITEM_TAG_END_COLLECTION:
840 		break;
841 	case HID_MAIN_ITEM_TAG_INPUT:
842 		/* ignore constant inputs, they will be ignored by hid-input */
843 		if (data & HID_MAIN_ITEM_CONSTANT)
844 			break;
845 		for (i = 0; i < parser->local.usage_index; i++)
846 			hid_scan_input_usage(parser, parser->local.usage[i]);
847 		break;
848 	case HID_MAIN_ITEM_TAG_OUTPUT:
849 		break;
850 	case HID_MAIN_ITEM_TAG_FEATURE:
851 		for (i = 0; i < parser->local.usage_index; i++)
852 			hid_scan_feature_usage(parser, parser->local.usage[i]);
853 		break;
854 	}
855 
856 	/* Reset the local parser environment */
857 	memset(&parser->local, 0, sizeof(parser->local));
858 
859 	return 0;
860 }
861 
862 /*
863  * Scan a report descriptor before the device is added to the bus.
864  * Sets device groups and other properties that determine what driver
865  * to load.
866  */
867 static int hid_scan_report(struct hid_device *hid)
868 {
869 	struct hid_parser *parser;
870 	struct hid_item item;
871 	__u8 *start = hid->dev_rdesc;
872 	__u8 *end = start + hid->dev_rsize;
873 	static int (*dispatch_type[])(struct hid_parser *parser,
874 				      struct hid_item *item) = {
875 		hid_scan_main,
876 		hid_parser_global,
877 		hid_parser_local,
878 		hid_parser_reserved
879 	};
880 
881 	parser = vzalloc(sizeof(struct hid_parser));
882 	if (!parser)
883 		return -ENOMEM;
884 
885 	parser->device = hid;
886 	hid->group = HID_GROUP_GENERIC;
887 
888 	/*
889 	 * The parsing is simpler than the one in hid_open_report() as we should
890 	 * be robust against hid errors. Those errors will be raised by
891 	 * hid_open_report() anyway.
892 	 */
893 	while ((start = fetch_item(start, end, &item)) != NULL)
894 		dispatch_type[item.type](parser, &item);
895 
896 	/*
897 	 * Handle special flags set during scanning.
898 	 */
899 	if ((parser->scan_flags & HID_SCAN_FLAG_MT_WIN_8) &&
900 	    (hid->group == HID_GROUP_MULTITOUCH))
901 		hid->group = HID_GROUP_MULTITOUCH_WIN_8;
902 
903 	/*
904 	 * Vendor specific handlings
905 	 */
906 	switch (hid->vendor) {
907 	case USB_VENDOR_ID_WACOM:
908 		hid->group = HID_GROUP_WACOM;
909 		break;
910 	case USB_VENDOR_ID_SYNAPTICS:
911 		if (hid->group == HID_GROUP_GENERIC)
912 			if ((parser->scan_flags & HID_SCAN_FLAG_VENDOR_SPECIFIC)
913 			    && (parser->scan_flags & HID_SCAN_FLAG_GD_POINTER))
914 				/*
915 				 * hid-rmi should take care of them,
916 				 * not hid-generic
917 				 */
918 				hid->group = HID_GROUP_RMI;
919 		break;
920 	}
921 
922 	kfree(parser->collection_stack);
923 	vfree(parser);
924 	return 0;
925 }
926 
927 /**
928  * hid_parse_report - parse device report
929  *
930  * @hid: hid device
931  * @start: report start
932  * @size: report size
933  *
934  * Allocate the device report as read by the bus driver. This function should
935  * only be called from parse() in ll drivers.
936  */
937 int hid_parse_report(struct hid_device *hid, __u8 *start, unsigned size)
938 {
939 	hid->dev_rdesc = kmemdup(start, size, GFP_KERNEL);
940 	if (!hid->dev_rdesc)
941 		return -ENOMEM;
942 	hid->dev_rsize = size;
943 	return 0;
944 }
945 EXPORT_SYMBOL_GPL(hid_parse_report);
946 
947 static const char * const hid_report_names[] = {
948 	"HID_INPUT_REPORT",
949 	"HID_OUTPUT_REPORT",
950 	"HID_FEATURE_REPORT",
951 };
952 /**
953  * hid_validate_values - validate existing device report's value indexes
954  *
955  * @hid: hid device
956  * @type: which report type to examine
957  * @id: which report ID to examine (0 for first)
958  * @field_index: which report field to examine
959  * @report_counts: expected number of values
960  *
961  * Validate the number of values in a given field of a given report, after
962  * parsing.
963  */
964 struct hid_report *hid_validate_values(struct hid_device *hid,
965 				       unsigned int type, unsigned int id,
966 				       unsigned int field_index,
967 				       unsigned int report_counts)
968 {
969 	struct hid_report *report;
970 
971 	if (type > HID_FEATURE_REPORT) {
972 		hid_err(hid, "invalid HID report type %u\n", type);
973 		return NULL;
974 	}
975 
976 	if (id >= HID_MAX_IDS) {
977 		hid_err(hid, "invalid HID report id %u\n", id);
978 		return NULL;
979 	}
980 
981 	/*
982 	 * Explicitly not using hid_get_report() here since it depends on
983 	 * ->numbered being checked, which may not always be the case when
984 	 * drivers go to access report values.
985 	 */
986 	if (id == 0) {
987 		/*
988 		 * Validating on id 0 means we should examine the first
989 		 * report in the list.
990 		 */
991 		report = list_entry(
992 				hid->report_enum[type].report_list.next,
993 				struct hid_report, list);
994 	} else {
995 		report = hid->report_enum[type].report_id_hash[id];
996 	}
997 	if (!report) {
998 		hid_err(hid, "missing %s %u\n", hid_report_names[type], id);
999 		return NULL;
1000 	}
1001 	if (report->maxfield <= field_index) {
1002 		hid_err(hid, "not enough fields in %s %u\n",
1003 			hid_report_names[type], id);
1004 		return NULL;
1005 	}
1006 	if (report->field[field_index]->report_count < report_counts) {
1007 		hid_err(hid, "not enough values in %s %u field %u\n",
1008 			hid_report_names[type], id, field_index);
1009 		return NULL;
1010 	}
1011 	return report;
1012 }
1013 EXPORT_SYMBOL_GPL(hid_validate_values);
1014 
1015 static int hid_calculate_multiplier(struct hid_device *hid,
1016 				     struct hid_field *multiplier)
1017 {
1018 	int m;
1019 	__s32 v = *multiplier->value;
1020 	__s32 lmin = multiplier->logical_minimum;
1021 	__s32 lmax = multiplier->logical_maximum;
1022 	__s32 pmin = multiplier->physical_minimum;
1023 	__s32 pmax = multiplier->physical_maximum;
1024 
1025 	/*
1026 	 * "Because OS implementations will generally divide the control's
1027 	 * reported count by the Effective Resolution Multiplier, designers
1028 	 * should take care not to establish a potential Effective
1029 	 * Resolution Multiplier of zero."
1030 	 * HID Usage Table, v1.12, Section 4.3.1, p31
1031 	 */
1032 	if (lmax - lmin == 0)
1033 		return 1;
1034 	/*
1035 	 * Handling the unit exponent is left as an exercise to whoever
1036 	 * finds a device where that exponent is not 0.
1037 	 */
1038 	m = ((v - lmin)/(lmax - lmin) * (pmax - pmin) + pmin);
1039 	if (unlikely(multiplier->unit_exponent != 0)) {
1040 		hid_warn(hid,
1041 			 "unsupported Resolution Multiplier unit exponent %d\n",
1042 			 multiplier->unit_exponent);
1043 	}
1044 
1045 	/* There are no devices with an effective multiplier > 255 */
1046 	if (unlikely(m == 0 || m > 255 || m < -255)) {
1047 		hid_warn(hid, "unsupported Resolution Multiplier %d\n", m);
1048 		m = 1;
1049 	}
1050 
1051 	return m;
1052 }
1053 
1054 static void hid_apply_multiplier_to_field(struct hid_device *hid,
1055 					  struct hid_field *field,
1056 					  struct hid_collection *multiplier_collection,
1057 					  int effective_multiplier)
1058 {
1059 	struct hid_collection *collection;
1060 	struct hid_usage *usage;
1061 	int i;
1062 
1063 	/*
1064 	 * If multiplier_collection is NULL, the multiplier applies
1065 	 * to all fields in the report.
1066 	 * Otherwise, it is the Logical Collection the multiplier applies to
1067 	 * but our field may be in a subcollection of that collection.
