1 /* 2 * HID over I2C protocol implementation 3 * 4 * Copyright (c) 2012 Benjamin Tissoires <benjamin.tissoires@gmail.com> 5 * Copyright (c) 2012 Ecole Nationale de l'Aviation Civile, France 6 * Copyright (c) 2012 Red Hat, Inc 7 * 8 * This code is partly based on "USB HID support for Linux": 9 * 10 * Copyright (c) 1999 Andreas Gal 11 * Copyright (c) 2000-2005 Vojtech Pavlik <vojtech@suse.cz> 12 * Copyright (c) 2005 Michael Haboustak <mike-@cinci.rr.com> for Concept2, Inc 13 * Copyright (c) 2007-2008 Oliver Neukum 14 * Copyright (c) 2006-2010 Jiri Kosina 15 * 16 * This file is subject to the terms and conditions of the GNU General Public 17 * License. See the file COPYING in the main directory of this archive for 18 * more details. 19 */ 20 21 #include <linux/module.h> 22 #include <linux/i2c.h> 23 #include <linux/interrupt.h> 24 #include <linux/input.h> 25 #include <linux/irq.h> 26 #include <linux/delay.h> 27 #include <linux/slab.h> 28 #include <linux/pm.h> 29 #include <linux/device.h> 30 #include <linux/wait.h> 31 #include <linux/err.h> 32 #include <linux/string.h> 33 #include <linux/list.h> 34 #include <linux/jiffies.h> 35 #include <linux/kernel.h> 36 #include <linux/hid.h> 37 #include <linux/mutex.h> 38 39 #include "../hid-ids.h" 40 #include "i2c-hid.h" 41 42 /* quirks to control the device */ 43 #define I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV BIT(0) 44 #define I2C_HID_QUIRK_NO_IRQ_AFTER_RESET BIT(1) 45 #define I2C_HID_QUIRK_BOGUS_IRQ BIT(4) 46 #define I2C_HID_QUIRK_RESET_ON_RESUME BIT(5) 47 #define I2C_HID_QUIRK_BAD_INPUT_SIZE BIT(6) 48 #define I2C_HID_QUIRK_NO_WAKEUP_AFTER_RESET BIT(7) 49 50 51 /* flags */ 52 #define I2C_HID_STARTED 0 53 #define I2C_HID_RESET_PENDING 1 54 #define I2C_HID_READ_PENDING 2 55 56 #define I2C_HID_PWR_ON 0x00 57 #define I2C_HID_PWR_SLEEP 0x01 58 59 /* debug option */ 60 static bool debug; 61 module_param(debug, bool, 0444); 62 MODULE_PARM_DESC(debug, "print a lot of debug information"); 63 64 #define i2c_hid_dbg(ihid, fmt, arg...) \ 65 do { \ 66 if (debug) \ 67 dev_printk(KERN_DEBUG, &(ihid)->client->dev, fmt, ##arg); \ 68 } while (0) 69 70 struct i2c_hid_desc { 71 __le16 wHIDDescLength; 72 __le16 bcdVersion; 73 __le16 wReportDescLength; 74 __le16 wReportDescRegister; 75 __le16 wInputRegister; 76 __le16 wMaxInputLength; 77 __le16 wOutputRegister; 78 __le16 wMaxOutputLength; 79 __le16 wCommandRegister; 80 __le16 wDataRegister; 81 __le16 wVendorID; 82 __le16 wProductID; 83 __le16 wVersionID; 84 __le32 reserved; 85 } __packed; 86 87 struct i2c_hid_cmd { 88 unsigned int registerIndex; 89 __u8 opcode; 90 unsigned int length; 91 bool wait; 92 }; 93 94 union command { 95 u8 data[0]; 96 struct cmd { 97 __le16 reg; 98 __u8 reportTypeID; 99 __u8 opcode; 100 } __packed c; 101 }; 102 103 #define I2C_HID_CMD(opcode_) \ 104 .opcode = opcode_, .length = 4, \ 105 .registerIndex = offsetof(struct i2c_hid_desc, wCommandRegister) 106 107 /* fetch HID descriptor */ 108 static const struct i2c_hid_cmd hid_descr_cmd = { .length = 2 }; 109 /* fetch report descriptors */ 110 static const struct i2c_hid_cmd hid_report_descr_cmd = { 111 .registerIndex = offsetof(struct i2c_hid_desc, 112 wReportDescRegister), 113 .opcode = 0x00, 114 .length = 2 }; 115 /* commands */ 116 static const struct i2c_hid_cmd hid_reset_cmd = { I2C_HID_CMD(0x01), 117 .wait = true }; 118 static const struct i2c_hid_cmd hid_get_report_cmd = { I2C_HID_CMD(0x02) }; 119 static const struct i2c_hid_cmd hid_set_report_cmd = { I2C_HID_CMD(0x03) }; 120 static const struct i2c_hid_cmd hid_set_power_cmd = { I2C_HID_CMD(0x08) }; 121 static const struct i2c_hid_cmd hid_no_cmd = { .length = 0 }; 122 123 /* 124 * These definitions are not used here, but are defined by the spec. 125 * Keeping them here for documentation purposes. 