lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20121130155650.69407e9f@endymion.delvare>
Date:	Fri, 30 Nov 2012 15:56:50 +0100
From:	Jean Delvare <khali@...ux-fr.org>
To:	Benjamin Tissoires <benjamin.tissoires@...il.com>
Cc:	Dmitry Torokhov <dmitry.torokhov@...il.com>,
	Jiri Kosina <jkosina@...e.cz>,
	Stephane Chatty <chatty@...c.fr>, fabien.andre@...il.com,
	scott.liu@....com.tw, JJ Ding <jj_ding@....com.tw>,
	Jiri Slaby <jslaby@...e.cz>,
	Shubhrajyoti Datta <omaplinuxkernel@...il.com>,
	linux-i2c@...r.kernel.org, linux-input@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] i2c-hid: introduce HID over i2c specification
 implementation

Hi Benjamin, Jiri,

Sorry for the late review. But better late than never I guess...

On Mon, 12 Nov 2012 15:42:59 +0100, Benjamin Tissoires wrote:
> Microsoft published the protocol specification of HID over i2c:
> http://msdn.microsoft.com/en-us/library/windows/hardware/hh852380.aspx
> 
> This patch introduces an implementation of this protocol.
> 
> This implementation does not includes the ACPI part of the specification.
> This will come when ACPI 5.0 devices enumeration will be available.
> 
> Once the ACPI part is done, OEM will not have to declare HID over I2C
> devices in their platform specific driver.
> 
> Signed-off-by: Benjamin Tissoires <benjamin.tissoires@...il.com>
> ---
> (..)
>  drivers/hid/Kconfig           |   2 +
>  drivers/hid/Makefile          |   1 +
>  drivers/hid/i2c-hid/Kconfig   |  21 +
>  drivers/hid/i2c-hid/Makefile  |   5 +
>  drivers/hid/i2c-hid/i2c-hid.c | 974 ++++++++++++++++++++++++++++++++++++++++++
>  include/linux/i2c/i2c-hid.h   |  35 ++
>  6 files changed, 1038 insertions(+)
>  create mode 100644 drivers/hid/i2c-hid/Kconfig
>  create mode 100644 drivers/hid/i2c-hid/Makefile
>  create mode 100644 drivers/hid/i2c-hid/i2c-hid.c
>  create mode 100644 include/linux/i2c/i2c-hid.h

Looks much better. I still have several random comments which you may
be interested in.

> (...)
> diff --git a/drivers/hid/i2c-hid/Kconfig b/drivers/hid/i2c-hid/Kconfig
> new file mode 100644
> index 0000000..5b7d4d8
> --- /dev/null
> +++ b/drivers/hid/i2c-hid/Kconfig
> @@ -0,0 +1,21 @@
> +menu "I2C HID support"
> +	depends on I2C
> +
> +config I2C_HID
> +	tristate "HID over I2C transport layer"
> +	default n
> +	depends on I2C && INPUT
> +	select HID
> +	---help---
> +	  Say Y here if you want to use the HID over i2c protocol
> +	  implementation.


s/i2c/I2C/

The USB equivalent lists a number of examples, maybe you could do the
same here so that the reader knows if he/she needs this driver.

> +
> +	  If unsure, say N.
> +
> +	  This support is also available as a module.  If so, the module
> +	  will be called i2c-hid.
> +
> +comment "Input core support is needed for HID over I2C input layer"
> +	depends on I2C_HID && INPUT=n

Given that the HID menu itself depends on INPUT, I fail to see how this
comment would ever be displayed. Same question holds for the USB
equivalent.

> +
> +endmenu
> (...)
> diff --git a/drivers/hid/i2c-hid/i2c-hid.c b/drivers/hid/i2c-hid/i2c-hid.c
> new file mode 100644
> index 0000000..11140bd
> --- /dev/null
> +++ b/drivers/hid/i2c-hid/i2c-hid.c
> (...)
> +/* flags */
> +#define I2C_HID_STARTED		(1 << 0)
> +#define I2C_HID_RESET_PENDING	(1 << 1)
> +#define I2C_HID_READ_PENDING	(1 << 2)
> +
> +#define I2C_HID_PWR_ON		0x00
> +#define I2C_HID_PWR_SLEEP	0x01
> +
> +/* debug option */
> +static bool debug = false;

Whether you like it or not, that's still an error for checkpatch:
ERROR: do not initialise statics to 0 or NULL
#240: FILE: drivers/hid/i2c-hid/i2c-hid.c:49:
+static bool debug = false;

The rationale is that the compiler can write more efficient code if
initializations to 0 or NULL are implicit.