1068 	 */
1069 	for (i = 0; i < field->maxusage; i++) {
1070 		usage = &field->usage[i];
1071 
1072 		collection = &hid->collection[usage->collection_index];
1073 		while (collection->parent_idx != -1 &&
1074 		       collection != multiplier_collection)
1075 			collection = &hid->collection[collection->parent_idx];
1076 
1077 		if (collection->parent_idx != -1 ||
1078 		    multiplier_collection == NULL)
1079 			usage->resolution_multiplier = effective_multiplier;
1080 
1081 	}
1082 }
1083 
1084 static void hid_apply_multiplier(struct hid_device *hid,
1085 				 struct hid_field *multiplier)
1086 {
1087 	struct hid_report_enum *rep_enum;
1088 	struct hid_report *rep;
1089 	struct hid_field *field;
1090 	struct hid_collection *multiplier_collection;
1091 	int effective_multiplier;
1092 	int i;
1093 
1094 	/*
1095 	 * "The Resolution Multiplier control must be contained in the same
1096 	 * Logical Collection as the control(s) to which it is to be applied.
1097 	 * If no Resolution Multiplier is defined, then the Resolution
1098 	 * Multiplier defaults to 1.  If more than one control exists in a
1099 	 * Logical Collection, the Resolution Multiplier is associated with
1100 	 * all controls in the collection. If no Logical Collection is
1101 	 * defined, the Resolution Multiplier is associated with all
1102 	 * controls in the report."
1103 	 * HID Usage Table, v1.12, Section 4.3.1, p30
1104 	 *
1105 	 * Thus, search from the current collection upwards until we find a
1106 	 * logical collection. Then search all fields for that same parent
1107 	 * collection. Those are the fields the multiplier applies to.
1108 	 *
1109 	 * If we have more than one multiplier, it will overwrite the
1110 	 * applicable fields later.
1111 	 */
1112 	multiplier_collection = &hid->collection[multiplier->usage->collection_index];
1113 	while (multiplier_collection->parent_idx != -1 &&
1114 	       multiplier_collection->type != HID_COLLECTION_LOGICAL)
1115 		multiplier_collection = &hid->collection[multiplier_collection->parent_idx];
1116 
1117 	effective_multiplier = hid_calculate_multiplier(hid, multiplier);
1118 
1119 	rep_enum = &hid->report_enum[HID_INPUT_REPORT];
1120 	list_for_each_entry(rep, &rep_enum->report_list, list) {
1121 		for (i = 0; i < rep->maxfield; i++) {
1122 			field = rep->field[i];
1123 			hid_apply_multiplier_to_field(hid, field,
1124 						      multiplier_collection,
1125 						      effective_multiplier);
1126 		}
1127 	}
1128 }
1129 
1130 /*
1131  * hid_setup_resolution_multiplier - set up all resolution multipliers
1132  *
1133  * @device: hid device
1134  *
1135  * Search for all Resolution Multiplier Feature Reports and apply their
1136  * value to all matching Input items. This only updates the internal struct
1137  * fields.
1138  *
1139  * The Resolution Multiplier is applied by the hardware. If the multiplier
1140  * is anything other than 1, the hardware will send pre-multiplied events
1141  * so that the same physical interaction generates an accumulated
1142  *	accumulated_value = value * * multiplier
1143  * This may be achieved by sending
1144  * - "value * multiplier" for each event, or
1145  * - "value" but "multiplier" times as frequently, or
1146  * - a combination of the above
1147  * The only guarantee is that the same physical interaction always generates
1148  * an accumulated 'value * multiplier'.
1149  *
1150  * This function must be called before any event processing and after
1151  * any SetRequest to the Resolution Multiplier.
1152  */
1153 void hid_setup_resolution_multiplier(struct hid_device *hid)
1154 {
1155 	struct hid_report_enum *rep_enum;
1156 	struct hid_report *rep;
1157 	struct hid_usage *usage;
1158 	int i, j;
1159 
1160 	rep_enum = &hid->report_enum[HID_FEATURE_REPORT];
1161 	list_for_each_entry(rep, &rep_enum->report_list, list) {
1162 		for (i = 0; i < rep->maxfield; i++) {
1163 			/* Ignore if report count is out of bounds. */
1164 			if (rep->field[i]->report_count < 1)
1165 				continue;
1166 
1167 			for (j = 0; j < rep->field[i]->maxusage; j++) {
1168 				usage = &rep->field[i]->usage[j];
1169 				if (usage->hid == HID_GD_RESOLUTION_MULTIPLIER)
1170 					hid_apply_multiplier(hid,
1171 							     rep->field[i]);
1172 			}
1173 		}
1174 	}
1175 }
1176 EXPORT_SYMBOL_GPL(hid_setup_resolution_multiplier);
1177 
1178 /**
1179  * hid_open_report - open a driver-specific device report
1180  *
1181  * @device: hid device
1182  *
1183  * Parse a report description into a hid_device structure. Reports are
1184  * enumerated, fields are attached to these reports.
1185  * 0 returned on success, otherwise nonzero error value.
1186  *
1187  * This function (or the equivalent hid_parse() macro) should only be
1188  * called from probe() in drivers, before starting the device.
1189  */
1190 int hid_open_report(struct hid_device *device)
1191 {
1192 	struct hid_parser *parser;
1193 	struct hid_item item;
1194 	unsigned int size;
1195 	__u8 *start;
1196 	__u8 *buf;
1197 	__u8 *end;
1198 	__u8 *next;
1199 	int ret;
1200 	static int (*dispatch_type[])(struct hid_parser *parser,
1201 				      struct hid_item *item) = {
1202 		hid_parser_main,
1203 		hid_parser_global,
1204 		hid_parser_local,
1205 		hid_parser_reserved
1206 	};
1207 
1208 	if (WARN_ON(device->status & HID_STAT_PARSED))
1209 		return -EBUSY;
1210 
1211 	start = device->dev_rdesc;
1212 	if (WARN_ON(!start))
1213 		return -ENODEV;
1214 	size = device->dev_rsize;
1215 
1216 	buf = kmemdup(start, size, GFP_KERNEL);
1217 	if (buf == NULL)
1218 		return -ENOMEM;
1219 
1220 	if (device->driver->report_fixup)
1221 		start = device->driver->report_fixup(device, buf, &size);
1222 	else
1223 		start = buf;
1224 
1225 	start = kmemdup(start, size, GFP_KERNEL);
1226 	kfree(buf);
1227 	if (start == NULL)
1228 		return -ENOMEM;
1229 
1230 	device->rdesc = start;
1231 	device->rsize = size;
1232 
1233 	parser = vzalloc(sizeof(struct hid_parser));
1234 	if (!parser) {
1235 		ret = -ENOMEM;
1236 		goto alloc_err;
1237 	}
1238 
1239 	parser->device = device;
1240 
1241 	end = start + size;
1242 
1243 	device->collection = kcalloc(HID_DEFAULT_NUM_COLLECTIONS,
1244 				     sizeof(struct hid_collection), GFP_KERNEL);
1245 	if (!device->collection) {
1246 		ret = -ENOMEM;
1247 		goto err;
1248 	}
1249 	device->collection_size = HID_DEFAULT_NUM_COLLECTIONS;
1250 
1251 	ret = -EINVAL;
1252 	while ((next = fetch_item(start, end, &item)) != NULL) {
1253 		start = next;
1254 
1255 		if (item.format != HID_ITEM_FORMAT_SHORT) {
1256 			hid_err(device, "unexpected long global item\n");
1257 			goto err;
1258 		}
1259 
1260 		if (dispatch_type[item.type](parser, &item)) {
1261 			hid_err(device, "item %u %u %u %u parsing failed\n",
1262 				item.format, (unsigned)item.size,
1263 				(unsigned)item.type, (unsigned)item.tag);
1264 			goto err;
1265 		}
1266 
1267 		if (start == end) {
1268 			if (parser->collection_stack_ptr) {
1269 				hid_err(device, "unbalanced collection at end of report description\n");
1270 				goto err;
1271 			}
1272 			if (parser->local.delimiter_depth) {
1273 				hid_err(device, "unbalanced delimiter at end of report description\n");
1274 				goto err;
1275 			}
1276 
1277 			/*
1278 			 * fetch initial values in case the device's
1279 			 * default multiplier isn't the recommended 1
1280 			 */
1281 			hid_setup_resolution_multiplier(device);
1282 
1283 			kfree(parser->collection_stack);
1284 			vfree(parser);
1285 			device->status |= HID_STAT_PARSED;
1286 
1287 			return 0;
1288 		}
1289 	}
1290 
1291 	hid_err(device, "item fetching failed at offset %u/%u\n",
1292 		size - (unsigned int)(end - start), size);
1293 err:
1294 	kfree(parser->collection_stack);
1295 alloc_err:
1296 	vfree(parser);
1297 	hid_close_report(device);
1298 	return ret;
1299 }
1300 EXPORT_SYMBOL_GPL(hid_open_report);
1301 
1302 /*
1303  * Convert a signed n-bit integer to signed 32-bit integer. Common
1304  * cases are done through the compiler, the screwed things has to be
1305  * done by hand.