126 * 127 * static const struct i2c_hid_cmd hid_get_idle_cmd = { I2C_HID_CMD(0x04) }; 128 * static const struct i2c_hid_cmd hid_set_idle_cmd = { I2C_HID_CMD(0x05) }; 129 * static const struct i2c_hid_cmd hid_get_protocol_cmd = { I2C_HID_CMD(0x06) }; 130 * static const struct i2c_hid_cmd hid_set_protocol_cmd = { I2C_HID_CMD(0x07) }; 131 */ 132 133 /* The main device structure */ 134 struct i2c_hid { 135 struct i2c_client *client; /* i2c client */ 136 struct hid_device *hid; /* pointer to corresponding HID dev */ 137 union { 138 __u8 hdesc_buffer[sizeof(struct i2c_hid_desc)]; 139 struct i2c_hid_desc hdesc; /* the HID Descriptor */ 140 }; 141 __le16 wHIDDescRegister; /* location of the i2c 142 * register of the HID 143 * descriptor. */ 144 unsigned int bufsize; /* i2c buffer size */ 145 u8 *inbuf; /* Input buffer */ 146 u8 *rawbuf; /* Raw Input buffer */ 147 u8 *cmdbuf; /* Command buffer */ 148 u8 *argsbuf; /* Command arguments buffer */ 149 150 unsigned long flags; /* device flags */ 151 unsigned long quirks; /* Various quirks */ 152 153 wait_queue_head_t wait; /* For waiting the interrupt */ 154 155 bool irq_wake_enabled; 156 struct mutex reset_lock; 157 158 struct i2chid_ops *ops; 159 }; 160 161 static const struct i2c_hid_quirks { 162 __u16 idVendor; 163 __u16 idProduct; 164 __u32 quirks; 165 } i2c_hid_quirks[] = { 166 { USB_VENDOR_ID_WEIDA, HID_ANY_ID, 167 I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV }, 168 { I2C_VENDOR_ID_HANTICK, I2C_PRODUCT_ID_HANTICK_5288, 169 I2C_HID_QUIRK_NO_IRQ_AFTER_RESET }, 170 { I2C_VENDOR_ID_ITE, I2C_DEVICE_ID_ITE_VOYO_WINPAD_A15, 171 I2C_HID_QUIRK_NO_IRQ_AFTER_RESET }, 172 { I2C_VENDOR_ID_RAYDIUM, I2C_PRODUCT_ID_RAYDIUM_3118, 173 I2C_HID_QUIRK_NO_IRQ_AFTER_RESET }, 174 { USB_VENDOR_ID_ALPS_JP, HID_ANY_ID, 175 I2C_HID_QUIRK_RESET_ON_RESUME }, 176 { I2C_VENDOR_ID_SYNAPTICS, I2C_PRODUCT_ID_SYNAPTICS_SYNA2393, 177 I2C_HID_QUIRK_RESET_ON_RESUME }, 178 { USB_VENDOR_ID_ITE, I2C_DEVICE_ID_ITE_LENOVO_LEGION_Y720, 179 I2C_HID_QUIRK_BAD_INPUT_SIZE }, 180 /* 181 * Sending the wakeup after reset actually break ELAN touchscreen controller 182 */ 183 { USB_VENDOR_ID_ELAN, HID_ANY_ID, 184 I2C_HID_QUIRK_NO_WAKEUP_AFTER_RESET | 185 I2C_HID_QUIRK_BOGUS_IRQ }, 186 { 0, 0 } 187 }; 188 189 /* 190 * i2c_hid_lookup_quirk: return any quirks associated with a I2C HID device 191 * @idVendor: the 16-bit vendor ID 192 * @idProduct: the 16-bit product ID 193 * 194 * Returns: a u32 quirks value. 195 */ 196 static u32 i2c_hid_lookup_quirk(const u16 idVendor, const u16 idProduct) 197 { 198 u32 quirks = 0; 199 int n; 200 201 for (n = 0; i2c_hid_quirks[n].idVendor; n++) 202 if (i2c_hid_quirks[n].idVendor == idVendor && 203 (i2c_hid_quirks[n].idProduct == (__u16)HID_ANY_ID || 204 i2c_hid_quirks[n].idProduct == idProduct)) 205 quirks = i2c_hid_quirks[n].quirks; 206 207 return quirks; 208 } 209 210 static int __i2c_hid_command(struct i2c_client *client, 211 const struct i2c_hid_cmd *command, u8 reportID, 212 u8 reportType, u8 *args, int args_len, 213 unsigned char *buf_recv, int data_len) 214 { 215 struct i2c_hid *ihid = i2c_get_clientdata(client); 216 union command *cmd = (union command *)ihid->cmdbuf; 217 int ret; 218 struct i2c_msg msg[2]; 219 int msg_num = 1; 220 221 int length = command->length; 222 bool wait = command->wait; 223 unsigned int registerIndex = command->registerIndex; 224 225 /* special case for hid_descr_cmd */ 226 if (command == &hid_descr_cmd) { 227 cmd->c.reg = ihid->wHIDDescRegister; 228 } else { 229 cmd->data[0] = ihid->hdesc_buffer[registerIndex]; 230 cmd->data[1] = ihid->hdesc_buffer[registerIndex + 1]; 231 } 232 233 if (length > 2) { 234 cmd->c.opcode = command->opcode; 235 cmd->c.reportTypeID = reportID | reportType << 4; 236 } 237 238 memcpy(cmd->data + length, args, args_len); 239 length += args_len; 240 241 i2c_hid_dbg(ihid, "%s: cmd=%*ph\n", __func__, length, cmd->data); 242 243 msg[0].addr = client->addr; 244 msg[0].flags = client->flags & I2C_M_TEN; 245 msg[0].len = length; 246 msg[0].buf = cmd->data; 247 if (data_len > 0) { 248 msg[1].addr = client->addr; 249 msg[1].flags = client->flags & I2C_M_TEN; 250 msg[1].flags |= I2C_M_RD; 251 msg[1].len = data_len; 252 msg[1].buf = buf_recv; 253 msg_num = 2; 254 set_bit(I2C_HID_READ_PENDING, &ihid->flags); 255 } 256 257 if (wait) 258 set_bit(I2C_HID_RESET_PENDING, &ihid->flags); 259 260 ret = i2c_transfer(client->adapter, msg, msg_num); 261 262 if (data_len > 0) 263 clear_bit(I2C_HID_READ_PENDING, &ihid->flags); 264 265 if (ret != msg_num) 266 return ret < 0 ? ret : -EIO; 267 268 ret = 0; 269 270 if (wait && (ihid->quirks & I2C_HID_QUIRK_NO_IRQ_AFTER_RESET)) { 271 msleep(100); 272 } else if (wait) { 273 i2c_hid_dbg(ihid, "%s: waiting...