1 /* 2 HIDP implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org> 4 Copyright (C) 2013 David Herrmann <dh.herrmann@gmail.com> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 #include <linux/kref.h> 25 #include <linux/module.h> 26 #include <linux/file.h> 27 #include <linux/kthread.h> 28 #include <linux/hidraw.h> 29 30 #include <net/bluetooth/bluetooth.h> 31 #include <net/bluetooth/hci_core.h> 32 #include <net/bluetooth/l2cap.h> 33 34 #include "hidp.h" 35 36 #define VERSION "1.2" 37 38 static DECLARE_RWSEM(hidp_session_sem); 39 static DECLARE_WAIT_QUEUE_HEAD(hidp_session_wq); 40 static LIST_HEAD(hidp_session_list); 41 42 static unsigned char hidp_keycode[256] = { 43 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 44 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 45 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1, 46 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52, 47 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88, 48 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69, 49 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73, 50 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190, 51 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135, 52 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94, 53 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0, 54 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 55 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 56 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 57 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 58 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 59 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115, 60 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140 61 }; 62 63 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }; 64 65 static int hidp_session_probe(struct l2cap_conn *conn, 66 struct l2cap_user *user); 67 static void hidp_session_remove(struct l2cap_conn *conn, 68 struct l2cap_user *user); 69 static int hidp_session_thread(void *arg); 70 static void hidp_session_terminate(struct hidp_session *s); 71 72 static void hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci) 73 { 74 u32 valid_flags = 0; 75 memset(ci, 0, sizeof(*ci)); 76 bacpy(&ci->bdaddr, &session->bdaddr); 77 78 ci->flags = session->flags & valid_flags; 79 ci->state = BT_CONNECTED; 80 81 if (session->input) { 82 ci->vendor = session->input->id.vendor; 83 ci->product = session->input->id.product; 84 ci->version = session->input->id.version; 85 if (session->input->name) 86 strlcpy(ci->name, session->input->name, 128); 87 else 88 strlcpy(ci->name, "HID Boot Device", 128); 89 } else if (session->hid) { 90 ci->vendor = session->hid->vendor; 91 ci->product = session->hid->product; 92 ci->version = session->hid->version; 93 strlcpy(ci->name, session->hid->name, 128); 94 } 95 } 96 97 /* assemble skb, queue message on @transmit and wake up the session thread */ 98 static int hidp_send_message(struct hidp_session *session, struct socket *sock, 99 struct sk_buff_head *transmit, unsigned char hdr, 100 const unsigned char *data, int size) 101 { 102 struct sk_buff *skb; 103 struct sock *sk = sock->sk; 104 105 BT_DBG("session %p data %p size %d", session, data, size); 106 107 if (atomic_read(&session->terminate)) 108 return -EIO; 109 110 skb = alloc_skb(size + 1, GFP_ATOMIC); 111 if (!skb) { 112 BT_ERR("Can't allocate memory for new frame"); 113 return -ENOMEM; 114 } 115 116 skb_put_u8(skb, hdr); 117 if (data && size > 0) 118 skb_put_data(skb, data, size); 119 120 skb_queue_tail(transmit, skb); 121 wake_up_interruptible(sk_sleep(sk)); 122 123 return 0; 124 } 125 126 static int hidp_send_ctrl_message(struct hidp_session *session, 127 unsigned char hdr, const unsigned char *data, 128 int size) 129 { 130 return hidp_send_message(session, session->ctrl_sock, 131 &session->ctrl_transmit, hdr, data, size); 132 } 133 134 static int hidp_send_intr_message(struct hidp_session *session, 135 unsigned char hdr, const unsigned char *data, 136 int size) 137 { 138 return hidp_send_message(session, session->intr_sock, 139 &session->intr_transmit, hdr, data, size); 140 } 141 142 static int hidp_input_event(struct input_dev *dev, unsigned int type, 143 unsigned int code, int value) 144 { 145 struct hidp_session *session = input_get_drvdata(dev); 146 unsigned char newleds; 147 unsigned char hdr, data[2]; 148 149 BT_DBG("session %p type %d code %d value %d", 150 session, type, code, value); 151 152 if (type != EV_LED) 153 return -1; 154 155 newleds = (!!test_bit(LED_KANA, dev->led) << 3) | 156 (!!test_bit(LED_COMPOSE, dev->led) << 3) | 157 (!!test_bit(LED_SCROLLL, dev->led) << 2) | 158 (!!test_bit(LED_CAPSL, dev->led) << 1) | 159 (!!test_bit(LED_NUML, dev->led) << 0); 160 161 if (session->leds == newleds) 162 return 0; 163 164 session->leds = newleds; 165 166 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; 167 data[0] = 0x01; 168 data[1] = newleds; 169 170 return hidp_send_intr_message(session, hdr, data, 2); 171 } 172 173 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) 174 { 175 struct input_dev *dev = session->input; 176 unsigned char *keys = session->keys; 177 unsigned char *udata = skb->data + 1; 178 signed char *sdata = skb->data + 1; 179 int i, size = skb->len - 1; 180 181 switch (skb->data[0]) { 182 case 0x01: /* Keyboard report */ 183 for (i = 0; i < 8; i++) 184 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1); 185 186 /* If all the key codes have been set to 0x01, it means 187 * too many keys were pressed at the same time. */ 188 if (!memcmp(udata + 2, hidp_mkeyspat, 6)) 189 break; 190 191 for (i = 2; i < 8; i++) { 192 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) { 193 if (hidp_keycode[keys[i]]) 194 input_report_key(dev, hidp_keycode[keys[i]], 0); 195 else 196 BT_ERR("Unknown key (scancode %#x) released.", keys[i]); 197 } 198 199 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) { 200 if (hidp_keycode[udata[i]]) 201 input_report_key(dev, hidp_keycode[udata[i]], 1); 202 else 203 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]); 204 } 205 } 206 207 memcpy(keys, udata, 8); 208 break; 209 210 case 0x02: /* Mouse report */ 211 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01); 212 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02); 213 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04); 214 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08); 215 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10); 216 217 input_report_rel(dev, REL_X, sdata[1]); 218 input_report_rel(dev, REL_Y, sdata[2]); 219 220 if (size > 3) 221 input_report_rel(dev, REL_WHEEL, sdata[3]); 222 break; 223 } 224 225 input_sync(dev); 226 } 227 228 static int hidp_get_raw_report(struct hid_device *hid, 229 unsigned char report_number, 230 unsigned char *data, size_t count, 231 unsigned char report_type) 232 { 233 struct hidp_session *session = hid->driver_data; 234 struct sk_buff *skb; 235 size_t len; 236 int numbered_reports = hid->report_enum[report_type].numbered; 237 int ret; 238 239 if (atomic_read(&session->terminate)) 240 return -EIO; 241 242 switch (report_type) { 243 case HID_FEATURE_REPORT: 244 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE; 245 break; 246 case HID_INPUT_REPORT: 247 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT; 248 break; 249 case HID_OUTPUT_REPORT: 250 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT; 251 break; 252 default: 253 return -EINVAL; 254 } 255 256 if (mutex_lock_interruptible(&session->report_mutex)) 257 return -ERESTARTSYS; 258 259 /* Set up our wait, and send the report request to the device. */ 260 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK; 261 session->waiting_report_number = numbered_reports ? report_number : -1; 262 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 263 data[0] = report_number; 264 ret = hidp_send_ctrl_message(session, report_type, data, 1); 265 if (ret) 266 goto err; 267 268 /* Wait for the return of the report. The returned report 269 gets put in session->report_return. */ 270 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) && 271 !atomic_read(&session->terminate)) { 272 int res; 273 274 res = wait_event_interruptible_timeout(session->report_queue, 275 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) 276 || atomic_read(&session->terminate), 277 5*HZ); 278 if (res == 0) { 279 /* timeout */ 280 ret = -EIO; 281 goto err; 282 } 283 if (res < 0) { 284 /* signal */ 285 ret = -ERESTARTSYS; 286 goto err; 287 } 288 } 289 290 skb = session->report_return; 291 if (skb) { 292 len = skb->len < count ? skb->len : count; 293 memcpy(data, skb->data, len); 294 295 kfree_skb(skb); 296 session->report_return = NULL; 297 } else { 298 /* Device returned a HANDSHAKE, indicating protocol error. */ 299 len = -EIO; 300 } 301 302 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 303 mutex_unlock(&session->report_mutex); 304 305 return len; 306 307 err: 308 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 309 mutex_unlock(&session->report_mutex); 310 return ret; 311 } 312 313 static int hidp_set_raw_report(struct hid_device *hid, unsigned char reportnum, 314 unsigned char *data, size_t count, 315 unsigned char report_type) 316 { 317 struct hidp_session *session = hid->driver_data; 318 int ret; 319 320 switch (report_type) { 321 case HID_FEATURE_REPORT: 322 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE; 323 break; 324 case HID_INPUT_REPORT: 325 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_INPUT; 326 break; 327 case HID_OUTPUT_REPORT: 328 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT; 329 break; 330 default: 331 return -EINVAL; 332 } 333 334 if (mutex_lock_interruptible(&session->report_mutex)) 335 return -ERESTARTSYS; 336 337 /* Set up our wait, and send the report request to the device. */ 338 data[0] = reportnum; 339 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); 340 ret = hidp_send_ctrl_message(session, report_type, data, count); 341 if (ret) 342 goto err; 343 344 /* Wait for the ACK from the device. */ 345 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) && 346 !atomic_read(&session->terminate)) { 347 int res; 348 349 res = wait_event_interruptible_timeout(session->report_queue, 350 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) 351 || atomic_read(&session->terminate), 352 10*HZ); 353 if (res == 0) { 354 /* timeout */ 355 ret = -EIO; 356 goto err; 357 } 358 if (res < 0) { 359 /* signal */ 360 ret = -ERESTARTSYS; 361 goto err; 362 } 363 } 364 365 if (!session->output_report_success) { 366 ret = -EIO; 367 goto