net/bluetooth/hidp/core.c

   1 /*
   2    HIDP implementation for Linux Bluetooth stack (BlueZ).
   3    Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
   4
   5    This program is free software; you can redistribute it and/or modify
   6    it under the terms of the GNU General Public License version 2 as
   7    published by the Free Software Foundation;
   8
   9    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
  10    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  11    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
  12    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
  13    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
  14    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  15    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  16    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  17
  18    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
  19    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
  20    SOFTWARE IS DISCLAIMED.
  21 */
  22
  23 #include <linux/module.h>
  24
  25 #include <linux/types.h>
  26 #include <linux/errno.h>
  27 #include <linux/kernel.h>
  28 #include <linux/sched.h>
  29 #include <linux/slab.h>
  30 #include <linux/poll.h>
  31 #include <linux/freezer.h>
  32 #include <linux/fcntl.h>
  33 #include <linux/skbuff.h>
  34 #include <linux/socket.h>
  35 #include <linux/ioctl.h>
  36 #include <linux/file.h>
  37 #include <linux/init.h>
  38 #include <linux/wait.h>
  39 #include <net/sock.h>
  40
  41 #include <linux/input.h>
  42 #include <linux/hid.h>
  43 #include <linux/hidraw.h>
  44
  45 #include <net/bluetooth/bluetooth.h>
  46 #include <net/bluetooth/hci_core.h>
  47 #include <net/bluetooth/l2cap.h>
  48
  49 #include "hidp.h"
  50
  51 #define VERSION "1.2"
  52
  53 static DECLARE_RWSEM(hidp_session_sem);
  54 static LIST_HEAD(hidp_session_list);
  55
  56 static unsigned char hidp_keycode[256] = {
  57           0,  0,  0,  0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 37, 38,
  58          50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 21, 44,  2,  3,
  59           4,  5,  6,  7,  8,  9, 10, 11, 28,  1, 14, 15, 57, 12, 13, 26,
  60          27, 43, 43, 39, 40, 41, 51, 52, 53, 58, 59, 60, 61, 62, 63, 64,
  61          65, 66, 67, 68, 87, 88, 99, 70,119,110,102,104,111,107,109,106,
  62         105,108,103, 69, 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71,
  63          72, 73, 82, 83, 86,127,116,117,183,184,185,186,187,188,189,190,
  64         191,192,193,194,134,138,130,132,128,129,131,137,133,135,136,113,
  65         115,114,  0,  0,  0,121,  0, 89, 93,124, 92, 94, 95,  0,  0,  0,
  66         122,123, 90, 91, 85,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
  67           0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
  68           0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
  69           0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
  70           0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
  71          29, 42, 56,125, 97, 54,100,126,164,166,165,163,161,115,114,113,
  72         150,158,159,128,136,177,178,176,142,152,173,140
  73 };
  74
  75 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
  76
  77 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
  78 {
  79         struct hidp_session *session;
  80         struct list_head *p;
  81
  82         BT_DBG("");
  83
  84         list_for_each(p, &hidp_session_list) {
  85                 session = list_entry(p, struct hidp_session, list);
  86                 if (!bacmp(bdaddr, &session->bdaddr))
  87                         return session;
  88         }
  89         return NULL;
  90 }
  91
  92 static void __hidp_link_session(struct hidp_session *session)
  93 {
  94         __module_get(THIS_MODULE);
  95         list_add(&session->list, &hidp_session_list);
  96
  97         hci_conn_hold_device(session->conn);
  98 }
  99
 100 static void __hidp_unlink_session(struct hidp_session *session)
 101 {
 102         hci_conn_put_device(session->conn);
 103
 104         list_del(&session->list);
 105         module_put(THIS_MODULE);
 106 }
 107
 108 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
 109 {
 110         bacpy(&ci->bdaddr, &session->bdaddr);
 111
 112         ci->flags = session->flags;
 113         ci->state = session->state;
 114
 115         ci->vendor  = 0x0000;
 116         ci->product = 0x0000;
 117         ci->version = 0x0000;
