1 /* 2 HIDP implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org> 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License version 2 as 7 published by the Free Software Foundation; 8 9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 20 SOFTWARE IS DISCLAIMED. 21 */ 22 23 #include <linux/module.h> 24 25 #include <linux/types.h> 26 #include <linux/errno.h> 27 #include <linux/kernel.h> 28 #include <linux/sched.h> 29 #include <linux/slab.h> 30 #include <linux/poll.h> 31 #include <linux/freezer.h> 32 #include <linux/fcntl.h> 33 #include <linux/skbuff.h> 34 #include <linux/socket.h> 35 #include <linux/ioctl.h> 36 #include <linux/file.h> 37 #include <linux/init.h> 38 #include <linux/wait.h> 39 #include <net/sock.h> 40 41 #include <linux/input.h> 42 #include <linux/hid.h> 43 #include <linux/hidraw.h> 44 45 #include <net/bluetooth/bluetooth.h> 46 #include <net/bluetooth/hci_core.h> 47 #include <net/bluetooth/l2cap.h> 48 49 #include "hidp.h" 50 51 #define VERSION "1.2" 52 53 static DECLARE_RWSEM(hidp_session_sem); 54 static LIST_HEAD(hidp_session_list); 55 56 static unsigned char hidp_keycode[256] = { 57 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 37, 38, 58 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 21, 44, 2, 3, 59 4, 5, 6, 7, 8, 9, 10, 11, 28, 1, 14, 15, 57, 12, 13, 26, 60 27, 43, 43, 39, 40, 41, 51, 52, 53, 58, 59, 60, 61, 62, 63, 64, 61 65, 66, 67, 68, 87, 88, 99, 70,119,110,102,104,111,107,109,106, 62 105,108,103, 69, 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 63 72, 73, 82, 83, 86,127,116,117,183,184,185,186,187,188,189,190, 64 191,192,193,194,134,138,130,132,128,129,131,137,133,135,136,113, 65 115,114, 0, 0, 0,121, 0, 89, 93,124, 92, 94, 95, 0, 0, 0, 66 122,123, 90, 91, 85, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 67 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 68 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 69 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 70 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 71 29, 42, 56,125, 97, 54,100,126,164,166,165,163,161,115,114,113, 72 150,158,159,128,136,177,178,176,142,152,173,140 73 }; 74 75 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }; 76 77 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr) 78 { 79 struct hidp_session *session; 80 struct list_head *p; 81 82 BT_DBG(""); 83 84 list_for_each(p, &hidp_session_list) { 85 session = list_entry(p, struct hidp_session, list); 86 if (!bacmp(bdaddr, &session->bdaddr)) 87 return session; 88 } 89 return NULL; 90 } 91 92 static void __hidp_link_session(struct hidp_session *session) 93 { 94 __module_get(THIS_MODULE); 95 list_add(&session->list, &hidp_session_list); 96 97 hci_conn_hold_device(session->conn); 98 } 99 100 static void __hidp_unlink_session(struct hidp_session *session) 101 { 102 hci_conn_put_device(session->conn); 103 104 list_del(&session->list); 105 module_put(THIS_MODULE); 106 } 107 108 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci) 109 { 110 memset(ci, 0, sizeof(*ci)); 111 bacpy(&ci->bdaddr, &session->bdaddr); 112 113 ci->flags = session->flags; 114 ci->state = session->state; 115 116 ci->vendor = 0x0000; 117 ci->product = 0x0000; 118 ci->version = 0x0000; 119 120 if (session->input) { 121 ci->vendor = session->input->id.vendor; 122 ci->product = session->input->id.product; 123 ci->version = session->input->id.version; 124 if (session->input->name) 125 strncpy(ci->name, session->input->name, 128); 126 else 127 strncpy(ci->name, "HID Boot Device", 128); 128 } 129 130 if (session->hid) { 131 ci->vendor = session->hid->vendor; 132 ci->product = session->hid->product; 133 ci->version = session->hid->version; 134 strncpy(ci->name, session->hid->name, 128); 135 } 136 } 137 138 static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev, 139 unsigned int type, unsigned int code, int value) 140 { 141 unsigned char newleds; 142 struct sk_buff *skb; 143 144 BT_DBG("session %p type %d code %d value %d", session, type, code, value); 145 146 if (type != EV_LED) 147 return -1; 148 149 newleds = (!!test_bit(LED_KANA, dev->led) << 3) | 150 (!!test_bit(LED_COMPOSE, dev->led) << 3) | 151 (!!test_bit(LED_SCROLLL, dev->led) << 2) | 152 (!!test_bit(LED_CAPSL, dev->led) << 1) | 153 (!!test_bit(LED_NUML, dev->led)); 154 155 if (session->leds == newleds) 156 return 0; 157 158 session->leds = newleds; 159 160 if (!