1 /* 2 * HID over I2C protocol implementation 3 * 4 * Copyright (c) 2012 Benjamin Tissoires <benjamin.tissoires@gmail.com> 5 * Copyright (c) 2012 Ecole Nationale de l'Aviation Civile, France 6 * Copyright (c) 2012 Red Hat, Inc 7 * 8 * This code is partly based on "USB HID support for Linux": 9 * 10 * Copyright (c) 1999 Andreas Gal 11 * Copyright (c) 2000-2005 Vojtech Pavlik <vojtech@suse.cz> 12 * Copyright (c) 2005 Michael Haboustak <mike-@cinci.rr.com> for Concept2, Inc 13 * Copyright (c) 2007-2008 Oliver Neukum 14 * Copyright (c) 2006-2010 Jiri Kosina 15 * 16 * This file is subject to the terms and conditions of the GNU General Public 17 * License. See the file COPYING in the main directory of this archive for 18 * more details. 19 */ 20 21 #include <linux/module.h> 22 #include <linux/i2c.h> 23 #include <linux/interrupt.h> 24 #include <linux/input.h> 25 #include <linux/irq.h> 26 #include <linux/delay.h> 27 #include <linux/slab.h> 28 #include <linux/pm.h> 29 #include <linux/device.h> 30 #include <linux/wait.h> 31 #include <linux/err.h> 32 #include <linux/string.h> 33 #include <linux/list.h> 34 #include <linux/jiffies.h> 35 #include <linux/kernel.h> 36 #include <linux/hid.h> 37 #include <linux/mutex.h> 38 39 #include "../hid-ids.h" 40 #include "i2c-hid.h" 41 42 /* quirks to control the device */ 43 #define I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV BIT(0) 44 #define I2C_HID_QUIRK_NO_IRQ_AFTER_RESET BIT(1) 45 #define I2C_HID_QUIRK_BOGUS_IRQ BIT(4) 46 #define I2C_HID_QUIRK_RESET_ON_RESUME BIT(5) 47 #define I2C_HID_QUIRK_BAD_INPUT_SIZE BIT(6) 48 #define I2C_HID_QUIRK_NO_WAKEUP_AFTER_RESET BIT(7) 49 50 51 /* flags */ 52 #define I2C_HID_STARTED 0 53 #define I2C_HID_RESET_PENDING 1 54 #define I2C_HID_READ_PENDING 2 55 56 #define I2C_HID_PWR_ON 0x00 57 #define I2C_HID_PWR_SLEEP 0x01 58 59 /* debug option */ 60 static bool debug; 61 module_param(debug, bool, 0444); 62 MODULE_PARM_DESC(debug, "print a lot of debug information"); 63 64 #define i2c_hid_dbg(ihid, fmt, arg...) \ 65 do { \ 66 if (debug) \ 67 dev_printk(KERN_DEBUG, &(ihid)->client->dev, fmt, ##arg); \ 68 } while (0) 69 70 struct i2c_hid_desc { 71 __le16 wHIDDescLength; 72 __le16 bcdVersion; 73 __le16 wReportDescLength; 74 __le16 wReportDescRegister; 75 __le16 wInputRegister; 76 __le16 wMaxInputLength; 77 __le16 wOutputRegister; 78 __le16 wMaxOutputLength; 79 __le16 wCommandRegister; 80 __le16 wDataRegister; 81 __le16 wVendorID; 82 __le16 wProductID; 83 __le16 wVersionID; 84 __le32 reserved; 85 } __packed; 86 87 struct i2c_hid_cmd { 88 unsigned int registerIndex; 89 __u8 opcode; 90 unsigned int length; 91 bool wait; 92 }; 93 94 union command { 95 u8 data[0]; 96 struct cmd { 97 __le16 reg; 98 __u8 reportTypeID; 99 __u8 opcode; 100 } __packed c; 101 }; 102 103 #define I2C_HID_CMD(opcode_) \ 104 .opcode = opcode_, .length = 4, \ 105 .registerIndex = offsetof(struct i2c_hid_desc, wCommandRegister) 106 107 /* fetch HID descriptor */ 108 static const struct i2c_hid_cmd hid_descr_cmd = { .length = 2 }; 109 /* fetch report descriptors */ 110 static const struct i2c_hid_cmd hid_report_descr_cmd = { 111 .registerIndex = offsetof(struct i2c_hid_desc, 112 wReportDescRegister), 113 .opcode = 0x00, 114 .length = 2 }; 115 /* commands */ 116 static const struct i2c_hid_cmd hid_reset_cmd = { I2C_HID_CMD(0x01), 117 .wait = true }; 118 static const struct i2c_hid_cmd hid_get_report_cmd = { I2C_HID_CMD(0x02) }; 119 static const struct i2c_hid_cmd hid_set_report_cmd = { I2C_HID_CMD(0x03) }; 120 static const struct i2c_hid_cmd hid_set_power_cmd = { I2C_HID_CMD(0x08) }; 121 static const struct i2c_hid_cmd hid_no_cmd = { .length = 0 }; 122 123 /* 124 * These definitions are not used here, but are defined by the spec. 125 * Keeping them here for documentation purposes. 