DECLARE_WAITQUEUE doesn't initialize the wait descriptor's task_list
to 'empty' but to zero.
prepare_to_wait() will not enqueue the descriptor to the waitqueue and
finish_wait() will do list_del_init() on a list head that contains
NULL pointers, which oopses.
This was introduced by 079034073 "HID: hiddev cleanup -- handle all
error conditions properly".
The prior code used an unconditional add_to_waitqueue() which didn't
care about the wait descriptor's list head and enqueued the thing
unconditionally.
The new code uses prepare_to_wait() which DOES check the prior list
state, so use DEFINE_WAIT instead.
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: Oliver Neukum <oliver@neukum.name>
Cc: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
If hiddev_open() fails, it wrongly frees the shared hiddev structure
kept in hiddev_table instead of the hiddev_list structure allocated
for the opened file descriptor. Existing references to this structure
will then accessed free memory.
This was introduced by 079034073 "HID: hiddev cleanup -- handle all
error conditions properly".
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: Oliver Neukum <oliver@neukum.name>
Cc: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
The logic for testing for disconnection is reversed in an ioctl leading
to false reports of disconnection.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Tested-by: Folkert van Heusden <folkert@vanheusden.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6: (123 commits)
wimax/i2400m: add CREDITS and MAINTAINERS entries
wimax: export linux/wimax.h and linux/wimax/i2400m.h with headers_install
i2400m: Makefile and Kconfig
i2400m/SDIO: TX and RX path backends
i2400m/SDIO: firmware upload backend
i2400m/SDIO: probe/disconnect, dev init/shutdown and reset backends
i2400m/SDIO: header for the SDIO subdriver
i2400m/USB: TX and RX path backends
i2400m/USB: firmware upload backend
i2400m/USB: probe/disconnect, dev init/shutdown and reset backends
i2400m/USB: header for the USB bus driver
i2400m: debugfs controls
i2400m: various functions for device management
i2400m: RX and TX data/control paths
i2400m: firmware loading and bootrom initialization
i2400m: linkage to the networking stack
i2400m: Generic probe/disconnect, reset and message passing
i2400m: host/device procotol and core driver definitions
i2400m: documentation and instructions for usage
wimax: Makefile, Kconfig and docbook linkage for the stack
...
Commit 079034073fa ("HID: hiddev cleanup -- handle all error conditions
properly") by mistake removed proper initialization of hid->hiddev pointer
in hiddev_connect() in case usb_register_dev() succeeds for the hiddev node.
Put it properly back in place.
Reported-and-tested-by: Gabriel C <nix.or.die@googlemail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This patch (as1161) changes the interface to
usb_lock_device_for_reset(). The existing interface is apparently not
very clear, judging from the fact that several of its callers don't
use it correctly. The new interface always returns 0 for success and
it always requires the caller to unlock the device afterward.
The new routine will not return immediately if it is called while the
driver's probe method is running. Instead it will wait until the
probe is over and the device has been unlocked. This shouldn't cause
any problems; I don't know of any cases where drivers call
usb_lock_device_for_reset() during probe.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Cc: Pete Zaitcev <zaitcev@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The Genius PenSketch 12x9 tablet has a puck (labeled a
"Tablet Mouse") in addition to a pen. Without registering a quirk
the tablet appears to be a single input device that reports the
wrong axis information in /proc/bus/input/devices, and sends
incorrect events (e.g. ABS_Z instead of ABS_Y). This information
confuses the X evdev driver and makes the device impossible to
use.
The quirk fixes events and splits the device into multiple input
event devices so that at least the puck is useful.
Signed-off-by: Matt Helsley <matt.helsley@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
The usbmouse and usbkbd modules are not supposed to be used with regular USB
mice and keyboards. Make them depend on EMBEDDED to prevent them from being
built and loaded on non-EMBEDDED configs.
Signed-off-by: Parag Warudkar <parag.lkml@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
This is a cleanup of hiddev and fixes the following issues:
- thread safety by locking in read & ioctl, introducing a per device mutex
- race between ioctl and disconnect, introducing a flag and locking
in form of a per low level device mutex
- race between open and other methods, making sure only successfully
opened devices are put on the list, changing order of events
- range checking both upper and lower limits of the minor range
- make sure further calls to open fail for unplugged devices even if
the device still has opened files
- error checking for low level open
- possible loss of wakeup events, using standard waiting macros
- race in initialisation by moving registration after full initialisation
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
We might sleep, so no problem to use GFP_KERNEL.
While at it bring the function to coding style.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Use usb_endpoint_xfer_int() instead of direct use of constants.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Move usbhid specific flags from global hid.h into local usbhid.h.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
This patch (as1146c) makes usbhid automatically call usbhid_set_leds()
for any device that supports the keyboard boot protocol.
In theory this should be perfectly safe. BIOSes send the LED output
report as part of their normal device initialization, so any keyboard
device supporting the boot protocol has to be able to handle it.
As a side effect, the hid-dell and hid-bright drivers are no longer
needed, and the Logitech keyboard driver can be removed from hid-lg.
