Loading...
1/*
2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
23#include <linux/module.h>
24
25#include <linux/types.h>
26#include <linux/errno.h>
27#include <linux/kernel.h>
28#include <linux/sched.h>
29#include <linux/slab.h>
30#include <linux/poll.h>
31#include <linux/freezer.h>
32#include <linux/fcntl.h>
33#include <linux/skbuff.h>
34#include <linux/socket.h>
35#include <linux/ioctl.h>
36#include <linux/file.h>
37#include <linux/init.h>
38#include <linux/wait.h>
39#include <linux/mutex.h>
40#include <linux/kthread.h>
41#include <net/sock.h>
42
43#include <linux/input.h>
44#include <linux/hid.h>
45#include <linux/hidraw.h>
46
47#include <net/bluetooth/bluetooth.h>
48#include <net/bluetooth/hci_core.h>
49#include <net/bluetooth/l2cap.h>
50
51#include "hidp.h"
52
53#define VERSION "1.2"
54
55static DECLARE_RWSEM(hidp_session_sem);
56static LIST_HEAD(hidp_session_list);
57
58static unsigned char hidp_keycode[256] = {
59 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36,
60 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45,
61 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1,
62 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52,
63 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88,
64 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69,
65 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73,
66 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
67 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
68 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94,
69 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0,
70 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
71 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
72 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
73 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
74 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
75 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115,
76 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
77};
78
79static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
80
81static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
82{
83 struct hidp_session *session;
84
85 BT_DBG("");
86
87 list_for_each_entry(session, &hidp_session_list, list) {
88 if (!bacmp(bdaddr, &session->bdaddr))
89 return session;
90 }
91
92 return NULL;
93}
94
95static void __hidp_link_session(struct hidp_session *session)
96{
97 list_add(&session->list, &hidp_session_list);
98}
99
100static void __hidp_unlink_session(struct hidp_session *session)
101{
102 hci_conn_put_device(session->conn);
103
104 list_del(&session->list);
105}
106
107static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
108{
109 memset(ci, 0, sizeof(*ci));
110 bacpy(&ci->bdaddr, &session->bdaddr);
111
112 ci->flags = session->flags;
113 ci->state = session->state;
114
115 ci->vendor = 0x0000;
116 ci->product = 0x0000;
117 ci->version = 0x0000;
118
119 if (session->input) {
120 ci->vendor = session->input->id.vendor;
121 ci->product = session->input->id.product;
122 ci->version = session->input->id.version;
123 if (session->input->name)
124 strncpy(ci->name, session->input->name, 128);
125 else
126 strncpy(ci->name, "HID Boot Device", 128);
127 }
128
129 if (session->hid) {
130 ci->vendor = session->hid->vendor;
131 ci->product = session->hid->product;
132 ci->version = session->hid->version;
133 strncpy(ci->name, session->hid->name, 128);
134 }
135}
136
137static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
138 unsigned int type, unsigned int code, int value)
139{
140 unsigned char newleds;
141 struct sk_buff *skb;
142
143 BT_DBG("session %p type %d code %d value %d", session, type, code, value);
144
145 if (type != EV_LED)
146 return -1;
147
148 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
149 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
150 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
151 (!!test_bit(LED_CAPSL, dev->led) << 1) |
152 (!!test_bit(LED_NUML, dev->led));
153
154 if (session->leds == newleds)
155 return 0;
156
157 session->leds = newleds;
158
159 skb = alloc_skb(3, GFP_ATOMIC);
160 if (!skb) {
161 BT_ERR("Can't allocate memory for new frame");
162 return -ENOMEM;
163 }
164
165 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
166 *skb_put(skb, 1) = 0x01;
167 *skb_put(skb, 1) = newleds;
168
169 skb_queue_tail(&session->intr_transmit, skb);
170
171 hidp_schedule(session);
172
173 return 0;
174}
175
176static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
177{
178 struct hid_device *hid = input_get_drvdata(dev);
179 struct hidp_session *session = hid->driver_data;
180
181 return hidp_queue_event(session, dev, type, code, value);
182}
183
184static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
185{
186 struct hidp_session *session = input_get_drvdata(dev);
187
188 return hidp_queue_event(session, dev, type, code, value);
189}
190
191static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
192{
193 struct input_dev *dev = session->input;
194 unsigned char *keys = session->keys;
195 unsigned char *udata = skb->data + 1;
196 signed char *sdata = skb->data + 1;
197 int i, size = skb->len - 1;
198
199 switch (skb->data[0]) {
200 case 0x01: /* Keyboard report */
201 for (i = 0; i < 8; i++)
202 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
203
204 /* If all the key codes have been set to 0x01, it means
205 * too many keys were pressed at the same time. */
206 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
207 break;
208
209 for (i = 2; i < 8; i++) {
210 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
211 if (hidp_keycode[keys[i]])
212 input_report_key(dev, hidp_keycode[keys[i]], 0);
213 else
214 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
215 }
216
217 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
218 if (hidp_keycode[udata[i]])
219 input_report_key(dev, hidp_keycode[udata[i]], 1);
220 else
221 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
222 }
223 }
224
225 memcpy(keys, udata, 8);
226 break;
227
228 case 0x02: /* Mouse report */
229 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
230 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
231 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
232 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
233 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
234
235 input_report_rel(dev, REL_X, sdata[1]);
236 input_report_rel(dev, REL_Y, sdata[2]);
237
238 if (size > 3)
239 input_report_rel(dev, REL_WHEEL, sdata[3]);
240 break;
241 }
242
243 input_sync(dev);
244}
245
246static int __hidp_send_ctrl_message(struct hidp_session *session,
247 unsigned char hdr, unsigned char *data, int size)
248{
249 struct sk_buff *skb;
250
251 BT_DBG("session %p data %p size %d", session, data, size);
252
253 if (atomic_read(&session->terminate))
254 return -EIO;
255
256 skb = alloc_skb(size + 1, GFP_ATOMIC);
257 if (!skb) {
258 BT_ERR("Can't allocate memory for new frame");
259 return -ENOMEM;
260 }
261
262 *skb_put(skb, 1) = hdr;
263 if (data && size > 0)
264 memcpy(skb_put(skb, size), data, size);
265
266 skb_queue_tail(&session->ctrl_transmit, skb);
267
268 return 0;
269}
270
271static inline int hidp_send_ctrl_message(struct hidp_session *session,
272 unsigned char hdr, unsigned char *data, int size)
273{
274 int err;
275
276 err = __hidp_send_ctrl_message(session, hdr, data, size);
277
278 hidp_schedule(session);
279
280 return err;
281}
282
283static int hidp_queue_report(struct hidp_session *session,
284 unsigned char *data, int size)
285{
286 struct sk_buff *skb;
287
288 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
289
290 skb = alloc_skb(size + 1, GFP_ATOMIC);
291 if (!skb) {
292 BT_ERR("Can't allocate memory for new frame");
293 return -ENOMEM;
294 }
295
296 *skb_put(skb, 1) = 0xa2;
297 if (size > 0)
298 memcpy(skb_put(skb, size), data, size);