\n", __func__); 274 if (!wait_event_timeout(ihid->wait, 275 !test_bit(I2C_HID_RESET_PENDING, &ihid->flags), 276 msecs_to_jiffies(5000))) 277 ret = -ENODATA; 278 i2c_hid_dbg(ihid, "%s: finished.\n", __func__); 279 } 280 281 return ret; 282 } 283 284 static int i2c_hid_command(struct i2c_client *client, 285 const struct i2c_hid_cmd *command, 286 unsigned char *buf_recv, int data_len) 287 { 288 return __i2c_hid_command(client, command, 0, 0, NULL, 0, 289 buf_recv, data_len); 290 } 291 292 static int i2c_hid_get_report(struct i2c_client *client, u8 reportType, 293 u8 reportID, unsigned char *buf_recv, int data_len) 294 { 295 struct i2c_hid *ihid = i2c_get_clientdata(client); 296 u8 args[3]; 297 int ret; 298 int args_len = 0; 299 u16 readRegister = le16_to_cpu(ihid->hdesc.wDataRegister); 300 301 i2c_hid_dbg(ihid, "%s\n", __func__); 302 303 if (reportID >= 0x0F) { 304 args[args_len++] = reportID; 305 reportID = 0x0F; 306 } 307 308 args[args_len++] = readRegister & 0xFF; 309 args[args_len++] = readRegister >> 8; 310 311 ret = __i2c_hid_command(client, &hid_get_report_cmd, reportID, 312 reportType, args, args_len, buf_recv, data_len); 313 if (ret) { 314 dev_err(&client->dev, 315 "failed to retrieve report from device.\n"); 316 return ret; 317 } 318 319 return 0; 320 } 321 322 /** 323 * i2c_hid_set_or_send_report: forward an incoming report to the device 324 * @client: the i2c_client of the device 325 * @reportType: 0x03 for HID_FEATURE_REPORT ; 0x02 for HID_OUTPUT_REPORT 326 * @reportID: the report ID 327 * @buf: the actual data to transfer, without the report ID 328 * @data_len: size of buf 329 * @use_data: true: use SET_REPORT HID command, false: send plain OUTPUT report 330 */ 331 static int i2c_hid_set_or_send_report(struct i2c_client *client, u8 reportType, 332 u8 reportID, unsigned char *buf, size_t data_len, bool use_data) 333 { 334 struct i2c_hid *ihid = i2c_get_clientdata(client); 335 u8 *args = ihid->argsbuf; 336 const struct i2c_hid_cmd *hidcmd; 337 int ret; 338 u16 dataRegister = le16_to_cpu(ihid->hdesc.wDataRegister); 339 u16 outputRegister = le16_to_cpu(ihid->hdesc.wOutputRegister); 340 u16 maxOutputLength = le16_to_cpu(ihid->hdesc.wMaxOutputLength); 341 u16 size; 342 int args_len; 343 int index = 0; 344 345 i2c_hid_dbg(ihid, "%s\n", __func__); 346 347 if (data_len > ihid->bufsize) 348 return -EINVAL; 349 350 size = 2 /* size */ + 351 (reportID ? 1 : 0) /* reportID */ + 352 data_len /* buf */; 353 args_len = (reportID >= 0x0F ? 1 : 0) /* optional third byte */ + 354 2 /* dataRegister */ + 355 size /* args */; 356 357 if (!use_data && maxOutputLength == 0) 358 return -ENOSYS; 359 360 if (reportID >= 0x0F) { 361 args[index++] = reportID; 362 reportID = 0x0F; 363 } 364 365 /* 366 * use the data register for feature reports or if the device does not 367 * support the output register 368 */ 369 if (use_data) { 370 args[index++] = dataRegister & 0xFF; 371 args[index++] = dataRegister >> 8; 372 hidcmd = &hid_set_report_cmd; 373 } else { 374 args[index++] = outputRegister & 0xFF; 375 args[index++] = outputRegister >> 8; 376 hidcmd = &hid_no_cmd; 377 } 378 379 args[index++] = size & 0xFF; 380 args[index++] = size >> 8; 381 382 if (reportID) 383 args[index++] = reportID; 384 385 memcpy(&args[index], buf, data_len); 386 387 ret = __i2c_hid_command(client, hidcmd, reportID, 388 reportType, args, args_len, NULL, 0); 389 if (ret) { 390 dev_err(&client->dev, "failed to set a report to device.\n"); 391 return ret; 392 } 393 394 return data_len; 395 } 396 397 static int i2c_hid_set_power(struct i2c_client *client, int power_state) 398 { 399 struct i2c_hid *ihid = i2c_get_clientdata(client); 400 int ret; 401 402 i2c_hid_dbg(ihid, "%s\n", __func__); 403 404 /* 405 * Some devices require to send a command to wakeup before power on. 406 * The call will get a return value (EREMOTEIO) but device will be 407 * triggered and activated. After that, it goes like a normal device. 