1 /*
2 * HID over I2C protocol implementation
3 *
4 * Copyright (c) 2012 Benjamin Tissoires <benjamin.tissoires@gmail.com>
5 * Copyright (c) 2012 Ecole Nationale de l'Aviation Civile, France
6 * Copyright (c) 2012 Red Hat, Inc
7 *
8 * This code is partly based on "USB HID support for Linux":
9 *
10 * Copyright (c) 1999 Andreas Gal
11 * Copyright (c) 2000-2005 Vojtech Pavlik <vojtech@suse.cz>
12 * Copyright (c) 2005 Michael Haboustak <mike-@cinci.rr.com> for Concept2, Inc
13 * Copyright (c) 2007-2008 Oliver Neukum
14 * Copyright (c) 2006-2010 Jiri Kosina
15 *
16 * This file is subject to the terms and conditions of the GNU General Public
17 * License. See the file COPYING in the main directory of this archive for
18 * more details.
19 */
20
21 #include <linux/module.h>
22 #include <linux/i2c.h>
23 #include <linux/interrupt.h>
24 #include <linux/input.h>
25 #include <linux/irq.h>
26 #include <linux/delay.h>
27 #include <linux/slab.h>
28 #include <linux/pm.h>
29 #include <linux/device.h>
30 #include <linux/wait.h>
31 #include <linux/err.h>
32 #include <linux/string.h>
33 #include <linux/list.h>
34 #include <linux/jiffies.h>
35 #include <linux/kernel.h>
36 #include <linux/hid.h>
37 #include <linux/mutex.h>
38
39 #include "../hid-ids.h"
40 #include "i2c-hid.h"
41
42 /* quirks to control the device */
43 #define I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV BIT(0)
44 #define I2C_HID_QUIRK_NO_IRQ_AFTER_RESET BIT(1)
45 #define I2C_HID_QUIRK_BOGUS_IRQ BIT(4)
46 #define I2C_HID_QUIRK_RESET_ON_RESUME BIT(5)
47 #define I2C_HID_QUIRK_BAD_INPUT_SIZE BIT(6)
48 #define I2C_HID_QUIRK_NO_WAKEUP_AFTER_RESET BIT(7)
49
50
51 /* flags */
52 #define I2C_HID_STARTED 0
53 #define I2C_HID_RESET_PENDING 1
54 #define I2C_HID_READ_PENDING 2
55
56 #define I2C_HID_PWR_ON 0x00
57 #define I2C_HID_PWR_SLEEP 0x01
58
59 /* debug option */
60 static bool debug;
61 module_param(debug, bool, 0444);
62 MODULE_PARM_DESC(debug, "print a lot of debug information");
63
64 #define i2c_hid_dbg(ihid, fmt, arg...) \
65 do { \
66 if (debug) \
67 dev_printk(KERN_DEBUG, &(ihid)->client->dev, fmt, ##arg); \
68 } while (0)
69
70 struct i2c_hid_desc {
71 __le16 wHIDDescLength;
72 __le16 bcdVersion;
73 __le16 wReportDescLength;
74 __le16 wReportDescRegister;
75 __le16 wInputRegister;
76 __le16 wMaxInputLength;
77 __le16 wOutputRegister;
78 __le16 wMaxOutputLength;
79 __le16 wCommandRegister;
80 __le16 wDataRegister;
81 __le16 wVendorID;
82 __le16 wProductID;
83 __le16 wVersionID;
84 __le32 reserved;
85 } __packed;
86
87 struct i2c_hid_cmd {
88 unsigned int registerIndex;
89 __u8 opcode;
90 unsigned int length;
91 bool wait;
92 };
93
94 union command {
95 u8 data[0];
96 struct cmd {
97 __le16 reg;
98 __u8 reportTypeID;
99 __u8 opcode;
100 } __packed c;
101 };
102
103 #define I2C_HID_CMD(opcode_) \
104 .opcode = opcode_, .length = 4, \
105 .registerIndex = offsetof(struct i2c_hid_desc, wCommandRegister)
106
107 /* fetch HID descriptor */
108 static const struct i2c_hid_cmd hid_descr_cmd = { .length = 2 };
109 /* fetch report descriptors */
110 static const struct i2c_hid_cmd hid_report_descr_cmd = {
111 .registerIndex = offsetof(struct i2c_hid_desc,
112 wReportDescRegister),
113 .opcode = 0x00,
114 .length = 2 };
115 /* commands */
116 static const struct i2c_hid_cmd hid_reset_cmd = { I2C_HID_CMD(0x01),
117 .wait = true };
118 static const struct i2c_hid_cmd hid_get_report_cmd = { I2C_HID_CMD(0x02) };
119 static const struct i2c_hid_cmd hid_set_report_cmd = { I2C_HID_CMD(0x03) };
120 static const struct i2c_hid_cmd hid_set_power_cmd = { I2C_HID_CMD(0x08) };
121 static const struct i2c_hid_cmd hid_no_cmd = { .length = 0 };
122
123 /*
124 * These definitions are not used here, but are defined by the spec.
125 * Keeping them here for documentation purposes.