126 * 127 * static const struct i2c_hid_cmd hid_get_idle_cmd = { I2C_HID_CMD(0x04) }; 128 * static const struct i2c_hid_cmd hid_set_idle_cmd = { I2C_HID_CMD(0x05) }; 129 * static const struct i2c_hid_cmd hid_get_protocol_cmd = { I2C_HID_CMD(0x06) }; 130 * static const struct i2c_hid_cmd hid_set_protocol_cmd = { I2C_HID_CMD(0x07) }; 131 */ 132 133 /* The main device structure */ 134 struct i2c_hid { 135 struct i2c_client *client; /* i2c client */ 136 struct hid_device *hid; /* pointer to corresponding HID dev */ 137 union { 138 __u8 hdesc_buffer[sizeof(struct i2c_hid_desc)]; 139 struct i2c_hid_desc hdesc; /* the HID Descriptor */ 140 }; 141 __le16 wHIDDescRegister; /* location of the i2c 142 * register of the HID 143 * descriptor. */ 144 unsigned int bufsize; /* i2c buffer size */ 145 u8 *inbuf; /* Input buffer */ 146 u8 *rawbuf; /* Raw Input buffer */ 147 u8 *cmdbuf; /* Command buffer */ 148 u8 *argsbuf; /* Command arguments buffer */ 149 150 unsigned long flags; /* device flags */ 151 unsigned long quirks; /* Various quirks */ 152 153 wait_queue_head_t wait; /* For waiting the interrupt */ 154 155 bool irq_wake_enabled; 156 struct mutex reset_lock; 157 158 struct i2chid_ops *ops; 159 }; 160 161 static const struct i2c_hid_quirks { 162 __u16 idVendor; 163 __u16 idProduct; 164 __u32 quirks; 165 } i2c_hid_quirks[] = { 166 { USB_VENDOR_ID_WEIDA, HID_ANY_ID, 167 I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV }, 168 { I2C_VENDOR_ID_HANTICK, I2C_PRODUCT_ID_HANTICK_5288, 169 I2C_HID_QUIRK_NO_IRQ_AFTER_RESET }, 170 { I2C_VENDOR_ID_ITE, I2C_DEVICE_ID_ITE_VOYO_WINPAD_A15, 171 I2C_HID_QUIRK_NO_IRQ_AFTER_RESET }, 172 { I2C_VENDOR_ID_RAYDIUM, I2C_PRODUCT_ID_RAYDIUM_3118, 173 I2C_HID_QUIRK_NO_IRQ_AFTER_RESET }, 174 { USB_VENDOR_ID_ALPS_JP, HID_ANY_ID, 175 I2C_HID_QUIRK_RESET_ON_RESUME }, 176 { I2C_VENDOR_ID_SYNAPTICS, I2C_PRODUCT_ID_SYNAPTICS_SYNA2393, 177 I2C_HID_QUIRK_RESET_ON_RESUME }, 178 { USB_VENDOR_ID_ITE, I2C_DEVICE_ID_ITE_LENOVO_LEGION_Y720, 179 I2C_HID_QUIRK_BAD_INPUT_SIZE }, 180 /* 181 * Sending the wakeup after reset actually break ELAN touchscreen controller 182 */ 183 { USB_VENDOR_ID_ELAN, HID_ANY_ID, 184 I2C_HID_QUIRK_NO_WAKEUP_AFTER_RESET | 185 I2C_HID_QUIRK_BOGUS_IRQ }, 186 { 0, 0 } 187 }; 188 189 /* 190 * i2c_hid_lookup_quirk: return any quirks associated with a I2C HID device 191 * @idVendor: the 16-bit vendor ID 192 * @idProduct: the 16-bit product ID 193 * 194 * Returns: a u32 quirks value. 195 */ 196 static u32 i2c_hid_lookup_quirk(const u16 idVendor, const u16 idProduct) 197 { 198 u32 quirks = 0; 199 int n; 200 201 for (n = 0; i2c_hid_quirks[n].idVendor; n++) 202 if (i2c_hid_quirks[n].idVendor == idVendor && 203 (i2c_hid_quirks[n].idProduct == (__u16)HID_ANY_ID || 204 i2c_hid_quirks[n].idProduct == idProduct)) 205 quirks = i2c_hid_quirks[n].quirks; 206 207 return quirks; 208 } 209 210 static int __i2c_hid_command(struct i2c_client *client, 211 const struct i2c_hid_cmd *command, u8 reportID, 212 u8 reportType, u8 *args, int args_len, 213 unsigned char *buf_recv, int data_len) 214 { 215 struct i2c_hid *ihid = i2c_get_clientdata(client); 216 union command *cmd = (union command *)ihid->cmdbuf; 217 int ret; 218 struct i2c_msg msg[2]; 219 int msg_num = 1; 220 221 int length = command->length; 222 bool wait = command->wait; 223 unsigned int registerIndex = command->registerIndex; 224 225 /* special case for hid_descr_cmd */ 226 if (command == &hid_descr_cmd) { 227 cmd->c.reg = ihid->wHIDDescRegister; 228 } else { 229 cmd->data[0] = ihid->hdesc_buffer[registerIndex]; 230 cmd->data[1] = ihid->hdesc_buffer[registerIndex + 1]; 231 } 232 233 if (length > 2) { 234 cmd->c.opcode = command->opcode; 235 cmd->c.reportTypeID = reportID | reportType << 4; 236 } 237 238 memcpy(cmd->data + length, args, args_len); 239 length += args_len; 240 241 i2c_hid_dbg(ihid, "%s: cmd=%*ph\n", __func__, length, cmd->data); 242 243 msg[0].addr = client->addr; 244 msg[0].flags = client->flags & I2C_M_TEN; 245 msg[0].len = length; 246 msg[0].buf = cmd->data; 247 if (data_len > 0) { 248 msg[1].addr = client->addr; 249 msg[1].flags = client->flags & I2C_M_TEN; 250 msg[1].flags |= I2C_M_RD; 251 msg[1].len = data_len; 252 msg[1].buf = buf_recv; 253 msg_num = 2; 254 set_bit(I2C_HID_READ_PENDING, &ihid->flags); 255 } 256 257 if (wait) 258 set_bit(I2C_HID_RESET_PENDING, &ihid->flags); 259 260 ret = i2c_transfer(client->adapter, msg, msg_num); 261 262 if (data_len > 0) 263 clear_bit(I2C_HID_READ_PENDING, &ihid->flags); 264 265 if (ret != msg_num) 266 return ret < 0 ? ret : -EIO; 267 268 ret = 0; 269 270 if (wait && (ihid->quirks & I2C_HID_QUIRK_NO_IRQ_AFTER_RESET)) { 271 msleep(100); 272 } else if (wait) { 273 i2c_hid_dbg(ihid, "%s: waiting...