1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23#include <linux/module.h>
24
25#include <linux/types.h>
26#include <linux/errno.h>
27#include <linux/kernel.h>
28#include <linux/sched.h>
29#include <linux/slab.h>
30#include <linux/poll.h>
31#include <linux/freezer.h>
32#include <linux/fcntl.h>
33#include <linux/skbuff.h>
34#include <linux/socket.h>
35#include <linux/ioctl.h>
36#include <linux/file.h>
37#include <linux/init.h>
38#include <linux/wait.h>
39#include <linux/mutex.h>
40#include <linux/kthread.h>
41#include <net/sock.h>
42
43#include <linux/input.h>
44#include <linux/hid.h>
45#include <linux/hidraw.h>
46
47#include <net/bluetooth/bluetooth.h>
48#include <net/bluetooth/hci_core.h>
49#include <net/bluetooth/l2cap.h>
50
51#include "hidp.h"
52
53#define VERSION "1.2"
54
55static DECLARE_RWSEM(hidp_session_sem);
56static LIST_HEAD(hidp_session_list);
57
58static unsigned char hidp_keycode[256] = {
59 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36,
60 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45,
61 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1,
62 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52,
63 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88,
64 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69,
65 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73,
66 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
67 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
68 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94,
69 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0,
70 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
71 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
72 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
73 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
74 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
75 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115,
76 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
77};
78
79static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
80
81static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
82{
83 struct hidp_session *session;
84 struct list_head *p;
85
86 BT_DBG("");
87
88 list_for_each(p, &hidp_session_list) {
89 session = list_entry(p, struct hidp_session, list);
90 if (!bacmp(bdaddr, &session->bdaddr))
91 return session;
92 }
93 return NULL;
94}
95
96static void __hidp_link_session(struct hidp_session *session)
97{
98 __module_get(THIS_MODULE);
99 list_add(&session->list, &hidp_session_list);
100
101 hci_conn_hold_device(session->conn);
102}
103
104static void __hidp_unlink_session(struct hidp_session *session)
105{
106 hci_conn_put_device(session->conn);
107
108 list_del(&session->list);
109 module_put(THIS_MODULE);
110}
111
112static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
113{
114 memset(ci, 0, sizeof(*ci));
115 bacpy(&ci->bdaddr, &session->bdaddr);
116
117 ci->flags = session->flags;
118 ci->state = session->state;
119
120 ci->vendor = 0x0000;
121 ci->product = 0x0000;
122 ci->version = 0x0000;
123
124 if (session->input) {
125 ci->vendor = session->input->id.vendor;
126 ci->product = session->input->id.product;
127 ci->version = session->input->id.version;
128 if (session->input->name)
129 strncpy(ci->name, session->input->name, 128);
130 else
131 strncpy(ci->name, "HID Boot Device", 128);
132 }
133
134 if (session->hid) {
135 ci->vendor = session->hid->vendor;
136 ci->product = session->hid->product;
137 ci->version = session->hid->version;
138 strncpy(ci->name, session->hid->name, 128);
139 }
140}
141
142static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
143 unsigned int type, unsigned int code, int value)
144{
145 unsigned char newleds;
146 struct sk_buff *skb;
147
148 BT_DBG("session %p type %d code %d value %d", session, type, code, value);
149
150 if (type != EV_LED)
151 return -1;
152
153 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
154 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
155 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
156 (!!test_bit(LED_CAPSL, dev->led) << 1) |
157 (!!test_bit(LED_NUML, dev->led));
158
159 if (session->leds == newleds)
160 return 0;
161
162 session->leds = newleds;
163
164 skb = alloc_skb(3, GFP_ATOMIC);
165 if (!skb) {
166 BT_ERR("Can't allocate memory for new frame");
167 return -ENOMEM;
168 }
169