126 *
127 * static const struct i2c_hid_cmd hid_get_idle_cmd = { I2C_HID_CMD(0x04) };
128 * static const struct i2c_hid_cmd hid_set_idle_cmd = { I2C_HID_CMD(0x05) };
129 * static const struct i2c_hid_cmd hid_get_protocol_cmd = { I2C_HID_CMD(0x06) };
130 * static const struct i2c_hid_cmd hid_set_protocol_cmd = { I2C_HID_CMD(0x07) };
131 */
132
133 /* The main device structure */
134 struct i2c_hid {
135 struct i2c_client *client; /* i2c client */
136 struct hid_device *hid; /* pointer to corresponding HID dev */
137 union {
138 __u8 hdesc_buffer[sizeof(struct i2c_hid_desc)];
139 struct i2c_hid_desc hdesc; /* the HID Descriptor */
140 };
141 __le16 wHIDDescRegister; /* location of the i2c
142 * register of the HID
143 * descriptor. */
144 unsigned int bufsize; /* i2c buffer size */
145 u8 *inbuf; /* Input buffer */
146 u8 *rawbuf; /* Raw Input buffer */
147 u8 *cmdbuf; /* Command buffer */
148 u8 *argsbuf; /* Command arguments buffer */
149
150 unsigned long flags; /* device flags */
151 unsigned long quirks; /* Various quirks */
152
153 wait_queue_head_t wait; /* For waiting the interrupt */
154
155 bool irq_wake_enabled;
156 struct mutex reset_lock;
157
158 struct i2chid_ops *ops;
159 };
160
161 static const struct i2c_hid_quirks {
162 __u16 idVendor;
163 __u16 idProduct;
164 __u32 quirks;
165 } i2c_hid_quirks[] = {
166 { USB_VENDOR_ID_WEIDA, HID_ANY_ID,
167 I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV },
168 { I2C_VENDOR_ID_HANTICK, I2C_PRODUCT_ID_HANTICK_5288,
169 I2C_HID_QUIRK_NO_IRQ_AFTER_RESET },
170 { I2C_VENDOR_ID_ITE, I2C_DEVICE_ID_ITE_VOYO_WINPAD_A15,
171 I2C_HID_QUIRK_NO_IRQ_AFTER_RESET },
172 { I2C_VENDOR_ID_RAYDIUM, I2C_PRODUCT_ID_RAYDIUM_3118,
173 I2C_HID_QUIRK_NO_IRQ_AFTER_RESET },
174 { USB_VENDOR_ID_ALPS_JP, HID_ANY_ID,
175 I2C_HID_QUIRK_RESET_ON_RESUME },
176 { I2C_VENDOR_ID_SYNAPTICS, I2C_PRODUCT_ID_SYNAPTICS_SYNA2393,
177 I2C_HID_QUIRK_RESET_ON_RESUME },
178 { USB_VENDOR_ID_ITE, I2C_DEVICE_ID_ITE_LENOVO_LEGION_Y720,
179 I2C_HID_QUIRK_BAD_INPUT_SIZE },
180 /*
181 * Sending the wakeup after reset actually break ELAN touchscreen controller
182 */
183 { USB_VENDOR_ID_ELAN, HID_ANY_ID,
184 I2C_HID_QUIRK_NO_WAKEUP_AFTER_RESET |
185 I2C_HID_QUIRK_BOGUS_IRQ },
186 { 0, 0 }
187 };
188
189 /*
190 * i2c_hid_lookup_quirk: return any quirks associated with a I2C HID device
191 * @idVendor: the 16-bit vendor ID
192 * @idProduct: the 16-bit product ID
193 *
194 * Returns: a u32 quirks value.
195 */
i2c_hid_lookup_quirk(const u16 idVendor,const u16 idProduct)196 static u32 i2c_hid_lookup_quirk(const u16 idVendor, const u16 idProduct)
197 {
198 u32 quirks = 0;
199 int n;
200
201 for (n = 0; i2c_hid_quirks[n].idVendor; n++)
202 if (i2c_hid_quirks[n].idVendor == idVendor &&
203 (i2c_hid_quirks[n].idProduct == (__u16)HID_ANY_ID ||
204 i2c_hid_quirks[n].idProduct == idProduct))
205 quirks = i2c_hid_quirks[n].quirks;
206
207 return quirks;
208 }
209
__i2c_hid_command(struct i2c_client * client,const struct i2c_hid_cmd * command,u8 reportID,u8 reportType,u8 * args,int args_len,unsigned char * buf_recv,int data_len)210 static int __i2c_hid_command(struct i2c_client *client,
211 const struct i2c_hid_cmd *command, u8 reportID,
212 u8 reportType, u8 *args, int args_len,
213 unsigned char *buf_recv, int data_len)
214 {
215 struct i2c_hid *ihid = i2c_get_clientdata(client);
216 union command *cmd = (union command *)ihid->cmdbuf;
217 int ret;
218 struct i2c_msg msg[2];
219 int msg_num = 1;
220
221 int length = command->length;
222 bool wait = command->wait;
223 unsigned int registerIndex = command->registerIndex;
224
225 /* special case for hid_descr_cmd */
226 if (command == &hid_descr_cmd) {
227 cmd->c.reg = ihid->wHIDDescRegister;
228 } else {
229 cmd->data[0] = ihid->hdesc_buffer[registerIndex];
230 cmd->data[1] = ihid->hdesc_buffer[registerIndex + 1];
231 }
232
233 if (length > 2) {
234 cmd->c.opcode = command->opcode;
235 cmd->c.reportTypeID = reportID | reportType << 4;
236 }
237
238 memcpy(cmd->data + length, args, args_len);
239 length += args_len;
240
241 i2c_hid_dbg(ihid, "%s: cmd=%*ph\n", __func__, length, cmd->data);
242
243 msg[0].addr = client->addr;
244 msg[0].flags = client->flags & I2C_M_TEN;
245 msg[0].len = length;
246 msg[0].buf = cmd->data;
247 if (data_len > 0) {
248 msg[1].addr = client->addr;
249 msg[1].flags = client->flags & I2C_M_TEN;
250 msg[1].flags |= I2C_M_RD;
251 msg[1].len = data_len;
252 msg[1].buf = buf_recv;
253 msg_num = 2;
254 set_bit(I2C_HID_READ_PENDING, &ihid->flags);
255 }
256
257 if (wait)
258 set_bit(I2C_HID_RESET_PENDING, &ihid->flags);
259
260 ret = i2c_transfer(client->adapter, msg, msg_num);
261
