1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24#include <linux/kref.h>
25#include <linux/module.h>
26#include <linux/file.h>
27#include <linux/kthread.h>
28#include <linux/hidraw.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/l2cap.h>
33
34#include "hidp.h"
35
36#define VERSION "1.2"
37
38static DECLARE_RWSEM(hidp_session_sem);
39static DECLARE_WAIT_QUEUE_HEAD(hidp_session_wq);
40static LIST_HEAD(hidp_session_list);
41
42static unsigned char hidp_keycode[256] = {
43 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36,
44 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45,
45 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1,
46 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52,
47 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88,
48 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69,
49 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73,
50 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
51 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
52 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94,
53 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0,
54 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
55 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
56 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
57 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
58 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
59 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115,
60 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
61};
62
63static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
64
65static int hidp_session_probe(struct l2cap_conn *conn,
66 struct l2cap_user *user);
67static void hidp_session_remove(struct l2cap_conn *conn,
68 struct l2cap_user *user);
69static int hidp_session_thread(void *arg);
70static void hidp_session_terminate(struct hidp_session *s);
71
72static void hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
73{
74 u32 valid_flags = 0;
75 memset(ci, 0, sizeof(*ci));
76 bacpy(&ci->bdaddr, &session->bdaddr);
77
78 ci->flags = session->flags & valid_flags;
79 ci->state = BT_CONNECTED;
80
81 if (session->input) {
82 ci->vendor = session->input->id.vendor;
83 ci->product = session->input->id.product;
84 ci->version = session->input->id.version;
85 if (session->input->name)
86 strlcpy(ci->name, session->input->name, 128);
87 else
88 strlcpy(ci->name, "HID Boot Device", 128);
89 } else if (session->hid) {
90 ci->vendor = session->hid->vendor;
91 ci->product = session->hid->product;
92 ci->version = session->hid->version;
93 strlcpy(ci->name, session->hid->name, 128);
94 }
95}
96
97
98static int hidp_send_message(struct hidp_session *session, struct socket *sock,
99 struct sk_buff_head *transmit, unsigned char hdr,
100 const unsigned char *data, int size)
101{
102 struct sk_buff *skb;
103 struct sock *sk = sock->sk;
104
105 BT_DBG("session %p data %p size %d", session, data, size);
106
107 if (atomic_read(&session->terminate))
108 return -EIO;
109
110 skb = alloc_skb(size + 1, GFP_ATOMIC);
111 if (!skb) {
112 BT_ERR("Can't allocate memory for new frame");
113 return -ENOMEM;
114 }
115
116 skb_put_u8(skb, hdr);
117 if (data && size > 0)
118 skb_put_data(skb, data, size);
119
120 skb_queue_tail(transmit, skb);
121 wake_up_interruptible(sk_sleep(sk));
122
123 return 0;
124}
125
126static int hidp_send_ctrl_message(struct hidp_session *session,
127 unsigned char hdr, const unsigned char *data,
128 int size)
129{
130 return hidp_send_message(session, session->ctrl_sock,
131 &session->ctrl_transmit, hdr, data, size);
132}
133
134static int hidp_send_intr_message(struct hidp_session *session,
135 unsigned char hdr, const unsigned char *data,
136 int size)
137{
138 return hidp_send_message(session, session->intr_sock,
139 &session->intr_transmit, hdr, data, size);
140}
141
142static int hidp_input_event(struct input_dev *dev, unsigned int type,
143 unsigned int code, int value)
144{
145 struct hidp_session *session = input_get_drvdata(dev);
146 unsigned char newleds;
147 unsigned char hdr, data[2];
148
149 BT_DBG("session %p type %d code %d value %d",
150 session, type, code, value);
151
152 if (type != EV_LED)
153 return -1;
154
155 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
156 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