170 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
171 *skb_put(skb, 1) = 0x01;
172 *skb_put(skb, 1) = newleds;
173
174 skb_queue_tail(&session->intr_transmit, skb);
175
176 hidp_schedule(session);
177
178 return 0;
179}
180
181static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
182{
183 struct hid_device *hid = input_get_drvdata(dev);
184 struct hidp_session *session = hid->driver_data;
185
186 return hidp_queue_event(session, dev, type, code, value);
187}
188
189static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
190{
191 struct hidp_session *session = input_get_drvdata(dev);
192
193 return hidp_queue_event(session, dev, type, code, value);
194}
195
196static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
197{
198 struct input_dev *dev = session->input;
199 unsigned char *keys = session->keys;
200 unsigned char *udata = skb->data + 1;
201 signed char *sdata = skb->data + 1;
202 int i, size = skb->len - 1;
203
204 switch (skb->data[0]) {
205 case 0x01:
206 for (i = 0; i < 8; i++)
207 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
208
209
210
211 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
212 break;
213
214 for (i = 2; i < 8; i++) {
215 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
216 if (hidp_keycode[keys[i]])
217 input_report_key(dev, hidp_keycode[keys[i]], 0);
218 else
219 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
220 }
221
222 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
223 if (hidp_keycode[udata[i]])
224 input_report_key(dev, hidp_keycode[udata[i]], 1);
225 else
226 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
227 }
228 }
229
230 memcpy(keys, udata, 8);
231 break;
232
233 case 0x02:
234 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
235 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
236 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
237 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
238 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
239
240 input_report_rel(dev, REL_X, sdata[1]);
241 input_report_rel(dev, REL_Y, sdata[2]);
242
243 if (size > 3)
244 input_report_rel(dev, REL_WHEEL, sdata[3]);
245 break;
246 }
247
248 input_sync(dev);
249}
250
251static int __hidp_send_ctrl_message(struct hidp_session *session,
252 unsigned char hdr, unsigned char *data, int size)
253{
254 struct sk_buff *skb;
255
256 BT_DBG("session %p data %p size %d", session, data, size);
257
258 skb = alloc_skb(size + 1, GFP_ATOMIC);
259 if (!skb) {
260 BT_ERR("Can't allocate memory for new frame");
261 return -ENOMEM;
262 }
263
264 *skb_put(skb, 1) = hdr;
265 if (data && size > 0)
266 memcpy(skb_put(skb, size), data, size);
267
268 skb_queue_tail(&session->ctrl_transmit, skb);
269
270 return 0;
271}
272
273static inline int hidp_send_ctrl_message(struct hidp_session *session,
274 unsigned char hdr, unsigned char *data, int size)
275{
276 int err;
277
278 err = __hidp_send_ctrl_message(session, hdr, data, size);
279
280 hidp_schedule(session);
281
282 return err;
283}
284
285static int hidp_queue_report(struct hidp_session *session,
286 unsigned char *data, int size)
287{
288 struct sk_buff *skb;
289
290 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
291
292 skb = alloc_skb(size + 1, GFP_ATOMIC);
293 if (!skb) {
294 BT_ERR("Can't allocate memory for new frame");
295 return -ENOMEM;
296 }
297
298 *skb_put(skb, 1) = 0xa2;
299 if (size > 0)
300 memcpy(skb_put(skb, size), data, size);
301
302 skb_queue_tail(&session->intr_transmit, skb);
303
304 hidp_schedule(session);
305
306 return 0;
307}
308
309static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
310{
311 unsigned char buf[32];
312 int rsize;
313
314 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
315 if (rsize > sizeof(buf))
316 return -EIO;
317
318 hid_output_report(report, buf);
319
320 return hidp_queue_report(session, buf, rsize);
321}
322
323static int hidp_get_raw_report(struct hid_device *hid,
324 unsigned char report_number,
325 unsigned char *data, size_t count,
326 unsigned char report_type)
327{
328 struct hidp_session *session = hid->driver_data;
329 struct sk_buff *skb;
330 size_t len;
331 int numbered_reports = hid->report_enum[report_type].numbered;
332
333 switch (report_type) {
334 case HID_FEATURE_REPORT:
335 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
336 break;
337 case HID_INPUT_REPORT:
338 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
339 break;
340 case HID_OUTPUT_REPORT:
341 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
342 break;
343 default:
344 return -EINVAL;
345 }
346
347 if (mutex_lock_interruptible(&session->report_mutex))
348 return -ERESTARTSYS;
349
350
351 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
352 session->waiting_report_number = numbered_reports ? report_number : -1;
353 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
354 data[0] = report_number;
355 if (hidp_send_ctrl_message(hid->driver_data, report_type, data, 1))
356 goto err_eio;
357
358
359
360 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) {
361 int res;
362
363 res = wait_event_interruptible_timeout(session->report_queue,
364 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags),
365 5*HZ);
366 if (res == 0) {
367
368 goto err_eio;
369 }
370 if (res < 0) {
371
372 goto err_restartsys;
373 }
374 }
375
376 skb = session->report_return;
377 if (skb) {
378 len = skb->len < count ? skb->len : count;
379 memcpy(data, skb->data, len);
380
381 kfree_skb(skb);
382 session->report_return = NULL;
383 } else {
384
385 len = -EIO;
386 }
387
388 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
389 mutex_unlock(&session->report_mutex);
390
391 return len;
392
393err_restartsys:
394 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
395 mutex_unlock(&session->report_mutex);
396 return -ERESTARTSYS;
397err_eio:
398 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
399 mutex_unlock(&session->report_mutex);
400 return -EIO;
401}
402
403static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
404 unsigned char report_type)
405{
406 struct hidp_session *session = hid->driver_data;
407 int ret;
408
409 switch (report_type) {
410 case HID_FEATURE_REPORT:
411 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
412 break;
413 case HID_OUTPUT_REPORT:
414 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT;
415 break;
416 default:
417 return -EINVAL;
418 }
419
420 if (mutex_lock_interruptible(&session->report_mutex))
421 return -ERESTARTSYS;
422
423
424 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
425 if (hidp_send_ctrl_message(hid->driver_data, report_type,
426 data, count)) {
427 ret = -ENOMEM;
428 goto err;
429 }
430
431
432 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) {
433 int res;
434
435 res = wait_event_interruptible_timeout(session->report_queue,
436 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags),
437 10*HZ);
438 if (res == 0) {
439
440 ret = -EIO;
441 goto err;
442 }
443 if (res < 0) {
444
445 ret = -ERESTARTSYS;
446 goto err;
447 }
448 }
449
450 if (!session->output_report_success) {
451 ret = -EIO;
452 goto err;
453 }
454
455 ret = count;
456
457err:
458 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
459 mutex_unlock(&session->report_mutex);
460 return ret;
461}
462
463static void hidp_idle_timeout(unsigned long arg)
464{
465 struct hidp_session *session = (struct hidp_session *) arg;
466
467 atomic_inc(&session->terminate);
468 wake_up_process(session->task);
469}
470
471static void hidp_set_timer(struct hidp_session *session)
472{
473 if (session->idle_to > 0)
474 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
475}
476
477static inline void hidp_del_timer(struct hidp_session *session)
478{
479 if (session->idle_to > 0)
480 del_timer(&session->timer);
481}
482
483static void hidp_process_handshake(struct hidp_session *session,
484 unsigned char param)
485{
486 BT_DBG("session %p param 0x%02x", session, param);
487 session->output_report_success = 0;
488
489 switch (param) {
490 case HIDP_HSHK_SUCCESSFUL:
491
492 session->output_report_success = 1;
493 break;
494
495 case HIDP_HSHK_NOT_READY:
496 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
497 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
498 case HIDP_HSHK_ERR_INVALID_PARAMETER:
499 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) {
500 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
501 wake_up_interruptible(&session->report_queue);
502 }
503
504 break;
505
506 case HIDP_HSHK_ERR_UNKNOWN:
507 break;
508
509 case HIDP_HSHK_ERR_FATAL:
510
511
512 __hidp_send_ctrl_message(session,
513 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
514 break;
515
516 default:
517 __hidp_send_ctrl_message(session,