262 if (data_len > 0)
263 clear_bit(I2C_HID_READ_PENDING, &ihid->flags);
264
265 if (ret != msg_num)
266 return ret < 0 ? ret : -EIO;
267
268 ret = 0;
269
270 if (wait && (ihid->quirks & I2C_HID_QUIRK_NO_IRQ_AFTER_RESET)) {
271 msleep(100);
272 } else if (wait) {
273 i2c_hid_dbg(ihid, "%s: waiting...\n", __func__);
274 if (!wait_event_timeout(ihid->wait,
275 !test_bit(I2C_HID_RESET_PENDING, &ihid->flags),
276 msecs_to_jiffies(5000)))
277 ret = -ENODATA;
278 i2c_hid_dbg(ihid, "%s: finished.\n", __func__);
279 }
280
281 return ret;
282 }
283
i2c_hid_command(struct i2c_client * client,const struct i2c_hid_cmd * command,unsigned char * buf_recv,int data_len)284 static int i2c_hid_command(struct i2c_client *client,
285 const struct i2c_hid_cmd *command,
286 unsigned char *buf_recv, int data_len)
287 {
288 return __i2c_hid_command(client, command, 0, 0, NULL, 0,
289 buf_recv, data_len);
290 }
291
i2c_hid_get_report(struct i2c_client * client,u8 reportType,u8 reportID,unsigned char * buf_recv,int data_len)292 static int i2c_hid_get_report(struct i2c_client *client, u8 reportType,
293 u8 reportID, unsigned char *buf_recv, int data_len)
294 {
295 struct i2c_hid *ihid = i2c_get_clientdata(client);
296 u8 args[3];
297 int ret;
298 int args_len = 0;
299 u16 readRegister = le16_to_cpu(ihid->hdesc.wDataRegister);
300
301 i2c_hid_dbg(ihid, "%s\n", __func__);
302
303 if (reportID >= 0x0F) {
304 args[args_len++] = reportID;
305 reportID = 0x0F;
306 }
307
308 args[args_len++] = readRegister & 0xFF;
309 args[args_len++] = readRegister >> 8;
310
311 ret = __i2c_hid_command(client, &hid_get_report_cmd, reportID,
312 reportType, args, args_len, buf_recv, data_len);
313 if (ret) {
314 dev_err(&client->dev,
315 "failed to retrieve report from device.\n");
316 return ret;
317 }
318
319 return 0;
320 }
321
322 /**
323 * i2c_hid_set_or_send_report: forward an incoming report to the device
324 * @client: the i2c_client of the device
325 * @reportType: 0x03 for HID_FEATURE_REPORT ; 0x02 for HID_OUTPUT_REPORT
326 * @reportID: the report ID
327 * @buf: the actual data to transfer, without the report ID
328 * @data_len: size of buf
329 * @use_data: true: use SET_REPORT HID command, false: send plain OUTPUT report
330 */
i2c_hid_set_or_send_report(struct i2c_client * client,u8 reportType,u8 reportID,unsigned char * buf,size_t data_len,bool use_data)331 static int i2c_hid_set_or_send_report(struct i2c_client *client, u8 reportType,
332 u8 reportID, unsigned char *buf, size_t data_len, bool use_data)
333 {
334 struct i2c_hid *ihid = i2c_get_clientdata(client);
335 u8 *args = ihid->argsbuf;
336 const struct i2c_hid_cmd *hidcmd;
337 int ret;
338 u16 dataRegister = le16_to_cpu(ihid->hdesc.wDataRegister);
339 u16 outputRegister = le16_to_cpu(ihid->hdesc.wOutputRegister);
340 u16 maxOutputLength = le16_to_cpu(ihid->hdesc.wMaxOutputLength);
341 u16 size;
342 int args_len;
343 int index = 0;
344
345 i2c_hid_dbg(ihid, "%s\n", __func__);
346
347 if (data_len > ihid->bufsize)
348 return -EINVAL;
349
350 size = 2 /* size */ +
351 (reportID ? 1 : 0) /* reportID */ +
352 data_len /* buf */;
353 args_len = (reportID >= 0x0F ? 1 : 0) /* optional third byte */ +
354 2 /* dataRegister */ +
355 size /* args */;
356
357 if (!use_data && maxOutputLength == 0)
358 return -ENOSYS;
359
360 if (reportID >= 0x0F) {
361 args[index++] = reportID;
362 reportID = 0x0F;
363 }
364
365 /*
366 * use the data register for feature reports or if the device does not
367 * support the output register
368 */
369 if (use_data) {
370 args[index++] = dataRegister & 0xFF;
371 args[index++] = dataRegister >> 8;
372 hidcmd = &hid_set_report_cmd;
373 } else {
374 args[index++] = outputRegister & 0xFF;
375 args[index++] = outputRegister >> 8;
376 hidcmd = &hid_no_cmd;
377 }
378
379 args[index++] = size & 0xFF;
380 args[index++] = size >> 8;
381
382 if (reportID)
383 args[index++] = reportID;
384
385 memcpy(&args[index], buf, data_len);
386
387 ret = __i2c_hid_command(client, hidcmd, reportID,
388 reportType, args, args_len, NULL, 0);
389 if (ret) {
390 dev_err(&client->dev, "failed to set a report to device.\n");
391 return ret;
392 }
393
394 return data_len;
395 }
396
i2c_hid_set_power(struct i2c_client * client,int power_state)397 static int i2c_hid_set_power(struct i2c_client *client, int power_state)
398 {
399 struct i2c_hid *ihid = i2c_get_clientdata(client);
400 int ret;
401
402 i2c_hid_dbg(ihid, "%s\n", __func__);
403
404 /*
405 * Some devices require to send a command to wakeup before power on.
406 * The call will get a return value (EREMOTEIO) but device will be
407 * triggered and activated. After that, it goes like a normal device.
