[PATCH] md: fix potential memalloc deadlock in md
[linux-2.6] / drivers / hid / hid-core.c
1 /*
2  *  HID support for Linux
3  *
4  *  Copyright (c) 1999 Andreas Gal
5  *  Copyright (c) 2000-2005 Vojtech Pavlik <vojtech@suse.cz>
6  *  Copyright (c) 2005 Michael Haboustak <mike-@cinci.rr.com> for Concept2, Inc
7  *  Copyright (c) 2006 Jiri Kosina
8  */
9
10 /*
11  * This program is free software; you can redistribute it and/or modify it
12  * under the terms of the GNU General Public License as published by the Free
13  * Software Foundation; either version 2 of the License, or (at your option)
14  * any later version.
15  */
16
17 #include <linux/module.h>
18 #include <linux/slab.h>
19 #include <linux/init.h>
20 #include <linux/kernel.h>
21 #include <linux/sched.h>
22 #include <linux/list.h>
23 #include <linux/mm.h>
24 #include <linux/smp_lock.h>
25 #include <linux/spinlock.h>
26 #include <asm/unaligned.h>
27 #include <asm/byteorder.h>
28 #include <linux/input.h>
29 #include <linux/wait.h>
30
31 #undef DEBUG
32 #undef DEBUG_DATA
33
34 #include <linux/hid.h>
35 #include <linux/hiddev.h>
36
37 /*
38  * Version Information
39  */
40
41 #define DRIVER_VERSION "v2.6"
42 #define DRIVER_AUTHOR "Andreas Gal, Vojtech Pavlik"
43 #define DRIVER_DESC "HID core driver"
44 #define DRIVER_LICENSE "GPL"
45
46 /*
47  * Register a new report for a device.
48  */
49
50 static struct hid_report *hid_register_report(struct hid_device *device, unsigned type, unsigned id)
51 {
52         struct hid_report_enum *report_enum = device->report_enum + type;
53         struct hid_report *report;
54
55         if (report_enum->report_id_hash[id])
56                 return report_enum->report_id_hash[id];
57
58         if (!(report = kzalloc(sizeof(struct hid_report), GFP_KERNEL)))
59                 return NULL;
60
61         if (id != 0)
62                 report_enum->numbered = 1;
63
64         report->id = id;
65         report->type = type;
66         report->size = 0;
67         report->device = device;
68         report_enum->report_id_hash[id] = report;
69
70         list_add_tail(&report->list, &report_enum->report_list);
71
72         return report;
73 }
74
75 /*
76  * Register a new field for this report.
77  */
78
79 static struct hid_field *hid_register_field(struct hid_report *report, unsigned usages, unsigned values)
80 {
81         struct hid_field *field;
82
83         if (report->maxfield == HID_MAX_FIELDS) {
84                 dbg("too many fields in report");
85                 return NULL;
86         }
87
88         if (!(field = kzalloc(sizeof(struct hid_field) + usages * sizeof(struct hid_usage)
89                 + values * sizeof(unsigned), GFP_KERNEL))) return NULL;
90
91         field->index = report->maxfield++;
92         report->field[field->index] = field;
93         field->usage = (struct hid_usage *)(field + 1);
94         field->value = (unsigned *)(field->usage + usages);
95         field->report = report;
96
97         return field;
98 }
99
100 /*
101  * Open a collection. The type/usage is pushed on the stack.
