1 /* 2 HIDP implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org> 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License version 2 as 7 published by the Free Software Foundation; 8 9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 20 SOFTWARE IS DISCLAIMED. 21 */ 22 23 #include <linux/module.h> 24 25 #include <linux/types.h> 26 #include <linux/errno.h> 27 #include <linux/kernel.h> 28 #include <linux/sched.h> 29 #include <linux/slab.h> 30 #include <linux/poll.h> 31 #include <linux/freezer.h> 32 #include <linux/fcntl.h> 33 #include <linux/skbuff.h> 34 #include <linux/socket.h> 35 #include <linux/ioctl.h> 36 #include <linux/file.h> 37 #include <linux/init.h> 38 #include <linux/wait.h> 39 #include <net/sock.h> 40 41 #include <linux/input.h> 42 #include <linux/hid.h> 43 #include <linux/hidraw.h> 44 45 #include <net/bluetooth/bluetooth.h> 46 #include <net/bluetooth/hci_core.h> 47 #include <net/bluetooth/l2cap.h> 48 49 #include "hidp.h" 50 51 #define VERSION "1.2" 52 53 static DECLARE_RWSEM(hidp_session_sem); 54 static LIST_HEAD(hidp_session_list); 55 56 static unsigned char hidp_keycode[256] = { 57 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 37, 38, 58 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 21, 44, 2, 3, 59 4, 5, 6, 7, 8, 9, 10, 11, 28, 1, 14, 15, 57, 12, 13, 26, 60 27, 43, 43, 39, 40, 41, 51, 52, 53, 58, 59, 60, 61, 62, 63, 64, 61 65, 66, 67, 68, 87, 88, 99, 70,119,110,102,104,111,107,109,106, 62 105,108,103, 69, 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 63 72, 73, 82, 83, 86,127,116,117,183,184,185,186,187,188,189,190, 64 191,192,193,194,134,138,130,132,128,129,131,137,133,135,136,113, 65 115,114, 0, 0, 0,121, 0, 89, 93,124, 92, 94, 95, 0, 0, 0, 66 122,123, 90, 91, 85, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 67 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 68 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 69 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 70 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 71 29, 42, 56,125, 97, 54,100,126,164,166,165,163,161,115,114,113, 72 150,158,159,128,136,177,178,176,142,152,173,140 73 }; 74 75 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }; 76 77 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr) 78 { 79 struct hidp_session *session; 80 struct list_head *p; 81 82 BT_DBG(""); 83 84 list_for_each(p, &hidp_session_list) { 85 session = list_entry(p, struct hidp_session, list); 86 if (!bacmp(bdaddr, &session->bdaddr)) 87 return session; 88 } 89 return NULL; 90 } 91 92 static void __hidp_link_session(struct hidp_session *session) 93 { 94 __module_get(THIS_MODULE); 95 list_add(&session->list, &hidp_session_list); 96 97 hci_conn_hold_device(session->conn); 98 } 99 100 static void __hidp_unlink_session(struct hidp_session *session) 101 { 102 hci_conn_put_device(session->conn); 103 104 list_del(&session->list); 105 module_put(THIS_MODULE); 106 } 107 108 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci) 109 { 110 bacpy(&ci->bdaddr, &session->bdaddr); 111 112 ci->flags = session->flags; 113 ci->state = session->state; 114 115 ci->vendor = 0x0000; 116 ci->product = 0x0000; 117 ci->version = 0x0000; 118 memset(ci->name, 0, 128); 119 120 if (session->input) { 121 ci->vendor = session->input->id.vendor; 122 ci->product = session->input->id.product; 123 ci->version = session->input->id.version; 124 if (session->input->name) 125 strncpy(ci->name, session->input->name, 128); 126 else 127 strncpy(ci->name, "HID Boot Device", 128); 128 } 129 130 if (session->hid) { 131 ci->vendor = session->hid->vendor; 132 ci->product = session->hid->product; 133 ci->version = session->hid->version; 134 strncpy(ci->name, session->hid->name, 128); 135 } 136 } 137 138 static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev, 139 unsigned int type, unsigned int code, int value) 140 { 141 unsigned char newleds; 142 struct sk_buff *skb; 143 144 BT_DBG("session %p type %d code %d value %d", session, type, code, value); 145 146 if (type != EV_LED) 147 return -1; 148 149 newleds = (!!test_bit(LED_KANA, dev->led) << 3) | 150 (!!test_bit(LED_COMPOSE, dev->led) << 3) | 151 (!!test_bit(LED_SCROLLL, dev->led) << 2) | 152 (!!test_bit(LED_CAPSL, dev->led) << 1) | 153 (!!test_bit(LED_NUML, dev->led)); 154 155 if (session->leds == newleds) 156 return 0; 157 158 session->leds = newleds; 159 160 if (!