HID: fix race between open() and disconnect() in usbhid
[linux-3.10.git] / drivers / hid / usbhid / hid-core.c
1 /*
2  *  USB HID support for Linux
3  *
4  *  Copyright (c) 1999 Andreas Gal
5  *  Copyright (c) 2000-2005 Vojtech Pavlik <vojtech@suse.cz>
6  *  Copyright (c) 2005 Michael Haboustak <mike-@cinci.rr.com> for Concept2, Inc
7  *  Copyright (c) 2006-2007 Jiri Kosina
8  */
9
10 /*
11  * This program is free software; you can redistribute it and/or modify it
12  * under the terms of the GNU General Public License as published by the Free
13  * Software Foundation; either version 2 of the License, or (at your option)
14  * any later version.
15  */
16
17 #include <linux/module.h>
18 #include <linux/slab.h>
19 #include <linux/init.h>
20 #include <linux/kernel.h>
21 #include <linux/list.h>
22 #include <linux/mm.h>
23 #include <linux/smp_lock.h>
24 #include <linux/spinlock.h>
25 #include <asm/unaligned.h>
26 #include <asm/byteorder.h>
27 #include <linux/input.h>
28 #include <linux/wait.h>
29
30 #include <linux/usb.h>
31
32 #include <linux/hid.h>
33 #include <linux/hiddev.h>
34 #include <linux/hid-debug.h>
35 #include <linux/hidraw.h>
36 #include "usbhid.h"
37
38 /*
39  * Version Information
40  */
41
42 #define DRIVER_VERSION "v2.6"
43 #define DRIVER_AUTHOR "Andreas Gal, Vojtech Pavlik, Jiri Kosina"
44 #define DRIVER_DESC "USB HID core driver"
45 #define DRIVER_LICENSE "GPL"
46
47 static char *hid_types[] = {"Device", "Pointer", "Mouse", "Device", "Joystick",
48                                 "Gamepad", "Keyboard", "Keypad", "Multi-Axis Controller"};
49 /*
50  * Module parameters.
51  */
52
53 static unsigned int hid_mousepoll_interval;
54 module_param_named(mousepoll, hid_mousepoll_interval, uint, 0644);
55 MODULE_PARM_DESC(mousepoll, "Polling interval of mice");
56
57 /* Quirks specified at module load time */
58 static char *quirks_param[MAX_USBHID_BOOT_QUIRKS] = { [ 0 ... (MAX_USBHID_BOOT_QUIRKS - 1) ] = NULL };
59 module_param_array_named(quirks, quirks_param, charp, NULL, 0444);
60 MODULE_PARM_DESC(quirks, "Add/modify USB HID quirks by specifying "
61                 " quirks=vendorID:productID:quirks"
62                 " where vendorID, productID, and quirks are all in"
63                 " 0x-prefixed hex");
64 static char *rdesc_quirks_param[MAX_USBHID_BOOT_QUIRKS] = { [ 0 ... (MAX_USBHID_BOOT_QUIRKS - 1) ] = NULL };
65 module_param_array_named(rdesc_quirks, rdesc_quirks_param, charp, NULL, 0444);
66 MODULE_PARM_DESC(rdesc_quirks, "Add/modify report descriptor quirks by specifying "
67                 " rdesc_quirks=vendorID:productID:rdesc_quirks"
68                 " where vendorID, productID, and rdesc_quirks are all in"
69                 " 0x-prefixed hex");
70 /*
71  * Input submission and I/O error handler.
72  */
73
74 static void hid_io_error(struct hid_device *hid);
75
76 /* Start up the input URB */
77 static int hid_start_in(struct hid_device *hid)
78 {
79         unsigned long flags;
80         int rc = 0;
81         struct usbhid_device *usbhid = hid->driver_data;
82
83         spin_lock_irqsave(&usbhid->inlock, flags);
84         if (hid->open > 0 && !test_bit(HID_SUSPENDED, &usbhid->iofl) &&
85                         !test_bit(HID_DISCONNECTED, &usbhid->iofl) &&
86                         !test_and_set_bit(HID_IN_RUNNING, &usbhid->iofl)) {
87                 rc = usb_submit_urb(usbhid->urbin, GFP_ATOMIC);
88                 if (rc != 0)
89                         clear_bit(HID_IN_RUNNING, &usbhid->iofl);
90         }
91         spin_unlock_irqrestore(&usbhid->inlock, flags);
92         return rc;
93 }
94
95 /* I/O retry timer routine */
96 static void hid_retry_timeout(unsigned long _hid)
97 {
98         struct hid_device *hid = (struct hid_device *) _hid;
99         struct usbhid_device *usbhid = hid->driver_data;
100
101         dev_dbg(&usbhid->intf->dev, "retrying intr urb\n");
102         if (hid_start_in(hid))
103                 hid_io_error(hid);
104 }
105
106 /* Workqueue routine to reset the device or clear a halt */
107 static void hid_reset(struct work_struct *work)
108 {
109         struct usbhid_device *usbhid =
110                 container_of(work, struct usbhid_device, reset_work);
111         struct hid_device *hid = usbhid->hid;
112         int rc_lock, rc = 0;
113
114         if (test_bit(HID_CLEAR_HALT, &usbhid->iofl)) {
115                 dev_dbg(&usbhid->intf->dev, "clear halt\n");
116                 rc = usb_clear_halt(hid_to_usb_dev(hid), usbhid->urbin->pipe);
117                 clear_bit(HID_CLEAR_HALT, &usbhid->iofl);
118                 hid_start_in(hid);
119         }
120
121         else if (test_bit(HID_RESET_PENDING, &usbhid->iofl)) {
122                 dev_dbg(&usbhid->intf->dev, "resetting device\n");
123                 rc = rc_lock = usb_lock_device_for_reset(hid_to_usb_dev(hid), usbhid->intf);
124                 if (rc_lock >= 0) {
125                         rc = usb_reset_composite_device(hid_to_usb_dev(hid), usbhid->intf);
126                         if (rc_lock)
127                                 usb_unlock_device(hid_to_usb_dev(hid));
128                 }
129                 clear_bit(HID_RESET_PENDING, &usbhid->iofl);
130         }
131
132         switch (rc) {
133         case 0:
134                 if (!test_bit(HID_IN_RUNNING, &usbhid->iofl))
135                         hid_io_error(hid);
136                 break;
137         default:
138                 err_hid("can't reset device, %s-%s/input%d, status %d",
139                                 hid_to_usb_dev(hid)->bus->bus_name,
140                                 hid_to_usb_dev(hid)->devpath,
141                                 usbhid->ifnum, rc);
142                 /* FALLTHROUGH */
143         case -EHOSTUNREACH:
144         case -ENODEV:
145         case -EINTR:
146                 break;
147         }
148 }
149
150 /* Main I/O error handler */
151 static void hid_io_error(struct hid_device *hid)
152 {
153         unsigned long flags;
154         struct usbhid_device *usbhid = hid->driver_data;
155
156         spin_lock_irqsave(&usbhid->inlock, flags);
157
158         /* Stop when disconnected */
159         if (test_bit(HID_DISCONNECTED, &usbhid->iofl))
160                 goto done;
161
162         /* If it has been a while since the last error, we'll assume
163          * this a brand new error and reset the retry timeout. */
