1 /* 2 HIDP implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org> 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License version 2 as 7 published by the Free Software Foundation; 8 9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 20 SOFTWARE IS DISCLAIMED. 21 */ 22 23 #include <linux/module.h> 24 25 #include <linux/types.h> 26 #include <linux/errno.h> 27 #include <linux/kernel.h> 28 #include <linux/sched.h> 29 #include <linux/slab.h> 30 #include <linux/poll.h> 31 #include <linux/freezer.h> 32 #include <linux/fcntl.h> 33 #include <linux/skbuff.h> 34 #include <linux/socket.h> 35 #include <linux/ioctl.h> 36 #include <linux/file.h> 37 #include <linux/init.h> 38 #include <linux/wait.h> 39 #include <net/sock.h> 40 41 #include <linux/input.h> 42 #include <linux/hid.h> 43 44 #include <net/bluetooth/bluetooth.h> 45 #include <net/bluetooth/hci_core.h> 46 #include <net/bluetooth/l2cap.h> 47 48 #include "hidp.h" 49 50 #ifndef CONFIG_BT_HIDP_DEBUG 51 #undef BT_DBG 52 #define BT_DBG(D...) 53 #endif 54 55 #define VERSION "1.2" 56 57 static DECLARE_RWSEM(hidp_session_sem); 58 static LIST_HEAD(hidp_session_list); 59 60 static unsigned char hidp_keycode[256] = { 61 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 37, 38, 62 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 21, 44, 2, 3, 63 4, 5, 6, 7, 8, 9, 10, 11, 28, 1, 14, 15, 57, 12, 13, 26, 64 27, 43, 43, 39, 40, 41, 51, 52, 53, 58, 59, 60, 61, 62, 63, 64, 65 65, 66, 67, 68, 87, 88, 99, 70,119,110,102,104,111,107,109,106, 66 105,108,103, 69, 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 67 72, 73, 82, 83, 86,127,116,117,183,184,185,186,187,188,189,190, 68 191,192,193,194,134,138,130,132,128,129,131,137,133,135,136,113, 69 115,114, 0, 0, 0,121, 0, 89, 93,124, 92, 94, 95, 0, 0, 0, 70 122,123, 90, 91, 85, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 71 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 72 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 73 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 74 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 75 29, 42, 56,125, 97, 54,100,126,164,166,165,163,161,115,114,113, 76 150,158,159,128,136,177,178,176,142,152,173,140 77 }; 78 79 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }; 80 81 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr) 82 { 83 struct hidp_session *session; 84 struct list_head *p; 85 86 BT_DBG(""); 87 88 list_for_each(p, &hidp_session_list) { 89 session = list_entry(p, struct hidp_session, list); 90 if (!bacmp(bdaddr, &session->bdaddr)) 91 return session; 92 } 93 return NULL; 94 } 95 96 static void __hidp_link_session(struct hidp_session *session) 97 { 98 __module_get(THIS_MODULE); 99 list_add(&session->list, &hidp_session_list); 100 } 101 102 static void __hidp_unlink_session(struct hidp_session *session) 103 { 104 list_del(&session->list); 105 module_put(THIS_MODULE); 106 } 107 108 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci) 109 { 110 bacpy(&ci->bdaddr, &session->bdaddr); 111 112 ci->flags = session->flags; 113 ci->state = session->state; 114 115 ci->vendor = 0x0000; 116 ci->product = 0x0000; 117 ci->version = 0x0000; 118 memset(ci->name, 0, 128); 119 120 if (session->input) { 121 ci->vendor = session->input->id.vendor; 122 ci->product = session->input->id.product; 123 ci->version = session->input->id.version; 124 if (session->input->name) 125 strncpy(ci->name, session->input->name, 128); 126 else 127 strncpy(ci->name, "HID Boot Device", 128); 128 } 129 130 if (session->hid) { 131 ci->vendor = session->hid->vendor; 132 ci->product = session->hid->product; 133 ci->version = session->hid->version; 134 strncpy(ci->name, session->hid->name, 128); 135 } 136 } 137 138 static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev, 139 unsigned int type, unsigned int code, int value) 140 { 141 unsigned char newleds; 142 struct sk_buff *skb; 143 144 BT_DBG("session %p type %d code %d value %d", session, type, code, value); 145 146 if (type != EV_LED) 147 return -1; 148 149 newleds = (!!test_bit(LED_KANA, dev->led) << 3) | 150 (!!test_bit(LED_COMPOSE, dev->led) << 3) | 151 (!!test_bit(LED_SCROLLL, dev->led) << 2) | 152 (!!test_bit(LED_CAPSL, dev->led) << 1) | 153 (!!test_bit(LED_NUML, dev->led)); 154 155 if (session->leds == newleds) 156 return 0; 157 158 session->leds = newleds; 159 160 if (!