(skb = alloc_skb(3, GFP_ATOMIC))) { 161 BT_ERR("Can't allocate memory for new frame"); 162 return -ENOMEM; 163 } 164 165 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; 166 *skb_put(skb, 1) = 0x01; 167 *skb_put(skb, 1) = newleds; 168 169 skb_queue_tail(&session->intr_transmit, skb); 170 171 hidp_schedule(session); 172 173 return 0; 174 } 175 176 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 177 { 178 struct hid_device *hid = input_get_drvdata(dev); 179 struct hidp_session *session = hid->driver_data; 180 181 return hidp_queue_event(session, dev, type, code, value); 182 } 183 184 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 185 { 186 struct hidp_session *session = input_get_drvdata(dev); 187 188 return hidp_queue_event(session, dev, type, code, value); 189 } 190 191 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) 192 { 193 struct input_dev *dev = session->input; 194 unsigned char *keys = session->keys; 195 unsigned char *udata = skb->data + 1; 196 signed char *sdata = skb->data + 1; 197 int i, size = skb->len - 1; 198 199 switch (skb->data[0]) { 200 case 0x01: /* Keyboard report */ 201 for (i = 0; i < 8; i++) 202 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1); 203 204 /* If all the key codes have been set to 0x01, it means 205 * too many keys were pressed at the same time. */ 206 if (!memcmp(udata + 2, hidp_mkeyspat, 6)) 207 break; 208 209 for (i = 2; i < 8; i++) { 210 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) { 211 if (hidp_keycode[keys[i]]) 212 input_report_key(dev, hidp_keycode[keys[i]], 0); 213 else 214 BT_ERR("Unknown key (scancode %#x) released.", keys[i]); 215 } 216 217 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) { 218 if (hidp_keycode[udata[i]]) 219 input_report_key(dev, hidp_keycode[udata[i]], 1); 220 else 221 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]); 222 } 223 } 224 225 memcpy(keys, udata, 8); 226 break; 227 228 case 0x02: /* Mouse report */ 229 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01); 230 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02); 231 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04); 232 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08); 233 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10); 234 235 input_report_rel(dev, REL_X, sdata[1]); 236 input_report_rel(dev, REL_Y, sdata[2]); 237 238 if (size > 3) 239 input_report_rel(dev, REL_WHEEL, sdata[3]); 240 break; 241 } 242 243 input_sync(dev); 244 } 245 246 static int __hidp_send_ctrl_message(struct hidp_session *session, 247 unsigned char hdr, unsigned char *data, int size) 248 { 249 struct sk_buff *skb; 250 251 BT_DBG("session %p data %p size %d", session, data, size); 252 253 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) { 254 BT_ERR("Can't allocate memory for new frame"); 255 return -ENOMEM; 256 } 257 258 *skb_put(skb, 1) = hdr; 259 if (data && size > 0) 260 memcpy(skb_put(skb, size), data, size); 261 262 skb_queue_tail(&session->ctrl_transmit, skb); 263 264 return 0; 265 } 266 267 static inline int hidp_send_ctrl_message(struct hidp_session *session, 268 unsigned char hdr, unsigned char *data, int size) 269 { 270 int err; 271 272 err = __hidp_send_ctrl_message(session, hdr, data, size); 273 274 hidp_schedule(session); 275 