1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23#include <linux/module.h>
24
25#include <linux/types.h>
26#include <linux/errno.h>
27#include <linux/kernel.h>
28#include <linux/sched.h>
29#include <linux/slab.h>
30#include <linux/poll.h>
31#include <linux/freezer.h>
32#include <linux/fcntl.h>
33#include <linux/skbuff.h>
34#include <linux/socket.h>
35#include <linux/ioctl.h>
36#include <linux/file.h>
37#include <linux/init.h>
38#include <linux/wait.h>
39#include <net/sock.h>
40
41#include <linux/input.h>
42#include <linux/hid.h>
43#include <linux/hidraw.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47#include <net/bluetooth/l2cap.h>
48
49#include "hidp.h"
50
51#define VERSION "1.2"
52
53static DECLARE_RWSEM(hidp_session_sem);
54static LIST_HEAD(hidp_session_list);
55
56static unsigned char hidp_keycode[256] = {
57 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 37, 38,
58 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 21, 44, 2, 3,
59 4, 5, 6, 7, 8, 9, 10, 11, 28, 1, 14, 15, 57, 12, 13, 26,
60 27, 43, 43, 39, 40, 41, 51, 52, 53, 58, 59, 60, 61, 62, 63, 64,
61 65, 66, 67, 68, 87, 88, 99, 70,119,110,102,104,111,107,109,106,
62 105,108,103, 69, 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71,
63 72, 73, 82, 83, 86,127,116,117,183,184,185,186,187,188,189,190,
64 191,192,193,194,134,138,130,132,128,129,131,137,133,135,136,113,
65 115,114, 0, 0, 0,121, 0, 89, 93,124, 92, 94, 95, 0, 0, 0,
66 122,123, 90, 91, 85, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
67 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
68 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
69 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
70 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
71 29, 42, 56,125, 97, 54,100,126,164,166,165,163,161,115,114,113,
72 150,158,159,128,136,177,178,176,142,152,173,140
73};
74
75static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
76
77static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
78{
79 struct hidp_session *session;
80 struct list_head *p;
81
82 BT_DBG("");
83
84 list_for_each(p, &hidp_session_list) {
85 session = list_entry(p, struct hidp_session, list);
86 if (!bacmp(bdaddr, &session->bdaddr))
87 return session;
88 }
89 return NULL;
90}
91
92static void __hidp_link_session(struct hidp_session *session)
93{
94 __module_get(THIS_MODULE);
95 list_add(&session->list, &hidp_session_list);
96
97 hci_conn_hold_device(session->conn);
98}
99
100static void __hidp_unlink_session(struct hidp_session *session)
101{
102 hci_conn_put_device(session->conn);
103
104 list_del(&session->list);
105 module_put(THIS_MODULE);
106}
107
108static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
109{
110 bacpy(&ci->bdaddr, &session->bdaddr);
111
112 ci->flags = session->flags;
113 ci->state = session->state;
114
115 ci->vendor = 0x0000;
116 ci->product = 0x0000;
117 ci->version = 0x0000;
118 memset(ci->name, 0, 128);
119
120 if (session->input) {
121 ci->vendor = session->input->id.vendor;
122 ci->product = session->input->id.product;
123 ci->version = session->input->id.version;
124 if (session->input->name)
125 strncpy(ci->name, session->input->name, 128);
126 else
127 strncpy(ci->name, "HID Boot Device", 128);
128 }
129
130 if (session->hid) {
131 ci->vendor = session->hid->vendor;
132 ci->product = session->hid->product;
133 ci->version = session->hid->version;
134 strncpy(ci->name, session->hid->name, 128);
135 }
136}
137
138static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
139 unsigned int type, unsigned int code, int value)
140{
141 unsigned char newleds;
142 struct sk_buff *skb;
143
144 BT_DBG("session %p type %d code %d value %d", session, type, code, value);
145
146 if (type != EV_LED)
147 return -1;
148
149 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
150 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
151 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
152 (!!test_bit(LED_CAPSL, dev->led) << 1) |
153 (!!test_bit(LED_NUML, dev->led));
154
155 if (session->leds == newleds)
156 return 0;
157
158 session->leds = newleds;
159
160 if (!(skb = alloc_skb(3, GFP_ATOMIC))) {
161 BT_ERR("Can't allocate memory for new frame");