(skb = alloc_skb(3, GFP_ATOMIC))) { 161 BT_ERR("Can't allocate memory for new frame"); 162 return -ENOMEM; 163 } 164 165 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; 166 *skb_put(skb, 1) = 0x01; 167 *skb_put(skb, 1) = newleds; 168 169 skb_queue_tail(&session->intr_transmit, skb); 170 171 hidp_schedule(session); 172 173 return 0; 174 } 175 176 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 177 { 178 struct hid_device *hid = input_get_drvdata(dev); 179 struct hidp_session *session = hid->driver_data; 180 181 return hidp_queue_event(session, dev, type, code, value); 182 } 183 184 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 185 { 186 struct hidp_session *session = input_get_drvdata(dev); 187 188 return hidp_queue_event(session, dev, type, code, value); 189 } 190 191 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) 192 { 193 struct input_dev *dev = session->input; 194 unsigned char *keys = session->keys; 195 unsigned char *udata = skb->data + 1; 196 signed char *sdata = skb->data + 1; 197 int i, size = skb->len - 1; 198 199 switch (skb->data[0]) { 200 case 0x01: /* Keyboard report */ 201 for (i = 0; i < 8; i++) 202 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1); 203 204 /* If all the key codes have been set to 0x01, it means 205 * too many keys were pressed at the same time. */ 206 if (!memcmp(udata + 2, hidp_mkeyspat, 6)) 207 break; 208 209 for (i = 2; i < 8; i++) { 210 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) { 211 if (hidp_keycode[keys[i]]) 212 input_report_key(dev, hidp_keycode[keys[i]], 0); 213 else 214 BT_ERR("Unknown key (scancode %#x) released.", keys[i]); 215 } 216 217 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) { 218 if (hidp_keycode[udata[i]]) 219 input_report_key(dev, hidp_keycode[udata[i]], 1); 220 else 221 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]); 222 } 223 } 224 225 memcpy(keys, udata, 8); 226 break; 227 228 case 0x02: /* Mouse report */ 229 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01); 230 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02); 231 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04); 232 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08); 233 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10); 234 235 input_report_rel(dev, REL_X, sdata[1]); 236 input_report_rel(dev, REL_Y, sdata[2]); 237 238 if (size > 3) 239 input_report_rel(dev, REL_WHEEL, sdata[3]); 240 break; 241 } 242 243 input_sync(dev); 244 } 245 246 static int __hidp_send_ctrl_message(struct hidp_session *session, 247 unsigned char hdr, unsigned char *data, int size) 248 { 249 struct sk_buff *skb; 250 251 BT_DBG("session %p data %p size %d", session, data, size); 252 253 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) { 254 BT_ERR("Can't allocate memory for new frame"); 255 return -ENOMEM; 256 } 257 258 *skb_put(skb, 1) = hdr; 259 if (data && size > 0) 260 memcpy(skb_put(skb, size), data, size); 261 262 skb_queue_tail(&session->ctrl_transmit, skb); 263 264 return 0; 265 } 266 267 static inline int hidp_send_ctrl_message(struct hidp_session *session, 268 unsigned char hdr, unsigned char *data, int size) 269 { 270 int err; 271 272 err = __hidp_send_ctrl_message(session, hdr, data, size); 273 274 