518 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
519 break;
520 }
521
522
523 if (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) {
524 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
525 wake_up_interruptible(&session->report_queue);
526 }
527}
528
529static void hidp_process_hid_control(struct hidp_session *session,
530 unsigned char param)
531{
532 BT_DBG("session %p param 0x%02x", session, param);
533
534 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
535
536 skb_queue_purge(&session->ctrl_transmit);
537 skb_queue_purge(&session->intr_transmit);
538
539 atomic_inc(&session->terminate);
540 wake_up_process(current);
541 }
542}
543
544
545static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
546 unsigned char param)
547{
548 int done_with_skb = 1;
549 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
550
551 switch (param) {
552 case HIDP_DATA_RTYPE_INPUT:
553 hidp_set_timer(session);
554
555 if (session->input)
556 hidp_input_report(session, skb);
557
558 if (session->hid)
559 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
560 break;
561
562 case HIDP_DATA_RTYPE_OTHER:
563 case HIDP_DATA_RTYPE_OUPUT:
564 case HIDP_DATA_RTYPE_FEATURE:
565 break;
566
567 default:
568 __hidp_send_ctrl_message(session,
569 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
570 }
571
572 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
573 param == session->waiting_report_type) {
574 if (session->waiting_report_number < 0 ||
575 session->waiting_report_number == skb->data[0]) {
576
577 session->report_return = skb;
578 done_with_skb = 0;
579 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
580 wake_up_interruptible(&session->report_queue);
581 }
582 }
583
584 return done_with_skb;
585}
586
587static void hidp_recv_ctrl_frame(struct hidp_session *session,
588 struct sk_buff *skb)
589{
590 unsigned char hdr, type, param;
591 int free_skb = 1;
592
593 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
594
595 hdr = skb->data[0];
596 skb_pull(skb, 1);
597
598 type = hdr & HIDP_HEADER_TRANS_MASK;
599 param = hdr & HIDP_HEADER_PARAM_MASK;
600
601 switch (type) {
602 case HIDP_TRANS_HANDSHAKE:
603 hidp_process_handshake(session, param);
604 break;
605
606 case HIDP_TRANS_HID_CONTROL:
607 hidp_process_hid_control(session, param);
608 break;
609
610 case HIDP_TRANS_DATA:
611 free_skb = hidp_process_data(session, skb, param);
612 break;
613
614 default:
615 __hidp_send_ctrl_message(session,
616 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
617 break;
618 }
619
620 if (free_skb)
621 kfree_skb(skb);
622}
623
624static void hidp_recv_intr_frame(struct hidp_session *session,
625 struct sk_buff *skb)
626{
627 unsigned char hdr;
628
629 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
630
631 hdr = skb->data[0];
632 skb_pull(skb, 1);
633
634 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
635 hidp_set_timer(session);
636
637 if (session->input)
638 hidp_input_report(session, skb);
639
640 if (session->hid) {
641 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
642 BT_DBG("report len %d", skb->len);
643 }
644 } else {
645 BT_DBG("Unsupported protocol header 0x%02x", hdr);
646 }
647
648 kfree_skb(skb);
649}
650
651static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
652{
653 struct kvec iv = { data, len };
654 struct msghdr msg;
655
656 BT_DBG("sock %p data %p len %d", sock, data, len);
657
658 if (!len)
659 return 0;
660
661 memset(&msg, 0, sizeof(msg));
662
663 return kernel_sendmsg(sock, &msg, &iv, 1, len);
664}
665
666static void hidp_process_transmit(struct hidp_session *session)
667{
668 struct sk_buff *skb;
669
670 BT_DBG("session %p", session);
671
672 while ((skb = skb_dequeue(&session->ctrl_transmit))) {
673 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
674 skb_queue_head(&session->ctrl_transmit, skb);
675 break;
676 }
677
678 hidp_set_timer(session);
679 kfree_skb(skb);
680 }
681
682 while ((skb = skb_dequeue(&session->intr_transmit))) {
683 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
684 skb_queue_head(&session->intr_transmit, skb);
685 break;
686 }
687
688 hidp_set_timer(session);
689 kfree_skb(skb);
690 }
691}
692
693static int hidp_session(void *arg)
694{
695 struct hidp_session *session = arg;
696 struct sock *ctrl_sk = session->ctrl_sock->sk;
697 struct sock *intr_sk = session->intr_sock->sk;
698 struct sk_buff *skb;