 118         memset(ci->name, 0, 128);
 119
 120         if (session->input) {
 121                 ci->vendor  = session->input->id.vendor;
 122                 ci->product = session->input->id.product;
 123                 ci->version = session->input->id.version;
 124                 if (session->input->name)
 125                         strncpy(ci->name, session->input->name, 128);
 126                 else
 127                         strncpy(ci->name, "HID Boot Device", 128);
 128         }
 129
 130         if (session->hid) {
 131                 ci->vendor  = session->hid->vendor;
 132                 ci->product = session->hid->product;
 133                 ci->version = session->hid->version;
 134                 strncpy(ci->name, session->hid->name, 128);
 135         }
 136 }
 137
 138 static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
 139                                 unsigned int type, unsigned int code, int value)
 140 {
 141         unsigned char newleds;
 142         struct sk_buff *skb;
 143
 144         BT_DBG("session %p type %d code %d value %d", session, type, code, value);
 145
 146         if (type != EV_LED)
 147                 return -1;
 148
 149         newleds = (!!test_bit(LED_KANA,    dev->led) << 3) |
 150                   (!!test_bit(LED_COMPOSE, dev->led) << 3) |
 151                   (!!test_bit(LED_SCROLLL, dev->led) << 2) |
 152                   (!!test_bit(LED_CAPSL,   dev->led) << 1) |
 153                   (!!test_bit(LED_NUML,    dev->led));
 154
 155         if (session->leds == newleds)
 156                 return 0;
 157
 158         session->leds = newleds;
 159
 160         if (!(skb = alloc_skb(3, GFP_ATOMIC))) {
 161                 BT_ERR("Can't allocate memory for new frame");
 162                 return -ENOMEM;
 163         }
 164
 165         *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
 166         *skb_put(skb, 1) = 0x01;
 167         *skb_put(skb, 1) = newleds;
 168
 169         skb_queue_tail(&session->intr_transmit, skb);
 170
 171         hidp_schedule(session);
 172
 173         return 0;
 174 }
 175
 176 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
 177 {
 178         struct hid_device *hid = input_get_drvdata(dev);
 179         struct hidp_session *session = hid->driver_data;
 180
 181         return hidp_queue_event(session, dev, type, code, value);
 182 }
 183
 184 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
 185 {
 186         struct hidp_session *session = input_get_drvdata(dev);
 187
 188         return hidp_queue_event(session, dev, type, code, value);
 189 }
 190
 191 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
 192 {
 193         struct input_dev *dev = session->input;
 194         unsigned char *keys = session->keys;
 195         unsigned char *udata = skb->data + 1;
 196         signed char *sdata = skb->data + 1;
 197         int i, size = skb->len - 1;
 198
 199         switch (skb->data[0]) {
 200         case 0x01:      /* Keyboard report */
 201                 for (i = 0; i < 8; i++)
 202                         input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
 203
 204                 /* If all the key codes have been set to 0x01, it means
 205                  * too many keys were pressed at the same time. */
 206                 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
 207                         break;
 208
 209                 for (i = 2; i < 8; i++) {
 210                         if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
 211                                 if (hidp_keycode[keys[i]])
 212                                         input_report_key(dev, hidp_keycode[keys[i]], 0);
 213                                 else
 214                                         BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
 215                         }
 216
 217                         if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
 218                                 if (hidp_keycode[udata[i]])
 219                                         input_report_key(dev, hidp_keycode[udata[i]], 1);
 220                                 else
 221                                         BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
 222                         }
 223                 }
 224
 225                 memcpy(keys, udata, 8);
 226                 break;
 227
 228         case 0x02:      /* Mouse report */