1306  */
1307 
1308 static s32 snto32(__u32 value, unsigned n)
1309 {
1310 	if (!value || !n)
1311 		return 0;
1312 
1313 	switch (n) {
1314 	case 8:  return ((__s8)value);
1315 	case 16: return ((__s16)value);
1316 	case 32: return ((__s32)value);
1317 	}
1318 	return value & (1 << (n - 1)) ? value | (~0U << n) : value;
1319 }
1320 
1321 s32 hid_snto32(__u32 value, unsigned n)
1322 {
1323 	return snto32(value, n);
1324 }
1325 EXPORT_SYMBOL_GPL(hid_snto32);
1326 
1327 /*
1328  * Convert a signed 32-bit integer to a signed n-bit integer.
1329  */
1330 
1331 static u32 s32ton(__s32 value, unsigned n)
1332 {
1333 	s32 a = value >> (n - 1);
1334 	if (a && a != -1)
1335 		return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
1336 	return value & ((1 << n) - 1);
1337 }
1338 
1339 /*
1340  * Extract/implement a data field from/to a little endian report (bit array).
1341  *
1342  * Code sort-of follows HID spec:
1343  *     http://www.usb.org/developers/hidpage/HID1_11.pdf
1344  *
1345  * While the USB HID spec allows unlimited length bit fields in "report
1346  * descriptors", most devices never use more than 16 bits.
1347  * One model of UPS is claimed to report "LINEV" as a 32-bit field.
1348  * Search linux-kernel and linux-usb-devel archives for "hid-core extract".
1349  */
1350 
1351 static u32 __extract(u8 *report, unsigned offset, int n)
1352 {
1353 	unsigned int idx = offset / 8;
1354 	unsigned int bit_nr = 0;
1355 	unsigned int bit_shift = offset % 8;
1356 	int bits_to_copy = 8 - bit_shift;
1357 	u32 value = 0;
1358 	u32 mask = n < 32 ? (1U << n) - 1 : ~0U;
1359 
1360 	while (n > 0) {
1361 		value |= ((u32)report[idx] >> bit_shift) << bit_nr;
1362 		n -= bits_to_copy;
1363 		bit_nr += bits_to_copy;
1364 		bits_to_copy = 8;
1365 		bit_shift = 0;
1366 		idx++;
1367 	}
1368 
1369 	return value & mask;
1370 }
1371 
1372 u32 hid_field_extract(const struct hid_device *hid, u8 *report,
1373 			unsigned offset, unsigned n)
1374 {
1375 	if (n > 32) {
1376 		hid_warn_once(hid, "%s() called with n (%d) > 32! (%s)\n",
1377 			      __func__, n, current->comm);
1378 		n = 32;
1379 	}
1380 
1381 	return __extract(report, offset, n);
1382 }
1383 EXPORT_SYMBOL_GPL(hid_field_extract);
1384 
1385 /*
1386  * "implement" : set bits in a little endian bit stream.
1387  * Same concepts as "extract" (see comments above).
1388  * The data mangled in the bit stream remains in little endian
1389  * order the whole time. It make more sense to talk about
1390  * endianness of register values by considering a register
1391  * a "cached" copy of the little endian bit stream.
1392  */
1393 
1394 static void __implement(u8 *report, unsigned offset, int n, u32 value)
1395 {
1396 	unsigned int idx = offset / 8;
1397 	unsigned int bit_shift = offset % 8;
1398 	int bits_to_set = 8 - bit_shift;
1399 
1400 	while (n - bits_to_set >= 0) {
1401 		report[idx] &= ~(0xff << bit_shift);
1402 		report[idx] |= value << bit_shift;
1403 		value >>= bits_to_set;
1404 		n -= bits_to_set;
1405 		bits_to_set = 8;
1406 		bit_shift = 0;
1407 		idx++;
1408 	}
1409 
1410 	/* last nibble */
1411 	if (n) {
1412 		u8 bit_mask = ((1U << n) - 1);
1413 		report[idx] &= ~(bit_mask << bit_shift);
1414 		report[idx] |= value << bit_shift;
1415 	}
1416 }
1417 
1418 static void implement(const struct hid_device *hid, u8 *report,
1419 		      unsigned offset, unsigned n, u32 value)
1420 {
1421 	if (unlikely(n > 32)) {
1422 		hid_warn(hid, "%s() called with n (%d) > 32! (%s)\n",
1423 			 __func__, n, current->comm);
1424 		n = 32;
1425 	} else if (n < 32) {
1426 		u32 m = (1U << n) - 1;
1427 
1428 		if (unlikely(value > m)) {
1429 			hid_warn(hid,
1430 				 "%s() called with too large value %d (n: %d)! (%s)\n",
1431 				 __func__, value, n, current->comm);
1432 			WARN_ON(1);
1433 			value &= m;
1434 		}
1435 	}
1436 
1437 	__implement(report, offset, n, value);
1438 }
1439 
1440 /*
1441  * Search an array for a value.
1442  */
1443 
1444 static int search(__s32 *array, __s32 value, unsigned n)
1445 {
1446 	while (n--) {
1447 		if (*array++ == value)
1448 			return 0;
1449 	}
1450 	return -1;
1451 }
1452 
1453 /**
1454  * hid_match_report - check if driver's raw_event should be called
1455  *
1456  * @hid: hid device
1457  * @report: hid report to match against
1458  *
1459  * compare hid->driver->report_table->report_type to report->type
1460  */
1461 static int hid_match_report(struct hid_device *hid, struct hid_report *report)
1462 {
1463 	const struct hid_report_id *id = hid->driver->report_table;
1464 
1465 	if (!id) /* NULL means all */
1466 		return 1;
1467 
1468 	for (; id->report_type != HID_TERMINATOR; id++)
1469 		if (id->report_type == HID_ANY_ID ||
1470 				id->report_type == report->type)
1471 			return 1;
1472 	return 0;
1473 }
1474 
1475 /**
1476  * hid_match_usage - check if driver's event should be called
1477  *
1478  * @hid: hid device
1479  * @usage: usage to match against
1480  *
1481  * compare hid->driver->usage_table->usage_{type,code} to
1482  * usage->usage_{type,code}
1483  */
1484 static int hid_match_usage(struct hid_device *hid, struct hid_usage *usage)
1485 {
1486 	const struct hid_usage_id *id = hid->driver->usage_table;
1487 
1488 	if (!id) /* NULL means all */
1489 		return 1;
1490 
1491 	for (; id->usage_type != HID_ANY_ID - 1; id++)
1492 		if ((id->usage_hid == HID_ANY_ID ||
1493 				id->usage_hid == usage->hid) &&
1494 				(id->usage_type == HID_ANY_ID ||
1495 				id->usage_type == usage->type) &&
1496 				(id->usage_code == HID_ANY_ID ||
1497 				 id->usage_code == usage->code))
1498 			return 1;
1499 	return 0;
1500 }
1501 
1502 static void hid_process_event(struct hid_device *hid, struct hid_field *field,
1503 		struct hid_usage *usage, __s32 value, int interrupt)
1504 {
1505 	struct hid_driver *hdrv = hid->driver;
1506 	int ret;
1507 
1508 	if (!list_empty(&hid->debug_list))
1509 		hid_dump_input(hid, usage, value);
1510 
1511 	if (hdrv && hdrv->event && hid_match_usage(hid, usage)) {
1512 		ret = hdrv->event(hid, field, usage, value);
1513 		if (ret != 0) {
1514 			if (ret < 0)
1515 				hid_err(hid, "%s's event failed with %d\n",
1516 						hdrv->name, ret);
1517 			return;
1518 		}
1519 	}
1520 
1521 	if (hid->claimed & HID_CLAIMED_INPUT)
1522 		hidinput_hid_event(hid, field, usage, value);
1523 	if (hid->claimed & HID_CLAIMED_HIDDEV && interrupt && hid->hiddev_hid_event)
1524 		hid->hiddev_hid_event(hid, field, usage, value);
1525 }
1526 
1527 /*
1528  * Analyse a received field, and fetch the data from it. The field
1529  * content is stored for next report processing (we do differential
1530  * reporting to the layer).