276 return err; 277 } 278 279 static int hidp_queue_report(struct hidp_session *session, 280 unsigned char *data, int size) 281 { 282 struct sk_buff *skb; 283 284 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size); 285 286 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) { 287 BT_ERR("Can't allocate memory for new frame"); 288 return -ENOMEM; 289 } 290 291 *skb_put(skb, 1) = 0xa2; 292 if (size > 0) 293 memcpy(skb_put(skb, size), data, size); 294 295 skb_queue_tail(&session->intr_transmit, skb); 296 297 hidp_schedule(session); 298 299 return 0; 300 } 301 302 static int hidp_send_report(struct hidp_session *session, struct hid_report *report) 303 { 304 unsigned char buf[32]; 305 int rsize; 306 307 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0); 308 if (rsize > sizeof(buf)) 309 return -EIO; 310 311 hid_output_report(report, buf); 312 313 return hidp_queue_report(session, buf, rsize); 314 } 315 316 static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count, 317 unsigned char report_type) 318 { 319 switch (report_type) { 320 case HID_FEATURE_REPORT: 321 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE; 322 break; 323 case HID_OUTPUT_REPORT: 324 report_type = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; 325 break; 326 default: 327 return -EINVAL; 328 } 329 330 if (hidp_send_ctrl_message(hid->driver_data, report_type, 331 data, count)) 332 return -ENOMEM; 333 return count; 334 } 335 336 static void hidp_idle_timeout(unsigned long arg) 337 { 338 struct hidp_session *session = (struct hidp_session *) arg; 339 340 atomic_inc(&session->terminate); 341 hidp_schedule(session); 342 } 343 344 static void hidp_set_timer(struct hidp_session *session) 345 { 346 if (session->idle_to > 0) 347 mod_timer(&session->timer, jiffies + HZ * session->idle_to); 348 } 349 350 static inline void hidp_del_timer(struct hidp_session *session) 351 { 352 if (session->idle_to > 0) 353 del_timer(&session->timer); 354 } 355 356 static void hidp_process_handshake(struct hidp_session *session, 357 unsigned char param) 358 { 359 BT_DBG("session %p param 0x%02x", session, param); 360 361 switch (param) { 362 case HIDP_HSHK_SUCCESSFUL: 363 /* FIXME: Call into SET_ GET_ handlers here */ 364 break; 365 366 case HIDP_HSHK_NOT_READY: 367 case HIDP_HSHK_ERR_INVALID_REPORT_ID: 368 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST: 369 case HIDP_HSHK_ERR_INVALID_PARAMETER: 370 /* FIXME: Call into SET_ GET_ handlers here */ 371 break; 372 373 case HIDP_HSHK_ERR_UNKNOWN: 374 break; 375 376 case HIDP_HSHK_ERR_FATAL: 377 /* Device requests a reboot, as this is the only way this error 378 * can be recovered. */ 379 __hidp_send_ctrl_message(session, 380 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0); 381 break; 382 383 default: 384 __hidp_send_ctrl_message(session, 385 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 386 break; 387 } 388 } 389 390 static void hidp_process_hid_control(struct hidp_session *session, 391 unsigned char param) 392 { 393 BT_DBG("session %p param 0x%02x", session, param); 394 395 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) { 396 /* Flush the transmit queues */ 397 skb_queue_purge(&session->ctrl_transmit); 398 skb_queue_purge(&session->intr_transmit); 399 400 /* Kill session thread */ 401 atomic_inc(&session->terminate); 402 hidp_schedule(session); 403 } 404 } 405 406 static void hidp_process_data(struct hidp_session *session, struct sk_buff *skb, 407 unsigned char param) 408 { 409 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param); 410 411 switch (param) { 412 case HIDP_DATA_RTYPE_INPUT: 413 hidp_set_timer(session); 414 415 if (session->input) 416 hidp_input_report(session, skb); 417 418 if (session->hid) 419 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0); 420 421 break; 422 423 case HIDP_DATA_RTYPE_OTHER: 