157 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
158 (!!test_bit(LED_CAPSL, dev->led) << 1) |
159 (!!test_bit(LED_NUML, dev->led) << 0);
160
161 if (session->leds == newleds)
162 return 0;
163
164 session->leds = newleds;
165
166 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
167 data[0] = 0x01;
168 data[1] = newleds;
169
170 return hidp_send_intr_message(session, hdr, data, 2);
171}
172
173static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
174{
175 struct input_dev *dev = session->input;
176 unsigned char *keys = session->keys;
177 unsigned char *udata = skb->data + 1;
178 signed char *sdata = skb->data + 1;
179 int i, size = skb->len - 1;
180
181 switch (skb->data[0]) {
182 case 0x01:
183 for (i = 0; i < 8; i++)
184 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
185
186
187
188 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
189 break;
190
191 for (i = 2; i < 8; i++) {
192 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
193 if (hidp_keycode[keys[i]])
194 input_report_key(dev, hidp_keycode[keys[i]], 0);
195 else
196 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
197 }
198
199 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
200 if (hidp_keycode[udata[i]])
201 input_report_key(dev, hidp_keycode[udata[i]], 1);
202 else
203 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
204 }
205 }
206
207 memcpy(keys, udata, 8);
208 break;
209
210 case 0x02:
211 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
212 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
213 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
214 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
215 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
216
217 input_report_rel(dev, REL_X, sdata[1]);
218 input_report_rel(dev, REL_Y, sdata[2]);
219
220 if (size > 3)
221 input_report_rel(dev, REL_WHEEL, sdata[3]);
222 break;
223 }
224
225 input_sync(dev);
226}
227
228static int hidp_get_raw_report(struct hid_device *hid,
229 unsigned char report_number,
230 unsigned char *data, size_t count,
231 unsigned char report_type)
232{
233 struct hidp_session *session = hid->driver_data;
234 struct sk_buff *skb;
235 size_t len;
236 int numbered_reports = hid->report_enum[report_type].numbered;
237 int ret;
238
239 if (atomic_read(&session->terminate))
240 return -EIO;
241
242 switch (report_type) {
243 case HID_FEATURE_REPORT:
244 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
245 break;
246 case HID_INPUT_REPORT:
247 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
248 break;
249 case HID_OUTPUT_REPORT:
250 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
251 break;
252 default:
253 return -EINVAL;
254 }
255
256 if (mutex_lock_interruptible(&session->report_mutex))
257 return -ERESTARTSYS;
258
259
260 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
261 session->waiting_report_number = numbered_reports ? report_number : -1;
262 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
263 data[0] = report_number;
264 ret = hidp_send_ctrl_message(session, report_type, data, 1);
265 if (ret)
266 goto err;
267
268
269
270 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
271 !atomic_read(&session->terminate)) {
272 int res;
273
274 res = wait_event_interruptible_timeout(session->report_queue,
275 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)
276 || atomic_read(&session->terminate),
277 5*HZ);
278 if (res == 0) {
279
280 ret = -EIO;
281 goto err;
282 }
283 if (res < 0) {
284
285 ret = -ERESTARTSYS;
286 goto err;
287 }
288 }
289
290 skb = session->report_return;
291 if (skb) {
292 len = skb->len < count ? skb->len : count;
293 memcpy(data, skb->data, len);
294
295 kfree_skb(skb);
296 session->report_return = NULL;
297 } else {
298
299 len = -EIO;
300 }
301
302 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
303 mutex_unlock(&session->report_mutex);
304
305 return len;
306
307err:
308 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
309 mutex_unlock(&session->report_mutex);
310 return ret;
311}
312
313static int hidp_set_raw_report(struct hid_device *hid, unsigned char reportnum,
314 unsigned char *data, size_t count,
315 unsigned char report_type)
316{
317 struct hidp_session *session = hid->driver_data;
318 int ret;
319
320 switch (report_type) {
321 case HID_FEATURE_REPORT:
