xref: /openbmc/linux/drivers/hid/usbhid/hid-core.c (revision 4bb1eb3c)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *  USB HID support for Linux
4  *
5  *  Copyright (c) 1999 Andreas Gal
6  *  Copyright (c) 2000-2005 Vojtech Pavlik <vojtech@suse.cz>
7  *  Copyright (c) 2005 Michael Haboustak <mike-@cinci.rr.com> for Concept2, Inc
8  *  Copyright (c) 2007-2008 Oliver Neukum
9  *  Copyright (c) 2006-2010 Jiri Kosina
10  */
11 
12 /*
13  */
14 
15 #include <linux/module.h>
16 #include <linux/slab.h>
17 #include <linux/init.h>
18 #include <linux/kernel.h>
19 #include <linux/list.h>
20 #include <linux/mm.h>
21 #include <linux/mutex.h>
22 #include <linux/spinlock.h>
23 #include <asm/unaligned.h>
24 #include <asm/byteorder.h>
25 #include <linux/input.h>
26 #include <linux/wait.h>
27 #include <linux/workqueue.h>
28 #include <linux/string.h>
29 #include <linux/timekeeping.h>
30 
31 #include <linux/usb.h>
32 
33 #include <linux/hid.h>
34 #include <linux/hiddev.h>
35 #include <linux/hid-debug.h>
36 #include <linux/hidraw.h>
37 #include "usbhid.h"
38 
39 /*
40  * Version Information
41  */
42 
43 #define DRIVER_DESC "USB HID core driver"
44 
45 /*
46  * Module parameters.
47  */
48 
49 static unsigned int hid_mousepoll_interval;
50 module_param_named(mousepoll, hid_mousepoll_interval, uint, 0644);
51 MODULE_PARM_DESC(mousepoll, "Polling interval of mice");
52 
53 static unsigned int hid_jspoll_interval;
54 module_param_named(jspoll, hid_jspoll_interval, uint, 0644);
55 MODULE_PARM_DESC(jspoll, "Polling interval of joysticks");
56 
57 static unsigned int hid_kbpoll_interval;
58 module_param_named(kbpoll, hid_kbpoll_interval, uint, 0644);
59 MODULE_PARM_DESC(kbpoll, "Polling interval of keyboards");
60 
61 static unsigned int ignoreled;
62 module_param_named(ignoreled, ignoreled, uint, 0644);
63 MODULE_PARM_DESC(ignoreled, "Autosuspend with active leds");
64 
65 /* Quirks specified at module load time */
66 static char *quirks_param[MAX_USBHID_BOOT_QUIRKS];
67 module_param_array_named(quirks, quirks_param, charp, NULL, 0444);
68 MODULE_PARM_DESC(quirks, "Add/modify USB HID quirks by specifying "
69 		" quirks=vendorID:productID:quirks"
70 		" where vendorID, productID, and quirks are all in"
71 		" 0x-prefixed hex");
72 /*
73  * Input submission and I/O error handler.
74  */
75 static void hid_io_error(struct hid_device *hid);
76 static int hid_submit_out(struct hid_device *hid);
77 static int hid_submit_ctrl(struct hid_device *hid);
78 static void hid_cancel_delayed_stuff(struct usbhid_device *usbhid);
79 
80 /* Start up the input URB */
81 static int hid_start_in(struct hid_device *hid)
82 {
83 	unsigned long flags;
84 	int rc = 0;
85 	struct usbhid_device *usbhid = hid->driver_data;
86 
87 	spin_lock_irqsave(&usbhid->lock, flags);
88 	if (test_bit(HID_IN_POLLING, &usbhid->iofl) &&
89 	    !test_bit(HID_DISCONNECTED, &usbhid->iofl) &&
90 	    !test_bit(HID_SUSPENDED, &usbhid->iofl) &&
91 	    !test_and_set_bit(HID_IN_RUNNING, &usbhid->iofl)) {
92 		rc = usb_submit_urb(usbhid->urbin, GFP_ATOMIC);
93 		if (rc != 0) {
94 			clear_bit(HID_IN_RUNNING, &usbhid->iofl);
95 			if (rc == -ENOSPC)
96 				set_bit(HID_NO_BANDWIDTH, &usbhid->iofl);
97 		} else {
98 			clear_bit(HID_NO_BANDWIDTH, &usbhid->iofl);
99 
100 			if (test_bit(HID_RESUME_RUNNING, &usbhid->iofl)) {
101 				/*
102 				 * In case events are generated while nobody was
103 				 * listening, some are released when the device
104 				 * is re-opened. Wait 50 msec for the queue to
105 				 * empty before allowing events to go through
106 				 * hid.
107 				 */
108 				usbhid->input_start_time =
109 					ktime_add_ms(ktime_get_coarse(), 50);
110 			}
111 		}
112 	}
113 	spin_unlock_irqrestore(&usbhid->lock, flags);
114 	return rc;
115 }
116 
117 /* I/O retry timer routine */
118 static void hid_retry_timeout(struct timer_list *t)
119 {
120 	struct usbhid_device *usbhid = from_timer(usbhid, t, io_retry);
121 	struct hid_device *hid = usbhid->hid;
122 
123 	dev_dbg(&usbhid->intf->dev, "retrying intr urb\n");
124 	if (hid_start_in(hid))
125 		hid_io_error(hid);
126 }
127 
128 /* Workqueue routine to reset the device or clear a halt */
129 static void hid_reset(struct work_struct *work)
130 {
131 	struct usbhid_device *usbhid =
132 		container_of(work, struct usbhid_device, reset_work);
133 	struct hid_device *hid = usbhid->hid;
134 	int rc;
135 
136 	if (test_bit(HID_CLEAR_HALT, &usbhid->iofl)) {
137 		dev_dbg(&usbhid->intf->dev, "clear halt\n");
138 		rc = usb_clear_halt(hid_to_usb_dev(hid), usbhid->urbin->pipe);
139 		clear_bit(HID_CLEAR_HALT, &usbhid->iofl);
140 		if (rc == 0) {
141 			hid_start_in(hid);
142 		} else {
143 			dev_dbg(&usbhid->intf->dev,
144 					"clear-halt failed: %d\n", rc);
145 			set_bit(HID_RESET_PENDING, &usbhid->iofl);
146 		}
147 	}
148 
149 	if (test_bit(HID_RESET_PENDING, &usbhid->iofl)) {
150 		dev_dbg(&usbhid->intf->dev, "resetting device\n");
151 		usb_queue_reset_device(usbhid->intf);
152 	}
153 }
154 
155 /* Main I/O error handler */
156 static void hid_io_error(struct hid_device *hid)
157 {
158 	unsigned long flags;
159 	struct usbhid_device *usbhid = hid->driver_data;
160 
161 	spin_lock_irqsave(&usbhid->lock, flags);
162 
163 	/* Stop when disconnected */
164 	if (test_bit(HID_DISCONNECTED, &usbhid->iofl))
165 		goto done;
166 
167 	/* If it has been a while since the last error, we'll assume
168 	 * this a brand new error and reset the retry timeout. */
169 	if (time_after(jiffies, usbhid->stop_retry + HZ/2))
170 		usbhid->retry_delay = 0;
171 
172 	/* When an error occurs, retry at increasing intervals */
173 	if (usbhid->retry_delay == 0) {
174 		usbhid->retry_delay = 13;	/* Then 26, 52, 104, 104, ... */
175 		usbhid->stop_retry = jiffies + msecs_to_jiffies(1000);
176 	} else if (usbhid->retry_delay < 100)
177 		usbhid->retry_delay *= 2;
178 
179 	if (time_after(jiffies, usbhid->stop_retry)) {
180 
181 		/* Retries failed, so do a port reset unless we lack bandwidth*/
182 		if (!test_bit(HID_NO_BANDWIDTH, &usbhid->iofl)
183 		     && !test_and_set_bit(HID_RESET_PENDING, &usbhid->iofl)) {
184 
185 			schedule_work(&usbhid->reset_work);
186 			goto done;
187 		}
188 	}
189 
190 	mod_timer(&usbhid->io_retry,
191 			jiffies + msecs_to_jiffies(usbhid->retry_delay));
192 done:
193 	spin_unlock_irqrestore(&usbhid->lock, flags);
194 }
195 
196 static void usbhid_mark_busy(struct usbhid_device *usbhid)
197 {
198 	struct usb_interface *intf = usbhid->intf;
199 
200 	usb_mark_last_busy(interface_to_usbdev(intf));
201 }
202 
203 static int usbhid_restart_out_queue(struct usbhid_device *usbhid)
204 {
205 	struct hid_device *hid = usb_get_intfdata(usbhid->intf);
206 	int kicked;
207 	int r;
208 
209 	if (!hid || test_bit(HID_RESET_PENDING, &usbhid->iofl) ||
210 			test_bit(HID_SUSPENDED, &usbhid->iofl))
211 		return 0;
212 
213 	if ((kicked = (usbhid->outhead != usbhid->outtail))) {
214 		hid_dbg(hid, "Kicking head %d tail %d", usbhid->outhead, usbhid->outtail);
215 
216 		/* Try to wake up from autosuspend... */
217 		r = usb_autopm_get_interface_async(usbhid->intf);
218 		if (r < 0)
219 			return r;
220 
221 		/*
222 		 * If still suspended, don't submit.  Submission will
223 		 * occur if/when resume drains the queue.
