1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24#include <linux/kref.h>
25#include <linux/module.h>
26#include <linux/file.h>
27#include <linux/kthread.h>
28#include <linux/hidraw.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/l2cap.h>
33
34#include "hidp.h"
35
36#define VERSION "1.2"
37
38static DECLARE_RWSEM(hidp_session_sem);
39static LIST_HEAD(hidp_session_list);
40
41static unsigned char hidp_keycode[256] = {
42 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36,
43 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45,
44 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1,
45 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52,
46 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88,
47 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69,
48 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73,
49 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
50 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
51 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94,
52 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0,
53 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
54 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
55 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
56 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
57 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
58 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115,
59 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
60};
61
62static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
63
64static int hidp_session_probe(struct l2cap_conn *conn,
65 struct l2cap_user *user);
66static void hidp_session_remove(struct l2cap_conn *conn,
67 struct l2cap_user *user);
68static int hidp_session_thread(void *arg);
69static void hidp_session_terminate(struct hidp_session *s);
70
71static void hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
72{
73 memset(ci, 0, sizeof(*ci));
74 bacpy(&ci->bdaddr, &session->bdaddr);
75
76 ci->flags = session->flags;
77 ci->state = BT_CONNECTED;
78
79 if (session->input) {
80 ci->vendor = session->input->id.vendor;
81 ci->product = session->input->id.product;
82 ci->version = session->input->id.version;
83 if (session->input->name)
84 strlcpy(ci->name, session->input->name, 128);
85 else
86 strlcpy(ci->name, "HID Boot Device", 128);
87 } else if (session->hid) {
88 ci->vendor = session->hid->vendor;
89 ci->product = session->hid->product;
90 ci->version = session->hid->version;
91 strlcpy(ci->name, session->hid->name, 128);
92 }
93}
94
95
96static int hidp_send_message(struct hidp_session *session, struct socket *sock,
97 struct sk_buff_head *transmit, unsigned char hdr,
98 const unsigned char *data, int size)
99{
100 struct sk_buff *skb;
101 struct sock *sk = sock->sk;
102
103 BT_DBG("session %p data %p size %d", session, data, size);
104
105 if (atomic_read(&session->terminate))
106 return -EIO;
107
108 skb = alloc_skb(size + 1, GFP_ATOMIC);
109 if (!skb) {
110 BT_ERR("Can't allocate memory for new frame");
111 return -ENOMEM;
112 }
113
114 *skb_put(skb, 1) = hdr;
115 if (data && size > 0)
116 memcpy(skb_put(skb, size), data, size);
117
118 skb_queue_tail(transmit, skb);
119 wake_up_interruptible(sk_sleep(sk));
120
121 return 0;
122}
123
124static int hidp_send_ctrl_message(struct hidp_session *session,
125 unsigned char hdr, const unsigned char *data,
126 int size)
127{
128 return hidp_send_message(session, session->ctrl_sock,
129 &session->ctrl_transmit, hdr, data, size);
130}
131
132static int hidp_send_intr_message(struct hidp_session *session,
133 unsigned char hdr, const unsigned char *data,
134 int size)
135{
136 return hidp_send_message(session, session->intr_sock,
137 &session->intr_transmit, hdr, data, size);
138}
139
140static int hidp_input_event(struct input_dev *dev, unsigned int type,
141 unsigned int code, int value)
142{
143 struct hidp_session *session = input_get_drvdata(dev);
144 unsigned char newleds;
145 unsigned char hdr, data[2];
146
147 BT_DBG("session %p type %d code %d value %d",
148 session, type, code, value);
149
150 if (type != EV_LED)
151 return -1;
152
153 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