\n", __func__); 274 if (!wait_event_timeout(ihid->wait, 275 !test_bit(I2C_HID_RESET_PENDING, &ihid->flags), 276 msecs_to_jiffies(5000))) 277 ret = -ENODATA; 278 i2c_hid_dbg(ihid, "%s: finished.\n", __func__); 279 } 280 281 return ret; 282 } 283 284 static int i2c_hid_command(struct i2c_client *client, 285 const struct i2c_hid_cmd *command, 286 unsigned char *buf_recv, int data_len) 287 { 288 return __i2c_hid_command(client, command, 0, 0, NULL, 0, 289 buf_recv, data_len); 290 } 291 292 static int i2c_hid_get_report(struct i2c_client *client, u8 reportType, 293 u8 reportID, unsigned char *buf_recv, int data_len) 294 { 295 struct i2c_hid *ihid = i2c_get_clientdata(client); 296 u8 args[3]; 297 int ret; 298 int args_len = 0; 299 u16 readRegister = le16_to_cpu(ihid->hdesc.wDataRegister); 300 301 i2c_hid_dbg(ihid, "%s\n", __func__); 302 303 if (reportID >= 0x0F) { 304 args[args_len++] = reportID; 305 reportID = 0x0F; 306 } 307 308 args[args_len++] = readRegister & 0xFF; 309 args[args_len++] = readRegister >> 8; 310 311 ret = __i2c_hid_command(client, &hid_get_report_cmd, reportID, 312 reportType, args, args_len, buf_recv, data_len); 313 if (ret) { 314 dev_err(&client->dev, 315 "failed to retrieve report from device.\n"); 316 return ret; 317 } 318 319 return 0; 320 } 321 322 /** 323 * i2c_hid_set_or_send_report: forward an incoming report to the device 324 * @client: the i2c_client of the device 325 * @reportType: 0x03 for HID_FEATURE_REPORT ; 0x02 for HID_OUTPUT_REPORT 326 * @reportID: the report ID 327 * @buf: the actual data to transfer, without the report ID 328 * @data_len: size of buf 329 * @use_data: true: use SET_REPORT HID command, false: send plain OUTPUT report 330 */ 331 static int i2c_hid_set_or_send_report(struct i2c_client *client, u8 reportType, 332 u8 reportID, unsigned char *buf, size_t data_len, bool use_data) 333 { 334 struct i2c_hid *ihid = i2c_get_clientdata(client); 335 u8 *args = ihid->argsbuf; 336 const struct i2c_hid_cmd *hidcmd; 337 int ret; 338 u16 dataRegister = le16_to_cpu(ihid->hdesc.wDataRegister); 339 u16 outputRegister = le16_to_cpu(ihid->hdesc.wOutputRegister); 340 u16 maxOutputLength = le16_to_cpu(ihid->hdesc.wMaxOutputLength); 341 u16 size; 342 int args_len; 343 int index = 0; 344 345 i2c_hid_dbg(ihid, "%s\n", __func__); 346 347 if (data_len > ihid->bufsize) 348 return -EINVAL; 349 350 size = 2 /* size */ + 351 (reportID ? 1 : 0) /* reportID */ + 352 data_len /* buf */; 353 args_len = (reportID >= 0x0F ? 1 : 0) /* optional third byte */ + 354 2 /* dataRegister */ + 355 size /* args */; 356 357 if (!use_data && maxOutputLength == 0) 358 return -ENOSYS; 359 360 if (reportID >= 0x0F) { 361 args[index++] = reportID; 362 reportID = 0x0F; 363 } 364 365 /* 366 * use the data register for feature reports or if the device does not 367 * support the output register 368 */ 369 if (use_data) { 370 args[index++] = dataRegister & 0xFF; 371 args[index++] = dataRegister >> 8; 372 hidcmd = &hid_set_report_cmd; 373 } else { 374 args[index++] = outputRegister & 0xFF; 375 args[index++] = outputRegister >> 8; 376 hidcmd = &hid_no_cmd; 377 } 378 379 args[index++] = size & 0xFF; 380 args[index++] = size >> 8; 381 382 if (reportID) 383 args[index++] = reportID; 384 385 memcpy(&args[index], buf, data_len); 386 387 ret = __i2c_hid_command(client, hidcmd, reportID, 388 reportType, args, args_len, NULL, 0); 389 if (ret) { 390 dev_err(&client->dev, "failed to set a report to device.