299
300 skb_queue_tail(&session->intr_transmit, skb);
301
302 hidp_schedule(session);
303
304 return 0;
305}
306
307static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
308{
309 unsigned char buf[32];
310 int rsize;
311
312 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
313 if (rsize > sizeof(buf))
314 return -EIO;
315
316 hid_output_report(report, buf);
317
318 return hidp_queue_report(session, buf, rsize);
319}
320
321static int hidp_get_raw_report(struct hid_device *hid,
322 unsigned char report_number,
323 unsigned char *data, size_t count,
324 unsigned char report_type)
325{
326 struct hidp_session *session = hid->driver_data;
327 struct sk_buff *skb;
328 size_t len;
329 int numbered_reports = hid->report_enum[report_type].numbered;
330 int ret;
331
332 switch (report_type) {
333 case HID_FEATURE_REPORT:
334 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
335 break;
336 case HID_INPUT_REPORT:
337 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
338 break;
339 case HID_OUTPUT_REPORT:
340 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
341 break;
342 default:
343 return -EINVAL;
344 }
345
346 if (mutex_lock_interruptible(&session->report_mutex))
347 return -ERESTARTSYS;
348
349 /* Set up our wait, and send the report request to the device. */
350 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
351 session->waiting_report_number = numbered_reports ? report_number : -1;
352 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
353 data[0] = report_number;
354 ret = hidp_send_ctrl_message(hid->driver_data, report_type, data, 1);
355 if (ret)
356 goto err;
357
358 /* Wait for the return of the report. The returned report
359 gets put in session->report_return. */
360 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) {
361 int res;
362
363 res = wait_event_interruptible_timeout(session->report_queue,
364 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags),
365 5*HZ);
366 if (res == 0) {
367 /* timeout */
368 ret = -EIO;
369 goto err;
370 }
371 if (res < 0) {
372 /* signal */
373 ret = -ERESTARTSYS;
374 goto err;
375 }
376 }
377
378 skb = session->report_return;
379 if (skb) {
380 len = skb->len < count ? skb->len : count;
381 memcpy(data, skb->data, len);
382
383 kfree_skb(skb);
384 session->report_return = NULL;
385 } else {
386 /* Device returned a HANDSHAKE, indicating protocol error. */
387 len = -EIO;
388 }
389
390 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
391 mutex_unlock(&session->report_mutex);
392
393 return len;
394
395err:
396 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
397 mutex_unlock(&session->report_mutex);
398 return ret;
399}
400
401static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
402 unsigned char report_type)
403{
404 struct hidp_session *session = hid->driver_data;
405 int ret;
406
407 switch (report_type) {
408 case HID_FEATURE_REPORT:
409 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
410 break;
411 case HID_OUTPUT_REPORT:
412 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT;
413 break;
414 default:
415 return -EINVAL;
416 }
417
418 if (mutex_lock_interruptible(&session->report_mutex))
419 return -ERESTARTSYS;
420
421 /* Set up our wait, and send the report request to the device. */
422 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
423 ret = hidp_send_ctrl_message(hid->driver_data, report_type, data,
424 count);
425 if (ret)
426 goto err;
427
428 /* Wait for the ACK from the device. */
429 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) {
430 int res;
431
432 res = wait_event_interruptible_timeout(session->report_queue,
433 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags),
434 10*HZ);
435 if (res == 0) {
436 /* timeout */
437 ret = -EIO;
438 goto err;
439 }
440 if (res < 0) {
441 /* signal */
442 ret = -ERESTARTSYS;
443 goto err;
444 }
445 }
446
447 if (!session->output_report_success) {
448 ret = -EIO;
449 goto err;
450 }
451
452 ret = count;
453
454err:
455 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
456 mutex_unlock(&session->report_mutex);
457 return ret;
458}
459
460static void hidp_idle_timeout(unsigned long arg)
461{
462 struct hidp_session *session = (struct hidp_session *) arg;
463
464 atomic_inc(&session->terminate);
465 wake_up_process(session->task);
466}
467
468static void hidp_set_timer(struct hidp_session *session)
469{
470 if (session->idle_to > 0)
471 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
472}
473
474static inline void hidp_del_timer(struct hidp_session *session)
475{
476 if (session->idle_to > 0)
477 del_timer(&session->timer);
478}
479
480static void hidp_process_handshake(struct hidp_session *session,
481 unsigned char param)
482{
483 BT_DBG("session %p param 0x%02x", session, param);
484 session->output_report_success = 0; /* default condition */
485
486 switch (param) {
487 case HIDP_HSHK_SUCCESSFUL:
488 /* FIXME: Call into SET_ GET_ handlers here */
489 session->output_report_success = 1;
490 break;
491
492 case HIDP_HSHK_NOT_READY:
493 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
494 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
495 case HIDP_HSHK_ERR_INVALID_PARAMETER:
496 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags))
497 wake_up_interruptible(&session->report_queue);
498
499 /* FIXME: Call into SET_ GET_ handlers here */
500 break;
501
502 case HIDP_HSHK_ERR_UNKNOWN:
503 break;
504
505 case HIDP_HSHK_ERR_FATAL:
506 /* Device requests a reboot, as this is the only way this error
507 * can be recovered. */
508 __hidp_send_ctrl_message(session,
509 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
510 break;
511
512 default:
513 __hidp_send_ctrl_message(session,
514 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
515 break;
516 }
517
518 /* Wake up the waiting thread. */
519 if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags))
520 wake_up_interruptible(&session->report_queue);
521}
522
523static void hidp_process_hid_control(struct hidp_session *session,
524 unsigned char param)
525{
526 BT_DBG("session %p param 0x%02x", session, param);
527
528 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
529 /* Flush the transmit queues */
530 skb_queue_purge(&session->ctrl_transmit);
531 skb_queue_purge(&session->intr_transmit);
532
533 atomic_inc(&session->terminate);
534 wake_up_process(current);
535 }
536}
537
538/* Returns true if the passed-in skb should be freed by the caller. */
539static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
540 unsigned char param)
541{
542 int done_with_skb = 1;
543 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
544
545 switch (param) {
546 case HIDP_DATA_RTYPE_INPUT:
547 hidp_set_timer(session);
548
549 if (session->input)
550 hidp_input_report(session, skb);
551
552 if (session->hid)
553 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
554 break;
555
556 case HIDP_DATA_RTYPE_OTHER:
557 case HIDP_DATA_RTYPE_OUPUT:
558 case HIDP_DATA_RTYPE_FEATURE:
559 break;
560
561 default:
562 __hidp_send_ctrl_message(session,
563 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
564 }
565
566 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
567 param == session->waiting_report_type) {
568 if (session->waiting_report_number < 0 ||
569 session->waiting_report_number == skb->data[0]) {
570 /* hidp_get_raw_report() is waiting on this report. */
571 session->report_return = skb;
572 done_with_skb = 0;
573 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
574 wake_up_interruptible(&session->report_queue);
575 }
576 }
577
578 return done_with_skb;
579}
580
581static void hidp_recv_ctrl_frame(struct hidp_session *session,
582 struct sk_buff *skb)
583{
584 unsigned char hdr, type, param;
585 int free_skb = 1;
586
587 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
588
589 hdr = skb->data[0];
590 skb_pull(skb, 1);
591