408 */
409 if (power_state == I2C_HID_PWR_ON &&
410 ihid->quirks & I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV) {
411 ret = i2c_hid_command(client, &hid_set_power_cmd, NULL, 0);
412
413 /* Device was already activated */
414 if (!ret)
415 goto set_pwr_exit;
416 }
417
418 ret = __i2c_hid_command(client, &hid_set_power_cmd, power_state,
419 0, NULL, 0, NULL, 0);
420
421 if (ret)
422 dev_err(&client->dev, "failed to change power setting.\n");
423
424 set_pwr_exit:
425
426 /*
427 * The HID over I2C specification states that if a DEVICE needs time
428 * after the PWR_ON request, it should utilise CLOCK stretching.
429 * However, it has been observered that the Windows driver provides a
430 * 1ms sleep between the PWR_ON and RESET requests.
431 * According to Goodix Windows even waits 60 ms after (other?)
432 * PWR_ON requests. Testing has confirmed that several devices
433 * will not work properly without a delay after a PWR_ON request.
434 */
435 if (!ret && power_state == I2C_HID_PWR_ON)
436 msleep(60);
437
438 return ret;
439 }
440
i2c_hid_hwreset(struct i2c_client * client)441 static int i2c_hid_hwreset(struct i2c_client *client)
442 {
443 struct i2c_hid *ihid = i2c_get_clientdata(client);
444 int ret;
445
446 i2c_hid_dbg(ihid, "%s\n", __func__);
447
448 /*
449 * This prevents sending feature reports while the device is
450 * being reset. Otherwise we may lose the reset complete
451 * interrupt.
452 */
453 mutex_lock(&ihid->reset_lock);
454
455 ret = i2c_hid_set_power(client, I2C_HID_PWR_ON);
456 if (ret)
457 goto out_unlock;
458
459 i2c_hid_dbg(ihid, "resetting...\n");
460
461 ret = i2c_hid_command(client, &hid_reset_cmd, NULL, 0);
462 if (ret) {
463 dev_err(&client->dev, "failed to reset device.\n");
464 i2c_hid_set_power(client, I2C_HID_PWR_SLEEP);
465 goto out_unlock;
466 }
467
468 /* At least some SIS devices need this after reset */
469 if (!(ihid->quirks & I2C_HID_QUIRK_NO_WAKEUP_AFTER_RESET))
470 ret = i2c_hid_set_power(client, I2C_HID_PWR_ON);
471
472 out_unlock:
473 mutex_unlock(&ihid->reset_lock);
474 return ret;
475 }
476
i2c_hid_get_input(struct i2c_hid * ihid)477 static void i2c_hid_get_input(struct i2c_hid *ihid)
478 {
479 int ret;
480 u32 ret_size;
481 int size = le16_to_cpu(ihid->hdesc.wMaxInputLength);
482
483 if (size > ihid->bufsize)
484 size = ihid->bufsize;
485
486 ret = i2c_master_recv(ihid->client, ihid->inbuf, size);
487 if (ret != size) {
488 if (ret < 0)
489 return;
490
491 dev_err(&ihid->client->dev, "%s: got %d data instead of %d\n",
492 __func__, ret, size);
493 return;
494 }
495
496 ret_size = ihid->inbuf[0] | ihid->inbuf[1] << 8;
497
498 if (!ret_size) {
499 /* host or device initiated RESET completed */
500 if (test_and_clear_bit(I2C_HID_RESET_PENDING, &ihid->flags))
501 wake_up(&ihid->wait);
502 return;
503 }
504
505 if (ihid->quirks & I2C_HID_QUIRK_BOGUS_IRQ && ret_size == 0xffff) {
506 dev_warn_once(&ihid->client->dev, "%s: IRQ triggered but "
507 "there's no data\n", __func__);
508 return;
509 }
510
511 if ((ret_size > size) || (ret_size < 2)) {
512 if (ihid->quirks & I2C_HID_QUIRK_BAD_INPUT_SIZE) {
513 ihid->inbuf[0] = size & 0xff;
514 ihid->inbuf[1] = size >> 8;
515 ret_size = size;
516 } else {
517 dev_err(&ihid->client->dev, "%s: incomplete report (%d/%d)\n",
518 __func__, size, ret_size);
519 return;
520 }
521 }
522
523 i2c_hid_dbg(ihid, "input: %*ph\n", ret_size, ihid->inbuf);
524
525 if (test_bit(I2C_HID_STARTED, &ihid->flags))
526 hid_input_report(ihid->hid, HID_INPUT_REPORT, ihid->inbuf + 2,
527 ret_size - 2, 1);
528
529 return;
530 }
531
i2c_hid_irq(int irq,void * dev_id)532 static irqreturn_t i2c_hid_irq(int irq, void *dev_id)
533 {
534 struct i2c_hid *ihid = dev_id;
535
536 if (test_bit(I2C_HID_READ_PENDING, &ihid->flags))
537 return IRQ_HANDLED;
538
539 i2c_hid_get_input(ihid);
540
541 return IRQ_HANDLED;
542 }
543
i2c_hid_get_report_length(struct hid_report * report)544 static int i2c_hid_get_report_length(struct hid_report *report)
545 {
546 return ((report->size - 1) >> 3) + 1 +
547 report->device->report_enum[report->type].numbered + 2;
548 }
549
550 /*
551 * Traverse the supplied list of reports and find the longest