224 		 */
225 		if (test_bit(HID_SUSPENDED, &usbhid->iofl)) {
226 			usb_autopm_put_interface_no_suspend(usbhid->intf);
227 			return r;
228 		}
229 
230 		/* Asynchronously flush queue. */
231 		set_bit(HID_OUT_RUNNING, &usbhid->iofl);
232 		if (hid_submit_out(hid)) {
233 			clear_bit(HID_OUT_RUNNING, &usbhid->iofl);
234 			usb_autopm_put_interface_async(usbhid->intf);
235 		}
236 		wake_up(&usbhid->wait);
237 	}
238 	return kicked;
239 }
240 
241 static int usbhid_restart_ctrl_queue(struct usbhid_device *usbhid)
242 {
243 	struct hid_device *hid = usb_get_intfdata(usbhid->intf);
244 	int kicked;
245 	int r;
246 
247 	WARN_ON(hid == NULL);
248 	if (!hid || test_bit(HID_RESET_PENDING, &usbhid->iofl) ||
249 			test_bit(HID_SUSPENDED, &usbhid->iofl))
250 		return 0;
251 
252 	if ((kicked = (usbhid->ctrlhead != usbhid->ctrltail))) {
253 		hid_dbg(hid, "Kicking head %d tail %d", usbhid->ctrlhead, usbhid->ctrltail);
254 
255 		/* Try to wake up from autosuspend... */
256 		r = usb_autopm_get_interface_async(usbhid->intf);
257 		if (r < 0)
258 			return r;
259 
260 		/*
261 		 * If still suspended, don't submit.  Submission will
262 		 * occur if/when resume drains the queue.
263 		 */
264 		if (test_bit(HID_SUSPENDED, &usbhid->iofl)) {
265 			usb_autopm_put_interface_no_suspend(usbhid->intf);
266 			return r;
267 		}
268 
269 		/* Asynchronously flush queue. */
270 		set_bit(HID_CTRL_RUNNING, &usbhid->iofl);
271 		if (hid_submit_ctrl(hid)) {
272 			clear_bit(HID_CTRL_RUNNING, &usbhid->iofl);
273 			usb_autopm_put_interface_async(usbhid->intf);
274 		}
275 		wake_up(&usbhid->wait);
276 	}
277 	return kicked;
278 }
279 
280 /*
281  * Input interrupt completion handler.
282  */
283 
284 static void hid_irq_in(struct urb *urb)
285 {
286 	struct hid_device	*hid = urb->context;
287 	struct usbhid_device	*usbhid = hid->driver_data;
288 	int			status;
289 
290 	switch (urb->status) {
291 	case 0:			/* success */
292 		usbhid->retry_delay = 0;
293 		if (!test_bit(HID_OPENED, &usbhid->iofl))
294 			break;
295 		usbhid_mark_busy(usbhid);
296 		if (test_bit(HID_RESUME_RUNNING, &usbhid->iofl)) {
297 			if (ktime_before(ktime_get_coarse(),
298 					 usbhid->input_start_time))
299 				break;
300 			clear_bit(HID_RESUME_RUNNING, &usbhid->iofl);
301 		}
302 		hid_input_report(urb->context, HID_INPUT_REPORT,
303 				 urb->transfer_buffer, urb->actual_length, 1);
304 		/*
305 		 * autosuspend refused while keys are pressed
306 		 * because most keyboards don't wake up when
307 		 * a key is released
308 		 */
309 		if (hid_check_keys_pressed(hid))
310 			set_bit(HID_KEYS_PRESSED, &usbhid->iofl);
311 		else
312 			clear_bit(HID_KEYS_PRESSED, &usbhid->iofl);
313 		break;
314 	case -EPIPE:		/* stall */
315 		usbhid_mark_busy(usbhid);
316 		clear_bit(HID_IN_RUNNING, &usbhid->iofl);
317 		set_bit(HID_CLEAR_HALT, &usbhid->iofl);
318 		schedule_work(&usbhid->reset_work);
319 		return;
320 	case -ECONNRESET:	/* unlink */
321 	case -ENOENT:
322 	case -ESHUTDOWN:	/* unplug */
323 		clear_bit(HID_IN_RUNNING, &usbhid->iofl);
324 		return;
325 	case -EILSEQ:		/* protocol error or unplug */
326 	case -EPROTO:		/* protocol error or unplug */
327 	case -ETIME:		/* protocol error or unplug */
328 	case -ETIMEDOUT:	/* Should never happen, but... */
329 		usbhid_mark_busy(usbhid);
330 		clear_bit(HID_IN_RUNNING, &usbhid->iofl);
331 		hid_io_error(hid);
332 		return;
333 	default:		/* error */
334 		hid_warn(urb->dev, "input irq status %d received\n",
335 			 urb->status);
336 	}
337 
338 	status = usb_submit_urb(urb, GFP_ATOMIC);
339 	if (status) {
340 		clear_bit(HID_IN_RUNNING, &usbhid->iofl);
341 		if (status != -EPERM) {
342 			hid_err(hid, "can't resubmit intr, %s-%s/input%d, status %d\n",
343 				hid_to_usb_dev(hid)->bus->bus_name,
344 				hid_to_usb_dev(hid)->devpath,
345 				usbhid->ifnum, status);
346 			hid_io_error(hid);
347 		}
348 	}
349 }
350 
351 static int hid_submit_out(struct hid_device *hid)
352 {
353 	struct hid_report *report;
354 	char *raw_report;
355 	struct usbhid_device *usbhid = hid->driver_data;
356 	int r;
357 
358 	report = usbhid->out[usbhid->outtail].report;
359 	raw_report = usbhid->out[usbhid->outtail].raw_report;
360 
361 	usbhid->urbout->transfer_buffer_length = hid_report_len(report);
362 	usbhid->urbout->dev = hid_to_usb_dev(hid);
363 	if (raw_report) {
364 		memcpy(usbhid->outbuf, raw_report,
365 				usbhid->urbout->transfer_buffer_length);
366 		kfree(raw_report);
367 		usbhid->out[usbhid->outtail].raw_report = NULL;
368 	}
369 
370 	dbg_hid("submitting out urb\n");
371 
372 	r = usb_submit_urb(usbhid->urbout, GFP_ATOMIC);
373 	if (r < 0) {
374 		hid_err(hid, "usb_submit_urb(out) failed: %d\n", r);
375 		return r;
376 	}
377 	usbhid->last_out = jiffies;
378 	return 0;
379 }
380 
381 static int hid_submit_ctrl(struct hid_device *hid)
382 {
383 	struct hid_report *report;
384 	unsigned char dir;
385 	char *raw_report;
386 	int len, r;
387 	struct usbhid_device *usbhid = hid->driver_data;
388 
389 	report = usbhid->ctrl[usbhid->ctrltail].report;
390 	raw_report = usbhid->ctrl[usbhid->ctrltail].raw_report;
391 	dir = usbhid->ctrl[usbhid->ctrltail].dir;
392 
393 	len = ((report->size - 1) >> 3) + 1 + (report->id > 0);
394 	if (dir == USB_DIR_OUT) {
395 		usbhid->urbctrl->pipe = usb_sndctrlpipe(hid_to_usb_dev(hid), 0);
396 		usbhid->urbctrl->transfer_buffer_length = len;
397 		if (raw_report) {
398 			memcpy(usbhid->ctrlbuf, raw_report, len);
399 			kfree(raw_report);
400 			usbhid->ctrl[usbhid->ctrltail].raw_report = NULL;
401 		}
402 	} else {
403 		int maxpacket, padlen;
404 
405 		usbhid->urbctrl->pipe = usb_rcvctrlpipe(hid_to_usb_dev(hid), 0);
406 		maxpacket = usb_maxpacket(hid_to_usb_dev(hid),
407 					  usbhid->urbctrl->pipe, 0);
408 		if (maxpacket > 0) {
409 			padlen = DIV_ROUND_UP(len, maxpacket);
410 			padlen *= maxpacket;
411 			if (padlen > usbhid->bufsize)
412 				padlen = usbhid->bufsize;
413 		} else
414 			padlen = 0;
415 		usbhid->urbctrl->transfer_buffer_length = padlen;
416 	}
417 	usbhid->urbctrl->dev = hid_to_usb_dev(hid);
418 
419 	usbhid->cr->bRequestType = USB_TYPE_CLASS | USB_RECIP_INTERFACE | dir;
420 	usbhid->cr->bRequest = (dir == USB_DIR_OUT) ? HID_REQ_SET_REPORT :
421 						      HID_REQ_GET_REPORT;
422 	usbhid->cr->wValue = cpu_to_le16(((report->type + 1) << 8) |
423 					 report->id);
424 	usbhid->cr->wIndex = cpu_to_le16(usbhid->ifnum);
425 	usbhid->cr->wLength = cpu_to_le16(len);
426 
427 	dbg_hid("submitting ctrl urb: %s wValue=0x%04x wIndex=0x%04x wLength=%u\n",
428 		usbhid->cr->bRequest == HID_REQ_SET_REPORT ? "Set_Report" :
429 							     "Get_Report",
430 		usbhid->cr->wValue, usbhid->cr->wIndex, usbhid->cr->wLength);
431 
432 	r = usb_submit_urb(usbhid->urbctrl, GFP_ATOMIC);
433 	if (r < 0) {
434 		hid_err(hid, "usb_submit_urb(ctrl) failed: %d\n", r);
435 		return r;
436 	}
437 	usbhid->last_ctrl = jiffies;
438 	return 0;
439 }
440 
441 /*
442  * Output interrupt completion handler.