154 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
155 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
156 (!!test_bit(LED_CAPSL, dev->led) << 1) |
157 (!!test_bit(LED_NUML, dev->led));
158
159 if (session->leds == newleds)
160 return 0;
161
162 session->leds = newleds;
163
164 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
165 data[0] = 0x01;
166 data[1] = newleds;
167
168 return hidp_send_intr_message(session, hdr, data, 2);
169}
170
171static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
172{
173 struct input_dev *dev = session->input;
174 unsigned char *keys = session->keys;
175 unsigned char *udata = skb->data + 1;
176 signed char *sdata = skb->data + 1;
177 int i, size = skb->len - 1;
178
179 switch (skb->data[0]) {
180 case 0x01:
181 for (i = 0; i < 8; i++)
182 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
183
184
185
186 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
187 break;
188
189 for (i = 2; i < 8; i++) {
190 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
191 if (hidp_keycode[keys[i]])
192 input_report_key(dev, hidp_keycode[keys[i]], 0);
193 else
194 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
195 }
196
197 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
198 if (hidp_keycode[udata[i]])
199 input_report_key(dev, hidp_keycode[udata[i]], 1);
200 else
201 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
202 }
203 }
204
205 memcpy(keys, udata, 8);
206 break;
207
208 case 0x02:
209 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
210 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
211 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
212 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
213 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
214
215 input_report_rel(dev, REL_X, sdata[1]);
216 input_report_rel(dev, REL_Y, sdata[2]);
217
218 if (size > 3)
219 input_report_rel(dev, REL_WHEEL, sdata[3]);
220 break;
221 }
222
223 input_sync(dev);
224}
225
226static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
227{
228 unsigned char hdr;
229 u8 *buf;
230 int rsize, ret;
231
232 buf = hid_alloc_report_buf(report, GFP_ATOMIC);
233 if (!buf)
234 return -EIO;
235
236 hid_output_report(report, buf);
237 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
238
239 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
240 ret = hidp_send_intr_message(session, hdr, buf, rsize);
241
242 kfree(buf);
243 return ret;
244}
245
246static int hidp_hidinput_event(struct input_dev *dev, unsigned int type,
247 unsigned int code, int value)
248{
249 struct hid_device *hid = input_get_drvdata(dev);
250 struct hidp_session *session = hid->driver_data;
251 struct hid_field *field;
252 int offset;
253
254 BT_DBG("session %p type %d code %d value %d",
255 session, type, code, value);
256
257 if (type != EV_LED)
258 return -1;
259
260 offset = hidinput_find_field(hid, type, code, &field);
261 if (offset == -1) {
262 hid_warn(dev, "event field not found\n");
263 return -1;
264 }
265
266 hid_set_field(field, offset, value);
267
268 return hidp_send_report(session, field->report);
269}
270
271static int hidp_get_raw_report(struct hid_device *hid,
272 unsigned char report_number,
273 unsigned char *data, size_t count,
274 unsigned char report_type)
275{
276 struct hidp_session *session = hid->driver_data;
277 struct sk_buff *skb;
278 size_t len;
279 int numbered_reports = hid->report_enum[report_type].numbered;
280 int ret;
281
282 if (atomic_read(&session->terminate))
283 return -EIO;
284
285 switch (report_type) {
286 case HID_FEATURE_REPORT:
287 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
288 break;
289 case HID_INPUT_REPORT:
290 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
291 break;
292 case HID_OUTPUT_REPORT:
293 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
294 break;
295 default:
296 return -EINVAL;
297 }
298
299 if (mutex_lock_interruptible(&session->report_mutex))
300 return -ERESTARTSYS;
301
302
303 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
304 session->waiting_report_number = numbered_reports ? report_number : -1;
305 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
306 data[0] = report_number;