322 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
323 break;
324 case HID_INPUT_REPORT:
325 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_INPUT;
326 break;
327 case HID_OUTPUT_REPORT:
328 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT;
329 break;
330 default:
331 return -EINVAL;
332 }
333
334 if (mutex_lock_interruptible(&session->report_mutex))
335 return -ERESTARTSYS;
336
337
338 data[0] = reportnum;
339 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
340 ret = hidp_send_ctrl_message(session, report_type, data, count);
341 if (ret)
342 goto err;
343
344
345 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) &&
346 !atomic_read(&session->terminate)) {
347 int res;
348
349 res = wait_event_interruptible_timeout(session->report_queue,
350 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)
351 || atomic_read(&session->terminate),
352 10*HZ);
353 if (res == 0) {
354
355 ret = -EIO;
356 goto err;
357 }
358 if (res < 0) {
359
360 ret = -ERESTARTSYS;
361 goto err;
362 }
363 }
364
365 if (!session->output_report_success) {
366 ret = -EIO;
367 goto err;
368 }
369
370 ret = count;
371
372err:
373 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
374 mutex_unlock(&session->report_mutex);
375 return ret;
376}
377
378static int hidp_output_report(struct hid_device *hid, __u8 *data, size_t count)
379{
380 struct hidp_session *session = hid->driver_data;
381
382 return hidp_send_intr_message(session,
383 HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT,
384 data, count);
385}
386
387static int hidp_raw_request(struct hid_device *hid, unsigned char reportnum,
388 __u8 *buf, size_t len, unsigned char rtype,
389 int reqtype)
390{
391 switch (reqtype) {
392 case HID_REQ_GET_REPORT:
393 return hidp_get_raw_report(hid, reportnum, buf, len, rtype);
394 case HID_REQ_SET_REPORT:
395 return hidp_set_raw_report(hid, reportnum, buf, len, rtype);
396 default:
397 return -EIO;
398 }
399}
400
401static void hidp_idle_timeout(struct timer_list *t)
402{
403 struct hidp_session *session = from_timer(session, t, timer);
404
405
406
407
408
409
410
411
412
413
414 session->intr_sock->sk->sk_err = EUNATCH;
415 session->ctrl_sock->sk->sk_err = EUNATCH;
416 wake_up_interruptible(sk_sleep(session->intr_sock->sk));
417 wake_up_interruptible(sk_sleep(session->ctrl_sock->sk));
418
419 hidp_session_terminate(session);
420}
421
422static void hidp_set_timer(struct hidp_session *session)
423{
424 if (session->idle_to > 0)
425 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
426}
427
428static void hidp_del_timer(struct hidp_session *session)
429{
430 if (session->idle_to > 0)
431 del_timer(&session->timer);
432}
433
434static void hidp_process_report(struct hidp_session *session, int type,
435 const u8 *data, unsigned int len, int intr)
436{
437 if (len > HID_MAX_BUFFER_SIZE)
438 len = HID_MAX_BUFFER_SIZE;
439
440 memcpy(session->input_buf, data, len);
441 hid_input_report(session->hid, type, session->input_buf, len, intr);
442}
443
444static void hidp_process_handshake(struct hidp_session *session,
445 unsigned char param)
446{
447 BT_DBG("session %p param 0x%02x", session, param);
448 session->output_report_success = 0;
449
450 switch (param) {
451 case HIDP_HSHK_SUCCESSFUL:
452
453 session->output_report_success = 1;
454 break;
455
456 case HIDP_HSHK_NOT_READY:
457 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
458 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
459 case HIDP_HSHK_ERR_INVALID_PARAMETER:
460 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags))
461 wake_up_interruptible(&session->report_queue);
462
463
464 break;
465
466 case HIDP_HSHK_ERR_UNKNOWN:
467 break;
468
469 case HIDP_HSHK_ERR_FATAL:
470
471
472 hidp_send_ctrl_message(session,
473 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
474 break;
475
476 default:
477 hidp_send_ctrl_message(session,
478 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
479 break;
480 }
481
482
483 if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags))
484 wake_up_interruptible(&session->report_queue);
485}
486
487static void hidp_process_hid_control(struct hidp_session *session,
488 unsigned char param)
489{
490 BT_DBG("session %p param 0x%02x", session, param);
491
492 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
493