hidp_schedule(session); 275 276 return err; 277 } 278 279 static int hidp_queue_report(struct hidp_session *session, 280 unsigned char *data, int size) 281 { 282 struct sk_buff *skb; 283 284 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size); 285 286 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) { 287 BT_ERR("Can't allocate memory for new frame"); 288 return -ENOMEM; 289 } 290 291 *skb_put(skb, 1) = 0xa2; 292 if (size > 0) 293 memcpy(skb_put(skb, size), data, size); 294 295 skb_queue_tail(&session->intr_transmit, skb); 296 297 hidp_schedule(session); 298 299 return 0; 300 } 301 302 static int hidp_send_report(struct hidp_session *session, struct hid_report *report) 303 { 304 unsigned char buf[32]; 305 int rsize; 306 307 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0); 308 if (rsize > sizeof(buf)) 309 return -EIO; 310 311 hid_output_report(report, buf); 312 313 return hidp_queue_report(session, buf, rsize); 314 } 315 316 static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count, 317 unsigned char report_type) 318 { 319 switch (report_type) { 320 case HID_FEATURE_REPORT: 321 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE; 322 break; 323 case HID_OUTPUT_REPORT: 324 report_type = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; 325 break; 326 default: 327 return -EINVAL; 328 } 329 330 if (hidp_send_ctrl_message(hid->driver_data, report_type, 331 data, count)) 332 return -ENOMEM; 333 return count; 334 } 335 336 static void hidp_idle_timeout(unsigned long arg) 337 { 338 struct hidp_session *session = (struct hidp_session *) arg; 339 340 atomic_inc(&session->terminate); 341 hidp_schedule(session); 342 } 343 344 static void hidp_set_timer(struct hidp_session *session) 345 { 346 if (session->idle_to > 0) 347 mod_timer(&session->timer, jiffies + HZ * session->idle_to); 348 } 349 350 static inline void hidp_del_timer(struct hidp_session *session) 351 { 352 if (session->idle_to > 0) 353 del_timer(&session->timer); 354 } 355 356 static void hidp_process_handshake(struct hidp_session *session, 357 unsigned char param) 358 { 359 BT_DBG("session %p param 0x%02x", session, param); 360 361 switch (param) { 362 case HIDP_HSHK_SUCCESSFUL: 363 /* FIXME: Call into SET_ GET_ handlers here */ 364 break; 365 366 case HIDP_HSHK_NOT_READY: 367 case HIDP_HSHK_ERR_INVALID_REPORT_ID: 368 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST: 369 case HIDP_HSHK_ERR_INVALID_PARAMETER: 370 /* FIXME: Call into SET_ GET_ handlers here */ 371 break; 372 373 case HIDP_HSHK_ERR_UNKNOWN: 374 break; 375 376 case HIDP_HSHK_ERR_FATAL: 377 /* Device requests a reboot, as this is the only way this error 378 * can be recovered. */ 379 __hidp_send_ctrl_message(session, 380 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0); 381 break; 382 383 default: 384 __hidp_send_ctrl_message(session, 385 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 386 break; 387 } 388 } 389 390 static void hidp_process_hid_control(struct hidp_session *session, 391 unsigned char param) 392 { 393 BT_DBG("session %p param 0x%02x", session, param); 394 395 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) { 396 /* Flush the transmit queues */ 397 skb_queue_purge(&session->ctrl_transmit); 398 skb_queue_purge(&session->intr_transmit); 399 400 /* Kill session thread */ 401 atomic_inc(&session->terminate); 402 hidp_schedule(session); 403 } 404 } 405 406 static void hidp_process_data(struct hidp_session *session, struct sk_buff *skb, 407 unsigned char param) 408 { 409 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param); 410 411 switch (param) { 412 case HIDP_DATA_RTYPE_INPUT: 413 hidp_set_timer(session); 414 415 if (session->input) 416 hidp_input_report(session, skb); 417 418 if (session->hid) 419 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0); 420 421 