164         if (time_after(jiffies, usbhid->stop_retry + HZ/2))
165                 usbhid->retry_delay = 0;
166
167         /* When an error occurs, retry at increasing intervals */
168         if (usbhid->retry_delay == 0) {
169                 usbhid->retry_delay = 13;       /* Then 26, 52, 104, 104, ... */
170                 usbhid->stop_retry = jiffies + msecs_to_jiffies(1000);
171         } else if (usbhid->retry_delay < 100)
172                 usbhid->retry_delay *= 2;
173
174         if (time_after(jiffies, usbhid->stop_retry)) {
175
176                 /* Retries failed, so do a port reset */
177                 if (!test_and_set_bit(HID_RESET_PENDING, &usbhid->iofl)) {
178                         schedule_work(&usbhid->reset_work);
179                         goto done;
180                 }
181         }
182
183         mod_timer(&usbhid->io_retry,
184                         jiffies + msecs_to_jiffies(usbhid->retry_delay));
185 done:
186         spin_unlock_irqrestore(&usbhid->inlock, flags);
187 }
188
189 /*
190  * Input interrupt completion handler.
191  */
192
193 static void hid_irq_in(struct urb *urb)
194 {
195         struct hid_device       *hid = urb->context;
196         struct usbhid_device    *usbhid = hid->driver_data;
197         int                     status;
198
199         switch (urb->status) {
200                 case 0:                 /* success */
201                         usbhid->retry_delay = 0;
202                         hid_input_report(urb->context, HID_INPUT_REPORT,
203                                          urb->transfer_buffer,
204                                          urb->actual_length, 1);
205                         break;
206                 case -EPIPE:            /* stall */
207                         clear_bit(HID_IN_RUNNING, &usbhid->iofl);
208                         set_bit(HID_CLEAR_HALT, &usbhid->iofl);
209                         schedule_work(&usbhid->reset_work);
210                         return;
211                 case -ECONNRESET:       /* unlink */
212                 case -ENOENT:
213                 case -ESHUTDOWN:        /* unplug */
214                         clear_bit(HID_IN_RUNNING, &usbhid->iofl);
215                         return;
216                 case -EILSEQ:           /* protocol error or unplug */
217                 case -EPROTO:           /* protocol error or unplug */
218                 case -ETIME:            /* protocol error or unplug */
219                 case -ETIMEDOUT:        /* Should never happen, but... */
220                         clear_bit(HID_IN_RUNNING, &usbhid->iofl);
221                         hid_io_error(hid);
222                         return;
223                 default:                /* error */
224                         warn("input irq status %d received", urb->status);
225         }
226
227         status = usb_submit_urb(urb, GFP_ATOMIC);
228         if (status) {
229                 clear_bit(HID_IN_RUNNING, &usbhid->iofl);
230                 if (status != -EPERM) {
231                         err_hid("can't resubmit intr, %s-%s/input%d, status %d",
232                                         hid_to_usb_dev(hid)->bus->bus_name,
233                                         hid_to_usb_dev(hid)->devpath,
234                                         usbhid->ifnum, status);
235                         hid_io_error(hid);
236                 }
237         }
238 }
239
240 static int hid_submit_out(struct hid_device *hid)
241 {
242         struct hid_report *report;
243         struct usbhid_device *usbhid = hid->driver_data;
244
245         report = usbhid->out[usbhid->outtail];
246
247         hid_output_report(report, usbhid->outbuf);
248         usbhid->urbout->transfer_buffer_length = ((report->size - 1) >> 3) + 1 + (report->id > 0);
249         usbhid->urbout->dev = hid_to_usb_dev(hid);
250
251         dbg_hid("submitting out urb\n");
252
253         if (usb_submit_urb(usbhid->urbout, GFP_ATOMIC)) {
254                 err_hid("usb_submit_urb(out) failed");
255                 return -1;
256         }
257
258         return 0;
259 }
260
261 static int hid_submit_ctrl(struct hid_device *hid)
262 {
263         struct hid_report *report;
264         unsigned char dir;
265         int len;
266         struct usbhid_device *usbhid = hid->driver_data;
267
268         report = usbhid->ctrl[usbhid->ctrltail].report;
269         dir = usbhid->ctrl[usbhid->ctrltail].dir;
270
271         len = ((report->size - 1) >> 3) + 1 + (report->id > 0);
272         if (dir == USB_DIR_OUT) {
273                 hid_output_report(report, usbhid->ctrlbuf);
274                 usbhid->urbctrl->pipe = usb_sndctrlpipe(hid_to_usb_dev(hid), 0);
275                 usbhid->urbctrl->transfer_buffer_length = len;
276         } else {
277                 int maxpacket, padlen;
278
279                 usbhid->urbctrl->pipe = usb_rcvctrlpipe(hid_to_usb_dev(hid), 0);
280                 maxpacket = usb_maxpacket(hid_to_usb_dev(hid), usbhid->urbctrl->pipe, 0);
281                 if (maxpacket > 0) {
282                         padlen = DIV_ROUND_UP(len, maxpacket);
283                         padlen *= maxpacket;
284                         if (padlen > usbhid->bufsize)
285                                 padlen = usbhid->bufsize;
286                 } else
287                         padlen = 0;
288                 usbhid->urbctrl->transfer_buffer_length = padlen;
289         }
290         usbhid->urbctrl->dev = hid_to_usb_dev(hid);
291
292         usbhid->cr->bRequestType = USB_TYPE_CLASS | USB_RECIP_INTERFACE | dir;
293         usbhid->cr->bRequest = (dir == USB_DIR_OUT) ? HID_REQ_SET_REPORT : HID_REQ_GET_REPORT;
294         usbhid->cr->wValue = cpu_to_le16(((report->type + 1) << 8) | report->id);
295         usbhid->cr->wIndex = cpu_to_le16(usbhid->ifnum);
296         usbhid->cr->wLength = cpu_to_le16(len);
297
298         dbg_hid("submitting ctrl urb: %s wValue=0x%04x wIndex=0x%04x wLength=%u\n",
299                 usbhid->cr->bRequest == HID_REQ_SET_REPORT ? "Set_Report" : "Get_Report",
300                 usbhid->cr->wValue, usbhid->cr->wIndex, usbhid->cr->wLength);
301
302         if (usb_submit_urb(usbhid->urbctrl, GFP_ATOMIC)) {
303                 err_hid("usb_submit_urb(ctrl) failed");
304                 return -1;
305         }
306
307         return 0;
308 }
309
310 /*
311  * Output interrupt completion handler.