443  */
444 
445 static void hid_irq_out(struct urb *urb)
446 {
447 	struct hid_device *hid = urb->context;
448 	struct usbhid_device *usbhid = hid->driver_data;
449 	unsigned long flags;
450 	int unplug = 0;
451 
452 	switch (urb->status) {
453 	case 0:			/* success */
454 		break;
455 	case -ESHUTDOWN:	/* unplug */
456 		unplug = 1;
457 	case -EILSEQ:		/* protocol error or unplug */
458 	case -EPROTO:		/* protocol error or unplug */
459 	case -ECONNRESET:	/* unlink */
460 	case -ENOENT:
461 		break;
462 	default:		/* error */
463 		hid_warn(urb->dev, "output irq status %d received\n",
464 			 urb->status);
465 	}
466 
467 	spin_lock_irqsave(&usbhid->lock, flags);
468 
469 	if (unplug) {
470 		usbhid->outtail = usbhid->outhead;
471 	} else {
472 		usbhid->outtail = (usbhid->outtail + 1) & (HID_OUTPUT_FIFO_SIZE - 1);
473 
474 		if (usbhid->outhead != usbhid->outtail &&
475 				hid_submit_out(hid) == 0) {
476 			/* Successfully submitted next urb in queue */
477 			spin_unlock_irqrestore(&usbhid->lock, flags);
478 			return;
479 		}
480 	}
481 
482 	clear_bit(HID_OUT_RUNNING, &usbhid->iofl);
483 	spin_unlock_irqrestore(&usbhid->lock, flags);
484 	usb_autopm_put_interface_async(usbhid->intf);
485 	wake_up(&usbhid->wait);
486 }
487 
488 /*
489  * Control pipe completion handler.
490  */
491 
492 static void hid_ctrl(struct urb *urb)
493 {
494 	struct hid_device *hid = urb->context;
495 	struct usbhid_device *usbhid = hid->driver_data;
496 	unsigned long flags;
497 	int unplug = 0, status = urb->status;
498 
499 	switch (status) {
500 	case 0:			/* success */
501 		if (usbhid->ctrl[usbhid->ctrltail].dir == USB_DIR_IN)
502 			hid_input_report(urb->context,
503 				usbhid->ctrl[usbhid->ctrltail].report->type,
504 				urb->transfer_buffer, urb->actual_length, 0);
505 		break;
506 	case -ESHUTDOWN:	/* unplug */
507 		unplug = 1;
508 	case -EILSEQ:		/* protocol error or unplug */
509 	case -EPROTO:		/* protocol error or unplug */
510 	case -ECONNRESET:	/* unlink */
511 	case -ENOENT:
512 	case -EPIPE:		/* report not available */
513 		break;
514 	default:		/* error */
515 		hid_warn(urb->dev, "ctrl urb status %d received\n", status);
516 	}
517 
518 	spin_lock_irqsave(&usbhid->lock, flags);
519 
520 	if (unplug) {
521 		usbhid->ctrltail = usbhid->ctrlhead;
522 	} else {
523 		usbhid->ctrltail = (usbhid->ctrltail + 1) & (HID_CONTROL_FIFO_SIZE - 1);
524 
525 		if (usbhid->ctrlhead != usbhid->ctrltail &&
526 				hid_submit_ctrl(hid) == 0) {
527 			/* Successfully submitted next urb in queue */
528 			spin_unlock_irqrestore(&usbhid->lock, flags);
529 			return;
530 		}
531 	}
532 
533 	clear_bit(HID_CTRL_RUNNING, &usbhid->iofl);
534 	spin_unlock_irqrestore(&usbhid->lock, flags);
535 	usb_autopm_put_interface_async(usbhid->intf);
536 	wake_up(&usbhid->wait);
537 }
538 
539 static void __usbhid_submit_report(struct hid_device *hid, struct hid_report *report,
540 				   unsigned char dir)
541 {
542 	int head;
543 	struct usbhid_device *usbhid = hid->driver_data;
544 
545 	if (((hid->quirks & HID_QUIRK_NOGET) && dir == USB_DIR_IN) ||
546 		test_bit(HID_DISCONNECTED, &usbhid->iofl))
547 		return;
548 
549 	if (usbhid->urbout && dir == USB_DIR_OUT && report->type == HID_OUTPUT_REPORT) {
550 		if ((head = (usbhid->outhead + 1) & (HID_OUTPUT_FIFO_SIZE - 1)) == usbhid->outtail) {
551 			hid_warn(hid, "output queue full\n");
552 			return;
553 		}
554 
555 		usbhid->out[usbhid->outhead].raw_report = hid_alloc_report_buf(report, GFP_ATOMIC);
556 		if (!usbhid->out[usbhid->outhead].raw_report) {
557 			hid_warn(hid, "output queueing failed\n");
558 			return;
559 		}
560 		hid_output_report(report, usbhid->out[usbhid->outhead].raw_report);
561 		usbhid->out[usbhid->outhead].report = report;
562 		usbhid->outhead = head;
563 
564 		/* If the queue isn't running, restart it */
565 		if (!test_bit(HID_OUT_RUNNING, &usbhid->iofl)) {
566 			usbhid_restart_out_queue(usbhid);
567 
568 		/* Otherwise see if an earlier request has timed out */
569 		} else if (time_after(jiffies, usbhid->last_out + HZ * 5)) {
570 
571 			/* Prevent autosuspend following the unlink */
572 			usb_autopm_get_interface_no_resume(usbhid->intf);
573 
574 			/*
575 			 * Prevent resubmission in case the URB completes
576 			 * before we can unlink it.  We don't want to cancel
577 			 * the wrong transfer!
578 			 */
579 			usb_block_urb(usbhid->urbout);
580 
581 			/* Drop lock to avoid deadlock if the callback runs */
582 			spin_unlock(&usbhid->lock);
583 
584 			usb_unlink_urb(usbhid->urbout);
585 			spin_lock(&usbhid->lock);
586 			usb_unblock_urb(usbhid->urbout);
587 
588 			/* Unlink might have stopped the queue */
589 			if (!test_bit(HID_OUT_RUNNING, &usbhid->iofl))
590 				usbhid_restart_out_queue(usbhid);
591 
592 			/* Now we can allow autosuspend again */
593 			usb_autopm_put_interface_async(usbhid->intf);
594 		}
595 		return;
596 	}
597 
598 	if ((head = (usbhid->ctrlhead + 1) & (HID_CONTROL_FIFO_SIZE - 1)) == usbhid->ctrltail) {
599 		hid_warn(hid, "control queue full\n");
600 		return;
601 	}
602 
603 	if (dir == USB_DIR_OUT) {
604 		usbhid->ctrl[usbhid->ctrlhead].raw_report = hid_alloc_report_buf(report, GFP_ATOMIC);
605 		if (!usbhid->ctrl[usbhid->ctrlhead].raw_report) {
606 			hid_warn(hid, "control queueing failed\n");
607 			return;
608 		}
609 		hid_output_report(report, usbhid->ctrl[usbhid->ctrlhead].raw_report);
610 	}
611 	usbhid->ctrl[usbhid->ctrlhead].report = report;
612 	usbhid->ctrl[usbhid->ctrlhead].dir = dir;
613 	usbhid->ctrlhead = head;
614 
615 	/* If the queue isn't running, restart it */
616 	if (!test_bit(HID_CTRL_RUNNING, &usbhid->iofl)) {
617 		usbhid_restart_ctrl_queue(usbhid);
618 
619 	/* Otherwise see if an earlier request has timed out */
620 	} else if (time_after(jiffies, usbhid->last_ctrl + HZ * 5)) {
621 
622 		/* Prevent autosuspend following the unlink */
623 		usb_autopm_get_interface_no_resume(usbhid->intf);
624 
625 		/*
626 		 * Prevent resubmission in case the URB completes
627 		 * before we can unlink it.  We don't want to cancel
628 		 * the wrong transfer!