\n"); 391 return ret; 392 } 393 394 return data_len; 395 } 396 397 static int i2c_hid_set_power(struct i2c_client *client, int power_state) 398 { 399 struct i2c_hid *ihid = i2c_get_clientdata(client); 400 int ret; 401 402 i2c_hid_dbg(ihid, "%s\n", __func__); 403 404 /* 405 * Some devices require to send a command to wakeup before power on. 406 * The call will get a return value (EREMOTEIO) but device will be 407 * triggered and activated. After that, it goes like a normal device. 408 */ 409 if (power_state == I2C_HID_PWR_ON && 410 ihid->quirks & I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV) { 411 ret = i2c_hid_command(client, &hid_set_power_cmd, NULL, 0); 412 413 /* Device was already activated */ 414 if (!ret) 415 goto set_pwr_exit; 416 } 417 418 ret = __i2c_hid_command(client, &hid_set_power_cmd, power_state, 419 0, NULL, 0, NULL, 0); 420 421 if (ret) 422 dev_err(&client->dev, "failed to change power setting.\n"); 423 424 set_pwr_exit: 425 426 /* 427 * The HID over I2C specification states that if a DEVICE needs time 428 * after the PWR_ON request, it should utilise CLOCK stretching. 429 * However, it has been observered that the Windows driver provides a 430 * 1ms sleep between the PWR_ON and RESET requests. 431 * According to Goodix Windows even waits 60 ms after (other?) 432 * PWR_ON requests. Testing has confirmed that several devices 433 * will not work properly without a delay after a PWR_ON request. 434 */ 435 if (!ret && power_state == I2C_HID_PWR_ON) 436 msleep(60); 437 438 return ret; 439 } 440 441 static int i2c_hid_hwreset(struct i2c_client *client) 442 { 443 struct i2c_hid *ihid = i2c_get_clientdata(client); 444 int ret; 445 446 i2c_hid_dbg(ihid, "%s\n", __func__); 447 448 /* 449 * This prevents sending feature reports while the device is 450 * being reset. Otherwise we may lose the reset complete 451 * interrupt. 452 */ 453 mutex_lock(&ihid->reset_lock); 454 455 ret = i2c_hid_set_power(client, I2C_HID_PWR_ON); 456 if (ret) 457 goto out_unlock; 458 459 i2c_hid_dbg(ihid, "resetting...\n"); 460 461 ret = i2c_hid_command(client, &hid_reset_cmd, NULL, 0); 462 if (ret) { 463 dev_err(&client->dev, "failed to reset device.\n"); 464 i2c_hid_set_power(client, I2C_HID_PWR_SLEEP); 465 goto out_unlock; 466 } 467 468 /* At least some SIS devices need this after reset */ 469 if (!(ihid->quirks & I2C_HID_QUIRK_NO_WAKEUP_AFTER_RESET)) 470 ret = i2c_hid_set_power(client, I2C_HID_PWR_ON); 471 472 out_unlock: 473 mutex_unlock(&ihid->reset_lock); 474 return ret; 475 } 476 477 static void i2c_hid_get_input(struct i2c_hid *ihid) 478 { 479 int ret; 480 u32 ret_size; 481 int size = le16_to_cpu(ihid->hdesc.wMaxInputLength); 482 483 if (size > ihid->bufsize) 484 size = ihid->bufsize; 485 486 ret = i2c_master_recv(ihid->client, ihid->inbuf, size); 487 if (ret != size) { 488 if (ret < 0) 489 return; 490 491 dev_err(&ihid->client->dev, "%s: got %d data instead of %d\n", 492 __func__, ret, size); 493 return; 494 } 495 496 ret_size = ihid->inbuf[0] | ihid->inbuf[1] << 8; 497 498 if (!ret_size) { 499 /* host or device initiated RESET completed */ 500 if (test_and_clear_bit(I2C_HID_RESET_PENDING, &ihid->flags)) 501 wake_up(&ihid->wait); 502 return; 503 } 504 505 if (ihid->quirks & I2C_HID_QUIRK_BOGUS_IRQ && ret_size == 0xffff) { 506 dev_warn_once(&ihid->client->dev, "%s: IRQ triggered but " 507 "there's no data\n", __func__); 508 return; 509 } 510 511 if ((ret_size > size) || (ret_size < 2)) { 512 if (ihid->quirks & I2C_HID_QUIRK_BAD_INPUT_SIZE) { 513 ihid->inbuf[0] = size & 0xff; 514 ihid->inbuf[1] = size >> 8; 515 ret_size = size; 516 } else { 517 dev_err(&ihid->client->dev, "%s: incomplete report (%d/%d)\n", 518 __func__, size, ret_size); 519 return; 520 } 521 } 522 523 i2c_hid_dbg(ihid, "input: %*ph\n", ret_size, ihid->inbuf); 524 525 if (test_bit(I2C_HID_STARTED, &ihid->flags)) { 526 pm_wakeup_event(&ihid->client->dev, 0); 527 528 hid_input_report(ihid->hid, HID_INPUT_REPORT, ihid->inbuf + 2, 529 ret_size - 2, 1); 530 } 531 532 return; 533 } 534 535 static irqreturn_t i2c_hid_irq(int irq, void *dev_id) 536 { 537 struct i2c_hid *ihid = dev_id; 538 539 if (test_bit(I2C_HID_READ_PENDING, &ihid->flags)) 540 return IRQ_HANDLED; 541 542 i2c_hid_get_input(ihid); 543 544 return IRQ_HANDLED; 545 } 546 547 static