552 */
i2c_hid_find_max_report(struct hid_device * hid,unsigned int type,unsigned int * max)553 static void i2c_hid_find_max_report(struct hid_device *hid, unsigned int type,
554 unsigned int *max)
555 {
556 struct hid_report *report;
557 unsigned int size;
558
559 /* We should not rely on wMaxInputLength, as some devices may set it to
560 * a wrong length. */
561 list_for_each_entry(report, &hid->report_enum[type].report_list, list) {
562 size = i2c_hid_get_report_length(report);
563 if (*max < size)
564 *max = size;
565 }
566 }
567
i2c_hid_free_buffers(struct i2c_hid * ihid)568 static void i2c_hid_free_buffers(struct i2c_hid *ihid)
569 {
570 kfree(ihid->inbuf);
571 kfree(ihid->rawbuf);
572 kfree(ihid->argsbuf);
573 kfree(ihid->cmdbuf);
574 ihid->inbuf = NULL;
575 ihid->rawbuf = NULL;
576 ihid->cmdbuf = NULL;
577 ihid->argsbuf = NULL;
578 ihid->bufsize = 0;
579 }
580
i2c_hid_alloc_buffers(struct i2c_hid * ihid,size_t report_size)581 static int i2c_hid_alloc_buffers(struct i2c_hid *ihid, size_t report_size)
582 {
583 /* the worst case is computed from the set_report command with a
584 * reportID > 15 and the maximum report length */
585 int args_len = sizeof(__u8) + /* ReportID */
586 sizeof(__u8) + /* optional ReportID byte */
587 sizeof(__u16) + /* data register */
588 sizeof(__u16) + /* size of the report */
589 report_size; /* report */
590
591 ihid->inbuf = kzalloc(report_size, GFP_KERNEL);
592 ihid->rawbuf = kzalloc(report_size, GFP_KERNEL);
593 ihid->argsbuf = kzalloc(args_len, GFP_KERNEL);
594 ihid->cmdbuf = kzalloc(sizeof(union command) + args_len, GFP_KERNEL);
595
596 if (!ihid->inbuf || !ihid->rawbuf || !ihid->argsbuf || !ihid->cmdbuf) {
597 i2c_hid_free_buffers(ihid);
598 return -ENOMEM;
599 }
600
601 ihid->bufsize = report_size;
602
603 return 0;
604 }
605
i2c_hid_get_raw_report(struct hid_device * hid,unsigned char report_number,__u8 * buf,size_t count,unsigned char report_type)606 static int i2c_hid_get_raw_report(struct hid_device *hid,
607 unsigned char report_number, __u8 *buf, size_t count,
608 unsigned char report_type)
609 {
610 struct i2c_client *client = hid->driver_data;
611 struct i2c_hid *ihid = i2c_get_clientdata(client);
612 size_t ret_count, ask_count;
613 int ret;
614
615 if (report_type == HID_OUTPUT_REPORT)
616 return -EINVAL;
617
618 /*
619 * In case of unnumbered reports the response from the device will
620 * not have the report ID that the upper layers expect, so we need
621 * to stash it the buffer ourselves and adjust the data size.
622 */
623 if (!report_number) {
624 buf[0] = 0;
625 buf++;
626 count--;
627 }
628
629 /* +2 bytes to include the size of the reply in the query buffer */
630 ask_count = min(count + 2, (size_t)ihid->bufsize);
631
632 ret = i2c_hid_get_report(client,
633 report_type == HID_FEATURE_REPORT ? 0x03 : 0x01,
634 report_number, ihid->rawbuf, ask_count);
635
636 if (ret < 0)
637 return ret;
638
639 ret_count = ihid->rawbuf[0] | (ihid->rawbuf[1] << 8);
640
641 if (ret_count <= 2)
642 return 0;
643
644 ret_count = min(ret_count, ask_count);
645
646 /* The query buffer contains the size, dropping it in the reply */
647 count = min(count, ret_count - 2);
648 memcpy(buf, ihid->rawbuf + 2, count);
649
650 if (!report_number)
651 count++;
652
653 return count;
654 }
655
i2c_hid_output_raw_report(struct hid_device * hid,__u8 * buf,size_t count,unsigned char report_type,bool use_data)656 static int i2c_hid_output_raw_report(struct hid_device *hid, __u8 *buf,
657 size_t count, unsigned char report_type, bool use_data)
658 {
659 struct i2c_client *client = hid->driver_data;
660 struct i2c_hid *ihid = i2c_get_clientdata(client);
661 int report_id = buf[0];
662 int ret;
663
664 if (report_type == HID_INPUT_REPORT)
665 return -EINVAL;
666
667 mutex_lock(&ihid->reset_lock);
668
669 /*
670 * Note that both numbered and unnumbered reports passed here
671 * are supposed to have report ID stored in the 1st byte of the
672 * buffer, so we strip it off unconditionally before passing payload
673 * to i2c_hid_set_or_send_report which takes care of encoding
674 * everything properly.