1531  */
1532 
1533 static void hid_input_field(struct hid_device *hid, struct hid_field *field,
1534 			    __u8 *data, int interrupt)
1535 {
1536 	unsigned n;
1537 	unsigned count = field->report_count;
1538 	unsigned offset = field->report_offset;
1539 	unsigned size = field->report_size;
1540 	__s32 min = field->logical_minimum;
1541 	__s32 max = field->logical_maximum;
1542 	__s32 *value;
1543 
1544 	value = kmalloc_array(count, sizeof(__s32), GFP_ATOMIC);
1545 	if (!value)
1546 		return;
1547 
1548 	for (n = 0; n < count; n++) {
1549 
1550 		value[n] = min < 0 ?
1551 			snto32(hid_field_extract(hid, data, offset + n * size,
1552 			       size), size) :
1553 			hid_field_extract(hid, data, offset + n * size, size);
1554 
1555 		/* Ignore report if ErrorRollOver */
1556 		if (!(field->flags & HID_MAIN_ITEM_VARIABLE) &&
1557 		    value[n] >= min && value[n] <= max &&
1558 		    value[n] - min < field->maxusage &&
1559 		    field->usage[value[n] - min].hid == HID_UP_KEYBOARD + 1)
1560 			goto exit;
1561 	}
1562 
1563 	for (n = 0; n < count; n++) {
1564 
1565 		if (HID_MAIN_ITEM_VARIABLE & field->flags) {
1566 			hid_process_event(hid, field, &field->usage[n], value[n], interrupt);
1567 			continue;
1568 		}
1569 
1570 		if (field->value[n] >= min && field->value[n] <= max
1571 			&& field->value[n] - min < field->maxusage
1572 			&& field->usage[field->value[n] - min].hid
1573 			&& search(value, field->value[n], count))
1574 				hid_process_event(hid, field, &field->usage[field->value[n] - min], 0, interrupt);
1575 
1576 		if (value[n] >= min && value[n] <= max
1577 			&& value[n] - min < field->maxusage
1578 			&& field->usage[value[n] - min].hid
1579 			&& search(field->value, value[n], count))
1580 				hid_process_event(hid, field, &field->usage[value[n] - min], 1, interrupt);
1581 	}
1582 
1583 	memcpy(field->value, value, count * sizeof(__s32));
1584 exit:
1585 	kfree(value);
1586 }
1587 
1588 /*
1589  * Output the field into the report.
1590  */
1591 
1592 static void hid_output_field(const struct hid_device *hid,
1593 			     struct hid_field *field, __u8 *data)
1594 {
1595 	unsigned count = field->report_count;
1596 	unsigned offset = field->report_offset;
1597 	unsigned size = field->report_size;
1598 	unsigned n;
1599 
1600 	for (n = 0; n < count; n++) {
1601 		if (field->logical_minimum < 0)	/* signed values */
1602 			implement(hid, data, offset + n * size, size,
1603 				  s32ton(field->value[n], size));
1604 		else				/* unsigned values */
1605 			implement(hid, data, offset + n * size, size,
1606 				  field->value[n]);
1607 	}
1608 }
1609 
1610 /*
1611  * Compute the size of a report.
1612  */
1613 static size_t hid_compute_report_size(struct hid_report *report)
1614 {
1615 	if (report->size)
1616 		return ((report->size - 1) >> 3) + 1;
1617 
1618 	return 0;
1619 }
1620 
1621 /*
1622  * Create a report. 'data' has to be allocated using
1623  * hid_alloc_report_buf() so that it has proper size.
1624  */
1625 
1626 void hid_output_report(struct hid_report *report, __u8 *data)
1627 {
1628 	unsigned n;
1629 
1630 	if (report->id > 0)
1631 		*data++ = report->id;
1632 
1633 	memset(data, 0, hid_compute_report_size(report));
1634 	for (n = 0; n < report->maxfield; n++)
1635 		hid_output_field(report->device, report->field[n], data);
1636 }
1637 EXPORT_SYMBOL_GPL(hid_output_report);
1638 
1639 /*
1640  * Allocator for buffer that is going to be passed to hid_output_report()
1641  */
1642 u8 *hid_alloc_report_buf(struct hid_report *report, gfp_t flags)
1643 {
1644 	/*
1645 	 * 7 extra bytes are necessary to achieve proper functionality
1646 	 * of implement() working on 8 byte chunks
1647 	 */
1648 
1649 	u32 len = hid_report_len(report) + 7;
1650 
1651 	return kmalloc(len, flags);
1652 }
1653 EXPORT_SYMBOL_GPL(hid_alloc_report_buf);
1654 
1655 /*
1656  * Set a field value. The report this field belongs to has to be
1657  * created and transferred to the device, to set this value in the
1658  * device.
1659  */
1660 
1661 int hid_set_field(struct hid_field *field, unsigned offset, __s32 value)
1662 {
1663 	unsigned size;
1664 
1665 	if (!field)
1666 		return -1;
1667 
1668 	size = field->report_size;
1669 
1670 	hid_dump_input(field->report->device, field->usage + offset, value);
1671 
1672 	if (offset >= field->report_count) {
1673 		hid_err(field->report->device, "offset (%d) exceeds report_count (%d)\n",
1674 				offset, field->report_count);
1675 		return -1;
1676 	}
1677 	if (field->logical_minimum < 0) {
1678 		if (value != snto32(s32ton(value, size), size)) {
1679 			hid_err(field->report->device, "value %d is out of range\n", value);
1680 			return -1;
1681 		}
1682 	}
1683 	field->value[offset] = value;
1684 	return 0;
1685 }
1686 EXPORT_SYMBOL_GPL(hid_set_field);
1687 
1688 static struct hid_report *hid_get_report(struct hid_report_enum *report_enum,
1689 		const u8 *data)
1690 {
1691 	struct hid_report *report;
1692 	unsigned int n = 0;	/* Normally report number is 0 */
1693 
1694 	/* Device uses numbered reports, data[0] is report number */
1695 	if (report_enum->numbered)
1696 		n = *data;
1697 
1698 	report = report_enum->report_id_hash[n];
1699 	if (report == NULL)
1700 		dbg_hid("undefined report_id %u received\n", n);
1701 
1702 	return report;
1703 }
1704 
1705 /*
1706  * Implement a generic .request() callback, using .raw_request()
1707  * DO NOT USE in hid drivers directly, but through hid_hw_request instead.
1708  */
1709 int __hid_request(struct hid_device *hid, struct hid_report *report,
1710 		int reqtype)
1711 {
1712 	char *buf;
1713 	int ret;
1714 	u32 len;
1715 
1716 	buf = hid_alloc_report_buf(report, GFP_KERNEL);
1717 	if (!buf)
1718 		return -ENOMEM;
1719 
1720 	len = hid_report_len(report);
1721 
1722 	if (reqtype == HID_REQ_SET_REPORT)
1723 		hid_output_report(report, buf);
1724 
1725 	ret = hid->ll_driver->raw_request(hid, report->id, buf, len,
1726 					  report->type, reqtype);
1727 	if (ret < 0) {
1728 		dbg_hid("unable to complete request: %d\n", ret);
1729 		goto out;
1730 	}
1731 
1732 	if (reqtype == HID_REQ_GET_REPORT)
1733 		hid_input_report(hid, report->type, buf, ret, 0);
1734 
1735 	ret = 0;
1736 
1737 out:
1738 	kfree(buf);
1739 	return ret;
1740 }
1741 EXPORT_SYMBOL_GPL(__hid_request);
1742 
1743 int hid_report_raw_event(struct hid_device *hid, int type, u8 *data, u32 size,
1744 		int interrupt)
1745 {
1746 	struct hid_report_enum *report_enum = hid->report_enum + type;
1747 	struct hid_report *report;
1748 	struct hid_driver *hdrv;
1749 	unsigned int a;
1750 	u32 rsize, csize = size;
1751 	u8 *cdata = data;
1752 	int ret = 0;
1753 
1754 	report = hid_get_report(report_enum, data);
1755 	if (!report)
1756 		goto out;
1757 
1758 	if (report_enum->numbered) {
1759 		cdata++;
1760 		csize--;
1761 	}
1762 
1763 	rsize = hid_compute_report_size(report);
1764 
1765 	if (report_enum->numbered && rsize >= HID_MAX_BUFFER_SIZE)
1766 		rsize = HID_MAX_BUFFER_SIZE - 1;
1767 	else if (rsize > HID_MAX_BUFFER_SIZE)
1768 		rsize = HID_MAX_BUFFER_SIZE;
1769 
1770 	if (csize < rsize) {
1771 		dbg_hid("report %d is too short, (%d < %d)\n", report->id,
1772 				csize, rsize);
1773 		memset(cdata + csize, 0, rsize - csize);
1774 	}
1775 
1776 	if ((hid->claimed & HID_CLAIMED_HIDDEV) && hid->hiddev_report_event)
1777 		hid->hiddev_report_event(hid, report);
1778 	if (hid->claimed & HID_CLAIMED_HIDRAW) {
1779 		ret = hidraw_report_event(hid, data, size);
1780 		if (ret)
1781 			goto out;
1782 	}
1783 
1784 	if (hid->claimed != HID_CLAIMED_HIDRAW && report->maxfield) {
1785 		for (a = 0; a < report->maxfield; a++)
1786 			hid_input_field(hid, report->field[a], cdata, interrupt);
1787 		hdrv = hid->driver;
1788 		if (hdrv && hdrv->report)
1789 			hdrv->report(hid, report);
1790 	}
1791 
1792 	if (hid->claimed & HID_CLAIMED_INPUT)
1793 		hidinput_report_event(hid, report);
1794 out:
1795 	return ret;
1796 }
1797 EXPORT_SYMBOL_GPL(hid_report_raw_event);
1798 
1799 /**
1800  * hid_input_report - report data from lower layer (usb, bt...)
