1 /* 2 HIDP implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org> 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License version 2 as 7 published by the Free Software Foundation; 8 9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 20 SOFTWARE IS DISCLAIMED. 21 */ 22 23 #include <linux/module.h> 24 25 #include <linux/types.h> 26 #include <linux/errno.h> 27 #include <linux/kernel.h> 28 #include <linux/sched.h> 29 #include <linux/slab.h> 30 #include <linux/poll.h> 31 #include <linux/freezer.h> 32 #include <linux/fcntl.h> 33 #include <linux/skbuff.h> 34 #include <linux/socket.h> 35 #include <linux/ioctl.h> 36 #include <linux/file.h> 37 #include <linux/init.h> 38 #include <linux/wait.h> 39 #include <linux/mutex.h> 40 #include <linux/kthread.h> 41 #include <net/sock.h> 42 43 #include <linux/input.h> 44 #include <linux/hid.h> 45 #include <linux/hidraw.h> 46 47 #include <net/bluetooth/bluetooth.h> 48 #include <net/bluetooth/hci_core.h> 49 #include <net/bluetooth/l2cap.h> 50 51 #include "hidp.h" 52 53 #define VERSION "1.2" 54 55 static DECLARE_RWSEM(hidp_session_sem); 56 static LIST_HEAD(hidp_session_list); 57 58 static unsigned char hidp_keycode[256] = { 59 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 60 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 61 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1, 62 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52, 63 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88, 64 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69, 65 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73, 66 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190, 67 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135, 68 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94, 69 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0, 70 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 71 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 72 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 73 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 74 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 75 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115, 76 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140 77 }; 78 79 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }; 80 81 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr) 82 { 83 struct hidp_session *session; 84 struct list_head *p; 85 86 BT_DBG(""); 87 88 list_for_each(p, &hidp_session_list) { 89 session = list_entry(p, struct hidp_session, list); 90 if (!bacmp(bdaddr, &session->bdaddr)) 91 return session; 92 } 93 return NULL; 94 } 95 96 static void __hidp_link_session(struct hidp_session *session) 97 { 98 __module_get(THIS_MODULE); 99 list_add(&session->list, &hidp_session_list); 100 101 hci_conn_hold_device(session->conn); 102 } 103 104 static void __hidp_unlink_session(struct hidp_session *session) 105 { 106 hci_conn_put_device(session->conn); 107 108 list_del(&session->list); 109 module_put(THIS_MODULE); 110 } 111 112 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci) 113 { 114 memset(ci, 0, sizeof(*ci)); 115 bacpy(&ci->bdaddr, &session->bdaddr); 116 117 ci->flags = session->flags; 118 ci->state = session->state; 119 120 ci->vendor = 0x0000; 121 ci->product = 0x0000; 122 ci->version = 0x0000; 123 124 if (session->input) { 125 ci->vendor = session->input->id.vendor; 126 ci->product = session->input->id.product; 127 ci->version = session->input->id.version; 128 if (session->input->name) 129 strncpy(ci->name, session->input->name, 128); 130 else 131 strncpy(ci->name, "HID Boot Device", 128); 132 } 133 134 if (session->hid) { 135 ci->vendor = session->hid->vendor; 136 ci->product = session->hid->product; 137 ci->version = session->hid->version; 138 strncpy(ci->name, session->hid->name, 128); 139 } 140 } 141 142 static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev, 143 unsigned int type, unsigned int code, int value) 144 { 145 unsigned char newleds; 146 struct sk_buff *skb; 147 148 BT_DBG("session %p type %d code %d value %d", session, type, code, value); 149 150 if (type != EV_LED) 151 return -1; 152 153 newleds = (!!test_bit(LED_KANA, dev->led) << 3) | 154 (!!test_bit(LED_COMPOSE, dev->led) << 3) | 155 (!!test_bit(LED_SCROLLL, dev->led) << 2) | 156 (!!test_bit(LED_CAPSL, dev->led) << 1) | 157 (!!test_bit(LED_NUML, dev->led)); 158 159 if (session->leds == newleds) 160 return 0; 161 162 session->leds = newleds; 163 164 skb = alloc_skb(3, GFP_ATOMIC); 165 if (!skb) { 166 BT_ERR("Can't allocate memory for new frame"); 167 return -ENOMEM; 168 } 169 170 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; 171 *skb_put(skb, 1) = 0x01; 172 *skb_put(skb, 1) = newleds; 173 174 skb_queue_tail(&session->intr_transmit, skb); 175 176 hidp_schedule(session); 177 178 return 0; 179 } 180 181 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 182 { 183 struct hid_device *hid = input_get_drvdata(dev); 184 struct hidp_session *session = hid->driver_data; 185 186 return hidp_queue_event(session, dev, type, code, value); 187 } 188 189 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 190 { 191 struct hidp_session *session = input_get_drvdata(dev); 192 193 return hidp_queue_event(session, dev, type, code, value); 194 } 195 196 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) 197 { 198 struct input_dev *dev = session->input; 199 unsigned char *keys = session->keys; 200 unsigned char *udata = skb->data + 1; 201 signed char *sdata = skb->data + 1; 202 int i, size = skb->len - 1; 203 204 switch (skb->data[0]) { 205 case 0x01: /* Keyboard report */ 206 for (i = 0; i < 8; i++) 207 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1); 208 209 /* If all the key codes have been set to 0x01, it means 210 * too many keys were pressed at the same time. */ 211 if (!memcmp(udata + 2, hidp_mkeyspat, 6)) 212 break; 213 214 for (i = 2; i < 8; i++) { 215 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) { 216 if (hidp_keycode[keys[i]]) 217 input_report_key(dev, hidp_keycode[keys[i]], 0); 218 else 219 BT_ERR("Unknown key (scancode %#x) released.", keys[i]); 220 } 221 222 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) { 223 if (hidp_keycode[udata[i]]) 224 input_report_key(dev, hidp_keycode[udata[i]], 1); 225 else 226 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]); 227 } 228 } 229 230 memcpy(keys, udata, 8); 231 break; 232 233 case 0x02: /* Mouse report */ 234 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01); 235 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02); 236 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04); 237 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08); 238 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10); 239 240 input_report_rel(dev, REL_X, sdata[1]); 241 input_report_rel(dev, REL_Y, sdata[2]); 242 243 if (size > 3) 244 input_report_rel(dev, REL_WHEEL, sdata[3]); 245 break; 246 } 247 248 input_sync(dev); 249 } 250 251 static int __hidp_send_ctrl_message(struct hidp_session *session, 252 unsigned char hdr, unsigned char *data, int size) 253 { 254 struct sk_buff *skb; 255 256 BT_DBG("session %p data %p size %d", session, data, size); 257 258 skb = alloc_skb(size + 1, GFP_ATOMIC); 259 if (!skb) { 260 BT_ERR("Can't allocate memory for new frame"); 261 return -ENOMEM; 262 } 263 264 *skb_put(skb, 1) = hdr; 265 if (data && size > 0) 266 memcpy(skb_put(skb, size), data, size); 267 268 skb_queue_tail(&session->ctrl_transmit, skb); 269 270 return 0; 271 } 272 273 static inline int hidp_send_ctrl_message(struct hidp_session *session, 274 unsigned char hdr, unsigned char *data, int size) 275 { 276 int err; 277 278 err = __hidp_send_ctrl_message(session, hdr, data, size); 279 280 hidp_schedule(session); 281 282 return err; 283 } 284 285 static int hidp_queue_report(struct hidp_session *session, 286 unsigned char *data, int size) 287 { 288 struct sk_buff *skb; 289 290 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size); 291 292 skb = alloc_skb(size + 