312  */
313
314 static void hid_irq_out(struct urb *urb)
315 {
316         struct hid_device *hid = urb->context;
317         struct usbhid_device *usbhid = hid->driver_data;
318         unsigned long flags;
319         int unplug = 0;
320
321         switch (urb->status) {
322                 case 0:                 /* success */
323                         break;
324                 case -ESHUTDOWN:        /* unplug */
325                         unplug = 1;
326                 case -EILSEQ:           /* protocol error or unplug */
327                 case -EPROTO:           /* protocol error or unplug */
328                 case -ECONNRESET:       /* unlink */
329                 case -ENOENT:
330                         break;
331                 default:                /* error */
332                         warn("output irq status %d received", urb->status);
333         }
334
335         spin_lock_irqsave(&usbhid->outlock, flags);
336
337         if (unplug)
338                 usbhid->outtail = usbhid->outhead;
339         else
340                 usbhid->outtail = (usbhid->outtail + 1) & (HID_OUTPUT_FIFO_SIZE - 1);
341
342         if (usbhid->outhead != usbhid->outtail) {
343                 if (hid_submit_out(hid)) {
344                         clear_bit(HID_OUT_RUNNING, &usbhid->iofl);
345                         wake_up(&usbhid->wait);
346                 }
347                 spin_unlock_irqrestore(&usbhid->outlock, flags);
348                 return;
349         }
350
351         clear_bit(HID_OUT_RUNNING, &usbhid->iofl);
352         spin_unlock_irqrestore(&usbhid->outlock, flags);
353         wake_up(&usbhid->wait);
354 }
355
356 /*
357  * Control pipe completion handler.
358  */
359
360 static void hid_ctrl(struct urb *urb)
361 {
362         struct hid_device *hid = urb->context;
363         struct usbhid_device *usbhid = hid->driver_data;
364         unsigned long flags;
365         int unplug = 0;
366
367         spin_lock_irqsave(&usbhid->ctrllock, flags);
368
369         switch (urb->status) {
370                 case 0:                 /* success */
371                         if (usbhid->ctrl[usbhid->ctrltail].dir == USB_DIR_IN)
372                                 hid_input_report(urb->context, usbhid->ctrl[usbhid->ctrltail].report->type,
373                                                 urb->transfer_buffer, urb->actual_length, 0);
374                         break;
375                 case -ESHUTDOWN:        /* unplug */
376                         unplug = 1;
377                 case -EILSEQ:           /* protocol error or unplug */
378                 case -EPROTO:           /* protocol error or unplug */
379                 case -ECONNRESET:       /* unlink */
380                 case -ENOENT:
381                 case -EPIPE:            /* report not available */
382                         break;
383                 default:                /* error */
384                         warn("ctrl urb status %d received", urb->status);
385         }
386
387         if (unplug)
388                 usbhid->ctrltail = usbhid->ctrlhead;
389         else
390                 usbhid->ctrltail = (usbhid->ctrltail + 1) & (HID_CONTROL_FIFO_SIZE - 1);
391
392         if (usbhid->ctrlhead != usbhid->ctrltail) {
393                 if (hid_submit_ctrl(hid)) {
394                         clear_bit(HID_CTRL_RUNNING, &usbhid->iofl);
395                         wake_up(&usbhid->wait);
396                 }
397                 spin_unlock_irqrestore(&usbhid->ctrllock, flags);
398                 return;
399         }
400
401         clear_bit(HID_CTRL_RUNNING, &usbhid->iofl);
402         spin_unlock_irqrestore(&usbhid->ctrllock, flags);
403         wake_up(&usbhid->wait);
404 }
405
406 void usbhid_submit_report(struct hid_device *hid, struct hid_report *report, unsigned char dir)
407 {
408         int head;
409         unsigned long flags;
410         struct usbhid_device *usbhid = hid->driver_data;
411
412         if ((hid->quirks & HID_QUIRK_NOGET) && dir == USB_DIR_IN)
413                 return;
414
415         if (usbhid->urbout && dir == USB_DIR_OUT && report->type == HID_OUTPUT_REPORT) {
416
417                 spin_lock_irqsave(&usbhid->outlock, flags);
418
419                 if ((head = (usbhid->outhead + 1) & (HID_OUTPUT_FIFO_SIZE - 1)) == usbhid->outtail) {
420                         spin_unlock_irqrestore(&usbhid->outlock, flags);
421                         warn("output queue full");
422                         return;
423                 }
424
425                 usbhid->out[usbhid->outhead] = report;
426                 usbhid->outhead = head;
427
428                 if (!test_and_set_bit(HID_OUT_RUNNING, &usbhid->iofl))
429                         if (hid_submit_out(hid))
430                                 clear_bit(HID_OUT_RUNNING, &usbhid->iofl);
431
432                 spin_unlock_irqrestore(&usbhid->outlock, flags);