408 */ 409 if (power_state == I2C_HID_PWR_ON && 410 ihid->quirks & I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV) { 411 ret = i2c_hid_command(client, &hid_set_power_cmd, NULL, 0); 412 413 /* Device was already activated */ 414 if (!ret) 415 goto set_pwr_exit; 416 } 417 418 ret = __i2c_hid_command(client, &hid_set_power_cmd, power_state, 419 0, NULL, 0, NULL, 0); 420 421 if (ret) 422 dev_err(&client->dev, "failed to change power setting.\n"); 423 424 set_pwr_exit: 425 426 /* 427 * The HID over I2C specification states that if a DEVICE needs time 428 * after the PWR_ON request, it should utilise CLOCK stretching. 429 * However, it has been observered that the Windows driver provides a 430 * 1ms sleep between the PWR_ON and RESET requests. 431 * According to Goodix Windows even waits 60 ms after (other?) 432 * PWR_ON requests. Testing has confirmed that several devices 433 * will not work properly without a delay after a PWR_ON request. 434 */ 435 if (!ret && power_state == I2C_HID_PWR_ON) 436 msleep(60); 437 438 return ret; 439 } 440 441 static int i2c_hid_hwreset(struct i2c_client *client) 442 { 443 struct i2c_hid *ihid = i2c_get_clientdata(client); 444 int ret; 445 446 i2c_hid_dbg(ihid, "%s\n", __func__); 447 448 /* 449 * This prevents sending feature reports while the device is 450 * being reset. Otherwise we may lose the reset complete 451 * interrupt. 452 */ 453 mutex_lock(&ihid->reset_lock); 454 455 ret = i2c_hid_set_power(client, I2C_HID_PWR_ON); 456 if (ret) 457 goto out_unlock; 458 459 i2c_hid_dbg(ihid, "resetting...\n"); 460 461 ret = i2c_hid_command(client, &hid_reset_cmd, NULL, 0); 462 if (ret) { 463 dev_err(&client->dev, "failed to reset device.\n"); 464 i2c_hid_set_power(client, I2C_HID_PWR_SLEEP); 465 goto out_unlock; 466 } 467 468 /* At least some SIS devices need this after reset */ 469 if (!(ihid->quirks & I2C_HID_QUIRK_NO_WAKEUP_AFTER_RESET)) 470 ret = i2c_hid_set_power(client, I2C_HID_PWR_ON); 471 472 out_unlock: 473 mutex_unlock(&ihid->reset_lock); 474 return ret; 475 } 476 477 static void i2c_hid_get_input(struct i2c_hid *ihid) 478 { 479 int ret; 480 u32 ret_size; 481 int size = le16_to_cpu(ihid->hdesc.wMaxInputLength); 482 483 if (size > ihid->bufsize) 484 size = ihid->bufsize; 485 486 ret = i2c_master_recv(ihid->client, ihid->inbuf, size); 487 if (ret != size) { 488 if (ret < 0) 489 return; 490 491 dev_err(&ihid->client->dev, "%s: got %d data instead of %d\n", 492 __func__, ret, size); 493 return; 494 } 495 496 ret_size = ihid->inbuf[0] | ihid->inbuf[1] << 8; 497 498 if (!ret_size) { 499 /* host or device initiated RESET completed */ 500 if (test_and_clear_bit(I2C_HID_RESET_PENDING, &ihid->flags)) 501 wake_up(&ihid->wait); 502 return; 503 } 504 505 if (ihid->quirks & I2C_HID_QUIRK_BOGUS_IRQ && ret_size == 0xffff) { 506 dev_warn_once(&ihid->client->dev, "%s: IRQ triggered but " 507 "there's no data\n", __func__); 508 return; 509 } 510 511 if ((ret_size > size) || (ret_size < 2)) { 512 if (ihid->quirks & I2C_HID_QUIRK_BAD_INPUT_SIZE) { 513 ihid->inbuf[0] = size & 0xff; 514 ihid->inbuf[1] = size >> 8; 515 ret_size = size; 516 } else { 517 dev_err(&ihid->client->dev, "%s: incomplete report (%d/%d)\n", 518 __func__, size, ret_size); 519 return; 520 } 521 } 522 523 i2c_hid_dbg(ihid, "input: %*ph\n", ret_size, ihid->inbuf); 524 525 if (test_bit(I2C_HID_STARTED, &ihid->flags)) 526 hid_input_report(ihid->hid, HID_INPUT_REPORT, ihid->inbuf + 2, 527 ret_size - 2, 1); 528 529 return; 530 } 531 532 static irqreturn_t i2c_hid_irq(int irq, void *dev_id) 533 { 534 struct i2c_hid *ihid = dev_id; 535 536 if (test_bit(I2C_HID_READ_PENDING, &ihid->flags)) 537 return IRQ_HANDLED; 538 539 i2c_hid_get_input(ihid); 540 541 return IRQ_HANDLED; 542 } 543 544 static int i2c_hid_get_report_length(struct hid_report *report) 545 { 546 return ((report->size - 1) >> 3) + 1 + 547 report->device->report_enum[report->type].numbered + 2; 548 } 549 550 /* 551 * Traverse the supplied list of reports and find the longest 552 */ 553 static void i2c_hid_find_max_report(struct hid_device *hid, unsigned int type, 554 unsigned int *max) 555 { 556 struct hid_report *report; 557 unsigned int size; 558 559 /* We should not rely on wMaxInputLength, as some devices may set it to 560 * a wrong length. */ 561 list_for_each_entry(report, &hid->report_enum[type].report_list, list) { 562 size = i2c_hid_get_report_length(report); 563 if (*max < size) 564 *max = size; 565 } 566 } 567 568 static void i2c_hid_free_buffers(struct i2c_hid *ihid) 569 { 570 kfree(ihid->inbuf); 571 kfree(ihid->rawbuf); 572 kfree(ihid->argsbuf); 573 kfree(ihid->cmdbuf); 574 ihid->inbuf = NULL; 575 ihid->rawbuf = NULL; 576 ihid->cmdbuf = NULL; 577 ihid->argsbuf = NULL; 578 ihid->bufsize = 0; 579 } 580 581 static int i2c_hid_alloc_buffers(struct i2c_hid *ihid, size_t report_size) 582 { 583 /* the worst case is computed from the set_report command with a 584 * reportID > 15 and the maximum report length */ 585 int args_len = sizeof(__u8) + /* ReportID */ 586 sizeof(__u8) + /* optional ReportID byte */ 587 sizeof(__u16) + /* data register */ 588 sizeof(__u16) + /* size of the report */ 589 report_size; /* report */ 590 591 ihid->inbuf = kzalloc(report_size, GFP_KERNEL); 592 ihid->rawbuf = kzalloc(report_size, GFP_KERNEL); 593 ihid->argsbuf = kzalloc(args_len, GFP_KERNEL); 594 ihid->cmdbuf = kzalloc(sizeof(union command) + args_len, GFP_KERNEL); 595 596 if (!ihid->inbuf || !ihid->rawbuf || !ihid->argsbuf || !ihid->cmdbuf) { 597 i2c_hid_free_buffers(ihid); 598 return -ENOMEM; 599 } 600 601 ihid->bufsize = report_size; 602 603 return 0; 604 } 605 606 static int i2c_hid_get_raw_report(struct hid_device *hid, 607 unsigned char report_number, __u8 *buf, size_t count, 608 unsigned char report_type) 609 { 610 struct i2c_client *client = hid->driver_data; 611 struct i2c_hid *ihid = i2c_get_clientdata(client); 612 size_t ret_count, ask_count; 613 int ret; 614 615 if (report_type == HID_OUTPUT_REPORT) 616 return -EINVAL; 617 618 /* +2 bytes to include the size of the reply in the query buffer */ 619 ask_count = min(count + 2, (size_t)ihid->bufsize); 620 621 ret = i2c_hid_get_report(client, 622 report_type == HID_FEATURE_REPORT ? 0x03 : 0x01, 623 report_number, ihid->rawbuf, ask_count); 624 625 if (ret < 0) 626 return ret; 627 628 ret_count = ihid->rawbuf[0] | (ihid->rawbuf[1] << 8); 629 630 if (ret_count <= 2) 631 return 0; 632 633 ret_count = min(ret_count, ask_count); 634 635 /* The query buffer contains the size, dropping it in the reply */ 636 count = min(count, ret_count - 2); 637 memcpy(buf, ihid->rawbuf + 2, count); 638 639 return count; 640 } 641 642 static int i2c_hid_output_raw_report(struct hid_device *hid, __u8 *buf, 643 size_t count, unsigned char report_type, bool use_data) 644 { 645 struct i2c_client *client = hid->driver_data; 646 struct i2c_hid *ihid = i2c_get_clientdata(client); 647 int report_id = buf[0]; 648 int ret; 649 650 if (report_type == HID_INPUT_REPORT) 651 return -EINVAL; 652 653 mutex_lock(&ihid->reset_lock); 654 655 if (report_id) { 656 buf++; 657 count--; 658 } 659 660 ret = i2c_hid_set_or_send_report(client, 661 report_type == HID_FEATURE_REPORT ? 0x03 : 0x02, 662 report_id, buf, count, use_data); 663 664 if (report_id && ret >= 0) 665 ret++; /* add report_id to the number of transfered bytes */ 666 667 mutex_unlock(&ihid->reset_lock); 668 669 return ret; 670 } 671 672 static int i2c_hid_output_report(struct hid_device *hid, __u8 *buf, 673 size_t count) 674 { 675 return i2c_hid_output_raw_report(hid, buf, count, HID_OUTPUT_REPORT, 676 false); 677 } 678 679 static int i2c_hid_raw_request(struct hid_device *hid, unsigned char reportnum, 680 __u8 *buf, size_t len, unsigned char rtype, 681 int reqtype) 682 { 683 switch (reqtype) { 684 case HID_REQ_GET_REPORT: 685 return i2c_hid_get_raw_report(hid, reportnum, buf, len, rtype); 686 case HID_REQ_SET_REPORT: 687 if (buf[0] != reportnum) 688 return -EINVAL; 689 return i2c_hid_output_raw_report(hid, buf, len, rtype, true); 690 default: 691 return -EIO; 692 } 693 } 694 695 static int i2c_hid_parse(struct hid_device *hid) 696 { 697 struct i2c_client *client = hid->driver_data; 698 struct i2c_hid *ihid = i2c_get_clientdata(client); 699 struct i2c_hid_desc *hdesc = &ihid->hdesc; 700 unsigned int rsize; 701 char *rdesc; 702 int ret; 703 int tries = 3; 704 char *use_override; 705 706 i2c_hid_dbg(ihid, "entering %s\n", __func__); 707 708 rsize = le16_to_cpu(hdesc->wReportDescLength); 709 if (!rsize || rsize > HID_MAX_DESCRIPTOR_SIZE) { 710 dbg_hid("weird size of report descriptor (%u)\n", rsize); 711 return -EINVAL; 712 } 713 714 do { 715 ret = i2c_hid_hwreset(client); 716 if (ret) 717 msleep(1000); 718 } while (tries-- > 0 && ret); 719 720 if (ret) 721 return ret; 722 723 use_override = i2c_hid_get_dmi_hid_report_desc_override(client->name, 724 &rsize); 725 726 if (use_override) { 727 rdesc = use_override; 728 i2c_hid_dbg(ihid, "Using a HID report descriptor override\n"); 729 } else { 730 rdesc = kzalloc(rsize, GFP_KERNEL); 731 732 if (!rdesc) { 733 dbg_hid("couldn't allocate rdesc memory\n"); 734 return -ENOMEM; 735 } 736 737 i2c_hid_dbg(ihid, "asking HID report descriptor\n"); 738 739 ret = i2c_hid_command(client, &hid_report_descr_cmd, 740 rdesc, rsize); 741 if (ret) { 742 hid_err(hid, "reading report descriptor failed\n"); 743 kfree(rdesc); 744 return -EIO; 745 } 746 } 747 748 i2c_hid_dbg(ihid, "Report Descriptor: %*ph\n", rsize, rdesc); 749 750 ret = hid_parse_report(hid, rdesc, rsize); 751 if (!use_override) 752 kfree(rdesc); 753 754 if (ret) { 755 dbg_hid("parsing report descriptor failed\n"); 756 return ret; 757 } 758 759 return 0; 760 } 761 762 static int i2c_hid_start(struct hid_device *hid) 763 { 764 struct i2c_client *client = hid->driver_data; 765 struct i2c_hid *ihid = i2c_get_clientdata(client); 766 int ret; 767 unsigned int bufsize = HID_MIN_BUFFER_SIZE; 768 769 i2c_hid_find_max_report(hid, HID_INPUT_REPORT, &bufsize); 770 i2c_hid_find_max_report(hid, HID_OUTPUT_REPORT, &bufsize); 771 i2c_hid_find_max_report(hid, HID_FEATURE_REPORT, &bufsize); 772 773 if (bufsize > ihid->bufsize) { 774 disable_irq(client->irq); 775 i2c_hid_free_buffers(ihid); 776 777 ret = i2c_hid_alloc_buffers(ihid, bufsize); 778 enable_irq(client->irq); 779 780 if (ret) 781 return ret; 782 } 783 784 return 0; 785 } 786 787 static void i2c_hid_stop(struct hid_device *hid) 788 { 789 hid->claimed = 0; 790 } 791 792 static int i2c_hid_open(struct hid_device *hid) 793 { 794 struct i2c_client *client = hid->driver_data; 795 struct i2c_hid *ihid = i2c_get_clientdata(client); 796 797 set_bit(I2C_HID_STARTED, &ihid->flags); 798 return 0; 799 } 800 801 static void i2c_hid_close(struct hid_device *hid) 802 { 803 struct i2c_client *client = hid->driver_data; 804 struct i2c_hid *ihid = i2c_get_clientdata(client); 805 806 clear_bit(I2C_HID_STARTED, &ihid->flags); 807 } 808 809 struct hid_ll_driver i2c_hid_ll_driver = { 810 .parse = i2c_hid_parse, 811 .start = i2c_hid_start, 812 .stop = i2c_hid_stop, 813 .open = i2c_hid_open, 814 .close = i2c_hid_close, 815 .output_report = i2c_hid_output_report, 816 .raw_request = i2c_hid_raw_request, 817 }; 818 EXPORT_SYMBOL_GPL(i2c_hid_ll_driver); 819 820 static int i2c_hid_init_irq(struct i2c_client *client) 821 { 822 struct i2c_hid *ihid = i2c_get_clientdata(client); 823 unsigned long irqflags = 0; 824 int ret; 825 826 dev_dbg(&client->dev, "Requesting IRQ: %d\n", client->irq); 827 828 if (!irq_get_trigger_type(client->irq)) 829 irqflags = IRQF_TRIGGER_LOW; 830 831 ret = request_threaded_irq(client->irq, NULL, i2c_hid_irq, 832 irqflags | IRQF_ONESHOT, client->name, ihid); 833 if (ret < 0) { 834 dev_warn(&client->dev, 835 "Could not register for %s interrupt, irq = %d," 836 " ret = %d\n", 837 client->name, client->irq, ret); 838 839 return ret; 840 } 841 842 return 0; 843 } 844 845 static int i2c_hid_fetch_hid_descriptor(struct i2c_hid *ihid) 846 { 847 struct i2c_client *client = ihid->client; 