err; 368 } 369 370 ret = count; 371 372 err: 373 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); 374 mutex_unlock(&session->report_mutex); 375 return ret; 376 } 377 378 static int hidp_output_report(struct hid_device *hid, __u8 *data, size_t count) 379 { 380 struct hidp_session *session = hid->driver_data; 381 382 return hidp_send_intr_message(session, 383 HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT, 384 data, count); 385 } 386 387 static int hidp_raw_request(struct hid_device *hid, unsigned char reportnum, 388 __u8 *buf, size_t len, unsigned char rtype, 389 int reqtype) 390 { 391 switch (reqtype) { 392 case HID_REQ_GET_REPORT: 393 return hidp_get_raw_report(hid, reportnum, buf, len, rtype); 394 case HID_REQ_SET_REPORT: 395 return hidp_set_raw_report(hid, reportnum, buf, len, rtype); 396 default: 397 return -EIO; 398 } 399 } 400 401 static void hidp_idle_timeout(unsigned long arg) 402 { 403 struct hidp_session *session = (struct hidp_session *) arg; 404 405 /* The HIDP user-space API only contains calls to add and remove 406 * devices. There is no way to forward events of any kind. Therefore, 407 * we have to forcefully disconnect a device on idle-timeouts. This is 408 * unfortunate and weird API design, but it is spec-compliant and 409 * required for backwards-compatibility. Hence, on idle-timeout, we 410 * signal driver-detach events, so poll() will be woken up with an 411 * error-condition on both sockets. 412 */ 413 414 session->intr_sock->sk->sk_err = EUNATCH; 415 session->ctrl_sock->sk->sk_err = EUNATCH; 416 wake_up_interruptible(sk_sleep(session->intr_sock->sk)); 417 wake_up_interruptible(sk_sleep(session->ctrl_sock->sk)); 418 419 hidp_session_terminate(session); 420 } 421 422 static void hidp_set_timer(struct hidp_session *session) 423 { 424 if (session->idle_to > 0) 425 mod_timer(&session->timer, jiffies + HZ * session->idle_to); 426 } 427 428 static void hidp_del_timer(struct hidp_session *session) 429 { 430 if (session->idle_to > 0) 431 del_timer(&session->timer); 432 } 433 434 static void hidp_process_report(struct hidp_session *session, 435 int type, const u8 *data, int len, int intr) 436 { 437 if (len > HID_MAX_BUFFER_SIZE) 438 len = HID_MAX_BUFFER_SIZE; 439 440 memcpy(session->input_buf, data, len); 441 hid_input_report(session->hid, type, session->input_buf, len, intr); 442 } 443 444 static void hidp_process_handshake(struct hidp_session *session, 445 unsigned char param) 446 { 447 BT_DBG("session %p param 0x%02x", session, param); 448 session->output_report_success = 0; /* default condition */ 449 450 switch (param) { 451 case HIDP_HSHK_SUCCESSFUL: 452 /* FIXME: Call into SET_ GET_ handlers here */ 453 session->output_report_success = 1; 454 break; 455 456 case HIDP_HSHK_NOT_READY: 457 case HIDP_HSHK_ERR_INVALID_REPORT_ID: 458 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST: 459 case HIDP_HSHK_ERR_INVALID_PARAMETER: 460 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) 461 wake_up_interruptible(&session->report_queue); 462 463 /* FIXME: Call into SET_ GET_ handlers here */ 464 break; 465 466 case HIDP_HSHK_ERR_UNKNOWN: 467 break; 468 469 case HIDP_HSHK_ERR_FATAL: 470 /* Device requests a reboot, as this is the only way this error 471 * can be recovered. */ 472 hidp_send_ctrl_message(session, 473 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0); 474 break; 475 476 default: 477 hidp_send_ctrl_message(session, 478 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 479 break; 480 } 481 482 /* Wake up the waiting thread. */ 483 if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) 484 wake_up_interruptible(&session->report_queue); 485 } 486 487 static void hidp_process_hid_control(struct hidp_session *session, 488 unsigned char param) 489 { 490 BT_DBG("session %p param 0x%02x", session, param); 491 492 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) { 493 /* Flush the transmit queues */ 494 skb_queue_purge(&session->ctrl_transmit); 495 skb_queue_purge(&session->intr_transmit); 496 497 hidp_session_terminate(session); 498 } 499 } 500 501 /* Returns true if the passed-in skb should be freed by the caller. */ 502 static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb, 503 unsigned char param) 504 { 505 int done_with_skb = 1; 506 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param); 507 508 switch (param) { 509 case HIDP_DATA_RTYPE_INPUT: 510 hidp_set_timer(session); 511 512 if (session->input) 513 hidp_input_report(session, skb); 514 515 if (session->hid) 516 hidp_process_report(session, HID_INPUT_REPORT, 517 skb->data, skb->len, 0); 518 break; 519 520 case HIDP_DATA_RTYPE_OTHER: 521 case HIDP_DATA_RTYPE_OUPUT: 522 case HIDP_DATA_RTYPE_FEATURE: 523 break; 524 525 default: 526 hidp_send_ctrl_message(session, 527 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 528 } 529 530 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) && 531 param == session->waiting_report_type) { 532 if (session->waiting_report_number < 0 || 533 session->waiting_report_number == skb->data[0]) { 534 /* hidp_get_raw_report() is waiting on this report. */ 535 session->report_return = skb; 536 done_with_skb = 0; 537 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 538 wake_up_interruptible(&session->report_queue); 539 } 540 } 541 542 return