> +module_param(debug, bool, 0444);
> +MODULE_PARM_DESC(debug, "print a lot of debug information");
> +
> +#define i2c_hid_dbg(ihid, fmt, arg...)	\
> +	if (debug)			\
> +		dev_printk(KERN_DEBUG, &(ihid)->client->dev, fmt, ##arg)

This is considered an error by checkpatch too:
ERROR: Macros with complex values should be enclosed in parenthesis
#244: FILE: drivers/hid/i2c-hid/i2c-hid.c:53:
+#define i2c_hid_dbg(ihid, fmt, arg...)	\
+	if (debug)			\
+		dev_printk(KERN_DEBUG, &(ihid)->client->dev, fmt, ##arg)

And I wouldn't disagree, as the construct above can lead to bugs which
are hard to see... Consider the following piece of code:

	if (condition)
		i2c_hid_dbg(ihid, "Blah blah %d\n", i);
	else
		do_something_very_important();

It looks correct, however with the macro definition above, this expands
to the unexpected:

	if (condition) {
		if (debug)			\
			dev_printk(KERN_DEBUG, &ihid->client->dev,
				   "Blah blah %d\n", i);
		else
			do_something_very_important();
	}

That is, the condition to call do_something_very_important() is
condition && !debug, and not !condition as the code suggests. This is
only an example and your driver doesn't currently use any such
construct. Still I believe this should be fixed.

> (...)
> +#define I2C_HID_CMD(opcode_) \
> +	.opcode = opcode_, .length = 4, \
> +	.registerIndex = offsetof(struct i2c_hid_desc, wCommandRegister)
> +
> +/* fetch HID descriptor */
> +static const struct i2c_hid_cmd hid_descr_cmd = { .length = 2 };
> +/* fetch report descriptors */
> +static const struct i2c_hid_cmd hid_report_descr_cmd = {
> +		.registerIndex = offsetof(struct i2c_hid_desc,
> +			wReportDescRegister),
> +		.opcode = 0x00,
> +		.length = 2 };
> +/* commands */
> +static const struct i2c_hid_cmd hid_reset_cmd =		{ I2C_HID_CMD(0x01),
> +							  .wait = true };
> +static const struct i2c_hid_cmd hid_get_report_cmd =	{ I2C_HID_CMD(0x02) };
> +static const struct i2c_hid_cmd hid_set_report_cmd =	{ I2C_HID_CMD(0x03) };
> +static const struct i2c_hid_cmd hid_get_idle_cmd =	{ I2C_HID_CMD(0x04) };
> +static const struct i2c_hid_cmd hid_set_idle_cmd =	{ I2C_HID_CMD(0x05) };
> +static const struct i2c_hid_cmd hid_get_protocol_cmd =	{ I2C_HID_CMD(0x06) };
> +static const struct i2c_hid_cmd hid_set_protocol_cmd =	{ I2C_HID_CMD(0x07) };

The previous four are never used.

> +static const struct i2c_hid_cmd hid_set_power_cmd =	{ I2C_HID_CMD(0x08) };
> +/* read/write data register */
> +static const struct i2c_hid_cmd hid_data_cmd = {
> +		.registerIndex = offsetof(struct i2c_hid_desc, wDataRegister),
> +		.opcode = 0x00,
> +		.length = 2 };
> +/* write output reports */
> +static const struct i2c_hid_cmd hid_out_cmd = {
> +		.registerIndex = offsetof(struct i2c_hid_desc,
> +			wOutputRegister),
> +		.opcode = 0x00,
> +		.length = 2 };

These two are never used either.