int i2c_hid_get_report_length(struct hid_report *report) 548 { 549 return ((report->size - 1) >> 3) + 1 + 550 report->device->report_enum[report->type].numbered + 2; 551 } 552 553 /* 554 * Traverse the supplied list of reports and find the longest 555 */ 556 static void i2c_hid_find_max_report(struct hid_device *hid, unsigned int type, 557 unsigned int *max) 558 { 559 struct hid_report *report; 560 unsigned int size; 561 562 /* We should not rely on wMaxInputLength, as some devices may set it to 563 * a wrong length. */ 564 list_for_each_entry(report, &hid->report_enum[type].report_list, list) { 565 size = i2c_hid_get_report_length(report); 566 if (*max < size) 567 *max = size; 568 } 569 } 570 571 static void i2c_hid_free_buffers(struct i2c_hid *ihid) 572 { 573 kfree(ihid->inbuf); 574 kfree(ihid->rawbuf); 575 kfree(ihid->argsbuf); 576 kfree(ihid->cmdbuf); 577 ihid->inbuf = NULL; 578 ihid->rawbuf = NULL; 579 ihid->cmdbuf = NULL; 580 ihid->argsbuf = NULL; 581 ihid->bufsize = 0; 582 } 583 584 static int i2c_hid_alloc_buffers(struct i2c_hid *ihid, size_t report_size) 585 { 586 /* the worst case is computed from the set_report command with a 587 * reportID > 15 and the maximum report length */ 588 int args_len = sizeof(__u8) + /* ReportID */ 589 sizeof(__u8) + /* optional ReportID byte */ 590 sizeof(__u16) + /* data register */ 591 sizeof(__u16) + /* size of the report */ 592 report_size; /* report */ 593 594 ihid->inbuf = kzalloc(report_size, GFP_KERNEL); 595 ihid->rawbuf = kzalloc(report_size, GFP_KERNEL); 596 ihid->argsbuf = kzalloc(args_len, GFP_KERNEL); 597 ihid->cmdbuf = kzalloc(sizeof(union command) + args_len, GFP_KERNEL); 598 599 if (!ihid->inbuf || !ihid->rawbuf || !ihid->argsbuf || !ihid->cmdbuf) { 600 i2c_hid_free_buffers(ihid); 601 return -ENOMEM; 602 } 603 604 ihid->bufsize = report_size; 605 606 return 0; 607 } 608 609 static int i2c_hid_get_raw_report(struct hid_device *hid, 610 unsigned char report_number, __u8 *buf, size_t count, 611 unsigned char report_type) 612 { 613 struct i2c_client *client = hid->driver_data; 614 struct i2c_hid *ihid = i2c_get_clientdata(client); 615 size_t ret_count, ask_count; 616 int ret; 617 618 if (report_type == HID_OUTPUT_REPORT) 619 return -EINVAL; 620 621 /* +2 bytes to include the size of the reply in the query buffer */ 622 ask_count = min(count + 2, (size_t)ihid->bufsize); 623 624 ret = i2c_hid_get_report(client, 625 report_type == HID_FEATURE_REPORT ? 0x03 : 0x01, 626 report_number, ihid->rawbuf, ask_count); 627 628 if (ret < 0) 629 return ret; 630 631 ret_count = ihid->rawbuf[0] | (ihid->rawbuf[1] << 8); 632 633 if (ret_count <= 2) 634 return 0; 635 636 ret_count = min(ret_count, ask_count); 637 638 /* The query buffer contains the size, dropping it in the reply */ 639 count = min(count, ret_count - 2); 640 memcpy(buf, ihid->rawbuf + 2, count); 641 642 return count; 643 } 644 645 static int i2c_hid_output_raw_report(struct hid_device *hid, __u8 *buf, 646 size_t count, unsigned char report_type, bool use_data) 647 { 648 struct i2c_client *client = hid->driver_data; 649 struct i2c_hid *ihid = i2c_get_clientdata(client); 650 int report_id = buf[0]; 651 int ret; 652 653 if (report_type == HID_INPUT_REPORT) 654 return -EINVAL; 655 656 mutex_lock(&ihid->reset_lock); 657 658 if (report_id) { 659 buf++; 660 count--; 661 } 662 663 ret = i2c_hid_set_or_send_report(client, 664 report_type == HID_FEATURE_REPORT ? 0x03 : 0x02, 665 report_id, buf, count, use_data); 666 667 if (report_id && ret >= 0) 668 ret++; /* add report_id to the number of transfered bytes */ 669 670 mutex_unlock(&ihid->reset_lock); 671 672 return ret; 673 } 674 675 static int i2c_hid_output_report(struct hid_device *hid, __u8 *buf, 676 size_t count) 677 { 678 return i2c_hid_output_raw_report(hid, buf, count, HID_OUTPUT_REPORT, 679 false); 680 } 681 682 static int i2c_hid_raw_request(struct hid_device *hid, unsigned char reportnum, 683 __u8 *buf, size_t len, unsigned char rtype, 684 int reqtype) 685 { 686 switch (reqtype) { 687 case HID_REQ_GET_REPORT: 688 return