494 skb_queue_purge(&session->ctrl_transmit);
495 skb_queue_purge(&session->intr_transmit);
496
497 hidp_session_terminate(session);
498 }
499}
500
501
502static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
503 unsigned char param)
504{
505 int done_with_skb = 1;
506 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
507
508 switch (param) {
509 case HIDP_DATA_RTYPE_INPUT:
510 hidp_set_timer(session);
511
512 if (session->input)
513 hidp_input_report(session, skb);
514
515 if (session->hid)
516 hidp_process_report(session, HID_INPUT_REPORT,
517 skb->data, skb->len, 0);
518 break;
519
520 case HIDP_DATA_RTYPE_OTHER:
521 case HIDP_DATA_RTYPE_OUPUT:
522 case HIDP_DATA_RTYPE_FEATURE:
523 break;
524
525 default:
526 hidp_send_ctrl_message(session,
527 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
528 }
529
530 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
531 param == session->waiting_report_type) {
532 if (session->waiting_report_number < 0 ||
533 session->waiting_report_number == skb->data[0]) {
534
535 session->report_return = skb;
536 done_with_skb = 0;
537 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
538 wake_up_interruptible(&session->report_queue);
539 }
540 }
541
542 return done_with_skb;
543}
544
545static void hidp_recv_ctrl_frame(struct hidp_session *session,
546 struct sk_buff *skb)
547{
548 unsigned char hdr, type, param;
549 int free_skb = 1;
550
551 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
552
553 hdr = skb->data[0];
554 skb_pull(skb, 1);
555
556 type = hdr & HIDP_HEADER_TRANS_MASK;
557 param = hdr & HIDP_HEADER_PARAM_MASK;
558
559 switch (type) {
560 case HIDP_TRANS_HANDSHAKE:
561 hidp_process_handshake(session, param);
562 break;
563
564 case HIDP_TRANS_HID_CONTROL:
565 hidp_process_hid_control(session, param);
566 break;
567
568 case HIDP_TRANS_DATA:
569 free_skb = hidp_process_data(session, skb, param);
570 break;
571
572 default:
573 hidp_send_ctrl_message(session,
574 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
575 break;
576 }
577
578 if (free_skb)
579 kfree_skb(skb);
580}
581
582static void hidp_recv_intr_frame(struct hidp_session *session,
583 struct sk_buff *skb)
584{
585 unsigned char hdr;
586
587 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
588
589 hdr = skb->data[0];
590 skb_pull(skb, 1);
591
592 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
593 hidp_set_timer(session);
594
595 if (session->input)
596 hidp_input_report(session, skb);
597
598 if (session->hid) {
599 hidp_process_report(session, HID_INPUT_REPORT,
600 skb->data, skb->len, 1);
601 BT_DBG("report len %d", skb->len);
602 }
603 } else {
604 BT_DBG("Unsupported protocol header 0x%02x", hdr);
605 }
606
607 kfree_skb(skb);
608}
609
610static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
611{
612 struct kvec iv = { data, len };
613 struct msghdr msg;
614
615 BT_DBG("sock %p data %p len %d", sock, data, len);
616
617 if (!len)
618 return 0;
619
620 memset(&msg, 0, sizeof(msg));
621
622 return kernel_sendmsg(sock, &msg, &iv, 1, len);
623}
624
625
626static void hidp_process_transmit(struct hidp_session *session,
627 struct sk_buff_head *transmit,
628 struct socket *sock)
629{
630 struct sk_buff *skb;
631 int ret;
632
633 BT_DBG("session %p", session);
634
635 while ((skb = skb_dequeue(transmit))) {
636 ret = hidp_send_frame(sock, skb->data, skb->len);
637 if (ret == -EAGAIN) {
638 skb_queue_head(transmit, skb);
639 break;
640 } else if (ret < 0) {
641 hidp_session_terminate(session);
642 kfree_skb(skb);
643 break;
644 }
645
646 hidp_set_timer(session);
647 kfree_skb(skb);
648 }
649}
650
651static int hidp_setup_input(struct hidp_session *session,
652 const struct hidp_connadd_req *req)
653{
654 struct input_dev *input;
655 int i;
656
657 input = input_allocate_device();
658 if (!input)
659 return -ENOMEM;
660
661 session->input = input;
662
663 input_set_drvdata(input, session);
664
665 input->name = "Bluetooth HID Boot Protocol Device";
666
667 input->id.bustype = BUS_BLUETOOTH;
668 input->id.vendor = req->vendor;
669 input->id.product = req->product;
670 input->id.version = req->version;
671
672 if (req->subclass & 0x40) {
673 set_bit(EV_KEY, input->evbit);
674 set_bit(EV_LED, input->evbit);
675 set_bit(EV_REP, input->evbit);
676
677 set_bit(LED_NUML, input->ledbit);