307 ret = hidp_send_ctrl_message(session, report_type, data, 1);
308 if (ret)
309 goto err;
310
311
312
313 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
314 !atomic_read(&session->terminate)) {
315 int res;
316
317 res = wait_event_interruptible_timeout(session->report_queue,
318 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)
319 || atomic_read(&session->terminate),
320 5*HZ);
321 if (res == 0) {
322
323 ret = -EIO;
324 goto err;
325 }
326 if (res < 0) {
327
328 ret = -ERESTARTSYS;
329 goto err;
330 }
331 }
332
333 skb = session->report_return;
334 if (skb) {
335 len = skb->len < count ? skb->len : count;
336 memcpy(data, skb->data, len);
337
338 kfree_skb(skb);
339 session->report_return = NULL;
340 } else {
341
342 len = -EIO;
343 }
344
345 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
346 mutex_unlock(&session->report_mutex);
347
348 return len;
349
350err:
351 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
352 mutex_unlock(&session->report_mutex);
353 return ret;
354}
355
356static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
357 unsigned char report_type)
358{
359 struct hidp_session *session = hid->driver_data;
360 int ret;
361
362 if (report_type == HID_OUTPUT_REPORT) {
363 report_type = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
364 return hidp_send_intr_message(session, report_type,
365 data, count);
366 } else if (report_type != HID_FEATURE_REPORT) {
367 return -EINVAL;
368 }
369
370 if (mutex_lock_interruptible(&session->report_mutex))
371 return -ERESTARTSYS;
372
373
374 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
375 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
376 ret = hidp_send_ctrl_message(session, report_type, data, count);
377 if (ret)
378 goto err;
379
380
381 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) &&
382 !atomic_read(&session->terminate)) {
383 int res;
384
385 res = wait_event_interruptible_timeout(session->report_queue,
386 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)
387 || atomic_read(&session->terminate),
388 10*HZ);
389 if (res == 0) {
390
391 ret = -EIO;
392 goto err;
393 }
394 if (res < 0) {
395
396 ret = -ERESTARTSYS;
397 goto err;
398 }
399 }
400
401 if (!session->output_report_success) {
402 ret = -EIO;
403 goto err;
404 }
405
406 ret = count;
407
408err:
409 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
410 mutex_unlock(&session->report_mutex);
411 return ret;
412}
413
414static void hidp_idle_timeout(unsigned long arg)
415{
416 struct hidp_session *session = (struct hidp_session *) arg;
417
418 hidp_session_terminate(session);
419}
420
421static void hidp_set_timer(struct hidp_session *session)
422{
423 if (session->idle_to > 0)
424 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
425}
426
427static void hidp_del_timer(struct hidp_session *session)
428{
429 if (session->idle_to > 0)
430 del_timer(&session->timer);
431}
432
433static void hidp_process_handshake(struct hidp_session *session,
434 unsigned char param)
435{
436 BT_DBG("session %p param 0x%02x", session, param);
437 session->output_report_success = 0;
438
439 switch (param) {
440 case HIDP_HSHK_SUCCESSFUL:
441
442 session->output_report_success = 1;
443 break;
444
445 case HIDP_HSHK_NOT_READY:
446 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
447 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
448 case HIDP_HSHK_ERR_INVALID_PARAMETER:
449 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags))
450 wake_up_interruptible(&session->report_queue);
451
452
453 break;
454
455 case HIDP_HSHK_ERR_UNKNOWN:
456 break;
457
458 case HIDP_HSHK_ERR_FATAL:
459
460
461 hidp_send_ctrl_message(session,
462 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
463 break;
464
465 default:
466 hidp_send_ctrl_message(session,
467 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
468 break;
469 }
470
471
472 if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags))
473 wake_up_interruptible(&session->report_queue);
474}
475
476static void hidp_process_hid_control(struct hidp_session *session,
477 unsigned char param)
478{
479 BT_DBG("session %p param 0x%02x", session, param);
480
481 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