699 wait_queue_t ctrl_wait, intr_wait;
700
701 BT_DBG("session %p", session);
702
703 set_user_nice(current, -15);
704
705 init_waitqueue_entry(&ctrl_wait, current);
706 init_waitqueue_entry(&intr_wait, current);
707 add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
708 add_wait_queue(sk_sleep(intr_sk), &intr_wait);
709 session->waiting_for_startup = 0;
710 wake_up_interruptible(&session->startup_queue);
711 set_current_state(TASK_INTERRUPTIBLE);
712 while (!atomic_read(&session->terminate)) {
713 if (ctrl_sk->sk_state != BT_CONNECTED ||
714 intr_sk->sk_state != BT_CONNECTED)
715 break;
716
717 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
718 skb_orphan(skb);
719 if (!skb_linearize(skb))
720 hidp_recv_ctrl_frame(session, skb);
721 else
722 kfree_skb(skb);
723 }
724
725 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
726 skb_orphan(skb);
727 if (!skb_linearize(skb))
728 hidp_recv_intr_frame(session, skb);
729 else
730 kfree_skb(skb);
731 }
732
733 hidp_process_transmit(session);
734
735 schedule();
736 set_current_state(TASK_INTERRUPTIBLE);
737 }
738 set_current_state(TASK_RUNNING);
739 remove_wait_queue(sk_sleep(intr_sk), &intr_wait);
740 remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
741
742 down_write(&hidp_session_sem);
743
744 hidp_del_timer(session);
745
746 if (session->input) {
747 input_unregister_device(session->input);
748 session->input = NULL;
749 }
750
751 if (session->hid) {
752 hid_destroy_device(session->hid);
753 session->hid = NULL;
754 }
755
756
757 session->intr_sock->sk->sk_err = EUNATCH;
758 session->ctrl_sock->sk->sk_err = EUNATCH;
759
760 hidp_schedule(session);
761
762 fput(session->intr_sock->file);
763
764 wait_event_timeout(*(sk_sleep(ctrl_sk)),
765 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
766
767 fput(session->ctrl_sock->file);
768
769 __hidp_unlink_session(session);
770
771 up_write(&hidp_session_sem);
772
773 kfree(session->rd_data);
774 kfree(session);
775 return 0;
776}
777
778static struct device *hidp_get_device(struct hidp_session *session)
779{
780 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
781 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
782 struct device *device = NULL;
783 struct hci_dev *hdev;
784
785 hdev = hci_get_route(dst, src);
786 if (!hdev)
787 return NULL;
788
789 session->conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
790 if (session->conn)
791 device = &session->conn->dev;
792
793 hci_dev_put(hdev);
794
795 return device;
796}
797
798static int hidp_setup_input(struct hidp_session *session,
799 struct hidp_connadd_req *req)
800{
801 struct input_dev *input;
802 int err, i;
803
804 input = input_allocate_device();
805 if (!input)
806 return -ENOMEM;
807
808 session->input = input;
809
810 input_set_drvdata(input, session);
811
812 input->name = "Bluetooth HID Boot Protocol Device";
813
814 input->id.bustype = BUS_BLUETOOTH;
815 input->id.vendor = req->vendor;
816 input->id.product = req->product;
817 input->id.version = req->version;
818
819 if (req->subclass & 0x40) {
820 set_bit(EV_KEY, input->evbit);
821 set_bit(EV_LED, input->evbit);
822 set_bit(EV_REP, input->evbit);
823
824 set_bit(LED_NUML, input->ledbit);
825 set_bit(LED_CAPSL, input->ledbit);
826 set_bit(LED_SCROLLL, input->ledbit);
827 set_bit(LED_COMPOSE, input->ledbit);
828 set_bit(LED_KANA, input->ledbit);
829
830 for (i = 0; i < sizeof(hidp_keycode); i++)
831 set_bit(hidp_keycode[i], input->keybit);
832 clear_bit(0, input->keybit);
833 }
834
835 if (req->subclass & 0x80) {
836 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
837 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
838 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
839 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
840 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
841 BIT_MASK(BTN_EXTRA);
842 input->relbit[0] |= BIT_MASK(REL_WHEEL);
843 }
844
845 input->dev.parent = hidp_get_device(session);
846
847 input->event = hidp_input_event;
848
849 err = input_register_device(input);
850 if (err < 0) {
851 input_free_device(input);
852 session->input = NULL;
853 return err;
854 }
855
856 return 0;
857}
858
859static int hidp_open(struct hid_device *hid)
860{
861 return 0;
862}
863
864static void hidp_close(struct hid_device *hid)
865{
866}
867
868static int hidp_parse(struct hid_device *hid)
869{