162 return -ENOMEM;
163 }
164
165 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
166 *skb_put(skb, 1) = 0x01;
167 *skb_put(skb, 1) = newleds;
168
169 skb_queue_tail(&session->intr_transmit, skb);
170
171 hidp_schedule(session);
172
173 return 0;
174}
175
176static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
177{
178 struct hid_device *hid = input_get_drvdata(dev);
179 struct hidp_session *session = hid->driver_data;
180
181 return hidp_queue_event(session, dev, type, code, value);
182}
183
184static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
185{
186 struct hidp_session *session = input_get_drvdata(dev);
187
188 return hidp_queue_event(session, dev, type, code, value);
189}
190
191static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
192{
193 struct input_dev *dev = session->input;
194 unsigned char *keys = session->keys;
195 unsigned char *udata = skb->data + 1;
196 signed char *sdata = skb->data + 1;
197 int i, size = skb->len - 1;
198
199 switch (skb->data[0]) {
200 case 0x01:
201 for (i = 0; i < 8; i++)
202 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
203
204
205
206 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
207 break;
208
209 for (i = 2; i < 8; i++) {
210 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
211 if (hidp_keycode[keys[i]])
212 input_report_key(dev, hidp_keycode[keys[i]], 0);
213 else
214 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
215 }
216
217 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
218 if (hidp_keycode[udata[i]])
219 input_report_key(dev, hidp_keycode[udata[i]], 1);
220 else
221 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
222 }
223 }
224
225 memcpy(keys, udata, 8);
226 break;
227
228 case 0x02:
229 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
230 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
231 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
232 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
233 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
234
235 input_report_rel(dev, REL_X, sdata[1]);
236 input_report_rel(dev, REL_Y, sdata[2]);
237
238 if (size > 3)
239 input_report_rel(dev, REL_WHEEL, sdata[3]);
240 break;
241 }
242
243 input_sync(dev);
244}
245
246static int hidp_queue_report(struct hidp_session *session,
247 unsigned char *data, int size)
248{
249 struct sk_buff *skb;
250
251 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
252
253 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
254 BT_ERR("Can't allocate memory for new frame");
255 return -ENOMEM;
256 }
257
258 *skb_put(skb, 1) = 0xa2;
259 if (size > 0)
260 memcpy(skb_put(skb, size), data, size);
261
262 skb_queue_tail(&session->intr_transmit, skb);
263
264 hidp_schedule(session);
265
266 return 0;
267}
268
269static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
270{
271 unsigned char buf[32];
272 int rsize;
273
274 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
275 if (rsize > sizeof(buf))
276 return -EIO;
277
278 hid_output_report(report, buf);
279
280 return hidp_queue_report(session, buf, rsize);
281}
282
283static void hidp_idle_timeout(unsigned long arg)
284{
285 struct hidp_session *session = (struct hidp_session *) arg;
286
287 atomic_inc(&session->terminate);
288 hidp_schedule(session);
289}
290
291static void hidp_set_timer(struct hidp_session *session)
292{
293 if (session->idle_to > 0)
294 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
295}
296
297static inline void hidp_del_timer(struct hidp_session *session)
298{
299 if (session->idle_to > 0)
300 del_timer(&session->timer);
301}
302
303static int __hidp_send_ctrl_message(struct hidp_session *session,
304 unsigned char hdr, unsigned char *data, int size)
305{
306 struct sk_buff *skb;
307
308 BT_DBG("session %p data %p size %d", session, data, size);
309
310 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
311 BT_ERR("Can't allocate memory for new frame");
312 return -ENOMEM;
313 }
314
315 *skb_put(skb, 1) = hdr;
316 if (data && size > 0)
317 memcpy(skb_put(skb, size), data, size);
318
319 skb_queue_tail(&session->ctrl_transmit, skb);
320
321 return 0;
322}
323