629 		 */
630 		usb_block_urb(usbhid->urbctrl);
631 
632 		/* Drop lock to avoid deadlock if the callback runs */
633 		spin_unlock(&usbhid->lock);
634 
635 		usb_unlink_urb(usbhid->urbctrl);
636 		spin_lock(&usbhid->lock);
637 		usb_unblock_urb(usbhid->urbctrl);
638 
639 		/* Unlink might have stopped the queue */
640 		if (!test_bit(HID_CTRL_RUNNING, &usbhid->iofl))
641 			usbhid_restart_ctrl_queue(usbhid);
642 
643 		/* Now we can allow autosuspend again */
644 		usb_autopm_put_interface_async(usbhid->intf);
645 	}
646 }
647 
648 static void usbhid_submit_report(struct hid_device *hid, struct hid_report *report, unsigned char dir)
649 {
650 	struct usbhid_device *usbhid = hid->driver_data;
651 	unsigned long flags;
652 
653 	spin_lock_irqsave(&usbhid->lock, flags);
654 	__usbhid_submit_report(hid, report, dir);
655 	spin_unlock_irqrestore(&usbhid->lock, flags);
656 }
657 
658 static int usbhid_wait_io(struct hid_device *hid)
659 {
660 	struct usbhid_device *usbhid = hid->driver_data;
661 
662 	if (!wait_event_timeout(usbhid->wait,
663 				(!test_bit(HID_CTRL_RUNNING, &usbhid->iofl) &&
664 				!test_bit(HID_OUT_RUNNING, &usbhid->iofl)),
665 					10*HZ)) {
666 		dbg_hid("timeout waiting for ctrl or out queue to clear\n");
667 		return -1;
668 	}
669 
670 	return 0;
671 }
672 
673 static int hid_set_idle(struct usb_device *dev, int ifnum, int report, int idle)
674 {
675 	return usb_control_msg(dev, usb_sndctrlpipe(dev, 0),
676 		HID_REQ_SET_IDLE, USB_TYPE_CLASS | USB_RECIP_INTERFACE, (idle << 8) | report,
677 		ifnum, NULL, 0, USB_CTRL_SET_TIMEOUT);
678 }
679 
680 static int hid_get_class_descriptor(struct usb_device *dev, int ifnum,
681 		unsigned char type, void *buf, int size)
682 {
683 	int result, retries = 4;
684 
685 	memset(buf, 0, size);
686 
687 	do {
688 		result = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0),
689 				USB_REQ_GET_DESCRIPTOR, USB_RECIP_INTERFACE | USB_DIR_IN,
690 				(type << 8), ifnum, buf, size, USB_CTRL_GET_TIMEOUT);
691 		retries--;
692 	} while (result < size && retries);
693 	return result;
694 }
695 
696 static int usbhid_open(struct hid_device *hid)
697 {
698 	struct usbhid_device *usbhid = hid->driver_data;
699 	int res;
700 
701 	mutex_lock(&usbhid->mutex);
702 
703 	set_bit(HID_OPENED, &usbhid->iofl);
704 
705 	if (hid->quirks & HID_QUIRK_ALWAYS_POLL) {
706 		res = 0;
707 		goto Done;
708 	}
709 
710 	res = usb_autopm_get_interface(usbhid->intf);
711 	/* the device must be awake to reliably request remote wakeup */
712 	if (res < 0) {
713 		clear_bit(HID_OPENED, &usbhid->iofl);
714 		res = -EIO;
715 		goto Done;
716 	}
717 
718 	usbhid->intf->needs_remote_wakeup = 1;
719 
720 	set_bit(HID_RESUME_RUNNING, &usbhid->iofl);
721 	set_bit(HID_IN_POLLING, &usbhid->iofl);
722 
723 	res = hid_start_in(hid);
724 	if (res) {
725 		if (res != -ENOSPC) {
726 			hid_io_error(hid);
727 			res = 0;
728 		} else {
729 			/* no use opening if resources are insufficient */
730 			res = -EBUSY;
731 			clear_bit(HID_OPENED, &usbhid->iofl);
732 			clear_bit(HID_IN_POLLING, &usbhid->iofl);
733 			usbhid->intf->needs_remote_wakeup = 0;
734 		}
735 	}
736 
737 	usb_autopm_put_interface(usbhid->intf);
738 
739  Done:
740 	mutex_unlock(&usbhid->mutex);
741 	return res;
742 }
743 
744 static void usbhid_close(struct hid_device *hid)
745 {
746 	struct usbhid_device *usbhid = hid->driver_data;
747 
748 	mutex_lock(&usbhid->mutex);
749 
750 	/*
751 	 * Make sure we don't restart data acquisition due to
752 	 * a resumption we no longer care about by avoiding racing
753 	 * with hid_start_in().
754 	 */
755 	spin_lock_irq(&usbhid->lock);
756 	clear_bit(HID_OPENED, &usbhid->iofl);
757 	if (!(hid->quirks & HID_QUIRK_ALWAYS_POLL))
758 		clear_bit(HID_IN_POLLING, &usbhid->iofl);
759 	spin_unlock_irq(&usbhid->lock);
760 
761 	if (!(hid->quirks & HID_QUIRK_ALWAYS_POLL)) {
762 		hid_cancel_delayed_stuff(usbhid);
763 		usb_kill_urb(usbhid->urbin);
764 		usbhid->intf->needs_remote_wakeup = 0;
765 	}
766 
767 	mutex_unlock(&usbhid->mutex);
768 }
769 
770 /*
771  * Initialize all reports
772  */
773 
774 void usbhid_init_reports(struct hid_device *hid)
775 {
776 	struct hid_report *report;
777 	struct usbhid_device *usbhid = hid->driver_data;
778 	struct hid_report_enum *report_enum;
779 	int err, ret;
780 
781 	report_enum = &hid->report_enum[HID_INPUT_REPORT];
782 	list_for_each_entry(report, &report_enum->report_list, list)
783 		usbhid_submit_report(hid, report, USB_DIR_IN);
784 
785 	report_enum = &hid->report_enum[HID_FEATURE_REPORT];
786 	list_for_each_entry(report, &report_enum->report_list, list)
787 		usbhid_submit_report(hid, report, USB_DIR_IN);
788 
789 	err = 0;
790 	ret = usbhid_wait_io(hid);
791 	while (ret) {
792 		err |= ret;
793 		if (test_bit(HID_CTRL_RUNNING, &usbhid->iofl))
794 			usb_kill_urb(usbhid->urbctrl);
795 		if (test_bit(HID_OUT_RUNNING, &usbhid->iofl))
796 			usb_kill_urb(usbhid->urbout);
797 		ret = usbhid_wait_io(hid);
798 	}
799 
800 	if (err)
801 		hid_warn(hid, "timeout initializing reports\n");
802 }
803 
804 /*
805  * Reset LEDs which BIOS might have left on. For now, just NumLock (0x01).