678 set_bit(LED_CAPSL, input->ledbit);
679 set_bit(LED_SCROLLL, input->ledbit);
680 set_bit(LED_COMPOSE, input->ledbit);
681 set_bit(LED_KANA, input->ledbit);
682
683 for (i = 0; i < sizeof(hidp_keycode); i++)
684 set_bit(hidp_keycode[i], input->keybit);
685 clear_bit(0, input->keybit);
686 }
687
688 if (req->subclass & 0x80) {
689 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
690 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
691 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
692 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
693 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
694 BIT_MASK(BTN_EXTRA);
695 input->relbit[0] |= BIT_MASK(REL_WHEEL);
696 }
697
698 input->dev.parent = &session->conn->hcon->dev;
699
700 input->event = hidp_input_event;
701
702 return 0;
703}
704
705static int hidp_open(struct hid_device *hid)
706{
707 return 0;
708}
709
710static void hidp_close(struct hid_device *hid)
711{
712}
713
714static int hidp_parse(struct hid_device *hid)
715{
716 struct hidp_session *session = hid->driver_data;
717
718 return hid_parse_report(session->hid, session->rd_data,
719 session->rd_size);
720}
721
722static int hidp_start(struct hid_device *hid)
723{
724 return 0;
725}
726
727static void hidp_stop(struct hid_device *hid)
728{
729 struct hidp_session *session = hid->driver_data;
730
731 skb_queue_purge(&session->ctrl_transmit);
732 skb_queue_purge(&session->intr_transmit);
733
734 hid->claimed = 0;
735}
736
737struct hid_ll_driver hidp_hid_driver = {
738 .parse = hidp_parse,
739 .start = hidp_start,
740 .stop = hidp_stop,
741 .open = hidp_open,
742 .close = hidp_close,
743 .raw_request = hidp_raw_request,
744 .output_report = hidp_output_report,
745};
746EXPORT_SYMBOL_GPL(hidp_hid_driver);
747
748
749
750static int hidp_setup_hid(struct hidp_session *session,
751 const struct hidp_connadd_req *req)
752{
753 struct hid_device *hid;
754 int err;
755
756 session->rd_data = memdup_user(req->rd_data, req->rd_size);
757 if (IS_ERR(session->rd_data))
758 return PTR_ERR(session->rd_data);
759
760 session->rd_size = req->rd_size;
761
762 hid = hid_allocate_device();
763 if (IS_ERR(hid)) {
764 err = PTR_ERR(hid);
765 goto fault;
766 }
767
768 session->hid = hid;
769
770 hid->driver_data = session;
771
772 hid->bus = BUS_BLUETOOTH;
773 hid->vendor = req->vendor;
774 hid->product = req->product;
775 hid->version = req->version;
776 hid->country = req->country;
777
778 strncpy(hid->name, req->name, sizeof(hid->name));
779
780 snprintf(hid->phys, sizeof(hid->phys), "%pMR",
781 &l2cap_pi(session->ctrl_sock->sk)->chan->src);
782
783
784
785
786 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
787 &l2cap_pi(session->ctrl_sock->sk)->chan->dst);
788
789 hid->dev.parent = &session->conn->hcon->dev;
790 hid->ll_driver = &hidp_hid_driver;
791
792
793 if (hid_ignore(hid)) {
794 hid_destroy_device(session->hid);
795 session->hid = NULL;
796 return -ENODEV;
797 }
798
799 return 0;
800
801fault:
802 kfree(session->rd_data);
803 session->rd_data = NULL;
804
805 return err;
806}
807
808
809static int hidp_session_dev_init(struct hidp_session *session,
810 const struct hidp_connadd_req *req)
811{
812 int ret;
813
814 if (req->rd_size > 0) {
815 ret = hidp_setup_hid(session, req);
816 if (ret && ret != -ENODEV)
817 return ret;
818 }
819
820 if (!session->hid) {
821 ret = hidp_setup_input(session, req);
822 if (ret < 0)
823 return ret;
824 }
825
826 return 0;
827}
828
829
830static void hidp_session_dev_destroy(struct hidp_session *session)
831{
832 if (session->hid)
833 put_device(&session->hid->dev);
834 else if (session->input)
835 input_put_device(session->input);
836
837 kfree(session->rd_data);
838 session->rd_data = NULL;
839}
840
841
842static int hidp_session_dev_add(struct hidp_session *session)
843{
844 int ret;
845
846
847
848
849
850
851 if (session->hid) {
852 ret = hid_add_device(session->hid);
853 if (ret)
854 return ret;
855 get_device(&session->hid->dev);
856 } else if (session->input) {
857 ret = input_register_device(session->input);
858 if (ret)
859 return ret;
860 input_get_device(session->input);
861 }
862
863 return 0;
864}
865
866
867static void hidp_session_dev_del(struct hidp_session *session)
868{
869 if (session->hid)
870 hid_destroy_device(session->hid);
871 else if (session->input)