482
483 skb_queue_purge(&session->ctrl_transmit);
484 skb_queue_purge(&session->intr_transmit);
485
486 hidp_session_terminate(session);
487 }
488}
489
490
491static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
492 unsigned char param)
493{
494 int done_with_skb = 1;
495 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
496
497 switch (param) {
498 case HIDP_DATA_RTYPE_INPUT:
499 hidp_set_timer(session);
500
501 if (session->input)
502 hidp_input_report(session, skb);
503
504 if (session->hid)
505 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
506 break;
507
508 case HIDP_DATA_RTYPE_OTHER:
509 case HIDP_DATA_RTYPE_OUPUT:
510 case HIDP_DATA_RTYPE_FEATURE:
511 break;
512
513 default:
514 hidp_send_ctrl_message(session,
515 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
516 }
517
518 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
519 param == session->waiting_report_type) {
520 if (session->waiting_report_number < 0 ||
521 session->waiting_report_number == skb->data[0]) {
522
523 session->report_return = skb;
524 done_with_skb = 0;
525 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
526 wake_up_interruptible(&session->report_queue);
527 }
528 }
529
530 return done_with_skb;
531}
532
533static void hidp_recv_ctrl_frame(struct hidp_session *session,
534 struct sk_buff *skb)
535{
536 unsigned char hdr, type, param;
537 int free_skb = 1;
538
539 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
540
541 hdr = skb->data[0];
542 skb_pull(skb, 1);
543
544 type = hdr & HIDP_HEADER_TRANS_MASK;
545 param = hdr & HIDP_HEADER_PARAM_MASK;
546
547 switch (type) {
548 case HIDP_TRANS_HANDSHAKE:
549 hidp_process_handshake(session, param);
550 break;
551
552 case HIDP_TRANS_HID_CONTROL:
553 hidp_process_hid_control(session, param);
554 break;
555
556 case HIDP_TRANS_DATA:
557 free_skb = hidp_process_data(session, skb, param);
558 break;
559
560 default:
561 hidp_send_ctrl_message(session,
562 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
563 break;
564 }
565
566 if (free_skb)
567 kfree_skb(skb);
568}
569
570static void hidp_recv_intr_frame(struct hidp_session *session,
571 struct sk_buff *skb)
572{
573 unsigned char hdr;
574
575 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
576
577 hdr = skb->data[0];
578 skb_pull(skb, 1);
579
580 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
581 hidp_set_timer(session);
582
583 if (session->input)
584 hidp_input_report(session, skb);
585
586 if (session->hid) {
587 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
588 BT_DBG("report len %d", skb->len);
589 }
590 } else {
591 BT_DBG("Unsupported protocol header 0x%02x", hdr);
592 }
593
594 kfree_skb(skb);
595}
596
597static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
598{
599 struct kvec iv = { data, len };
600 struct msghdr msg;
601
602 BT_DBG("sock %p data %p len %d", sock, data, len);
603
604 if (!len)
605 return 0;
606
607 memset(&msg, 0, sizeof(msg));
608
609 return kernel_sendmsg(sock, &msg, &iv, 1, len);
610}
611
612
613static void hidp_process_transmit(struct hidp_session *session,
614 struct sk_buff_head *transmit,
615 struct socket *sock)
616{
617 struct sk_buff *skb;
618 int ret;
619
620 BT_DBG("session %p", session);
621
622 while ((skb = skb_dequeue(transmit))) {
623 ret = hidp_send_frame(sock, skb->data, skb->len);
624 if (ret == -EAGAIN) {
625 skb_queue_head(transmit, skb);
626 break;
627 } else if (ret < 0) {
628 hidp_session_terminate(session);
629 kfree_skb(skb);
630 break;
631 }
632
633 hidp_set_timer(session);
634 kfree_skb(skb);
635 }
636}
637
638static int hidp_setup_input(struct hidp_session *session,
639 struct hidp_connadd_req *req)
640{
641 struct input_dev *input;
642 int i;
643
644 input = input_allocate_device();
645 if (!input)
646 return -ENOMEM;
647
648 session->input = input;
649
650 input_set_drvdata(input, session);
651
652 input->name = "Bluetooth HID Boot Protocol Device";
653
654 input->id.bustype = BUS_BLUETOOTH;
655 input->id.vendor = req->vendor;
656 input->id.product = req->product;
657 input->id.version = req->version;
658
659 if (req->subclass & 0x40) {
660 set_bit(EV_KEY, input->evbit);
661 set_bit(EV_LED, input->evbit);