102  */
103
104 static int open_collection(struct hid_parser *parser, unsigned type)
105 {
106         struct hid_collection *collection;
107         unsigned usage;
108
109         usage = parser->local.usage[0];
110
111         if (parser->collection_stack_ptr == HID_COLLECTION_STACK_SIZE) {
112                 dbg("collection stack overflow");
113                 return -1;
114         }
115
116         if (parser->device->maxcollection == parser->device->collection_size) {
117                 collection = kmalloc(sizeof(struct hid_collection) *
118                                 parser->device->collection_size * 2, GFP_KERNEL);
119                 if (collection == NULL) {
120                         dbg("failed to reallocate collection array");
121                         return -1;
122                 }
123                 memcpy(collection, parser->device->collection,
124                         sizeof(struct hid_collection) *
125                         parser->device->collection_size);
126                 memset(collection + parser->device->collection_size, 0,
127                         sizeof(struct hid_collection) *
128                         parser->device->collection_size);
129                 kfree(parser->device->collection);
130                 parser->device->collection = collection;
131                 parser->device->collection_size *= 2;
132         }
133
134         parser->collection_stack[parser->collection_stack_ptr++] =
135                 parser->device->maxcollection;
136
137         collection = parser->device->collection +
138                 parser->device->maxcollection++;
139         collection->type = type;
140         collection->usage = usage;
141         collection->level = parser->collection_stack_ptr - 1;
142
143         if (type == HID_COLLECTION_APPLICATION)
144                 parser->device->maxapplication++;
145
146         return 0;
147 }
148
149 /*
150  * Close a collection.
151  */
152
153 static int close_collection(struct hid_parser *parser)
154 {
155         if (!parser->collection_stack_ptr) {
156                 dbg("collection stack underflow");
157                 return -1;
158         }
159         parser->collection_stack_ptr--;
160         return 0;
161 }
162
163 /*
164  * Climb up the stack, search for the specified collection type
165  * and return the usage.
166  */
167
168 static unsigned hid_lookup_collection(struct hid_parser *parser, unsigned type)
169 {
170         int n;
171         for (n = parser->collection_stack_ptr - 1; n >= 0; n--)
172                 if (parser->device->collection[parser->collection_stack[n]].type == type)
173                         return parser->device->collection[parser->collection_stack[n]].usage;
174         return 0; /* we know nothing about this usage type */
175 }
176
177 /*
178  * Add a usage to the temporary parser table.
179  */
180
181 static int hid_add_usage(struct hid_parser *parser, unsigned usage)
182 {
183         if (parser->local.usage_index >= HID_MAX_USAGES) {
184                 dbg("usage index exceeded");
185                 return -1;
186         }
187         parser->local.usage[parser->local.usage_index] = usage;
188         parser->local.collection_index[parser->local.usage_index] =
189                 parser->collection_stack_ptr ?
190                 parser->collection_stack[parser->collection_stack_ptr - 1] : 0;
191         parser->local.usage_index++;
192         return 0;
193 }
194
195 /*
196  * Register a new field for this report.
197  */
198
199 static int hid_add_field(struct hid_parser *parser, unsigned report_type, unsigned flags)
200 {
201         struct hid_report *report;
202         struct hid_field *field;
203         int usages;
204         unsigned offset;
205         int i;
206
207         if (!(report = hid_register_report(parser->device, report_type, parser->global.report_id))) {
208                 dbg("hid_register_report failed");
209                 return -1;
210         }
211
212         if (parser->global.logical_maximum < parser->global.logical_minimum) {
213                 dbg("logical range invalid %d %d", parser->global.logical_minimum, parser->global.logical_maximum);
214                 return -1;
215         }
216
217         offset = report->size;
218         report->size += parser->global.report_size * parser->global.report_count;
219
220         if (!parser->local.usage_index) /* Ignore padding fields */
221                 return 0;
222
223         usages = max_t(int, parser->local.usage_index, parser->global.report_count);
224
225         if ((field = hid_register_field(report, usages, parser->global.report_count)) == NULL)
226                 return 0;
227
228         field->physical = hid_lookup_collection(parser, HID_COLLECTION_PHYSICAL);
229         field->logical = hid_lookup_collection(parser, HID_COLLECTION_LOGICAL);
230         field->application = hid_lookup_collection(parser, HID_COLLECTION_APPLICATION);
231
232         for (i = 0; i < usages; i++) {
233                 int j = i;
234                 /* Duplicate the last usage we parsed if we have excess values */
235                 if (i >= parser->local.usage_index)
236                         j = parser->local.usage_index - 1;
237                 field->usage[i].hid = parser->local.usage[j];
238                 field->usage[i].collection_index =
239                         parser->local.collection_index[j];
240         }
241
242         field->maxusage = usages;
243         field->flags = flags;
244         field->report_offset = offset;
245         field->report_type = report_type;
246         field->report_size = parser->global.report_size;
247         field->report_count = parser->global.report_count;
248         field->logical_minimum = parser->global.logical_minimum;
249         field->logical_maximum = parser->global.logical_maximum;
250         field->physical_minimum = parser->global.physical_minimum;
251         field->physical_maximum = parser->global.physical_maximum;
252         field->unit_exponent = parser->global.unit_exponent;
253         field->unit = parser->global.unit;
254
255         return 0;
256 }
257
258 /*
259  * Read data value from item.