324static inline int hidp_send_ctrl_message(struct hidp_session *session,
325 unsigned char hdr, unsigned char *data, int size)
326{
327 int err;
328
329 err = __hidp_send_ctrl_message(session, hdr, data, size);
330
331 hidp_schedule(session);
332
333 return err;
334}
335
336static void hidp_process_handshake(struct hidp_session *session,
337 unsigned char param)
338{
339 BT_DBG("session %p param 0x%02x", session, param);
340
341 switch (param) {
342 case HIDP_HSHK_SUCCESSFUL:
343
344 break;
345
346 case HIDP_HSHK_NOT_READY:
347 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
348 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
349 case HIDP_HSHK_ERR_INVALID_PARAMETER:
350
351 break;
352
353 case HIDP_HSHK_ERR_UNKNOWN:
354 break;
355
356 case HIDP_HSHK_ERR_FATAL:
357
358
359 __hidp_send_ctrl_message(session,
360 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
361 break;
362
363 default:
364 __hidp_send_ctrl_message(session,
365 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
366 break;
367 }
368}
369
370static void hidp_process_hid_control(struct hidp_session *session,
371 unsigned char param)
372{
373 BT_DBG("session %p param 0x%02x", session, param);
374
375 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
376
377 skb_queue_purge(&session->ctrl_transmit);
378 skb_queue_purge(&session->intr_transmit);
379
380
381 atomic_inc(&session->terminate);
382 hidp_schedule(session);
383 }
384}
385
386static void hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
387 unsigned char param)
388{
389 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
390
391 switch (param) {
392 case HIDP_DATA_RTYPE_INPUT:
393 hidp_set_timer(session);
394
395 if (session->input)
396 hidp_input_report(session, skb);
397
398 if (session->hid)
399 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
400
401 break;
402
403 case HIDP_DATA_RTYPE_OTHER:
404 case HIDP_DATA_RTYPE_OUPUT:
405 case HIDP_DATA_RTYPE_FEATURE:
406 break;
407
408 default:
409 __hidp_send_ctrl_message(session,
410 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
411 }
412}
413
414static void hidp_recv_ctrl_frame(struct hidp_session *session,
415 struct sk_buff *skb)
416{
417 unsigned char hdr, type, param;
418
419 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
420
421 hdr = skb->data[0];
422 skb_pull(skb, 1);
423
424 type = hdr & HIDP_HEADER_TRANS_MASK;
425 param = hdr & HIDP_HEADER_PARAM_MASK;
426
427 switch (type) {
428 case HIDP_TRANS_HANDSHAKE:
429 hidp_process_handshake(session, param);
430 break;
431
432 case HIDP_TRANS_HID_CONTROL:
433 hidp_process_hid_control(session, param);
434 break;
435
436 case HIDP_TRANS_DATA:
437 hidp_process_data(session, skb, param);
438 break;
439
440 default:
441 __hidp_send_ctrl_message(session,
442 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
443 break;
444 }
445
446 kfree_skb(skb);
447}
448
449static void hidp_recv_intr_frame(struct hidp_session *session,
450 struct sk_buff *skb)
451{
452 unsigned char hdr;
453
454 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
455
456 hdr = skb->data[0];
457 skb_pull(skb, 1);
458
459 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
460 hidp_set_timer(session);
461
462 if (session->input)
463 hidp_input_report(session, skb);
464
465 if (session->hid) {
466 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
467 BT_DBG("report len %d", skb->len);
468 }
469 } else {
470 BT_DBG("Unsupported protocol header 0x%02x", hdr);
471 }
472
473 kfree_skb(skb);
474}
475
476static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
477{
478 struct kvec iv = { data, len };
479 struct msghdr msg;
480
481 BT_DBG("sock %p data %p len %d", sock, data, len);
482
483 if (!len)
484 return 0;
485
486 memset(&msg, 0, sizeof(msg));
487
488 return kernel_sendmsg(sock, &msg, &iv, 1, len);
489}
490
491static void hidp_process_transmit(struct hidp_session *session)
492{
493 struct sk_buff *skb;
494
495 BT_DBG("session %p", session);
496
497 while ((skb = skb_dequeue(&session->ctrl_transmit))) {
498 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
499 skb_queue_head(&session->ctrl_transmit, skb);
500 break;
501 }
502
503 hidp_set_timer(session);
504 kfree_skb(skb);
505 }
506