424 case HIDP_DATA_RTYPE_OUPUT: 425 case HIDP_DATA_RTYPE_FEATURE: 426 break; 427 428 default: 429 __hidp_send_ctrl_message(session, 430 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 431 } 432 } 433 434 static void hidp_recv_ctrl_frame(struct hidp_session *session, 435 struct sk_buff *skb) 436 { 437 unsigned char hdr, type, param; 438 439 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 440 441 hdr = skb->data[0]; 442 skb_pull(skb, 1); 443 444 type = hdr & HIDP_HEADER_TRANS_MASK; 445 param = hdr & HIDP_HEADER_PARAM_MASK; 446 447 switch (type) { 448 case HIDP_TRANS_HANDSHAKE: 449 hidp_process_handshake(session, param); 450 break; 451 452 case HIDP_TRANS_HID_CONTROL: 453 hidp_process_hid_control(session, param); 454 break; 455 456 case HIDP_TRANS_DATA: 457 hidp_process_data(session, skb, param); 458 break; 459 460 default: 461 __hidp_send_ctrl_message(session, 462 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0); 463 break; 464 } 465 466 kfree_skb(skb); 467 } 468 469 static void hidp_recv_intr_frame(struct hidp_session *session, 470 struct sk_buff *skb) 471 { 472 unsigned char hdr; 473 474 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 475 476 hdr = skb->data[0]; 477 skb_pull(skb, 1); 478 479 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) { 480 hidp_set_timer(session); 481 482 if (session->input) 483 hidp_input_report(session, skb); 484 485 if (session->hid) { 486 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1); 487 BT_DBG("report len %d", skb->len); 488 } 489 } else { 490 BT_DBG("Unsupported protocol header 0x%02x", hdr); 491 } 492 493 kfree_skb(skb); 494 } 495 496 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len) 497 { 498 struct kvec iv = { data, len }; 499 struct msghdr msg; 500 501 BT_DBG("sock %p data %p len %d", sock, data, len); 502 503 if (!len) 504 return 0; 505 506 memset(&msg, 0, sizeof(msg)); 507 508 return kernel_sendmsg(sock, &msg, &iv, 1, len); 509 } 510 511 static void hidp_process_transmit(struct hidp_session *session) 512 { 513 struct sk_buff *skb; 514 515 BT_DBG("session %p", session); 516 517 while ((skb = skb_dequeue(&session->ctrl_transmit))) { 518 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) { 519 skb_queue_head(&session->ctrl_transmit, skb); 520 break; 521 } 522 523 hidp_set_timer(session); 524 kfree_skb(skb); 525 } 526 527 while ((skb = skb_dequeue(&session->intr_transmit))) { 528 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) { 529 skb_queue_head(&session->intr_transmit, skb); 530 break; 531 } 532 533 hidp_set_timer(session); 534 kfree_skb(skb); 535 } 536 } 537 538 static int hidp_session(void *arg) 539 { 540 struct hidp_session *session = arg; 541 struct sock *ctrl_sk = session->ctrl_sock->sk; 542 struct sock *intr_sk = session->intr_sock->sk; 543 struct sk_buff *skb; 544 int vendor = 0x0000, product = 0x0000; 545 wait_queue_t ctrl_wait, intr_wait; 546 547 BT_DBG("session %p", session); 548 549 if (session->input) { 550 vendor = session->input->id.vendor; 551 product = session->input->id.product; 552 } 553 554 if (session->hid) { 555 vendor = session->hid->vendor; 556 product = session->hid->product; 557 } 558 559 daemonize("khidpd_%04x%04x", vendor, product); 560 set_user_nice(current, -15); 561 562 init_waitqueue_entry(&ctrl_wait, current); 563 init_waitqueue_entry(&intr_wait, current); 564 add_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait); 565 add_wait_queue(intr_sk->sk_sleep, &intr_wait); 566 while (!atomic_read(&session->terminate)) { 567 set_current_state(TASK_INTERRUPTIBLE); 568 569 if (ctrl_sk->sk_state != BT_CONNECTED || intr_sk->sk_state != BT_CONNECTED) 570 break; 571 572 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) { 573 skb_orphan(skb); 574 hidp_recv_ctrl_frame(session, skb); 575 } 576 577 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) { 