 229                 input_report_key(dev, BTN_LEFT,   sdata[0] & 0x01);
 230                 input_report_key(dev, BTN_RIGHT,  sdata[0] & 0x02);
 231                 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
 232                 input_report_key(dev, BTN_SIDE,   sdata[0] & 0x08);
 233                 input_report_key(dev, BTN_EXTRA,  sdata[0] & 0x10);
 234
 235                 input_report_rel(dev, REL_X, sdata[1]);
 236                 input_report_rel(dev, REL_Y, sdata[2]);
 237
 238                 if (size > 3)
 239                         input_report_rel(dev, REL_WHEEL, sdata[3]);
 240                 break;
 241         }
 242
 243         input_sync(dev);
 244 }
 245
 246 static int hidp_queue_report(struct hidp_session *session,
 247                                 unsigned char *data, int size)
 248 {
 249         struct sk_buff *skb;
 250
 251         BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
 252
 253         if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
 254                 BT_ERR("Can't allocate memory for new frame");
 255                 return -ENOMEM;
 256         }
 257
 258         *skb_put(skb, 1) = 0xa2;
 259         if (size > 0)
 260                 memcpy(skb_put(skb, size), data, size);
 261
 262         skb_queue_tail(&session->intr_transmit, skb);
 263
 264         hidp_schedule(session);
 265
 266         return 0;
 267 }
 268
 269 static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
 270 {
 271         unsigned char buf[32];
 272         int rsize;
 273
 274         rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
 275         if (rsize > sizeof(buf))
 276                 return -EIO;
 277
 278         hid_output_report(report, buf);
 279
 280         return hidp_queue_report(session, buf, rsize);
 281 }
 282
 283 static void hidp_idle_timeout(unsigned long arg)
 284 {
 285         struct hidp_session *session = (struct hidp_session *) arg;
 286
 287         atomic_inc(&session->terminate);
 288         hidp_schedule(session);
 289 }
 290
 291 static void hidp_set_timer(struct hidp_session *session)
 292 {
 293         if (session->idle_to > 0)
 294                 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
 295 }
 296
 297 static inline void hidp_del_timer(struct hidp_session *session)
 298 {
 299         if (session->idle_to > 0)
 300                 del_timer(&session->timer);
 301 }
 302
 303 static int __hidp_send_ctrl_message(struct hidp_session *session,
 304                         unsigned char hdr, unsigned char *data, int size)
 305 {
 306         struct sk_buff *skb;
 307
 308         BT_DBG("session %p data %p size %d", session, data, size);
 309
 310         if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
 311                 BT_ERR("Can't allocate memory for new frame");
 312                 return -ENOMEM;
 313         }
 314
 315         *skb_put(skb, 1) = hdr;
 316         if (data && size > 0)
 317                 memcpy(skb_put(skb, size), data, size);
 318
 319         skb_queue_tail(&session->ctrl_transmit, skb);
 320
 321         return 0;
 322 }
 323
 324 static inline int hidp_send_ctrl_message(struct hidp_session *session,
 325                         unsigned char hdr, unsigned char *data, int size)
 326 {
 327         int err;
 328
 329         err = __hidp_send_ctrl_message(session, hdr, data, size);
 330
 331         hidp_schedule(session);
 332
 333         return err;
 334 }
 335
 336 static void hidp_process_handshake(struct hidp_session *session,
 337                                         unsigned char param)
 338 {
 339         BT_DBG("session %p param 0x%02x", session, param);
 340
 341         switch (param) {
 342         case HIDP_HSHK_SUCCESSFUL:
 343                 /* FIXME: Call into SET_ GET_ handlers here */
 344                 break;
 345
 346         case HIDP_HSHK_NOT_READY:
 347         case HIDP_HSHK_ERR_INVALID_REPORT_ID:
 348         case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
 349         case HIDP_HSHK_ERR_INVALID_PARAMETER:
 350                 /* FIXME: Call into SET_ GET_ handlers here */
 351                 break;
 352
 353         case HIDP_HSHK_ERR_UNKNOWN:
 354                 break;
 355
 356         case HIDP_HSHK_ERR_FATAL:
 357                 /* Device requests a reboot, as this is the only way this error
 358                  * can be recovered. */
 359                 __hidp_send_ctrl_message(session,