break; 422 423 case HIDP_DATA_RTYPE_OTHER: 424 case HIDP_DATA_RTYPE_OUPUT: 425 case HIDP_DATA_RTYPE_FEATURE: 426 break; 427 428 default: 429 __hidp_send_ctrl_message(session, 430 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 431 } 432 } 433 434 static void hidp_recv_ctrl_frame(struct hidp_session *session, 435 struct sk_buff *skb) 436 { 437 unsigned char hdr, type, param; 438 439 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 440 441 hdr = skb->data[0]; 442 skb_pull(skb, 1); 443 444 type = hdr & HIDP_HEADER_TRANS_MASK; 445 param = hdr & HIDP_HEADER_PARAM_MASK; 446 447 switch (type) { 448 case HIDP_TRANS_HANDSHAKE: 449 hidp_process_handshake(session, param); 450 break; 451 452 case HIDP_TRANS_HID_CONTROL: 453 hidp_process_hid_control(session, param); 454 break; 455 456 case HIDP_TRANS_DATA: 457 hidp_process_data(session, skb, param); 458 break; 459 460 default: 461 __hidp_send_ctrl_message(session, 462 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0); 463 break; 464 } 465 466 kfree_skb(skb); 467 } 468 469 static void hidp_recv_intr_frame(struct hidp_session *session, 470 struct sk_buff *skb) 471 { 472 unsigned char hdr; 473 474 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 475 476 hdr = skb->data[0]; 477 skb_pull(skb, 1); 478 479 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) { 480 hidp_set_timer(session); 481 482 if (session->input) 483 hidp_input_report(session, skb); 484 485 if (session->hid) { 486 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1); 487 BT_DBG("report len %d", skb->len); 488 } 489 } else { 490 BT_DBG("Unsupported protocol header 0x%02x", hdr); 491 } 492 493 kfree_skb(skb); 494 } 495 496 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len) 497 { 498 struct kvec iv = { data, len }; 499 struct msghdr msg; 500 501 BT_DBG("sock %p data %p len %d", sock, data, len); 502 503 if (!len) 504 return 0; 505 506 memset(&msg, 0, sizeof(msg)); 507 508 return kernel_sendmsg(sock, &msg, &iv, 1, len); 509 } 510 511 static void hidp_process_transmit(struct hidp_session *session) 512 { 513 struct sk_buff *skb; 514 515 BT_DBG("session %p", session); 516 517 while ((skb = skb_dequeue(&session->ctrl_transmit))) { 518 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) { 519 skb_queue_head(&session->ctrl_transmit, skb); 520 break; 521 } 522 523 hidp_set_timer(session); 524 kfree_skb(skb); 525 } 526 527 while ((skb = skb_dequeue(&session->intr_transmit))) { 528 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) { 529 skb_queue_head(&session->intr_transmit, skb); 530 break; 531 } 532 533 hidp_set_timer(session); 534 kfree_skb(skb); 535 } 536 } 537 538 static int hidp_session(void *arg) 539 { 540 struct hidp_session *session = arg; 541 struct sock *ctrl_sk = session->ctrl_sock->sk; 542 struct sock *intr_sk = session->intr_sock->sk; 543 struct sk_buff *skb; 544 int vendor = 0x0000, product = 0x0000; 545 wait_queue_t ctrl_wait, intr_wait; 546 547 BT_DBG("session %p", session); 548 549 if (session->input) { 550 vendor = session->input->id.vendor; 551 product = session->input->id.product; 552 } 553 554 if (session->hid) { 555 vendor = session->hid->vendor; 556 product = session->hid->product; 557 } 558 559 daemonize("khidpd_%04x%04x", vendor, product); 560 set_user_nice(current, -15); 561 562 init_waitqueue_entry(&ctrl_wait, current); 563 init_waitqueue_entry(&intr_wait, current); 564 add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait); 565 add_wait_queue(sk_sleep(intr_sk), &intr_wait); 566 while (!atomic_read(&session->terminate)) { 567 set_current_state(TASK_INTERRUPTIBLE); 568 569 if (ctrl_sk->sk_state != BT_CONNECTED || intr_sk->sk_state != BT_CONNECTED) 570 break; 571 572 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) { 573 skb_orphan(skb); 574 hidp_recv_ctrl_frame(session, skb); 575 } 