260  */
261
262 static u32 item_udata(struct hid_item *item)
263 {
264         switch (item->size) {
265                 case 1: return item->data.u8;
266                 case 2: return item->data.u16;
267                 case 4: return item->data.u32;
268         }
269         return 0;
270 }
271
272 static s32 item_sdata(struct hid_item *item)
273 {
274         switch (item->size) {
275                 case 1: return item->data.s8;
276                 case 2: return item->data.s16;
277                 case 4: return item->data.s32;
278         }
279         return 0;
280 }
281
282 /*
283  * Process a global item.
284  */
285
286 static int hid_parser_global(struct hid_parser *parser, struct hid_item *item)
287 {
288         switch (item->tag) {
289
290                 case HID_GLOBAL_ITEM_TAG_PUSH:
291
292                         if (parser->global_stack_ptr == HID_GLOBAL_STACK_SIZE) {
293                                 dbg("global enviroment stack overflow");
294                                 return -1;
295                         }
296
297                         memcpy(parser->global_stack + parser->global_stack_ptr++,
298                                 &parser->global, sizeof(struct hid_global));
299                         return 0;
300
301                 case HID_GLOBAL_ITEM_TAG_POP:
302
303                         if (!parser->global_stack_ptr) {
304                                 dbg("global enviroment stack underflow");
305                                 return -1;
306                         }
307
308                         memcpy(&parser->global, parser->global_stack + --parser->global_stack_ptr,
309                                 sizeof(struct hid_global));
310                         return 0;
311
312                 case HID_GLOBAL_ITEM_TAG_USAGE_PAGE:
313                         parser->global.usage_page = item_udata(item);
314                         return 0;
315
316                 case HID_GLOBAL_ITEM_TAG_LOGICAL_MINIMUM:
317                         parser->global.logical_minimum = item_sdata(item);
318                         return 0;
319
320                 case HID_GLOBAL_ITEM_TAG_LOGICAL_MAXIMUM:
321                         if (parser->global.logical_minimum < 0)
322                                 parser->global.logical_maximum = item_sdata(item);
323                         else
324                                 parser->global.logical_maximum = item_udata(item);
325                         return 0;
326
327                 case HID_GLOBAL_ITEM_TAG_PHYSICAL_MINIMUM:
328                         parser->global.physical_minimum = item_sdata(item);
329                         return 0;
330
331                 case HID_GLOBAL_ITEM_TAG_PHYSICAL_MAXIMUM:
332                         if (parser->global.physical_minimum < 0)
333                                 parser->global.physical_maximum = item_sdata(item);
334                         else
335                                 parser->global.physical_maximum = item_udata(item);
336                         return 0;
337
338                 case HID_GLOBAL_ITEM_TAG_UNIT_EXPONENT:
339                         parser->global.unit_exponent = item_sdata(item);
340                         return 0;
341
342                 case HID_GLOBAL_ITEM_TAG_UNIT:
343                         parser->global.unit = item_udata(item);
344                         return 0;
345
346                 case HID_GLOBAL_ITEM_TAG_REPORT_SIZE:
347                         if ((parser->global.report_size = item_udata(item)) > 32) {
348                                 dbg("invalid report_size %d", parser->global.report_size);
349                                 return -1;
350                         }
351                         return 0;
352
353                 case HID_GLOBAL_ITEM_TAG_REPORT_COUNT:
354                         if ((parser->global.report_count = item_udata(item)) > HID_MAX_USAGES) {
355                                 dbg("invalid report_count %d", parser->global.report_count);
356                                 return -1;
357                         }
358                         return 0;
359
360                 case HID_GLOBAL_ITEM_TAG_REPORT_ID:
361                         if ((parser->global.report_id = item_udata(item)) == 0) {
362                                 dbg("report_id 0 is invalid");
363                                 return -1;
364                         }
365                         return 0;
366
367                 default:
368                         dbg("unknown global tag 0x%x", item->tag);
369                         return -1;
370         }
371 }
372
373 /*
374  * Process a local item.