806  */
807 static int hid_find_field_early(struct hid_device *hid, unsigned int page,
808     unsigned int hid_code, struct hid_field **pfield)
809 {
810 	struct hid_report *report;
811 	struct hid_field *field;
812 	struct hid_usage *usage;
813 	int i, j;
814 
815 	list_for_each_entry(report, &hid->report_enum[HID_OUTPUT_REPORT].report_list, list) {
816 		for (i = 0; i < report->maxfield; i++) {
817 			field = report->field[i];
818 			for (j = 0; j < field->maxusage; j++) {
819 				usage = &field->usage[j];
820 				if ((usage->hid & HID_USAGE_PAGE) == page &&
821 				    (usage->hid & 0xFFFF) == hid_code) {
822 					*pfield = field;
823 					return j;
824 				}
825 			}
826 		}
827 	}
828 	return -1;
829 }
830 
831 static void usbhid_set_leds(struct hid_device *hid)
832 {
833 	struct hid_field *field;
834 	int offset;
835 
836 	if ((offset = hid_find_field_early(hid, HID_UP_LED, 0x01, &field)) != -1) {
837 		hid_set_field(field, offset, 0);
838 		usbhid_submit_report(hid, field->report, USB_DIR_OUT);
839 	}
840 }
841 
842 /*
843  * Traverse the supplied list of reports and find the longest
844  */
845 static void hid_find_max_report(struct hid_device *hid, unsigned int type,
846 		unsigned int *max)
847 {
848 	struct hid_report *report;
849 	unsigned int size;
850 
851 	list_for_each_entry(report, &hid->report_enum[type].report_list, list) {
852 		size = ((report->size - 1) >> 3) + 1 + hid->report_enum[type].numbered;
853 		if (*max < size)
854 			*max = size;
855 	}
856 }
857 
858 static int hid_alloc_buffers(struct usb_device *dev, struct hid_device *hid)
859 {
860 	struct usbhid_device *usbhid = hid->driver_data;
861 
862 	usbhid->inbuf = usb_alloc_coherent(dev, usbhid->bufsize, GFP_KERNEL,
863 			&usbhid->inbuf_dma);
864 	usbhid->outbuf = usb_alloc_coherent(dev, usbhid->bufsize, GFP_KERNEL,
865 			&usbhid->outbuf_dma);
866 	usbhid->cr = kmalloc(sizeof(*usbhid->cr), GFP_KERNEL);
867 	usbhid->ctrlbuf = usb_alloc_coherent(dev, usbhid->bufsize, GFP_KERNEL,
868 			&usbhid->ctrlbuf_dma);
869 	if (!usbhid->inbuf || !usbhid->outbuf || !usbhid->cr ||
870 			!usbhid->ctrlbuf)
871 		return -1;
872 
873 	return 0;
874 }
875 
876 static int usbhid_get_raw_report(struct hid_device *hid,
877 		unsigned char report_number, __u8 *buf, size_t count,
878 		unsigned char report_type)
879 {
880 	struct usbhid_device *usbhid = hid->driver_data;
881 	struct usb_device *dev = hid_to_usb_dev(hid);
882 	struct usb_interface *intf = usbhid->intf;
883 	struct usb_host_interface *interface = intf->cur_altsetting;
884 	int skipped_report_id = 0;
885 	int ret;
886 
887 	/* Byte 0 is the report number. Report data starts at byte 1.*/
888 	buf[0] = report_number;
889 	if (report_number == 0x0) {
890 		/* Offset the return buffer by 1, so that the report ID
891 		   will remain in byte 0. */
892 		buf++;
893 		count--;
894 		skipped_report_id = 1;
895 	}
896 	ret = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0),
897 		HID_REQ_GET_REPORT,
898 		USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
899 		((report_type + 1) << 8) | report_number,
900 		interface->desc.bInterfaceNumber, buf, count,
901 		USB_CTRL_SET_TIMEOUT);
902 
903 	/* count also the report id */
904 	if (ret > 0 && skipped_report_id)
905 		ret++;
906 
907 	return ret;
908 }
909 
910 static int usbhid_set_raw_report(struct hid_device *hid, unsigned int reportnum,
911 				 __u8 *buf, size_t count, unsigned char rtype)
912 {
913 	struct usbhid_device *usbhid = hid->driver_data;
914 	struct usb_device *dev = hid_to_usb_dev(hid);
915 	struct usb_interface *intf = usbhid->intf;
916 	struct usb_host_interface *interface = intf->cur_altsetting;
917 	int ret, skipped_report_id = 0;
918 
919 	/* Byte 0 is the report number. Report data starts at byte 1.*/
920 	if ((rtype == HID_OUTPUT_REPORT) &&
921 	    (hid->quirks & HID_QUIRK_SKIP_OUTPUT_REPORT_ID))
922 		buf[0] = 0;
923 	else
924 		buf[0] = reportnum;
925 
926 	if (buf[0] == 0x0) {
927 		/* Don't send the Report ID */
928 		buf++;
929 		count--;
930 		skipped_report_id = 1;
931 	}
932 
933 	ret = usb_control_msg(dev, usb_sndctrlpipe(dev, 0),
934 			HID_REQ_SET_REPORT,
935 			USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
936 			((rtype + 1) << 8) | reportnum,
937 			interface->desc.bInterfaceNumber, buf, count,
938 			USB_CTRL_SET_TIMEOUT);
939 	/* count also the report id, if this was a numbered report. */
940 	if (ret > 0 && skipped_report_id)
941 		ret++;
942 
943 	return ret;
944 }
945 
946 static int usbhid_output_report(struct hid_device *hid, __u8 *buf, size_t count)
947 {
948 	struct usbhid_device *usbhid = hid->driver_data;
949 	struct usb_device *dev = hid_to_usb_dev(hid);
950 	int actual_length, skipped_report_id = 0, ret;
951 
952 	if (!usbhid->urbout)
953 		return -ENOSYS;
954 
955 	if (buf[0] == 0x0) {
956 		/* Don't send the Report ID */
957 		buf++;
958 		count--;
959 		skipped_report_id = 1;
960 	}
961 
962 	ret = usb_interrupt_msg(dev, usbhid->urbout->pipe,
963 				buf, count, &actual_length,
964 				USB_CTRL_SET_TIMEOUT);
965 	/* return the number of bytes transferred */
966 	if (ret == 0) {
967 		ret = actual_length;
968 		/* count also the report id */
969 		if (skipped_report_id)
970 			ret++;
971 	}
972 
973 	return ret;
974 }
975 
976 static void hid_free_buffers(struct usb_device *dev, struct hid_device *hid)
977 {
978 	struct usbhid_device *usbhid = hid->driver_data;
979 
980 	usb_free_coherent(dev, usbhid->bufsize, usbhid->inbuf, usbhid->inbuf_dma);
981 	usb_free_coherent(dev, usbhid->bufsize, usbhid->outbuf, usbhid->outbuf_dma);
982 	kfree(usbhid->cr);
983 	usb_free_coherent(dev, usbhid->bufsize, usbhid->ctrlbuf, usbhid->ctrlbuf_dma);
984 }
985 
986 static int usbhid_parse(struct hid_device *hid)
987 {
988 	struct usb_interface *intf = to_usb_interface(hid->dev.parent);
989 	struct usb_host_interface *interface = intf->cur_altsetting;
990 	struct usb_device *dev = interface_to_usbdev (intf);
991 	struct hid_descriptor *hdesc;
992 	u32 quirks = 0;
993 	unsigned int rsize = 0;
994 	char *rdesc;
995 	int ret, n;
996 	int num_descriptors;
997 	size_t offset = offsetof(struct hid_descriptor, desc);
998 
999 	quirks = hid_lookup_quirk(hid);
1000 
1001 	if (quirks & HID_QUIRK_IGNORE)
1002 		return -ENODEV;
1003 
1004 	/* Many keyboards and mice don't like to be polled for reports,
1005 	 * so we will always set the HID_QUIRK_NOGET flag for them. */
1006 	if (interface->desc.bInterfaceSubClass == USB_INTERFACE_SUBCLASS_BOOT) {
1007 		if (interface->desc.bInterfaceProtocol == USB_INTERFACE_PROTOCOL_KEYBOARD ||
1008 			interface->desc.bInterfaceProtocol == USB_INTERFACE_PROTOCOL_MOUSE)
1009 				quirks |= HID_QUIRK_NOGET;
1010 	}
1011 
1012 	if (usb_get_extra_descriptor(interface, HID_DT_HID, &hdesc) &&
1013 	    (!interface->desc.bNumEndpoints ||
1014 	     usb_get_extra_descriptor(&interface->endpoint[0], HID_DT_HID, &hdesc))) {
1015 		dbg_hid("class descriptor not present\n");
1016 		return -ENODEV;
1017 	}
1018 
1019 	if (hdesc->bLength < sizeof(struct hid_descriptor)) {
1020 		dbg_hid("hid descriptor is too short\n");
1021 		return -EINVAL;
1022 	}
1023 
1024 	hid->version = le16_to_cpu(hdesc->bcdHID);
1025 	hid->country = hdesc->bCountryCode;
1026 
1027 	num_descriptors = min_t(int, hdesc->bNumDescriptors,
1028 	       (hdesc->bLength - offset) / sizeof(struct hid_class_descriptor));
1029 
1030 	for (n = 0; n < num_descriptors; n++)
1031 		if (hdesc->desc[n].bDescriptorType == HID_DT_REPORT)
1032 			rsize = le16_to_cpu(hdesc->desc[n].wDescriptorLength);
1033 
1034 	if (!rsize || rsize > HID_MAX_DESCRIPTOR_SIZE) {
1035 		dbg_hid("weird size of report descriptor (%u)\n", rsize);
1036 		return -EINVAL;
1037 	}
1038 
1039 	rdesc = kmalloc(rsize, GFP_KERNEL);
1040 	if (!rdesc)
1041 		return -ENOMEM;
1042 
1043 	hid_set_idle(dev, interface->desc.bInterfaceNumber, 0, 0);
1044 
1045 	ret = hid_get_class_descriptor(dev, interface->desc.bInterfaceNumber,
1046 			HID_DT_REPORT, rdesc, rsize);
1047 	if (ret < 0) {
1048 		dbg_hid("reading report descriptor failed\n");
1049 		kfree(rdesc);
1050 		goto err;
1051 	}
1052 
1053 	ret = hid_parse_report(hid, rdesc, rsize);
1054 	kfree(rdesc);
1055 	if (ret) {
1056 		dbg_hid("parsing report descriptor failed\n");
1057 		goto err;
1058 	}
1059 
1060 	hid->quirks |= quirks;
1061 
1062 	return 0;
1063 err:
1064 	return ret;
1065 }
1066 
1067 static int usbhid_start(struct hid_device *hid)
1068 {
1069 	struct usb_interface *intf = to_usb_interface(hid->dev.parent);
1070 	struct usb_host_interface *interface = intf->cur_altsetting;
1071 	struct usb_device *dev = interface_to_usbdev(intf);
1072 	struct usbhid_device *usbhid = hid->driver_data;
1073 	unsigned int n, insize = 0;
1074 	int ret;
1075 
1076 	mutex_lock(&usbhid->mutex);
1077 
1078 	clear_bit(HID_DISCONNECTED, &usbhid->iofl);
1079 
1080 	usbhid->bufsize = HID_MIN_BUFFER_SIZE;
1081 	hid_find_max_report(hid, HID_INPUT_REPORT, &usbhid->bufsize);
1082 	hid_find_max_report(hid, HID_OUTPUT_REPORT, &usbhid->bufsize);
1083 	hid_find_max_report(hid, HID_FEATURE_REPORT, &usbhid->bufsize);
1084 
1085 	if (usbhid->bufsize > HID_MAX_BUFFER_SIZE)
1086 		usbhid->bufsize = HID_MAX_BUFFER_SIZE;
1087 
1088 	hid_find_max_report(hid, HID_INPUT_REPORT, &insize);
1089 
1090 	if (insize > HID_MAX_BUFFER_SIZE)
1091 		insize = HID_MAX_BUFFER_SIZE;
1092 
1093 	if (hid_alloc_buffers(dev, hid)) {
1094 		ret = -ENOMEM;
1095 		goto fail;
1096 	}
1097 
1098 	for (n = 0; n < interface->desc.bNumEndpoints; n++) {
1099 		struct usb_endpoint_descriptor *endpoint;
1100 		int pipe;
1101 		int interval;
1102 
1103 		endpoint = &interface->endpoint[n].desc;
1104 		if (!usb_endpoint_xfer_int(endpoint))
1105 			continue;
1106 
1107 		interval = endpoint->bInterval;
1108 
1109 		/* Some vendors give fullspeed interval on highspeed devides */
1110 		if (hid->quirks & HID_QUIRK_FULLSPEED_INTERVAL &&
1111 		    dev->speed == USB_SPEED_HIGH) {
1112 			interval = fls(endpoint->bInterval*8);
1113 			pr_info("%s: Fixing fullspeed to highspeed interval: %d -> %d\n",
1114 				hid->name, endpoint->bInterval, interval);
1115 		}
1116 
1117 		/* Change the polling interval of mice, joysticks
1118 		 * and keyboards.