576 577 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) { 578 skb_orphan(skb); 579 hidp_recv_intr_frame(session, skb); 580 } 581 582 hidp_process_transmit(session); 583 584 schedule(); 585 } 586 set_current_state(TASK_RUNNING); 587 remove_wait_queue(sk_sleep(intr_sk), &intr_wait); 588 remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait); 589 590 down_write(&hidp_session_sem); 591 592 hidp_del_timer(session); 593 594 if (session->input) { 595 input_unregister_device(session->input); 596 session->input = NULL; 597 } 598 599 if (session->hid) { 600 hid_destroy_device(session->hid); 601 session->hid = NULL; 602 } 603 604 /* Wakeup user-space polling for socket errors */ 605 session->intr_sock->sk->sk_err = EUNATCH; 606 session->ctrl_sock->sk->sk_err = EUNATCH; 607 608 hidp_schedule(session); 609 610 fput(session->intr_sock->file); 611 612 wait_event_timeout(*(sk_sleep(ctrl_sk)), 613 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500)); 614 615 fput(session->ctrl_sock->file); 616 617 __hidp_unlink_session(session); 618 619 up_write(&hidp_session_sem); 620 621 kfree(session); 622 return 0; 623 } 624 625 static struct device *hidp_get_device(struct hidp_session *session) 626 { 627 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src; 628 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst; 629 struct device *device = NULL; 630 struct hci_dev *hdev; 631 632 hdev = hci_get_route(dst, src); 633 if (!hdev) 634 return NULL; 635 636 session->conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 637 if (session->conn) 638 device = &session->conn->dev; 639 640 hci_dev_put(hdev); 641 642 return device; 643 } 644 645 static int hidp_setup_input(struct hidp_session *session, 646 struct hidp_connadd_req *req) 647 { 648 struct input_dev *input; 649 int err, i; 650 651 input = input_allocate_device(); 652 if (!input) 653 return -ENOMEM; 654 655 session->input = input; 656 657 input_set_drvdata(input, session); 658 659 input->name = "Bluetooth HID Boot Protocol Device"; 660 661 input->id.bustype = BUS_BLUETOOTH; 662 input->id.vendor = req->vendor; 663 input->id.product = req->product; 664 input->id.version = req->version; 665 666 if (req->subclass & 0x40) { 667 set_bit(EV_KEY, input->evbit); 668 set_bit(EV_LED, input->evbit); 669 set_bit(EV_REP, input->evbit); 670 671 set_bit(LED_NUML, input->ledbit); 672 set_bit(LED_CAPSL, input->ledbit); 673 set_bit(LED_SCROLLL, input->ledbit); 674 set_bit(LED_COMPOSE, input->ledbit); 675 set_bit(LED_KANA, input->ledbit); 676 677 for (i = 0; i < sizeof(hidp_keycode); i++) 678 set_bit(hidp_keycode[i], input->keybit); 679 clear_bit(0, input->keybit); 680 } 681 682 if (req->subclass & 0x80) { 683 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL); 684 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) | 685 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE); 686 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y); 687 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) | 688 BIT_MASK(BTN_EXTRA); 689 input->relbit[0] |= BIT_MASK(REL_WHEEL); 690 } 691 692 input->dev.parent = hidp_get_device(session); 693 694 input->event = hidp_input_event; 695 696 err = input_register_device(input); 697 if (err < 0) { 698 hci_conn_put_device(session->conn); 699 return err; 700 } 701 702 return 0; 703 } 704 705 static int hidp_open(struct hid_device *hid) 706 { 707 return 0; 708 } 709 710 static void hidp_close(struct hid_device *hid) 711 { 712 } 713 714 static int hidp_parse(struct hid_device *hid) 715 { 716 struct hidp_session *session = hid->driver_data; 717 718 return hid_parse_report(session->hid, session->rd_data, 719 session->rd_size); 720 } 721 722 static int hidp_start(struct hid_device *hid) 723 { 724 struct hidp_session *session = hid->driver_data; 725 struct hid_report *report; 726 727 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT]. 