433                 return;
434         }
435
436         spin_lock_irqsave(&usbhid->ctrllock, flags);
437
438         if ((head = (usbhid->ctrlhead + 1) & (HID_CONTROL_FIFO_SIZE - 1)) == usbhid->ctrltail) {
439                 spin_unlock_irqrestore(&usbhid->ctrllock, flags);
440                 warn("control queue full");
441                 return;
442         }
443
444         usbhid->ctrl[usbhid->ctrlhead].report = report;
445         usbhid->ctrl[usbhid->ctrlhead].dir = dir;
446         usbhid->ctrlhead = head;
447
448         if (!test_and_set_bit(HID_CTRL_RUNNING, &usbhid->iofl))
449                 if (hid_submit_ctrl(hid))
450                         clear_bit(HID_CTRL_RUNNING, &usbhid->iofl);
451
452         spin_unlock_irqrestore(&usbhid->ctrllock, flags);
453 }
454
455 static int usb_hidinput_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
456 {
457         struct hid_device *hid = input_get_drvdata(dev);
458         struct hid_field *field;
459         int offset;
460
461         if (type == EV_FF)
462                 return input_ff_event(dev, type, code, value);
463
464         if (type != EV_LED)
465                 return -1;
466
467         if ((offset = hidinput_find_field(hid, type, code, &field)) == -1) {
468                 warn("event field not found");
469                 return -1;
470         }
471
472         hid_set_field(field, offset, value);
473         usbhid_submit_report(hid, field->report, USB_DIR_OUT);
474
475         return 0;
476 }
477
478 int usbhid_wait_io(struct hid_device *hid)
479 {
480         struct usbhid_device *usbhid = hid->driver_data;
481
482         if (!wait_event_timeout(usbhid->wait,
483                                 (!test_bit(HID_CTRL_RUNNING, &usbhid->iofl) &&
484                                 !test_bit(HID_OUT_RUNNING, &usbhid->iofl)),
485                                         10*HZ)) {
486                 dbg_hid("timeout waiting for ctrl or out queue to clear\n");
487                 return -1;
488         }
489
490         return 0;
491 }
492
493 static int hid_set_idle(struct usb_device *dev, int ifnum, int report, int idle)
494 {
495         return usb_control_msg(dev, usb_sndctrlpipe(dev, 0),
496                 HID_REQ_SET_IDLE, USB_TYPE_CLASS | USB_RECIP_INTERFACE, (idle << 8) | report,
497                 ifnum, NULL, 0, USB_CTRL_SET_TIMEOUT);
498 }
499
500 static int hid_get_class_descriptor(struct usb_device *dev, int ifnum,
501                 unsigned char type, void *buf, int size)
502 {
503         int result, retries = 4;
504
505         memset(buf, 0, size);
506
507         do {
508                 result = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0),
509                                 USB_REQ_GET_DESCRIPTOR, USB_RECIP_INTERFACE | USB_DIR_IN,
510                                 (type << 8), ifnum, buf, size, USB_CTRL_GET_TIMEOUT);
511                 retries--;
512         } while (result < size && retries);
513         return result;
514 }
515
516 int usbhid_open(struct hid_device *hid)
517 {
518         struct usbhid_device *usbhid = hid->driver_data;
519         int res;
520
521         if (!hid->open++) {
522                 res = usb_autopm_get_interface(usbhid->intf);
523                 if (res < 0) {
524                         hid->open--;
525                         return -EIO;
526                 }
527         }
528         if (hid_start_in(hid))
529                 hid_io_error(hid);
530         return 0;
531 }
532
533 void usbhid_close(struct hid_device *hid)
534 {
535         struct usbhid_device *usbhid = hid->driver_data;
536
537         if (!--hid->open) {
538                 usb_kill_urb(usbhid->urbin);
539                 usb_autopm_put_interface(usbhid->intf);
540         }
541 }
542
543 /*
544  * Initialize all reports
545  */
546
547 void usbhid_init_reports(struct hid_device *hid)
548 {
549         struct hid_report *report;
550         struct usbhid_device *usbhid = hid->driver_data;
551         int err, ret;
552
553         list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].report_list, list)
554                 usbhid_submit_report(hid, report, USB_DIR_IN);
555
556         list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].report_list, list)
557                 usbhid_submit_report(hid, report, USB_DIR_IN);
558
559         err = 0;
560         ret = usbhid_wait_io(hid);
561         while (ret) {
562                 err |= ret;
563                 if (test_bit(HID_CTRL_RUNNING, &usbhid->iofl))
564                         usb_kill_urb(usbhid->urbctrl);
565                 if (test_bit(HID_OUT_RUNNING, &usbhid->iofl))
566                         usb_kill_urb(usbhid->urbout);
567                 ret = usbhid_wait_io(hid);
568         }
569
570         if (err)
571                 warn("timeout initializing reports");
572 }
573
574 /*
575  * Reset LEDs which BIOS might have left on. For now, just NumLock (0x01).
