Merge tag 'for-linus-2023011801' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid

+1 -1

drivers/hid/amd-sfh-hid/amd_sfh_client.c

··· 282 282 } 283 283 rc = mp2_ops->get_rep_desc(cl_idx, cl_data->report_descr[i]); 284 284 if (rc) 285 - return rc; 285 + goto cleanup; 286 286 mp2_ops->start(privdata, info); 287 287 status = amd_sfh_wait_for_response 288 288 (privdata, cl_data->sensor_idx[i], SENSOR_ENABLED);

+1 -1

drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c

··· 160 160 } 161 161 rc = mp2_ops->get_rep_desc(cl_idx, cl_data->report_descr[i]); 162 162 if (rc) 163 - return rc; 163 + goto cleanup; 164 164 165 165 writel(0, privdata->mmio + AMD_P2C_MSG(0)); 166 166 mp2_ops->start(privdata, info);

+9 -8

drivers/hid/hid-betopff.c

··· 60 60 struct list_head *report_list = 61 61 &hid->report_enum[HID_OUTPUT_REPORT].report_list; 62 62 struct input_dev *dev; 63 - int field_count = 0; 64 63 int error; 65 64 int i, j; 66 65 ··· 85 86 * ----------------------------------------- 86 87 * Do init them with default value. 87 88 */ 89 + if (report->maxfield < 4) { 90 + hid_err(hid, "not enough fields in the report: %d\n", 91 + report->maxfield); 92 + return -ENODEV; 93 + } 88 94 for (i = 0; i < report->maxfield; i++) { 95 + if (report->field[i]->report_count < 1) { 96 + hid_err(hid, "no values in the field\n"); 97 + return -ENODEV; 98 + } 89 99 for (j = 0; j < report->field[i]->report_count; j++) { 90 100 report->field[i]->value[j] = 0x00; 91 - field_count++; 92 101 } 93 - } 94 - 95 - if (field_count < 4) { 96 - hid_err(hid, "not enough fields in the report: %d\n", 97 - field_count); 98 - return -ENODEV; 99 102 } 100 103 101 104 betopff = kzalloc(sizeof(*betopff), GFP_KERNEL);

+5

drivers/hid/hid-bigbenff.c

··· 344 344 } 345 345 346 346 report_list = &hid->report_enum[HID_OUTPUT_REPORT].report_list; 347 + if (list_empty(report_list)) { 348 + hid_err(hid, "no output report found\n"); 349 + error = -ENODEV; 350 + goto error_hw_stop; 351 + } 347 352 bigben->report = list_entry(report_list->next, 348 353 struct hid_report, list); 349 354

+2 -2

drivers/hid/hid-core.c

··· 993 993 * Validating on id 0 means we should examine the first 994 994 * report in the list. 995 995 */ 996 - report = list_entry( 997 - hid->report_enum[type].report_list.next, 996 + report = list_first_entry_or_null( 997 + &hid->report_enum[type].report_list, 998 998 struct hid_report, list); 999 999 } else { 1000 1000 report = hid->report_enum[type].report_id_hash[id];

+1 -1

drivers/hid/hid-ids.h

··· 274 274 #define USB_DEVICE_ID_CH_AXIS_295 0x001c 275 275 276 276 #define USB_VENDOR_ID_CHERRY 0x046a 277 - #define USB_DEVICE_ID_CHERRY_MOUSE_000C 0x000c 278 277 #define USB_DEVICE_ID_CHERRY_CYMOTION 0x0023 279 278 #define USB_DEVICE_ID_CHERRY_CYMOTION_SOLAR 0x0027 280 279 ··· 1294 1295 #define USB_DEVICE_ID_UGEE_XPPEN_TABLET_G540 0x0075 1295 1296 #define USB_DEVICE_ID_UGEE_XPPEN_TABLET_G640 0x0094 1296 1297 #define USB_DEVICE_ID_UGEE_XPPEN_TABLET_DECO01 0x0042 1298 + #define USB_DEVICE_ID_UGEE_XPPEN_TABLET_DECO01_V2 0x0905 1297 1299 #define USB_DEVICE_ID_UGEE_XPPEN_TABLET_DECO_L 0x0935 1298 1300 #define USB_DEVICE_ID_UGEE_XPPEN_TABLET_DECO_PRO_S 0x0909 1299 1301 #define USB_DEVICE_ID_UGEE_XPPEN_TABLET_STAR06 0x0078