 360                         HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
 361                 break;
 362
 363         default:
 364                 __hidp_send_ctrl_message(session,
 365                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
 366                 break;
 367         }
 368 }
 369
 370 static void hidp_process_hid_control(struct hidp_session *session,
 371                                         unsigned char param)
 372 {
 373         BT_DBG("session %p param 0x%02x", session, param);
 374
 375         if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
 376                 /* Flush the transmit queues */
 377                 skb_queue_purge(&session->ctrl_transmit);
 378                 skb_queue_purge(&session->intr_transmit);
 379
 380                 /* Kill session thread */
 381                 atomic_inc(&session->terminate);
 382                 hidp_schedule(session);
 383         }
 384 }
 385
 386 static void hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
 387                                 unsigned char param)
 388 {
 389         BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
 390
 391         switch (param) {
 392         case HIDP_DATA_RTYPE_INPUT:
 393                 hidp_set_timer(session);
 394
 395                 if (session->input)
 396                         hidp_input_report(session, skb);
 397
 398                 if (session->hid)
 399                         hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
 400
 401                 break;
 402
 403         case HIDP_DATA_RTYPE_OTHER:
 404         case HIDP_DATA_RTYPE_OUPUT:
 405         case HIDP_DATA_RTYPE_FEATURE:
 406                 break;
 407
 408         default:
 409                 __hidp_send_ctrl_message(session,
 410                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
 411         }
 412 }
 413
 414 static void hidp_recv_ctrl_frame(struct hidp_session *session,
 415                                         struct sk_buff *skb)
 416 {
 417         unsigned char hdr, type, param;
 418
 419         BT_DBG("session %p skb %p len %d", session, skb, skb->len);
 420
 421         hdr = skb->data[0];
 422         skb_pull(skb, 1);
 423
 424         type = hdr & HIDP_HEADER_TRANS_MASK;
 425         param = hdr & HIDP_HEADER_PARAM_MASK;
 426
 427         switch (type) {
 428         case HIDP_TRANS_HANDSHAKE:
 429                 hidp_process_handshake(session, param);
 430                 break;
 431
 432         case HIDP_TRANS_HID_CONTROL:
 433                 hidp_process_hid_control(session, param);
 434                 break;
 435
 436         case HIDP_TRANS_DATA:
 437                 hidp_process_data(session, skb, param);
 438                 break;
 439
 440         default:
 441                 __hidp_send_ctrl_message(session,
 442                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
 443                 break;
 444         }
 445
 446         kfree_skb(skb);
 447 }
 448
 449 static void hidp_recv_intr_frame(struct hidp_session *session,
 450                                 struct sk_buff *skb)
 451 {
 452         unsigned char hdr;
 453
 454         BT_DBG("session %p skb %p len %d", session, skb, skb->len);
 455
 456         hdr = skb->data[0];
 457         skb_pull(skb, 1);
 458
 459         if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
 460                 hidp_set_timer(session);
 461
 462                 if (session->input)
 463                         hidp_input_report(session, skb);
 464
 465                 if (session->hid) {
 466                         hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
 467                         BT_DBG("report len %d", skb->len);
 468                 }
 469         } else {
 470                 BT_DBG("Unsupported protocol header 0x%02x", hdr);
 471         }
 472
 473         kfree_skb(skb);
 474 }
 475
 476 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
 477 {
 478         struct kvec iv = { data, len };
 479         struct msghdr msg;
 480
 481         BT_DBG("sock %p data %p len %d", sock, data, len);
 482
 483         if (!len)
 484                 return 0;
 485
 486         memset(&msg, 0, sizeof(msg));
 487
 488         return kernel_sendmsg(sock, &msg, &iv, 1, len);
 489 }
 490
 491 static void hidp_process_transmit(struct hidp_session *session)
 492 {
 493         struct sk_buff *skb;
 494
 495         BT_DBG("session %p", session);
 496