375  */
376
377 static int hid_parser_local(struct hid_parser *parser, struct hid_item *item)
378 {
379         __u32 data;
380         unsigned n;
381
382         if (item->size == 0) {
383                 dbg("item data expected for local item");
384                 return -1;
385         }
386
387         data = item_udata(item);
388
389         switch (item->tag) {
390
391                 case HID_LOCAL_ITEM_TAG_DELIMITER:
392
393                         if (data) {
394                                 /*
395                                  * We treat items before the first delimiter
396                                  * as global to all usage sets (branch 0).
397                                  * In the moment we process only these global
398                                  * items and the first delimiter set.
399                                  */
400                                 if (parser->local.delimiter_depth != 0) {
401                                         dbg("nested delimiters");
402                                         return -1;
403                                 }
404                                 parser->local.delimiter_depth++;
405                                 parser->local.delimiter_branch++;
406                         } else {
407                                 if (parser->local.delimiter_depth < 1) {
408                                         dbg("bogus close delimiter");
409                                         return -1;
410                                 }
411                                 parser->local.delimiter_depth--;
412                         }
413                         return 1;
414
415                 case HID_LOCAL_ITEM_TAG_USAGE:
416
417                         if (parser->local.delimiter_branch > 1) {
418                                 dbg("alternative usage ignored");
419                                 return 0;
420                         }
421
422                         if (item->size <= 2)
423                                 data = (parser->global.usage_page << 16) + data;
424
425                         return hid_add_usage(parser, data);
426
427                 case HID_LOCAL_ITEM_TAG_USAGE_MINIMUM:
428
429                         if (parser->local.delimiter_branch > 1) {
430                                 dbg("alternative usage ignored");
431                                 return 0;
432                         }
433
434                         if (item->size <= 2)
435                                 data = (parser->global.usage_page << 16) + data;
436
437                         parser->local.usage_minimum = data;
438                         return 0;
439
440                 case HID_LOCAL_ITEM_TAG_USAGE_MAXIMUM:
441
442                         if (parser->local.delimiter_branch > 1) {
443                                 dbg("alternative usage ignored");
444                                 return 0;
445                         }
446
447                         if (item->size <= 2)
448                                 data = (parser->global.usage_page << 16) + data;
449
450                         for (n = parser->local.usage_minimum; n <= data; n++)
451                                 if (hid_add_usage(parser, n)) {
452                                         dbg("hid_add_usage failed\n");
453                                         return -1;
454                                 }
455                         return 0;
456
457                 default:
458
459                         dbg("unknown local item tag 0x%x", item->tag);
460                         return 0;
461         }
462         return 0;
463 }
464
465 /*
466  * Process a main item.
467  */
468
469 static int hid_parser_main(struct hid_parser *parser, struct hid_item *item)
470 {
471         __u32 data;
472         int ret;
473
474         data = item_udata(item);
475
476         switch (item->tag) {
477                 case HID_MAIN_ITEM_TAG_BEGIN_COLLECTION:
478                         ret = open_collection(parser, data & 0xff);
479                         break;
480                 case HID_MAIN_ITEM_TAG_END_COLLECTION:
481                         ret = close_collection(parser);
482                         break;
483                 case HID_MAIN_ITEM_TAG_INPUT:
484                         ret = hid_add_field(parser, HID_INPUT_REPORT, data);
485                         break;
486                 case HID_MAIN_ITEM_TAG_OUTPUT:
487                         ret = hid_add_field(parser, HID_OUTPUT_REPORT, data);
488                         break;
489                 case HID_MAIN_ITEM_TAG_FEATURE:
490                         ret = hid_add_field(parser, HID_FEATURE_REPORT, data);
491                         break;
492                 default:
493                         dbg("unknown main item tag 0x%x", item->tag);
494                         ret = 0;
495         }
496
497         memset(&parser->local, 0, sizeof(parser->local));       /* Reset the local parser environment */
498
499         return ret;
500 }
501
502 /*
503  * Process a reserved item.