507 while ((skb = skb_dequeue(&session->intr_transmit))) {
508 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
509 skb_queue_head(&session->intr_transmit, skb);
510 break;
511 }
512
513 hidp_set_timer(session);
514 kfree_skb(skb);
515 }
516}
517
518static int hidp_session(void *arg)
519{
520 struct hidp_session *session = arg;
521 struct sock *ctrl_sk = session->ctrl_sock->sk;
522 struct sock *intr_sk = session->intr_sock->sk;
523 struct sk_buff *skb;
524 int vendor = 0x0000, product = 0x0000;
525 wait_queue_t ctrl_wait, intr_wait;
526
527 BT_DBG("session %p", session);
528
529 if (session->input) {
530 vendor = session->input->id.vendor;
531 product = session->input->id.product;
532 }
533
534 if (session->hid) {
535 vendor = session->hid->vendor;
536 product = session->hid->product;
537 }
538
539 daemonize("khidpd_%04x%04x", vendor, product);
540 set_user_nice(current, -15);
541
542 init_waitqueue_entry(&ctrl_wait, current);
543 init_waitqueue_entry(&intr_wait, current);
544 add_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
545 add_wait_queue(intr_sk->sk_sleep, &intr_wait);
546 while (!atomic_read(&session->terminate)) {
547 set_current_state(TASK_INTERRUPTIBLE);
548
549 if (ctrl_sk->sk_state != BT_CONNECTED || intr_sk->sk_state != BT_CONNECTED)
550 break;
551
552 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
553 skb_orphan(skb);
554 hidp_recv_ctrl_frame(session, skb);
555 }
556
557 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
558 skb_orphan(skb);
559 hidp_recv_intr_frame(session, skb);
560 }
561
562 hidp_process_transmit(session);
563
564 schedule();
565 }
566 set_current_state(TASK_RUNNING);
567 remove_wait_queue(intr_sk->sk_sleep, &intr_wait);
568 remove_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
569
570 down_write(&hidp_session_sem);
571
572 hidp_del_timer(session);
573
574 if (session->input) {
575 input_unregister_device(session->input);
576 session->input = NULL;
577 }
578
579 if (session->hid) {
580 hid_destroy_device(session->hid);
581 session->hid = NULL;
582 }
583
584
585 session->intr_sock->sk->sk_err = EUNATCH;
586 session->ctrl_sock->sk->sk_err = EUNATCH;
587
588 hidp_schedule(session);
589
590 fput(session->intr_sock->file);
591
592 wait_event_timeout(*(ctrl_sk->sk_sleep),
593 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
594
595 fput(session->ctrl_sock->file);
596
597 __hidp_unlink_session(session);
598
599 up_write(&hidp_session_sem);
600
601 kfree(session);
602 return 0;
603}
604
605static struct device *hidp_get_device(struct hidp_session *session)
606{
607 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
608 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
609 struct device *device = NULL;
610 struct hci_dev *hdev;
611
612 hdev = hci_get_route(dst, src);
613 if (!hdev)
614 return NULL;
615
616 session->conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
617 if (session->conn)
618 device = &session->conn->dev;
619
620 hci_dev_put(hdev);
621
622 return device;
623}
624
625static int hidp_setup_input(struct hidp_session *session,
626 struct hidp_connadd_req *req)
627{
628 struct input_dev *input;
629 int err, i;
630
631 input = input_allocate_device();
632 if (!input)
633 return -ENOMEM;
634
635 session->input = input;
636
637 input_set_drvdata(input, session);
638
639 input->name = "Bluetooth HID Boot Protocol Device";
640
641 input->id.bustype = BUS_BLUETOOTH;
642 input->id.vendor = req->vendor;
643 input->id.product = req->product;
644 input->id.version = req->version;
645
646 if (req->subclass & 0x40) {
647 set_bit(EV_KEY, input->evbit);
648 set_bit(EV_LED, input->evbit);
649 set_bit(EV_REP, input->evbit);
650
651 set_bit(LED_NUML, input->ledbit);
652 set_bit(LED_CAPSL, input->ledbit);
653 set_bit(LED_SCROLLL, input->ledbit);
654 set_bit(LED_COMPOSE, input->ledbit);
655 set_bit(LED_KANA, input->ledbit);
656
657 for (i = 0; i < sizeof(hidp_keycode); i++)
658 set_bit(hidp_keycode[i], input->keybit);
659 clear_bit(0, input->keybit);
660 }
661
662 if (req->subclass & 0x80) {
663 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
664 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
665 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
