Skip to content

Commit 4ee4d7b

Browse files
author
Jiri Kosina
committed
Merge branch 'for-6.15/wacom' into for-linus
- removal of WACOM_PKGLEN_MAX limit in Wacom driver (Jason Gerecke)
2 parents 6fe38a2 + 5e013ad commit 4ee4d7b

File tree

3 files changed

+27
-23
lines changed

3 files changed

+27
-23
lines changed

drivers/hid/wacom_sys.c

Lines changed: 21 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -69,16 +69,27 @@ static void wacom_wac_queue_flush(struct hid_device *hdev,
6969
struct kfifo_rec_ptr_2 *fifo)
7070
{
7171
while (!kfifo_is_empty(fifo)) {
72-
u8 buf[WACOM_PKGLEN_MAX];
73-
int size;
72+
int size = kfifo_peek_len(fifo);
73+
u8 *buf = kzalloc(size, GFP_KERNEL);
74+
unsigned int count;
7475
int err;
7576

76-
size = kfifo_out(fifo, buf, sizeof(buf));
77+
count = kfifo_out(fifo, buf, size);
78+
if (count != size) {
79+
// Hard to say what is the "right" action in this
80+
// circumstance. Skipping the entry and continuing
81+
// to flush seems reasonable enough, however.
82+
hid_warn(hdev, "%s: removed fifo entry with unexpected size\n",
83+
__func__);
84+
continue;
85+
}
7786
err = hid_report_raw_event(hdev, HID_INPUT_REPORT, buf, size, false);
7887
if (err) {
7988
hid_warn(hdev, "%s: unable to flush event due to error %d\n",
8089
__func__, err);
8190
}
91+
92+
kfree(buf);
8293
}
8394
}
8495

@@ -158,13 +169,10 @@ static int wacom_raw_event(struct hid_device *hdev, struct hid_report *report,
158169
if (wacom->wacom_wac.features.type == BOOTLOADER)
159170
return 0;
160171

161-
if (size > WACOM_PKGLEN_MAX)
162-
return 1;
163-
164172
if (wacom_wac_pen_serial_enforce(hdev, report, raw_data, size))
165173
return -1;
166174

167-
memcpy(wacom->wacom_wac.data, raw_data, size);
175+
wacom->wacom_wac.data = raw_data;
168176

169177
wacom_wac_irq(&wacom->wacom_wac, size);
170178

@@ -1286,6 +1294,7 @@ static void wacom_devm_kfifo_release(struct device *dev, void *res)
12861294
static int wacom_devm_kfifo_alloc(struct wacom *wacom)
12871295
{
12881296
struct wacom_wac *wacom_wac = &wacom->wacom_wac;
1297+
int fifo_size = min(PAGE_SIZE, 10 * wacom_wac->features.pktlen);
12891298
struct kfifo_rec_ptr_2 *pen_fifo;
12901299
int error;
12911300

@@ -1296,7 +1305,7 @@ static int wacom_devm_kfifo_alloc(struct wacom *wacom)
12961305
if (!pen_fifo)
12971306
return -ENOMEM;
12981307

1299-
error = kfifo_alloc(pen_fifo, WACOM_PKGLEN_MAX, GFP_KERNEL);
1308+
error = kfifo_alloc(pen_fifo, fifo_size, GFP_KERNEL);
13001309
if (error) {
13011310
devres_free(pen_fifo);
13021311
return error;
@@ -2352,12 +2361,14 @@ static int wacom_parse_and_register(struct wacom *wacom, bool wireless)
23522361
unsigned int connect_mask = HID_CONNECT_HIDRAW;
23532362

23542363
features->pktlen = wacom_compute_pktlen(hdev);
2355-
if (features->pktlen > WACOM_PKGLEN_MAX)
2356-
return -EINVAL;
23572364

23582365
if (!devres_open_group(&hdev->dev, wacom, GFP_KERNEL))
23592366
return -ENOMEM;
23602367

2368+
error = wacom_devm_kfifo_alloc(wacom);
2369+
if (error)
2370+
goto fail;
2371+
23612372
wacom->resources = true;
23622373

23632374
error = wacom_allocate_inputs(wacom);
@@ -2821,10 +2832,6 @@ static int wacom_probe(struct hid_device *hdev,
28212832
if (features->check_for_hid_type && features->hid_type != hdev->type)
28222833
return -ENODEV;
28232834

2824-
error = wacom_devm_kfifo_alloc(wacom);
2825-
if (error)
2826-
return error;
2827-
28282835
wacom_wac->hid_data.inputmode = -1;
28292836
wacom_wac->mode_report = -1;
28302837

drivers/hid/wacom_wac.c

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1201,12 +1201,10 @@ static void wacom_intuos_bt_process_data(struct wacom_wac *wacom,
12011201

12021202
static int wacom_intuos_bt_irq(struct wacom_wac *wacom, size_t len)
12031203
{
1204-
unsigned char data[WACOM_PKGLEN_MAX];
1204+
u8 *data = kmemdup(wacom->data, len, GFP_KERNEL);
12051205
int i = 1;
12061206
unsigned power_raw, battery_capacity, bat_charging, ps_connected;
12071207

1208-
memcpy(data, wacom->data, len);
1209-
12101208
switch (data[0]) {
12111209
case 0x04:
12121210
wacom_intuos_bt_process_data(wacom, data + i);
@@ -1230,8 +1228,10 @@ static int wacom_intuos_bt_irq(struct wacom_wac *wacom, size_t len)
12301228
dev_dbg(wacom->pen_input->dev.parent,
12311229
"Unknown report: %d,%d size:%zu\n",
12321230
data[0], data[1], len);
1233-
return 0;
1231+
break;
12341232
}
1233+
1234+
kfree(data);
12351235
return 0;
12361236
}
12371237

drivers/hid/wacom_wac.h

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -7,9 +7,6 @@
77
#include <linux/hid.h>
88
#include <linux/kfifo.h>
99

10-
/* maximum packet length for USB/BT devices */
11-
#define WACOM_PKGLEN_MAX 361
12-
1310
#define WACOM_NAME_MAX 64
1411
#define WACOM_MAX_REMOTES 5
1512
#define WACOM_STATUS_UNKNOWN 255
@@ -277,7 +274,7 @@ struct wacom_features {
277274
unsigned touch_max;
278275
int oVid;
279276
int oPid;
280-
int pktlen;
277+
unsigned int pktlen;
281278
bool check_for_hid_type;
282279
int hid_type;
283280
};
@@ -341,7 +338,7 @@ struct wacom_wac {
341338
char pen_name[WACOM_NAME_MAX];
342339
char touch_name[WACOM_NAME_MAX];
343340
char pad_name[WACOM_NAME_MAX];
344-
unsigned char data[WACOM_PKGLEN_MAX];
341+
u8 *data;
345342
int tool[2];
346343
int id[2];
347344
__u64 serial[2];

0 commit comments

Comments
 (0)