504  */
505
506 static int hid_parser_reserved(struct hid_parser *parser, struct hid_item *item)
507 {
508         dbg("reserved item type, tag 0x%x", item->tag);
509         return 0;
510 }
511
512 /*
513  * Free a report and all registered fields. The field->usage and
514  * field->value table's are allocated behind the field, so we need
515  * only to free(field) itself.
516  */
517
518 static void hid_free_report(struct hid_report *report)
519 {
520         unsigned n;
521
522         for (n = 0; n < report->maxfield; n++)
523                 kfree(report->field[n]);
524         kfree(report);
525 }
526
527 /*
528  * Free a device structure, all reports, and all fields.
529  */
530
531 void hid_free_device(struct hid_device *device)
532 {
533         unsigned i,j;
534
535         for (i = 0; i < HID_REPORT_TYPES; i++) {
536                 struct hid_report_enum *report_enum = device->report_enum + i;
537
538                 for (j = 0; j < 256; j++) {
539                         struct hid_report *report = report_enum->report_id_hash[j];
540                         if (report)
541                                 hid_free_report(report);
542                 }
543         }
544
545         kfree(device->rdesc);
546         kfree(device);
547 }
548 EXPORT_SYMBOL_GPL(hid_free_device);
549
550 /*
551  * Fetch a report description item from the data stream. We support long
552  * items, though they are not used yet.
553  */
554
555 static u8 *fetch_item(__u8 *start, __u8 *end, struct hid_item *item)
556 {
557         u8 b;
558
559         if ((end - start) <= 0)
560                 return NULL;
561
562         b = *start++;
563
564         item->type = (b >> 2) & 3;
565         item->tag  = (b >> 4) & 15;
566
567         if (item->tag == HID_ITEM_TAG_LONG) {
568
569                 item->format = HID_ITEM_FORMAT_LONG;
570
571                 if ((end - start) < 2)
572                         return NULL;
573
574                 item->size = *start++;
575                 item->tag  = *start++;
576
577                 if ((end - start) < item->size)
578                         return NULL;
579
580                 item->data.longdata = start;
581                 start += item->size;
582                 return start;
583         }
584
585         item->format = HID_ITEM_FORMAT_SHORT;
586         item->size = b & 3;
587
588         switch (item->size) {
589
590                 case 0:
591                         return start;
592
593                 case 1:
594                         if ((end - start) < 1)
595                                 return NULL;
596                         item->data.u8 = *start++;
597                         return start;
598
599                 case 2:
600                         if ((end - start) < 2)
601                                 return NULL;
602                         item->data.u16 = le16_to_cpu(get_unaligned((__le16*)start));
603                         start = (__u8 *)((__le16 *)start + 1);
604                         return start;
605
606                 case 3:
607                         item->size++;
608                         if ((end - start) < 4)
609                                 return NULL;
610                         item->data.u32 = le32_to_cpu(get_unaligned((__le32*)start));
611                         start = (__u8 *)((__le32 *)start + 1);
612                         return start;
613         }
614
615         return NULL;
616 }
617
618 /*
619  * Parse a report description into a hid_device structure. Reports are
620  * enumerated, fields are attached to these reports.