662 set_bit(EV_REP, input->evbit);
663
664 set_bit(LED_NUML, input->ledbit);
665 set_bit(LED_CAPSL, input->ledbit);
666 set_bit(LED_SCROLLL, input->ledbit);
667 set_bit(LED_COMPOSE, input->ledbit);
668 set_bit(LED_KANA, input->ledbit);
669
670 for (i = 0; i < sizeof(hidp_keycode); i++)
671 set_bit(hidp_keycode[i], input->keybit);
672 clear_bit(0, input->keybit);
673 }
674
675 if (req->subclass & 0x80) {
676 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
677 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
678 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
679 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
680 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
681 BIT_MASK(BTN_EXTRA);
682 input->relbit[0] |= BIT_MASK(REL_WHEEL);
683 }
684
685 input->dev.parent = &session->conn->hcon->dev;
686
687 input->event = hidp_input_event;
688
689 return 0;
690}
691
692static int hidp_open(struct hid_device *hid)
693{
694 return 0;
695}
696
697static void hidp_close(struct hid_device *hid)
698{
699}
700
701static int hidp_parse(struct hid_device *hid)
702{
703 struct hidp_session *session = hid->driver_data;
704
705 return hid_parse_report(session->hid, session->rd_data,
706 session->rd_size);
707}
708
709static int hidp_start(struct hid_device *hid)
710{
711 return 0;
712}
713
714static void hidp_stop(struct hid_device *hid)
715{
716 struct hidp_session *session = hid->driver_data;
717
718 skb_queue_purge(&session->ctrl_transmit);
719 skb_queue_purge(&session->intr_transmit);
720
721 hid->claimed = 0;
722}
723
724static struct hid_ll_driver hidp_hid_driver = {
725 .parse = hidp_parse,
726 .start = hidp_start,
727 .stop = hidp_stop,
728 .open = hidp_open,
729 .close = hidp_close,
730 .hidinput_input_event = hidp_hidinput_event,
731};
732
733
734
735static int hidp_setup_hid(struct hidp_session *session,
736 struct hidp_connadd_req *req)
737{
738 struct hid_device *hid;
739 int err;
740
741 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
742 if (!session->rd_data)
743 return -ENOMEM;
744
745 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
746 err = -EFAULT;
747 goto fault;
748 }
749 session->rd_size = req->rd_size;
750
751 hid = hid_allocate_device();
752 if (IS_ERR(hid)) {
753 err = PTR_ERR(hid);
754 goto fault;
755 }
756
757 session->hid = hid;
758
759 hid->driver_data = session;
760
761 hid->bus = BUS_BLUETOOTH;
762 hid->vendor = req->vendor;
763 hid->product = req->product;
764 hid->version = req->version;
765 hid->country = req->country;
766
767 strncpy(hid->name, req->name, sizeof(req->name) - 1);
768
769 snprintf(hid->phys, sizeof(hid->phys), "%pMR",
770 &l2cap_pi(session->ctrl_sock->sk)->chan->src);
771
772 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
773 &l2cap_pi(session->ctrl_sock->sk)->chan->dst);
774
775 hid->dev.parent = &session->conn->hcon->dev;
776 hid->ll_driver = &hidp_hid_driver;
777
778 hid->hid_get_raw_report = hidp_get_raw_report;
779 hid->hid_output_raw_report = hidp_output_raw_report;
780
781
782 if (hid_ignore(hid)) {
783 hid_destroy_device(session->hid);
784 session->hid = NULL;
785 return -ENODEV;
786 }
787
788 return 0;
789
790fault:
791 kfree(session->rd_data);
792 session->rd_data = NULL;
793
794 return err;
795}
796
797
798static int hidp_session_dev_init(struct hidp_session *session,
799 struct hidp_connadd_req *req)
800{
801 int ret;
802
803 if (req->rd_size > 0) {
804 ret = hidp_setup_hid(session, req);
805 if (ret && ret != -ENODEV)
806 return ret;
807 }
808
809 if (!session->hid) {
810 ret = hidp_setup_input(session, req);
811 if (ret < 0)
812 return ret;
813 }
814
815 return 0;
816}
817
818
819static void hidp_session_dev_destroy(struct hidp_session *session)
820{
821 if (session->hid)
822 put_device(&session->hid->dev);
823 else if (session->input)
824 input_put_device(session->input);
825
826 kfree(session->rd_data);
827 session->rd_data = NULL;
828}
829
830
831static int hidp_session_dev_add(struct hidp_session *session)
832{
833 int ret;
834
835
836
837
838
839
840 if (session->hid) {
841 ret = hid_add_device(session->hid);
842 if (ret)
843 return ret;
844 get_device(&session->hid->dev);
845 } else if (session->input) {
846 ret = input_register_device(session->input);