576  */
577 static int hid_find_field_early(struct hid_device *hid, unsigned int page,
578     unsigned int hid_code, struct hid_field **pfield)
579 {
580         struct hid_report *report;
581         struct hid_field *field;
582         struct hid_usage *usage;
583         int i, j;
584
585         list_for_each_entry(report, &hid->report_enum[HID_OUTPUT_REPORT].report_list, list) {
586                 for (i = 0; i < report->maxfield; i++) {
587                         field = report->field[i];
588                         for (j = 0; j < field->maxusage; j++) {
589                                 usage = &field->usage[j];
590                                 if ((usage->hid & HID_USAGE_PAGE) == page &&
591                                     (usage->hid & 0xFFFF) == hid_code) {
592                                         *pfield = field;
593                                         return j;
594                                 }
595                         }
596                 }
597         }
598         return -1;
599 }
600
601 static void usbhid_set_leds(struct hid_device *hid)
602 {
603         struct hid_field *field;
604         int offset;
605
606         if ((offset = hid_find_field_early(hid, HID_UP_LED, 0x01, &field)) != -1) {
607                 hid_set_field(field, offset, 0);
608                 usbhid_submit_report(hid, field->report, USB_DIR_OUT);
609         }
610 }
611
612 /*
613  * Traverse the supplied list of reports and find the longest
614  */
615 static void hid_find_max_report(struct hid_device *hid, unsigned int type,
616                 unsigned int *max)
617 {
618         struct hid_report *report;
619         unsigned int size;
620
621         list_for_each_entry(report, &hid->report_enum[type].report_list, list) {
622                 size = ((report->size - 1) >> 3) + 1;
623                 if (type == HID_INPUT_REPORT && hid->report_enum[type].numbered)
624                         size++;
625                 if (*max < size)
626                         *max = size;
627         }
628 }
629
630 static int hid_alloc_buffers(struct usb_device *dev, struct hid_device *hid)
631 {
632         struct usbhid_device *usbhid = hid->driver_data;
633
634         if (!(usbhid->inbuf = usb_buffer_alloc(dev, usbhid->bufsize, GFP_ATOMIC, &usbhid->inbuf_dma)))
635                 return -1;
636         if (!(usbhid->outbuf = usb_buffer_alloc(dev, usbhid->bufsize, GFP_ATOMIC, &usbhid->outbuf_dma)))
637                 return -1;
638         if (!(usbhid->cr = usb_buffer_alloc(dev, sizeof(*(usbhid->cr)), GFP_ATOMIC, &usbhid->cr_dma)))
639                 return -1;
640         if (!(usbhid->ctrlbuf = usb_buffer_alloc(dev, usbhid->bufsize, GFP_ATOMIC, &usbhid->ctrlbuf_dma)))
641                 return -1;
642
643         return 0;
644 }
645
646 static int usbhid_output_raw_report(struct hid_device *hid, __u8 *buf, size_t count)
647 {
648         struct usbhid_device *usbhid = hid->driver_data;
649         struct usb_device *dev = hid_to_usb_dev(hid);
650         struct usb_interface *intf = usbhid->intf;
651         struct usb_host_interface *interface = intf->cur_altsetting;
652         int ret;
653
654         ret = usb_control_msg(dev, usb_sndctrlpipe(dev, 0),
655                 HID_REQ_SET_REPORT,
656                 USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
657                 cpu_to_le16(((HID_OUTPUT_REPORT + 1) << 8) | *buf),
658                 interface->desc.bInterfaceNumber, buf + 1, count - 1,
659                 USB_CTRL_SET_TIMEOUT);
660
661         /* count also the report id */
662         if (ret > 0)
663                 ret++;
664
665         return ret;
666 }
667
668 static void hid_free_buffers(struct usb_device *dev, struct hid_device *hid)
669 {
670         struct usbhid_device *usbhid = hid->driver_data;
671
672         usb_buffer_free(dev, usbhid->bufsize, usbhid->inbuf, usbhid->inbuf_dma);
673         usb_buffer_free(dev, usbhid->bufsize, usbhid->outbuf, usbhid->outbuf_dma);
674         usb_buffer_free(dev, sizeof(*(usbhid->cr)), usbhid->cr, usbhid->cr_dma);
675         usb_buffer_free(dev, usbhid->bufsize, usbhid->ctrlbuf, usbhid->ctrlbuf_dma);
676 }
677
678 /*
679  * Sending HID_REQ_GET_REPORT changes the operation mode of the ps3 controller
680  * to "operational".  Without this, the ps3 controller will not report any
681  * events.
682  */
683 static void hid_fixup_sony_ps3_controller(struct usb_device *dev, int ifnum)
684 {
685         int result;
686         char *buf = kmalloc(18, GFP_KERNEL);
687
688         if (!buf)
689                 return;
690
691         result = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0),
692                                  HID_REQ_GET_REPORT,
693                                  USB_DIR_IN | USB_TYPE_CLASS |
694                                  USB_RECIP_INTERFACE,
695                                  (3 << 8) | 0xf2, ifnum, buf, 17,
696                                  USB_CTRL_GET_TIMEOUT);
697
698         if (result < 0)
699                 err_hid("%s failed: %d\n", __func__, result);
700
701         kfree(buf);
702 }
703
704 static struct hid_device *usb_hid_configure(struct usb_interface *intf)
705 {
706         struct usb_host_interface *interface = intf->cur_altsetting;
707         struct usb_device *dev = interface_to_usbdev (intf);
708         struct hid_descriptor *hdesc;
709         struct hid_device *hid;
710         u32 quirks = 0;
711         unsigned int insize = 0, rsize = 0;
712         char *rdesc;
713         int n, len;
714         struct usbhid_device *usbhid;
715
716         quirks = usbhid_lookup_quirk(le16_to_cpu(dev->descriptor.idVendor),
717                         le16_to_cpu(dev->descriptor.idProduct));