i2c_hid_get_raw_report(hid, reportnum, buf, len, rtype); 689 case HID_REQ_SET_REPORT: 690 if (buf[0] != reportnum) 691 return -EINVAL; 692 return i2c_hid_output_raw_report(hid, buf, len, rtype, true); 693 default: 694 return -EIO; 695 } 696 } 697 698 static int i2c_hid_parse(struct hid_device *hid) 699 { 700 struct i2c_client *client = hid->driver_data; 701 struct i2c_hid *ihid = i2c_get_clientdata(client); 702 struct i2c_hid_desc *hdesc = &ihid->hdesc; 703 unsigned int rsize; 704 char *rdesc; 705 int ret; 706 int tries = 3; 707 char *use_override; 708 709 i2c_hid_dbg(ihid, "entering %s\n", __func__); 710 711 rsize = le16_to_cpu(hdesc->wReportDescLength); 712 if (!rsize || rsize > HID_MAX_DESCRIPTOR_SIZE) { 713 dbg_hid("weird size of report descriptor (%u)\n", rsize); 714 return -EINVAL; 715 } 716 717 do { 718 ret = i2c_hid_hwreset(client); 719 if (ret) 720 msleep(1000); 721 } while (tries-- > 0 && ret); 722 723 if (ret) 724 return ret; 725 726 use_override = i2c_hid_get_dmi_hid_report_desc_override(client->name, 727 &rsize); 728 729 if (use_override) { 730 rdesc = use_override; 731 i2c_hid_dbg(ihid, "Using a HID report descriptor override\n"); 732 } else { 733 rdesc = kzalloc(rsize, GFP_KERNEL); 734 735 if (!rdesc) { 736 dbg_hid("couldn't allocate rdesc memory\n"); 737 return -ENOMEM; 738 } 739 740 i2c_hid_dbg(ihid, "asking HID report descriptor\n"); 741 742 ret = i2c_hid_command(client, &hid_report_descr_cmd, 743 rdesc, rsize); 744 if (ret) { 745 hid_err(hid, "reading report descriptor failed\n"); 746 kfree(rdesc); 747 return -EIO; 748 } 749 } 750 751 i2c_hid_dbg(ihid, "Report Descriptor: %*ph\n", rsize, rdesc); 752 753 ret = hid_parse_report(hid, rdesc, rsize); 754 if (!use_override) 755 kfree(rdesc); 756 757 if (ret) { 758 dbg_hid("parsing report descriptor failed\n"); 759 return ret; 760 } 761 762 return 0; 763 } 764 765 static int i2c_hid_start(struct hid_device *hid) 766 { 767 struct i2c_client *client = hid->driver_data; 768 struct i2c_hid *ihid = i2c_get_clientdata(client); 769 int ret; 770 unsigned int bufsize = HID_MIN_BUFFER_SIZE; 771 772 i2c_hid_find_max_report(hid, HID_INPUT_REPORT, &bufsize); 773 i2c_hid_find_max_report(hid, HID_OUTPUT_REPORT, &bufsize); 774 i2c_hid_find_max_report(hid, HID_FEATURE_REPORT, &bufsize); 775 776 if (bufsize > ihid->bufsize) { 777 disable_irq(client->irq); 778 i2c_hid_free_buffers(ihid); 779 780 ret = i2c_hid_alloc_buffers(ihid, bufsize); 781 enable_irq(client->irq); 782 783 if (ret) 784 return ret; 785 } 786 787 return 0; 788 } 789 790 static void i2c_hid_stop(struct hid_device *hid) 791 { 792 hid->claimed = 0; 793 } 794 795 static int i2c_hid_open(struct hid_device *hid) 796 { 797 struct i2c_client *client = hid->driver_data; 798 struct i2c_hid *ihid = i2c_get_clientdata(client); 799 800 set_bit(I2C_HID_STARTED, &ihid->flags); 801 return 0; 802 } 803 804 static void i2c_hid_close(struct hid_device *hid) 805 { 806 struct i2c_client *client = hid->driver_data; 807 struct i2c_hid *ihid = i2c_get_clientdata(client); 808 809 clear_bit(I2C_HID_STARTED, &ihid->flags); 810 } 811 812 struct hid_ll_driver i2c_hid_ll_driver = { 813 .parse = i2c_hid_parse, 814 .start = i2c_hid_start, 815 .stop = i2c_hid_stop, 816 .open = i2c_hid_open, 817 .close = i2c_hid_close, 818 .output_report = i2c_hid_output_report, 819 .raw_request = i2c_hid_raw_request, 820 }; 821 EXPORT_SYMBOL_GPL(i2c_hid_ll_driver); 822 823 static int i2c_hid_init_irq(struct i2c_client *client) 824 { 825 struct i2c_hid *ihid = i2c_get_clientdata(client); 826 unsigned long irqflags = 0; 827 int ret; 828 829 dev_dbg(&client->dev, "Requesting IRQ: %d\n", client->irq); 830 831 if (!irq_get_trigger_type(client->irq)) 832 irqflags = IRQF_TRIGGER_LOW; 833 834 ret = request_threaded_irq(client->irq, NULL, i2c_hid_irq, 835 irqflags | IRQF_ONESHOT, client->name, ihid); 836 if (ret < 0) { 837 dev_warn(&client->dev, 838 "Could not register for %s interrupt, irq = %d," 839 " ret = %d\n", 840 client->name, client->irq, ret); 841 842 return ret; 843 } 844 845 return 0; 846 } 847 848 static int