675 */
676 ret = i2c_hid_set_or_send_report(client,
677 report_type == HID_FEATURE_REPORT ? 0x03 : 0x02,
678 report_id, buf + 1, count - 1, use_data);
679
680 if (ret >= 0)
681 ret++; /* add report_id to the number of transferred bytes */
682
683 mutex_unlock(&ihid->reset_lock);
684
685 return ret;
686 }
687
i2c_hid_output_report(struct hid_device * hid,__u8 * buf,size_t count)688 static int i2c_hid_output_report(struct hid_device *hid, __u8 *buf,
689 size_t count)
690 {
691 return i2c_hid_output_raw_report(hid, buf, count, HID_OUTPUT_REPORT,
692 false);
693 }
694
i2c_hid_raw_request(struct hid_device * hid,unsigned char reportnum,__u8 * buf,size_t len,unsigned char rtype,int reqtype)695 static int i2c_hid_raw_request(struct hid_device *hid, unsigned char reportnum,
696 __u8 *buf, size_t len, unsigned char rtype,
697 int reqtype)
698 {
699 switch (reqtype) {
700 case HID_REQ_GET_REPORT:
701 return i2c_hid_get_raw_report(hid, reportnum, buf, len, rtype);
702 case HID_REQ_SET_REPORT:
703 if (buf[0] != reportnum)
704 return -EINVAL;
705 return i2c_hid_output_raw_report(hid, buf, len, rtype, true);
706 default:
707 return -EIO;
708 }
709 }
710
i2c_hid_parse(struct hid_device * hid)711 static int i2c_hid_parse(struct hid_device *hid)
712 {
713 struct i2c_client *client = hid->driver_data;
714 struct i2c_hid *ihid = i2c_get_clientdata(client);
715 struct i2c_hid_desc *hdesc = &ihid->hdesc;
716 unsigned int rsize;
717 char *rdesc;
718 int ret;
719 int tries = 3;
720 char *use_override;
721
722 i2c_hid_dbg(ihid, "entering %s\n", __func__);
723
724 rsize = le16_to_cpu(hdesc->wReportDescLength);
725 if (!rsize || rsize > HID_MAX_DESCRIPTOR_SIZE) {
726 dbg_hid("weird size of report descriptor (%u)\n", rsize);
727 return -EINVAL;
728 }
729
730 do {
731 ret = i2c_hid_hwreset(client);
732 if (ret)
733 msleep(1000);
734 } while (tries-- > 0 && ret);
735
736 if (ret)
737 return ret;
738
739 use_override = i2c_hid_get_dmi_hid_report_desc_override(client->name,
740 &rsize);
741
742 if (use_override) {
743 rdesc = use_override;
744 i2c_hid_dbg(ihid, "Using a HID report descriptor override\n");
745 } else {
746 rdesc = kzalloc(rsize, GFP_KERNEL);
747
748 if (!rdesc) {
749 dbg_hid("couldn't allocate rdesc memory\n");
750 return -ENOMEM;
751 }
752
753 i2c_hid_dbg(ihid, "asking HID report descriptor\n");
754
755 ret = i2c_hid_command(client, &hid_report_descr_cmd,
756 rdesc, rsize);
757 if (ret) {
758 hid_err(hid, "reading report descriptor failed\n");
759 kfree(rdesc);
760 return -EIO;
761 }
762 }
763
764 i2c_hid_dbg(ihid, "Report Descriptor: %*ph\n", rsize, rdesc);
765
766 ret = hid_parse_report(hid, rdesc, rsize);
767 if (!use_override)
768 kfree(rdesc);
769
770 if (ret) {
771 dbg_hid("parsing report descriptor failed\n");
772 return ret;
773 }
774
775 return 0;
776 }
777
i2c_hid_start(struct hid_device * hid)778 static int i2c_hid_start(struct hid_device *hid)
779 {
780 struct i2c_client *client = hid->driver_data;
781 struct i2c_hid *ihid = i2c_get_clientdata(client);
782 int ret;
783 unsigned int bufsize = HID_MIN_BUFFER_SIZE;
784
785 i2c_hid_find_max_report(hid, HID_INPUT_REPORT, &bufsize);
786 i2c_hid_find_max_report(hid, HID_OUTPUT_REPORT, &bufsize);
787 i2c_hid_find_max_report(hid, HID_FEATURE_REPORT, &bufsize);
788
789 if (bufsize > ihid->bufsize) {
790 disable_irq(client->irq);
791 i2c_hid_free_buffers(ihid);
792
793 ret = i2c_hid_alloc_buffers(ihid, bufsize);
794 enable_irq(client->irq);
795
796 if (ret)
797 return ret;
798 }
799
800 return 0;
801 }
802
i2c_hid_stop(struct hid_device * hid)803 static void i2c_hid_stop(struct hid_device *hid)
804 {
805 hid->claimed = 0;
806 }
807
i2c_hid_open(struct hid_device * hid)808 static int i2c_hid_open(struct hid_device *hid)
809 {
810 struct i2c_client *client = hid->driver_data;
811 struct i2c_hid *ihid = i2c_get_clientdata(client);
812
813 set_bit(I2C_HID_STARTED, &ihid->flags);
814 return 0;
815 }
816
i2c_hid_close(struct hid_device * hid)817 static void i2c_hid_close(struct hid_device *hid)
818 {
819 struct i2c_client *client = hid->driver_data;
820 struct i2c_hid *ihid = i2c_get_clientdata(client);
821
822 clear_bit(I2C_HID_STARTED, &ihid->flags);
823 }
824
825 struct hid_ll_driver i2c_hid_ll_driver = {
826 .parse = i2c_hid_parse,
827 .start = i2c_hid_start,
828 .stop = i2c_hid_stop,
829 .open = i2c_hid_open,
830 .close = i2c_hid_close,
831 .output_report = i2c_hid_output_report,
832 .raw_request = i2c_hid_raw_request,
833 };
834 EXPORT_SYMBOL_GPL(i2c_hid_ll_driver);
835
i2c_hid_init_irq(struct i2c_client * client)836 static int i2c_hid_init_irq(struct i2c_client *client)
837 {
838 struct i2c_hid *ihid = i2c_get_clientdata(client);
839 unsigned long irqflags = 0;