578 skb_orphan(skb); 579 hidp_recv_intr_frame(session, skb); 580 } 581 582 hidp_process_transmit(session); 583 584 schedule(); 585 } 586 set_current_state(TASK_RUNNING); 587 remove_wait_queue(intr_sk->sk_sleep, &intr_wait); 588 remove_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait); 589 590 down_write(&hidp_session_sem); 591 592 hidp_del_timer(session); 593 594 if (session->input) { 595 input_unregister_device(session->input); 596 session->input = NULL; 597 } 598 599 if (session->hid) { 600 hid_destroy_device(session->hid); 601 session->hid = NULL; 602 } 603 604 /* Wakeup user-space polling for socket errors */ 605 session->intr_sock->sk->sk_err = EUNATCH; 606 session->ctrl_sock->sk->sk_err = EUNATCH; 607 608 hidp_schedule(session); 609 610 fput(session->intr_sock->file); 611 612 wait_event_timeout(*(ctrl_sk->sk_sleep), 613 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500)); 614 615 fput(session->ctrl_sock->file); 616 617 __hidp_unlink_session(session); 618 619 up_write(&hidp_session_sem); 620 621 kfree(session); 622 return 0; 623 } 624 625 static struct device *hidp_get_device(struct hidp_session *session) 626 { 627 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src; 628 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst; 629 struct device *device = NULL; 630 struct hci_dev *hdev; 631 632 hdev = hci_get_route(dst, src); 633 if (!hdev) 634 return NULL; 635 636 session->conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 637 if (session->conn) 638 device = &session->conn->dev; 639 640 hci_dev_put(hdev); 641 642 return device; 643 } 644 645 static int hidp_setup_input(struct hidp_session *session, 646 struct hidp_connadd_req *req) 647 { 648 struct input_dev *input; 649 int err, i; 650 651 input = input_allocate_device(); 652 if (!input) 653 return -ENOMEM; 654 655 session->input = input; 656 657 input_set_drvdata(input, session); 658 659 input->name = "Bluetooth HID Boot Protocol Device"; 660 661 input->id.bustype = BUS_BLUETOOTH; 662 input->id.vendor = req->vendor; 663 input->id.product = req->product; 664 input->id.version = req->version; 665 666 if (req->subclass & 0x40) { 667 set_bit(EV_KEY, input->evbit); 668 set_bit(EV_LED, input->evbit); 669 set_bit(EV_REP, input->evbit); 670 671 set_bit(LED_NUML, input->ledbit); 672 set_bit(LED_CAPSL, input->ledbit); 673 set_bit(LED_SCROLLL, input->ledbit); 674 set_bit(LED_COMPOSE, input->ledbit); 675 set_bit(LED_KANA, input->ledbit); 676 677 for (i = 0; i < sizeof(hidp_keycode); i++) 678 set_bit(hidp_keycode[i], input->keybit); 679 clear_bit(0, input->keybit); 680 } 681 682 if (req->subclass & 0x80) { 683 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL); 684 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) | 685 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE); 686 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y); 687 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) | 688 BIT_MASK(BTN_EXTRA); 689 input->relbit[0] |= BIT_MASK(REL_WHEEL); 690 } 691 692 input->dev.parent = hidp_get_device(session); 693 694 input->event = hidp_input_event; 695 696 err = input_register_device(input); 697 if (err < 0) { 698 hci_conn_put_device(session->conn); 699 return err; 700 } 701 702 return 0; 703 } 704 705 static int hidp_open(struct hid_device *hid) 706 { 707 return 0; 708 } 709 710 static void hidp_close(struct hid_device *hid) 711 { 712 } 713 714 static int hidp_parse(struct hid_device *hid) 715 { 716 struct hidp_session *session = hid->driver_data; 717 718 return hid_parse_report(session->hid, session->rd_data, 719 session->rd_size); 720 } 721 722 static int hidp_start(struct hid_device *hid) 723 { 724 struct hidp_session *session = hid->driver_data; 725 struct hid_report *report; 726 727 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT]. 