1801  *
1802  * @hid: hid device
1803  * @type: HID report type (HID_*_REPORT)
1804  * @data: report contents
1805  * @size: size of data parameter
1806  * @interrupt: distinguish between interrupt and control transfers
1807  *
1808  * This is data entry for lower layers.
1809  */
1810 int hid_input_report(struct hid_device *hid, int type, u8 *data, u32 size, int interrupt)
1811 {
1812 	struct hid_report_enum *report_enum;
1813 	struct hid_driver *hdrv;
1814 	struct hid_report *report;
1815 	int ret = 0;
1816 
1817 	if (!hid)
1818 		return -ENODEV;
1819 
1820 	if (down_trylock(&hid->driver_input_lock))
1821 		return -EBUSY;
1822 
1823 	if (!hid->driver) {
1824 		ret = -ENODEV;
1825 		goto unlock;
1826 	}
1827 	report_enum = hid->report_enum + type;
1828 	hdrv = hid->driver;
1829 
1830 	if (!size) {
1831 		dbg_hid("empty report\n");
1832 		ret = -1;
1833 		goto unlock;
1834 	}
1835 
1836 	/* Avoid unnecessary overhead if debugfs is disabled */
1837 	if (!list_empty(&hid->debug_list))
1838 		hid_dump_report(hid, type, data, size);
1839 
1840 	report = hid_get_report(report_enum, data);
1841 
1842 	if (!report) {
1843 		ret = -1;
1844 		goto unlock;
1845 	}
1846 
1847 	if (hdrv && hdrv->raw_event && hid_match_report(hid, report)) {
1848 		ret = hdrv->raw_event(hid, report, data, size);
1849 		if (ret < 0)
1850 			goto unlock;
1851 	}
1852 
1853 	ret = hid_report_raw_event(hid, type, data, size, interrupt);
1854 
1855 unlock:
1856 	up(&hid->driver_input_lock);
1857 	return ret;
1858 }
1859 EXPORT_SYMBOL_GPL(hid_input_report);
1860 
1861 bool hid_match_one_id(const struct hid_device *hdev,
1862 		      const struct hid_device_id *id)
1863 {
1864 	return (id->bus == HID_BUS_ANY || id->bus == hdev->bus) &&
1865 		(id->group == HID_GROUP_ANY || id->group == hdev->group) &&
1866 		(id->vendor == HID_ANY_ID || id->vendor == hdev->vendor) &&
1867 		(id->product == HID_ANY_ID || id->product == hdev->product);
1868 }
1869 
1870 const struct hid_device_id *hid_match_id(const struct hid_device *hdev,
1871 		const struct hid_device_id *id)
1872 {
1873 	for (; id->bus; id++)
1874 		if (hid_match_one_id(hdev, id))
1875 			return id;
1876 
1877 	return NULL;
1878 }
1879 
1880 static const struct hid_device_id hid_hiddev_list[] = {
1881 	{ HID_USB_DEVICE(USB_VENDOR_ID_MGE, USB_DEVICE_ID_MGE_UPS) },
1882 	{ HID_USB_DEVICE(USB_VENDOR_ID_MGE, USB_DEVICE_ID_MGE_UPS1) },
1883 	{ }
1884 };
1885 
1886 static bool hid_hiddev(struct hid_device *hdev)
1887 {
1888 	return !!hid_match_id(hdev, hid_hiddev_list);
1889 }
1890 
1891 
1892 static ssize_t
1893 read_report_descriptor(struct file *filp, struct kobject *kobj,
1894 		struct bin_attribute *attr,
1895 		char *buf, loff_t off, size_t count)
1896 {
1897 	struct device *dev = kobj_to_dev(kobj);
1898 	struct hid_device *hdev = to_hid_device(dev);
1899 
1900 	if (off >= hdev->rsize)
1901 		return 0;
1902 
1903 	if (off + count > hdev->rsize)
1904 		count = hdev->rsize - off;
1905 
1906 	memcpy(buf, hdev->rdesc + off, count);
1907 
1908 	return count;
1909 }
1910 
1911 static ssize_t
1912 show_country(struct device *dev, struct device_attribute *attr,
1913 		char *buf)
1914 {
1915 	struct hid_device *hdev = to_hid_device(dev);
1916 
1917 	return sprintf(buf, "%02x\n", hdev->country & 0xff);
1918 }
1919 
1920 static struct bin_attribute dev_bin_attr_report_desc = {
1921 	.attr = { .name = "report_descriptor", .mode = 0444 },
1922 	.read = read_report_descriptor,
1923 	.size = HID_MAX_DESCRIPTOR_SIZE,
1924 };
1925 
1926 static const struct device_attribute dev_attr_country = {
1927 	.attr = { .name = "country", .mode = 0444 },
1928 	.show = show_country,
1929 };
1930 
1931 int hid_connect(struct hid_device *hdev, unsigned int connect_mask)
1932 {
1933 	static const char *types[] = { "Device", "Pointer", "Mouse", "Device",
1934 		"Joystick", "Gamepad", "Keyboard", "Keypad",
1935 		"Multi-Axis Controller"
1936 	};
1937 	const char *type, *bus;
1938 	char buf[64] = "";
1939 	unsigned int i;
1940 	int len;
1941 	int ret;
1942 
1943 	if (hdev->quirks & HID_QUIRK_HIDDEV_FORCE)
1944 		connect_mask |= (HID_CONNECT_HIDDEV_FORCE | HID_CONNECT_HIDDEV);
1945 	if (hdev->quirks & HID_QUIRK_HIDINPUT_FORCE)
1946 		connect_mask |= HID_CONNECT_HIDINPUT_FORCE;
1947 	if (hdev->bus != BUS_USB)
1948 		connect_mask &= ~HID_CONNECT_HIDDEV;
1949 	if (hid_hiddev(hdev))
1950 		connect_mask |= HID_CONNECT_HIDDEV_FORCE;
1951 
1952 	if ((connect_mask & HID_CONNECT_HIDINPUT) && !hidinput_connect(hdev,
1953 				connect_mask & HID_CONNECT_HIDINPUT_FORCE))
1954 		hdev->claimed |= HID_CLAIMED_INPUT;
1955 
1956 	if ((connect_mask & HID_CONNECT_HIDDEV) && hdev->hiddev_connect &&
1957 			!hdev->hiddev_connect(hdev,
1958 				connect_mask & HID_CONNECT_HIDDEV_FORCE))
1959 		hdev->claimed |= HID_CLAIMED_HIDDEV;
1960 	if ((connect_mask & HID_CONNECT_HIDRAW) && !hidraw_connect(hdev))
1961 		hdev->claimed |= HID_CLAIMED_HIDRAW;
1962 
1963 	if (connect_mask & HID_CONNECT_DRIVER)
1964 		hdev->claimed |= HID_CLAIMED_DRIVER;
1965 
1966 	/* Drivers with the ->raw_event callback set are not required to connect
1967 	 * to any other listener. */
1968 	if (!hdev->claimed && !hdev->driver->raw_event) {
1969 		hid_err(hdev, "device has no listeners, quitting\n");
1970 		return -ENODEV;
1971 	}
1972 
1973 	if ((hdev->claimed & HID_CLAIMED_INPUT) &&
1974 			(connect_mask & HID_CONNECT_FF) && hdev->ff_init)
1975 		hdev->ff_init(hdev);
1976 
1977 	len = 0;
1978 	if (hdev->claimed & HID_CLAIMED_INPUT)
1979 		len += sprintf(buf + len, "input");
1980 	if (hdev->claimed & HID_CLAIMED_HIDDEV)
1981 		len += sprintf(buf + len, "%shiddev%d", len ? "," : "",
1982 				((struct hiddev *)hdev->hiddev)->minor);
1983 	if (hdev->claimed & HID_CLAIMED_HIDRAW)
1984 		len += sprintf(buf + len, "%shidraw%d", len ? "," : "",
1985 				((struct hidraw *)hdev->hidraw)->minor);
1986 
1987 	type = "Device";
1988 	for (i = 0; i < hdev->maxcollection; i++) {
1989 		struct hid_collection *col = &hdev->collection[i];
1990 		if (col->type == HID_COLLECTION_APPLICATION &&
1991 		   (col->usage & HID_USAGE_PAGE) == HID_UP_GENDESK &&
1992 		   (col->usage & 0xffff) < ARRAY_SIZE(types)) {
1993 			type = types[col->usage & 0xffff];
1994 			break;
1995 		}
1996 	}
1997 
1998 	switch (hdev->bus) {
1999 	case BUS_USB:
2000 		bus = "USB";
2001 		break;
2002 	case BUS_BLUETOOTH:
2003 		bus = "BLUETOOTH";
2004 		break;
2005 	case BUS_I2C:
2006 		bus = "I2C";