 497         while ((skb = skb_dequeue(&session->ctrl_transmit))) {
 498                 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
 499                         skb_queue_head(&session->ctrl_transmit, skb);
 500                         break;
 501                 }
 502
 503                 hidp_set_timer(session);
 504                 kfree_skb(skb);
 505         }
 506
 507         while ((skb = skb_dequeue(&session->intr_transmit))) {
 508                 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
 509                         skb_queue_head(&session->intr_transmit, skb);
 510                         break;
 511                 }
 512
 513                 hidp_set_timer(session);
 514                 kfree_skb(skb);
 515         }
 516 }
 517
 518 static int hidp_session(void *arg)
 519 {
 520         struct hidp_session *session = arg;
 521         struct sock *ctrl_sk = session->ctrl_sock->sk;
 522         struct sock *intr_sk = session->intr_sock->sk;
 523         struct sk_buff *skb;
 524         int vendor = 0x0000, product = 0x0000;
 525         wait_queue_t ctrl_wait, intr_wait;
 526
 527         BT_DBG("session %p", session);
 528
 529         if (session->input) {
 530                 vendor  = session->input->id.vendor;
 531                 product = session->input->id.product;
 532         }
 533
 534         if (session->hid) {
 535                 vendor  = session->hid->vendor;
 536                 product = session->hid->product;
 537         }
 538
 539         daemonize("khidpd_%04x%04x", vendor, product);
 540         set_user_nice(current, -15);
 541
 542         init_waitqueue_entry(&ctrl_wait, current);
 543         init_waitqueue_entry(&intr_wait, current);
 544         add_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
 545         add_wait_queue(intr_sk->sk_sleep, &intr_wait);
 546         while (!atomic_read(&session->terminate)) {
 547                 set_current_state(TASK_INTERRUPTIBLE);
 548
 549                 if (ctrl_sk->sk_state != BT_CONNECTED || intr_sk->sk_state != BT_CONNECTED)
 550                         break;
 551
 552                 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
 553                         skb_orphan(skb);
 554                         hidp_recv_ctrl_frame(session, skb);
 555                 }
 556
 557                 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
 558                         skb_orphan(skb);
 559                         hidp_recv_intr_frame(session, skb);
 560                 }
 561
 562                 hidp_process_transmit(session);
 563
 564                 schedule();
 565         }
 566         set_current_state(TASK_RUNNING);
 567         remove_wait_queue(intr_sk->sk_sleep, &intr_wait);
 568         remove_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
 569
 570         down_write(&hidp_session_sem);
 571
 572         hidp_del_timer(session);
 573
 574         if (session->input) {
 575                 input_unregister_device(session->input);
 576                 session->input = NULL;
 577         }
 578
 579         if (session->hid) {
 580                 if (session->hid->claimed & HID_CLAIMED_INPUT)
 581                         hidinput_disconnect(session->hid);
 582                 if (session->hid->claimed & HID_CLAIMED_HIDRAW)
 583                         hidraw_disconnect(session->hid);
 584
 585                 hid_destroy_device(session->hid);
 586                 session->hid = NULL;
 587         }
 588
 589         /* Wakeup user-space polling for socket errors */
 590         session->intr_sock->sk->sk_err = EUNATCH;
 591         session->ctrl_sock->sk->sk_err = EUNATCH;
 592
 593         hidp_schedule(session);
 594
 595         fput(session->intr_sock->file);
 596
 597         wait_event_timeout(*(ctrl_sk->sk_sleep),
 598                 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
 599
 600         fput(session->ctrl_sock->file);
 601
 602         __hidp_unlink_session(session);
 603
 604         up_write(&hidp_session_sem);
 605
 606         kfree(session);
 607         return 0;
 608 }
 609
 610 static struct device *hidp_get_device(struct hidp_session *session)
 611 {
 612         bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
 613         bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
 614         struct device *device = NULL;
 615         struct hci_dev *hdev;
 616
 617         hdev = hci_get_route(dst, src);