1, GFP_ATOMIC); 293 if (!skb) { 294 BT_ERR("Can't allocate memory for new frame"); 295 return -ENOMEM; 296 } 297 298 *skb_put(skb, 1) = 0xa2; 299 if (size > 0) 300 memcpy(skb_put(skb, size), data, size); 301 302 skb_queue_tail(&session->intr_transmit, skb); 303 304 hidp_schedule(session); 305 306 return 0; 307 } 308 309 static int hidp_send_report(struct hidp_session *session, struct hid_report *report) 310 { 311 unsigned char buf[32]; 312 int rsize; 313 314 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0); 315 if (rsize > sizeof(buf)) 316 return -EIO; 317 318 hid_output_report(report, buf); 319 320 return hidp_queue_report(session, buf, rsize); 321 } 322 323 static int hidp_get_raw_report(struct hid_device *hid, 324 unsigned char report_number, 325 unsigned char *data, size_t count, 326 unsigned char report_type) 327 { 328 struct hidp_session *session = hid->driver_data; 329 struct sk_buff *skb; 330 size_t len; 331 int numbered_reports = hid->report_enum[report_type].numbered; 332 333 switch (report_type) { 334 case HID_FEATURE_REPORT: 335 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE; 336 break; 337 case HID_INPUT_REPORT: 338 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT; 339 break; 340 case HID_OUTPUT_REPORT: 341 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT; 342 break; 343 default: 344 return -EINVAL; 345 } 346 347 if (mutex_lock_interruptible(&session->report_mutex)) 348 return -ERESTARTSYS; 349 350 /* Set up our wait, and send the report request to the device. */ 351 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK; 352 session->waiting_report_number = numbered_reports ? report_number : -1; 353 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 354 data[0] = report_number; 355 if (hidp_send_ctrl_message(hid->driver_data, report_type, data, 1)) 356 goto err_eio; 357 358 /* Wait for the return of the report. The returned report 359 gets put in session->report_return. */ 360 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) { 361 int res; 362 363 res = wait_event_interruptible_timeout(session->report_queue, 364 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags), 365 5*HZ); 366 if (res == 0) { 367 /* timeout */ 368 goto err_eio; 369 } 370 if (res < 0) { 371 /* signal */ 372 goto err_restartsys; 373 } 374 } 375 376 skb = session->report_return; 377 if (skb) { 378 len = skb->len < count ? skb->len : count; 379 memcpy(data, skb->data, len); 380 381 kfree_skb(skb); 382 session->report_return = NULL; 383 } else { 384 /* Device returned a HANDSHAKE, indicating protocol error. */ 385 len = -EIO; 386 } 387 388 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 389 mutex_unlock(&session->report_mutex); 390 391 return len; 392 393 err_restartsys: 394 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 395 mutex_unlock(&session->report_mutex); 396 return -ERESTARTSYS; 397 err_eio: 398 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 399 mutex_unlock(&session->report_mutex); 400 return -EIO; 401 } 402 403 static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count, 404 unsigned char report_type) 405 { 406 struct hidp_session *session = hid->driver_data; 407 int ret; 408 409 switch (report_type) { 410 case HID_FEATURE_REPORT: 411 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE; 412 break; 413 case HID_OUTPUT_REPORT: 414 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT; 415 break; 416 default: 417 return -EINVAL; 418 } 419 420 if (mutex_lock_interruptible(&session->report_mutex)) 421 return -ERESTARTSYS; 422 423 /* Set up our wait, and send the report request to the device. */ 424 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); 425 if (hidp_send_ctrl_message(hid->driver_data, report_type, 426 data, count)) { 427 ret = -ENOMEM; 428 goto err; 429 } 430 431 /* Wait for the ACK from the device. */ 432 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) { 433 int res; 434 435 res = wait_event_interruptible_timeout(session->report_queue, 436 