CC: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
When computing the maximal buffer size needed, we must take into
account that not only input reports can be numbered.
Pointed out in bugzilla #10467
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
It causes recursive locking warning and is unneeded after
introduction of STARTED flag.
* Resume vs. stop is effectively solved by DISCONNECT flag.
* No problem in suspend vs. start -- urb is submitted even after open
which is possible after connect which is called after start.
* Resume vs. start solved by STARTED flag.
* Suspend vs. stop -- no problem in killing urb and timer twice.
Reported-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Some devices have no input interrupt endpoint. These won't be handled
by usbhid, but currently they are not refused and reside on hid bus.
Perform this checking earlier so that we refuse to control such
a device early enough (and not pass it to the hid bus at all).
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
`stop' left out usbhid->urb* pointers and so the next `start' thought
it needs to allocate nothing and used the memory pointers previously
pointed to. This led to memory corruption and device malfunction.
Also don't forget to clear disconnect flag on start which was left set
by the previous `stop'.
This fixes
echo DEVICE > /sys/bus/hid/drivers/DRIVER/unbind
echo DEVICE > /sys/bus/hid/drivers/DRIVER/bind
failures.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
As it is, all instances of ->release() for files that have ->fasync()
need to remember to evict file from fasync lists; forgetting that
creates a hole and we actually have a bunch that *does* forget.
So let's keep our lives simple - let __fput() check FASYNC in
file->f_flags and call ->fasync() there if it's been set. And lose that
crap in ->release() instances - leaving it there is still valid, but we
don't have to bother anymore.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
When suspending, make sure that the timer is not running
any more.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Usbhid structure is allocated on start invoked only from probe
of some driver. When there is no driver, the structure is null
and causes null-dereference oopses.
Fix it by allocating the structure on probe and disconnect of
the device itself. Also make sure we won't race between start
and resume or stop and suspend respectively.
References: http://bugzilla.kernel.org/show_bug.cgi?id=11827
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Cc: Johannes Berg <johannes@sipsolutions.net>
Cc: Andreas Schwab <schwab@suse.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
HID: Add support for Sony Vaio VGX-TP1E
HID: fix lock imbalance in hiddev
HID: fix lock imbalance in hidraw
HID: fix hidbus/appletouch device binding regression
HID: add hid_type to general hid struct
HID: quirk for OLED devices present in ASUS G50/G70/G71
HID: Remove "default m" for Thrustmaster and Zeroplus
HID: fix hidraw_exit section mismatch
HID: add support for another Gyration remote control
Revert "HID: Invert HWHEEL mappings for some Logitech mice"
Add type to the hid structure to distinguish to which device type
(now only mouse) we are talking to. Needed for per device type ignore
list support.
Note: this patch leaves the type as unknown for bluetooth devices,
there is not support for this in the hidp code.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
There were two stragglers that got missed in the last merge of the HID tree that forgot to change the warn() calls to dev_warn(). This patch fixes them up.
Acked-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
USB should not be having it's own printk macros, so remove warn() and
use the system-wide standard of dev_warn() wherever possible. In the
few places that will not work out, use a basic printk().
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
USB should not be having it's own printk macros, so remove info() and
use the system-wide standard of dev_info() wherever possible.
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Commit 8006479c9b75fb6594a7b746af3d7f1fbb68f18f introduced a spinlock in
input_dev->event_lock, which is locked when handling input events.
However, the hid-pidff driver sleeps when handling events as it waits for
reports being sent to the device before changing the report contents
again.
This causes a system lockup when trying to use force feedback with a PID
device, a regression introduced in 2.6.24 and 2.6.23.15.
Fix it by extracting the raw report data from struct hid_report
immediately when hid_submit_report() is called, therefore allowing
drivers to change the contents of struct hid_report immediately without
affecting the already-queued transfer.
In hid-pidff, re-add the removed usbhid_wait_io() to
pidff_erase_effect() instead, to prevent a full report queue from causing
the submission to fail, thus not freeing up device memory.
pidff_erase_effect() is not called while dev->event_lock is held.
Signed-off-by: Anssi Hannula <anssi.hannula@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
hid-ff.c now calls only pidff (generic driver), the special ones are now
in separate drivers. Invoke pidff on all non-special directly.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Move the force feedback processing into a separate module.
[jkosina@suse.cz: fix Kconfig texts a little bit]
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
This seems to be the very same device, as already supported Smartjoy
dual Plus, but with slightly different vendor ID. Let's support this
one too.
Reported-by: David Ashley <dashxdr@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Merge the logitech force feedback processing directly into logitech
driver from the usbhid core.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Move the handling of the leds resetting from the core to
the dell and logitech drivers.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Move connecting from usbhid to the hid layer and fix also hidp in
that manner.
This removes all the ignore/force hidinput/hiddev connecting quirks.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Remove support for both dynamic and static report descriptor
quirks. There is no longer rdesc code which it would support,
so it's useless.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Bring switch and cases into coding style and save thus some
indentation to make the code tighter.
Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>