1119 		 */
1120 		switch (hid->collection->usage) {
1121 		case HID_GD_MOUSE:
1122 			if (hid_mousepoll_interval > 0)
1123 				interval = hid_mousepoll_interval;
1124 			break;
1125 		case HID_GD_JOYSTICK:
1126 			if (hid_jspoll_interval > 0)
1127 				interval = hid_jspoll_interval;
1128 			break;
1129 		case HID_GD_KEYBOARD:
1130 			if (hid_kbpoll_interval > 0)
1131 				interval = hid_kbpoll_interval;
1132 			break;
1133 		}
1134 
1135 		ret = -ENOMEM;
1136 		if (usb_endpoint_dir_in(endpoint)) {
1137 			if (usbhid->urbin)
1138 				continue;
1139 			if (!(usbhid->urbin = usb_alloc_urb(0, GFP_KERNEL)))
1140 				goto fail;
1141 			pipe = usb_rcvintpipe(dev, endpoint->bEndpointAddress);
1142 			usb_fill_int_urb(usbhid->urbin, dev, pipe, usbhid->inbuf, insize,
1143 					 hid_irq_in, hid, interval);
1144 			usbhid->urbin->transfer_dma = usbhid->inbuf_dma;
1145 			usbhid->urbin->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
1146 		} else {
1147 			if (usbhid->urbout)
1148 				continue;
1149 			if (!(usbhid->urbout = usb_alloc_urb(0, GFP_KERNEL)))
1150 				goto fail;
1151 			pipe = usb_sndintpipe(dev, endpoint->bEndpointAddress);
1152 			usb_fill_int_urb(usbhid->urbout, dev, pipe, usbhid->outbuf, 0,
1153 					 hid_irq_out, hid, interval);
1154 			usbhid->urbout->transfer_dma = usbhid->outbuf_dma;
1155 			usbhid->urbout->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
1156 		}
1157 	}
1158 
1159 	usbhid->urbctrl = usb_alloc_urb(0, GFP_KERNEL);
1160 	if (!usbhid->urbctrl) {
1161 		ret = -ENOMEM;
1162 		goto fail;
1163 	}
1164 
1165 	usb_fill_control_urb(usbhid->urbctrl, dev, 0, (void *) usbhid->cr,
1166 			     usbhid->ctrlbuf, 1, hid_ctrl, hid);
1167 	usbhid->urbctrl->transfer_dma = usbhid->ctrlbuf_dma;
1168 	usbhid->urbctrl->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
1169 
1170 	set_bit(HID_STARTED, &usbhid->iofl);
1171 
1172 	if (hid->quirks & HID_QUIRK_ALWAYS_POLL) {
1173 		ret = usb_autopm_get_interface(usbhid->intf);
1174 		if (ret)
1175 			goto fail;
1176 		set_bit(HID_IN_POLLING, &usbhid->iofl);
1177 		usbhid->intf->needs_remote_wakeup = 1;
1178 		ret = hid_start_in(hid);
1179 		if (ret) {
1180 			dev_err(&hid->dev,
1181 				"failed to start in urb: %d\n", ret);
1182 		}
1183 		usb_autopm_put_interface(usbhid->intf);
1184 	}
1185 
1186 	/* Some keyboards don't work until their LEDs have been set.
1187 	 * Since BIOSes do set the LEDs, it must be safe for any device
1188 	 * that supports the keyboard boot protocol.
1189 	 * In addition, enable remote wakeup by default for all keyboard
1190 	 * devices supporting the boot protocol.
1191 	 */
1192 	if (interface->desc.bInterfaceSubClass == USB_INTERFACE_SUBCLASS_BOOT &&
1193 			interface->desc.bInterfaceProtocol ==
1194 				USB_INTERFACE_PROTOCOL_KEYBOARD) {
1195 		usbhid_set_leds(hid);
1196 		device_set_wakeup_enable(&dev->dev, 1);
1197 	}
1198 
1199 	mutex_unlock(&usbhid->mutex);
1200 	return 0;
1201 
1202 fail:
1203 	usb_free_urb(usbhid->urbin);
1204 	usb_free_urb(usbhid->urbout);
1205 	usb_free_urb(usbhid->urbctrl);
1206 	usbhid->urbin = NULL;
1207 	usbhid->urbout = NULL;
1208 	usbhid->urbctrl = NULL;
1209 	hid_free_buffers(dev, hid);
1210 	mutex_unlock(&usbhid->mutex);
1211 	return ret;
1212 }
1213 
1214 static void usbhid_stop(struct hid_device *hid)
1215 {
1216 	struct usbhid_device *usbhid = hid->driver_data;
1217 
1218 	if (WARN_ON(!usbhid))
1219 		return;
1220 
1221 	if (hid->quirks & HID_QUIRK_ALWAYS_POLL) {
1222 		clear_bit(HID_IN_POLLING, &usbhid->iofl);
1223 		usbhid->intf->needs_remote_wakeup = 0;
1224 	}
1225 
1226 	mutex_lock(&usbhid->mutex);
1227 
1228 	clear_bit(HID_STARTED, &usbhid->iofl);
1229 	spin_lock_irq(&usbhid->lock);	/* Sync with error and led handlers */
1230 	set_bit(HID_DISCONNECTED, &usbhid->iofl);
1231 	spin_unlock_irq(&usbhid->lock);
1232 	usb_kill_urb(usbhid->urbin);
1233 	usb_kill_urb(usbhid->urbout);
1234 	usb_kill_urb(usbhid->urbctrl);
1235 
1236 	hid_cancel_delayed_stuff(usbhid);
1237 
1238 	hid->claimed = 0;
1239 
1240 	usb_free_urb(usbhid->urbin);
1241 	usb_free_urb(usbhid->urbctrl);
1242 	usb_free_urb(usbhid->urbout);
1243 	usbhid->urbin = NULL; /* don't mess up next start */
1244 	usbhid->urbctrl = NULL;
1245 	usbhid->urbout = NULL;
1246 
1247 	hid_free_buffers(hid_to_usb_dev(hid), hid);
1248 
1249 	mutex_unlock(&usbhid->mutex);
1250 }
1251 
1252 static int usbhid_power(struct hid_device *hid, int lvl)
1253 {
1254 	struct usbhid_device *usbhid = hid->driver_data;
1255 	int r = 0;
1256 
1257 	switch (lvl) {
1258 	case PM_HINT_FULLON:
1259 		r = usb_autopm_get_interface(usbhid->intf);
1260 		break;
1261 
1262 	case PM_HINT_NORMAL:
1263 		usb_autopm_put_interface(usbhid->intf);
1264 		break;
1265 	}
1266 
1267 	return r;
1268 }
1269 
1270 static void usbhid_request(struct hid_device *hid, struct hid_report *rep, int reqtype)
1271 {
1272 	switch (reqtype) {
1273 	case HID_REQ_GET_REPORT:
1274 		usbhid_submit_report(hid, rep, USB_DIR_IN);
1275 		break;
1276 	case HID_REQ_SET_REPORT:
1277 		usbhid_submit_report(hid, rep, USB_DIR_OUT);
1278 		break;
1279 	}
1280 }
1281 
1282 static int usbhid_raw_request(struct hid_device *hid, unsigned char reportnum,
1283 			      __u8 *buf, size_t len, unsigned char rtype,
1284 			      int reqtype)
1285 {
1286 	switch (reqtype) {
1287 	case HID_REQ_GET_REPORT:
1288 		return usbhid_get_raw_report(hid, reportnum, buf, len, rtype);
1289 	case HID_REQ_SET_REPORT:
1290 		return usbhid_set_raw_report(hid, reportnum, buf, len, rtype);
1291 	default:
1292 		return -EIO;
1293 	}
1294 }
1295 
1296 static int usbhid_idle(struct hid_device *hid, int report, int idle,
1297 		int reqtype)
1298 {
1299 	struct usb_device *dev = hid_to_usb_dev(hid);
1300 	struct usb_interface *intf = to_usb_interface(hid->dev.parent);
1301 	struct usb_host_interface *interface = intf->cur_altsetting;
1302 	int ifnum = interface->desc.bInterfaceNumber;
1303 
1304 	if (reqtype != HID_REQ_SET_IDLE)
1305 		return -EINVAL;
1306 
1307 	return hid_set_idle(dev, ifnum, report, idle);
1308 }
1309 
1310 struct hid_ll_driver usb_hid_driver = {
1311 	.parse = usbhid_parse,
1312 	.start = usbhid_start,
1313 	.stop = usbhid_stop,
1314 	.open = usbhid_open,
1315 	.close = usbhid_close,
1316 	.power = usbhid_power,
1317 	.request = usbhid_request,
1318 	.wait = usbhid_wait_io,
1319 	.raw_request = usbhid_raw_request,
1320 	.output_report = usbhid_output_report,
1321 	.idle = usbhid_idle,
1322 };