 618         if (!hdev)
 619                 return NULL;
 620
 621         session->conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
 622         if (session->conn)
 623                 device = &session->conn->dev;
 624
 625         hci_dev_put(hdev);
 626
 627         return device;
 628 }
 629
 630 static int hidp_setup_input(struct hidp_session *session,
 631                                 struct hidp_connadd_req *req)
 632 {
 633         struct input_dev *input;
 634         int err, i;
 635
 636         input = input_allocate_device();
 637         if (!input)
 638                 return -ENOMEM;
 639
 640         session->input = input;
 641
 642         input_set_drvdata(input, session);
 643
 644         input->name = "Bluetooth HID Boot Protocol Device";
 645
 646         input->id.bustype = BUS_BLUETOOTH;
 647         input->id.vendor  = req->vendor;
 648         input->id.product = req->product;
 649         input->id.version = req->version;
 650
 651         if (req->subclass & 0x40) {
 652                 set_bit(EV_KEY, input->evbit);
 653                 set_bit(EV_LED, input->evbit);
 654                 set_bit(EV_REP, input->evbit);
 655
 656                 set_bit(LED_NUML,    input->ledbit);
 657                 set_bit(LED_CAPSL,   input->ledbit);
 658                 set_bit(LED_SCROLLL, input->ledbit);
 659                 set_bit(LED_COMPOSE, input->ledbit);
 660                 set_bit(LED_KANA,    input->ledbit);
 661
 662                 for (i = 0; i < sizeof(hidp_keycode); i++)
 663                         set_bit(hidp_keycode[i], input->keybit);
 664                 clear_bit(0, input->keybit);
 665         }
 666
 667         if (req->subclass & 0x80) {
 668                 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
 669                 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
 670                         BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
 671                 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
 672                 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
 673                         BIT_MASK(BTN_EXTRA);
 674                 input->relbit[0] |= BIT_MASK(REL_WHEEL);
 675         }
 676
 677         input->dev.parent = hidp_get_device(session);
 678
 679         input->event = hidp_input_event;
 680
 681         err = input_register_device(input);
 682         if (err < 0) {
 683                 hci_conn_put_device(session->conn);
 684                 return err;
 685         }
 686
 687         return 0;
 688 }
 689
 690 static int hidp_open(struct hid_device *hid)
 691 {
 692         return 0;
 693 }
 694
 695 static void hidp_close(struct hid_device *hid)
 696 {
 697 }
 698
 699 static int hidp_parse(struct hid_device *hid)
 700 {
 701         struct hidp_session *session = hid->driver_data;
 702         struct hidp_connadd_req *req = session->req;
 703         unsigned char *buf;
 704         int ret;
 705
 706         buf = kmalloc(req->rd_size, GFP_KERNEL);
 707         if (!buf)
 708                 return -ENOMEM;
 709
 710         if (copy_from_user(buf, req->rd_data, req->rd_size)) {
 711                 kfree(buf);
 712                 return -EFAULT;
 713         }
 714
 715         ret = hid_parse_report(session->hid, buf, req->rd_size);
 716
 717         kfree(buf);
 718
 719         if (ret)
 720                 return ret;
 721
 722         session->req = NULL;
 723
 724         return 0;
 725 }
 726
 727 static int hidp_start(struct hid_device *hid)
 728 {
 729         struct hidp_session *session = hid->driver_data;
 730         struct hid_report *report;
 731
 732         list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
 733                         report_list, list)
 734                 hidp_send_report(session, report);
 735
 736         list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
 737                         report_list, list)
 738                 hidp_send_report(session, report);
 739
 740         return 0;
 741 }
 742
 743 static void hidp_stop(struct hid_device *hid)
 744 {
 745         struct hidp_session *session = hid->driver_data;
 746
 747         skb_queue_purge(&session->ctrl_transmit);
 748         skb_queue_purge(&session->intr_transmit);
 749
 750         if (hid->claimed & HID_CLAIMED_INPUT)
 751                 hidinput_disconnect(hid);
 752         hid->claimed = 0;
 753 }
 754
 755 static struct hid_ll_driver hidp_hid_driver = {