i2c_hid_fetch_hid_descriptor(struct i2c_hid *ihid) 849 { 850 struct i2c_client *client = ihid->client; 851 struct i2c_hid_desc *hdesc = &ihid->hdesc; 852 unsigned int dsize; 853 int ret; 854 855 /* i2c hid fetch using a fixed descriptor size (30 bytes) */ 856 if (i2c_hid_get_dmi_i2c_hid_desc_override(client->name)) { 857 i2c_hid_dbg(ihid, "Using a HID descriptor override\n"); 858 ihid->hdesc = 859 *i2c_hid_get_dmi_i2c_hid_desc_override(client->name); 860 } else { 861 i2c_hid_dbg(ihid, "Fetching the HID descriptor\n"); 862 ret = i2c_hid_command(client, &hid_descr_cmd, 863 ihid->hdesc_buffer, 864 sizeof(struct i2c_hid_desc)); 865 if (ret) { 866 dev_err(&client->dev, "hid_descr_cmd failed\n"); 867 return -ENODEV; 868 } 869 } 870 871 /* Validate the length of HID descriptor, the 4 first bytes: 872 * bytes 0-1 -> length 873 * bytes 2-3 -> bcdVersion (has to be 1.00) */ 874 /* check bcdVersion == 1.0 */ 875 if (le16_to_cpu(hdesc->bcdVersion) != 0x0100) { 876 dev_err(&client->dev, 877 "unexpected HID descriptor bcdVersion (0x%04hx)\n", 878 le16_to_cpu(hdesc->bcdVersion)); 879 return -ENODEV; 880 } 881 882 /* Descriptor length should be 30 bytes as per the specification */ 883 dsize = le16_to_cpu(hdesc->wHIDDescLength); 884 if (dsize != sizeof(struct i2c_hid_desc)) { 885 dev_err(&client->dev, "weird size of HID descriptor (%u)\n", 886 dsize); 887 return -ENODEV; 888 } 889 i2c_hid_dbg(ihid, "HID Descriptor: %*ph\n", dsize, ihid->hdesc_buffer); 890 return 0; 891 } 892 893 static int i2c_hid_core_power_up(struct i2c_hid *ihid) 894 { 895 if (!ihid->ops->power_up) 896 return 0; 897 898 return ihid->ops->power_up(ihid->ops); 899 } 900 901 static void i2c_hid_core_power_down(struct i2c_hid *ihid) 902 { 903 if (!ihid->ops->power_down) 904 return; 905 906 ihid->ops->power_down(ihid->ops); 907 } 908 909 static void i2c_hid_core_shutdown_tail(struct i2c_hid *ihid) 910 { 911 if (!ihid->ops->shutdown_tail) 912 return; 913 914 ihid->ops->shutdown_tail(ihid->ops); 915 } 916 917 int i2c_hid_core_probe(struct i2c_client *client, struct i2chid_ops *ops, 918 u16 hid_descriptor_address, u32 quirks) 919 { 920 int ret; 921 struct i2c_hid *ihid; 922 struct hid_device *hid; 923 924 dbg_hid("HID probe called for i2c 0x%02x\n", client->addr); 925 926 if (!client->irq) { 927 dev_err(&client->dev, 928 "HID over i2c has not been provided an Int IRQ\n"); 929 return -EINVAL; 930 } 931 932 if (client->irq < 0) { 933 if (client->irq != -EPROBE_DEFER) 934 dev_err(&client->dev, 935 "HID over i2c doesn't have a valid IRQ\n"); 936 return client->irq; 937 } 938 939 ihid = devm_kzalloc(&client->dev, sizeof(*ihid), GFP_KERNEL); 940 if (!ihid) 941 return -ENOMEM; 942 943 ihid->ops = ops; 944 945 ret = i2c_hid_core_power_up(ihid); 946 if (ret) 947 return ret; 948 949 i2c_set_clientdata(client, ihid); 950 951 ihid->client = client; 952 953 ihid->wHIDDescRegister = cpu_to_le16(hid_descriptor_address); 954 955 init_waitqueue_head(&ihid->wait); 956 mutex_init(&ihid->reset_lock); 957 958 /* we need to allocate the command buffer without knowing the maximum 959 * size of the reports. Let's use HID_MIN_BUFFER_SIZE, then we do the 960 * real computation later. */ 961 ret = i2c_hid_alloc_buffers(ihid, HID_MIN_BUFFER_SIZE); 962 if (ret < 0) 963 goto err_powered; 964 965 device_enable_async_suspend(&client->dev); 966 967 /* Make sure there is something at this address */ 968 ret = i2c_smbus_read_byte(client); 969 if (ret < 0) { 970 dev_dbg(&client->dev, "nothing at this address: %d\n", ret); 971 ret = -ENXIO; 972 goto err_powered; 973 } 974 975 ret = i2c_hid_fetch_hid_descriptor(ihid); 976 if (ret < 0) { 977 dev_err(&client->dev, 978 "Failed to fetch the HID Descriptor\n"); 979 goto err_powered; 980 } 981 982 ret = i2c_hid_init_irq(client); 983 if (ret < 0) 984 goto err_powered; 985 986 hid = hid_allocate_device(); 987 if (IS_ERR(hid)) { 988 ret = PTR_ERR(hid); 989 goto err_irq; 990 } 991 992 ihid->hid = hid; 993 994 hid->driver_data = client; 995 hid->ll_driver = &i2c_hid_ll_driver; 996 hid->dev.parent = &client->dev; 997 hid->bus = BUS_I2C; 998 