+63

drivers/hid/hid-playstation.c

··· 944 944 945 945 static int dualsense_get_calibration_data(struct dualsense *ds) 946 946 { 947 + struct hid_device *hdev = ds->base.hdev; 947 948 short gyro_pitch_bias, gyro_pitch_plus, gyro_pitch_minus; 948 949 short gyro_yaw_bias, gyro_yaw_plus, gyro_yaw_minus; 949 950 short gyro_roll_bias, gyro_roll_plus, gyro_roll_minus; ··· 955 954 int speed_2x; 956 955 int range_2g; 957 956 int ret = 0; 957 + int i; 958 958 uint8_t *buf; 959 959 960 960 buf = kzalloc(DS_FEATURE_REPORT_CALIBRATION_SIZE, GFP_KERNEL); ··· 1008 1006 ds->gyro_calib_data[2].sens_denom = gyro_roll_plus - gyro_roll_minus; 1009 1007 1010 1008 /* 1009 + * Sanity check gyro calibration data. This is needed to prevent crashes 1010 + * during report handling of virtual, clone or broken devices not implementing 1011 + * calibration data properly. 1012 + */ 1013 + for (i = 0; i < ARRAY_SIZE(ds->gyro_calib_data); i++) { 1014 + if (ds->gyro_calib_data[i].sens_denom == 0) { 1015 + hid_warn(hdev, "Invalid gyro calibration data for axis (%d), disabling calibration.", 1016 + ds->gyro_calib_data[i].abs_code); 1017 + ds->gyro_calib_data[i].bias = 0; 1018 + ds->gyro_calib_data[i].sens_numer = DS_GYRO_RANGE; 1019 + ds->gyro_calib_data[i].sens_denom = S16_MAX; 1020 + } 1021 + } 1022 + 1023 + /* 1011 1024 * Set accelerometer calibration and normalization parameters. 1012 1025 * Data values will be normalized to 1/DS_ACC_RES_PER_G g. 1013 1026 */ ··· 1043 1026 ds->accel_calib_data[2].bias = acc_z_plus - range_2g / 2; 1044 1027 ds->accel_calib_data[2].sens_numer = 2*DS_ACC_RES_PER_G; 1045 1028 ds->accel_calib_data[2].sens_denom = range_2g; 1029 + 1030 + /* 1031 + * Sanity check accelerometer calibration data. This is needed to prevent crashes 1032 + * during report handling of virtual, clone or broken devices not implementing calibration 1033 + * data properly. 1034 + */ 1035 + for (i = 0; i < ARRAY_SIZE(ds->accel_calib_data); i++) { 1036 + if (ds->accel_calib_data[i].sens_denom == 0) { 1037 + hid_warn(hdev, "Invalid accelerometer calibration data for axis (%d), disabling calibration.", 1038 + ds->accel_calib_data[i].abs_code); 1039 + ds->accel_calib_data[i].bias = 0; 1040 + ds->accel_calib_data[i].sens_numer = DS_ACC_RANGE; 1041 + ds->accel_calib_data[i].sens_denom = S16_MAX; 1042 + } 1043 + } 1046 1044 1047 1045 err_free: 1048 1046 kfree(buf); ··· 1769 1737 int speed_2x; 1770 1738 int range_2g; 1771 1739 int ret = 0; 1740 + int i; 1772 1741 uint8_t *buf; 1773 1742 1774 1743 if (ds4->base.hdev->bus == BUS_USB) { ··· 1864 1831 ds4->gyro_calib_data[2].sens_denom = gyro_roll_plus - gyro_roll_minus; 1865 1832 1866 1833 /* 1834 + * Sanity check gyro calibration data. This is needed to prevent crashes 1835 + * during report handling of virtual, clone or broken devices not implementing 1836 + * calibration data properly. 1837 + */ 1838 + for (i = 0; i < ARRAY_SIZE(ds4->gyro_calib_data); i++) { 1839 + if (ds4->gyro_calib_data[i].sens_denom == 0) { 1840 + hid_warn(hdev, "Invalid gyro calibration data for axis (%d), disabling calibration.", 1841 + ds4->gyro_calib_data[i].abs_code); 1842 + ds4->gyro_calib_data[i].bias = 0; 1843 + ds4->gyro_calib_data[i].sens_numer = DS4_GYRO_RANGE; 1844 + ds4->gyro_calib_data[i].sens_denom = S16_MAX; 1845 + } 1846 + } 1847 + 1848 + /* 1867 1849 * Set accelerometer calibration and normalization parameters. 1868 1850 * Data values will be normalized to 1/DS4_ACC_RES_PER_G g. 1869 1851 */ ··· 1899 1851 ds4->accel_calib_data[2].bias = acc_z_plus - range_2g / 2; 1900 1852 ds4->accel_calib_data[2].sens_numer = 2*DS4_ACC_RES_PER_G; 1901 1853 ds4->accel_calib_data[2].sens_denom = range_2g; 1854 + 1855 + /* 1856 + * Sanity check accelerometer calibration data. This is needed to prevent crashes 1857 + * during report handling of virtual, clone or broken devices not implementing calibration 1858 + * data properly. 1859 + */ 1860 + for (i = 0; i < ARRAY_SIZE(ds4->accel_calib_data); i++) { 1861 + if (ds4->accel_calib_data[i].sens_denom == 0) { 1862 + hid_warn(hdev, "Invalid accelerometer calibration data for axis (%d), disabling calibration.", 1863 + ds4->accel_calib_data[i].abs_code); 1864 + ds4->accel_calib_data[i].bias = 0; 1865 + ds4->accel_calib_data[i].sens_numer = DS4_ACC_RANGE; 1866 + ds4->accel_calib_data[i].sens_denom = S16_MAX; 1867 + } 1868 + } 1902 1869 1903 1870 err_free: 1904 1871 kfree(buf);