847 if (ret)
848 return ret;
849 input_get_device(session->input);
850 }
851
852 return 0;
853}
854
855
856static void hidp_session_dev_del(struct hidp_session *session)
857{
858 if (session->hid)
859 hid_destroy_device(session->hid);
860 else if (session->input)
861 input_unregister_device(session->input);
862}
863
864
865
866
867
868
869
870
871
872
873static void hidp_session_dev_work(struct work_struct *work)
874{
875 struct hidp_session *session = container_of(work,
876 struct hidp_session,
877 dev_init);
878 int ret;
879
880 ret = hidp_session_dev_add(session);
881 if (!ret)
882 atomic_inc(&session->state);
883 else
884 hidp_session_terminate(session);
885}
886
887
888
889
890
891
892
893
894
895static int hidp_session_new(struct hidp_session **out, const bdaddr_t *bdaddr,
896 struct socket *ctrl_sock,
897 struct socket *intr_sock,
898 struct hidp_connadd_req *req,
899 struct l2cap_conn *conn)
900{
901 struct hidp_session *session;
902 int ret;
903 struct bt_sock *ctrl, *intr;
904
905 ctrl = bt_sk(ctrl_sock->sk);
906 intr = bt_sk(intr_sock->sk);
907
908 session = kzalloc(sizeof(*session), GFP_KERNEL);
909 if (!session)
910 return -ENOMEM;
911
912
913 kref_init(&session->ref);
914 atomic_set(&session->state, HIDP_SESSION_IDLING);
915 init_waitqueue_head(&session->state_queue);
916 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
917
918
919 bacpy(&session->bdaddr, bdaddr);
920 session->conn = conn;
921 session->user.probe = hidp_session_probe;
922 session->user.remove = hidp_session_remove;
923 session->ctrl_sock = ctrl_sock;
924 session->intr_sock = intr_sock;
925 skb_queue_head_init(&session->ctrl_transmit);
926 skb_queue_head_init(&session->intr_transmit);
927 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl)->chan->omtu,
928 l2cap_pi(ctrl)->chan->imtu);
929 session->intr_mtu = min_t(uint, l2cap_pi(intr)->chan->omtu,
930 l2cap_pi(intr)->chan->imtu);
931 session->idle_to = req->idle_to;
932
933
934 INIT_WORK(&session->dev_init, hidp_session_dev_work);
935 setup_timer(&session->timer, hidp_idle_timeout,
936 (unsigned long)session);
937
938
939 mutex_init(&session->report_mutex);
940 init_waitqueue_head(&session->report_queue);
941
942 ret = hidp_session_dev_init(session, req);
943 if (ret)
944 goto err_free;
945
946 l2cap_conn_get(session->conn);
947 get_file(session->intr_sock->file);
948 get_file(session->ctrl_sock->file);
949 *out = session;
950 return 0;
951
952err_free:
953 kfree(session);
954 return ret;
955}
956
957
958static void hidp_session_get(struct hidp_session *session)
959{
960 kref_get(&session->ref);
961}
962
963
964static void session_free(struct kref *ref)
965{
966 struct hidp_session *session = container_of(ref, struct hidp_session,
967 ref);
968
969 hidp_session_dev_destroy(session);
970 skb_queue_purge(&session->ctrl_transmit);
971 skb_queue_purge(&session->intr_transmit);
972 fput(session->intr_sock->file);
973 fput(session->ctrl_sock->file);
974 l2cap_conn_put(session->conn);
975 kfree(session);
976}
977
978
979static void hidp_session_put(struct hidp_session *session)
980{
981 kref_put(&session->ref, session_free);
982}
983
984
985
986
987
988
989
990static struct hidp_session *__hidp_session_find(const bdaddr_t *bdaddr)
991{
992 struct hidp_session *session;
993
994 list_for_each_entry(session, &hidp_session_list, list) {
995 if (!bacmp(bdaddr, &session->bdaddr))
996 return session;
997 }
998
999 return NULL;
1000}
1001
1002
1003
1004
1005
1006
1007static struct hidp_session *hidp_session_find(const bdaddr_t *bdaddr)
1008{
1009 struct hidp_session *session;
1010
1011 down_read(&hidp_session_sem);
1012
1013 session = __hidp_session_find(bdaddr);
1014 if (session)
1015 hidp_session_get(session);
1016
1017 up_read(&hidp_session_sem);
1018
1019 return session;
1020}
1021
1022
1023
1024
1025
1026
1027
1028
1029static int hidp_session_start_sync(struct hidp_session *session)
1030{
1031 unsigned int vendor, product;
1032
1033 if (session->hid) {
1034 vendor = session->hid->vendor;
1035 product = session->hid->product;
1036 } else if (session->input) {
1037 vendor = session->input->id.vendor;
1038 product = session->input->id.product;
1039 } else {
1040 vendor = 0x0000;
1041 product = 0x0000;