(skb = alloc_skb(3, GFP_ATOMIC))) { 161 BT_ERR("Can't allocate memory for new frame"); 162 return -ENOMEM; 163 } 164 165 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; 166 *skb_put(skb, 1) = 0x01; 167 *skb_put(skb, 1) = newleds; 168 169 skb_queue_tail(&session->intr_transmit, skb); 170 171 hidp_schedule(session); 172 173 return 0; 174 } 175 176 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 177 { 178 struct hid_device *hid = input_get_drvdata(dev); 179 struct hidp_session *session = hid->driver_data; 180 181 return hidp_queue_event(session, dev, type, code, value); 182 } 183 184 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 185 { 186 struct hidp_session *session = input_get_drvdata(dev); 187 188 return hidp_queue_event(session, dev, type, code, value); 189 } 190 191 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) 192 { 193 struct input_dev *dev = session->input; 194 unsigned char *keys = session->keys; 195 unsigned char *udata = skb->data + 1; 196 signed char *sdata = skb->data + 1; 197 int i, size = skb->len - 1; 198 199 switch (skb->data[0]) { 200 case 0x01: /* Keyboard report */ 201 for (i = 0; i < 8; i++) 202 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1); 203 204 /* If all the key codes have been set to 0x01, it means 205 * too many keys were pressed at the same time. */ 206 if (!memcmp(udata + 2, hidp_mkeyspat, 6)) 207 break; 208 209 for (i = 2; i < 8; i++) { 210 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) { 211 if (hidp_keycode[keys[i]]) 212 input_report_key(dev, hidp_keycode[keys[i]], 0); 213 else 214 BT_ERR("Unknown key (scancode %#x) released.", keys[i]); 215 } 216 217 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) { 218 if (hidp_keycode[udata[i]]) 219 input_report_key(dev, hidp_keycode[udata[i]], 1); 220 else 221 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]); 222 } 223 } 224 225 memcpy(keys, udata, 8); 226 break; 227 228 case 0x02: /* Mouse report */ 229 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01); 230 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02); 231 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04); 232 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08); 233 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10); 234 235 input_report_rel(dev, REL_X, sdata[1]); 236 input_report_rel(dev, REL_Y, sdata[2]); 237 238 if (size > 3) 239 input_report_rel(dev, REL_WHEEL, sdata[3]); 240 break; 241 } 242 243 input_sync(dev); 244 } 245 246 static int hidp_queue_report(struct hidp_session *session, 247 unsigned char *data, int size) 248 { 249 struct sk_buff *skb; 250 251 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size); 252 253 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) { 254 BT_ERR("Can't allocate memory for new frame"); 255 return -ENOMEM; 256 } 257 258 *skb_put(skb, 1) = 0xa2; 259 if (size > 0) 260 memcpy(skb_put(skb, size), data, size); 261 262 skb_queue_tail(&session->intr_transmit, skb); 263 264 hidp_schedule(session); 265 266 return 0; 267 } 268 269 static int hidp_send_report(struct hidp_session *session, struct hid_report *report) 270 { 271 unsigned char buf[32]; 272 int rsize; 273 274 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0); 275 if (rsize > sizeof(buf)) 276 return -EIO; 277 278 hid_output_report(report, buf); 279 280 return hidp_queue_report(session, buf, rsize); 281 } 282 283 static void hidp_idle_timeout(unsigned long arg) 284 { 285 struct hidp_session *session = (struct hidp_session *) arg; 286 287 atomic_inc(&session->terminate); 288 hidp_schedule(session); 289 } 290 291 static void hidp_set_timer(struct hidp_session *session) 292 { 293 if (session->idle_to > 0) 294 mod_timer(&session->timer, jiffies + HZ * session->idle_to); 295 } 296 297 static inline void hidp_del_timer(struct hidp_session *session) 298 { 299 if (session->idle_to > 0) 300 del_timer(&session->timer); 301 } 302 303 static int __hidp_send_ctrl_message(struct hidp_session *session, 304 unsigned char hdr, unsigned char *data, int size) 305 { 306 struct sk_buff *skb; 307 308 BT_DBG("session %p data %p size %d", session, data, size); 309 310 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) { 311 BT_ERR("Can't allocate memory for new frame"); 312 return -ENOMEM; 313 } 314 315 *skb_put(skb, 1) = hdr; 316 if (data && size > 0) 317 memcpy(skb_put(skb, size), data, size); 318 319 skb_queue_tail(&session->ctrl_transmit, skb); 320 321 return 0; 322 } 323 324 static inline int hidp_send_ctrl_message(struct hidp_session *session, 325 unsigned char hdr, unsigned char *data, int size) 326 { 327 int err; 328 329 err = __hidp_send_ctrl_message(session, hdr, data, size); 330 331 hidp_schedule(session); 332 333 return err; 334 } 335 336 static void hidp_process_handshake(struct hidp_session *session, 337 unsigned char param) 338 { 339 BT_DBG("session %p param 0x%02x", session, param); 340 341 switch (param) { 342 case HIDP_HSHK_SUCCESSFUL: 343 /* FIXME: Call into SET_ GET_ handlers here */ 344 break; 345 346 case HIDP_HSHK_NOT_READY: 347 case HIDP_HSHK_ERR_INVALID_REPORT_ID: 348 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST: 349 case HIDP_HSHK_ERR_INVALID_PARAMETER: 350 /* FIXME: Call into SET_ GET_ handlers here */ 351 break; 352 353 case HIDP_HSHK_ERR_UNKNOWN: 354 break; 355 356 case HIDP_HSHK_ERR_FATAL: 357 /* Device requests a reboot, as this is the only way this error 358 * can be recovered. */ 359 __hidp_send_ctrl_message(session, 360 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0); 361 break; 362 363 default: 364 __hidp_send_ctrl_message(session, 365 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 366 break; 367 } 368 } 369 370 static void hidp_process_hid_control(struct hidp_session *session, 371 unsigned char param) 372 { 373 BT_DBG("session %p param 0x%02x", session, param); 374 375 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) { 376 /* Flush the transmit queues */ 377 skb_queue_purge(&session->ctrl_transmit); 378 skb_queue_purge(&session->intr_transmit); 379 380 /* Kill session thread */ 381 atomic_inc(&session->terminate); 382 } 383 } 384 385 static void hidp_process_data(struct hidp_session *session, struct sk_buff *skb, 386 unsigned char param) 387 { 388 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param); 389 390 switch (param) { 391 case HIDP_DATA_RTYPE_INPUT: 392 hidp_set_timer(session); 393 394 if (session->input) 395 hidp_input_report(session, skb); 396 397 if (session->hid) 398 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0); 399 400 break; 401 402 case HIDP_DATA_RTYPE_OTHER: 403 case HIDP_DATA_RTYPE_OUPUT: 404 case HIDP_DATA_RTYPE_FEATURE: 405 break; 406 407 default: 408 __hidp_send_ctrl_message(session, 409 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 410 } 411 } 412 413 static void hidp_recv_ctrl_frame(struct hidp_session *session, 414 struct sk_buff *skb) 415 { 416 unsigned char hdr, type, param; 417 418 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 419 420 hdr = skb->data[0]; 421 skb_pull(skb, 1); 422 423 type = hdr & HIDP_HEADER_TRANS_MASK; 424 param = hdr & HIDP_HEADER_PARAM_MASK; 425 426 switch (type) { 427 case HIDP_TRANS_HANDSHAKE: 428 hidp_process_handshake(session, param); 429 break; 430 431 case HIDP_TRANS_HID_CONTROL: 432 hidp_process_hid_control(session, param); 433 break; 434 435 case HIDP_TRANS_DATA: 436 hidp_process_data(session, skb, param); 437 break; 438 439 default: 440 __hidp_send_ctrl_message(session, 441 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0); 442 break; 443 } 444 445 kfree_skb(skb); 446 } 447 448 static void hidp_recv_intr_frame(struct hidp_session *session, 449 struct sk_buff *skb) 450 { 451 unsigned char hdr; 452 453 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 454 455 hdr = skb->data[0]; 456 skb_pull(skb, 1); 