hid->version = le16_to_cpu(ihid->hdesc.bcdVersion); 999 hid->vendor = le16_to_cpu(ihid->hdesc.wVendorID); 1000 hid->product = le16_to_cpu(ihid->hdesc.wProductID); 1001 1002 snprintf(hid->name, sizeof(hid->name), "%s %04X:%04X", 1003 client->name, (u16)hid->vendor, (u16)hid->product); 1004 strlcpy(hid->phys, dev_name(&client->dev), sizeof(hid->phys)); 1005 1006 ihid->quirks = i2c_hid_lookup_quirk(hid->vendor, hid->product); 1007 1008 ret = hid_add_device(hid); 1009 if (ret) { 1010 if (ret != -ENODEV) 1011 hid_err(client, "can't add hid device: %d\n", ret); 1012 goto err_mem_free; 1013 } 1014 1015 hid->quirks |= quirks; 1016 1017 return 0; 1018 1019 err_mem_free: 1020 hid_destroy_device(hid); 1021 1022 err_irq: 1023 free_irq(client->irq, ihid); 1024 1025 err_powered: 1026 i2c_hid_core_power_down(ihid); 1027 i2c_hid_free_buffers(ihid); 1028 return ret; 1029 } 1030 EXPORT_SYMBOL_GPL(i2c_hid_core_probe); 1031 1032 int i2c_hid_core_remove(struct i2c_client *client) 1033 { 1034 struct i2c_hid *ihid = i2c_get_clientdata(client); 1035 struct hid_device *hid; 1036 1037 hid = ihid->hid; 1038 hid_destroy_device(hid); 1039 1040 free_irq(client->irq, ihid); 1041 1042 if (ihid->bufsize) 1043 i2c_hid_free_buffers(ihid); 1044 1045 i2c_hid_core_power_down(ihid); 1046 1047 return 0; 1048 } 1049 EXPORT_SYMBOL_GPL(i2c_hid_core_remove); 1050 1051 void i2c_hid_core_shutdown(struct i2c_client *client) 1052 { 1053 struct i2c_hid *ihid = i2c_get_clientdata(client); 1054 1055 i2c_hid_set_power(client, I2C_HID_PWR_SLEEP); 1056 free_irq(client->irq, ihid); 1057 1058 i2c_hid_core_shutdown_tail(ihid); 1059 } 1060 EXPORT_SYMBOL_GPL(i2c_hid_core_shutdown); 1061 1062 #ifdef CONFIG_PM_SLEEP 1063 static int i2c_hid_core_suspend(struct device *dev) 1064 { 1065 struct i2c_client *client = to_i2c_client(dev); 1066 struct i2c_hid *ihid = i2c_get_clientdata(client); 1067 struct hid_device *hid = ihid->hid; 1068 int ret; 1069 int wake_status; 1070 1071 ret = hid_driver_suspend(hid, PMSG_SUSPEND); 1072 if (ret < 0) 1073 return ret; 1074 1075 /* Save some power */ 1076 i2c_hid_set_power(client, I2C_HID_PWR_SLEEP); 1077 1078 disable_irq(client->irq); 1079 1080 if (device_may_wakeup(&client->dev)) { 1081 wake_status = enable_irq_wake(client->irq); 1082 if (!wake_status) 1083 ihid->irq_wake_enabled = true; 1084 else 1085 hid_warn(hid, "Failed to enable irq wake: %d\n", 1086 wake_status); 1087 } else { 1088 i2c_hid_core_power_down(ihid); 1089 } 1090 1091 return 0; 1092 } 1093 1094 static int i2c_hid_core_resume(struct device *dev) 1095 { 1096 int ret; 1097 struct i2c_client *client = to_i2c_client(dev); 1098 struct i2c_hid *ihid = i2c_get_clientdata(client); 1099 struct hid_device *hid = ihid->hid; 1100 int wake_status; 1101 1102 if (!device_may_wakeup(&client->dev)) { 1103 i2c_hid_core_power_up(ihid); 1104 } else if (ihid->irq_wake_enabled) { 1105 wake_status = disable_irq_wake(client->irq); 1106 if (!wake_status) 1107 ihid->irq_wake_enabled = false; 1108 else 1109 hid_warn(hid, "Failed to disable irq wake: %d\n", 1110 wake_status); 1111 } 1112 1113 enable_irq(client->irq); 1114 1115 /* Instead of resetting device, simply powers the device on. This 1116 * solves "incomplete reports" on Raydium devices 2386:3118 and 1117 * 2386:4B33 and fixes various SIS touchscreens no longer sending 1118 * data after a suspend/resume. 1119 * 1120 * However some ALPS touchpads generate IRQ storm without reset, so 1121 * let's still reset them here. 1122 */ 1123 if (ihid->quirks & I2C_HID_QUIRK_RESET_ON_RESUME) 1124 ret = i2c_hid_hwreset(client); 1125 else 1126 ret = i2c_hid_set_power(client, I2C_HID_PWR_ON); 1127 1128 if (ret) 1129 return ret; 1130 1131 return hid_driver_reset_resume(hid); 1132 } 1133 #endif 1134 1135 const struct dev_pm_ops i2c_hid_core_pm = { 1136 SET_SYSTEM_SLEEP_PM_OPS(i2c_hid_core_suspend, i2c_hid_core_resume) 1137 }; 1138 EXPORT_SYMBOL_GPL(i2c_hid_core_pm); 1139 1140 MODULE_DESCRIPTION("HID over I2C core driver"); 1141 MODULE_AUTHOR("Benjamin Tissoires <benjamin.tissoires@gmail.com>"); 1142 MODULE_LICENSE("GPL"); 1143