592 type = hdr & HIDP_HEADER_TRANS_MASK;
593 param = hdr & HIDP_HEADER_PARAM_MASK;
594
595 switch (type) {
596 case HIDP_TRANS_HANDSHAKE:
597 hidp_process_handshake(session, param);
598 break;
599
600 case HIDP_TRANS_HID_CONTROL:
601 hidp_process_hid_control(session, param);
602 break;
603
604 case HIDP_TRANS_DATA:
605 free_skb = hidp_process_data(session, skb, param);
606 break;
607
608 default:
609 __hidp_send_ctrl_message(session,
610 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
611 break;
612 }
613
614 if (free_skb)
615 kfree_skb(skb);
616}
617
618static void hidp_recv_intr_frame(struct hidp_session *session,
619 struct sk_buff *skb)
620{
621 unsigned char hdr;
622
623 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
624
625 hdr = skb->data[0];
626 skb_pull(skb, 1);
627
628 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
629 hidp_set_timer(session);
630
631 if (session->input)
632 hidp_input_report(session, skb);
633
634 if (session->hid) {
635 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
636 BT_DBG("report len %d", skb->len);
637 }
638 } else {
639 BT_DBG("Unsupported protocol header 0x%02x", hdr);
640 }
641
642 kfree_skb(skb);
643}
644
645static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
646{
647 struct kvec iv = { data, len };
648 struct msghdr msg;
649
650 BT_DBG("sock %p data %p len %d", sock, data, len);
651
652 if (!len)
653 return 0;
654
655 memset(&msg, 0, sizeof(msg));
656
657 return kernel_sendmsg(sock, &msg, &iv, 1, len);
658}
659
660static void hidp_process_intr_transmit(struct hidp_session *session)
661{
662 struct sk_buff *skb;
663
664 BT_DBG("session %p", session);
665
666 while ((skb = skb_dequeue(&session->intr_transmit))) {
667 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
668 skb_queue_head(&session->intr_transmit, skb);
669 break;
670 }
671
672 hidp_set_timer(session);
673 kfree_skb(skb);
674 }
675}
676
677static void hidp_process_ctrl_transmit(struct hidp_session *session)
678{
679 struct sk_buff *skb;
680
681 BT_DBG("session %p", session);
682
683 while ((skb = skb_dequeue(&session->ctrl_transmit))) {
684 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
685 skb_queue_head(&session->ctrl_transmit, skb);
686 break;
687 }
688
689 hidp_set_timer(session);
690 kfree_skb(skb);
691 }
692}
693
694static int hidp_session(void *arg)
695{
696 struct hidp_session *session = arg;
697 struct sock *ctrl_sk = session->ctrl_sock->sk;
698 struct sock *intr_sk = session->intr_sock->sk;
699 struct sk_buff *skb;
700 wait_queue_t ctrl_wait, intr_wait;
701
702 BT_DBG("session %p", session);
703
704 __module_get(THIS_MODULE);
705 set_user_nice(current, -15);
706
707 init_waitqueue_entry(&ctrl_wait, current);
708 init_waitqueue_entry(&intr_wait, current);
709 add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
710 add_wait_queue(sk_sleep(intr_sk), &intr_wait);
711 session->waiting_for_startup = 0;
712 wake_up_interruptible(&session->startup_queue);
713 set_current_state(TASK_INTERRUPTIBLE);
714 while (!atomic_read(&session->terminate)) {
715 if (ctrl_sk->sk_state != BT_CONNECTED ||
716 intr_sk->sk_state != BT_CONNECTED)
717 break;
718
719 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
720 skb_orphan(skb);
721 if (!skb_linearize(skb))
722 hidp_recv_intr_frame(session, skb);
723 else
724 kfree_skb(skb);
725 }
726
727 hidp_process_intr_transmit(session);
728
729 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
730 skb_orphan(skb);
731 if (!skb_linearize(skb))
732 hidp_recv_ctrl_frame(session, skb);
733 else
734 kfree_skb(skb);
735 }
736
737 hidp_process_ctrl_transmit(session);
738
739 schedule();
740 set_current_state(TASK_INTERRUPTIBLE);
741 }
742 set_current_state(TASK_RUNNING);
743 remove_wait_queue(sk_sleep(intr_sk), &intr_wait);
744 remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
745
746 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
747 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
748 wake_up_interruptible(&session->report_queue);
749
750 down_write(&hidp_session_sem);
751
752 hidp_del_timer(session);
753
754 if (session->input) {
755 input_unregister_device(session->input);
756 session->input = NULL;
757 }
758
759 if (session->hid) {
760 hid_destroy_device(session->hid);
761 session->hid = NULL;
762 }
763
764 /* Wakeup user-space polling for socket errors */
765 session->intr_sock->sk->sk_err = EUNATCH;
766 session->ctrl_sock->sk->sk_err = EUNATCH;
767
768 hidp_schedule(session);
769
770 fput(session->intr_sock->file);
771
772 wait_event_timeout(*(sk_sleep(ctrl_sk)),
773 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
774
775 fput(session->ctrl_sock->file);
776
777 __hidp_unlink_session(session);
778
779 up_write(&hidp_session_sem);
780
781 kfree(session->rd_data);
782 kfree(session);
783 module_put_and_exit(0);
784 return 0;
785}
786
787static struct hci_conn *hidp_get_connection(struct hidp_session *session)
788{
789 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
790 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
791 struct hci_conn *conn;
792 struct hci_dev *hdev;
793
794 hdev = hci_get_route(dst, src);
795 if (!hdev)
796 return NULL;
797
798 hci_dev_lock(hdev);
799 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
800 if (conn)
801 hci_conn_hold_device(conn);
802 hci_dev_unlock(hdev);
803
804 hci_dev_put(hdev);
805
806 return conn;
807}
808
809static int hidp_setup_input(struct hidp_session *session,
810 struct hidp_connadd_req *req)
811{
812 struct input_dev *input;
813 int i;
814
815 input = input_allocate_device();
816 if (!input)
817 return -ENOMEM;
818
819 session->input = input;
820
821 input_set_drvdata(input, session);
822
823 input->name = "Bluetooth HID Boot Protocol Device";
824
825 input->id.bustype = BUS_BLUETOOTH;
826 input->id.vendor = req->vendor;
827 input->id.product = req->product;
828 input->id.version = req->version;
829
830 if (req->subclass & 0x40) {
831 set_bit(EV_KEY, input->evbit);
832 set_bit(EV_LED, input->evbit);
833 set_bit(EV_REP, input->evbit);
834
835 set_bit(LED_NUML, input->ledbit);
836 set_bit(LED_CAPSL, input->ledbit);
837 set_bit(LED_SCROLLL, input->ledbit);
838 set_bit(LED_COMPOSE, input->ledbit);
839 set_bit(LED_KANA, input->ledbit);
840
841 for (i = 0; i < sizeof(hidp_keycode); i++)
842 set_bit(hidp_keycode[i], input->keybit);
843 clear_bit(0, input->keybit);
844 }
845
846 if (req->subclass & 0x80) {
847 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
848 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
849 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
850 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
851 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
852 BIT_MASK(BTN_EXTRA);
853 input->relbit[0] |= BIT_MASK(REL_WHEEL);
854 }
855
856 input->dev.parent = &session->conn->dev;
857
858 input->event = hidp_input_event;
859
860 return 0;
861}
862
863static int hidp_open(struct hid_device *hid)
864{
865 return 0;
866}
867
868static void hidp_close(struct hid_device *hid)
869{
870}
871
872static int hidp_parse(struct hid_device *hid)
873{
874 struct hidp_session *session = hid->driver_data;
875
876 return hid_parse_report(session->hid, session->rd_data,
877 session->rd_size);
878}
879
880static int hidp_start(struct hid_device *hid)
881{
882 struct hidp_session *session = hid->driver_data;
883 struct hid_report *report;
884
885 if (hid->quirks & HID_QUIRK_NO_INIT_REPORTS)
886 return 0;
887
888 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
889 report_list, list)
890 hidp_send_report(session, report);
891
892 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
893 report_list, list)
894 hidp_send_report(session, report);
895
896 return 0;
897}
898
899static void hidp_stop(struct hid_device *hid)
900{
901 struct hidp_session *session = hid->driver_data;
902
903 skb_queue_purge(&session->ctrl_transmit);
