Re: [PATCH v2] HID: wacom: avoid copying Bluetooth input reports

[Jason Gerecke]

On Wed, Jun 17, 2026 at 12:21 AM Ruoyu Wang <ruoyuw560@xxxxxxxxx> wrote:
>
> wacom_intuos_bt_irq() duplicates the received Bluetooth report with
> kmemdup() so that it can pass 10-byte input report payloads to the
> common Intuos parser. The helper then copies each payload back into
> wacom->data before calling wacom_intuos_irq().
>
> Avoid the allocation and copy by temporarily pointing wacom->data at the
> current 10-byte payload while the common parser runs, then restoring the
> original report pointer. The Bluetooth report parser keeps using the
> original report buffer for dispatch and battery parsing, while the common
> parser sees the same payload bytes as before.
>
> This also removes the unchecked kmemdup() result from the Bluetooth IRQ
> path.
>
> Suggested-by: Jason Gerecke <jason.gerecke@xxxxxxxxx>
> Signed-off-by: Ruoyu Wang <ruoyuw560@xxxxxxxxx>

Thanks for the update! The sashiko warnings reveal an existing issue
with this function triggering unaligned memory accesses. I don't think
the warnings should block this particular patch, but instead remind us
that some kind of dedicated alignment cleanup patch would be a good
idea.

Reviewed-by: Jason Gerecke <jason.gerecke@xxxxxxxxx>

Jason (she/they)
---
Now instead of four in the eights place /
you’ve got three, ‘Cause you added one  /
(That is to say, eight) to the two,     /
But you can’t take seven from three,    /
So you look at the sixty-fours....

> ---
> Changes in v2:
> - Replace the kmemdup()/memcpy() path with temporary wacom->data pointer
>   substitution, as suggested by Jason.
>
>  drivers/hid/wacom_wac.c | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/hid/wacom_wac.c b/drivers/hid/wacom_wac.c
> index da1f0ea85625d..a29bf051ada7c 100644
> --- a/drivers/hid/wacom_wac.c
> +++ b/drivers/hid/wacom_wac.c
> @@ -1192,8 +1192,11 @@ static int int_dist(int x1, int y1, int x2, int y2)
>  static void wacom_intuos_bt_process_data(struct wacom_wac *wacom,
>                 unsigned char *data)
>  {
> -       memcpy(wacom->data, data, 10);
> +       u8 *saved_data = wacom->data;
> +
> +       wacom->data = data;
>         wacom_intuos_irq(wacom);
> +       wacom->data = saved_data;
>
>         input_sync(wacom->pen_input);
>         if (wacom->pad_input)
> @@ -1202,7 +1205,7 @@ static void wacom_intuos_bt_process_data(struct wacom_wac *wacom,
>
>  static int wacom_intuos_bt_irq(struct wacom_wac *wacom, size_t len)
>  {
> -       u8 *data = kmemdup(wacom->data, len, GFP_KERNEL);
> +       u8 *data = wacom->data;
>         int i = 1;
>         unsigned power_raw, battery_capacity, bat_charging, ps_connected;
>
> @@ -1242,7 +1245,6 @@ static int wacom_intuos_bt_irq(struct wacom_wac *wacom, size_t len)
>                 break;
>         }
>
> -       kfree(data);
>         return 0;
>  }
>
> --
> 2.51.0
>