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags), 437 10*HZ); 438 if (res == 0) { 439 /* timeout */ 440 ret = -EIO; 441 goto err; 442 } 443 if (res < 0) { 444 /* signal */ 445 ret = -ERESTARTSYS; 446 goto err; 447 } 448 } 449 450 if (!session->output_report_success) { 451 ret = -EIO; 452 goto err; 453 } 454 455 ret = count; 456 457 err: 458 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); 459 mutex_unlock(&session->report_mutex); 460 return ret; 461 } 462 463 static void hidp_idle_timeout(unsigned long arg) 464 { 465 struct hidp_session *session = (struct hidp_session *) arg; 466 467 atomic_inc(&session->terminate); 468 wake_up_process(session->task); 469 } 470 471 static void hidp_set_timer(struct hidp_session *session) 472 { 473 if (session->idle_to > 0) 474 mod_timer(&session->timer, jiffies + HZ * session->idle_to); 475 } 476 477 static inline void hidp_del_timer(struct hidp_session *session) 478 { 479 if (session->idle_to > 0) 480 del_timer(&session->timer); 481 } 482 483 static void hidp_process_handshake(struct hidp_session *session, 484 unsigned char param) 485 { 486 BT_DBG("session %p param 0x%02x", session, param); 487 session->output_report_success = 0; /* default condition */ 488 489 switch (param) { 490 case HIDP_HSHK_SUCCESSFUL: 491 /* FIXME: Call into SET_ GET_ handlers here */ 492 session->output_report_success = 1; 493 break; 494 495 case HIDP_HSHK_NOT_READY: 496 case HIDP_HSHK_ERR_INVALID_REPORT_ID: 497 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST: 498 case HIDP_HSHK_ERR_INVALID_PARAMETER: 499 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) { 500 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 501 wake_up_interruptible(&session->report_queue); 502 } 503 /* FIXME: Call into SET_ GET_ handlers here */ 504 break; 505 506 case HIDP_HSHK_ERR_UNKNOWN: 507 break; 508 509 case HIDP_HSHK_ERR_FATAL: 510 /* Device requests a reboot, as this is the only way this error 511 * can be recovered. */ 512 __hidp_send_ctrl_message(session, 513 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0); 514 break; 515 516 default: 517 __hidp_send_ctrl_message(session, 518 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 519 break; 520 } 521 522 /* Wake up the waiting thread. */ 523 if (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) { 524 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); 525 wake_up_interruptible(&session->report_queue); 526 } 527 } 528 529 static void hidp_process_hid_control(struct hidp_session *session, 530 unsigned char param) 531 { 532 BT_DBG("session %p param 0x%02x", session, param); 533 534 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) { 535 /* Flush the transmit queues */ 536 skb_queue_purge(&session->ctrl_transmit); 537 skb_queue_purge(&session->intr_transmit); 538 539 atomic_inc(&session->terminate); 540 wake_up_process(current); 541 } 542 } 543 544 /* Returns true if the passed-in skb should be freed by the caller. */ 545 static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb, 546 unsigned char param) 547 { 548 int done_with_skb = 1; 549 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param); 550 551 switch (param) { 552 case HIDP_DATA_RTYPE_INPUT: 553 hidp_set_timer(session); 554 555 if (session->input) 556 hidp_input_report(session, skb); 557 558 if (session->hid) 559 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0); 560 break; 561 562 case HIDP_DATA_RTYPE_OTHER: 563 case HIDP_DATA_RTYPE_OUPUT: 564 case HIDP_DATA_RTYPE_FEATURE: 565 break; 566 567 default: 568 __hidp_send_ctrl_message(session, 569 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 570 } 571 572 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) && 573 param == session->waiting_report_type) { 574 if (session->waiting_report_number < 0 || 575 session->waiting_report_number == skb->data[0]) { 576 /* hidp_get_raw_report() is waiting on this report. */ 577 session->report_return = skb; 578 done_with_skb = 0; 579 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 580 