1. 12 Feb, 2019 2 commits
  2. 07 Dec, 2018 1 commit
  3. 30 Nov, 2018 1 commit
    • Hans de Goede's avatar
      HID: ite: Add USB id match for another ITE based keyboard rfkill key quirk · 40502074
      Hans de Goede authored
      The 258a:6a88 keyboard-dock shipped with the Prowise PT301 tablet is
      likely another ITE based design. The controller die is directly bonded
      to the PCB with a blob of black glue on top so there are no markings and
      the 258a vendor-id used is unknown anywhere. But the keyboard has the
      exact same hotkeys mapped to Fn+F1 - F10 as the other ITE8595 keyboard
      I have *and* it has the same quirky behavior wrt the rfkill hotkey.
      
      Either way as said this keyboard has the same quirk for its rfkill /
      airplane mode hotkey as the ITE 8595 chip, it only sends a single release
      event when pressed and released, it never sends a press event.
      
      This commit adds the 258a:6a88 USB id to the hid-ite id-table, fixing
      the rfkill key not working on this keyboard.
      Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
      Signed-off-by: default avatarBenjamin Tissoires <benjamin.tissoires@redhat.com>
      40502074
  4. 22 Nov, 2018 6 commits
  5. 20 Nov, 2018 1 commit
  6. 19 Nov, 2018 5 commits
    • Kai-Heng Feng's avatar
      HID: i2c-hid: Disable runtime PM for LG touchscreen · 86c31524
      Kai-Heng Feng authored
      LG touchscreen (1fd2:8001) stops working after reboot:
      [ 4.859153] i2c_hid i2c-SAPS2101:00: i2c_hid_get_input: incomplete report (64/66)
      [ 4.936070] i2c_hid i2c-SAPS2101:00: i2c_hid_get_input: incomplete report (64/66)
      [ 9.948224] i2c_hid i2c-SAPS2101:00: failed to reset device.
      
      The device in question stops working after receives SLEEP, ON, SLEEP
      commands in a short period. The scenario is like this:
      - Once the desktop session closes, it also closed the hid device, so the
      device gets runtime suspended and receives a SLEEP command.
      - Before calling shutdown callback, it gets runtime resumed and received
      an ON command.
      - In the shutdown callback, it receives another SLEEP command.
      
      I failed to find a reliable interval between ON/SLEEP commands that can
      make it work, so let's simply disable runtime PM for the device.
      Signed-off-by: default avatarKai-Heng Feng <kai.heng.feng@canonical.com>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      86c31524
    • Kai-Heng Feng's avatar
      HID: multitouch: Add pointstick support for Cirque Touchpad · 12d43aac
      Kai-Heng Feng authored
      Cirque Touchpad/Pointstick combo is similar to Alps devices, it requires
      MT_CLS_WIN_8_DUAL to expose its pointstick as a mouse.
      Signed-off-by: default avatarKai-Heng Feng <kai.heng.feng@canonical.com>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      12d43aac
    • Rodrigo Rivas Costa's avatar
      HID: steam: remove input device when a hid client is running. · 385a4886
      Rodrigo Rivas Costa authored
      Previously, when a HID client such as the Steam Client was running, this
      driver disabled its input device to avoid doubling the input events.
      
      While it worked mostly fine, some games got confused by the idle gamepad,
      and switched to two player mode, or asked the user to choose which gamepad
      to use. Other games just crashed, probably a bug in Unity [1].
      
      With this commit, when a HID client starts, the input device is removed;
      when the HID client ends the input device is recreated.
      
      [1]: https://github.com/ValveSoftware/steam-for-linux/issues/5645Signed-off-by: default avatarRodrigo Rivas Costa <rodrigorivascosta@gmail.com>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      385a4886
    • David Herrmann's avatar
      Revert "HID: uhid: use strlcpy() instead of strncpy()" · 4d26d1d1
      David Herrmann authored
      This reverts commit 336fd4f5.
      
      Please note that `strlcpy()` does *NOT* do what you think it does.
      strlcpy() *ALWAYS* reads the full input string, regardless of the
      'length' parameter. That is, if the input is not zero-terminated,
      strlcpy() will *READ* beyond input boundaries. It does this, because it
      always returns the size it *would* copy if the target was big enough,
      not the truncated size it actually copied.
      
      The original code was perfectly fine. The hid device is
      zero-initialized and the strncpy() functions copied up to n-1
      characters. The result is always zero-terminated this way.
      
      This is the third time someone tried to replace strncpy with strlcpy in
      this function, and gets it wrong. I now added a comment that should at
      least make people reconsider.
      Signed-off-by: David Herrmann's avatarDavid Herrmann <dh.herrmann@gmail.com>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      4d26d1d1
    • Eric Biggers's avatar
      HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges · 8c01db76
      Eric Biggers authored
      When a UHID_CREATE command is written to the uhid char device, a
      copy_from_user() is done from a user pointer embedded in the command.
      When the address limit is KERNEL_DS, e.g. as is the case during
      sys_sendfile(), this can read from kernel memory.  Alternatively,
      information can be leaked from a setuid binary that is tricked to write
      to the file descriptor.  Therefore, forbid UHID_CREATE in these cases.
      
      No other commands in uhid_char_write() are affected by this bug and
      UHID_CREATE is marked as "obsolete", so apply the restriction to
      UHID_CREATE only rather than to uhid_char_write() entirely.
      
      Thanks to Dmitry Vyukov for adding uhid definitions to syzkaller and to
      Jann Horn for commit 9da3f2b7 ("x86/fault: BUG() when uaccess
      helpers fault on kernel addresses"), allowing this bug to be found.
      
