HID: usbhid: Check HID report descriptor contents after device reset
When a USB device reset occurs, usbcore will refetch the device and configuration descriptors and compare them with those retrieved before the reset to ensure that they have not changed. For USB HID devices, this implicitly includes the HID class descriptor (as this is fetched with the configuration descriptor). However, the HID report descriptor is not checked again. Whilst a change in the size of the HID report descriptor will be detected (as this is held in the class descriptor), content changes to the report descriptor which do not result in a change in its size will be missed. If a firmware update were applied to a USB HID device which resulted in such a change to the report descriptor after device reset, then this would not be picked up by usbhid. This patch fixes this issue by allowing usbhid to check the contents of the report descriptor after the device reset, and trigger a rebind of the device if there is a mismatch. Reviewed-by: Toby Gray <toby.gray@realvnc.com> Signed-off-by: Simon Haggett <simon.haggett@realvnc.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
This commit is contained in:
parent
72f1367b5e
commit
dc3c78e434
1 changed files with 28 additions and 0 deletions
|
@ -28,6 +28,7 @@
|
|||
#include <linux/input.h>
|
||||
#include <linux/wait.h>
|
||||
#include <linux/workqueue.h>
|
||||
#include <linux/string.h>
|
||||
|
||||
#include <linux/usb.h>
|
||||
|
||||
|
@ -1364,7 +1365,34 @@ static int hid_post_reset(struct usb_interface *intf)
|
|||
struct usb_device *dev = interface_to_usbdev (intf);
|
||||
struct hid_device *hid = usb_get_intfdata(intf);
|
||||
struct usbhid_device *usbhid = hid->driver_data;
|
||||
struct usb_host_interface *interface = intf->cur_altsetting;
|
||||
int status;
|
||||
char *rdesc;
|
||||
|
||||
/* Fetch and examine the HID report descriptor. If this
|
||||
* has changed, then rebind. Since usbcore's check of the
|
||||
* configuration descriptors passed, we already know that
|
||||
* the size of the HID report descriptor has not changed.
|
||||
*/
|
||||
rdesc = kmalloc(hid->rsize, GFP_KERNEL);
|
||||
if (!rdesc) {
|
||||
dbg_hid("couldn't allocate rdesc memory (post_reset)\n");
|
||||
return 1;
|
||||
}
|
||||
status = hid_get_class_descriptor(dev,
|
||||
interface->desc.bInterfaceNumber,
|
||||
HID_DT_REPORT, rdesc, hid->rsize);
|
||||
if (status < 0) {
|
||||
dbg_hid("reading report descriptor failed (post_reset)\n");
|
||||
kfree(rdesc);
|
||||
return 1;
|
||||
}
|
||||
status = memcmp(rdesc, hid->rdesc, hid->rsize);
|
||||
kfree(rdesc);
|
||||
if (status != 0) {
|
||||
dbg_hid("report descriptor changed\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
spin_lock_irq(&usbhid->lock);
|
||||
clear_bit(HID_RESET_PENDING, &usbhid->iofl);
|
||||
|
|
Loading…
Reference in a new issue