1323 EXPORT_SYMBOL_GPL(usb_hid_driver);
1324 
1325 static int usbhid_probe(struct usb_interface *intf, const struct usb_device_id *id)
1326 {
1327 	struct usb_host_interface *interface = intf->cur_altsetting;
1328 	struct usb_device *dev = interface_to_usbdev(intf);
1329 	struct usbhid_device *usbhid;
1330 	struct hid_device *hid;
1331 	unsigned int n, has_in = 0;
1332 	size_t len;
1333 	int ret;
1334 
1335 	dbg_hid("HID probe called for ifnum %d\n",
1336 			intf->altsetting->desc.bInterfaceNumber);
1337 
1338 	for (n = 0; n < interface->desc.bNumEndpoints; n++)
1339 		if (usb_endpoint_is_int_in(&interface->endpoint[n].desc))
1340 			has_in++;
1341 	if (!has_in) {
1342 		hid_err(intf, "couldn't find an input interrupt endpoint\n");
1343 		return -ENODEV;
1344 	}
1345 
1346 	hid = hid_allocate_device();
1347 	if (IS_ERR(hid))
1348 		return PTR_ERR(hid);
1349 
1350 	usb_set_intfdata(intf, hid);
1351 	hid->ll_driver = &usb_hid_driver;
1352 	hid->ff_init = hid_pidff_init;
1353 #ifdef CONFIG_USB_HIDDEV
1354 	hid->hiddev_connect = hiddev_connect;
1355 	hid->hiddev_disconnect = hiddev_disconnect;
1356 	hid->hiddev_hid_event = hiddev_hid_event;
1357 	hid->hiddev_report_event = hiddev_report_event;
1358 #endif
1359 	hid->dev.parent = &intf->dev;
1360 	hid->bus = BUS_USB;
1361 	hid->vendor = le16_to_cpu(dev->descriptor.idVendor);
1362 	hid->product = le16_to_cpu(dev->descriptor.idProduct);
1363 	hid->version = le16_to_cpu(dev->descriptor.bcdDevice);
1364 	hid->name[0] = 0;
1365 	if (intf->cur_altsetting->desc.bInterfaceProtocol ==
1366 			USB_INTERFACE_PROTOCOL_MOUSE)
1367 		hid->type = HID_TYPE_USBMOUSE;
1368 	else if (intf->cur_altsetting->desc.bInterfaceProtocol == 0)
1369 		hid->type = HID_TYPE_USBNONE;
1370 
1371 	if (dev->manufacturer)
1372 		strlcpy(hid->name, dev->manufacturer, sizeof(hid->name));
1373 
1374 	if (dev->product) {
1375 		if (dev->manufacturer)
1376 			strlcat(hid->name, " ", sizeof(hid->name));
1377 		strlcat(hid->name, dev->product, sizeof(hid->name));
1378 	}
1379 
1380 	if (!strlen(hid->name))
1381 		snprintf(hid->name, sizeof(hid->name), "HID %04x:%04x",
1382 			 le16_to_cpu(dev->descriptor.idVendor),
1383 			 le16_to_cpu(dev->descriptor.idProduct));
1384 
1385 	usb_make_path(dev, hid->phys, sizeof(hid->phys));
1386 	strlcat(hid->phys, "/input", sizeof(hid->phys));
1387 	len = strlen(hid->phys);
1388 	if (len < sizeof(hid->phys) - 1)
1389 		snprintf(hid->phys + len, sizeof(hid->phys) - len,
1390 			 "%d", intf->altsetting[0].desc.bInterfaceNumber);
1391 
1392 	if (usb_string(dev, dev->descriptor.iSerialNumber, hid->uniq, 64) <= 0)
1393 		hid->uniq[0] = 0;
1394 
1395 	usbhid = kzalloc(sizeof(*usbhid), GFP_KERNEL);
1396 	if (usbhid == NULL) {
1397 		ret = -ENOMEM;
1398 		goto err;
1399 	}
1400 
1401 	hid->driver_data = usbhid;
1402 	usbhid->hid = hid;
1403 	usbhid->intf = intf;
1404 	usbhid->ifnum = interface->desc.bInterfaceNumber;
1405 
1406 	init_waitqueue_head(&usbhid->wait);
1407 	INIT_WORK(&usbhid->reset_work, hid_reset);
1408 	timer_setup(&usbhid->io_retry, hid_retry_timeout, 0);
1409 	spin_lock_init(&usbhid->lock);
1410 	mutex_init(&usbhid->mutex);
1411 
1412 	ret = hid_add_device(hid);
1413 	if (ret) {
1414 		if (ret != -ENODEV)
1415 			hid_err(intf, "can't add hid device: %d\n", ret);
1416 		goto err_free;
1417 	}
1418 
1419 	return 0;
1420 err_free:
1421 	kfree(usbhid);
1422 err:
1423 	hid_destroy_device(hid);
1424 	return ret;
1425 }
1426 
1427 static void usbhid_disconnect(struct usb_interface *intf)
1428 {
1429 	struct hid_device *hid = usb_get_intfdata(intf);
1430 	struct usbhid_device *usbhid;
1431 
1432 	if (WARN_ON(!hid))
1433 		return;
1434 
1435 	usbhid = hid->driver_data;
1436 	spin_lock_irq(&usbhid->lock);	/* Sync with error and led handlers */
1437 	set_bit(HID_DISCONNECTED, &usbhid->iofl);
1438 	spin_unlock_irq(&usbhid->lock);
1439 	hid_destroy_device(hid);
1440 	kfree(usbhid);
1441 }
1442 
1443 static void hid_cancel_delayed_stuff(struct usbhid_device *usbhid)
1444 {
1445 	del_timer_sync(&usbhid->io_retry);
1446 	cancel_work_sync(&usbhid->reset_work);
1447 }
1448 
1449 static void hid_cease_io(struct usbhid_device *usbhid)
1450 {
1451 	del_timer_sync(&usbhid->io_retry);
1452 	usb_kill_urb(usbhid->urbin);
1453 	usb_kill_urb(usbhid->urbctrl);
1454 	usb_kill_urb(usbhid->urbout);
1455 }
1456 
1457 static void hid_restart_io(struct hid_device *hid)
1458 {
1459 	struct usbhid_device *usbhid = hid->driver_data;
1460 	int clear_halt = test_bit(HID_CLEAR_HALT, &usbhid->iofl);
1461 	int reset_pending = test_bit(HID_RESET_PENDING, &usbhid->iofl);
1462 
1463 	spin_lock_irq(&usbhid->lock);
1464 	clear_bit(HID_SUSPENDED, &usbhid->iofl);
1465 	usbhid_mark_busy(usbhid);
1466 
1467 	if (clear_halt || reset_pending)
1468 		schedule_work(&usbhid->reset_work);
1469 	usbhid->retry_delay = 0;
1470 	spin_unlock_irq(&usbhid->lock);
1471 
1472 	if (reset_pending || !test_bit(HID_STARTED, &usbhid->iofl))
1473 		return;
1474 
1475 	if (!clear_halt) {
1476 		if (hid_start_in(hid) < 0)
1477 			hid_io_error(hid);
1478 	}
1479 
1480 	spin_lock_irq(&usbhid->lock);
1481 	if (usbhid->urbout && !test_bit(HID_OUT_RUNNING, &usbhid->iofl))
1482 		usbhid_restart_out_queue(usbhid);
1483 	if (!test_bit(HID_CTRL_RUNNING, &usbhid->iofl))
1484 		usbhid_restart_ctrl_queue(usbhid);
1485 	spin_unlock_irq(&usbhid->lock);
1486 }
1487 
1488 /* Treat USB reset pretty much the same as suspend/resume */
1489 static int hid_pre_reset(struct usb_interface *intf)
1490 {
1491 	struct hid_device *hid = usb_get_intfdata(intf);
1492 	struct usbhid_device *usbhid = hid->driver_data;
1493 
1494 	spin_lock_irq(&usbhid->lock);
1495 	set_bit(HID_RESET_PENDING, &usbhid->iofl);
1496 	spin_unlock_irq(&usbhid->lock);
1497 	hid_cease_io(usbhid);
1498 
1499 	return 0;
1500 }
1501 
1502 /* Same routine used for post_reset and reset_resume */
1503 static int hid_post_reset(struct usb_interface *intf)
1504 {
1505 	struct usb_device *dev = interface_to_usbdev (intf);
1506 	struct hid_device *hid = usb_get_intfdata(intf);
1507 	struct usbhid_device *usbhid = hid->driver_data;
1508 	struct usb_host_interface *interface = intf->cur_altsetting;
1509 	int status;
1510 	char *rdesc;
1511 
1512 	/* Fetch and examine the HID report descriptor. If this
1513 	 * has changed, then rebind. Since usbcore's check of the
1514 	 * configuration descriptors passed, we already know that
1515 	 * the size of the HID report descriptor has not changed.
