Hi David,
On Thu, Jul 24, 2014, David Herrmann wrote:
> > This helps a lot. Thanks. I'd bet the following code from forward_report() is
> > responsible:
> >
> > if (hogdev->has_report_id) {
> > data = ev->u.output.data + 1;
> > size = ev->u.output.size - 1;
> > } else {
> > data = ev->u.output.data;
> > size = ev->u.output.size;
> > }
>
> The kernel bails out if size==0, so this never happens. The bt_uhid_*
> helpers are fine, however, hog.c forward_report() is totally broken.
> You use:
>
> bt_uhid_register(hogdev->uhid, UHID_OUTPUT, forward_report, hogdev);
> bt_uhid_register(hogdev->uhid, UHID_FEATURE, forward_report, hogdev);
>
> Therefore, you register *THE SAME* handler for UHID_OUTPUT *AND*
> UHID_FEATURE. However, in forward_report() you access ev->u.output,
> but this is only valid for UHID_OUTPUT. If you get a UHID_FEATURE
> report you must never access anything but ev->u.feature!
>
> Furthermore, if you receive UHID_FEATURE, the kernel blocks until you
> send the answer as UHID_FEATURE_ANSWER. I really recommend dropping
> this line:
> bt_uhid_register(hogdev->uhid, UHID_FEATURE, forward_report, hogdev);
>
> Add it again once you implemented UHID_FEATURE properly. Currently,
> it's totally broken.
Thanks a lot for the analysis! I've now pushed a patch to remove the
broken attempt at UHID_FEATURE support.
Johan
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