> (...)
> +static int i2c_hid_get_report(struct i2c_client *client, u8 reportType,
> +		u8 reportID, unsigned char *buf_recv, int data_len)
> +{
> +	struct i2c_hid *ihid = i2c_get_clientdata(client);
> +	u8 args[3];
> +	int ret;
> +	int args_len = 0;
> +	u16 readRegister = le16_to_cpu(ihid->hdesc.wDataRegister);
> +
> +	i2c_hid_dbg(ihid, "%s\n", __func__);
> +
> +	if (reportID >= 0x0F) {
> +		args[args_len++] = reportID;
> +		reportID = 0x0F;
> +	}
> +
> +	args[args_len++] = readRegister & 0xFF;
> +	args[args_len++] = readRegister >> 8;
> +
> +	ret = __i2c_hid_command(client, &hid_get_report_cmd, reportID,
> +		reportType, args, args_len, buf_recv, data_len);
> +	if (ret) {
> +		dev_err(&client->dev,
> +			"failed to retrieve report from device.\n");
> +		return -EINVAL;

Why don't you pass the error value from __i2c_hid_command to the
caller? -EINVAL is for invalid input parameters, which isn't the case
here.

> +	}
> +
> +	return 0;
> +}
> +
> +static int i2c_hid_set_report(struct i2c_client *client, u8 reportType,
> +		u8 reportID, unsigned char *buf, size_t data_len)
> +{
> +	struct i2c_hid *ihid = i2c_get_clientdata(client);
> +	u8 *args = ihid->argsbuf;
> +	int ret;
> +	u16 dataRegister = le16_to_cpu(ihid->hdesc.wDataRegister);
> +
> +	/* hidraw already checked that data_len < HID_MAX_BUFFER_SIZE */
> +	u16 size =	2			/* size */ +
> +			(reportID ? 1 : 0)	/* reportID */ +
> +			data_len		/* buf */;
> +	int args_len =	(reportID >= 0x0F ? 1 : 0) /* optional third byte */ +
> +			2			/* dataRegister */ +
> +			size			/* args */;
> +	int index = 0;
> +
> +	i2c_hid_dbg(ihid, "%s\n", __func__);
> +
> +	if (reportID >= 0x0F) {
> +		args[index++] = reportID;
> +		reportID = 0x0F;
> +	}
> +
> +	args[index++] = dataRegister & 0xFF;
> +	args[index++] = dataRegister >> 8;
> +
> +	args[index++] = size & 0xFF;
> +	args[index++] = size >> 8;
> +
> +	if (reportID)
> +		args[index++] = reportID;
> +
> +	memcpy(&args[index], buf, data_len);
> +
> +	ret = __i2c_hid_command(client, &hid_set_report_cmd, reportID,
> +		reportType, args, args_len, NULL, 0);
> +	if (ret) {
> +		dev_err(&client->dev, "failed to set a report to device.\n");
> +		return -EINVAL;

Same here, returning "ret" would be more informative than hard-coding
an arbitrary error code.

> +	}
> +
> +	return data_len;
> +}
> + (...)
> +static int i2c_hid_get_input(struct i2c_hid *ihid)

The caller never checks the return value. If there is nothing useful
the caller can do with the value then you should consider making
i2c_hid_get_input return void.

> +{
> +	int ret, ret_size;
> +	int size = le16_to_cpu(ihid->hdesc.wMaxInputLength);
> +
> +	ret = i2c_master_recv(ihid->client, ihid->inbuf, size);
> +	if (ret != size) {
> +		if (ret < 0)
> +			return ret;
> +
> +		dev_err(&ihid->client->dev, "%s: got %d data instead of %d\n",
> +			__func__, ret, size);
> +		return ret;

If you don't change this function to return void, you should return
-Esomething instead of ret here, so that the caller doesn't get an
unexpected positive number.