1042 }
1043
1044 session->task = kthread_run(hidp_session_thread, session,
1045 "khidpd_%04x%04x", vendor, product);
1046 if (IS_ERR(session->task))
1047 return PTR_ERR(session->task);
1048
1049 while (atomic_read(&session->state) <= HIDP_SESSION_IDLING)
1050 wait_event(session->state_queue,
1051 atomic_read(&session->state) > HIDP_SESSION_IDLING);
1052
1053 return 0;
1054}
1055
1056
1057
1058
1059
1060
1061
1062
1063static void hidp_session_terminate(struct hidp_session *session)
1064{
1065 atomic_inc(&session->terminate);
1066 wake_up_process(session->task);
1067}
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078static int hidp_session_probe(struct l2cap_conn *conn,
1079 struct l2cap_user *user)
1080{
1081 struct hidp_session *session = container_of(user,
1082 struct hidp_session,
1083 user);
1084 struct hidp_session *s;
1085 int ret;
1086
1087 down_write(&hidp_session_sem);
1088
1089
1090 s = __hidp_session_find(&session->bdaddr);
1091 if (s) {
1092 ret = -EEXIST;
1093 goto out_unlock;
1094 }
1095
1096 if (session->input) {
1097 ret = hidp_session_dev_add(session);
1098 if (ret)
1099 goto out_unlock;
1100 }
1101
1102 ret = hidp_session_start_sync(session);
1103 if (ret)
1104 goto out_del;
1105
1106
1107 if (session->input)
1108 atomic_inc(&session->state);
1109 else
1110 schedule_work(&session->dev_init);
1111
1112 hidp_session_get(session);
1113 list_add(&session->list, &hidp_session_list);
1114 ret = 0;
1115 goto out_unlock;
1116
1117out_del:
1118 if (session->input)
1119 hidp_session_dev_del(session);
1120out_unlock:
1121 up_write(&hidp_session_sem);
1122 return ret;
1123}
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139static void hidp_session_remove(struct l2cap_conn *conn,
1140 struct l2cap_user *user)
1141{
1142 struct hidp_session *session = container_of(user,
1143 struct hidp_session,
1144 user);
1145
1146 down_write(&hidp_session_sem);
1147
1148 hidp_session_terminate(session);
1149
1150 cancel_work_sync(&session->dev_init);
1151 if (session->input ||
1152 atomic_read(&session->state) > HIDP_SESSION_PREPARING)
1153 hidp_session_dev_del(session);
1154
1155 list_del(&session->list);
1156
1157 up_write(&hidp_session_sem);
1158
1159 hidp_session_put(session);
1160}
1161
1162
1163
1164
1165
1166
1167
1168static void hidp_session_run(struct hidp_session *session)
1169{
1170 struct sock *ctrl_sk = session->ctrl_sock->sk;
1171 struct sock *intr_sk = session->intr_sock->sk;
1172 struct sk_buff *skb;
1173
1174 for (;;) {
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185 set_current_state(TASK_INTERRUPTIBLE);
1186
1187 if (atomic_read(&session->terminate))
1188 break;
1189
1190 if (ctrl_sk->sk_state != BT_CONNECTED ||
1191 intr_sk->sk_state != BT_CONNECTED)
1192 break;
1193
1194
1195 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
1196 skb_orphan(skb);
1197 if (!skb_linearize(skb))
1198 hidp_recv_intr_frame(session, skb);
1199 else
1200 kfree_skb(skb);
1201 }
1202
1203
1204 hidp_process_transmit(session, &session->intr_transmit,
1205 session->intr_sock);
1206
1207
1208 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
1209 skb_orphan(skb);
1210 if (!skb_linearize(skb))
1211 hidp_recv_ctrl_frame(session, skb);
1212 else
1213 kfree_skb(skb);
1214 }
1215
1216
1217 hidp_process_transmit(session, &session->ctrl_transmit,
1218 session->ctrl_sock);
1219
1220 schedule();
1221 }
1222
1223 atomic_inc(&session->terminate);
1224 set_current_state(TASK_RUNNING);
1225}
1226
1227
1228
1229
1230
1231
1232
1233
1234static int hidp_session_thread(void *arg)
1235{
1236 struct hidp_session *session = arg;
1237 wait_queue_t ctrl_wait, intr_wait;
1238
1239 BT_DBG("session %p", session);
1240
1241
1242 hidp_session_get(session);
1243 __module_get(THIS_MODULE);
1244 set_user_nice(current, -15);
1245 hidp_set_timer(session);
1246
1247 init_waitqueue_entry(&ctrl_wait, current);
1248 init_waitqueue_entry(&intr_wait, current);
1249 add_wait_queue(sk_sleep(session->ctrl_sock->sk), &ctrl_wait);
1250 add_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1251
1252
1253 smp_mb();
1254
1255
1256 atomic_inc(&session->state);
1257 wake_up(&session->state_queue);
1258
1259
1260 hidp_session_run(session);
1261
1262