728 report_list, list) 729 hidp_send_report(session, report); 730 731 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT]. 732 report_list, list) 733 hidp_send_report(session, report); 734 735 return 0; 736 } 737 738 static void hidp_stop(struct hid_device *hid) 739 { 740 struct hidp_session *session = hid->driver_data; 741 742 skb_queue_purge(&session->ctrl_transmit); 743 skb_queue_purge(&session->intr_transmit); 744 745 hid->claimed = 0; 746 } 747 748 static struct hid_ll_driver hidp_hid_driver = { 749 .parse = hidp_parse, 750 .start = hidp_start, 751 .stop = hidp_stop, 752 .open = hidp_open, 753 .close = hidp_close, 754 .hidinput_input_event = hidp_hidinput_event, 755 }; 756 757 static int hidp_setup_hid(struct hidp_session *session, 758 struct hidp_connadd_req *req) 759 { 760 struct hid_device *hid; 761 int err; 762 763 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL); 764 if (!session->rd_data) 765 return -ENOMEM; 766 767 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) { 768 err = -EFAULT; 769 goto fault; 770 } 771 session->rd_size = req->rd_size; 772 773 hid = hid_allocate_device(); 774 if (IS_ERR(hid)) { 775 err = PTR_ERR(hid); 776 goto fault; 777 } 778 779 session->hid = hid; 780 781 hid->driver_data = session; 782 783 hid->bus = BUS_BLUETOOTH; 784 hid->vendor = req->vendor; 785 hid->product = req->product; 786 hid->version = req->version; 787 hid->country = req->country; 788 789 strncpy(hid->name, req->name, 128); 790 strncpy(hid->phys, batostr(&bt_sk(session->ctrl_sock->sk)->src), 64); 791 strncpy(hid->uniq, batostr(&bt_sk(session->ctrl_sock->sk)->dst), 64); 792 793 hid->dev.parent = hidp_get_device(session); 794 hid->ll_driver = &hidp_hid_driver; 795 796 hid->hid_output_raw_report = hidp_output_raw_report; 797 798 err = hid_add_device(hid); 799 if (err < 0) 800 goto failed; 801 802 return 0; 803 804 failed: 805 hid_destroy_device(hid); 806 session->hid = NULL; 807 808 fault: 809 kfree(session->rd_data); 810 session->rd_data = NULL; 811 812 return err; 813 } 814 815 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock) 816 { 817 struct hidp_session *session, *s; 818 int err; 819 820 BT_DBG(""); 821 822 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) || 823 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst)) 824 return -ENOTUNIQ; 825 826 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL); 827 if (!session) 828 return -ENOMEM; 829 830 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size); 831 832 down_write(&hidp_session_sem); 833 834 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst); 835 if (s && s->state == BT_CONNECTED) { 836 err = -EEXIST; 837 goto failed; 838 } 839 840 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst); 841 842 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu); 843 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu); 844 845 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu); 846 847 session->ctrl_sock = ctrl_sock; 848 session->intr_sock = intr_sock; 849 session->state = BT_CONNECTED; 850 851 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session); 852 853 skb_queue_head_init(&session->ctrl_transmit); 854 skb_queue_head_init(&session->intr_transmit); 855 856 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID); 857 session->idle_to = req->idle_to; 858 859 if (req->rd_size > 0) { 860 err = hidp_setup_hid(session, req); 861 if (err && err != -ENODEV) 862 goto purge; 863 } 864 865 if (!session->hid) { 866 err = hidp_setup_input(session, req); 867 if (err < 0) 868 goto purge; 869 } 870 871 __hidp_link_session(session); 872 873 hidp_set_timer(session); 874 875 err = kernel_thread(hidp_session, session, CLONE_KERNEL); 876 if (err < 0) 877 goto unlink; 878 879 if (session->input) { 880 