904 skb_queue_purge(&session->intr_transmit);
905
906 hid->claimed = 0;
907}
908
909static struct hid_ll_driver hidp_hid_driver = {
910 .parse = hidp_parse,
911 .start = hidp_start,
912 .stop = hidp_stop,
913 .open = hidp_open,
914 .close = hidp_close,
915 .hidinput_input_event = hidp_hidinput_event,
916};
917
918/* This function sets up the hid device. It does not add it
919 to the HID system. That is done in hidp_add_connection(). */
920static int hidp_setup_hid(struct hidp_session *session,
921 struct hidp_connadd_req *req)
922{
923 struct hid_device *hid;
924 int err;
925
926 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
927 if (!session->rd_data)
928 return -ENOMEM;
929
930 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
931 err = -EFAULT;
932 goto fault;
933 }
934 session->rd_size = req->rd_size;
935
936 hid = hid_allocate_device();
937 if (IS_ERR(hid)) {
938 err = PTR_ERR(hid);
939 goto fault;
940 }
941
942 session->hid = hid;
943
944 hid->driver_data = session;
945
946 hid->bus = BUS_BLUETOOTH;
947 hid->vendor = req->vendor;
948 hid->product = req->product;
949 hid->version = req->version;
950 hid->country = req->country;
951
952 strncpy(hid->name, req->name, 128);
953 strncpy(hid->phys, batostr(&bt_sk(session->ctrl_sock->sk)->src), 64);
954 strncpy(hid->uniq, batostr(&bt_sk(session->ctrl_sock->sk)->dst), 64);
955
956 hid->dev.parent = &session->conn->dev;
957 hid->ll_driver = &hidp_hid_driver;
958
959 hid->hid_get_raw_report = hidp_get_raw_report;
960 hid->hid_output_raw_report = hidp_output_raw_report;
961
962 return 0;
963
964fault:
965 kfree(session->rd_data);
966 session->rd_data = NULL;
967
968 return err;
969}
970
971int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
972{
973 struct hidp_session *session, *s;
974 int vendor, product;
975 int err;
976
977 BT_DBG("");
978
979 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
980 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
981 return -ENOTUNIQ;
982
983 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);
984
985 down_write(&hidp_session_sem);
986
987 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
988 if (s && s->state == BT_CONNECTED) {
989 up_write(&hidp_session_sem);
990 return -EEXIST;
991 }
992
993 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
994 if (!session) {
995 up_write(&hidp_session_sem);
996 return -ENOMEM;
997 }
998
999 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
1000
1001 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->chan->omtu,
1002 l2cap_pi(ctrl_sock->sk)->chan->imtu);
1003 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->chan->omtu,
1004 l2cap_pi(intr_sock->sk)->chan->imtu);
1005
1006 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
1007
1008 session->ctrl_sock = ctrl_sock;
1009 session->intr_sock = intr_sock;
1010 session->state = BT_CONNECTED;
1011
1012 session->conn = hidp_get_connection(session);
1013 if (!session->conn) {
1014 err = -ENOTCONN;
1015 goto failed;
1016 }
1017
1018 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session);
1019
1020 skb_queue_head_init(&session->ctrl_transmit);
1021 skb_queue_head_init(&session->intr_transmit);
1022
1023 mutex_init(&session->report_mutex);
1024 init_waitqueue_head(&session->report_queue);
1025 init_waitqueue_head(&session->startup_queue);
1026 session->waiting_for_startup = 1;
1027 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
1028 session->idle_to = req->idle_to;
1029
1030 __hidp_link_session(session);
1031
1032 if (req->rd_size > 0) {
1033 err = hidp_setup_hid(session, req);
1034 if (err)
1035 goto purge;
1036 }
1037
1038 if (!session->hid) {
1039 err = hidp_setup_input(session, req);
1040 if (err < 0)
1041 goto purge;
1042 }
1043
1044 hidp_set_timer(session);
1045
1046 if (session->hid) {
1047 vendor = session->hid->vendor;
1048 product = session->hid->product;
1049 } else if (session->input) {
1050 vendor = session->input->id.vendor;
1051 product = session->input->id.product;
1052 } else {
1053 vendor = 0x0000;
1054 product = 0x0000;
1055 }
1056
1057 session->task = kthread_run(hidp_session, session, "khidpd_%04x%04x",
1058 vendor, product);
1059 if (IS_ERR(session->task)) {
1060 err = PTR_ERR(session->task);
1061 goto unlink;
1062 }
1063
1064 while (session->waiting_for_startup) {
1065 wait_event_interruptible(session->startup_queue,
1066 !session->waiting_for_startup);
1067 }
1068
1069 if (session->hid)
1070 err = hid_add_device(session->hid);
1071 else
1072 err = input_register_device(session->input);
1073
1074 if (err < 0) {
1075 atomic_inc(&session->terminate);
1076 wake_up_process(session->task);
1077 up_write(&hidp_session_sem);
1078 return err;
1079 }
1080
1081 if (session->input) {
1082 hidp_send_ctrl_message(session,
1083 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
1084 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
1085
1086 session->leds = 0xff;
1087 hidp_input_event(session->input, EV_LED, 0, 0);
1088 }
1089
1090 up_write(&hidp_session_sem);
1091 return 0;
1092
1093unlink:
1094 hidp_del_timer(session);
1095
1096 if (session->input) {
1097 input_unregister_device(session->input);
1098 session->input = NULL;
1099 }
1100
1101 if (session->hid) {
1102 hid_destroy_device(session->hid);
1103 session->hid = NULL;
1104 }
1105
1106 kfree(session->rd_data);
1107 session->rd_data = NULL;
1108
1109purge:
1110 __hidp_unlink_session(session);
1111
1112 skb_queue_purge(&session->ctrl_transmit);
1113 skb_queue_purge(&session->intr_transmit);
1114
1115failed:
1116 up_write(&hidp_session_sem);
1117
1118 kfree(session);
1119 return err;
1120}
1121
1122int hidp_del_connection(struct hidp_conndel_req *req)
1123{
1124 struct hidp_session *session;
1125 int err = 0;
1126
1127 BT_DBG("");
1128
1129 down_read(&hidp_session_sem);
1130
1131 session = __hidp_get_session(&req->bdaddr);
1132 if (session) {
1133 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
1134 hidp_send_ctrl_message(session,
1135 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
1136 } else {
1137 /* Flush the transmit queues */
1138 skb_queue_purge(&session->ctrl_transmit);
1139 skb_queue_purge(&session->intr_transmit);
1140
1141 atomic_inc(&session->terminate);
1142 wake_up_process(session->task);
1143 }
1144 } else
1145 err = -ENOENT;
1146
1147 up_read(&hidp_session_sem);
1148 return err;
1149}
1150
1151int hidp_get_connlist(struct hidp_connlist_req *req)
1152{
1153 struct hidp_session *session;
1154 int err = 0, n = 0;
1155
1156 BT_DBG("");
1157
1158 down_read(&hidp_session_sem);
1159
1160 list_for_each_entry(session, &hidp_session_list, list) {
1161 struct hidp_conninfo ci;
1162
1163 __hidp_copy_session(session, &ci);
1164
1165 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1166 err = -EFAULT;
1167 break;
1168 }
1169
1170 if (++n >= req->cnum)
1171 break;
1172
1173 req->ci++;
1174 }
1175 req->cnum = n;
1176
1177 up_read(&hidp_session_sem);
1178 return err;
1179}
1180
1181int hidp_get_conninfo(struct hidp_conninfo *ci)
1182{
1183 struct hidp_session *session;
1184 int err = 0;
1185
1186 down_read(&hidp_session_sem);
1187
1188 session = __hidp_get_session(&ci->bdaddr);
1189 if (session)
1190 __hidp_copy_session(session, ci);
1191 else
1192 err = -ENOENT;
1193
1194 up_read(&hidp_session_sem);
1195 return err;
1196}
1197
1198static int __init hidp_init(void)
1199{
1200 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1201
1202 return hidp_init_sockets();
1203}
1204
1205static void __exit hidp_exit(void)
1206{
1207 hidp_cleanup_sockets();
1208}
1209
1210module_init(hidp_init);
1211module_exit(hidp_exit);
1212
1213MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1214MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1215MODULE_VERSION(VERSION);
1216MODULE_LICENSE("GPL");
1217MODULE_ALIAS("bt-proto-6");
1/*
2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21*/
22
23#include <linux/module.h>