728 report_list, list) 729 hidp_send_report(session, report); 730 731 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT]. 732 report_list, list) 733 hidp_send_report(session, report); 734 735 return 0; 736 } 737 738 static void hidp_stop(struct hid_device *hid) 739 { 740 struct hidp_session *session = hid->driver_data; 741 742 skb_queue_purge(&session->ctrl_transmit); 743 skb_queue_purge(&session->intr_transmit); 744 745 hid->claimed = 0; 746 } 747 748 static struct hid_ll_driver hidp_hid_driver = { 749 .parse = hidp_parse, 750 .start = hidp_start, 751 .stop = hidp_stop, 752 .open = hidp_open, 753 .close = hidp_close, 754 .hidinput_input_event = hidp_hidinput_event, 755 }; 756 757 static int hidp_setup_hid(struct hidp_session *session, 758 struct hidp_connadd_req *req) 759 { 760 struct hid_device *hid; 761 bdaddr_t src, dst; 762 int err; 763 764 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL); 765 if (!session->rd_data) 766 return -ENOMEM; 767 768 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) { 769 err = -EFAULT; 770 goto fault; 771 } 772 session->rd_size = req->rd_size; 773 774 hid = hid_allocate_device(); 775 if (IS_ERR(hid)) { 776 err = PTR_ERR(hid); 777 goto fault; 778 } 779 780 session->hid = hid; 781 782 hid->driver_data = session; 783 784 baswap(&src, &bt_sk(session->ctrl_sock->sk)->src); 785 baswap(&dst, &bt_sk(session->ctrl_sock->sk)->dst); 786 787 hid->bus = BUS_BLUETOOTH; 788 hid->vendor = req->vendor; 789 hid->product = req->product; 790 hid->version = req->version; 791 hid->country = req->country; 792 793 strncpy(hid->name, req->name, 128); 794 strncpy(hid->phys, batostr(&src), 64); 795 strncpy(hid->uniq, batostr(&dst), 64); 796 797 hid->dev.parent = hidp_get_device(session); 798 hid->ll_driver = &hidp_hid_driver; 799 800 hid->hid_output_raw_report = hidp_output_raw_report; 801 802 err = hid_add_device(hid); 803 if (err < 0) 804 goto failed; 805 806 return 0; 807 808 failed: 809 hid_destroy_device(hid); 810 session->hid = NULL; 811 812 fault: 813 kfree(session->rd_data); 814 session->rd_data = NULL; 815 816 return err; 817 } 818 819 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock) 820 { 821 struct hidp_session *session, *s; 822 int err; 823 824 BT_DBG(""); 825 826 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) || 827 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst)) 828 return -ENOTUNIQ; 829 830 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL); 831 if (!session) 832 return -ENOMEM; 833 834 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size); 835 836 down_write(&hidp_session_sem); 837 838 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst); 839 if (s && s->state == BT_CONNECTED) { 840 err = -EEXIST; 841 goto failed; 842 } 843 844 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst); 845 846 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu); 847 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu); 848 849 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu); 850 851 session->ctrl_sock = ctrl_sock; 852 session->intr_sock = intr_sock; 853 session->state = BT_CONNECTED; 854 855 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session); 856 857 skb_queue_head_init(&session->ctrl_transmit); 858 skb_queue_head_init(&session->intr_transmit); 859 860 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID); 861 session->idle_to = req->idle_to; 862 863 if (req->rd_size > 0) { 864 err = hidp_setup_hid(session, req); 865 if (err && err != -ENODEV) 866 goto purge; 867 } 868 869 if (!session->hid) { 870 err = hidp_setup_input(session, req); 871 if (err < 0) 872 goto purge; 873 } 874 875 __hidp_link_session(session); 876 877 hidp_set_timer(session); 878 879 err = kernel_thread(hidp_session, session, CLONE_KERNEL); 880 if (err < 0) 881 goto unlink; 882 883 if (session->input) { 884 