621  */
622
623 struct hid_device *hid_parse_report(__u8 *start, unsigned size)
624 {
625         struct hid_device *device;
626         struct hid_parser *parser;
627         struct hid_item item;
628         __u8 *end;
629         unsigned i;
630         static int (*dispatch_type[])(struct hid_parser *parser,
631                                       struct hid_item *item) = {
632                 hid_parser_main,
633                 hid_parser_global,
634                 hid_parser_local,
635                 hid_parser_reserved
636         };
637
638         if (!(device = kzalloc(sizeof(struct hid_device), GFP_KERNEL)))
639                 return NULL;
640
641         if (!(device->collection = kzalloc(sizeof(struct hid_collection) *
642                                    HID_DEFAULT_NUM_COLLECTIONS, GFP_KERNEL))) {
643                 kfree(device);
644                 return NULL;
645         }
646         device->collection_size = HID_DEFAULT_NUM_COLLECTIONS;
647
648         for (i = 0; i < HID_REPORT_TYPES; i++)
649                 INIT_LIST_HEAD(&device->report_enum[i].report_list);
650
651         if (!(device->rdesc = kmalloc(size, GFP_KERNEL))) {
652                 kfree(device->collection);
653                 kfree(device);
654                 return NULL;
655         }
656         memcpy(device->rdesc, start, size);
657         device->rsize = size;
658
659         if (!(parser = kzalloc(sizeof(struct hid_parser), GFP_KERNEL))) {
660                 kfree(device->rdesc);
661                 kfree(device->collection);
662                 kfree(device);
663                 return NULL;
664         }
665         parser->device = device;
666
667         end = start + size;
668         while ((start = fetch_item(start, end, &item)) != NULL) {
669
670                 if (item.format != HID_ITEM_FORMAT_SHORT) {
671                         dbg("unexpected long global item");
672                         kfree(device->collection);
673                         hid_free_device(device);
674                         kfree(parser);
675                         return NULL;
676                 }
677
678                 if (dispatch_type[item.type](parser, &item)) {
679                         dbg("item %u %u %u %u parsing failed\n",
680                                 item.format, (unsigned)item.size, (unsigned)item.type, (unsigned)item.tag);
681                         kfree(device->collection);
682                         hid_free_device(device);
683                         kfree(parser);
684                         return NULL;
685                 }
686
687                 if (start == end) {
688                         if (parser->collection_stack_ptr) {
689                                 dbg("unbalanced collection at end of report description");
690                                 kfree(device->collection);
691                                 hid_free_device(device);
692                                 kfree(parser);
693                                 return NULL;
694                         }
695                         if (parser->local.delimiter_depth) {
696                                 dbg("unbalanced delimiter at end of report description");
697                                 kfree(device->collection);
698                                 hid_free_device(device);
699                                 kfree(parser);
700                                 return NULL;
701                         }
702                         kfree(parser);
703                         return device;
704                 }
705         }
706
707         dbg("item fetching failed at offset %d\n", (int)(end - start));
708         kfree(device->collection);
709         hid_free_device(device);
710         kfree(parser);
711         return NULL;
712 }
713 EXPORT_SYMBOL_GPL(hid_parse_report);
714
715 /*
716  * Convert a signed n-bit integer to signed 32-bit integer. Common
717  * cases are done through the compiler, the screwed things has to be
718  * done by hand.
719  */
720
721 static s32 snto32(__u32 value, unsigned n)
722 {
723         switch (n) {
724                 case 8:  return ((__s8)value);
725                 case 16: return ((__s16)value);
726                 case 32: return ((__s32)value);
727         }
728         return value & (1 << (n - 1)) ? value | (-1 << n) : value;
729 }
730
731 /*
732  * Convert a signed 32-bit integer to a signed n-bit integer.
733  */
734
735 static u32 s32ton(__s32 value, unsigned n)
736 {
737         s32 a = value >> (n - 1);
738         if (a && a != -1)
739                 return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1;
740         return value & ((1 << n) - 1);
741 }
742
743 /*
744  * Extract/implement a data field from/to a little endian report (bit array).
745  *
746  * Code sort-of follows HID spec:
747  *     http://www.usb.org/developers/devclass_docs/HID1_11.pdf
748  *
749  * While the USB HID spec allows unlimited length bit fields in "report
750  * descriptors", most devices never use more than 16 bits.
751  * One model of UPS is claimed to report "LINEV" as a 32-bit field.
752  * Search linux-kernel and linux-usb-devel archives for "hid-core extract".