24
25#include <linux/types.h>
26#include <linux/errno.h>
27#include <linux/kernel.h>
28#include <linux/sched.h>
29#include <linux/slab.h>
30#include <linux/poll.h>
31#include <linux/freezer.h>
32#include <linux/fcntl.h>
33#include <linux/skbuff.h>
34#include <linux/socket.h>
35#include <linux/ioctl.h>
36#include <linux/file.h>
37#include <linux/init.h>
38#include <linux/wait.h>
39#include <linux/mutex.h>
40#include <linux/kthread.h>
41#include <net/sock.h>
42
43#include <linux/input.h>
44#include <linux/hid.h>
45#include <linux/hidraw.h>
46
47#include <net/bluetooth/bluetooth.h>
48#include <net/bluetooth/hci_core.h>
49#include <net/bluetooth/l2cap.h>
50
51#include "hidp.h"
52
53#define VERSION "1.2"
54
55static DECLARE_RWSEM(hidp_session_sem);
56static LIST_HEAD(hidp_session_list);
57
58static unsigned char hidp_keycode[256] = {
59 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36,
60 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45,
61 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1,
62 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52,
63 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88,
64 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69,
65 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73,
66 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
67 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
68 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94,
69 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0,
70 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
71 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
72 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
73 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
74 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
75 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115,
76 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
77};
78
79static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
80
81static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
82{
83 struct hidp_session *session;
84 struct list_head *p;
85
86 BT_DBG("");
87
88 list_for_each(p, &hidp_session_list) {
89 session = list_entry(p, struct hidp_session, list);
90 if (!bacmp(bdaddr, &session->bdaddr))
91 return session;
92 }
93 return NULL;
94}
95
96static void __hidp_link_session(struct hidp_session *session)
97{
98 __module_get(THIS_MODULE);
99 list_add(&session->list, &hidp_session_list);
100
101 hci_conn_hold_device(session->conn);
102}
103
104static void __hidp_unlink_session(struct hidp_session *session)
105{
106 hci_conn_put_device(session->conn);
107
108 list_del(&session->list);
109 module_put(THIS_MODULE);
110}
111
112static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
113{
114 memset(ci, 0, sizeof(*ci));
115 bacpy(&ci->bdaddr, &session->bdaddr);
116
117 ci->flags = session->flags;
118 ci->state = session->state;
119
120 ci->vendor = 0x0000;
121 ci->product = 0x0000;
122 ci->version = 0x0000;
123
124 if (session->input) {
125 ci->vendor = session->input->id.vendor;
126 ci->product = session->input->id.product;
127 ci->version = session->input->id.version;
128 if (session->input->name)
129 strncpy(ci->name, session->input->name, 128);
130 else
131 strncpy(ci->name, "HID Boot Device", 128);
132 }
133
134 if (session->hid) {
135 ci->vendor = session->hid->vendor;
136 ci->product = session->hid->product;
137 ci->version = session->hid->version;
138 strncpy(ci->name, session->hid->name, 128);
139 }
140}
141
142static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
143 unsigned int type, unsigned int code, int value)
144{
145 unsigned char newleds;
146 struct sk_buff *skb;
147
148 BT_DBG("session %p type %d code %d value %d", session, type, code, value);
149
150 if (type != EV_LED)
151 return -1;
152
153 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
154 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
155 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
156 (!!test_bit(LED_CAPSL, dev->led) << 1) |
157 (!!test_bit(LED_NUML, dev->led));
158
159 if (session->leds == newleds)
160 return 0;
161
162 session->leds = newleds;
163
164 skb = alloc_skb(3, GFP_ATOMIC);
165 if (!skb) {
166 BT_ERR("Can't allocate memory for new frame");
167 return -ENOMEM;
168 }
169
170 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
171 *skb_put(skb, 1) = 0x01;
172 *skb_put(skb, 1) = newleds;
173
174 skb_queue_tail(&session->intr_transmit, skb);
175
176 hidp_schedule(session);
177
178 return 0;
179}
180
181static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
182{
183 struct hid_device *hid = input_get_drvdata(dev);
184 struct hidp_session *session = hid->driver_data;
185
186 return hidp_queue_event(session, dev, type, code, value);
187}
188
189static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
190{
191 struct hidp_session *session = input_get_drvdata(dev);
192
193 return hidp_queue_event(session, dev, type, code, value);
194}
195
196static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
197{
198 struct input_dev *dev = session->input;
199 unsigned char *keys = session->keys;
200 unsigned char *udata = skb->data + 1;
201 signed char *sdata = skb->data + 1;
202 int i, size = skb->len - 1;
203
204 switch (skb->data[0]) {
205 case 0x01: /* Keyboard report */
206 for (i = 0; i < 8; i++)
207 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
208
209 /* If all the key codes have been set to 0x01, it means
210 * too many keys were pressed at the same time. */
211 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
212 break;
213
214 for (i = 2; i < 8; i++) {
215 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
216 if (hidp_keycode[keys[i]])
217 input_report_key(dev, hidp_keycode[keys[i]], 0);
218 else
219 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
220 }
221
222 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
223 if (hidp_keycode[udata[i]])
224 input_report_key(dev, hidp_keycode[udata[i]], 1);
225 else
226 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
227 }
228 }
229
230 memcpy(keys, udata, 8);
231 break;
232
233 case 0x02: /* Mouse report */
234 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
235 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
236 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
237 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
238 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
239
240 input_report_rel(dev, REL_X, sdata[1]);
241 input_report_rel(dev, REL_Y, sdata[2]);
242
243 if (size > 3)
244 input_report_rel(dev, REL_WHEEL, sdata[3]);
245 break;
246 }
247
248 input_sync(dev);
249}
250
251static int __hidp_send_ctrl_message(struct hidp_session *session,
252 unsigned char hdr, unsigned char *data, int size)
253{
254 struct sk_buff *skb;
255
256 BT_DBG("session %p data %p size %d", session, data, size);
257
258 skb = alloc_skb(size + 1, GFP_ATOMIC);
259 if (!skb) {
260 BT_ERR("Can't allocate memory for new frame");
261 return -ENOMEM;
262 }
263
264 *skb_put(skb, 1) = hdr;
265 if (data && size > 0)
266 memcpy(skb_put(skb, size), data, size);
267
268 skb_queue_tail(&session->ctrl_transmit, skb);
269
270 return 0;
271}
272
273static inline int hidp_send_ctrl_message(struct hidp_session *session,
274 unsigned char hdr, unsigned char *data, int size)
275{
276 int err;
277
278 err = __hidp_send_ctrl_message(session, hdr, data, size);
279
280 hidp_schedule(session);
281
282 return err;
283}
284
285static int hidp_queue_report(struct hidp_session *session,
286 unsigned char *data, int size)
287{
288 struct sk_buff *skb;
289
290 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
291
292 skb = alloc_skb(size + 1, GFP_ATOMIC);
293 if (!skb) {
294 BT_ERR("Can't allocate memory for new frame");
295 return -ENOMEM;
296 }
297
298 *skb_put(skb, 1) = 0xa2;
299 if (size > 0)