wake_up_interruptible(&session->report_queue); 581 } 582 } 583 584 return done_with_skb; 585 } 586 587 static void hidp_recv_ctrl_frame(struct hidp_session *session, 588 struct sk_buff *skb) 589 { 590 unsigned char hdr, type, param; 591 int free_skb = 1; 592 593 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 594 595 hdr = skb->data[0]; 596 skb_pull(skb, 1); 597 598 type = hdr & HIDP_HEADER_TRANS_MASK; 599 param = hdr & HIDP_HEADER_PARAM_MASK; 600 601 switch (type) { 602 case HIDP_TRANS_HANDSHAKE: 603 hidp_process_handshake(session, param); 604 break; 605 606 case HIDP_TRANS_HID_CONTROL: 607 hidp_process_hid_control(session, param); 608 break; 609 610 case HIDP_TRANS_DATA: 611 free_skb = hidp_process_data(session, skb, param); 612 break; 613 614 default: 615 __hidp_send_ctrl_message(session, 616 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0); 617 break; 618 } 619 620 if (free_skb) 621 kfree_skb(skb); 622 } 623 624 static void hidp_recv_intr_frame(struct hidp_session *session, 625 struct sk_buff *skb) 626 { 627 unsigned char hdr; 628 629 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 630 631 hdr = skb->data[0]; 632 skb_pull(skb, 1); 633 634 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) { 635 hidp_set_timer(session); 636 637 if (session->input) 638 hidp_input_report(session, skb); 639 640 if (session->hid) { 641 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1); 642 BT_DBG("report len %d", skb->len); 643 } 644 } else { 645 BT_DBG("Unsupported protocol header 0x%02x", hdr); 646 } 647 648 kfree_skb(skb); 649 } 650 651 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len) 652 { 653 struct kvec iv = { data, len }; 654 struct msghdr msg; 655 656 BT_DBG("sock %p data %p len %d", sock, data, len); 657 658 if (!len) 659 return 0; 660 661 memset(&msg, 0, sizeof(msg)); 662 663 return kernel_sendmsg(sock, &msg, &iv, 1, len); 664 } 665 666 static void hidp_process_transmit(struct hidp_session *session) 667 { 668 struct sk_buff *skb; 669 670 BT_DBG("session %p", session); 671 672 while ((skb = skb_dequeue(&session->ctrl_transmit))) { 673 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) { 674 skb_queue_head(&session->ctrl_transmit, skb); 675 break; 676 } 677 678 hidp_set_timer(session); 679 kfree_skb(skb); 680 } 681 682 while ((skb = skb_dequeue(&session->intr_transmit))) { 683 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) { 684 skb_queue_head(&session->intr_transmit, skb); 685 break; 686 } 687 688 hidp_set_timer(session); 689 kfree_skb(skb); 690 } 691 } 692 693 static int hidp_session(void *arg) 694 { 695 struct hidp_session *session = arg; 696 struct sock *ctrl_sk = session->ctrl_sock->sk; 697 struct sock *intr_sk = session->intr_sock->sk; 698 struct sk_buff *skb; 699 wait_queue_t ctrl_wait, intr_wait; 700 701 BT_DBG("session %p", session); 702 703 set_user_nice(current, -15); 704 705 init_waitqueue_entry(&ctrl_wait, current); 706 init_waitqueue_entry(&intr_wait, current); 707 add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait); 708 add_wait_queue(sk_sleep(intr_sk), &intr_wait); 709 session->waiting_for_startup = 0; 710 wake_up_interruptible(&session->startup_queue); 711 set_current_state(TASK_INTERRUPTIBLE); 712 while (!atomic_read(&session->terminate)) { 713 if (ctrl_sk->sk_state != BT_CONNECTED || 714 intr_sk->sk_state != BT_CONNECTED) 715 break; 716 717 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) { 718 skb_orphan(skb); 719 hidp_recv_ctrl_frame(session, skb); 720 } 721 722 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) { 723 skb_orphan(skb); 724 hidp_recv_intr_frame(session, skb); 725 } 726 727 hidp_process_transmit(session); 728 729 schedule(); 730 set_current_state(TASK_INTERRUPTIBLE); 731 } 732 set_current_state(TASK_RUNNING); 733 remove_wait_queue(sk_sleep(intr_sk), &intr_wait); 734 remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait); 735 736 down_write(&hidp_session_sem); 737 738 hidp_del_timer(session); 739 740 if (session->input) { 741 input_unregister_device(session->input); 