718
719         /* Many keyboards and mice don't like to be polled for reports,
720          * so we will always set the HID_QUIRK_NOGET flag for them. */
721         if (interface->desc.bInterfaceSubClass == USB_INTERFACE_SUBCLASS_BOOT) {
722                 if (interface->desc.bInterfaceProtocol == USB_INTERFACE_PROTOCOL_KEYBOARD ||
723                         interface->desc.bInterfaceProtocol == USB_INTERFACE_PROTOCOL_MOUSE)
724                                 quirks |= HID_QUIRK_NOGET;
725         }
726
727         if (quirks & HID_QUIRK_IGNORE)
728                 return NULL;
729
730         if ((quirks & HID_QUIRK_IGNORE_MOUSE) &&
731                 (interface->desc.bInterfaceProtocol == USB_INTERFACE_PROTOCOL_MOUSE))
732                         return NULL;
733
734
735         if (usb_get_extra_descriptor(interface, HID_DT_HID, &hdesc) &&
736             (!interface->desc.bNumEndpoints ||
737              usb_get_extra_descriptor(&interface->endpoint[0], HID_DT_HID, &hdesc))) {
738                 dbg_hid("class descriptor not present\n");
739                 return NULL;
740         }
741
742         for (n = 0; n < hdesc->bNumDescriptors; n++)
743                 if (hdesc->desc[n].bDescriptorType == HID_DT_REPORT)
744                         rsize = le16_to_cpu(hdesc->desc[n].wDescriptorLength);
745
746         if (!rsize || rsize > HID_MAX_DESCRIPTOR_SIZE) {
747                 dbg_hid("weird size of report descriptor (%u)\n", rsize);
748                 return NULL;
749         }
750
751         if (!(rdesc = kmalloc(rsize, GFP_KERNEL))) {
752                 dbg_hid("couldn't allocate rdesc memory\n");
753                 return NULL;
754         }
755
756         hid_set_idle(dev, interface->desc.bInterfaceNumber, 0, 0);
757
758         if ((n = hid_get_class_descriptor(dev, interface->desc.bInterfaceNumber, HID_DT_REPORT, rdesc, rsize)) < 0) {
759                 dbg_hid("reading report descriptor failed\n");
760                 kfree(rdesc);
761                 return NULL;
762         }
763
764         usbhid_fixup_report_descriptor(le16_to_cpu(dev->descriptor.idVendor),
765                         le16_to_cpu(dev->descriptor.idProduct), rdesc,
766                         rsize, rdesc_quirks_param);
767
768         dbg_hid("report descriptor (size %u, read %d) = ", rsize, n);
769         for (n = 0; n < rsize; n++)
770                 dbg_hid_line(" %02x", (unsigned char) rdesc[n]);
771         dbg_hid_line("\n");
772
773         if (!(hid = hid_parse_report(rdesc, n))) {
774                 dbg_hid("parsing report descriptor failed\n");
775                 kfree(rdesc);
776                 return NULL;
777         }
778
779         kfree(rdesc);
780         hid->quirks = quirks;
781
782         if (!(usbhid = kzalloc(sizeof(struct usbhid_device), GFP_KERNEL)))
783                 goto fail_no_usbhid;
784
785         hid->driver_data = usbhid;
786         usbhid->hid = hid;
787
788         usbhid->bufsize = HID_MIN_BUFFER_SIZE;
789         hid_find_max_report(hid, HID_INPUT_REPORT, &usbhid->bufsize);
790         hid_find_max_report(hid, HID_OUTPUT_REPORT, &usbhid->bufsize);
791         hid_find_max_report(hid, HID_FEATURE_REPORT, &usbhid->bufsize);
792
793         if (usbhid->bufsize > HID_MAX_BUFFER_SIZE)
794                 usbhid->bufsize = HID_MAX_BUFFER_SIZE;
795
796         hid_find_max_report(hid, HID_INPUT_REPORT, &insize);
797
798         if (insize > HID_MAX_BUFFER_SIZE)
799                 insize = HID_MAX_BUFFER_SIZE;
800
801         if (hid_alloc_buffers(dev, hid)) {
802                 hid_free_buffers(dev, hid);
803                 goto fail;
804         }
805
806         hid->name[0] = 0;
807
808         if (dev->manufacturer)
809                 strlcpy(hid->name, dev->manufacturer, sizeof(hid->name));
810
811         if (dev->product) {
812                 if (dev->manufacturer)
813                         strlcat(hid->name, " ", sizeof(hid->name));
814                 strlcat(hid->name, dev->product, sizeof(hid->name));
815         }
816
817         if (!strlen(hid->name))
818                 snprintf(hid->name, sizeof(hid->name), "HID %04x:%04x",
819                          le16_to_cpu(dev->descriptor.idVendor),
820                          le16_to_cpu(dev->descriptor.idProduct));
821
822         for (n = 0; n < interface->desc.bNumEndpoints; n++) {
823
824                 struct usb_endpoint_descriptor *endpoint;
825                 int pipe;
826                 int interval;
827
828                 endpoint = &interface->endpoint[n].desc;
829                 if ((endpoint->bmAttributes & 3) != 3)          /* Not an interrupt endpoint */
830                         continue;
831
832                 interval = endpoint->bInterval;
833
834                 /* Some vendors give fullspeed interval on highspeed devides */
835                 if (quirks & HID_QUIRK_FULLSPEED_INTERVAL  &&
836                     dev->speed == USB_SPEED_HIGH) {
837                         interval = fls(endpoint->bInterval*8);
838                         printk(KERN_INFO "%s: Fixing fullspeed to highspeed interval: %d -> %d\n",
839                                hid->name, endpoint->bInterval, interval);
840                 }
841
842                 /* Change the polling interval of mice. */
843                 if (hid->collection->usage == HID_GD_MOUSE && hid_mousepoll_interval > 0)
844                         interval = hid_mousepoll_interval;
845
846                 if (usb_endpoint_dir_in(endpoint)) {
847                         if (usbhid->urbin)
848                                 continue;
849                         if (!(usbhid->urbin = usb_alloc_urb(0, GFP_KERNEL)))
850                                 goto fail;