848 struct i2c_hid_desc *hdesc = &ihid->hdesc; 849 unsigned int dsize; 850 int ret; 851 852 /* i2c hid fetch using a fixed descriptor size (30 bytes) */ 853 if (i2c_hid_get_dmi_i2c_hid_desc_override(client->name)) { 854 i2c_hid_dbg(ihid, "Using a HID descriptor override\n"); 855 ihid->hdesc = 856 *i2c_hid_get_dmi_i2c_hid_desc_override(client->name); 857 } else { 858 i2c_hid_dbg(ihid, "Fetching the HID descriptor\n"); 859 ret = i2c_hid_command(client, &hid_descr_cmd, 860 ihid->hdesc_buffer, 861 sizeof(struct i2c_hid_desc)); 862 if (ret) { 863 dev_err(&client->dev, "hid_descr_cmd failed\n"); 864 return -ENODEV; 865 } 866 } 867 868 /* Validate the length of HID descriptor, the 4 first bytes: 869 * bytes 0-1 -> length 870 * bytes 2-3 -> bcdVersion (has to be 1.00) */ 871 /* check bcdVersion == 1.0 */ 872 if (le16_to_cpu(hdesc->bcdVersion) != 0x0100) { 873 dev_err(&client->dev, 874 "unexpected HID descriptor bcdVersion (0x%04hx)\n", 875 le16_to_cpu(hdesc->bcdVersion)); 876 return -ENODEV; 877 } 878 879 /* Descriptor length should be 30 bytes as per the specification */ 880 dsize = le16_to_cpu(hdesc->wHIDDescLength); 881 if (dsize != sizeof(struct i2c_hid_desc)) { 882 dev_err(&client->dev, "weird size of HID descriptor (%u)\n", 883 dsize); 884 return -ENODEV; 885 } 886 i2c_hid_dbg(ihid, "HID Descriptor: %*ph\n", dsize, ihid->hdesc_buffer); 887 return 0; 888 } 889 890 static int i2c_hid_core_power_up(struct i2c_hid *ihid) 891 { 892 if (!ihid->ops->power_up) 893 return 0; 894 895 return ihid->ops->power_up(ihid->ops); 896 } 897 898 static void i2c_hid_core_power_down(struct i2c_hid *ihid) 899 { 900 if (!ihid->ops->power_down) 901 return; 902 903 ihid->ops->power_down(ihid->ops); 904 } 905 906 static void i2c_hid_core_shutdown_tail(struct i2c_hid *ihid) 907 { 908 if (!ihid->ops->shutdown_tail) 909 return; 910 911 ihid->ops->shutdown_tail(ihid->ops); 912 } 913 914 int i2c_hid_core_probe(struct i2c_client *client, struct i2chid_ops *ops, 915 u16 hid_descriptor_address) 916 { 917 int ret; 918 struct i2c_hid *ihid; 919 struct hid_device *hid; 920 921 dbg_hid("HID probe called for i2c 0x%02x\n", client->addr); 922 923 if (!client->irq) { 924 dev_err(&client->dev, 925 "HID over i2c has not been provided an Int IRQ\n"); 926 return -EINVAL; 927 } 928 929 if (client->irq < 0) { 930 if (client->irq != -EPROBE_DEFER) 931 dev_err(&client->dev, 932 "HID over i2c doesn't have a valid IRQ\n"); 933 return client->irq; 934 } 935 936 ihid = devm_kzalloc(&client->dev, sizeof(*ihid), GFP_KERNEL); 937 if (!ihid) 938 return -ENOMEM; 939 940 ihid->ops = ops; 941 942 ret = i2c_hid_core_power_up(ihid); 943 if (ret) 944 return ret; 945 946 i2c_set_clientdata(client, ihid); 947 948 ihid->client = client; 949 950 ihid->wHIDDescRegister = cpu_to_le16(hid_descriptor_address); 951 952 init_waitqueue_head(&ihid->wait); 953 mutex_init(&ihid->reset_lock); 954 955 /* we need to allocate the command buffer without knowing the maximum 956 * size of the reports. Let's use HID_MIN_BUFFER_SIZE, then we do the 957 * real computation later. */ 958 ret = i2c_hid_alloc_buffers(ihid, HID_MIN_BUFFER_SIZE); 959 if (ret < 0) 960 goto err_powered; 961 962 device_enable_async_suspend(&client->dev); 963 964 /* Make sure there is something at this address */ 965 ret = i2c_smbus_read_byte(client); 966 if (ret < 0) { 967 dev_dbg(&client->dev, "nothing at this address: %d\n", ret); 968 ret = -ENXIO; 969 goto err_powered; 970 } 971 972 ret = i2c_hid_fetch_hid_descriptor(ihid); 973 if (ret < 0) { 974 dev_err(&client->dev, 975 "Failed to fetch the HID Descriptor\n"); 976 goto err_powered; 977 } 978 979 ret = i2c_hid_init_irq(client); 980 if (ret < 0) 981 goto err_powered; 982 983 hid = hid_allocate_device(); 984 if (IS_ERR(hid)) { 985 ret = PTR_ERR(hid); 986 goto err_irq; 987 } 988 989 ihid->hid = hid; 990 991 hid->driver_data = client; 992 hid->ll_driver = &i2c_hid_ll_driver; 993 hid->dev.parent = &client->dev; 994 hid->bus = BUS_I2C; 995 hid->version = le16_to_cpu(ihid->hdesc.bcdVersion); 996 hid->vendor = le16_to_cpu(ihid->hdesc.wVendorID); 997 