      Reported-by: syzbot+72473edc9bf4eb1c6556@syzkaller.appspotmail.com
      Fixes: d365c6cf ("HID: uhid: add UHID_CREATE and UHID_DESTROY events")
      Cc: <stable@vger.kernel.org> # v3.6+
      Cc: Jann Horn <jannh@google.com>
      Cc: Andy Lutomirski <luto@kernel.org>
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Reviewed-by: default avatarJann Horn <jannh@google.com>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      8c01db76
  7. 16 Nov, 2018 1 commit
  8. 15 Nov, 2018 1 commit
  9. 12 Nov, 2018 1 commit
  10. 08 Nov, 2018 1 commit
  11. 06 Nov, 2018 1 commit
    • Arnd Bergmann's avatar
      HID: asus: fix build warning wiht CONFIG_ASUS_WMI disabled · 3fc202e8
      Arnd Bergmann authored
      asus_wmi_evaluate_method() is an empty dummy function when CONFIG_ASUS_WMI
      is disabled, or not reachable from a built-in device driver. This leads to
      a theoretical evaluation of an uninitialized variable that the compiler
      complains about, failing to check that the hardcoded return value makes
      this an unreachable code path:
      
      In file included from include/linux/printk.h:336,
                       from include/linux/kernel.h:14,
                       from include/linux/list.h:9,
                       from include/linux/dmi.h:5,
                       from drivers/hid/hid-asus.c:29:
      drivers/hid/hid-asus.c: In function 'asus_input_configured':
      include/linux/dynamic_debug.h:135:3: error: 'value' may be used uninitialized in this function [-Werror=maybe-uninitialized]
         __dynamic_dev_dbg(&descriptor, dev, fmt, \
         ^~~~~~~~~~~~~~~~~
      drivers/hid/hid-asus.c:359:6: note: 'value' was declared here
        u32 value;
            ^~~~~
      
      With an extra IS_ENABLED() check, the warning goes away.
      
      Fixes: 3b692c55 ("HID: asus: only support backlight when it's not driven by WMI")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Acked-by: default avatarGeert Uytterhoeven <geert@linux-m68k.org>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      3fc202e8
  12. 31 Oct, 2018 2 commits
  13. 29 Oct, 2018 1 commit
    • Linus Torvalds's avatar
      HID: input: simplify/fix high-res scroll event handling · 044ee890
      Linus Torvalds authored
      Commit 1ff2e1a4 ("HID: input: Create a utility class for counting
      scroll events") created the helper function
      
          hid_scroll_counter_handle_scroll()
      
      to handle high-res scroll events and also expose them as regular wheel
      events.
      
      But the resulting algorithm was unstable, and causes scrolling to be
      very unreliable.  When you hit the half-way mark of the highres
      multiplier, small highres movements will incorrectly translate into big
      traditional wheel movements, causing odd jitters.
      
      Simplify the code and make the output stable.
      
      NOTE! I'm pretty sure this will need further tweaking.  But this at
      least turns a unusable mouse wheel on my Logitech MX Anywhere 2S into
      a usable one.
      
      Cc: Jiri Kosina <jikos@kernel.org>
      Cc: Harry Cutts <hcutts@chromium.org>
      Cc: Benjamin Tissoires <benjamin.tissoires@redhat.com>
      Cc: Peter Hutterer <peter.hutterer@who-t.net>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      044ee890
  14. 27 Oct, 2018 2 commits
    • Linus Torvalds's avatar
      HID: we do not randomly make new drivers 'default y' · 69d5b97c
      Linus Torvalds authored
      .. even when that "default y" is hidden syntactically as a
      
      	default !EXPERT
      
      it's wrong.
      
      The only reason something should be 'default y' is if it used to be
      built-in, and it was made configurable, and the 'default y' is just
      retaining the status quo.
      
      Altheratively, the hardware for the driver has become _so_ common that
      it really makes sense for everybody to build it.  Finally, one possible
      reason for 'default y' is because the option is not enabling any new
      code at all, but is just enabling other options (the networking people
      do this for vendor options, for example, so that you can disable whole
      vendors at a time).
      
      Clearly, none of these cases hold for the BigBen Interactive Kids'
      gamepad, and HID_BIGBEN_FF should thus most definitely not default
      to on for everybody.
      
      Cc: Hanno Zulla <kontakt@hanno.de>
      Cc: Jiri Kosina <jkosina@suse.cz>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      69d5b97c
    • Linus Torvalds's avatar
      i2c-hid: properly terminate i2c_hid_dmi_desc_override_table[] array · b59dfdae
      Linus Torvalds authored
      Commit 9ee3e066 ("HID: i2c-hid: override HID descriptors for certain
      devices") added a new dmi_system_id quirk table to override certain HID
      report descriptors for some systems that lack them.
      
      But the table wasn't properly terminated, causing the dmi matching to
      walk off into la-la-land, and starting to treat random data as dmi
      descriptor pointers, causing boot-time oopses if you were at all
      unlucky.
      
      Terminate the array.
      
      We really should have some way to just statically check that arrays that
      should be terminated by an empty entry actually are so.  But the HID
      people really should have caught this themselves, rather than have me
      deal with an oops during the merge window.  Tssk, tssk.
      
      Cc: Julian Sax <jsbc@gmx.de>
      Cc: Benjamin Tissoires <benjamin.tissoires@redhat.com>
      Cc: Jiri Kosina <jkosina@suse.cz>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b59dfdae
  15. 26 Oct, 2018 4 commits
  16. 11 Oct, 2018 2 commits
  17. 09 Oct, 2018 4 commits
  18. 04 Oct, 2018 1 commit
  19. 03 Oct, 2018 1 commit
  20. 29 Sep, 2018 1 commit
  21. 24 Sep, 2018 1 commit