1516 	 */
1517 	rdesc = kmalloc(hid->dev_rsize, GFP_KERNEL);
1518 	if (!rdesc)
1519 		return -ENOMEM;
1520 
1521 	status = hid_get_class_descriptor(dev,
1522 				interface->desc.bInterfaceNumber,
1523 				HID_DT_REPORT, rdesc, hid->dev_rsize);
1524 	if (status < 0) {
1525 		dbg_hid("reading report descriptor failed (post_reset)\n");
1526 		kfree(rdesc);
1527 		return status;
1528 	}
1529 	status = memcmp(rdesc, hid->dev_rdesc, hid->dev_rsize);
1530 	kfree(rdesc);
1531 	if (status != 0) {
1532 		dbg_hid("report descriptor changed\n");
1533 		return -EPERM;
1534 	}
1535 
1536 	/* No need to do another reset or clear a halted endpoint */
1537 	spin_lock_irq(&usbhid->lock);
1538 	clear_bit(HID_RESET_PENDING, &usbhid->iofl);
1539 	clear_bit(HID_CLEAR_HALT, &usbhid->iofl);
1540 	spin_unlock_irq(&usbhid->lock);
1541 	hid_set_idle(dev, intf->cur_altsetting->desc.bInterfaceNumber, 0, 0);
1542 
1543 	hid_restart_io(hid);
1544 
1545 	return 0;
1546 }
1547 
1548 #ifdef CONFIG_PM
1549 static int hid_resume_common(struct hid_device *hid, bool driver_suspended)
1550 {
1551 	int status = 0;
1552 
1553 	hid_restart_io(hid);
1554 	if (driver_suspended && hid->driver && hid->driver->resume)
1555 		status = hid->driver->resume(hid);
1556 	return status;
1557 }
1558 
1559 static int hid_suspend(struct usb_interface *intf, pm_message_t message)
1560 {
1561 	struct hid_device *hid = usb_get_intfdata(intf);
1562 	struct usbhid_device *usbhid = hid->driver_data;
1563 	int status = 0;
1564 	bool driver_suspended = false;
1565 	unsigned int ledcount;
1566 
1567 	if (PMSG_IS_AUTO(message)) {
1568 		ledcount = hidinput_count_leds(hid);
1569 		spin_lock_irq(&usbhid->lock);	/* Sync with error handler */
1570 		if (!test_bit(HID_RESET_PENDING, &usbhid->iofl)
1571 		    && !test_bit(HID_CLEAR_HALT, &usbhid->iofl)
1572 		    && !test_bit(HID_OUT_RUNNING, &usbhid->iofl)
1573 		    && !test_bit(HID_CTRL_RUNNING, &usbhid->iofl)
1574 		    && !test_bit(HID_KEYS_PRESSED, &usbhid->iofl)
1575 		    && (!ledcount || ignoreled))
1576 		{
1577 			set_bit(HID_SUSPENDED, &usbhid->iofl);
1578 			spin_unlock_irq(&usbhid->lock);
1579 			if (hid->driver && hid->driver->suspend) {
1580 				status = hid->driver->suspend(hid, message);
1581 				if (status < 0)
1582 					goto failed;
1583 			}
1584 			driver_suspended = true;
1585 		} else {
1586 			usbhid_mark_busy(usbhid);
1587 			spin_unlock_irq(&usbhid->lock);
1588 			return -EBUSY;
1589 		}
1590 
1591 	} else {
1592 		/* TODO: resume() might need to handle suspend failure */
1593 		if (hid->driver && hid->driver->suspend)
1594 			status = hid->driver->suspend(hid, message);
1595 		driver_suspended = true;
1596 		spin_lock_irq(&usbhid->lock);
1597 		set_bit(HID_SUSPENDED, &usbhid->iofl);
1598 		spin_unlock_irq(&usbhid->lock);
1599 		if (usbhid_wait_io(hid) < 0)
1600 			status = -EIO;
1601 	}
1602 
1603 	hid_cancel_delayed_stuff(usbhid);
1604 	hid_cease_io(usbhid);
1605 
1606 	if (PMSG_IS_AUTO(message) && test_bit(HID_KEYS_PRESSED, &usbhid->iofl)) {
1607 		/* lost race against keypresses */
1608 		status = -EBUSY;
1609 		goto failed;
1610 	}
1611 	dev_dbg(&intf->dev, "suspend\n");
1612 	return status;
1613 
1614  failed:
1615 	hid_resume_common(hid, driver_suspended);
1616 	return status;
1617 }
1618 
1619 static int hid_resume(struct usb_interface *intf)
1620 {
1621 	struct hid_device *hid = usb_get_intfdata (intf);
1622 	int status;
1623 
1624 	status = hid_resume_common(hid, true);
1625 	dev_dbg(&intf->dev, "resume status %d\n", status);
1626 	return 0;
1627 }
1628 
1629 static int hid_reset_resume(struct usb_interface *intf)
1630 {
1631 	struct hid_device *hid = usb_get_intfdata(intf);
1632 	int status;
1633 
1634 	status = hid_post_reset(intf);
1635 	if (status >= 0 && hid->driver && hid->driver->reset_resume) {
1636 		int ret = hid->driver->reset_resume(hid);
1637 		if (ret < 0)
1638 			status = ret;
1639 	}
1640 	return status;
1641 }
1642 
1643 #endif /* CONFIG_PM */
1644 
1645 static const struct usb_device_id hid_usb_ids[] = {
1646 	{ .match_flags = USB_DEVICE_ID_MATCH_INT_CLASS,
1647 		.bInterfaceClass = USB_INTERFACE_CLASS_HID },
1648 	{ }						/* Terminating entry */
1649 };
1650 
1651 MODULE_DEVICE_TABLE (usb, hid_usb_ids);
1652 
1653 static struct usb_driver hid_driver = {
1654 	.name =		"usbhid",
1655 	.probe =	usbhid_probe,
1656 	.disconnect =	usbhid_disconnect,
1657 #ifdef CONFIG_PM
1658 	.suspend =	hid_suspend,
1659 	.resume =	hid_resume,
1660 	.reset_resume =	hid_reset_resume,
1661 #endif
1662 	.pre_reset =	hid_pre_reset,
1663 	.post_reset =	hid_post_reset,
1664 	.id_table =	hid_usb_ids,
1665 	.supports_autosuspend = 1,
1666 };
1667 
1668 struct usb_interface *usbhid_find_interface(int minor)
1669 {
1670 	return usb_find_interface(&hid_driver, minor);
1671 }
1672 
1673 static int __init hid_init(void)
1674 {
1675 	int retval;
1676 
1677 	retval = hid_quirks_init(quirks_param, BUS_USB, MAX_USBHID_BOOT_QUIRKS);
1678 	if (retval)
1679 		goto usbhid_quirks_init_fail;
1680 	retval = usb_register(&hid_driver);
1681 	if (retval)
1682 		goto usb_register_fail;
1683 	pr_info(KBUILD_MODNAME ": " DRIVER_DESC "\n");
1684 
1685 	return 0;
1686 usb_register_fail:
1687 	hid_quirks_exit(BUS_USB);
1688 usbhid_quirks_init_fail:
1689 	return retval;
1690 }
1691 
1692 static void __exit hid_exit(void)
1693 {
1694 	usb_deregister(&hid_driver);
1695 	hid_quirks_exit(BUS_USB);
1696 }
1697 
1698 module_init(hid_init);
1699 module_exit(hid_exit);
1700 
1701 MODULE_AUTHOR("Andreas Gal");
1702 MODULE_AUTHOR("Vojtech Pavlik");
1703 MODULE_AUTHOR("Jiri Kosina");
1704 MODULE_DESCRIPTION(DRIVER_DESC);
1705 MODULE_LICENSE("GPL");
1706