753  */
754
755 static __inline__ __u32 extract(__u8 *report, unsigned offset, unsigned n)
756 {
757         u64 x;
758
759         WARN_ON(n > 32);
760
761         report += offset >> 3;  /* adjust byte index */
762         offset &= 7;            /* now only need bit offset into one byte */
763         x = get_unaligned((u64 *) report);
764         x = le64_to_cpu(x);
765         x = (x >> offset) & ((1ULL << n) - 1);  /* extract bit field */
766         return (u32) x;
767 }
768
769 /*
770  * "implement" : set bits in a little endian bit stream.
771  * Same concepts as "extract" (see comments above).
772  * The data mangled in the bit stream remains in little endian
773  * order the whole time. It make more sense to talk about
774  * endianness of register values by considering a register
775  * a "cached" copy of the little endiad bit stream.
776  */
777 static __inline__ void implement(__u8 *report, unsigned offset, unsigned n, __u32 value)
778 {
779         u64 x;
780         u64 m = (1ULL << n) - 1;
781
782         WARN_ON(n > 32);
783
784         WARN_ON(value > m);
785         value &= m;
786
787         report += offset >> 3;
788         offset &= 7;
789
790         x = get_unaligned((u64 *)report);
791         x &= cpu_to_le64(~(m << offset));
792         x |= cpu_to_le64(((u64) value) << offset);
793         put_unaligned(x, (u64 *) report);
794 }
795
796 /*
797  * Search an array for a value.
798  */
799
800 static __inline__ int search(__s32 *array, __s32 value, unsigned n)
801 {
802         while (n--) {
803                 if (*array++ == value)
804                         return 0;
805         }
806         return -1;
807 }
808
809 static void hid_process_event(struct hid_device *hid, struct hid_field *field, struct hid_usage *usage, __s32 value, int interrupt)
810 {
811         hid_dump_input(usage, value);
812         if (hid->claimed & HID_CLAIMED_INPUT)
813                 hidinput_hid_event(hid, field, usage, value);
814         if (hid->claimed & HID_CLAIMED_HIDDEV && interrupt && hid->hiddev_hid_event)
815                 hid->hiddev_hid_event(hid, field, usage, value);
816 }
817
818 /*
819  * Analyse a received field, and fetch the data from it. The field
820  * content is stored for next report processing (we do differential
821  * reporting to the layer).
822  */
823
824 void hid_input_field(struct hid_device *hid, struct hid_field *field, __u8 *data, int interrupt)
825 {
826         unsigned n;
827         unsigned count = field->report_count;
828         unsigned offset = field->report_offset;
829         unsigned size = field->report_size;
830         __s32 min = field->logical_minimum;
831         __s32 max = field->logical_maximum;
832         __s32 *value;
833
834         if (!(value = kmalloc(sizeof(__s32) * count, GFP_ATOMIC)))
835                 return;
836
837         for (n = 0; n < count; n++) {
838
839                         value[n] = min < 0 ? snto32(extract(data, offset + n * size, size), size) :
840                                                     extract(data, offset + n * size, size);
841
842                         if (!(field->flags & HID_MAIN_ITEM_VARIABLE) /* Ignore report if ErrorRollOver */
843                             && value[n] >= min && value[n] <= max
844                             && field->usage[value[n] - min].hid == HID_UP_KEYBOARD + 1)
845                                 goto exit;
846         }
847
848         for (n = 0; n < count; n++) {
849
850                 if (HID_MAIN_ITEM_VARIABLE & field->flags) {
851                         hid_process_event(hid, field, &field->usage[n], value[n], interrupt);
852                         continue;
853                 }
854
855                 if (field->value[n] >= min && field->value[n] <= max
856                         && field->usage[field->value[n] - min].hid
857                         && search(value, field->value[n], count))
858                                 hid_process_event(hid, field, &field->usage[field->value[n] - min], 0, interrupt);
859
860                 if (value[n] >= min && value[n] <= max
861                         && field->usage[value[n] - min].hid
862                         && search(field->value, value[n], count))
863                                 hid_process_event(hid, field, &field->usage[value[n] - min], 1, interrupt);
864         }
865
866         memcpy(field->value, value, count * sizeof(__s32));
867 exit:
868         kfree(value);
869 }
870 EXPORT_SYMBOL_GPL(hid_input_field);
871
872 /*
873  * Output the field into the report.