 756         .parse = hidp_parse,
 757         .start = hidp_start,
 758         .stop = hidp_stop,
 759         .open  = hidp_open,
 760         .close = hidp_close,
 761         .hidinput_input_event = hidp_hidinput_event,
 762 };
 763
 764 static int hidp_setup_hid(struct hidp_session *session,
 765                                 struct hidp_connadd_req *req)
 766 {
 767         struct hid_device *hid;
 768         bdaddr_t src, dst;
 769         int err;
 770
 771         hid = hid_allocate_device();
 772         if (IS_ERR(hid))
 773                 return PTR_ERR(session->hid);
 774
 775         session->hid = hid;
 776         session->req = req;
 777         hid->driver_data = session;
 778
 779         baswap(&src, &bt_sk(session->ctrl_sock->sk)->src);
 780         baswap(&dst, &bt_sk(session->ctrl_sock->sk)->dst);
 781
 782         hid->bus     = BUS_BLUETOOTH;
 783         hid->vendor  = req->vendor;
 784         hid->product = req->product;
 785         hid->version = req->version;
 786         hid->country = req->country;
 787
 788         strncpy(hid->name, req->name, 128);
 789         strncpy(hid->phys, batostr(&src), 64);
 790         strncpy(hid->uniq, batostr(&dst), 64);
 791
 792         hid->dev.parent = hidp_get_device(session);
 793         hid->ll_driver = &hidp_hid_driver;
 794
 795         err = hid_add_device(hid);
 796         if (err < 0)
 797                 goto failed;
 798
 799         return 0;
 800
 801 failed:
 802         hid_destroy_device(hid);
 803         session->hid = NULL;
 804
 805         return err;
 806 }
 807
 808 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
 809 {
 810         struct hidp_session *session, *s;
 811         int err;
 812
 813         BT_DBG("");
 814
 815         if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
 816                         bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
 817                 return -ENOTUNIQ;
 818
 819         session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
 820         if (!session)
 821                 return -ENOMEM;
 822
 823         BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);
 824
 825         down_write(&hidp_session_sem);
 826
 827         s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
 828         if (s && s->state == BT_CONNECTED) {
 829                 err = -EEXIST;
 830                 goto failed;
 831         }
 832
 833         bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
 834
 835         session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu);
 836         session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu);
 837
 838         BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
 839
 840         session->ctrl_sock = ctrl_sock;
 841         session->intr_sock = intr_sock;
 842         session->state     = BT_CONNECTED;
 843
 844         setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session);
 845
 846         skb_queue_head_init(&session->ctrl_transmit);
 847         skb_queue_head_init(&session->intr_transmit);
 848
 849         session->flags   = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
 850         session->idle_to = req->idle_to;
 851
 852         if (req->rd_size > 0) {
 853                 err = hidp_setup_hid(session, req);
 854                 if (err && err != -ENODEV)
 855                         goto purge;
 856         }
 857
 858         if (!session->hid) {
 859                 err = hidp_setup_input(session, req);
 860                 if (err < 0)
 861                         goto purge;
 862         }
 863
 864         __hidp_link_session(session);
 865
 866         hidp_set_timer(session);
 867
 868         err = kernel_thread(hidp_session, session, CLONE_KERNEL);
 869         if (err < 0)
 870                 goto unlink;
 871
 872         if (session->input) {
 873                 hidp_send_ctrl_message(session,
 874                         HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
 875                 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
 876
 877                 session->leds = 0xff;
 878                 hidp_input_event(session->input, EV_LED, 0, 0);
 879         }
 880
 881         up_write(&hidp_session_sem);
 882         return 0;
 883
 884 unlink:
 885         hidp_del_timer(session);
 886
 887         __hidp_unlink_session(session);
 888
 889         if (session->input) {
 890                 input_unregister_device(session->input);