done_with_skb; 543 } 544 545 static void hidp_recv_ctrl_frame(struct hidp_session *session, 546 struct sk_buff *skb) 547 { 548 unsigned char hdr, type, param; 549 int free_skb = 1; 550 551 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 552 553 hdr = skb->data[0]; 554 skb_pull(skb, 1); 555 556 type = hdr & HIDP_HEADER_TRANS_MASK; 557 param = hdr & HIDP_HEADER_PARAM_MASK; 558 559 switch (type) { 560 case HIDP_TRANS_HANDSHAKE: 561 hidp_process_handshake(session, param); 562 break; 563 564 case HIDP_TRANS_HID_CONTROL: 565 hidp_process_hid_control(session, param); 566 break; 567 568 case HIDP_TRANS_DATA: 569 free_skb = hidp_process_data(session, skb, param); 570 break; 571 572 default: 573 hidp_send_ctrl_message(session, 574 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0); 575 break; 576 } 577 578 if (free_skb) 579 kfree_skb(skb); 580 } 581 582 static void hidp_recv_intr_frame(struct hidp_session *session, 583 struct sk_buff *skb) 584 { 585 unsigned char hdr; 586 587 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 588 589 hdr = skb->data[0]; 590 skb_pull(skb, 1); 591 592 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) { 593 hidp_set_timer(session); 594 595 if (session->input) 596 hidp_input_report(session, skb); 597 598 if (session->hid) { 599 hidp_process_report(session, HID_INPUT_REPORT, 600 skb->data, skb->len, 1); 601 BT_DBG("report len %d", skb->len); 602 } 603 } else { 604 BT_DBG("Unsupported protocol header 0x%02x", hdr); 605 } 606 607 kfree_skb(skb); 608 } 609 610 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len) 611 { 612 struct kvec iv = { data, len }; 613 struct msghdr msg; 614 615 BT_DBG("sock %p data %p len %d", sock, data, len); 616 617 if (!len) 618 return 0; 619 620 memset(&msg, 0, sizeof(msg)); 621 622 return kernel_sendmsg(sock, &msg, &iv, 1, len); 623 } 624 625 /* dequeue message from @transmit and send via @sock */ 626 static void hidp_process_transmit(struct hidp_session *session, 627 struct sk_buff_head *transmit, 628 struct socket *sock) 629 { 630 struct sk_buff *skb; 631 int ret; 632 633 BT_DBG("session %p", session); 634 635 while ((skb = skb_dequeue(transmit))) { 636 ret = hidp_send_frame(sock, skb->data, skb->len); 637 if (ret == -EAGAIN) { 638 skb_queue_head(transmit, skb); 639 break; 640 } else if (ret < 0) { 641 hidp_session_terminate(session); 642 kfree_skb(skb); 643 break; 644 } 645 646 hidp_set_timer(session); 647 kfree_skb(skb); 648 } 649 } 650 651 static int hidp_setup_input(struct hidp_session *session, 652 struct hidp_connadd_req *req) 653 { 654 struct input_dev *input; 655 int i; 656 657 input = input_allocate_device(); 658 if (!input) 659 return -ENOMEM; 660 661 session->input = input; 662 663 input_set_drvdata(input, session); 664 665 input->name = "Bluetooth HID Boot Protocol Device"; 666 667 input->id.bustype = BUS_BLUETOOTH; 668 input->id.vendor = req->vendor; 669 input->id.product = req->product; 670 input->id.version = req->version; 671 672 if (req->subclass & 0x40) { 673 set_bit(EV_KEY, input->evbit); 674 set_bit(EV_LED, input->evbit); 675 set_bit(EV_REP, input->evbit); 676 677 set_bit(LED_NUML, input->ledbit); 678 set_bit(LED_CAPSL, input->ledbit); 679 set_bit(LED_SCROLLL, input->ledbit); 680 set_bit(LED_COMPOSE, input->ledbit); 681 set_bit(LED_KANA, input->ledbit); 682 683 for (i = 0; i < sizeof(hidp_keycode); i++) 684 set_bit(hidp_keycode[i], input->keybit); 685 clear_bit(0, input->keybit); 686 } 687 688 if (req->subclass & 0x80) { 689 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL); 690 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) | 691 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE); 692 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y); 693 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) | 694 BIT_MASK(BTN_EXTRA); 695 input->relbit[0] |= BIT_MASK(REL_WHEEL); 696 } 697 698 input->dev.parent = &session->conn->hcon->dev; 699 700 input->event = hidp_input_event; 701 702 return 0; 703 } 704 705 static int hidp_open(struct hid_device *hid) 706 { 707 return 0; 708 } 709 710 static void hidp_close(struct hid_device *hid) 711 { 712 } 713 714 static int hidp_parse(struct hid_device *hid) 715 { 716 struct hidp_session *session = hid->driver_data; 717 718 return hid_parse_report(session->hid, session->rd_data, 719 session->rd_size); 720 } 721 722 static int hidp_start(struct hid_device *hid) 723 { 724 return 0; 725 } 726 727 static void hidp_stop(struct hid_device *hid) 728 { 729 struct hidp_session *session = hid->driver_data; 730 731 skb_queue_purge(&session->ctrl_transmit); 732 skb_queue_purge(&session->intr_transmit); 733 734 hid->claimed = 0; 735 } 736 737 struct hid_ll_driver hidp_hid_driver = { 738 .parse = hidp_parse, 739 .start = hidp_start, 740 .stop = hidp_stop, 741 .open = hidp_open, 742 .close = hidp_close, 743 .raw_request = hidp_raw_request, 744 .output_report = hidp_output_report, 745 }; 746 EXPORT_SYMBOL_GPL(hidp_hid_driver); 747 748 /* This function sets up the hid device. It does not add it 749 to the HID system. That is done in hidp_add_connection(). */ 750 static int hidp_setup_hid(struct hidp_session *session, 751 struct hidp_connadd_req *req) 752 { 753 struct hid_device *hid; 754 int err; 755 756 session->rd_data = memdup_user(req->rd_data, req->rd_size); 757 if (IS_ERR(session->rd_data)) 758 return PTR_ERR(session->rd_data); 759 760 session->rd_size = req->rd_size; 761 762 hid = hid_allocate_device(); 763 if (IS_ERR(hid)) { 764 err = PTR_ERR(hid); 765 goto fault; 766 } 767 768 session->hid = hid; 769 770 hid->driver_data = session; 771 772 hid->bus = BUS_BLUETOOTH; 773 hid->vendor = req->vendor; 774 hid->product = req->product; 775 hid->version = req->version; 776 hid->country = req->country; 777 778 strncpy(hid->name, req->name, sizeof(req->name) - 1); 779 780 snprintf(hid->phys, sizeof(hid->phys), "%pMR", 781 &l2cap_pi(session->ctrl_sock->sk)->chan->src); 782 783 /* NOTE: Some device modules depend on the dst address being stored in 784 * uniq. Please be aware of this before making changes to this behavior. 