840 int ret;
841
842 dev_dbg(&client->dev, "Requesting IRQ: %d\n", client->irq);
843
844 if (!irq_get_trigger_type(client->irq))
845 irqflags = IRQF_TRIGGER_LOW;
846
847 ret = request_threaded_irq(client->irq, NULL, i2c_hid_irq,
848 irqflags | IRQF_ONESHOT, client->name, ihid);
849 if (ret < 0) {
850 dev_warn(&client->dev,
851 "Could not register for %s interrupt, irq = %d,"
852 " ret = %d\n",
853 client->name, client->irq, ret);
854
855 return ret;
856 }
857
858 return 0;
859 }
860
i2c_hid_fetch_hid_descriptor(struct i2c_hid * ihid)861 static int i2c_hid_fetch_hid_descriptor(struct i2c_hid *ihid)
862 {
863 struct i2c_client *client = ihid->client;
864 struct i2c_hid_desc *hdesc = &ihid->hdesc;
865 unsigned int dsize;
866 int ret;
867
868 /* i2c hid fetch using a fixed descriptor size (30 bytes) */
869 if (i2c_hid_get_dmi_i2c_hid_desc_override(client->name)) {
870 i2c_hid_dbg(ihid, "Using a HID descriptor override\n");
871 ihid->hdesc =
872 *i2c_hid_get_dmi_i2c_hid_desc_override(client->name);
873 } else {
874 i2c_hid_dbg(ihid, "Fetching the HID descriptor\n");
875 ret = i2c_hid_command(client, &hid_descr_cmd,
876 ihid->hdesc_buffer,
877 sizeof(struct i2c_hid_desc));
878 if (ret) {
879 dev_err(&client->dev, "hid_descr_cmd failed\n");
880 return -ENODEV;
881 }
882 }
883
884 /* Validate the length of HID descriptor, the 4 first bytes:
885 * bytes 0-1 -> length
886 * bytes 2-3 -> bcdVersion (has to be 1.00) */
887 /* check bcdVersion == 1.0 */
888 if (le16_to_cpu(hdesc->bcdVersion) != 0x0100) {
889 dev_err(&client->dev,
890 "unexpected HID descriptor bcdVersion (0x%04hx)\n",
891 le16_to_cpu(hdesc->bcdVersion));
892 return -ENODEV;
893 }
894
895 /* Descriptor length should be 30 bytes as per the specification */
896 dsize = le16_to_cpu(hdesc->wHIDDescLength);
897 if (dsize != sizeof(struct i2c_hid_desc)) {
898 dev_err(&client->dev, "weird size of HID descriptor (%u)\n",
899 dsize);
900 return -ENODEV;
901 }
902 i2c_hid_dbg(ihid, "HID Descriptor: %*ph\n", dsize, ihid->hdesc_buffer);
903 return 0;
904 }
905
i2c_hid_core_power_up(struct i2c_hid * ihid)906 static int i2c_hid_core_power_up(struct i2c_hid *ihid)
907 {
908 if (!ihid->ops->power_up)
909 return 0;
910
911 return ihid->ops->power_up(ihid->ops);
912 }
913
i2c_hid_core_power_down(struct i2c_hid * ihid)914 static void i2c_hid_core_power_down(struct i2c_hid *ihid)
915 {
916 if (!ihid->ops->power_down)
917 return;
918
919 ihid->ops->power_down(ihid->ops);
920 }
921
i2c_hid_core_shutdown_tail(struct i2c_hid * ihid)922 static void i2c_hid_core_shutdown_tail(struct i2c_hid *ihid)
923 {
924 if (!ihid->ops->shutdown_tail)
925 return;
926
927 ihid->ops->shutdown_tail(ihid->ops);
928 }
929
i2c_hid_core_probe(struct i2c_client * client,struct i2chid_ops * ops,u16 hid_descriptor_address,u32 quirks)930 int i2c_hid_core_probe(struct i2c_client *client, struct i2chid_ops *ops,
931 u16 hid_descriptor_address, u32 quirks)
932 {
933 int ret;
934 struct i2c_hid *ihid;
935 struct hid_device *hid;
936
937 dbg_hid("HID probe called for i2c 0x%02x\n", client->addr);
938
939 if (!client->irq) {
940 dev_err(&client->dev,
941 "HID over i2c has not been provided an Int IRQ\n");
942 return -EINVAL;
943 }
944
945 if (client->irq < 0) {
946 if (client->irq != -EPROBE_DEFER)
947 dev_err(&client->dev,
948 "HID over i2c doesn't have a valid IRQ\n");
949 return client->irq;
950 }
951
952 ihid = devm_kzalloc(&client->dev, sizeof(*ihid), GFP_KERNEL);
953 if (!ihid)
954 return -ENOMEM;
955
956 ihid->ops = ops;
957
958 ret = i2c_hid_core_power_up(ihid);
959 if (ret)
960 return ret;
961
962 i2c_set_clientdata(client, ihid);
963
964 ihid->client = client;
965
966 ihid->wHIDDescRegister = cpu_to_le16(hid_descriptor_address);
967
968 init_waitqueue_head(&ihid->wait);
969 mutex_init(&ihid->reset_lock);
970
971 /* we need to allocate the command buffer without knowing the maximum
972 * size of the reports. Let's use HID_MIN_BUFFER_SIZE, then we do the
973 * real computation later. */
974 ret = i2c_hid_alloc_buffers(ihid, HID_MIN_BUFFER_SIZE);
975 if (ret < 0)
976 goto err_powered;
977
978 device_enable_async_suspend(&client->dev);
979
980 /* Make sure there is something at this address */
981 ret = i2c_smbus_read_byte(client);
982 if (ret < 0) {
983 dev_dbg(&client->dev, "nothing at this address: %d\n", ret);
984 ret = -ENXIO;
985 goto err_powered;
986 }
987
988 ret = i2c_hid_fetch_hid_descriptor(ihid);
989 if (ret < 0) {
990 dev_err(&client->dev,
991 "Failed to fetch the HID Descriptor\n");
992 goto err_powered;
993 }
994
995 ret = i2c_hid_init_irq(client);
996 if (ret < 0)
997 goto err_powered;
998
999 hid = hid_allocate_device();
1000 if (IS_ERR(hid)) {
1001 ret = PTR_ERR(hid);