666 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
667 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
668 BIT_MASK(BTN_EXTRA);
669 input->relbit[0] |= BIT_MASK(REL_WHEEL);
670 }
671
672 input->dev.parent = hidp_get_device(session);
673
674 input->event = hidp_input_event;
675
676 err = input_register_device(input);
677 if (err < 0) {
678 hci_conn_put_device(session->conn);
679 return err;
680 }
681
682 return 0;
683}
684
685static int hidp_open(struct hid_device *hid)
686{
687 return 0;
688}
689
690static void hidp_close(struct hid_device *hid)
691{
692}
693
694static int hidp_parse(struct hid_device *hid)
695{
696 struct hidp_session *session = hid->driver_data;
697 struct hidp_connadd_req *req = session->req;
698 unsigned char *buf;
699 int ret;
700
701 buf = kmalloc(req->rd_size, GFP_KERNEL);
702 if (!buf)
703 return -ENOMEM;
704
705 if (copy_from_user(buf, req->rd_data, req->rd_size)) {
706 kfree(buf);
707 return -EFAULT;
708 }
709
710 ret = hid_parse_report(session->hid, buf, req->rd_size);
711
712 kfree(buf);
713
714 if (ret)
715 return ret;
716
717 session->req = NULL;
718
719 return 0;
720}
721
722static int hidp_start(struct hid_device *hid)
723{
724 struct hidp_session *session = hid->driver_data;
725 struct hid_report *report;
726
727 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
728 report_list, list)
729 hidp_send_report(session, report);
730
731 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
732 report_list, list)
733 hidp_send_report(session, report);
734
735 return 0;
736}
737
738static void hidp_stop(struct hid_device *hid)
739{
740 struct hidp_session *session = hid->driver_data;
741
742 skb_queue_purge(&session->ctrl_transmit);
743 skb_queue_purge(&session->intr_transmit);
744
745 hid->claimed = 0;
746}
747
748static struct hid_ll_driver hidp_hid_driver = {
749 .parse = hidp_parse,
750 .start = hidp_start,
751 .stop = hidp_stop,
752 .open = hidp_open,
753 .close = hidp_close,
754 .hidinput_input_event = hidp_hidinput_event,
755};
756
757static int hidp_setup_hid(struct hidp_session *session,
758 struct hidp_connadd_req *req)
759{
760 struct hid_device *hid;
761 bdaddr_t src, dst;
762 int err;
763
764 hid = hid_allocate_device();
765 if (IS_ERR(hid))
766 return PTR_ERR(session->hid);
767
768 session->hid = hid;
769 session->req = req;
770 hid->driver_data = session;
771
772 baswap(&src, &bt_sk(session->ctrl_sock->sk)->src);
773 baswap(&dst, &bt_sk(session->ctrl_sock->sk)->dst);
774
775 hid->bus = BUS_BLUETOOTH;
776 hid->vendor = req->vendor;
777 hid->product = req->product;
778 hid->version = req->version;
779 hid->country = req->country;
780
781 strncpy(hid->name, req->name, 128);
782 strncpy(hid->phys, batostr(&src), 64);
783 strncpy(hid->uniq, batostr(&dst), 64);
784
785 hid->dev.parent = hidp_get_device(session);
786 hid->ll_driver = &hidp_hid_driver;
787
788 err = hid_add_device(hid);
789 if (err < 0)
790 goto failed;
791
792 return 0;
793
794failed:
795 hid_destroy_device(hid);
796 session->hid = NULL;
797
798 return err;
799}
800
801int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
802{
803 struct hidp_session *session, *s;
804 int err;
805
806 BT_DBG("");
807
808 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
809 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
810 return -ENOTUNIQ;
811
812 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
813 if (!session)
814 return -ENOMEM;
815
816 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);
817
818 down_write(&hidp_session_sem);
819
820 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
821 if (s && s->state == BT_CONNECTED) {
822 err = -EEXIST;
823 goto failed;
824 }
825
826 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
827
828 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu);
829 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu);
830
831 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
832
833 session->ctrl_sock = ctrl_sock;
834 session->intr_sock = intr_sock;
835 session->state = BT_CONNECTED;
836
837 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session);
838
839 skb_queue_head_init(&session->ctrl_transmit);