785 */ 786 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR", 787 &l2cap_pi(session->ctrl_sock->sk)->chan->dst); 788 789 hid->dev.parent = &session->conn->hcon->dev; 790 hid->ll_driver = &hidp_hid_driver; 791 792 /* True if device is blacklisted in drivers/hid/hid-core.c */ 793 if (hid_ignore(hid)) { 794 hid_destroy_device(session->hid); 795 session->hid = NULL; 796 return -ENODEV; 797 } 798 799 return 0; 800 801 fault: 802 kfree(session->rd_data); 803 session->rd_data = NULL; 804 805 return err; 806 } 807 808 /* initialize session devices */ 809 static int hidp_session_dev_init(struct hidp_session *session, 810 struct hidp_connadd_req *req) 811 { 812 int ret; 813 814 if (req->rd_size > 0) { 815 ret = hidp_setup_hid(session, req); 816 if (ret && ret != -ENODEV) 817 return ret; 818 } 819 820 if (!session->hid) { 821 ret = hidp_setup_input(session, req); 822 if (ret < 0) 823 return ret; 824 } 825 826 return 0; 827 } 828 829 /* destroy session devices */ 830 static void hidp_session_dev_destroy(struct hidp_session *session) 831 { 832 if (session->hid) 833 put_device(&session->hid->dev); 834 else if (session->input) 835 input_put_device(session->input); 836 837 kfree(session->rd_data); 838 session->rd_data = NULL; 839 } 840 841 /* add HID/input devices to their underlying bus systems */ 842 static int hidp_session_dev_add(struct hidp_session *session) 843 { 844 int ret; 845 846 /* Both HID and input systems drop a ref-count when unregistering the 847 * device but they don't take a ref-count when registering them. Work 848 * around this by explicitly taking a refcount during registration 849 * which is dropped automatically by unregistering the devices. */ 850 851 if (session->hid) { 852 ret = hid_add_device(session->hid); 853 if (ret) 854 return ret; 855 get_device(&session->hid->dev); 856 } else if (session->input) { 857 ret = input_register_device(session->input); 858 if (ret) 859 return ret; 860 input_get_device(session->input); 861 } 862 863 return 0; 864 } 865 866 /* remove HID/input devices from their bus systems */ 867 static void hidp_session_dev_del(struct hidp_session *session) 868 { 869 if (session->hid) 870 hid_destroy_device(session->hid); 871 else if (session->input) 872 input_unregister_device(session->input); 873 } 874 875 /* 876 * Asynchronous device registration 877 * HID device drivers might want to perform I/O during initialization to 878 * detect device types. Therefore, call device registration in a separate 879 * worker so the HIDP thread can schedule I/O operations. 880 * Note that this must be called after the worker thread was initialized 881 * successfully. This will then add the devices and increase session state 882 * on success, otherwise it will terminate the session thread. 883 */ 884 static void hidp_session_dev_work(struct work_struct *work) 885 { 886 struct hidp_session *session = container_of(work, 887 struct hidp_session, 888 dev_init); 889 int ret; 890 891 ret = hidp_session_dev_add(session); 892 if (!ret) 893 atomic_inc(&session->state); 894 else 895 hidp_session_terminate(session); 896 } 897 898 /* 899 * Create new session object 900 * Allocate session object, initialize static fields, copy input data into the 901 * object and take a reference to all sub-objects. 902 * This returns 0 on success and puts a pointer to the new session object in 903 * \out. Otherwise, an error code is returned. 904 * The new session object has an initial ref-count of 1. 905 */ 906 static int hidp_session_new(struct hidp_session **out, const bdaddr_t *bdaddr, 907 struct socket *ctrl_sock, 908 struct socket *intr_sock, 909 struct hidp_connadd_req *req, 910 struct l2cap_conn *conn) 911 { 912 struct hidp_session *session; 913 int ret; 914 struct bt_sock *ctrl, *intr; 915 916 ctrl = bt_sk(ctrl_sock->sk); 917 intr = bt_sk(intr_sock->sk); 918 919 session = kzalloc(sizeof(*session), GFP_KERNEL); 920 if (!session) 921 return -ENOMEM; 922 923 /* object and runtime management */ 924 kref_init(&session->ref); 925 atomic_set(&session->state, HIDP_SESSION_IDLING); 926 init_waitqueue_head(&session->state_queue); 927 session->flags = req->flags & BIT(HIDP_BLUETOOTH_VENDOR_ID); 928 929 /* connection management */ 930 bacpy(&session->bdaddr, bdaddr); 931 session->conn = l2cap_conn_get(conn); 932 session->user.probe = hidp_session_probe; 933 session->user.remove = hidp_session_remove; 934 INIT_LIST_HEAD(&session->user.list); 935 session->ctrl_sock = ctrl_sock; 936 session->intr_sock = intr_sock; 937 skb_queue_head_init(&session->ctrl_transmit); 938 