1263 remove_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1264 remove_wait_queue(sk_sleep(session->intr_sock->sk), &ctrl_wait);
1265 wake_up_interruptible(&session->report_queue);
1266 hidp_del_timer(session);
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276 l2cap_unregister_user(session->conn, &session->user);
1277 hidp_session_put(session);
1278
1279 module_put_and_exit(0);
1280 return 0;
1281}
1282
1283static int hidp_verify_sockets(struct socket *ctrl_sock,
1284 struct socket *intr_sock)
1285{
1286 struct l2cap_chan *ctrl_chan, *intr_chan;
1287 struct bt_sock *ctrl, *intr;
1288 struct hidp_session *session;
1289
1290 if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock))
1291 return -EINVAL;
1292
1293 ctrl_chan = l2cap_pi(ctrl_sock->sk)->chan;
1294 intr_chan = l2cap_pi(intr_sock->sk)->chan;
1295
1296 if (bacmp(&ctrl_chan->src, &intr_chan->src) ||
1297 bacmp(&ctrl_chan->dst, &intr_chan->dst))
1298 return -ENOTUNIQ;
1299
1300 ctrl = bt_sk(ctrl_sock->sk);
1301 intr = bt_sk(intr_sock->sk);
1302
1303 if (ctrl->sk.sk_state != BT_CONNECTED ||
1304 intr->sk.sk_state != BT_CONNECTED)
1305 return -EBADFD;
1306
1307
1308 session = hidp_session_find(&ctrl_chan->dst);
1309 if (session) {
1310 hidp_session_put(session);
1311 return -EEXIST;
1312 }
1313
1314 return 0;
1315}
1316
1317int hidp_connection_add(struct hidp_connadd_req *req,
1318 struct socket *ctrl_sock,
1319 struct socket *intr_sock)
1320{
1321 struct hidp_session *session;
1322 struct l2cap_conn *conn;
1323 struct l2cap_chan *chan = l2cap_pi(ctrl_sock->sk)->chan;
1324 int ret;
1325
1326 ret = hidp_verify_sockets(ctrl_sock, intr_sock);
1327 if (ret)
1328 return ret;
1329
1330 conn = NULL;
1331 l2cap_chan_lock(chan);
1332 if (chan->conn) {
1333 l2cap_conn_get(chan->conn);
1334 conn = chan->conn;
1335 }
1336 l2cap_chan_unlock(chan);
1337
1338 if (!conn)
1339 return -EBADFD;
1340
1341 ret = hidp_session_new(&session, &chan->dst, ctrl_sock,
1342 intr_sock, req, conn);
1343 if (ret)
1344 goto out_conn;
1345
1346 ret = l2cap_register_user(conn, &session->user);
1347 if (ret)
1348 goto out_session;
1349
1350 ret = 0;
1351
1352out_session:
1353 hidp_session_put(session);
1354out_conn:
1355 l2cap_conn_put(conn);
1356 return ret;
1357}
1358
1359int hidp_connection_del(struct hidp_conndel_req *req)
1360{
1361 struct hidp_session *session;
1362
1363 session = hidp_session_find(&req->bdaddr);
1364 if (!session)
1365 return -ENOENT;
1366
1367 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG))
1368 hidp_send_ctrl_message(session,
1369 HIDP_TRANS_HID_CONTROL |
1370 HIDP_CTRL_VIRTUAL_CABLE_UNPLUG,
1371 NULL, 0);
1372 else
1373 l2cap_unregister_user(session->conn, &session->user);
1374
1375 hidp_session_put(session);
1376
1377 return 0;
1378}
1379
1380int hidp_get_connlist(struct hidp_connlist_req *req)
1381{
1382 struct hidp_session *session;
1383 int err = 0, n = 0;
1384
1385 BT_DBG("");
1386
1387 down_read(&hidp_session_sem);
1388
1389 list_for_each_entry(session, &hidp_session_list, list) {
1390 struct hidp_conninfo ci;
1391
1392 hidp_copy_session(session, &ci);
1393
1394 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1395 err = -EFAULT;
1396 break;
1397 }
1398
1399 if (++n >= req->cnum)
1400 break;
1401
1402 req->ci++;
1403 }
1404 req->cnum = n;
1405
1406 up_read(&hidp_session_sem);
1407 return err;
1408}
1409
1410int hidp_get_conninfo(struct hidp_conninfo *ci)
1411{
1412 struct hidp_session *session;
1413
1414 session = hidp_session_find(&ci->bdaddr);
1415 if (session) {
1416 hidp_copy_session(session, ci);
1417 hidp_session_put(session);
1418 }
1419
1420 return session ? 0 : -ENOENT;
1421}
1422
1423static int __init hidp_init(void)
1424{
1425 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1426
1427 return hidp_init_sockets();
1428}
1429
1430static void __exit hidp_exit(void)
1431{
1432 hidp_cleanup_sockets();
1433}
1434
1435module_init(hidp_init);
1436module_exit(hidp_exit);
1437
1438MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1439MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>");
1440MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1441MODULE_VERSION(VERSION);
1442MODULE_LICENSE("GPL");
1443MODULE_ALIAS("bt-proto-6");
1444