840 skb_queue_head_init(&session->intr_transmit);
841
842 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
843 session->idle_to = req->idle_to;
844
845 if (req->rd_size > 0) {
846 err = hidp_setup_hid(session, req);
847 if (err && err != -ENODEV)
848 goto purge;
849 }
850
851 if (!session->hid) {
852 err = hidp_setup_input(session, req);
853 if (err < 0)
854 goto purge;
855 }
856
857 __hidp_link_session(session);
858
859 hidp_set_timer(session);
860
861 err = kernel_thread(hidp_session, session, CLONE_KERNEL);
862 if (err < 0)
863 goto unlink;
864
865 if (session->input) {
866 hidp_send_ctrl_message(session,
867 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
868 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
869
870 session->leds = 0xff;
871 hidp_input_event(session->input, EV_LED, 0, 0);
872 }
873
874 up_write(&hidp_session_sem);
875 return 0;
876
877unlink:
878 hidp_del_timer(session);
879
880 __hidp_unlink_session(session);
881
882 if (session->input) {
883 input_unregister_device(session->input);
884 session->input = NULL;
885 }
886
887 if (session->hid) {
888 hid_destroy_device(session->hid);
889 session->hid = NULL;
890 }
891
892purge:
893 skb_queue_purge(&session->ctrl_transmit);
894 skb_queue_purge(&session->intr_transmit);
895
896failed:
897 up_write(&hidp_session_sem);
898
899 input_free_device(session->input);
900 kfree(session);
901 return err;
902}
903
904int hidp_del_connection(struct hidp_conndel_req *req)
905{
906 struct hidp_session *session;
907 int err = 0;
908
909 BT_DBG("");
910
911 down_read(&hidp_session_sem);
912
913 session = __hidp_get_session(&req->bdaddr);
914 if (session) {
915 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
916 hidp_send_ctrl_message(session,
917 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
918 } else {
919
920 skb_queue_purge(&session->ctrl_transmit);
921 skb_queue_purge(&session->intr_transmit);
922
923
924 session->intr_sock->sk->sk_err = EUNATCH;
925 session->ctrl_sock->sk->sk_err = EUNATCH;
926
927
928 atomic_inc(&session->terminate);
929 hidp_schedule(session);
930 }
931 } else
932 err = -ENOENT;
933
934 up_read(&hidp_session_sem);
935 return err;
936}
937
938int hidp_get_connlist(struct hidp_connlist_req *req)
939{
940 struct list_head *p;
941 int err = 0, n = 0;
942
943 BT_DBG("");
944
945 down_read(&hidp_session_sem);
946
947 list_for_each(p, &hidp_session_list) {
948 struct hidp_session *session;
949 struct hidp_conninfo ci;
950
951 session = list_entry(p, struct hidp_session, list);
952
953 __hidp_copy_session(session, &ci);
954
955 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
956 err = -EFAULT;
957 break;
958 }
959
960 if (++n >= req->cnum)
961 break;
962
963 req->ci++;
964 }
965 req->cnum = n;
966
967 up_read(&hidp_session_sem);
968 return err;
969}
970
971int hidp_get_conninfo(struct hidp_conninfo *ci)
972{
973 struct hidp_session *session;
974 int err = 0;
975
976 down_read(&hidp_session_sem);
977
978 session = __hidp_get_session(&ci->bdaddr);
979 if (session)
980 __hidp_copy_session(session, ci);
981 else
982 err = -ENOENT;
983
984 up_read(&hidp_session_sem);
985 return err;
986}
987
988static const struct hid_device_id hidp_table[] = {
989 { HID_BLUETOOTH_DEVICE(HID_ANY_ID, HID_ANY_ID) },
990 { }
991};
992
993static struct hid_driver hidp_driver = {
994 .name = "generic-bluetooth",
995 .id_table = hidp_table,
996};
997
998static int __init hidp_init(void)
999{
1000 int ret;
1001
1002 l2cap_load();
1003
1004 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1005
1006 ret = hid_register_driver(&hidp_driver);
1007 if (ret)
1008 goto err;
1009
1010 ret = hidp_init_sockets();
1011 if (ret)
1012 goto err_drv;
1013
1014 return 0;
1015err_drv:
1016 hid_unregister_driver(&hidp_driver);
1017err:
1018 return ret;
1019}
1020
1021static void __exit hidp_exit(void)
1022{
1023 hidp_cleanup_sockets();
1024 hid_unregister_driver(&hidp_driver);
1025}
1026
1027module_init(hidp_init);
1028module_exit(hidp_exit);
1029
1030MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1031MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1032MODULE_VERSION(VERSION);
1033MODULE_LICENSE("GPL");
1034MODULE_ALIAS("bt-proto-6");
1035