851                         pipe = usb_rcvintpipe(dev, endpoint->bEndpointAddress);
852                         usb_fill_int_urb(usbhid->urbin, dev, pipe, usbhid->inbuf, insize,
853                                          hid_irq_in, hid, interval);
854                         usbhid->urbin->transfer_dma = usbhid->inbuf_dma;
855                         usbhid->urbin->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
856                 } else {
857                         if (usbhid->urbout)
858                                 continue;
859                         if (!(usbhid->urbout = usb_alloc_urb(0, GFP_KERNEL)))
860                                 goto fail;
861                         pipe = usb_sndintpipe(dev, endpoint->bEndpointAddress);
862                         usb_fill_int_urb(usbhid->urbout, dev, pipe, usbhid->outbuf, 0,
863                                          hid_irq_out, hid, interval);
864                         usbhid->urbout->transfer_dma = usbhid->outbuf_dma;
865                         usbhid->urbout->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
866                 }
867         }
868
869         if (!usbhid->urbin) {
870                 err_hid("couldn't find an input interrupt endpoint");
871                 goto fail;
872         }
873
874         init_waitqueue_head(&usbhid->wait);
875         INIT_WORK(&usbhid->reset_work, hid_reset);
876         setup_timer(&usbhid->io_retry, hid_retry_timeout, (unsigned long) hid);
877
878         spin_lock_init(&usbhid->inlock);
879         spin_lock_init(&usbhid->outlock);
880         spin_lock_init(&usbhid->ctrllock);
881
882         hid->version = le16_to_cpu(hdesc->bcdHID);
883         hid->country = hdesc->bCountryCode;
884         hid->dev = &intf->dev;
885         usbhid->intf = intf;
886         usbhid->ifnum = interface->desc.bInterfaceNumber;
887
888         hid->bus = BUS_USB;
889         hid->vendor = le16_to_cpu(dev->descriptor.idVendor);
890         hid->product = le16_to_cpu(dev->descriptor.idProduct);
891
892         usb_make_path(dev, hid->phys, sizeof(hid->phys));
893         strlcat(hid->phys, "/input", sizeof(hid->phys));
894         len = strlen(hid->phys);
895         if (len < sizeof(hid->phys) - 1)
896                 snprintf(hid->phys + len, sizeof(hid->phys) - len,
897                          "%d", intf->altsetting[0].desc.bInterfaceNumber);
898
899         if (usb_string(dev, dev->descriptor.iSerialNumber, hid->uniq, 64) <= 0)
900                 hid->uniq[0] = 0;
901
902         usbhid->urbctrl = usb_alloc_urb(0, GFP_KERNEL);
903         if (!usbhid->urbctrl)
904                 goto fail;
905
906         usb_fill_control_urb(usbhid->urbctrl, dev, 0, (void *) usbhid->cr,
907                              usbhid->ctrlbuf, 1, hid_ctrl, hid);
908         usbhid->urbctrl->setup_dma = usbhid->cr_dma;
909         usbhid->urbctrl->transfer_dma = usbhid->ctrlbuf_dma;
910         usbhid->urbctrl->transfer_flags |= (URB_NO_TRANSFER_DMA_MAP | URB_NO_SETUP_DMA_MAP);
911         hid->hidinput_input_event = usb_hidinput_input_event;
912         hid->hid_open = usbhid_open;
913         hid->hid_close = usbhid_close;
914 #ifdef CONFIG_USB_HIDDEV
915         hid->hiddev_hid_event = hiddev_hid_event;
916         hid->hiddev_report_event = hiddev_report_event;
917 #endif
918         hid->hid_output_raw_report = usbhid_output_raw_report;
919         return hid;
920
921 fail:
922         usb_free_urb(usbhid->urbin);
923         usb_free_urb(usbhid->urbout);
924         usb_free_urb(usbhid->urbctrl);
925         hid_free_buffers(dev, hid);
926         kfree(usbhid);
927 fail_no_usbhid:
928         hid_free_device(hid);
929
930         return NULL;
931 }
932
933 static void hid_disconnect(struct usb_interface *intf)
934 {
935         struct hid_device *hid = usb_get_intfdata (intf);
936         struct usbhid_device *usbhid;
937
938         if (!hid)
939                 return;
940
941         usbhid = hid->driver_data;
942
943         spin_lock_irq(&usbhid->inlock); /* Sync with error handler */
944         usb_set_intfdata(intf, NULL);
945         set_bit(HID_DISCONNECTED, &usbhid->iofl);
946         spin_unlock_irq(&usbhid->inlock);
947         usb_kill_urb(usbhid->urbin);
948         usb_kill_urb(usbhid->urbout);
949         usb_kill_urb(usbhid->urbctrl);
950
951         del_timer_sync(&usbhid->io_retry);
952         cancel_work_sync(&usbhid->reset_work);
953
954         if (hid->claimed & HID_CLAIMED_INPUT)
955                 hidinput_disconnect(hid);
956         if (hid->claimed & HID_CLAIMED_HIDDEV)
957                 hiddev_disconnect(hid);
958         if (hid->claimed & HID_CLAIMED_HIDRAW)
959                 hidraw_disconnect(hid);
960
961         usb_free_urb(usbhid->urbin);
962         usb_free_urb(usbhid->urbctrl);
963         usb_free_urb(usbhid->urbout);
964
965         hid_free_buffers(hid_to_usb_dev(hid), hid);
966         kfree(usbhid);
967         hid_free_device(hid);
968 }
969
970 static int hid_probe(struct usb_interface *intf, const struct usb_device_id *id)
971 {
972         struct hid_device *hid;
973         char path[64];
974         int i;
975         char *c;
976
977         dbg_hid("HID probe called for ifnum %d\n",
978                         intf->altsetting->desc.bInterfaceNumber);
979
980         if (!(hid = usb_hid_configure(intf)))
981                 return -ENODEV;
982
983         usbhid_init_reports(hid);
984         hid_dump_device(hid);
985         if (hid->quirks & HID_QUIRK_RESET_LEDS)
986                 usbhid_set_leds(hid);
987
988         if (!hidinput_connect(hid))
989                 hid->claimed |= HID_CLAIMED_INPUT;
990         if (!hiddev_connect(hid))