870 struct hidp_session *session = hid->driver_data;
871
872 return hid_parse_report(session->hid, session->rd_data,
873 session->rd_size);
874}
875
876static int hidp_start(struct hid_device *hid)
877{
878 struct hidp_session *session = hid->driver_data;
879 struct hid_report *report;
880
881 if (hid->quirks & HID_QUIRK_NO_INIT_REPORTS)
882 return 0;
883
884 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
885 report_list, list)
886 hidp_send_report(session, report);
887
888 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
889 report_list, list)
890 hidp_send_report(session, report);
891
892 return 0;
893}
894
895static void hidp_stop(struct hid_device *hid)
896{
897 struct hidp_session *session = hid->driver_data;
898
899 skb_queue_purge(&session->ctrl_transmit);
900 skb_queue_purge(&session->intr_transmit);
901
902 hid->claimed = 0;
903}
904
905static struct hid_ll_driver hidp_hid_driver = {
906 .parse = hidp_parse,
907 .start = hidp_start,
908 .stop = hidp_stop,
909 .open = hidp_open,
910 .close = hidp_close,
911 .hidinput_input_event = hidp_hidinput_event,
912};
913
914
915
916static int hidp_setup_hid(struct hidp_session *session,
917 struct hidp_connadd_req *req)
918{
919 struct hid_device *hid;
920 int err;
921
922 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
923 if (!session->rd_data)
924 return -ENOMEM;
925
926 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
927 err = -EFAULT;
928 goto fault;
929 }
930 session->rd_size = req->rd_size;
931
932 hid = hid_allocate_device();
933 if (IS_ERR(hid)) {
934 err = PTR_ERR(hid);
935 goto fault;
936 }
937
938 session->hid = hid;
939
940 hid->driver_data = session;
941
942 hid->bus = BUS_BLUETOOTH;
943 hid->vendor = req->vendor;
944 hid->product = req->product;
945 hid->version = req->version;
946 hid->country = req->country;
947
948 strncpy(hid->name, req->name, 128);
949 strncpy(hid->phys, batostr(&bt_sk(session->ctrl_sock->sk)->src), 64);
950 strncpy(hid->uniq, batostr(&bt_sk(session->ctrl_sock->sk)->dst), 64);
951
952 hid->dev.parent = hidp_get_device(session);
953 hid->ll_driver = &hidp_hid_driver;
954
955 hid->hid_get_raw_report = hidp_get_raw_report;
956 hid->hid_output_raw_report = hidp_output_raw_report;
957
958 return 0;
959
960fault:
961 kfree(session->rd_data);
962 session->rd_data = NULL;
963
964 return err;
965}
966
967int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
968{
969 struct hidp_session *session, *s;
970 int vendor, product;
971 int err;
972
973 BT_DBG("");
974
975 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
976 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
977 return -ENOTUNIQ;
978
979 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
980 if (!session)
981 return -ENOMEM;
982
983 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);
984
985 down_write(&hidp_session_sem);
986
987 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
988 if (s && s->state == BT_CONNECTED) {
989 err = -EEXIST;
990 goto failed;
991 }
992
993 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
994
995 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->chan->omtu,
996 l2cap_pi(ctrl_sock->sk)->chan->imtu);
997 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->chan->omtu,
998 l2cap_pi(intr_sock->sk)->chan->imtu);
999
1000 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
1001
1002 session->ctrl_sock = ctrl_sock;
1003 session->intr_sock = intr_sock;
1004 session->state = BT_CONNECTED;
1005
1006 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session);
1007
1008 skb_queue_head_init(&session->ctrl_transmit);
1009 skb_queue_head_init(&session->intr_transmit);
1010
1011 mutex_init(&session->report_mutex);
1012 init_waitqueue_head(&session->report_queue);
1013 init_waitqueue_head(&session->startup_queue);
1014 session->waiting_for_startup = 1;
1015 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
1016 session->idle_to = req->idle_to;
1017
1018 if (req->rd_size > 0) {
1019 err = hidp_setup_hid(session, req);
1020 if (err && err != -ENODEV)
1021 goto purge;
1022 }
1023
1024 if (!session->hid) {
1025 err = hidp_setup_input(session, req);
1026 if (err < 0)
1027 goto purge;
1028 }
1029
1030 __hidp_link_session(session);
1031
1032 hidp_set_timer(session);
1033
1034 if (session->hid) {
1035 vendor = session->hid->vendor;
1036 product = session->hid->product;
1037 } else if (session->input) {