skb_queue_head_init(&session->intr_transmit); 939 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl)->chan->omtu, 940 l2cap_pi(ctrl)->chan->imtu); 941 session->intr_mtu = min_t(uint, l2cap_pi(intr)->chan->omtu, 942 l2cap_pi(intr)->chan->imtu); 943 session->idle_to = req->idle_to; 944 945 /* device management */ 946 INIT_WORK(&session->dev_init, hidp_session_dev_work); 947 setup_timer(&session->timer, hidp_idle_timeout, 948 (unsigned long)session); 949 950 /* session data */ 951 mutex_init(&session->report_mutex); 952 init_waitqueue_head(&session->report_queue); 953 954 ret = hidp_session_dev_init(session, req); 955 if (ret) 956 goto err_free; 957 958 get_file(session->intr_sock->file); 959 get_file(session->ctrl_sock->file); 960 *out = session; 961 return 0; 962 963 err_free: 964 l2cap_conn_put(session->conn); 965 kfree(session); 966 return ret; 967 } 968 969 /* increase ref-count of the given session by one */ 970 static void hidp_session_get(struct hidp_session *session) 971 { 972 kref_get(&session->ref); 973 } 974 975 /* release callback */ 976 static void session_free(struct kref *ref) 977 { 978 struct hidp_session *session = container_of(ref, struct hidp_session, 979 ref); 980 981 hidp_session_dev_destroy(session); 982 skb_queue_purge(&session->ctrl_transmit); 983 skb_queue_purge(&session->intr_transmit); 984 fput(session->intr_sock->file); 985 fput(session->ctrl_sock->file); 986 l2cap_conn_put(session->conn); 987 kfree(session); 988 } 989 990 /* decrease ref-count of the given session by one */ 991 static void hidp_session_put(struct hidp_session *session) 992 { 993 kref_put(&session->ref, session_free); 994 } 995 996 /* 997 * Search the list of active sessions for a session with target address 998 * \bdaddr. You must hold at least a read-lock on \hidp_session_sem. As long as 999 * you do not release this lock, the session objects cannot vanish and you can 1000 * safely take a reference to the session yourself. 1001 */ 1002 static struct hidp_session *__hidp_session_find(const bdaddr_t *bdaddr) 1003 { 1004 struct hidp_session *session; 1005 1006 list_for_each_entry(session, &hidp_session_list, list) { 1007 if (!bacmp(bdaddr, &session->bdaddr)) 1008 return session; 1009 } 1010 1011 return NULL; 1012 } 1013 1014 /* 1015 * Same as __hidp_session_find() but no locks must be held. This also takes a 1016 * reference of the returned session (if non-NULL) so you must drop this 1017 * reference if you no longer use the object. 1018 */ 1019 static struct hidp_session *hidp_session_find(const bdaddr_t *bdaddr) 1020 { 1021 struct hidp_session *session; 1022 1023 down_read(&hidp_session_sem); 1024 1025 session = __hidp_session_find(bdaddr); 1026 if (session) 1027 hidp_session_get(session); 1028 1029 up_read(&hidp_session_sem); 1030 1031 return session; 1032 } 1033 1034 /* 1035 * Start session synchronously 1036 * This starts a session thread and waits until initialization 1037 * is done or returns an error if it couldn't be started. 1038 * If this returns 0 the session thread is up and running. You must call 1039 * hipd_session_stop_sync() before deleting any runtime resources. 1040 */ 1041 static int hidp_session_start_sync(struct hidp_session *session) 1042 { 1043 unsigned int vendor, product; 1044 1045 if (session->hid) { 1046 vendor = session->hid->vendor; 1047 product = session->hid->product; 1048 } else if (session->input) { 1049 vendor = session->input->id.vendor; 1050 product = session->input->id.product; 1051 } else { 1052 vendor = 0x0000; 1053 product = 0x0000; 1054 } 1055 1056 session->task = kthread_run(hidp_session_thread, session, 1057 "khidpd_%04x%04x", vendor, product); 1058 if (IS_ERR(session->task)) 1059 return PTR_ERR(session->task); 1060 1061 while (atomic_read(&session->state) <= HIDP_SESSION_IDLING) 1062 wait_event(session->state_queue, 1063 atomic_read(&session->state) > HIDP_SESSION_IDLING); 1064 1065 return 0; 1066 } 1067 1068 /* 1069 * Terminate session thread 1070 * Wake up session thread and notify it to stop. This is asynchronous and 1071 * returns immediately. Call this whenever a runtime error occurs and you want 1072 * the session to stop. 1073 * Note: wake_up_interruptible() performs any necessary memory-barriers for us. 1074 */ 1075 static void hidp_session_terminate(struct hidp_session *session) 1076 { 1077 atomic_inc(&session->terminate); 1078 wake_up_interruptible(&hidp_session_wq); 1079 } 1080 1081 /* 1082 * Probe HIDP session 1083 * This is called from the l2cap_conn core when our l2cap_user object is bound 1084 * to the hci-connection. We get the session via the \user object and can now 1085 * start the session thread, link it into the global session list and 1086 * schedule HID/input device registration. 1087 * The global session-list owns its own reference to the session object so you 1088 * can drop your own reference after registering the l2cap_user object. 