872 input_unregister_device(session->input);
873}
874
875
876
877
878
879
880
881
882
883
884static void hidp_session_dev_work(struct work_struct *work)
885{
886 struct hidp_session *session = container_of(work,
887 struct hidp_session,
888 dev_init);
889 int ret;
890
891 ret = hidp_session_dev_add(session);
892 if (!ret)
893 atomic_inc(&session->state);
894 else
895 hidp_session_terminate(session);
896}
897
898
899
900
901
902
903
904
905
906static int hidp_session_new(struct hidp_session **out, const bdaddr_t *bdaddr,
907 struct socket *ctrl_sock,
908 struct socket *intr_sock,
909 const struct hidp_connadd_req *req,
910 struct l2cap_conn *conn)
911{
912 struct hidp_session *session;
913 int ret;
914 struct bt_sock *ctrl, *intr;
915
916 ctrl = bt_sk(ctrl_sock->sk);
917 intr = bt_sk(intr_sock->sk);
918
919 session = kzalloc(sizeof(*session), GFP_KERNEL);
920 if (!session)
921 return -ENOMEM;
922
923
924 kref_init(&session->ref);
925 atomic_set(&session->state, HIDP_SESSION_IDLING);
926 init_waitqueue_head(&session->state_queue);
927 session->flags = req->flags & BIT(HIDP_BLUETOOTH_VENDOR_ID);
928
929
930 bacpy(&session->bdaddr, bdaddr);
931 session->conn = l2cap_conn_get(conn);
932 session->user.probe = hidp_session_probe;
933 session->user.remove = hidp_session_remove;
934 INIT_LIST_HEAD(&session->user.list);
935 session->ctrl_sock = ctrl_sock;
936 session->intr_sock = intr_sock;
937 skb_queue_head_init(&session->ctrl_transmit);
938 skb_queue_head_init(&session->intr_transmit);
939 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl)->chan->omtu,
940 l2cap_pi(ctrl)->chan->imtu);
941 session->intr_mtu = min_t(uint, l2cap_pi(intr)->chan->omtu,
942 l2cap_pi(intr)->chan->imtu);
943 session->idle_to = req->idle_to;
944
945
946 INIT_WORK(&session->dev_init, hidp_session_dev_work);
947 timer_setup(&session->timer, hidp_idle_timeout, 0);
948
949
950 mutex_init(&session->report_mutex);
951 init_waitqueue_head(&session->report_queue);
952
953 ret = hidp_session_dev_init(session, req);
954 if (ret)
955 goto err_free;
956
957 get_file(session->intr_sock->file);
958 get_file(session->ctrl_sock->file);
959 *out = session;
960 return 0;
961
962err_free:
963 l2cap_conn_put(session->conn);
964 kfree(session);
965 return ret;
966}
967
968
969static void hidp_session_get(struct hidp_session *session)
970{
971 kref_get(&session->ref);
972}
973
974
975static void session_free(struct kref *ref)
976{
977 struct hidp_session *session = container_of(ref, struct hidp_session,
978 ref);
979
980 hidp_session_dev_destroy(session);
981 skb_queue_purge(&session->ctrl_transmit);
982 skb_queue_purge(&session->intr_transmit);
983 fput(session->intr_sock->file);
984 fput(session->ctrl_sock->file);
985 l2cap_conn_put(session->conn);
986 kfree(session);
987}
988
989
990static void hidp_session_put(struct hidp_session *session)
991{
992 kref_put(&session->ref, session_free);
993}
994
995
996
997
998
999
1000
1001static struct hidp_session *__hidp_session_find(const bdaddr_t *bdaddr)
1002{
1003 struct hidp_session *session;
1004
1005 list_for_each_entry(session, &hidp_session_list, list) {
1006 if (!bacmp(bdaddr, &session->bdaddr))
1007 return session;
1008 }
1009
1010 return NULL;
1011}
1012
1013
1014
1015
1016
1017
1018static struct hidp_session *hidp_session_find(const bdaddr_t *bdaddr)
1019{
1020 struct hidp_session *session;
1021
1022 down_read(&hidp_session_sem);
1023
1024 session = __hidp_session_find(bdaddr);
1025 if (session)
1026 hidp_session_get(session);
1027
1028 up_read(&hidp_session_sem);
1029
1030 return session;
1031}
1032
1033
1034
1035
1036
1037
1038
1039
1040static int hidp_session_start_sync(struct hidp_session *session)
1041{
1042 unsigned int vendor, product;
1043
1044 if (session->hid) {
1045 vendor = session->hid->vendor;
1046 product = session->hid->product;
1047 } else if (session->input) {
1048 vendor = session->input->id.vendor;
1049 product = session->input->id.product;
1050 } else {
1051 vendor = 0x0000;
1052 product = 0x0000;
1053 }
1054
1055 session->task = kthread_run(hidp_session_thread, session,
1056 "khidpd_%04x%04x", vendor, product);
1057 if (IS_ERR(session->task))
1058 return PTR_ERR(session->task);
1059
1060 while (atomic_read(&session->state) <= HIDP_SESSION_IDLING)
1061 wait_event(session->state_queue,
1062 atomic_read(&session->state) > HIDP_SESSION_IDLING);