742 session->input = NULL; 743 } 744 745 if (session->hid) { 746 hid_destroy_device(session->hid); 747 session->hid = NULL; 748 } 749 750 /* Wakeup user-space polling for socket errors */ 751 session->intr_sock->sk->sk_err = EUNATCH; 752 session->ctrl_sock->sk->sk_err = EUNATCH; 753 754 hidp_schedule(session); 755 756 fput(session->intr_sock->file); 757 758 wait_event_timeout(*(sk_sleep(ctrl_sk)), 759 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500)); 760 761 fput(session->ctrl_sock->file); 762 763 __hidp_unlink_session(session); 764 765 up_write(&hidp_session_sem); 766 767 kfree(session); 768 return 0; 769 } 770 771 static struct device *hidp_get_device(struct hidp_session *session) 772 { 773 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src; 774 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst; 775 struct device *device = NULL; 776 struct hci_dev *hdev; 777 778 hdev = hci_get_route(dst, src); 779 if (!hdev) 780 return NULL; 781 782 session->conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 783 if (session->conn) 784 device = &session->conn->dev; 785 786 hci_dev_put(hdev); 787 788 return device; 789 } 790 791 static int hidp_setup_input(struct hidp_session *session, 792 struct hidp_connadd_req *req) 793 { 794 struct input_dev *input; 795 int err, i; 796 797 input = input_allocate_device(); 798 if (!input) 799 return -ENOMEM; 800 801 session->input = input; 802 803 input_set_drvdata(input, session); 804 805 input->name = "Bluetooth HID Boot Protocol Device"; 806 807 input->id.bustype = BUS_BLUETOOTH; 808 input->id.vendor = req->vendor; 809 input->id.product = req->product; 810 input->id.version = req->version; 811 812 if (req->subclass & 0x40) { 813 set_bit(EV_KEY, input->evbit); 814 set_bit(EV_LED, input->evbit); 815 set_bit(EV_REP, input->evbit); 816 817 set_bit(LED_NUML, input->ledbit); 818 set_bit(LED_CAPSL, input->ledbit); 819 set_bit(LED_SCROLLL, input->ledbit); 820 set_bit(LED_COMPOSE, input->ledbit); 821 set_bit(LED_KANA, input->ledbit); 822 823 for (i = 0; i < sizeof(hidp_keycode); i++) 824 set_bit(hidp_keycode[i], input->keybit); 825 clear_bit(0, input->keybit); 826 } 827 828 if (req->subclass & 0x80) { 829 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL); 830 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) | 831 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE); 832 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y); 833 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) | 834 BIT_MASK(BTN_EXTRA); 835 input->relbit[0] |= BIT_MASK(REL_WHEEL); 836 } 837 838 input->dev.parent = hidp_get_device(session); 839 840 input->event = hidp_input_event; 841 842 err = input_register_device(input); 843 if (err < 0) { 844 hci_conn_put_device(session->conn); 845 return err; 846 } 847 848 return 0; 849 } 850 851 static int hidp_open(struct hid_device *hid) 852 { 853 return 0; 854 } 855 856 static void hidp_close(struct hid_device *hid) 857 { 858 } 859 860 static int hidp_parse(struct hid_device *hid) 861 { 862 struct hidp_session *session = hid->driver_data; 863 864 return hid_parse_report(session->hid, session->rd_data, 865 session->rd_size); 866 } 867 868 static int hidp_start(struct hid_device *hid) 869 { 870 struct hidp_session *session = hid->driver_data; 871 struct hid_report *report; 872 873 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT]. 874 report_list, list) 875 hidp_send_report(session, report); 876 877 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT]. 