991                 hid->claimed |= HID_CLAIMED_HIDDEV;
992         if (!hidraw_connect(hid))
993                 hid->claimed |= HID_CLAIMED_HIDRAW;
994
995         usb_set_intfdata(intf, hid);
996
997         if (!hid->claimed) {
998                 printk ("HID device claimed by neither input, hiddev nor hidraw\n");
999                 hid_disconnect(intf);
1000                 return -ENODEV;
1001         }
1002
1003         if ((hid->claimed & HID_CLAIMED_INPUT))
1004                 hid_ff_init(hid);
1005
1006         if (hid->quirks & HID_QUIRK_SONY_PS3_CONTROLLER)
1007                 hid_fixup_sony_ps3_controller(interface_to_usbdev(intf),
1008                         intf->cur_altsetting->desc.bInterfaceNumber);
1009
1010         printk(KERN_INFO);
1011
1012         if (hid->claimed & HID_CLAIMED_INPUT)
1013                 printk("input");
1014         if ((hid->claimed & HID_CLAIMED_INPUT) && ((hid->claimed & HID_CLAIMED_HIDDEV) ||
1015                                 hid->claimed & HID_CLAIMED_HIDRAW))
1016                 printk(",");
1017         if (hid->claimed & HID_CLAIMED_HIDDEV)
1018                 printk("hiddev%d", hid->minor);
1019         if ((hid->claimed & HID_CLAIMED_INPUT) && (hid->claimed & HID_CLAIMED_HIDDEV) &&
1020                         (hid->claimed & HID_CLAIMED_HIDRAW))
1021                 printk(",");
1022         if (hid->claimed & HID_CLAIMED_HIDRAW)
1023                 printk("hidraw%d", ((struct hidraw*)hid->hidraw)->minor);
1024
1025         c = "Device";
1026         for (i = 0; i < hid->maxcollection; i++) {
1027                 if (hid->collection[i].type == HID_COLLECTION_APPLICATION &&
1028                     (hid->collection[i].usage & HID_USAGE_PAGE) == HID_UP_GENDESK &&
1029                     (hid->collection[i].usage & 0xffff) < ARRAY_SIZE(hid_types)) {
1030                         c = hid_types[hid->collection[i].usage & 0xffff];
1031                         break;
1032                 }
1033         }
1034
1035         usb_make_path(interface_to_usbdev(intf), path, 63);
1036
1037         printk(": USB HID v%x.%02x %s [%s] on %s\n",
1038                 hid->version >> 8, hid->version & 0xff, c, hid->name, path);
1039
1040         return 0;
1041 }
1042
1043 static int hid_suspend(struct usb_interface *intf, pm_message_t message)
1044 {
1045         struct hid_device *hid = usb_get_intfdata (intf);
1046         struct usbhid_device *usbhid = hid->driver_data;
1047
1048         spin_lock_irq(&usbhid->inlock); /* Sync with error handler */
1049         set_bit(HID_SUSPENDED, &usbhid->iofl);
1050         spin_unlock_irq(&usbhid->inlock);
1051         del_timer(&usbhid->io_retry);
1052         usb_kill_urb(usbhid->urbin);
1053         dev_dbg(&intf->dev, "suspend\n");
1054         return 0;
1055 }
1056
1057 static int hid_resume(struct usb_interface *intf)
1058 {
1059         struct hid_device *hid = usb_get_intfdata (intf);
1060         struct usbhid_device *usbhid = hid->driver_data;
1061         int status;
1062
1063         clear_bit(HID_SUSPENDED, &usbhid->iofl);
1064         usbhid->retry_delay = 0;
1065         status = hid_start_in(hid);
1066         dev_dbg(&intf->dev, "resume status %d\n", status);
1067         return status;
1068 }
1069
1070 /* Treat USB reset pretty much the same as suspend/resume */
1071 static int hid_pre_reset(struct usb_interface *intf)
1072 {
1073         /* FIXME: What if the interface is already suspended? */
1074         hid_suspend(intf, PMSG_ON);
1075         return 0;
1076 }
1077
1078 /* Same routine used for post_reset and reset_resume */
1079 static int hid_post_reset(struct usb_interface *intf)
1080 {
1081         struct usb_device *dev = interface_to_usbdev (intf);
1082
1083         hid_set_idle(dev, intf->cur_altsetting->desc.bInterfaceNumber, 0, 0);
1084         /* FIXME: Any more reinitialization needed? */
1085
1086         return hid_resume(intf);
1087 }
1088
1089 static struct usb_device_id hid_usb_ids [] = {
1090         { .match_flags = USB_DEVICE_ID_MATCH_INT_CLASS,
1091                 .bInterfaceClass = USB_INTERFACE_CLASS_HID },
1092         { }                                             /* Terminating entry */
1093 };
1094
1095 MODULE_DEVICE_TABLE (usb, hid_usb_ids);
1096
1097 static struct usb_driver hid_driver = {
1098         .name =         "usbhid",
1099         .probe =        hid_probe,
1100         .disconnect =   hid_disconnect,
1101         .suspend =      hid_suspend,
1102         .resume =       hid_resume,
1103         .reset_resume = hid_post_reset,
1104         .pre_reset =    hid_pre_reset,
1105         .post_reset =   hid_post_reset,
1106         .id_table =     hid_usb_ids,
1107         .supports_autosuspend = 1,
1108 };
1109
1110 static int __init hid_init(void)
1111 {
1112         int retval;
1113         retval = usbhid_quirks_init(quirks_param);
1114         if (retval)
1115                 goto usbhid_quirks_init_fail;
1116         retval = hiddev_init();
1117         if (retval)
1118                 goto hiddev_init_fail;
1119         retval = usb_register(&hid_driver);
1120         if (retval)
1121                 goto usb_register_fail;
1122         info(DRIVER_VERSION ":" DRIVER_DESC);
1123
1124         return 0;
1125 usb_register_fail:
1126         hiddev_exit();
1127 hiddev_init_fail:
1128         usbhid_quirks_exit();
1129 usbhid_quirks_init_fail:
1130         return retval;
1131 }
1132
1133 static void __exit hid_exit(void)
1134 {
1135         usb_deregister(&hid_driver);
1136         hiddev_exit();
1137         usbhid_quirks_exit();
1138 }
1139
1140 module_init(hid_init);
1141 module_exit(hid_exit);
1142
1143 MODULE_AUTHOR(DRIVER_AUTHOR);
1144 MODULE_DESCRIPTION(DRIVER_DESC);
1145 MODULE_LICENSE(DRIVER_LICENSE);