2007 		break;
2008 	default:
2009 		bus = "<UNKNOWN>";
2010 	}
2011 
2012 	ret = device_create_file(&hdev->dev, &dev_attr_country);
2013 	if (ret)
2014 		hid_warn(hdev,
2015 			 "can't create sysfs country code attribute err: %d\n", ret);
2016 
2017 	hid_info(hdev, "%s: %s HID v%x.%02x %s [%s] on %s\n",
2018 		 buf, bus, hdev->version >> 8, hdev->version & 0xff,
2019 		 type, hdev->name, hdev->phys);
2020 
2021 	return 0;
2022 }
2023 EXPORT_SYMBOL_GPL(hid_connect);
2024 
2025 void hid_disconnect(struct hid_device *hdev)
2026 {
2027 	device_remove_file(&hdev->dev, &dev_attr_country);
2028 	if (hdev->claimed & HID_CLAIMED_INPUT)
2029 		hidinput_disconnect(hdev);
2030 	if (hdev->claimed & HID_CLAIMED_HIDDEV)
2031 		hdev->hiddev_disconnect(hdev);
2032 	if (hdev->claimed & HID_CLAIMED_HIDRAW)
2033 		hidraw_disconnect(hdev);
2034 	hdev->claimed = 0;
2035 }
2036 EXPORT_SYMBOL_GPL(hid_disconnect);
2037 
2038 /**
2039  * hid_hw_start - start underlying HW
2040  * @hdev: hid device
2041  * @connect_mask: which outputs to connect, see HID_CONNECT_*
2042  *
2043  * Call this in probe function *after* hid_parse. This will setup HW
2044  * buffers and start the device (if not defeirred to device open).
2045  * hid_hw_stop must be called if this was successful.
2046  */
2047 int hid_hw_start(struct hid_device *hdev, unsigned int connect_mask)
2048 {
2049 	int error;
2050 
2051 	error = hdev->ll_driver->start(hdev);
2052 	if (error)
2053 		return error;
2054 
2055 	if (connect_mask) {
2056 		error = hid_connect(hdev, connect_mask);
2057 		if (error) {
2058 			hdev->ll_driver->stop(hdev);
2059 			return error;
2060 		}
2061 	}
2062 
2063 	return 0;
2064 }
2065 EXPORT_SYMBOL_GPL(hid_hw_start);
2066 
2067 /**
2068  * hid_hw_stop - stop underlying HW
2069  * @hdev: hid device
2070  *
2071  * This is usually called from remove function or from probe when something
2072  * failed and hid_hw_start was called already.
2073  */
2074 void hid_hw_stop(struct hid_device *hdev)
2075 {
2076 	hid_disconnect(hdev);
2077 	hdev->ll_driver->stop(hdev);
2078 }
2079 EXPORT_SYMBOL_GPL(hid_hw_stop);
2080 
2081 /**
2082  * hid_hw_open - signal underlying HW to start delivering events
2083  * @hdev: hid device
2084  *
2085  * Tell underlying HW to start delivering events from the device.
2086  * This function should be called sometime after successful call
2087  * to hid_hw_start().
2088  */
2089 int hid_hw_open(struct hid_device *hdev)
2090 {
2091 	int ret;
2092 
2093 	ret = mutex_lock_killable(&hdev->ll_open_lock);
2094 	if (ret)
2095 		return ret;
2096 
2097 	if (!hdev->ll_open_count++) {
2098 		ret = hdev->ll_driver->open(hdev);
2099 		if (ret)
2100 			hdev->ll_open_count--;
2101 	}
2102 
2103 	mutex_unlock(&hdev->ll_open_lock);
2104 	return ret;
2105 }
2106 EXPORT_SYMBOL_GPL(hid_hw_open);
2107 
2108 /**
2109  * hid_hw_close - signal underlaying HW to stop delivering events
2110  *
2111  * @hdev: hid device
2112  *
2113  * This function indicates that we are not interested in the events
2114  * from this device anymore. Delivery of events may or may not stop,
2115  * depending on the number of users still outstanding.
2116  */
2117 void hid_hw_close(struct hid_device *hdev)
2118 {
2119 	mutex_lock(&hdev->ll_open_lock);
2120 	if (!--hdev->ll_open_count)
2121 		hdev->ll_driver->close(hdev);
2122 	mutex_unlock(&hdev->ll_open_lock);
2123 }
2124 EXPORT_SYMBOL_GPL(hid_hw_close);
2125 
2126 struct hid_dynid {
2127 	struct list_head list;
2128 	struct hid_device_id id;
2129 };
2130 
2131 /**
2132  * new_id_store - add a new HID device ID to this driver and re-probe devices
2133  * @drv: target device driver
2134  * @buf: buffer for scanning device ID data
2135  * @count: input size
2136  *
2137  * Adds a new dynamic hid device ID to this driver,
2138  * and causes the driver to probe for all devices again.
2139  */
2140 static ssize_t new_id_store(struct device_driver *drv, const char *buf,
2141 		size_t count)
2142 {
2143 	struct hid_driver *hdrv = to_hid_driver(drv);
2144 	struct hid_dynid *dynid;
2145 	__u32 bus, vendor, product;
2146 	unsigned long driver_data = 0;
2147 	int ret;
2148 
2149 	ret = sscanf(buf, "%x %x %x %lx",
2150 			&bus, &vendor, &product, &driver_data);
2151 	if (ret < 3)
2152 		return -EINVAL;
2153 
2154 	dynid = kzalloc(sizeof(*dynid), GFP_KERNEL);
2155 	if (!dynid)
2156 		return -ENOMEM;
2157 
2158 	dynid->id.bus = bus;
2159 	dynid->id.group = HID_GROUP_ANY;
2160 	dynid->id.vendor = vendor;
2161 	dynid->id.product = product;
2162 	dynid->id.driver_data = driver_data;
2163 
2164 	spin_lock(&hdrv->dyn_lock);
2165 	list_add_tail(&dynid->list, &hdrv->dyn_list);
2166 	spin_unlock(&hdrv->dyn_lock);
2167 
2168 	ret = driver_attach(&hdrv->driver);
2169 
2170 	return ret ? : count;
2171 }
2172 static DRIVER_ATTR_WO(new_id);
2173 
2174 static struct attribute *hid_drv_attrs[] = {
2175 	&driver_attr_new_id.attr,
2176 	NULL,
2177 };
2178 ATTRIBUTE_GROUPS(hid_drv);
2179 
2180 static void hid_free_dynids(struct hid_driver *hdrv)
2181 {
2182 	struct hid_dynid *dynid, *n;
2183 
2184 	spin_lock(&hdrv->dyn_lock);
2185 	list_for_each_entry_safe(dynid, n, &hdrv->dyn_list, list) {
2186 		list_del(&dynid->list);
2187 		kfree(dynid);
2188 	}
2189 	spin_unlock(&hdrv->dyn_lock);
2190 }
2191 
2192 const struct hid_device_id *hid_match_device(struct hid_device *hdev,
2193 					     struct hid_driver *hdrv)
2194 {
2195 	struct hid_dynid *dynid;
2196 
2197 	spin_lock(&hdrv->dyn_lock);
2198 	list_for_each_entry(dynid, &hdrv->dyn_list, list) {
2199 		if (hid_match_one_id(hdev, &dynid->id)) {
2200 			spin_unlock(&hdrv->dyn_lock);
2201 			return &dynid->id;
2202 		}
2203 	}
2204 	spin_unlock(&hdrv->dyn_lock);
2205 
2206 	return hid_match_id(hdev, hdrv->id_table);
2207 }
2208 EXPORT_SYMBOL_GPL(hid_match_device);
2209 
2210 static int hid_bus_match(struct device *dev, struct device_driver *drv)
2211 {
2212 	struct hid_driver *hdrv = to_hid_driver(drv);
2213 	struct hid_device *hdev = to_hid_device(dev);
2214 
2215 	return hid_match_device(hdev, hdrv) != NULL;
2216 }
2217 
2218 /**
2219  * hid_compare_device_paths - check if both devices share the same path
2220  * @hdev_a: hid device
2221  * @hdev_b: hid device
2222  * @separator: char to use as separator
2223  *
2224  * Check if two devices share the same path up to the last occurrence of
2225  * the separator char. Both paths must exist (i.e., zero-length paths
2226  * don't match).