> +	}
> +
> +	ret_size = ihid->inbuf[0] | ihid->inbuf[1] << 8;
> +
> +	if (!ret_size) {
> +		/* host or device initiated RESET completed */
> +		if (test_and_clear_bit(I2C_HID_RESET_PENDING, &ihid->flags))
> +			wake_up(&ihid->wait);
> +		return 0;
> +	}
> +
> +	if (ret_size > size) {
> +		dev_err(&ihid->client->dev, "%s: incomplete report (%d/%d)\n",
> +			__func__, size, ret_size);
> +		return -EIO;
> +	}
> +
> +	i2c_hid_dbg(ihid, "input: %*ph\n", ret_size, ihid->inbuf);
> +
> +	if (test_bit(I2C_HID_STARTED, &ihid->flags))
> +		hid_input_report(ihid->hid, HID_INPUT_REPORT, ihid->inbuf + 2,
> +				ret_size - 2, 1);
> +
> +	return 0;
> +}
> +
> +static irqreturn_t i2c_hid_irq(int irq, void *dev_id)
> +{
> +	struct i2c_hid *ihid = dev_id;
> +
> +	if (test_bit(I2C_HID_READ_PENDING, &ihid->flags))
> +		return IRQ_HANDLED;
> +
> +	i2c_hid_get_input(ihid);
> +
> +	return IRQ_HANDLED;
> +}
> + (...)
> +static void i2c_hid_init_report(struct hid_report *report, u8 *buffer,
> +	size_t bufsize)
> +{
> +	struct hid_device *hid = report->device;
> +	struct i2c_client *client = hid->driver_data;
> +	struct i2c_hid *ihid = i2c_get_clientdata(client);
> +	unsigned int size, ret_size;
> +
> +	size = i2c_hid_get_report_length(report);
> +	i2c_hid_get_report(client,
> +			report->type == HID_FEATURE_REPORT ? 0x03 : 0x01,
> +			report->id, buffer, size);

This can fail.

> +
> +	i2c_hid_dbg(ihid, "report (len=%d): %*ph\n", size, size, ihid->inbuf);
> +
> +	ret_size = buffer[0] | (buffer[1] << 8);
> +
> +	if (ret_size != size) {
> +		dev_err(&client->dev, "error in %s size:%d / ret_size:%d\n",
> +			__func__, size, ret_size);
> +		return;
> +	}
> +
> +	/* hid->driver_lock is held as we are in probe function,
> +	 * we just need to setup the input fields, so using
> +	 * hid_report_raw_event is safe. */
> +	hid_report_raw_event(hid, report->type, buffer + 2, size - 2, 1);
> +}
> +
> +/*
> + * Initialize all reports
> + */
> +static void i2c_hid_init_reports(struct hid_device *hid)
> +{
> +	struct hid_report *report;
> +	struct i2c_client *client = hid->driver_data;
> +	struct i2c_hid *ihid = i2c_get_clientdata(client);
> +	u8 *inbuf = kzalloc(ihid->bufsize, GFP_KERNEL);
> +
> +	if (!inbuf)
> +		return;

No error logged, no error reported to the caller?

> +
> +	list_for_each_entry(report,
> +		&hid->report_enum[HID_INPUT_REPORT].report_list, list)
> +		i2c_hid_init_report(report, inbuf, ihid->bufsize);
> +
> +	list_for_each_entry(report,
> +		&hid->report_enum[HID_FEATURE_REPORT].report_list, list)
> +		i2c_hid_init_report(report, inbuf, ihid->bufsize);
> +
> +	kfree(inbuf);
> +}
> (...)
> +static int i2c_hid_alloc_buffers(struct i2c_hid *ihid)
> +{
> +	/* the worst case is computed from the set_report command with a
> +	 * reportID > 15 and the maximum report length */
> +	int args_len = sizeof(__u8) + /* optional ReportID byte */
> +		       sizeof(__u16) + /* data register */
> +		       sizeof(__u16) + /* size of the report */
> +		       ihid->bufsize; /* report */
> +
> +	ihid->inbuf = kzalloc(ihid->bufsize, GFP_KERNEL);
> +
> +	if (!ihid->inbuf)
> +		return -ENOMEM;
> +
> +	ihid->argsbuf = kzalloc(args_len, GFP_KERNEL);
> +
> +	if (!ihid->argsbuf) {
> +		kfree(ihid->inbuf);

If it is important to set ihid->inbuf and ihid->argsbuf back to NULL in
the error path below, then I suppose it is equally important to set
ihid->inbuf back to NULL here. BTW, I would like to suggest an easier
and more efficient way to handle this, see below.