1002 goto err_irq;
1003 }
1004
1005 ihid->hid = hid;
1006
1007 hid->driver_data = client;
1008 hid->ll_driver = &i2c_hid_ll_driver;
1009 hid->dev.parent = &client->dev;
1010 hid->bus = BUS_I2C;
1011 hid->version = le16_to_cpu(ihid->hdesc.bcdVersion);
1012 hid->vendor = le16_to_cpu(ihid->hdesc.wVendorID);
1013 hid->product = le16_to_cpu(ihid->hdesc.wProductID);
1014
1015 hid->initial_quirks = quirks;
1016 hid->initial_quirks |= i2c_hid_get_dmi_quirks(hid->vendor,
1017 hid->product);
1018
1019 snprintf(hid->name, sizeof(hid->name), "%s %04X:%04X",
1020 client->name, (u16)hid->vendor, (u16)hid->product);
1021 strlcpy(hid->phys, dev_name(&client->dev), sizeof(hid->phys));
1022
1023 ihid->quirks = i2c_hid_lookup_quirk(hid->vendor, hid->product);
1024
1025 ret = hid_add_device(hid);
1026 if (ret) {
1027 if (ret != -ENODEV)
1028 hid_err(client, "can't add hid device: %d\n", ret);
1029 goto err_mem_free;
1030 }
1031
1032 return 0;
1033
1034 err_mem_free:
1035 hid_destroy_device(hid);
1036
1037 err_irq:
1038 free_irq(client->irq, ihid);
1039
1040 err_powered:
1041 i2c_hid_core_power_down(ihid);
1042 i2c_hid_free_buffers(ihid);
1043 return ret;
1044 }
1045 EXPORT_SYMBOL_GPL(i2c_hid_core_probe);
1046
i2c_hid_core_remove(struct i2c_client * client)1047 int i2c_hid_core_remove(struct i2c_client *client)
1048 {
1049 struct i2c_hid *ihid = i2c_get_clientdata(client);
1050 struct hid_device *hid;
1051
1052 hid = ihid->hid;
1053 hid_destroy_device(hid);
1054
1055 free_irq(client->irq, ihid);
1056
1057 if (ihid->bufsize)
1058 i2c_hid_free_buffers(ihid);
1059
1060 i2c_hid_core_power_down(ihid);
1061
1062 return 0;
1063 }
1064 EXPORT_SYMBOL_GPL(i2c_hid_core_remove);
1065
i2c_hid_core_shutdown(struct i2c_client * client)1066 void i2c_hid_core_shutdown(struct i2c_client *client)
1067 {
1068 struct i2c_hid *ihid = i2c_get_clientdata(client);
1069
1070 i2c_hid_set_power(client, I2C_HID_PWR_SLEEP);
1071 free_irq(client->irq, ihid);
1072
1073 i2c_hid_core_shutdown_tail(ihid);
1074 }
1075 EXPORT_SYMBOL_GPL(i2c_hid_core_shutdown);
1076
1077 #ifdef CONFIG_PM_SLEEP
i2c_hid_core_suspend(struct device * dev)1078 static int i2c_hid_core_suspend(struct device *dev)
1079 {
1080 struct i2c_client *client = to_i2c_client(dev);
1081 struct i2c_hid *ihid = i2c_get_clientdata(client);
1082 struct hid_device *hid = ihid->hid;
1083 int ret;
1084 int wake_status;
1085
1086 if (hid->driver && hid->driver->suspend) {
1087 ret = hid->driver->suspend(hid, PMSG_SUSPEND);
1088 if (ret < 0)
1089 return ret;
1090 }
1091
1092 /* Save some power */
1093 i2c_hid_set_power(client, I2C_HID_PWR_SLEEP);
1094
1095 disable_irq(client->irq);
1096
1097 if (device_may_wakeup(&client->dev)) {
1098 wake_status = enable_irq_wake(client->irq);
1099 if (!wake_status)
1100 ihid->irq_wake_enabled = true;
1101 else
1102 hid_warn(hid, "Failed to enable irq wake: %d\n",
1103 wake_status);
1104 } else {
1105 i2c_hid_core_power_down(ihid);
1106 }
1107
1108 return 0;
1109 }
1110
i2c_hid_core_resume(struct device * dev)1111 static int i2c_hid_core_resume(struct device *dev)
1112 {
1113 int ret;
1114 struct i2c_client *client = to_i2c_client(dev);
1115 struct i2c_hid *ihid = i2c_get_clientdata(client);
1116 struct hid_device *hid = ihid->hid;
1117 int wake_status;
1118
1119 if (!device_may_wakeup(&client->dev)) {
1120 i2c_hid_core_power_up(ihid);
1121 } else if (ihid->irq_wake_enabled) {
1122 wake_status = disable_irq_wake(client->irq);
1123 if (!wake_status)
1124 ihid->irq_wake_enabled = false;
1125 else
1126 hid_warn(hid, "Failed to disable irq wake: %d\n",
1127 wake_status);
1128 }
1129
1130 enable_irq(client->irq);
1131
1132 /* Instead of resetting device, simply powers the device on. This
1133 * solves "incomplete reports" on Raydium devices 2386:3118 and
1134 * 2386:4B33 and fixes various SIS touchscreens no longer sending
1135 * data after a suspend/resume.
1136 *
1137 * However some ALPS touchpads generate IRQ storm without reset, so
1138 * let's still reset them here.
1139 */
1140 if (ihid->quirks & I2C_HID_QUIRK_RESET_ON_RESUME)
1141 ret = i2c_hid_hwreset(client);
1142 else
1143 ret = i2c_hid_set_power(client, I2C_HID_PWR_ON);
1144
1145 if (ret)
1146 return ret;
1147
1148 if (hid->driver && hid->driver->reset_resume) {
1149 ret = hid->driver->reset_resume(hid);
1150 return ret;
1151 }
1152
1153 return 0;
1154 }
1155 #endif
1156
1157 const struct dev_pm_ops i2c_hid_core_pm = {
1158 SET_SYSTEM_SLEEP_PM_OPS(i2c_hid_core_suspend, i2c_hid_core_resume)
1159 };
1160 EXPORT_SYMBOL_GPL(i2c_hid_core_pm);
1161
1162 MODULE_DESCRIPTION("HID over I2C core driver");
1163 MODULE_AUTHOR("Benjamin Tissoires <benjamin.tissoires@gmail.com>");
1164 MODULE_LICENSE("GPL");
1165