1038 vendor = session->input->id.vendor;
1039 product = session->input->id.product;
1040 } else {
1041 vendor = 0x0000;
1042 product = 0x0000;
1043 }
1044
1045 session->task = kthread_run(hidp_session, session, "khidpd_%04x%04x",
1046 vendor, product);
1047 if (IS_ERR(session->task)) {
1048 err = PTR_ERR(session->task);
1049 goto unlink;
1050 }
1051
1052 while (session->waiting_for_startup) {
1053 wait_event_interruptible(session->startup_queue,
1054 !session->waiting_for_startup);
1055 }
1056
1057 err = hid_add_device(session->hid);
1058 if (err < 0) {
1059 atomic_inc(&session->terminate);
1060 wake_up_process(session->task);
1061 up_write(&hidp_session_sem);
1062 return err;
1063 }
1064
1065 if (session->input) {
1066 hidp_send_ctrl_message(session,
1067 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
1068 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
1069
1070 session->leds = 0xff;
1071 hidp_input_event(session->input, EV_LED, 0, 0);
1072 }
1073
1074 up_write(&hidp_session_sem);
1075 return 0;
1076
1077unlink:
1078 hidp_del_timer(session);
1079
1080 __hidp_unlink_session(session);
1081
1082 if (session->input) {
1083 input_unregister_device(session->input);
1084 session->input = NULL;
1085 }
1086
1087 if (session->hid) {
1088 hid_destroy_device(session->hid);
1089 session->hid = NULL;
1090 }
1091
1092 kfree(session->rd_data);
1093 session->rd_data = NULL;
1094
1095purge:
1096 skb_queue_purge(&session->ctrl_transmit);
1097 skb_queue_purge(&session->intr_transmit);
1098
1099failed:
1100 up_write(&hidp_session_sem);
1101
1102 kfree(session);
1103 return err;
1104}
1105
1106int hidp_del_connection(struct hidp_conndel_req *req)
1107{
1108 struct hidp_session *session;
1109 int err = 0;
1110
1111 BT_DBG("");
1112
1113 down_read(&hidp_session_sem);
1114
1115 session = __hidp_get_session(&req->bdaddr);
1116 if (session) {
1117 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
1118 hidp_send_ctrl_message(session,
1119 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
1120 } else {
1121
1122 skb_queue_purge(&session->ctrl_transmit);
1123 skb_queue_purge(&session->intr_transmit);
1124
1125 atomic_inc(&session->terminate);
1126 wake_up_process(session->task);
1127 }
1128 } else
1129 err = -ENOENT;
1130
1131 up_read(&hidp_session_sem);
1132 return err;
1133}
1134
1135int hidp_get_connlist(struct hidp_connlist_req *req)
1136{
1137 struct list_head *p;
1138 int err = 0, n = 0;
1139
1140 BT_DBG("");
1141
1142 down_read(&hidp_session_sem);
1143
1144 list_for_each(p, &hidp_session_list) {
1145 struct hidp_session *session;
1146 struct hidp_conninfo ci;
1147
1148 session = list_entry(p, struct hidp_session, list);
1149
1150 __hidp_copy_session(session, &ci);
1151
1152 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1153 err = -EFAULT;
1154 break;
1155 }
1156
1157 if (++n >= req->cnum)
1158 break;
1159
1160 req->ci++;
1161 }
1162 req->cnum = n;
1163
1164 up_read(&hidp_session_sem);
1165 return err;
1166}
1167
1168int hidp_get_conninfo(struct hidp_conninfo *ci)
1169{
1170 struct hidp_session *session;
1171 int err = 0;
1172
1173 down_read(&hidp_session_sem);
1174
1175 session = __hidp_get_session(&ci->bdaddr);
1176 if (session)
1177 __hidp_copy_session(session, ci);
1178 else
1179 err = -ENOENT;
1180
1181 up_read(&hidp_session_sem);
1182 return err;
1183}
1184
1185static const struct hid_device_id hidp_table[] = {
1186 { HID_BLUETOOTH_DEVICE(HID_ANY_ID, HID_ANY_ID) },
1187 { }
1188};
1189
1190static struct hid_driver hidp_driver = {
1191 .name = "generic-bluetooth",
1192 .id_table = hidp_table,
1193};
1194
1195static int __init hidp_init(void)
1196{
1197 int ret;
1198
1199 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1200
1201 ret = hid_register_driver(&hidp_driver);
1202 if (ret)
1203 goto err;
1204
1205 ret = hidp_init_sockets();
1206 if (ret)
1207 goto err_drv;
1208
1209 return 0;
1210err_drv:
1211 hid_unregister_driver(&hidp_driver);
1212err:
1213 return ret;
1214}
1215
1216static void __exit hidp_exit(void)
1217{
1218 hidp_cleanup_sockets();
1219 hid_unregister_driver(&hidp_driver);
1220}
1221
1222module_init(hidp_init);
1223module_exit(hidp_exit);
1224
1225MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1226MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1227MODULE_VERSION(VERSION);
1228MODULE_LICENSE("GPL");
1229MODULE_ALIAS("bt-proto-6");
1230