1063
1064 return 0;
1065}
1066
1067
1068
1069
1070
1071
1072
1073
1074static void hidp_session_terminate(struct hidp_session *session)
1075{
1076 atomic_inc(&session->terminate);
1077
1078
1079
1080
1081 wake_up_interruptible(&hidp_session_wq);
1082}
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093static int hidp_session_probe(struct l2cap_conn *conn,
1094 struct l2cap_user *user)
1095{
1096 struct hidp_session *session = container_of(user,
1097 struct hidp_session,
1098 user);
1099 struct hidp_session *s;
1100 int ret;
1101
1102 down_write(&hidp_session_sem);
1103
1104
1105 s = __hidp_session_find(&session->bdaddr);
1106 if (s) {
1107 ret = -EEXIST;
1108 goto out_unlock;
1109 }
1110
1111 if (session->input) {
1112 ret = hidp_session_dev_add(session);
1113 if (ret)
1114 goto out_unlock;
1115 }
1116
1117 ret = hidp_session_start_sync(session);
1118 if (ret)
1119 goto out_del;
1120
1121
1122 if (session->input)
1123 atomic_inc(&session->state);
1124 else
1125 schedule_work(&session->dev_init);
1126
1127 hidp_session_get(session);
1128 list_add(&session->list, &hidp_session_list);
1129 ret = 0;
1130 goto out_unlock;
1131
1132out_del:
1133 if (session->input)
1134 hidp_session_dev_del(session);
1135out_unlock:
1136 up_write(&hidp_session_sem);
1137 return ret;
1138}
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154static void hidp_session_remove(struct l2cap_conn *conn,
1155 struct l2cap_user *user)
1156{
1157 struct hidp_session *session = container_of(user,
1158 struct hidp_session,
1159 user);
1160
1161 down_write(&hidp_session_sem);
1162
1163 hidp_session_terminate(session);
1164
1165 cancel_work_sync(&session->dev_init);
1166 if (session->input ||
1167 atomic_read(&session->state) > HIDP_SESSION_PREPARING)
1168 hidp_session_dev_del(session);
1169
1170 list_del(&session->list);
1171
1172 up_write(&hidp_session_sem);
1173
1174 hidp_session_put(session);
1175}
1176
1177
1178
1179
1180
1181
1182
1183static void hidp_session_run(struct hidp_session *session)
1184{
1185 struct sock *ctrl_sk = session->ctrl_sock->sk;
1186 struct sock *intr_sk = session->intr_sock->sk;
1187 struct sk_buff *skb;
1188 DEFINE_WAIT_FUNC(wait, woken_wake_function);
1189
1190 add_wait_queue(&hidp_session_wq, &wait);
1191 for (;;) {
1192
1193
1194
1195
1196
1197
1198
1199
1200 if (atomic_read(&session->terminate))
1201 break;
1202
1203 if (ctrl_sk->sk_state != BT_CONNECTED ||
1204 intr_sk->sk_state != BT_CONNECTED)
1205 break;
1206
1207
1208 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
1209 skb_orphan(skb);
1210 if (!skb_linearize(skb))
1211 hidp_recv_intr_frame(session, skb);
1212 else
1213 kfree_skb(skb);
1214 }
1215
1216
1217 hidp_process_transmit(session, &session->intr_transmit,
1218 session->intr_sock);
1219
1220
1221 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
1222 skb_orphan(skb);
1223 if (!skb_linearize(skb))
1224 hidp_recv_ctrl_frame(session, skb);
1225 else
1226 kfree_skb(skb);
1227 }
1228
1229
1230 hidp_process_transmit(session, &session->ctrl_transmit,
1231 session->ctrl_sock);
1232
1233
1234
1235
1236
1237 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
1238 }
1239 remove_wait_queue(&hidp_session_wq, &wait);
1240
1241 atomic_inc(&session->terminate);
1242}
1243
1244static int hidp_session_wake_function(wait_queue_entry_t *wait,
1245 unsigned int mode,
1246 int sync, void *key)
1247{
1248 wake_up_interruptible(&hidp_session_wq);
1249 return false;
1250}
1251
1252
1253
1254
1255
1256
1257
1258
1259static int hidp_session_thread(void *arg)
1260{
1261 struct hidp_session *session = arg;
1262 DEFINE_WAIT_FUNC(ctrl_wait, hidp_session_wake_function);
1263 DEFINE_WAIT_FUNC(intr_wait, hidp_session_wake_function);
1264
1265 BT_DBG("session %p", session);
1266
1267
1268 hidp_session_get(session);
1269 __module_get(THIS_MODULE);
1270 set_user_nice(current, -15);
1271 hidp_set_timer(session);
1272
1273 add_wait_queue(sk_sleep(session->ctrl_sock->sk), &ctrl_wait);
1274 add_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1275
1276
1277 smp_mb();
1278
1279
1280 atomic_inc(&session->state);
1281 wake_up(&session->state_queue);
1282
1283
1284 hidp_session_run(session);
1285
1286
1287 remove_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1288 remove_wait_queue(sk_sleep(session->intr_sock->sk), &ctrl_wait);