hid->product = le16_to_cpu(ihid->hdesc.wProductID); 998 999 snprintf(hid->name, sizeof(hid->name), "%s %04X:%04X", 1000 client->name, (u16)hid->vendor, (u16)hid->product); 1001 strlcpy(hid->phys, dev_name(&client->dev), sizeof(hid->phys)); 1002 1003 ihid->quirks = i2c_hid_lookup_quirk(hid->vendor, hid->product); 1004 1005 ret = hid_add_device(hid); 1006 if (ret) { 1007 if (ret != -ENODEV) 1008 hid_err(client, "can't add hid device: %d\n", ret); 1009 goto err_mem_free; 1010 } 1011 1012 return 0; 1013 1014 err_mem_free: 1015 hid_destroy_device(hid); 1016 1017 err_irq: 1018 free_irq(client->irq, ihid); 1019 1020 err_powered: 1021 i2c_hid_core_power_down(ihid); 1022 i2c_hid_free_buffers(ihid); 1023 return ret; 1024 } 1025 EXPORT_SYMBOL_GPL(i2c_hid_core_probe); 1026 1027 int i2c_hid_core_remove(struct i2c_client *client) 1028 { 1029 struct i2c_hid *ihid = i2c_get_clientdata(client); 1030 struct hid_device *hid; 1031 1032 hid = ihid->hid; 1033 hid_destroy_device(hid); 1034 1035 free_irq(client->irq, ihid); 1036 1037 if (ihid->bufsize) 1038 i2c_hid_free_buffers(ihid); 1039 1040 i2c_hid_core_power_down(ihid); 1041 1042 return 0; 1043 } 1044 EXPORT_SYMBOL_GPL(i2c_hid_core_remove); 1045 1046 void i2c_hid_core_shutdown(struct i2c_client *client) 1047 { 1048 struct i2c_hid *ihid = i2c_get_clientdata(client); 1049 1050 i2c_hid_set_power(client, I2C_HID_PWR_SLEEP); 1051 free_irq(client->irq, ihid); 1052 1053 i2c_hid_core_shutdown_tail(ihid); 1054 } 1055 EXPORT_SYMBOL_GPL(i2c_hid_core_shutdown); 1056 1057 #ifdef CONFIG_PM_SLEEP 1058 static int i2c_hid_core_suspend(struct device *dev) 1059 { 1060 struct i2c_client *client = to_i2c_client(dev); 1061 struct i2c_hid *ihid = i2c_get_clientdata(client); 1062 struct hid_device *hid = ihid->hid; 1063 int ret; 1064 int wake_status; 1065 1066 if (hid->driver && hid->driver->suspend) { 1067 ret = hid->driver->suspend(hid, PMSG_SUSPEND); 1068 if (ret < 0) 1069 return ret; 1070 } 1071 1072 /* Save some power */ 1073 i2c_hid_set_power(client, I2C_HID_PWR_SLEEP); 1074 1075 disable_irq(client->irq); 1076 1077 if (device_may_wakeup(&client->dev)) { 1078 wake_status = enable_irq_wake(client->irq); 1079 if (!wake_status) 1080 ihid->irq_wake_enabled = true; 1081 else 1082 hid_warn(hid, "Failed to enable irq wake: %d\n", 1083 wake_status); 1084 } else { 1085 i2c_hid_core_power_down(ihid); 1086 } 1087 1088 return 0; 1089 } 1090 1091 static int i2c_hid_core_resume(struct device *dev) 1092 { 1093 int ret; 1094 struct i2c_client *client = to_i2c_client(dev); 1095 struct i2c_hid *ihid = i2c_get_clientdata(client); 1096 struct hid_device *hid = ihid->hid; 1097 int wake_status; 1098 1099 if (!device_may_wakeup(&client->dev)) { 1100 i2c_hid_core_power_up(ihid); 1101 } else if (ihid->irq_wake_enabled) { 1102 wake_status = disable_irq_wake(client->irq); 1103 if (!wake_status) 1104 ihid->irq_wake_enabled = false; 1105 else 1106 hid_warn(hid, "Failed to disable irq wake: %d\n", 1107 wake_status); 1108 } 1109 1110 enable_irq(client->irq); 1111 1112 /* Instead of resetting device, simply powers the device on. This 1113 * solves "incomplete reports" on Raydium devices 2386:3118 and 1114 * 2386:4B33 and fixes various SIS touchscreens no longer sending 1115 * data after a suspend/resume. 1116 * 1117 * However some ALPS touchpads generate IRQ storm without reset, so 1118 * let's still reset them here. 1119 */ 1120 if (ihid->quirks & I2C_HID_QUIRK_RESET_ON_RESUME) 1121 ret = i2c_hid_hwreset(client); 1122 else 1123 ret = i2c_hid_set_power(client, I2C_HID_PWR_ON); 1124 1125 if (ret) 1126 return ret; 1127 1128 if (hid->driver && hid->driver->reset_resume) { 1129 ret = hid->driver->reset_resume(hid); 1130 return ret; 1131 } 1132 1133 return 0; 1134 } 1135 #endif 1136 1137 const struct dev_pm_ops i2c_hid_core_pm = { 1138 SET_SYSTEM_SLEEP_PM_OPS(i2c_hid_core_suspend, i2c_hid_core_resume) 1139 }; 1140 EXPORT_SYMBOL_GPL(i2c_hid_core_pm); 1141 1142 MODULE_DESCRIPTION("HID over I2C core driver"); 1143 MODULE_AUTHOR("Benjamin Tissoires <benjamin.tissoires@gmail.com>"); 1144 MODULE_LICENSE("GPL"); 1145