300 memcpy(skb_put(skb, size), data, size);
301
302 skb_queue_tail(&session->intr_transmit, skb);
303
304 hidp_schedule(session);
305
306 return 0;
307}
308
309static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
310{
311 unsigned char buf[32];
312 int rsize;
313
314 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
315 if (rsize > sizeof(buf))
316 return -EIO;
317
318 hid_output_report(report, buf);
319
320 return hidp_queue_report(session, buf, rsize);
321}
322
323static int hidp_get_raw_report(struct hid_device *hid,
324 unsigned char report_number,
325 unsigned char *data, size_t count,
326 unsigned char report_type)
327{
328 struct hidp_session *session = hid->driver_data;
329 struct sk_buff *skb;
330 size_t len;
331 int numbered_reports = hid->report_enum[report_type].numbered;
332
333 switch (report_type) {
334 case HID_FEATURE_REPORT:
335 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
336 break;
337 case HID_INPUT_REPORT:
338 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
339 break;
340 case HID_OUTPUT_REPORT:
341 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
342 break;
343 default:
344 return -EINVAL;
345 }
346
347 if (mutex_lock_interruptible(&session->report_mutex))
348 return -ERESTARTSYS;
349
350 /* Set up our wait, and send the report request to the device. */
351 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
352 session->waiting_report_number = numbered_reports ? report_number : -1;
353 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
354 data[0] = report_number;
355 if (hidp_send_ctrl_message(hid->driver_data, report_type, data, 1))
356 goto err_eio;
357
358 /* Wait for the return of the report. The returned report
359 gets put in session->report_return. */
360 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) {
361 int res;
362
363 res = wait_event_interruptible_timeout(session->report_queue,
364 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags),
365 5*HZ);
366 if (res == 0) {
367 /* timeout */
368 goto err_eio;
369 }
370 if (res < 0) {
371 /* signal */
372 goto err_restartsys;
373 }
374 }
375
376 skb = session->report_return;
377 if (skb) {
378 len = skb->len < count ? skb->len : count;
379 memcpy(data, skb->data, len);
380
381 kfree_skb(skb);
382 session->report_return = NULL;
383 } else {
384 /* Device returned a HANDSHAKE, indicating protocol error. */
385 len = -EIO;
386 }
387
388 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
389 mutex_unlock(&session->report_mutex);
390
391 return len;
392
393err_restartsys:
394 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
395 mutex_unlock(&session->report_mutex);
396 return -ERESTARTSYS;
397err_eio:
398 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
399 mutex_unlock(&session->report_mutex);
400 return -EIO;
401}
402
403static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
404 unsigned char report_type)
405{
406 struct hidp_session *session = hid->driver_data;
407 int ret;
408
409 switch (report_type) {
410 case HID_FEATURE_REPORT:
411 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
412 break;
413 case HID_OUTPUT_REPORT:
414 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT;
415 break;
416 default:
417 return -EINVAL;
418 }
419
420 if (mutex_lock_interruptible(&session->report_mutex))
421 return -ERESTARTSYS;
422
423 /* Set up our wait, and send the report request to the device. */
424 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
425 if (hidp_send_ctrl_message(hid->driver_data, report_type,
426 data, count)) {
427 ret = -ENOMEM;
428 goto err;
429 }
430
431 /* Wait for the ACK from the device. */
432 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) {
433 int res;
434
435 res = wait_event_interruptible_timeout(session->report_queue,
436 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags),
437 10*HZ);
438 if (res == 0) {
439 /* timeout */
440 ret = -EIO;
441 goto err;
442 }
443 if (res < 0) {
444 /* signal */
445 ret = -ERESTARTSYS;
446 goto err;
447 }
448 }
449
450 if (!session->output_report_success) {
451 ret = -EIO;
452 goto err;
453 }
454
455 ret = count;
456
457err:
458 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
459 mutex_unlock(&session->report_mutex);
460 return ret;
461}
462
463static void hidp_idle_timeout(unsigned long arg)
464{
465 struct hidp_session *session = (struct hidp_session *) arg;
466
467 atomic_inc(&session->terminate);
468 wake_up_process(session->task);
469}
470
471static void hidp_set_timer(struct hidp_session *session)
472{
473 if (session->idle_to > 0)
474 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
475}
476
477static inline void hidp_del_timer(struct hidp_session *session)
478{
479 if (session->idle_to > 0)
480 del_timer(&session->timer);
481}
482
483static void hidp_process_handshake(struct hidp_session *session,
484 unsigned char param)
485{
486 BT_DBG("session %p param 0x%02x", session, param);
487 session->output_report_success = 0; /* default condition */
488
489 switch (param) {
490 case HIDP_HSHK_SUCCESSFUL:
491 /* FIXME: Call into SET_ GET_ handlers here */
492 session->output_report_success = 1;
493 break;
494
495 case HIDP_HSHK_NOT_READY:
496 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
497 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
498 case HIDP_HSHK_ERR_INVALID_PARAMETER:
499 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) {
500 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
501 wake_up_interruptible(&session->report_queue);
502 }
503 /* FIXME: Call into SET_ GET_ handlers here */
504 break;
505
506 case HIDP_HSHK_ERR_UNKNOWN:
507 break;
508
509 case HIDP_HSHK_ERR_FATAL:
510 /* Device requests a reboot, as this is the only way this error
511 * can be recovered. */
512 __hidp_send_ctrl_message(session,
513 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
514 break;
515
516 default:
517 __hidp_send_ctrl_message(session,
518 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
519 break;
520 }
521
522 /* Wake up the waiting thread. */
523 if (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) {
524 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
525 wake_up_interruptible(&session->report_queue);
526 }
527}
528
529static void hidp_process_hid_control(struct hidp_session *session,
530 unsigned char param)
531{
532 BT_DBG("session %p param 0x%02x", session, param);
533
534 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
535 /* Flush the transmit queues */
536 skb_queue_purge(&session->ctrl_transmit);
537 skb_queue_purge(&session->intr_transmit);
538
539 atomic_inc(&session->terminate);
540 wake_up_process(current);
541 }
542}
543
544/* Returns true if the passed-in skb should be freed by the caller. */
545static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
546 unsigned char param)
547{
548 int done_with_skb = 1;
549 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
550
551 switch (param) {
552 case HIDP_DATA_RTYPE_INPUT:
553 hidp_set_timer(session);
554
555 if (session->input)
556 hidp_input_report(session, skb);
557
558 if (session->hid)
559 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
560 break;
561
562 case HIDP_DATA_RTYPE_OTHER:
563 case HIDP_DATA_RTYPE_OUPUT:
564 case HIDP_DATA_RTYPE_FEATURE:
565 break;
566
567 default:
568 __hidp_send_ctrl_message(session,
569 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
570 }
571
572 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
573 param == session->waiting_report_type) {
574 if (session->waiting_report_number < 0 ||
575 session->waiting_report_number == skb->data[0]) {
576 /* hidp_get_raw_report() is waiting on this report. */
577 session->report_return = skb;
578 done_with_skb = 0;
579 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
580 wake_up_interruptible(&session->report_queue);
581 }
582 }
583
584 return done_with_skb;
585}
586