874  */
875
876 static void hid_output_field(struct hid_field *field, __u8 *data)
877 {
878         unsigned count = field->report_count;
879         unsigned offset = field->report_offset;
880         unsigned size = field->report_size;
881         unsigned n;
882
883         /* make sure the unused bits in the last byte are zeros */
884         if (count > 0 && size > 0)
885                 data[(count*size-1)/8] = 0;
886
887         for (n = 0; n < count; n++) {
888                 if (field->logical_minimum < 0) /* signed values */
889                         implement(data, offset + n * size, size, s32ton(field->value[n], size));
890                 else                            /* unsigned values */
891                         implement(data, offset + n * size, size, field->value[n]);
892         }
893 }
894
895 /*
896  * Create a report.
897  */
898
899 void hid_output_report(struct hid_report *report, __u8 *data)
900 {
901         unsigned n;
902
903         if (report->id > 0)
904                 *data++ = report->id;
905
906         for (n = 0; n < report->maxfield; n++)
907                 hid_output_field(report->field[n], data);
908 }
909 EXPORT_SYMBOL_GPL(hid_output_report);
910
911 /*
912  * Set a field value. The report this field belongs to has to be
913  * created and transferred to the device, to set this value in the
914  * device.
915  */
916
917 int hid_set_field(struct hid_field *field, unsigned offset, __s32 value)
918 {
919         unsigned size = field->report_size;
920
921         hid_dump_input(field->usage + offset, value);
922
923         if (offset >= field->report_count) {
924                 dbg("offset (%d) exceeds report_count (%d)", offset, field->report_count);
925                 hid_dump_field(field, 8);
926                 return -1;
927         }
928         if (field->logical_minimum < 0) {
929                 if (value != snto32(s32ton(value, size), size)) {
930                         dbg("value %d is out of range", value);
931                         return -1;
932                 }
933         }
934         field->value[offset] = value;
935         return 0;
936 }
937 EXPORT_SYMBOL_GPL(hid_set_field);
938
939 int hid_input_report(struct hid_device *hid, int type, u8 *data, int size, int interrupt)
940 {
941         struct hid_report_enum *report_enum = hid->report_enum + type;
942         struct hid_report *report;
943         int n, rsize;
944
945         if (!hid)
946                 return -ENODEV;
947
948         if (!size) {
949                 dbg("empty report");
950                 return -1;
951         }
952
953 #ifdef DEBUG_DATA
954         printk(KERN_DEBUG __FILE__ ": report (size %u) (%snumbered)\n", size, report_enum->numbered ? "" : "un");
955 #endif
956
957         n = 0;                          /* Normally report number is 0 */
958         if (report_enum->numbered) {    /* Device uses numbered reports, data[0] is report number */
959                 n = *data++;
960                 size--;
961         }
962
963 #ifdef DEBUG_DATA
964         {
965                 int i;
966                 printk(KERN_DEBUG __FILE__ ": report %d (size %u) = ", n, size);
967                 for (i = 0; i < size; i++)
968                         printk(" %02x", data[i]);
969                 printk("\n");
970         }
971 #endif
972
973         if (!(report = report_enum->report_id_hash[n])) {
974                 dbg("undefined report_id %d received", n);
975                 return -1;
976         }
977
978         rsize = ((report->size - 1) >> 3) + 1;
979
980         if (size < rsize) {
981                 dbg("report %d is too short, (%d < %d)", report->id, size, rsize);
982                 return -1;
983         }
984
985         if ((hid->claimed & HID_CLAIMED_HIDDEV) && hid->hiddev_report_event)
986                 hid->hiddev_report_event(hid, report);
987
988         for (n = 0; n < report->maxfield; n++)
989                 hid_input_field(hid, report->field[n], data, interrupt);
990
991         if (hid->claimed & HID_CLAIMED_INPUT)
992                 hidinput_report_event(hid, report);
993
994         return 0;
995 }
996 EXPORT_SYMBOL_GPL(hid_input_report);
997
998 MODULE_LICENSE(DRIVER_LICENSE);
999