> +		return -ENOMEM;
> +	}
> +
> +	ihid->cmdbuf = kzalloc(sizeof(union command) + args_len, GFP_KERNEL);
> +
> +	if (!ihid->cmdbuf) {
> +		kfree(ihid->inbuf);
> +		kfree(ihid->argsbuf);
> +		ihid->inbuf = NULL;
> +		ihid->argsbuf = NULL;
> +		return -ENOMEM;
> +	}
> +
> +	return 0;
> +}
> +

With proper function ordering, the above could be simplified to:

static int i2c_hid_alloc_buffers(struct i2c_hid *ihid)
{
	/* the worst case is computed from the set_report command with a
	 * reportID > 15 and the maximum report length */
	int args_len = sizeof(__u8) + /* optional ReportID byte */
		       sizeof(__u16) + /* data register */
		       sizeof(__u16) + /* size of the report */
		       ihid->bufsize; /* report */

	ihid->inbuf = kzalloc(ihid->bufsize, GFP_KERNEL);
	ihid->argsbuf = kzalloc(args_len, GFP_KERNEL);
	ihid->cmdbuf = kzalloc(sizeof(union command) + args_len, GFP_KERNEL);

	if (!ihid->inbuf || !ihid->argsbuf || !ihid->cmdbuf) {
		i2c_hid_free_buffers(hid);
		return -ENOMEM;
	}

	return 0;
}

> +static void i2c_hid_free_buffers(struct i2c_hid *ihid)
> +{
> +	kfree(ihid->inbuf);
> +	kfree(ihid->argsbuf);
> +	kfree(ihid->cmdbuf);
> +	ihid->inbuf = NULL;
> +	ihid->cmdbuf = NULL;
> +	ihid->argsbuf = NULL;
> +}
> +
> +static int i2c_hid_get_raw_report(struct hid_device *hid,
> +		unsigned char report_number, __u8 *buf, size_t count,
> +		unsigned char report_type)
> +{
> +	struct i2c_client *client = hid->driver_data;
> +	struct i2c_hid *ihid = i2c_get_clientdata(client);
> +	int ret;
> +
> +	if (report_type == HID_OUTPUT_REPORT)
> +		return -EINVAL;
> +
> +	if (count > ihid->bufsize)
> +		count = ihid->bufsize;
> +
> +	ret = i2c_hid_get_report(client,
> +			report_type == HID_FEATURE_REPORT ? 0x03 : 0x01,
> +			report_number, ihid->inbuf, count);
> +
> +	if (ret < 0)
> +		return ret;
> +
> +	count = ihid->inbuf[0] | (ihid->inbuf[1] << 8);
> +
> +	memcpy(buf, ihid->inbuf + 2, count);

What guarantee do you have that count is not larger than buf's length?
I hope you don't just count on all hardware out there being nice and
sane, do you? ;)

> +
> +	return count;
> +}
> + (...)
> +static int i2c_hid_parse(struct hid_device *hid)
> +{
> +	struct i2c_client *client = hid->driver_data;
> +	struct i2c_hid *ihid = i2c_get_clientdata(client);
> +	struct i2c_hid_desc *hdesc = &ihid->hdesc;
> +	unsigned int rsize;
> +	char *rdesc;
> +	int ret;
> +	int tries = 3;
> +
> +	i2c_hid_dbg(ihid, "entering %s\n", __func__);
> +
> +	rsize = le16_to_cpu(hdesc->wReportDescLength);
> +	if (!rsize || rsize > HID_MAX_DESCRIPTOR_SIZE) {
> +		dbg_hid("weird size of report descriptor (%u)\n", rsize);
> +		return -EINVAL;
> +	}
> +
> +	do {
> +		ret = i2c_hid_hwreset(client);
> +		if (ret)
> +			msleep(1000);
> +	} while (tries-- > 0 && ret);
> +
> +	if (ret)
> +		return ret;
> +
> +	rdesc = kzalloc(rsize, GFP_KERNEL);
> +
> +	if (!rdesc) {
> +		dbg_hid("couldn't allocate rdesc memory\n");

hid_err() would suit better IMHO.