587static void hidp_recv_ctrl_frame(struct hidp_session *session,
588 struct sk_buff *skb)
589{
590 unsigned char hdr, type, param;
591 int free_skb = 1;
592
593 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
594
595 hdr = skb->data[0];
596 skb_pull(skb, 1);
597
598 type = hdr & HIDP_HEADER_TRANS_MASK;
599 param = hdr & HIDP_HEADER_PARAM_MASK;
600
601 switch (type) {
602 case HIDP_TRANS_HANDSHAKE:
603 hidp_process_handshake(session, param);
604 break;
605
606 case HIDP_TRANS_HID_CONTROL:
607 hidp_process_hid_control(session, param);
608 break;
609
610 case HIDP_TRANS_DATA:
611 free_skb = hidp_process_data(session, skb, param);
612 break;
613
614 default:
615 __hidp_send_ctrl_message(session,
616 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
617 break;
618 }
619
620 if (free_skb)
621 kfree_skb(skb);
622}
623
624static void hidp_recv_intr_frame(struct hidp_session *session,
625 struct sk_buff *skb)
626{
627 unsigned char hdr;
628
629 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
630
631 hdr = skb->data[0];
632 skb_pull(skb, 1);
633
634 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
635 hidp_set_timer(session);
636
637 if (session->input)
638 hidp_input_report(session, skb);
639
640 if (session->hid) {
641 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
642 BT_DBG("report len %d", skb->len);
643 }
644 } else {
645 BT_DBG("Unsupported protocol header 0x%02x", hdr);
646 }
647
648 kfree_skb(skb);
649}
650
651static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
652{
653 struct kvec iv = { data, len };
654 struct msghdr msg;
655
656 BT_DBG("sock %p data %p len %d", sock, data, len);
657
658 if (!len)
659 return 0;
660
661 memset(&msg, 0, sizeof(msg));
662
663 return kernel_sendmsg(sock, &msg, &iv, 1, len);
664}
665
666static void hidp_process_transmit(struct hidp_session *session)
667{
668 struct sk_buff *skb;
669
670 BT_DBG("session %p", session);
671
672 while ((skb = skb_dequeue(&session->ctrl_transmit))) {
673 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
674 skb_queue_head(&session->ctrl_transmit, skb);
675 break;
676 }
677
678 hidp_set_timer(session);
679 kfree_skb(skb);
680 }
681
682 while ((skb = skb_dequeue(&session->intr_transmit))) {
683 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
684 skb_queue_head(&session->intr_transmit, skb);
685 break;
686 }
687
688 hidp_set_timer(session);
689 kfree_skb(skb);
690 }
691}
692
693static int hidp_session(void *arg)
694{
695 struct hidp_session *session = arg;
696 struct sock *ctrl_sk = session->ctrl_sock->sk;
697 struct sock *intr_sk = session->intr_sock->sk;
698 struct sk_buff *skb;
699 wait_queue_t ctrl_wait, intr_wait;
700
701 BT_DBG("session %p", session);
702
703 set_user_nice(current, -15);
704
705 init_waitqueue_entry(&ctrl_wait, current);
706 init_waitqueue_entry(&intr_wait, current);
707 add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
708 add_wait_queue(sk_sleep(intr_sk), &intr_wait);
709 session->waiting_for_startup = 0;
710 wake_up_interruptible(&session->startup_queue);
711 set_current_state(TASK_INTERRUPTIBLE);
712 while (!atomic_read(&session->terminate)) {
713 if (ctrl_sk->sk_state != BT_CONNECTED ||
714 intr_sk->sk_state != BT_CONNECTED)
715 break;
716
717 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
718 skb_orphan(skb);
719 hidp_recv_ctrl_frame(session, skb);
720 }
721
722 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
723 skb_orphan(skb);
724 hidp_recv_intr_frame(session, skb);
725 }
726
727 hidp_process_transmit(session);
728
729 schedule();
730 set_current_state(TASK_INTERRUPTIBLE);
731 }
732 set_current_state(TASK_RUNNING);
733 remove_wait_queue(sk_sleep(intr_sk), &intr_wait);
734 remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
735
736 down_write(&hidp_session_sem);
737
738 hidp_del_timer(session);
739
740 if (session->input) {
741 input_unregister_device(session->input);
742 session->input = NULL;
743 }
744
745 if (session->hid) {
746 hid_destroy_device(session->hid);
747 session->hid = NULL;
748 }
749
750 /* Wakeup user-space polling for socket errors */
751 session->intr_sock->sk->sk_err = EUNATCH;
752 session->ctrl_sock->sk->sk_err = EUNATCH;
753
754 hidp_schedule(session);
755
756 fput(session->intr_sock->file);
757
758 wait_event_timeout(*(sk_sleep(ctrl_sk)),
759 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
760
761 fput(session->ctrl_sock->file);
762
763 __hidp_unlink_session(session);
764
765 up_write(&hidp_session_sem);
766
767 kfree(session->rd_data);
768 kfree(session);
769 return 0;
770}
771
772static struct device *hidp_get_device(struct hidp_session *session)
773{
774 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
775 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
776 struct device *device = NULL;
777 struct hci_dev *hdev;
778
779 hdev = hci_get_route(dst, src);
780 if (!hdev)
781 return NULL;
782
783 session->conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
784 if (session->conn)
785 device = &session->conn->dev;
786
787 hci_dev_put(hdev);
788
789 return device;
790}
791
792static int hidp_setup_input(struct hidp_session *session,
793 struct hidp_connadd_req *req)
794{
795 struct input_dev *input;
796 int err, i;
797
798 input = input_allocate_device();
799 if (!input)
800 return -ENOMEM;
801
802 session->input = input;
803
804 input_set_drvdata(input, session);
805
806 input->name = "Bluetooth HID Boot Protocol Device";
807
808 input->id.bustype = BUS_BLUETOOTH;
809 input->id.vendor = req->vendor;
810 input->id.product = req->product;
811 input->id.version = req->version;
812
813 if (req->subclass & 0x40) {
814 set_bit(EV_KEY, input->evbit);
815 set_bit(EV_LED, input->evbit);
816 set_bit(EV_REP, input->evbit);
817
818 set_bit(LED_NUML, input->ledbit);
819 set_bit(LED_CAPSL, input->ledbit);
820 set_bit(LED_SCROLLL, input->ledbit);
821 set_bit(LED_COMPOSE, input->ledbit);
822 set_bit(LED_KANA, input->ledbit);
823
824 for (i = 0; i < sizeof(hidp_keycode); i++)
825 set_bit(hidp_keycode[i], input->keybit);
826 clear_bit(0, input->keybit);
827 }
828
829 if (req->subclass & 0x80) {
830 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
831 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
832 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
833 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
834 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
835 BIT_MASK(BTN_EXTRA);
836 input->relbit[0] |= BIT_MASK(REL_WHEEL);
837 }
838
839 input->dev.parent = hidp_get_device(session);
840
841 input->event = hidp_input_event;
842
843 err = input_register_device(input);
844 if (err < 0) {
845 input_free_device(input);
846 session->input = NULL;
847 return err;
848 }
849
850 return 0;
851}
852
853static int hidp_open(struct hid_device *hid)
854{
855 return 0;
856}
857
858static void hidp_close(struct hid_device *hid)
859{
860}
861
862static int hidp_parse(struct hid_device *hid)
863{
864 struct hidp_session *session = hid->driver_data;
865
866 return hid_parse_report(session->hid, session->rd_data,
867 session->rd_size);
868}
869
870static int hidp_start(struct hid_device *hid)
871{
872 struct hidp_session *session = hid->driver_data;
873 struct hid_report *report;
874
875 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
876 report_list, list)
877 hidp_send_report(session, report);
878
879 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
880 report_list, list)
881 hidp_send_report(session, report);
882
883 return 0;
884}
885
886static void hidp_stop(struct hid_device *hid)
887{
888 struct hidp_session *session = hid->driver_data;
889
890 skb_queue_purge(&session->ctrl_transmit);
891 skb_queue_purge(&session->intr_transmit);
892
893 hid->claimed = 0;
894}
895
896static struct hid_ll_driver hidp_hid_driver = {
897 .parse = hidp_parse,
898 .start = hidp_start,
899 .stop = hidp_stop,
900 .open = hidp_open,
901 .close = hidp_close,