1089 */ 1090 static int hidp_session_probe(struct l2cap_conn *conn, 1091 struct l2cap_user *user) 1092 { 1093 struct hidp_session *session = container_of(user, 1094 struct hidp_session, 1095 user); 1096 struct hidp_session *s; 1097 int ret; 1098 1099 down_write(&hidp_session_sem); 1100 1101 /* check that no other session for this device exists */ 1102 s = __hidp_session_find(&session->bdaddr); 1103 if (s) { 1104 ret = -EEXIST; 1105 goto out_unlock; 1106 } 1107 1108 if (session->input) { 1109 ret = hidp_session_dev_add(session); 1110 if (ret) 1111 goto out_unlock; 1112 } 1113 1114 ret = hidp_session_start_sync(session); 1115 if (ret) 1116 goto out_del; 1117 1118 /* HID device registration is async to allow I/O during probe */ 1119 if (session->input) 1120 atomic_inc(&session->state); 1121 else 1122 schedule_work(&session->dev_init); 1123 1124 hidp_session_get(session); 1125 list_add(&session->list, &hidp_session_list); 1126 ret = 0; 1127 goto out_unlock; 1128 1129 out_del: 1130 if (session->input) 1131 hidp_session_dev_del(session); 1132 out_unlock: 1133 up_write(&hidp_session_sem); 1134 return ret; 1135 } 1136 1137 /* 1138 * Remove HIDP session 1139 * Called from the l2cap_conn core when either we explicitly unregistered 1140 * the l2cap_user object or if the underlying connection is shut down. 1141 * We signal the hidp-session thread to shut down, unregister the HID/input 1142 * devices and unlink the session from the global list. 1143 * This drops the reference to the session that is owned by the global 1144 * session-list. 1145 * Note: We _must_ not synchronosly wait for the session-thread to shut down. 1146 * This is, because the session-thread might be waiting for an HCI lock that is 1147 * held while we are called. Therefore, we only unregister the devices and 1148 * notify the session-thread to terminate. The thread itself owns a reference 1149 * to the session object so it can safely shut down. 1150 */ 1151 static void hidp_session_remove(struct l2cap_conn *conn, 1152 struct l2cap_user *user) 1153 { 1154 struct hidp_session *session = container_of(user, 1155 struct hidp_session, 1156 user); 1157 1158 down_write(&hidp_session_sem); 1159 1160 hidp_session_terminate(session); 1161 1162 cancel_work_sync(&session->dev_init); 1163 if (session->input || 1164 atomic_read(&session->state) > HIDP_SESSION_PREPARING) 1165 hidp_session_dev_del(session); 1166 1167 list_del(&session->list); 1168 1169 up_write(&hidp_session_sem); 1170 1171 hidp_session_put(session); 1172 } 1173 1174 /* 1175 * Session Worker 1176 * This performs the actual main-loop of the HIDP worker. We first check 1177 * whether the underlying connection is still alive, then parse all pending 1178 * messages and finally send all outstanding messages. 1179 */ 1180 static void hidp_session_run(struct hidp_session *session) 1181 { 1182 struct sock *ctrl_sk = session->ctrl_sock->sk; 1183 struct sock *intr_sk = session->intr_sock->sk; 1184 struct sk_buff *skb; 1185 DEFINE_WAIT_FUNC(wait, woken_wake_function); 1186 1187 add_wait_queue(&hidp_session_wq, &wait); 1188 for (;;) { 1189 /* 1190 * This thread can be woken up two ways: 1191 * - You call hidp_session_terminate() which sets the 1192 * session->terminate flag and wakes this thread up. 1193 * - Via modifying the socket state of ctrl/intr_sock. This 1194 * thread is woken up by ->sk_state_changed(). 1195 */ 1196 1197 /* Ensure session->terminate is updated */ 1198 smp_mb__before_atomic(); 1199 if (atomic_read(&session->terminate)) 1200 break; 1201 1202 if (ctrl_sk->sk_state != BT_CONNECTED || 1203 intr_sk->sk_state != BT_CONNECTED) 1204 break; 1205 1206 /* parse incoming intr-skbs */ 1207 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) { 1208 skb_orphan(skb); 1209 if (!skb_linearize(skb)) 1210 hidp_recv_intr_frame(session, skb); 1211 else 1212 kfree_skb(skb); 1213 } 1214 1215 /* send pending intr-skbs */ 1216 hidp_process_transmit(session, &session->intr_transmit, 1217 session->intr_sock); 1218 1219 /* parse incoming ctrl-skbs */ 1220 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) { 1221 skb_orphan(skb); 1222 if (!skb_linearize(skb)) 1223 hidp_recv_ctrl_frame(session, skb); 1224 else 1225 kfree_skb(skb); 1226 } 1227 1228 /* send pending ctrl-skbs */ 1229 hidp_process_transmit(session, &session->ctrl_transmit, 1230 session->ctrl_sock); 1231 1232 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT); 1233 } 1234 remove_wait_queue(&hidp_session_wq, &wait); 1235 1236 atomic_inc(&session->terminate); 1237 1238 /* Ensure session->terminate is updated */ 1239 smp_mb__after_atomic(); 1240 } 1241 1242 static int hidp_session_wake_function(wait_queue_entry_t *wait, 1243 unsigned int mode, 1244 int sync, void *key) 1245 { 1246 wake_up_interruptible(&hidp_session_wq); 1247 return false; 1248 } 1249 1250 /* 1251 * HIDP session thread 1252 * This thread runs the I/O for a single HIDP session. Startup is synchronous 1253 * which allows us to take references to ourself here instead of doing that in 1254 * the caller. 1255 * When we are ready to run we notify the caller and call hidp_session_run(). 