878 report_list, list) 879 hidp_send_report(session, report); 880 881 return 0; 882 } 883 884 static void hidp_stop(struct hid_device *hid) 885 { 886 struct hidp_session *session = hid->driver_data; 887 888 skb_queue_purge(&session->ctrl_transmit); 889 skb_queue_purge(&session->intr_transmit); 890 891 hid->claimed = 0; 892 } 893 894 static struct hid_ll_driver hidp_hid_driver = { 895 .parse = hidp_parse, 896 .start = hidp_start, 897 .stop = hidp_stop, 898 .open = hidp_open, 899 .close = hidp_close, 900 .hidinput_input_event = hidp_hidinput_event, 901 }; 902 903 /* This function sets up the hid device. It does not add it 904 to the HID system. That is done in hidp_add_connection(). */ 905 static int hidp_setup_hid(struct hidp_session *session, 906 struct hidp_connadd_req *req) 907 { 908 struct hid_device *hid; 909 int err; 910 911 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL); 912 if (!session->rd_data) 913 return -ENOMEM; 914 915 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) { 916 err = -EFAULT; 917 goto fault; 918 } 919 session->rd_size = req->rd_size; 920 921 hid = hid_allocate_device(); 922 if (IS_ERR(hid)) { 923 err = PTR_ERR(hid); 924 goto fault; 925 } 926 927 session->hid = hid; 928 929 hid->driver_data = session; 930 931 hid->bus = BUS_BLUETOOTH; 932 hid->vendor = req->vendor; 933 hid->product = req->product; 934 hid->version = req->version; 935 hid->country = req->country; 936 937 strncpy(hid->name, req->name, 128); 938 strncpy(hid->phys, batostr(&bt_sk(session->ctrl_sock->sk)->src), 64); 939 strncpy(hid->uniq, batostr(&bt_sk(session->ctrl_sock->sk)->dst), 64); 940 941 hid->dev.parent = hidp_get_device(session); 942 hid->ll_driver = &hidp_hid_driver; 943 944 hid->hid_get_raw_report = hidp_get_raw_report; 945 hid->hid_output_raw_report = hidp_output_raw_report; 946 947 return 0; 948 949 fault: 950 kfree(session->rd_data); 951 session->rd_data = NULL; 952 953 return err; 954 } 955 956 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock) 957 { 958 struct hidp_session *session, *s; 959 int vendor, product; 960 int err; 961 962 BT_DBG(""); 963 964 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) || 965 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst)) 966 return -ENOTUNIQ; 967 968 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL); 969 if (!session) 970 return -ENOMEM; 971 972 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size); 973 974 down_write(&hidp_session_sem); 975 976 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst); 977 if (s && s->state == BT_CONNECTED) { 978 err = -EEXIST; 979 goto failed; 980 } 981 982 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst); 983 984 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->chan->omtu, 985 l2cap_pi(ctrl_sock->sk)->chan->imtu); 986 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->chan->omtu, 987 l2cap_pi(intr_sock->sk)->chan->imtu); 988 989 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu); 990 991 session->ctrl_sock = ctrl_sock; 992 session->intr_sock = intr_sock; 993 session->state = BT_CONNECTED; 994 995 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session); 996 997 skb_queue_head_init(&session->ctrl_transmit); 998 skb_queue_head_init(&session->intr_transmit); 999 1000 mutex_init(&session->report_mutex); 1001 init_waitqueue_head(&session->report_queue); 1002 init_waitqueue_head(&session->startup_queue); 1003 session->waiting_for_startup = 1; 1004 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID); 1005 session->idle_to = req->idle_to; 1006 1007 if (req->rd_size > 0) { 1008 err = hidp_setup_hid(session, req); 1009 if (err && err != -ENODEV) 1010 goto purge; 1011 } 1012 1013 if (!session->hid) { 1014 err = hidp_setup_input(session, req); 1015 if (err < 0) 1016 goto purge; 1017 } 1018 1019 __hidp_link_session(session); 1020 1021 hidp_set_timer(session); 1022 1023 if (session->hid) { 1024 vendor = session->hid->vendor; 1025 product = session->hid->product; 1026 } else if (session->input) { 1027 vendor = session->input->id.vendor; 1028 product = session->input->id.product; 1029 } else { 1030 vendor = 0x0000; 1031 product = 0x0000; 1032 } 1033 1034 session->task = kthread_run(hidp_session, session, "khidpd_%04x%04x", 1035 vendor, product); 1036 if (IS_ERR(session->task)) { 1037 err = PTR_ERR(session->task); 1038 goto unlink; 1039 } 1040 1041 while (session->waiting_for_startup) { 1042 wait_event_interruptible(session->startup_queue, 1043 !session->waiting_for_startup); 1044 } 1045 1046 err = hid_add_device(session->hid); 1047 if (err < 0) 1048 goto err_add_device; 1049 1050 if (session->input) { 1051 hidp_send_ctrl_message(session, 1052 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0); 1053 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE); 1054 1055 session->leds = 0xff; 1056 hidp_input_event(session->input, EV_LED, 0, 0); 1057 } 1058 1059 up_write(&hidp_session_sem); 1060 return 0; 1061 1062 err_add_device: 1063 hid_destroy_device(session->hid); 1064 session->hid = NULL; 1065 atomic_inc(&session->terminate); 1066 wake_up_process(session->task); 1067 1068 unlink: 1069 hidp_del_timer(session); 1070 1071 __hidp_unlink_session(session); 1072 1073 if (session->input) { 1074 input_unregister_device(session->input); 1075 session->input = NULL; 1076 } 1077 1078 if (session->hid) { 1079 hid_destroy_device(session->hid); 1080 session->hid = NULL; 1081 } 1082 1083 kfree(session->rd_data); 1084 session->rd_data = NULL; 1085 1086 purge: 1087 skb_queue_purge(&session->ctrl_transmit); 1088 skb_queue_purge(&session->intr_transmit); 1089 1090 failed: 1091 up_write(&hidp_session_sem); 1092 1093 input_free_device(session->input); 1094 kfree(session); 1095 return err; 1096 } 1097 1098 int hidp_del_connection(struct hidp_conndel_req *req) 1099 { 1100 struct hidp_session *session; 1101 int err = 0; 1102 1103 BT_DBG(""); 1104 1105 down_read(&hidp_session_sem); 1106 1107 session = __hidp_get_session(&req->bdaddr); 1108 if (session) { 1109 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) { 1110 hidp_send_ctrl_message(session, 1111 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0); 1112 } else { 1113 /* Flush the transmit queues */ 1114 skb_queue_purge(&session->ctrl_transmit); 1115 skb_queue_purge(&session->intr_transmit); 1116 1117 atomic_inc(&session->terminate); 1118 wake_up_process(session->task); 1119 } 1120 } else 1121 err = -ENOENT; 1122 1123 up_read(&hidp_session_sem); 1124 return err; 1125 } 1126 1127 int hidp_get_connlist(struct hidp_connlist_req *req) 1128 { 1129 struct list_head *p; 1130 int err = 0, n = 0; 1131 1132 BT_DBG(""); 1133 1134 down_read(&hidp_session_sem); 1135 1136 list_for_each(p, &hidp_session_list) { 1137 struct hidp_session *session; 1138 struct hidp_conninfo ci; 1139 1140 session = list_entry(p, struct hidp_session, list); 1141 1142 __hidp_copy_session(session, &ci); 1143 1144 if (copy_to_user(req->ci, &ci, sizeof(ci))) { 1145 err = -EFAULT; 1146 break; 1147 } 1148 1149 if (++n >= req->cnum) 1150 break; 1151 1152 req->ci++; 1153 } 1154 req->cnum = n; 1155 1156 up_read(&hidp_session_sem); 1157 return err; 1158 } 1159 1160 int hidp_get_conninfo(struct hidp_conninfo *ci) 1161 { 1162 struct hidp_session *session; 1163 int err = 0; 1164 1165 down_read(&hidp_session_sem); 1166 1167 session = __hidp_get_session(&ci->bdaddr); 1168 if (session) 1169 __hidp_copy_session(session, ci); 1170 else 1171 err = -ENOENT; 1172 1173 up_read(&hidp_session_sem); 1174 return err; 1175 } 1176 1177 static const struct hid_device_id hidp_table[] = { 1178 { HID_BLUETOOTH_DEVICE(HID_ANY_ID, HID_ANY_ID) }, 1179 { } 1180 }; 1181 1182 static struct hid_driver hidp_driver = { 1183 .name = "generic-bluetooth", 1184 .id_table = hidp_table, 1185 }; 1186 1187 static int __init hidp_init(void) 1188 { 1189 int ret; 1190 1191 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION); 1192 1193 ret = hid_register_driver(&hidp_driver); 1194 if (ret) 1195 goto err; 1196 1197 ret = hidp_init_sockets(); 1198 if (ret) 1199 goto err_drv; 1200 1201 return 0; 1202 err_drv: 1203 hid_unregister_driver(&hidp_driver); 1204 err: 1205 return ret; 1206 } 1207 1208 static void __exit hidp_exit(void) 1209 { 1210 hidp_cleanup_sockets(); 1211 hid_unregister_driver(&hidp_driver); 1212 } 1213 1214 module_init(hidp_init); 1215 module_exit(hidp_exit); 1216 1217 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 1218 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION); 1219 MODULE_VERSION(VERSION); 1220 MODULE_LICENSE("GPL"); 1221 MODULE_ALIAS("bt-proto-6"); 1222