902 .hidinput_input_event = hidp_hidinput_event,
903};
904
905/* This function sets up the hid device. It does not add it
906 to the HID system. That is done in hidp_add_connection(). */
907static int hidp_setup_hid(struct hidp_session *session,
908 struct hidp_connadd_req *req)
909{
910 struct hid_device *hid;
911 int err;
912
913 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
914 if (!session->rd_data)
915 return -ENOMEM;
916
917 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
918 err = -EFAULT;
919 goto fault;
920 }
921 session->rd_size = req->rd_size;
922
923 hid = hid_allocate_device();
924 if (IS_ERR(hid)) {
925 err = PTR_ERR(hid);
926 goto fault;
927 }
928
929 session->hid = hid;
930
931 hid->driver_data = session;
932
933 hid->bus = BUS_BLUETOOTH;
934 hid->vendor = req->vendor;
935 hid->product = req->product;
936 hid->version = req->version;
937 hid->country = req->country;
938
939 strncpy(hid->name, req->name, 128);
940 strncpy(hid->phys, batostr(&bt_sk(session->ctrl_sock->sk)->src), 64);
941 strncpy(hid->uniq, batostr(&bt_sk(session->ctrl_sock->sk)->dst), 64);
942
943 hid->dev.parent = hidp_get_device(session);
944 hid->ll_driver = &hidp_hid_driver;
945
946 hid->hid_get_raw_report = hidp_get_raw_report;
947 hid->hid_output_raw_report = hidp_output_raw_report;
948
949 return 0;
950
951fault:
952 kfree(session->rd_data);
953 session->rd_data = NULL;
954
955 return err;
956}
957
958int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
959{
960 struct hidp_session *session, *s;
961 int vendor, product;
962 int err;
963
964 BT_DBG("");
965
966 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
967 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
968 return -ENOTUNIQ;
969
970 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
971 if (!session)
972 return -ENOMEM;
973
974 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);
975
976 down_write(&hidp_session_sem);
977
978 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
979 if (s && s->state == BT_CONNECTED) {
980 err = -EEXIST;
981 goto failed;
982 }
983
984 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
985
986 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->chan->omtu,
987 l2cap_pi(ctrl_sock->sk)->chan->imtu);
988 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->chan->omtu,
989 l2cap_pi(intr_sock->sk)->chan->imtu);
990
991 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
992
993 session->ctrl_sock = ctrl_sock;
994 session->intr_sock = intr_sock;
995 session->state = BT_CONNECTED;
996
997 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session);
998
999 skb_queue_head_init(&session->ctrl_transmit);
1000 skb_queue_head_init(&session->intr_transmit);
1001
1002 mutex_init(&session->report_mutex);
1003 init_waitqueue_head(&session->report_queue);
1004 init_waitqueue_head(&session->startup_queue);
1005 session->waiting_for_startup = 1;
1006 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
1007 session->idle_to = req->idle_to;
1008
1009 if (req->rd_size > 0) {
1010 err = hidp_setup_hid(session, req);
1011 if (err && err != -ENODEV)
1012 goto purge;
1013 }
1014
1015 if (!session->hid) {
1016 err = hidp_setup_input(session, req);
1017 if (err < 0)
1018 goto purge;
1019 }
1020
1021 __hidp_link_session(session);
1022
1023 hidp_set_timer(session);
1024
1025 if (session->hid) {
1026 vendor = session->hid->vendor;
1027 product = session->hid->product;
1028 } else if (session->input) {
1029 vendor = session->input->id.vendor;
1030 product = session->input->id.product;
1031 } else {
1032 vendor = 0x0000;
1033 product = 0x0000;
1034 }
1035
1036 session->task = kthread_run(hidp_session, session, "khidpd_%04x%04x",
1037 vendor, product);
1038 if (IS_ERR(session->task)) {
1039 err = PTR_ERR(session->task);
1040 goto unlink;
1041 }
1042
1043 while (session->waiting_for_startup) {
1044 wait_event_interruptible(session->startup_queue,
1045 !session->waiting_for_startup);
1046 }
1047
1048 err = hid_add_device(session->hid);
1049 if (err < 0) {
1050 atomic_inc(&session->terminate);
1051 wake_up_process(session->task);
1052 up_write(&hidp_session_sem);
1053 return err;
1054 }
1055
1056 if (session->input) {
1057 hidp_send_ctrl_message(session,
1058 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
1059 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
1060
1061 session->leds = 0xff;
1062 hidp_input_event(session->input, EV_LED, 0, 0);
1063 }
1064
1065 up_write(&hidp_session_sem);
1066 return 0;
1067
1068unlink:
1069 hidp_del_timer(session);
1070
1071 __hidp_unlink_session(session);
1072
1073 if (session->input) {
1074 input_unregister_device(session->input);
1075 session->input = NULL;
1076 }
1077
1078 if (session->hid) {
1079 hid_destroy_device(session->hid);
1080 session->hid = NULL;
1081 }
1082
1083 kfree(session->rd_data);
1084 session->rd_data = NULL;
1085
1086purge:
1087 skb_queue_purge(&session->ctrl_transmit);
1088 skb_queue_purge(&session->intr_transmit);
1089
1090failed:
1091 up_write(&hidp_session_sem);
1092
1093 kfree(session);
1094 return err;
1095}
1096
1097int hidp_del_connection(struct hidp_conndel_req *req)
1098{
1099 struct hidp_session *session;
1100 int err = 0;
1101
1102 BT_DBG("");
1103
1104 down_read(&hidp_session_sem);
1105
1106 session = __hidp_get_session(&req->bdaddr);
1107 if (session) {
1108 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
1109 hidp_send_ctrl_message(session,
1110 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
1111 } else {
1112 /* Flush the transmit queues */
1113 skb_queue_purge(&session->ctrl_transmit);
1114 skb_queue_purge(&session->intr_transmit);
1115
1116 atomic_inc(&session->terminate);
1117 wake_up_process(session->task);
1118 }
1119 } else
1120 err = -ENOENT;
1121
1122 up_read(&hidp_session_sem);
1123 return err;
1124}
1125
1126int hidp_get_connlist(struct hidp_connlist_req *req)
1127{
1128 struct list_head *p;
1129 int err = 0, n = 0;
1130
1131 BT_DBG("");
1132
1133 down_read(&hidp_session_sem);
1134
1135 list_for_each(p, &hidp_session_list) {
1136 struct hidp_session *session;
1137 struct hidp_conninfo ci;
1138
1139 session = list_entry(p, struct hidp_session, list);
1140
1141 __hidp_copy_session(session, &ci);
1142
1143 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1144 err = -EFAULT;
1145 break;
1146 }
1147
1148 if (++n >= req->cnum)
1149 break;
1150
1151 req->ci++;
1152 }
1153 req->cnum = n;
1154
1155 up_read(&hidp_session_sem);
1156 return err;
1157}
1158
1159int hidp_get_conninfo(struct hidp_conninfo *ci)
1160{
1161 struct hidp_session *session;
1162 int err = 0;
1163
1164 down_read(&hidp_session_sem);
1165
1166 session = __hidp_get_session(&ci->bdaddr);
1167 if (session)
1168 __hidp_copy_session(session, ci);
1169 else
1170 err = -ENOENT;
1171
1172 up_read(&hidp_session_sem);
1173 return err;
1174}
1175
1176static const struct hid_device_id hidp_table[] = {
1177 { HID_BLUETOOTH_DEVICE(HID_ANY_ID, HID_ANY_ID) },
1178 { }
1179};
1180
1181static struct hid_driver hidp_driver = {
1182 .name = "generic-bluetooth",
1183 .id_table = hidp_table,
1184};
1185
1186static int __init hidp_init(void)
1187{
1188 int ret;
1189
1190 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1191
1192 ret = hid_register_driver(&hidp_driver);
1193 if (ret)
1194 goto err;
1195
1196 ret = hidp_init_sockets();
1197 if (ret)
1198 goto err_drv;
1199
1200 return 0;
1201err_drv:
1202 hid_unregister_driver(&hidp_driver);
1203err:
1204 return ret;
1205}
1206
1207static void __exit hidp_exit(void)
1208{
1209 hidp_cleanup_sockets();
1210 hid_unregister_driver(&hidp_driver);
1211}
1212
1213module_init(hidp_init);
1214module_exit(hidp_exit);
1215
1216MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1217MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1218MODULE_VERSION(VERSION);
1219MODULE_LICENSE("GPL");
1220MODULE_ALIAS("bt-proto-6");