> +		return -ENOMEM;
> +	}
> +
> +	i2c_hid_dbg(ihid, "asking HID report descriptor\n");
> +
> +	ret = i2c_hid_command(client, &hid_report_descr_cmd, rdesc, rsize);
> +	if (ret) {
> +		hid_err(hid, "reading report descriptor failed\n");
> +		kfree(rdesc);
> +		return -EIO;
> +	}
> +
> +	i2c_hid_dbg(ihid, "Report Descriptor: %*ph\n", rsize, rdesc);
> +
> +	ret = hid_parse_report(hid, rdesc, rsize);
> +	kfree(rdesc);
> +	if (ret) {
> +		dbg_hid("parsing report descriptor failed\n");

Here too, if this is an unexpected event hid_warn() or hid_err() would
be better.

> +		return ret;
> +	}
> +
> +	return 0;
> +}
> +
> +static int i2c_hid_start(struct hid_device *hid)
> +{
> +	struct i2c_client *client = hid->driver_data;
> +	struct i2c_hid *ihid = i2c_get_clientdata(client);
> +	int ret;
> +	int old_bufsize = ihid->bufsize;
> +
> +	ihid->bufsize = HID_MIN_BUFFER_SIZE;
> +	i2c_hid_find_max_report(hid, HID_INPUT_REPORT, &ihid->bufsize);
> +	i2c_hid_find_max_report(hid, HID_OUTPUT_REPORT, &ihid->bufsize);
> +	i2c_hid_find_max_report(hid, HID_FEATURE_REPORT, &ihid->bufsize);
> +
> +	if (ihid->bufsize > old_bufsize || !ihid->inbuf || !ihid->cmdbuf) {

I don't quite get this condition. As far as I can see, either all 3
buffers are allocated, or none is. A single test should tell you. If
you set ihid->bufsize to 0 on memory allocation failure, testing for
ihid->bufsize > old_bufsize should be sufficient.

> +		i2c_hid_free_buffers(ihid);
> +
> +		ret = i2c_hid_alloc_buffers(ihid);
> +
> +		if (ret) {
> +			ihid->bufsize = old_bufsize;

Not really... If we fail here, this means that all 3 buffers have been
freed, so ihid->bufsize is more like 0.

> +			return ret;
> +		}
> +	}
> +
> +	if (!(hid->quirks & HID_QUIRK_NO_INIT_REPORTS))
> +		i2c_hid_init_reports(hid);
> +
> +	return 0;
> +}
> +
> +static void i2c_hid_stop(struct hid_device *hid)
> +{
> +	struct i2c_client *client = hid->driver_data;
> +	struct i2c_hid *ihid = i2c_get_clientdata(client);
> +
> +	hid->claimed = 0;
> +
> +	i2c_hid_free_buffers(ihid);
> +}
> +
> +static int i2c_hid_open(struct hid_device *hid)
> +{
> +	struct i2c_client *client = hid->driver_data;
> +	struct i2c_hid *ihid = i2c_get_clientdata(client);
> +	int ret;
> +
> +	if (!hid->open++) {

This looks racy. The usbhid driver protects hid->open with a mutex and
I suspect you should do the same.

> +		ret = i2c_hid_set_power(client, I2C_HID_PWR_ON);
> +		if (ret) {
> +			hid->open--;
> +			return -EIO;
> +		}
> +		set_bit(I2C_HID_STARTED, &ihid->flags);
> +	}
> +	return 0;
> +}
> +
> +static void i2c_hid_close(struct hid_device *hid)
> +{
> +	struct i2c_client *client = hid->driver_data;
> +	struct i2c_hid *ihid = i2c_get_clientdata(client);
> +
> +	/* protecting hid->open to make sure we don't restart
> +	 * data acquistion due to a resumption we no longer
> +	 * care about
> +	 */
> +	if (!--hid->open) {
> +		clear_bit(I2C_HID_STARTED, &ihid->flags);
> +
> +		/* Save some power */
> +		i2c_hid_set_power(client, I2C_HID_PWR_SLEEP);
> +	}
> +}
> (...)
> +static int i2c_hid_hidinput_input_event(struct input_dev *dev,
> +		unsigned int type, unsigned int code, int value)
> +{
> +	struct hid_device *hid = input_get_drvdata(dev);
> +	struct hid_field *field;
> +	int offset;
> +
> +	if (type == EV_FF)
> +		return input_ff_event(dev, type, code, value);
> +
> +	if (type != EV_LED)
> +		return -1;
> +
> +	offset = hidinput_find_field(hid, type, code, &field);
> +
> +	if (offset == -1) {
> +		hid_warn(dev, "event field not found\n");
> +		return -1;
> +	}
> +
> +	hid_set_field(field, offset, value);
> +
> +	return 0;

hid_set_field() can fail, so maybe

	return hid_set_field(field, offset, value);