hidp_send_ctrl_message(session, 881 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0); 882 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE); 883 884 session->leds = 0xff; 885 hidp_input_event(session->input, EV_LED, 0, 0); 886 } 887 888 up_write(&hidp_session_sem); 889 return 0; 890 891 unlink: 892 hidp_del_timer(session); 893 894 __hidp_unlink_session(session); 895 896 if (session->input) { 897 input_unregister_device(session->input); 898 session->input = NULL; 899 } 900 901 if (session->hid) { 902 hid_destroy_device(session->hid); 903 session->hid = NULL; 904 } 905 906 kfree(session->rd_data); 907 session->rd_data = NULL; 908 909 purge: 910 skb_queue_purge(&session->ctrl_transmit); 911 skb_queue_purge(&session->intr_transmit); 912 913 failed: 914 up_write(&hidp_session_sem); 915 916 input_free_device(session->input); 917 kfree(session); 918 return err; 919 } 920 921 int hidp_del_connection(struct hidp_conndel_req *req) 922 { 923 struct hidp_session *session; 924 int err = 0; 925 926 BT_DBG(""); 927 928 down_read(&hidp_session_sem); 929 930 session = __hidp_get_session(&req->bdaddr); 931 if (session) { 932 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) { 933 hidp_send_ctrl_message(session, 934 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0); 935 } else { 936 /* Flush the transmit queues */ 937 skb_queue_purge(&session->ctrl_transmit); 938 skb_queue_purge(&session->intr_transmit); 939 940 /* Wakeup user-space polling for socket errors */ 941 session->intr_sock->sk->sk_err = EUNATCH; 942 session->ctrl_sock->sk->sk_err = EUNATCH; 943 944 /* Kill session thread */ 945 atomic_inc(&session->terminate); 946 hidp_schedule(session); 947 } 948 } else 949 err = -ENOENT; 950 951 up_read(&hidp_session_sem); 952 return err; 953 } 954 955 int hidp_get_connlist(struct hidp_connlist_req *req) 956 { 957 struct list_head *p; 958 int err = 0, n = 0; 959 960 BT_DBG(""); 961 962 down_read(&hidp_session_sem); 963 964 list_for_each(p, &hidp_session_list) { 965 struct hidp_session *session; 966 struct hidp_conninfo ci; 967 968 session = list_entry(p, struct hidp_session, list); 969 970 __hidp_copy_session(session, &ci); 971 972 if (copy_to_user(req->ci, &ci, sizeof(ci))) { 973 err = -EFAULT; 974 break; 975 } 976 977 if (++n >= req->cnum) 978 break; 979 980 req->ci++; 981 } 982 req->cnum = n; 983 984 up_read(&hidp_session_sem); 985 return err; 986 } 987 988 int hidp_get_conninfo(struct hidp_conninfo *ci) 989 { 990 struct hidp_session *session; 991 int err = 0; 992 993 down_read(&hidp_session_sem); 994 995 session = __hidp_get_session(&ci->bdaddr); 996 if (session) 997 __hidp_copy_session(session, ci); 998 else 999 err = -ENOENT; 1000 1001 up_read(&hidp_session_sem); 1002 return err; 1003 } 1004 1005 static const struct hid_device_id hidp_table[] = { 1006 { HID_BLUETOOTH_DEVICE(HID_ANY_ID, HID_ANY_ID) }, 1007 { } 1008 }; 1009 1010 static struct hid_driver hidp_driver = { 1011 .name = "generic-bluetooth", 1012 .id_table = hidp_table, 1013 }; 1014 1015 static int __init hidp_init(void) 1016 { 1017 int ret; 1018 1019 l2cap_load(); 1020 1021 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION); 1022 1023 ret = hid_register_driver(&hidp_driver); 1024 if (ret) 1025 goto err; 1026 1027 ret = hidp_init_sockets(); 1028 if (ret) 1029 goto err_drv; 1030 1031 return 0; 1032 err_drv: 1033 hid_unregister_driver(&hidp_driver); 1034 err: 1035 return ret; 1036 } 1037 1038 static void __exit hidp_exit(void) 1039 { 1040 hidp_cleanup_sockets(); 1041 hid_unregister_driver(&hidp_driver); 1042 } 1043 1044 module_init(hidp_init); 1045 module_exit(hidp_exit); 1046 1047 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 1048 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION); 1049 MODULE_VERSION(VERSION); 1050 MODULE_LICENSE("GPL"); 1051 MODULE_ALIAS("bt-proto-6"); 1052