2227  */
2228 bool hid_compare_device_paths(struct hid_device *hdev_a,
2229 			      struct hid_device *hdev_b, char separator)
2230 {
2231 	int n1 = strrchr(hdev_a->phys, separator) - hdev_a->phys;
2232 	int n2 = strrchr(hdev_b->phys, separator) - hdev_b->phys;
2233 
2234 	if (n1 != n2 || n1 <= 0 || n2 <= 0)
2235 		return false;
2236 
2237 	return !strncmp(hdev_a->phys, hdev_b->phys, n1);
2238 }
2239 EXPORT_SYMBOL_GPL(hid_compare_device_paths);
2240 
2241 static int hid_device_probe(struct device *dev)
2242 {
2243 	struct hid_driver *hdrv = to_hid_driver(dev->driver);
2244 	struct hid_device *hdev = to_hid_device(dev);
2245 	const struct hid_device_id *id;
2246 	int ret = 0;
2247 
2248 	if (down_interruptible(&hdev->driver_input_lock)) {
2249 		ret = -EINTR;
2250 		goto end;
2251 	}
2252 	hdev->io_started = false;
2253 
2254 	clear_bit(ffs(HID_STAT_REPROBED), &hdev->status);
2255 
2256 	if (!hdev->driver) {
2257 		id = hid_match_device(hdev, hdrv);
2258 		if (id == NULL) {
2259 			ret = -ENODEV;
2260 			goto unlock;
2261 		}
2262 
2263 		if (hdrv->match) {
2264 			if (!hdrv->match(hdev, hid_ignore_special_drivers)) {
2265 				ret = -ENODEV;
2266 				goto unlock;
2267 			}
2268 		} else {
2269 			/*
2270 			 * hid-generic implements .match(), so if
2271 			 * hid_ignore_special_drivers is set, we can safely
2272 			 * return.
2273 			 */
2274 			if (hid_ignore_special_drivers) {
2275 				ret = -ENODEV;
2276 				goto unlock;
2277 			}
2278 		}
2279 
2280 		/* reset the quirks that has been previously set */
2281 		hdev->quirks = hid_lookup_quirk(hdev);
2282 		hdev->driver = hdrv;
2283 		if (hdrv->probe) {
2284 			ret = hdrv->probe(hdev, id);
2285 		} else { /* default probe */
2286 			ret = hid_open_report(hdev);
2287 			if (!ret)
2288 				ret = hid_hw_start(hdev, HID_CONNECT_DEFAULT);
2289 		}
2290 		if (ret) {
2291 			hid_close_report(hdev);
2292 			hdev->driver = NULL;
2293 		}
2294 	}
2295 unlock:
2296 	if (!hdev->io_started)
2297 		up(&hdev->driver_input_lock);
2298 end:
2299 	return ret;
2300 }
2301 
2302 static int hid_device_remove(struct device *dev)
2303 {
2304 	struct hid_device *hdev = to_hid_device(dev);
2305 	struct hid_driver *hdrv;
2306 	int ret = 0;
2307 
2308 	if (down_interruptible(&hdev->driver_input_lock)) {
2309 		ret = -EINTR;
2310 		goto end;
2311 	}
2312 	hdev->io_started = false;
2313 
2314 	hdrv = hdev->driver;
2315 	if (hdrv) {
2316 		if (hdrv->remove)
2317 			hdrv->remove(hdev);
2318 		else /* default remove */
2319 			hid_hw_stop(hdev);
2320 		hid_close_report(hdev);
2321 		hdev->driver = NULL;
2322 	}
2323 
2324 	if (!hdev->io_started)
2325 		up(&hdev->driver_input_lock);
2326 end:
2327 	return ret;
2328 }
2329 
2330 static ssize_t modalias_show(struct device *dev, struct device_attribute *a,
2331 			     char *buf)
2332 {
2333 	struct hid_device *hdev = container_of(dev, struct hid_device, dev);
2334 
2335 	return scnprintf(buf, PAGE_SIZE, "hid:b%04Xg%04Xv%08Xp%08X\n",
2336 			 hdev->bus, hdev->group, hdev->vendor, hdev->product);
2337 }
2338 static DEVICE_ATTR_RO(modalias);
2339 
2340 static struct attribute *hid_dev_attrs[] = {
2341 	&dev_attr_modalias.attr,
2342 	NULL,
2343 };
2344 static struct bin_attribute *hid_dev_bin_attrs[] = {
2345 	&dev_bin_attr_report_desc,
2346 	NULL
2347 };
2348 static const struct attribute_group hid_dev_group = {
2349 	.attrs = hid_dev_attrs,
2350 	.bin_attrs = hid_dev_bin_attrs,
2351 };
2352 __ATTRIBUTE_GROUPS(hid_dev);
2353 
2354 static int hid_uevent(struct device *dev, struct kobj_uevent_env *env)
2355 {
2356 	struct hid_device *hdev = to_hid_device(dev);
2357 
2358 	if (add_uevent_var(env, "HID_ID=%04X:%08X:%08X",
2359 			hdev->bus, hdev->vendor, hdev->product))
2360 		return -ENOMEM;
2361 
2362 	if (add_uevent_var(env, "HID_NAME=%s", hdev->name))
2363 		return -ENOMEM;
2364 
2365 	if (add_uevent_var(env, "HID_PHYS=%s", hdev->phys))
2366 		return -ENOMEM;
2367 
2368 	if (add_uevent_var(env, "HID_UNIQ=%s", hdev->uniq))
2369 		return -ENOMEM;
2370 
2371 	if (add_uevent_var(env, "MODALIAS=hid:b%04Xg%04Xv%08Xp%08X",
2372 			   hdev->bus, hdev->group, hdev->vendor, hdev->product))
2373 		return -ENOMEM;
2374 
2375 	return 0;
2376 }
2377 
2378 struct bus_type hid_bus_type = {
2379 	.name		= "hid",
2380 	.dev_groups	= hid_dev_groups,
2381 	.drv_groups	= hid_drv_groups,
2382 	.match		= hid_bus_match,
2383 	.probe		= hid_device_probe,
2384 	.remove		= hid_device_remove,
2385 	.uevent		= hid_uevent,
2386 };
2387 EXPORT_SYMBOL(hid_bus_type);
2388 
2389 int hid_add_device(struct hid_device *hdev)
2390 {
2391 	static atomic_t id = ATOMIC_INIT(0);
2392 	int ret;
2393 
2394 	if (WARN_ON(hdev->status & HID_STAT_ADDED))
2395 		return -EBUSY;
2396 
2397 	hdev->quirks = hid_lookup_quirk(hdev);
2398 
2399 	/* we need to kill them here, otherwise they will stay allocated to
2400 	 * wait for coming driver */
2401 	if (hid_ignore(hdev))
2402 		return -ENODEV;
2403 
2404 	/*
2405 	 * Check for the mandatory transport channel.