> +}
> + (...)
> +static int __devinit i2c_hid_init_irq(struct i2c_client *client)
> +{
> +	struct i2c_hid *ihid = i2c_get_clientdata(client);
> +	int ret;
> +
> +	dev_dbg(&client->dev, "Requesting IRQ: %d\n", client->irq);
> +
> +	ret = request_threaded_irq(client->irq, NULL, i2c_hid_irq,
> +			IRQF_TRIGGER_FALLING | IRQF_ONESHOT,
> +			client->name, ihid);
> +	if (ret < 0) {
> +		dev_dbg(&client->dev,
> +			"Could not register for %s interrupt, irq = %d,"
> +			" ret = %d\n",
> +		client->name, client->irq, ret);

dev_warn()? Indentation is broken too.

> +
> +		return ret;
> +	}
> +
> +	ihid->irq = client->irq;

I don't think you need this. Everywhere you use ihid->irq, you have
client at hand so you could as well use client->irq. This would avoid
inconsistencies like free_irq(ihid->irq, ihid) in probing error path
vs. free_irq(client->irq, ihid) in removal path, or
enable_irq_wake(ihid->irq) vs. disable_irq_wake(client->irq) in
suspend/resume.

> +
> +	return 0;
> +}
> +
> +static int __devinit i2c_hid_fetch_hid_descriptor(struct i2c_hid *ihid)
> +{
> +	struct i2c_client *client = ihid->client;
> +	struct i2c_hid_desc *hdesc = &ihid->hdesc;
> +	unsigned int dsize;
> +	int ret;
> +
> +	/* Fetch the length of HID description, retrieve the 4 first bytes:
> +	 * bytes 0-1 -> length
> +	 * bytes 2-3 -> bcdVersion (has to be 1.00) */
> +	ret = i2c_hid_command(client, &hid_descr_cmd, ihid->hdesc_buffer, 4);
> +
> +	i2c_hid_dbg(ihid, "%s, ihid->hdesc_buffer: %*ph\n",
> +			__func__, 4, ihid->hdesc_buffer);
> +
> +	if (ret) {
> +		dev_err(&client->dev, "HID_DESCR_LENGTH_CMD Fail (ret=%d)\n",
> +			ret);

This message is a little confusing as HID_DESCR_LENGTH_CMD no longer
exists.

> +		return -ENODEV;
> +	}
> +
> +	dsize = le16_to_cpu(hdesc->wHIDDescLength);
> +	if (!dsize || dsize > HID_MAX_DESCRIPTOR_SIZE) {
> +		dev_err(&client->dev, "weird size of HID descriptor (%u)\n",
> +			dsize);
> +		return -ENODEV;
> +	}
> +
> +	/* check bcdVersion == 1.0 */
> +	if (le16_to_cpu(hdesc->bcdVersion) != 0x0100) {
> +		dev_err(&client->dev,
> +			"unexpected HID descriptor bcdVersion (0x%04x)\n",

Should be 0x%04hx.

