HID: sony: Workaround for DS4 dongle hotplug kernel crash.

The hid-sony driver has custom DS4 connect/disconnect logic for the
DS4 dongle, which is a USB dongle acting as a proxy to Bluetooth
connected DS4.

The connect/disconnect logic works fine generally, however not in
conjunction with Steam. Steam implements its own DS4 driver using
hidraw. Both hid-sony and Steam are issuing their own HID requests
and are racing each other during DS4 dongle connect/disconnect
resulting in a kernel crash in hid-sony.

The problem is that upon a DS4 connect to the dongle, hid-sony kicks
of 'ds4_get_calibration_data' from within its dongle hotplug code.
The calibration code issues raw HID feature report for reportID 0x02.
When Steam is running, it issues a feature report for reportID 0x12
typically just prior to hid-sony requesting feature reportID 0x02.
The result is that 'ds4_get_calibration_data' receives the data Steam
requested as that's the HID report returing first. Currently this
results in it processing invalid data, which ultimately results in a
divide by zero upon a future 'dualshock4_parse_report'.

The solution for now is to check within 'ds4_get_calibration_data' to
check if we received data for the feature report we issued and if not
retry. This fixes bug 206785.

Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>

diff --git a/drivers/hid/hid-sony.c b/drivers/hid/hid-sony.c
index 2f073f53607063f85f8fabe4d1ad4ed62e4bce99..c7baedfc78bd7bcddbb2b15c1ad3b8908e3d22b5 100644 (file)
--- a/drivers/hid/hid-sony.c
+++ b/drivers/hid/hid-sony.c
@@ -1597,16 +1597,38 @@ static int dualshock4_get_calibration_data(struct sony_sc *sc)
         * of the controller, so that it sends input reports of type 0x11.
         */
        if (sc->quirks & (DUALSHOCK4_CONTROLLER_USB | DUALSHOCK4_DONGLE)) {
+               int retries;
+
                buf = kmalloc(DS4_FEATURE_REPORT_0x02_SIZE, GFP_KERNEL);
                if (!buf)
                        return -ENOMEM;
 
-               ret = hid_hw_raw_request(sc->hdev, 0x02, buf,
-                                        DS4_FEATURE_REPORT_0x02_SIZE,
-                                        HID_FEATURE_REPORT,
-                                        HID_REQ_GET_REPORT);
-               if (ret < 0)
-                       goto err_stop;
+               /* We should normally receive the feature report data we asked
+                * for, but hidraw applications such as Steam can issue feature
+                * reports as well. In particular for Dongle reconnects, Steam
+                * and this function are competing resulting in often receiving
+                * data for a different HID report, so retry a few times.
+                */
+               for (retries = 0; retries < 3; retries++) {
+                       ret = hid_hw_raw_request(sc->hdev, 0x02, buf,
+                                                DS4_FEATURE_REPORT_0x02_SIZE,
+                                                HID_FEATURE_REPORT,
+                                                HID_REQ_GET_REPORT);
+                       if (ret < 0)
+                               goto err_stop;
+
+                       if (buf[0] != 0x02) {
+                               if (retries < 2) {
+                                       hid_warn(sc->hdev, "Retrying DualShock 4 get calibration report (0x02) request\n");
+                                       continue;
+                               } else {
+                                       ret = -EILSEQ;
+                                       goto err_stop;
+                               }
+                       } else {
+                               break;
+                       }
+               }
        } else {
                u8 bthdr = 0xA3;
                u32 crc;