 891                 session->input = NULL;
 892         }
 893
 894         if (session->hid) {
 895                 hid_destroy_device(session->hid);
 896                 session->hid = NULL;
 897         }
 898
 899 purge:
 900         skb_queue_purge(&session->ctrl_transmit);
 901         skb_queue_purge(&session->intr_transmit);
 902
 903 failed:
 904         up_write(&hidp_session_sem);
 905
 906         input_free_device(session->input);
 907         kfree(session);
 908         return err;
 909 }
 910
 911 int hidp_del_connection(struct hidp_conndel_req *req)
 912 {
 913         struct hidp_session *session;
 914         int err = 0;
 915
 916         BT_DBG("");
 917
 918         down_read(&hidp_session_sem);
 919
 920         session = __hidp_get_session(&req->bdaddr);
 921         if (session) {
 922                 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
 923                         hidp_send_ctrl_message(session,
 924                                 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
 925                 } else {
 926                         /* Flush the transmit queues */
 927                         skb_queue_purge(&session->ctrl_transmit);
 928                         skb_queue_purge(&session->intr_transmit);
 929
 930                         /* Wakeup user-space polling for socket errors */
 931                         session->intr_sock->sk->sk_err = EUNATCH;
 932                         session->ctrl_sock->sk->sk_err = EUNATCH;
 933
 934                         /* Kill session thread */
 935                         atomic_inc(&session->terminate);
 936                         hidp_schedule(session);
 937                 }
 938         } else
 939                 err = -ENOENT;
 940
 941         up_read(&hidp_session_sem);
 942         return err;
 943 }
 944
 945 int hidp_get_connlist(struct hidp_connlist_req *req)
 946 {
 947         struct list_head *p;
 948         int err = 0, n = 0;
 949
 950         BT_DBG("");
 951
 952         down_read(&hidp_session_sem);
 953
 954         list_for_each(p, &hidp_session_list) {
 955                 struct hidp_session *session;
 956                 struct hidp_conninfo ci;
 957
 958                 session = list_entry(p, struct hidp_session, list);
 959
 960                 __hidp_copy_session(session, &ci);
 961
 962                 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
 963                         err = -EFAULT;
 964                         break;
 965                 }
 966
 967                 if (++n >= req->cnum)
 968                         break;
 969
 970                 req->ci++;
 971         }
 972         req->cnum = n;
 973
 974         up_read(&hidp_session_sem);
 975         return err;
 976 }
 977
 978 int hidp_get_conninfo(struct hidp_conninfo *ci)
 979 {
 980         struct hidp_session *session;
 981         int err = 0;
 982
 983         down_read(&hidp_session_sem);
 984
 985         session = __hidp_get_session(&ci->bdaddr);
 986         if (session)
 987                 __hidp_copy_session(session, ci);
 988         else
 989                 err = -ENOENT;
 990
 991         up_read(&hidp_session_sem);
 992         return err;
 993 }
 994
 995 static const struct hid_device_id hidp_table[] = {
 996         { HID_BLUETOOTH_DEVICE(HID_ANY_ID, HID_ANY_ID) },
 997         { }
 998 };
 999
1000 static struct hid_driver hidp_driver = {
1001         .name = "generic-bluetooth",
1002         .id_table = hidp_table,
1003 };
1004
1005 static int __init hidp_init(void)
1006 {
1007         int ret;
1008
1009         l2cap_load();
1010
1011         BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1012
1013         ret = hid_register_driver(&hidp_driver);
1014         if (ret)
1015                 goto err;
1016
1017         ret = hidp_init_sockets();
1018         if (ret)
1019                 goto err_drv;
1020
1021         return 0;
1022 err_drv:
1023         hid_unregister_driver(&hidp_driver);
1024 err:
1025         return ret;
1026 }
1027
1028 static void __exit hidp_exit(void)
1029 {
1030         hidp_cleanup_sockets();
1031         hid_unregister_driver(&hidp_driver);
1032 }
1033
1034 module_init(hidp_init);
1035 module_exit(hidp_exit);
1036
1037 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1038 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1039 MODULE_VERSION(VERSION);
1040 MODULE_LICENSE("GPL");
1041 MODULE_ALIAS("bt-proto-6");