-1

drivers/hid/hid-quirks.c

··· 54 54 { HID_USB_DEVICE(USB_VENDOR_ID_CH, USB_DEVICE_ID_CH_FLIGHT_SIM_YOKE), HID_QUIRK_NOGET }, 55 55 { HID_USB_DEVICE(USB_VENDOR_ID_CH, USB_DEVICE_ID_CH_PRO_PEDALS), HID_QUIRK_NOGET }, 56 56 { HID_USB_DEVICE(USB_VENDOR_ID_CH, USB_DEVICE_ID_CH_PRO_THROTTLE), HID_QUIRK_NOGET }, 57 - { HID_USB_DEVICE(USB_VENDOR_ID_CHERRY, USB_DEVICE_ID_CHERRY_MOUSE_000C), HID_QUIRK_ALWAYS_POLL }, 58 57 { HID_USB_DEVICE(USB_VENDOR_ID_CORSAIR, USB_DEVICE_ID_CORSAIR_K65RGB), HID_QUIRK_NO_INIT_REPORTS }, 59 58 { HID_USB_DEVICE(USB_VENDOR_ID_CORSAIR, USB_DEVICE_ID_CORSAIR_K65RGB_RAPIDFIRE), HID_QUIRK_NO_INIT_REPORTS | HID_QUIRK_ALWAYS_POLL }, 60 59 { HID_USB_DEVICE(USB_VENDOR_ID_CORSAIR, USB_DEVICE_ID_CORSAIR_K70RGB), HID_QUIRK_NO_INIT_REPORTS },

+2

drivers/hid/hid-uclogic-core.c

··· 526 526 { HID_USB_DEVICE(USB_VENDOR_ID_UGEE, 527 527 USB_DEVICE_ID_UGEE_XPPEN_TABLET_DECO01) }, 528 528 { HID_USB_DEVICE(USB_VENDOR_ID_UGEE, 529 + USB_DEVICE_ID_UGEE_XPPEN_TABLET_DECO01_V2) }, 530 + { HID_USB_DEVICE(USB_VENDOR_ID_UGEE, 529 531 USB_DEVICE_ID_UGEE_XPPEN_TABLET_DECO_L) }, 530 532 { HID_USB_DEVICE(USB_VENDOR_ID_UGEE, 531 533 USB_DEVICE_ID_UGEE_XPPEN_TABLET_DECO_PRO_S) },

+2

drivers/hid/hid-uclogic-params.c

··· 1656 1656 case VID_PID(USB_VENDOR_ID_UGEE, 1657 1657 USB_DEVICE_ID_UGEE_PARBLO_A610_PRO): 1658 1658 case VID_PID(USB_VENDOR_ID_UGEE, 1659 + USB_DEVICE_ID_UGEE_XPPEN_TABLET_DECO01_V2): 1660 + case VID_PID(USB_VENDOR_ID_UGEE, 1659 1661 USB_DEVICE_ID_UGEE_XPPEN_TABLET_DECO_L): 1660 1662 case VID_PID(USB_VENDOR_ID_UGEE, 1661 1663 USB_DEVICE_ID_UGEE_XPPEN_TABLET_DECO_PRO_S):

+10

drivers/hid/intel-ish-hid/ishtp/dma-if.c

··· 104 104 int required_slots = (size / DMA_SLOT_SIZE) 105 105 + 1 * (size % DMA_SLOT_SIZE != 0); 106 106 107 + if (!dev->ishtp_dma_tx_map) { 108 + dev_err(dev->devc, "Fail to allocate Tx map\n"); 109 + return NULL; 110 + } 111 + 107 112 spin_lock_irqsave(&dev->ishtp_dma_tx_lock, flags); 108 113 for (i = 0; i <= (dev->ishtp_dma_num_slots - required_slots); i++) { 109 114 free = 1; ··· 152 147 153 148 if ((msg_addr - dev->ishtp_host_dma_tx_buf) % DMA_SLOT_SIZE) { 154 149 dev_err(dev->devc, "Bad DMA Tx ack address\n"); 150 + return; 151 + } 152 + 153 + if (!dev->ishtp_dma_tx_map) { 154 + dev_err(dev->devc, "Fail to allocate Tx map\n"); 155 155 return; 156 156 } 157 157