1256 */ 1257 static int hidp_session_thread(void *arg) 1258 { 1259 struct hidp_session *session = arg; 1260 DEFINE_WAIT_FUNC(ctrl_wait, hidp_session_wake_function); 1261 DEFINE_WAIT_FUNC(intr_wait, hidp_session_wake_function); 1262 1263 BT_DBG("session %p", session); 1264 1265 /* initialize runtime environment */ 1266 hidp_session_get(session); 1267 __module_get(THIS_MODULE); 1268 set_user_nice(current, -15); 1269 hidp_set_timer(session); 1270 1271 add_wait_queue(sk_sleep(session->ctrl_sock->sk), &ctrl_wait); 1272 add_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait); 1273 /* This memory barrier is paired with wq_has_sleeper(). See 1274 * sock_poll_wait() for more information why this is needed. */ 1275 smp_mb(); 1276 1277 /* notify synchronous startup that we're ready */ 1278 atomic_inc(&session->state); 1279 wake_up(&session->state_queue); 1280 1281 /* run session */ 1282 hidp_session_run(session); 1283 1284 /* cleanup runtime environment */ 1285 remove_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait); 1286 remove_wait_queue(sk_sleep(session->intr_sock->sk), &ctrl_wait); 1287 wake_up_interruptible(&session->report_queue); 1288 hidp_del_timer(session); 1289 1290 /* 1291 * If we stopped ourself due to any internal signal, we should try to 1292 * unregister our own session here to avoid having it linger until the 1293 * parent l2cap_conn dies or user-space cleans it up. 1294 * This does not deadlock as we don't do any synchronous shutdown. 1295 * Instead, this call has the same semantics as if user-space tried to 1296 * delete the session. 1297 */ 1298 l2cap_unregister_user(session->conn, &session->user); 1299 hidp_session_put(session); 1300 1301 module_put_and_exit(0); 1302 return 0; 1303 } 1304 1305 static int hidp_verify_sockets(struct socket *ctrl_sock, 1306 struct socket *intr_sock) 1307 { 1308 struct l2cap_chan *ctrl_chan, *intr_chan; 1309 struct bt_sock *ctrl, *intr; 1310 struct hidp_session *session; 1311 1312 if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock)) 1313 return -EINVAL; 1314 1315 ctrl_chan = l2cap_pi(ctrl_sock->sk)->chan; 1316 intr_chan = l2cap_pi(intr_sock->sk)->chan; 1317 1318 if (bacmp(&ctrl_chan->src, &intr_chan->src) || 1319 bacmp(&ctrl_chan->dst, &intr_chan->dst)) 1320 return -ENOTUNIQ; 1321 1322 ctrl = bt_sk(ctrl_sock->sk); 1323 intr = bt_sk(intr_sock->sk); 1324 1325 if (ctrl->sk.sk_state != BT_CONNECTED || 1326 intr->sk.sk_state != BT_CONNECTED) 1327 return -EBADFD; 1328 1329 /* early session check, we check again during session registration */ 1330 session = hidp_session_find(&ctrl_chan->dst); 1331 if (session) { 1332 hidp_session_put(session); 1333 return -EEXIST; 1334 } 1335 1336 return 0; 1337 } 1338 1339 int hidp_connection_add(struct hidp_connadd_req *req, 1340 struct socket *ctrl_sock, 1341 struct socket *intr_sock) 1342 { 1343 u32 valid_flags = BIT(HIDP_VIRTUAL_CABLE_UNPLUG) | 1344 BIT(HIDP_BOOT_PROTOCOL_MODE); 1345 struct hidp_session *session; 1346 struct l2cap_conn *conn; 1347 struct l2cap_chan *chan; 1348 int ret; 1349 1350 ret = hidp_verify_sockets(ctrl_sock, intr_sock); 1351 if (ret) 1352 return ret; 1353 1354 if (req->flags & ~valid_flags) 1355 return -EINVAL; 1356 1357 chan = l2cap_pi(ctrl_sock->sk)->chan; 1358 conn = NULL; 1359 l2cap_chan_lock(chan); 1360 if (chan->conn) 1361 conn = l2cap_conn_get(chan->conn); 1362 l2cap_chan_unlock(chan); 1363 1364 if (!conn) 1365 return -EBADFD; 1366 1367 ret = hidp_session_new(&session, &chan->dst, ctrl_sock, 1368 intr_sock, req, conn); 1369 if (ret) 1370 goto out_conn; 1371 1372 ret = l2cap_register_user(conn, &session->user); 1373 if (ret) 1374 goto out_session; 1375 1376 ret = 0; 1377 1378 out_session: 1379 hidp_session_put(session); 1380 out_conn: 1381 l2cap_conn_put(conn); 1382 return ret; 1383 } 1384 1385 int hidp_connection_del(struct hidp_conndel_req *req) 1386 { 1387 u32 valid_flags = BIT(HIDP_VIRTUAL_CABLE_UNPLUG); 1388 struct hidp_session *session; 1389 1390 if (req->flags & ~valid_flags) 1391 return -EINVAL; 1392 1393 session = hidp_session_find(&req->bdaddr); 1394 if (!session) 1395 return -ENOENT; 1396 1397 if (req->flags & BIT(HIDP_VIRTUAL_CABLE_UNPLUG)) 1398 hidp_send_ctrl_message(session, 1399 HIDP_TRANS_HID_CONTROL | 1400 HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, 1401 NULL, 0); 1402 else 1403 l2cap_unregister_user(session->conn, &session->user); 1404 1405 hidp_session_put(session); 1406 1407 return 0; 1408 } 1409 1410 int hidp_get_connlist(struct hidp_connlist_req *req) 1411 { 1412 struct hidp_session *session; 1413 int err = 0, n = 0; 1414 1415 BT_DBG(""); 1416 1417 down_read(&hidp_session_sem); 1418 1419 list_for_each_entry(session, &hidp_session_list, list) { 1420 struct hidp_conninfo ci; 1421 1422 hidp_copy_session(session, &ci); 1423 1424 if (copy_to_user(req->ci, &ci, sizeof(ci))) { 1425 err = -EFAULT; 1426 break; 1427 } 1428 1429 if (++n >= req->cnum) 1430 break; 1431 1432 req->ci++; 1433 } 1434 req->cnum = n; 1435 1436 up_read(&hidp_session_sem); 1437 return err; 1438 } 1439 1440 int hidp_get_conninfo(struct hidp_conninfo *ci) 1441 { 1442 struct hidp_session *session; 1443 1444 session = hidp_session_find(&ci->bdaddr); 1445 if (session) { 1446 hidp_copy_session(session, ci); 1447 hidp_session_put(session); 1448 } 1449 1450 return session ? 0 : -ENOENT; 1451 } 1452 1453 static int __init hidp_init(void) 1454 { 1455 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION); 1456 1457 return hidp_init_sockets(); 1458 } 1459 1460 static void __exit hidp_exit(void) 1461 { 1462 hidp_cleanup_sockets(); 1463 } 1464 1465 module_init(hidp_init); 1466 module_exit(hidp_exit); 1467 1468 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 1469 MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>"); 1470 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION); 1471 MODULE_VERSION(VERSION); 1472 MODULE_LICENSE("GPL"); 1473 MODULE_ALIAS("bt-proto-6"); 1474