2406 	 */
2407 	 if (!hdev->ll_driver->raw_request) {
2408 		hid_err(hdev, "transport driver missing .raw_request()\n");
2409 		return -EINVAL;
2410 	 }
2411 
2412 	/*
2413 	 * Read the device report descriptor once and use as template
2414 	 * for the driver-specific modifications.
2415 	 */
2416 	ret = hdev->ll_driver->parse(hdev);
2417 	if (ret)
2418 		return ret;
2419 	if (!hdev->dev_rdesc)
2420 		return -ENODEV;
2421 
2422 	/*
2423 	 * Scan generic devices for group information
2424 	 */
2425 	if (hid_ignore_special_drivers) {
2426 		hdev->group = HID_GROUP_GENERIC;
2427 	} else if (!hdev->group &&
2428 		   !(hdev->quirks & HID_QUIRK_HAVE_SPECIAL_DRIVER)) {
2429 		ret = hid_scan_report(hdev);
2430 		if (ret)
2431 			hid_warn(hdev, "bad device descriptor (%d)\n", ret);
2432 	}
2433 
2434 	/* XXX hack, any other cleaner solution after the driver core
2435 	 * is converted to allow more than 20 bytes as the device name? */
2436 	dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
2437 		     hdev->vendor, hdev->product, atomic_inc_return(&id));
2438 
2439 	hid_debug_register(hdev, dev_name(&hdev->dev));
2440 	ret = device_add(&hdev->dev);
2441 	if (!ret)
2442 		hdev->status |= HID_STAT_ADDED;
2443 	else
2444 		hid_debug_unregister(hdev);
2445 
2446 	return ret;
2447 }
2448 EXPORT_SYMBOL_GPL(hid_add_device);
2449 
2450 /**
2451  * hid_allocate_device - allocate new hid device descriptor
2452  *
2453  * Allocate and initialize hid device, so that hid_destroy_device might be
2454  * used to free it.
2455  *
2456  * New hid_device pointer is returned on success, otherwise ERR_PTR encoded
2457  * error value.
2458  */
2459 struct hid_device *hid_allocate_device(void)
2460 {
2461 	struct hid_device *hdev;
2462 	int ret = -ENOMEM;
2463 
2464 	hdev = kzalloc(sizeof(*hdev), GFP_KERNEL);
2465 	if (hdev == NULL)
2466 		return ERR_PTR(ret);
2467 
2468 	device_initialize(&hdev->dev);
2469 	hdev->dev.release = hid_device_release;
2470 	hdev->dev.bus = &hid_bus_type;
2471 	device_enable_async_suspend(&hdev->dev);
2472 
2473 	hid_close_report(hdev);
2474 
2475 	init_waitqueue_head(&hdev->debug_wait);
2476 	INIT_LIST_HEAD(&hdev->debug_list);
2477 	spin_lock_init(&hdev->debug_list_lock);
2478 	sema_init(&hdev->driver_input_lock, 1);
2479 	mutex_init(&hdev->ll_open_lock);
2480 
2481 	return hdev;
2482 }
2483 EXPORT_SYMBOL_GPL(hid_allocate_device);
2484 
2485 static void hid_remove_device(struct hid_device *hdev)
2486 {
2487 	if (hdev->status & HID_STAT_ADDED) {
2488 		device_del(&hdev->dev);
2489 		hid_debug_unregister(hdev);
2490 		hdev->status &= ~HID_STAT_ADDED;
2491 	}
2492 	kfree(hdev->dev_rdesc);
2493 	hdev->dev_rdesc = NULL;
2494 	hdev->dev_rsize = 0;
2495 }
2496 
2497 /**
2498  * hid_destroy_device - free previously allocated device
2499  *
2500  * @hdev: hid device
2501  *
2502  * If you allocate hid_device through hid_allocate_device, you should ever
2503  * free by this function.
2504  */
2505 void hid_destroy_device(struct hid_device *hdev)
2506 {
2507 	hid_remove_device(hdev);
2508 	put_device(&hdev->dev);
2509 }
2510 EXPORT_SYMBOL_GPL(hid_destroy_device);
2511 
2512 
2513 static int __hid_bus_reprobe_drivers(struct device *dev, void *data)
2514 {
2515 	struct hid_driver *hdrv = data;
2516 	struct hid_device *hdev = to_hid_device(dev);
2517 
2518 	if (hdev->driver == hdrv &&
2519 	    !hdrv->match(hdev, hid_ignore_special_drivers) &&
2520 	    !test_and_set_bit(ffs(HID_STAT_REPROBED), &hdev->status))
2521 		return device_reprobe(dev);
2522 
2523 	return 0;
2524 }
2525 
2526 static int __hid_bus_driver_added(struct device_driver *drv, void *data)
2527 {
2528 	struct hid_driver *hdrv = to_hid_driver(drv);
2529 
2530 	if (hdrv->match) {
2531 		bus_for_each_dev(&hid_bus_type, NULL, hdrv,
2532 				 __hid_bus_reprobe_drivers);
2533 	}
2534 
2535 	return 0;
2536 }
2537 
2538 static int __bus_removed_driver(struct device_driver *drv, void *data)
2539 {
2540 	return bus_rescan_devices(&hid_bus_type);
2541 }
2542 
2543 int __hid_register_driver(struct hid_driver *hdrv, struct module *owner,
2544 		const char *mod_name)
2545 {
2546 	int ret;
2547 
2548 	hdrv->driver.name = hdrv->name;
2549 	hdrv->driver.bus = &hid_bus_type;
2550 	hdrv->driver.owner = owner;
2551 	hdrv->driver.mod_name = mod_name;
2552 
2553 	INIT_LIST_HEAD(&hdrv->dyn_list);
2554 	spin_lock_init(&hdrv->dyn_lock);
2555 
2556 	ret = driver_register(&hdrv->driver);
2557 
2558 	if (ret == 0)
2559 		bus_for_each_drv(&hid_bus_type, NULL, NULL,
2560 				 __hid_bus_driver_added);
2561 
2562 	return ret;
2563 }
2564 EXPORT_SYMBOL_GPL(__hid_register_driver);
2565 
2566 void hid_unregister_driver(struct hid_driver *hdrv)
2567 {
2568 	driver_unregister(&hdrv->driver);
2569 	hid_free_dynids(hdrv);
2570 
2571 	bus_for_each_drv(&hid_bus_type, NULL, hdrv, __bus_removed_driver);
2572 }
2573 EXPORT_SYMBOL_GPL(hid_unregister_driver);
2574 
2575 int hid_check_keys_pressed(struct hid_device *hid)
2576 {
2577 	struct hid_input *hidinput;
2578 	int i;
2579 
2580 	if (!(hid->claimed & HID_CLAIMED_INPUT))
2581 		return 0;
2582 
2583 	list_for_each_entry(hidinput, &hid->inputs, list) {
2584 		for (i = 0; i < BITS_TO_LONGS(KEY_MAX); i++)
2585 			if (hidinput->input->key[i])
2586 				return 1;
2587 	}
2588 
2589 	return 0;
2590 }
2591 
2592 EXPORT_SYMBOL_GPL(hid_check_keys_pressed);
2593 
2594 static int __init hid_init(void)
2595 {
2596 	int ret;
2597 
2598 	if (hid_debug)
2599 		pr_warn("hid_debug is now used solely for parser and driver debugging.\n"
2600 			"debugfs is now used for inspecting the device (report descriptor, reports)\n");
2601 
2602 	ret = bus_register(&hid_bus_type);
2603 	if (ret) {
2604 		pr_err("can't register hid bus\n");
2605 		goto err;
2606 	}
2607 
2608 	ret = hidraw_init();
2609 	if (ret)
2610 		goto err_bus;
2611 
2612 	hid_debug_init();
2613 
2614 	return 0;
2615 err_bus:
2616 	bus_unregister(&hid_bus_type);
2617 err:
2618 	return ret;
2619 }
2620 
2621 static void __exit hid_exit(void)
2622 {
2623 	hid_debug_exit();
2624 	hidraw_exit();
2625 	bus_unregister(&hid_bus_type);
2626 	hid_quirks_exit(HID_BUS_ANY);
2627 }
2628 
2629 module_init(hid_init);
2630 module_exit(hid_exit);
2631 
2632 MODULE_AUTHOR("Andreas Gal");
2633 MODULE_AUTHOR("Vojtech Pavlik");
2634 MODULE_AUTHOR("Jiri Kosina");
2635 MODULE_LICENSE("GPL");
2636