1289 wake_up_interruptible(&session->report_queue);
1290 hidp_del_timer(session);
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300 l2cap_unregister_user(session->conn, &session->user);
1301 hidp_session_put(session);
1302
1303 module_put_and_exit(0);
1304 return 0;
1305}
1306
1307static int hidp_verify_sockets(struct socket *ctrl_sock,
1308 struct socket *intr_sock)
1309{
1310 struct l2cap_chan *ctrl_chan, *intr_chan;
1311 struct bt_sock *ctrl, *intr;
1312 struct hidp_session *session;
1313
1314 if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock))
1315 return -EINVAL;
1316
1317 ctrl_chan = l2cap_pi(ctrl_sock->sk)->chan;
1318 intr_chan = l2cap_pi(intr_sock->sk)->chan;
1319
1320 if (bacmp(&ctrl_chan->src, &intr_chan->src) ||
1321 bacmp(&ctrl_chan->dst, &intr_chan->dst))
1322 return -ENOTUNIQ;
1323
1324 ctrl = bt_sk(ctrl_sock->sk);
1325 intr = bt_sk(intr_sock->sk);
1326
1327 if (ctrl->sk.sk_state != BT_CONNECTED ||
1328 intr->sk.sk_state != BT_CONNECTED)
1329 return -EBADFD;
1330
1331
1332 session = hidp_session_find(&ctrl_chan->dst);
1333 if (session) {
1334 hidp_session_put(session);
1335 return -EEXIST;
1336 }
1337
1338 return 0;
1339}
1340
1341int hidp_connection_add(const struct hidp_connadd_req *req,
1342 struct socket *ctrl_sock,
1343 struct socket *intr_sock)
1344{
1345 u32 valid_flags = BIT(HIDP_VIRTUAL_CABLE_UNPLUG) |
1346 BIT(HIDP_BOOT_PROTOCOL_MODE);
1347 struct hidp_session *session;
1348 struct l2cap_conn *conn;
1349 struct l2cap_chan *chan;
1350 int ret;
1351
1352 ret = hidp_verify_sockets(ctrl_sock, intr_sock);
1353 if (ret)
1354 return ret;
1355
1356 if (req->flags & ~valid_flags)
1357 return -EINVAL;
1358
1359 chan = l2cap_pi(ctrl_sock->sk)->chan;
1360 conn = NULL;
1361 l2cap_chan_lock(chan);
1362 if (chan->conn)
1363 conn = l2cap_conn_get(chan->conn);
1364 l2cap_chan_unlock(chan);
1365
1366 if (!conn)
1367 return -EBADFD;
1368
1369 ret = hidp_session_new(&session, &chan->dst, ctrl_sock,
1370 intr_sock, req, conn);
1371 if (ret)
1372 goto out_conn;
1373
1374 ret = l2cap_register_user(conn, &session->user);
1375 if (ret)
1376 goto out_session;
1377
1378 ret = 0;
1379
1380out_session:
1381 hidp_session_put(session);
1382out_conn:
1383 l2cap_conn_put(conn);
1384 return ret;
1385}
1386
1387int hidp_connection_del(struct hidp_conndel_req *req)
1388{
1389 u32 valid_flags = BIT(HIDP_VIRTUAL_CABLE_UNPLUG);
1390 struct hidp_session *session;
1391
1392 if (req->flags & ~valid_flags)
1393 return -EINVAL;
1394
1395 session = hidp_session_find(&req->bdaddr);
1396 if (!session)
1397 return -ENOENT;
1398
1399 if (req->flags & BIT(HIDP_VIRTUAL_CABLE_UNPLUG))
1400 hidp_send_ctrl_message(session,
1401 HIDP_TRANS_HID_CONTROL |
1402 HIDP_CTRL_VIRTUAL_CABLE_UNPLUG,
1403 NULL, 0);
1404 else
1405 l2cap_unregister_user(session->conn, &session->user);
1406
1407 hidp_session_put(session);
1408
1409 return 0;
1410}
1411
1412int hidp_get_connlist(struct hidp_connlist_req *req)
1413{
1414 struct hidp_session *session;
1415 int err = 0, n = 0;
1416
1417 BT_DBG("");
1418
1419 down_read(&hidp_session_sem);
1420
1421 list_for_each_entry(session, &hidp_session_list, list) {
1422 struct hidp_conninfo ci;
1423
1424 hidp_copy_session(session, &ci);
1425
1426 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1427 err = -EFAULT;
1428 break;
1429 }
1430
1431 if (++n >= req->cnum)
1432 break;
1433
1434 req->ci++;
1435 }
1436 req->cnum = n;
1437
1438 up_read(&hidp_session_sem);
1439 return err;
1440}
1441
1442int hidp_get_conninfo(struct hidp_conninfo *ci)
1443{
1444 struct hidp_session *session;
1445
1446 session = hidp_session_find(&ci->bdaddr);
1447 if (session) {
1448 hidp_copy_session(session, ci);
1449 hidp_session_put(session);
1450 }
1451
1452 return session ? 0 : -ENOENT;
1453}
1454
1455static int __init hidp_init(void)
1456{
1457 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1458
1459 return hidp_init_sockets();
1460}
1461
1462static void __exit hidp_exit(void)
1463{
1464 hidp_cleanup_sockets();
1465}
1466
1467module_init(hidp_init);
1468module_exit(hidp_exit);
1469
1470MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1471MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>");
1472MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1473MODULE_VERSION(VERSION);
1474MODULE_LICENSE("GPL");
1475MODULE_ALIAS("bt-proto-6");
1476