hidp_send_ctrl_message(session, 885 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0); 886 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE); 887 888 session->leds = 0xff; 889 hidp_input_event(session->input, EV_LED, 0, 0); 890 } 891 892 up_write(&hidp_session_sem); 893 return 0; 894 895 unlink: 896 hidp_del_timer(session); 897 898 __hidp_unlink_session(session); 899 900 if (session->input) { 901 input_unregister_device(session->input); 902 session->input = NULL; 903 } 904 905 if (session->hid) { 906 hid_destroy_device(session->hid); 907 session->hid = NULL; 908 } 909 910 kfree(session->rd_data); 911 session->rd_data = NULL; 912 913 purge: 914 skb_queue_purge(&session->ctrl_transmit); 915 skb_queue_purge(&session->intr_transmit); 916 917 failed: 918 up_write(&hidp_session_sem); 919 920 input_free_device(session->input); 921 kfree(session); 922 return err; 923 } 924 925 int hidp_del_connection(struct hidp_conndel_req *req) 926 { 927 struct hidp_session *session; 928 int err = 0; 929 930 BT_DBG(""); 931 932 down_read(&hidp_session_sem); 933 934 session = __hidp_get_session(&req->bdaddr); 935 if (session) { 936 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) { 937 hidp_send_ctrl_message(session, 938 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0); 939 } else { 940 /* Flush the transmit queues */ 941 skb_queue_purge(&session->ctrl_transmit); 942 skb_queue_purge(&session->intr_transmit); 943 944 /* Wakeup user-space polling for socket errors */ 945 session->intr_sock->sk->sk_err = EUNATCH; 946 session->ctrl_sock->sk->sk_err = EUNATCH; 947 948 /* Kill session thread */ 949 atomic_inc(&session->terminate); 950 hidp_schedule(session); 951 } 952 } else 953 err = -ENOENT; 954 955 up_read(&hidp_session_sem); 956 return err; 957 } 958 959 int hidp_get_connlist(struct hidp_connlist_req *req) 960 { 961 struct list_head *p; 962 int err = 0, n = 0; 963 964 BT_DBG(""); 965 966 down_read(&hidp_session_sem); 967 968 list_for_each(p, &hidp_session_list) { 969 struct hidp_session *session; 970 struct hidp_conninfo ci; 971 972 session = list_entry(p, struct hidp_session, list); 973 974 __hidp_copy_session(session, &ci); 975 976 if (copy_to_user(req->ci, &ci, sizeof(ci))) { 977 err = -EFAULT; 978 break; 979 } 980 981 if (++n >= req->cnum) 982 break; 983 984 req->ci++; 985 } 986 req->cnum = n; 987 988 up_read(&hidp_session_sem); 989 return err; 990 } 991 992 int hidp_get_conninfo(struct hidp_conninfo *ci) 993 { 994 struct hidp_session *session; 995 int err = 0; 996 997 down_read(&hidp_session_sem); 998 999 session = __hidp_get_session(&ci->bdaddr); 1000 if (session) 1001 __hidp_copy_session(session, ci); 1002 else 1003 err = -ENOENT; 1004 1005 up_read(&hidp_session_sem); 1006 return err; 1007 } 1008 1009 static const struct hid_device_id hidp_table[] = { 1010 { HID_BLUETOOTH_DEVICE(HID_ANY_ID, HID_ANY_ID) }, 1011 { } 1012 }; 1013 1014 static struct hid_driver hidp_driver = { 1015 .name = "generic-bluetooth", 1016 .id_table = hidp_table, 1017 }; 1018 1019 static int __init hidp_init(void) 1020 { 1021 int ret; 1022 1023 l2cap_load(); 1024 1025 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION); 1026 1027 ret = hid_register_driver(&hidp_driver); 1028 if (ret) 1029 goto err; 1030 1031 ret = hidp_init_sockets(); 1032 if (ret) 1033 goto err_drv; 1034 1035 return 0; 1036 err_drv: 1037 hid_unregister_driver(&hidp_driver); 1038 err: 1039 return ret; 1040 } 1041 1042 static void __exit hidp_exit(void) 1043 { 1044 hidp_cleanup_sockets(); 1045 hid_unregister_driver(&hidp_driver); 1046 } 1047 1048 module_init(hidp_init); 1049 module_exit(hidp_exit); 1050 1051 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 1052 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION); 1053 MODULE_VERSION(VERSION); 1054 MODULE_LICENSE("GPL"); 1055 MODULE_ALIAS("bt-proto-6"); 1056