> +			le16_to_cpu(hdesc->bcdVersion));
> +		return -ENODEV;
> +	}
> +
> +	i2c_hid_dbg(ihid, "Fetching the HID descriptor\n");
> +
> +	ret = i2c_hid_command(client, &hid_descr_cmd, ihid->hdesc_buffer,
> +				dsize);
> +	if (ret) {
> +		dev_err(&client->dev, "hid_descr_cmd Fail\n");
> +		return -ENODEV;
> +	}
> +
> +	i2c_hid_dbg(ihid, "HID Descriptor: %*ph\n", dsize, ihid->hdesc_buffer);
> +
> +	return 0;
> +}
> +
> +static int __devinit i2c_hid_probe(struct i2c_client *client,
> +		const struct i2c_device_id *dev_id)
> +{
> +	int ret;
> +	struct i2c_hid *ihid;
> +	struct hid_device *hid;
> +	__u16 hidRegister;
> +	struct i2c_hid_platform_data *platform_data = client->dev.platform_data;
> +
> +	dbg_hid("HID probe called for i2c 0x%02x\n", client->addr);
> +
> +	if (!platform_data) {
> +		dev_err(&client->dev, "HID register address not provided\n");
> +		return -EINVAL;
> +	}
> +
> +	if (!client->irq) {
> +		dev_err(&client->dev,
> +			"HID over i2c has not been provided an Int IRQ\n");
> +		return -EINVAL;
> +	}
> +
> +	ihid = kzalloc(sizeof(struct i2c_hid), GFP_KERNEL);
> +	if (!ihid)
> +		return -ENOMEM;
> +
> +	i2c_set_clientdata(client, ihid);
> +
> +	ihid->client = client;
> +
> +	hidRegister = platform_data->hid_descriptor_address;
> +	ihid->wHIDDescRegister = cpu_to_le16(hidRegister);
> +
> +	init_waitqueue_head(&ihid->wait);
> +
> +	/* we need to allocate the command buffer without knowing the maximum
> +	 * size of the reports. Let's use HID_MIN_BUFFER_SIZE, then we do the
> +	 * real computation later. */
> +	ihid->bufsize = HID_MIN_BUFFER_SIZE;
> +	i2c_hid_alloc_buffers(ihid);

This could fail, yet you don't check for an error.

> +
> +	ret = i2c_hid_fetch_hid_descriptor(ihid);
> +	if (ret < 0)
> +		goto err;
> +
> +	ret = i2c_hid_init_irq(client);
> +	if (ret < 0)
> +		goto err;
> +
> +	hid = hid_allocate_device();
> +	if (IS_ERR(hid)) {
> +		ret = PTR_ERR(hid);
> +		goto err;
> +	}
> +
> +	ihid->hid = hid;
> +
> +	hid->driver_data = client;
> +	hid->ll_driver = &i2c_hid_ll_driver;
> +	hid->hid_get_raw_report = i2c_hid_get_raw_report;
> +	hid->hid_output_raw_report = i2c_hid_output_raw_report;
> +	hid->dev.parent = &client->dev;
> +	hid->bus = BUS_I2C;
> +	hid->version = le16_to_cpu(ihid->hdesc.bcdVersion);
> +	hid->vendor = le16_to_cpu(ihid->hdesc.wVendorID);
> +	hid->product = le16_to_cpu(ihid->hdesc.wProductID);
> +
> +	snprintf(hid->name, sizeof(hid->name), "%s %04X:%04X",

Should be %04hX:%04hX.

> +		 client->name, hid->vendor, hid->product);
> +
> +	ret = hid_add_device(hid);
> +	if (ret) {
> +		if (ret != -ENODEV)
> +			hid_err(client, "can't add hid device: %d\n", ret);
> +		goto err_mem_free;
> +	}
> +
> +	return 0;
> +
> +err_mem_free:
> +	hid_destroy_device(hid);
> +
> +err:
> +	if (ihid->irq)
> +		free_irq(ihid->irq, ihid);
> +
> +	kfree(ihid);
> +	return ret;
> +}
> +
> +static int __devexit i2c_hid_remove(struct i2c_client *client)
> +{
> +	struct i2c_hid *ihid = i2c_get_clientdata(client);
> +	struct hid_device *hid;
> +
> +	if (WARN_ON(!ihid))
> +		return -1;

This just can't happen...?

> +
> +	hid = ihid->hid;
> +	hid_destroy_device(hid);
> +
> +	free_irq(client->irq, ihid);
> +

Is there any guarantee that i2c_hid_stop() has been called before
i2c_hid_remove() is? If not, you're missing a call to
i2c_hid_free_buffers() here. BTW I'm not quite sure why
i2c_hid_remove() frees the buffers in the first place, but then again I
don't know a thing about the HID infrastructure.

> +	kfree(ihid);
> +
> +	return 0;
> +}
> +(...)
> +static const struct i2c_device_id i2c_hid_id_table[] = {
> +	{ "i2c_hid", 0 },

I am just realizing "i2c_hid" is a little redundant as an i2c device
name. Can we make this just "hid"?

> +	{ },
> +};
> +MODULE_DEVICE_TABLE(i2c, i2c_hid_id_table);

-- 
Jean Delvare
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