457 458 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) { 459 hidp_set_timer(session); 460 461 if (session->input) 462 hidp_input_report(session, skb); 463 464 if (session->hid) { 465 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1); 466 BT_DBG("report len %d", skb->len); 467 } 468 } else { 469 BT_DBG("Unsupported protocol header 0x%02x", hdr); 470 } 471 472 kfree_skb(skb); 473 } 474 475 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len) 476 { 477 struct kvec iv = { data, len }; 478 struct msghdr msg; 479 480 BT_DBG("sock %p data %p len %d", sock, data, len); 481 482 if (!len) 483 return 0; 484 485 memset(&msg, 0, sizeof(msg)); 486 487 return kernel_sendmsg(sock, &msg, &iv, 1, len); 488 } 489 490 static void hidp_process_transmit(struct hidp_session *session) 491 { 492 struct sk_buff *skb; 493 494 BT_DBG("session %p", session); 495 496 while ((skb = skb_dequeue(&session->ctrl_transmit))) { 497 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) { 498 skb_queue_head(&session->ctrl_transmit, skb); 499 break; 500 } 501 502 hidp_set_timer(session); 503 kfree_skb(skb); 504 } 505 506 while ((skb = skb_dequeue(&session->intr_transmit))) { 507 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) { 508 skb_queue_head(&session->intr_transmit, skb); 509 break; 510 } 511 512 hidp_set_timer(session); 513 kfree_skb(skb); 514 } 515 } 516 517 static int hidp_session(void *arg) 518 { 519 struct hidp_session *session = arg; 520 struct sock *ctrl_sk = session->ctrl_sock->sk; 521 struct sock *intr_sk = session->intr_sock->sk; 522 struct sk_buff *skb; 523 int vendor = 0x0000, product = 0x0000; 524 wait_queue_t ctrl_wait, intr_wait; 525 526 BT_DBG("session %p", session); 527 528 if (session->input) { 529 vendor = session->input->id.vendor; 530 product = session->input->id.product; 531 } 532 533 if (session->hid) { 534 vendor = session->hid->vendor; 535 product = session->hid->product; 536 } 537 538 daemonize("khidpd_%04x%04x", vendor, product); 539 set_user_nice(current, -15); 540 541 init_waitqueue_entry(&ctrl_wait, current); 542 init_waitqueue_entry(&intr_wait, current); 543 add_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait); 544 add_wait_queue(intr_sk->sk_sleep, &intr_wait); 545 while (!atomic_read(&session->terminate)) { 546 set_current_state(TASK_INTERRUPTIBLE); 547 548 if (ctrl_sk->sk_state != BT_CONNECTED || intr_sk->sk_state != BT_CONNECTED) 549 break; 550 551 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) { 552 skb_orphan(skb); 553 hidp_recv_ctrl_frame(session, skb); 554 } 555 556 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) { 557 skb_orphan(skb); 558 hidp_recv_intr_frame(session, skb); 559 } 560 561 hidp_process_transmit(session); 562 563 schedule(); 564 } 565 set_current_state(TASK_RUNNING); 566 remove_wait_queue(intr_sk->sk_sleep, &intr_wait); 567 remove_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait); 568 569 down_write(&hidp_session_sem); 570 571 hidp_del_timer(session); 572 573 if (session->input) { 574 input_unregister_device(session->input); 575 session->input = NULL; 576 } 577 578 if (session->hid) { 579 if (session->hid->claimed & HID_CLAIMED_INPUT) 580 hidinput_disconnect(session->hid); 581 hid_destroy_device(session->hid); 582 } 583 584 /* Wakeup user-space polling for socket errors */ 585 session->intr_sock->sk->sk_err = EUNATCH; 586 session->ctrl_sock->sk->sk_err = EUNATCH; 587 588 hidp_schedule(session); 589 590 fput(session->intr_sock->file); 591 592 wait_event_timeout(*(ctrl_sk->sk_sleep), 593 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500)); 594 595 fput(session->ctrl_sock->file); 596 597 __hidp_unlink_session(session); 598 599 up_write(&hidp_session_sem); 600 601 kfree(session); 602 return 0; 603 } 604 605 static struct device *hidp_get_device(struct hidp_session *session) 606 { 607 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src; 608 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst; 609 struct hci_dev *hdev; 610 struct hci_conn *conn; 611 612 hdev = hci_get_route(dst, src); 613 if (!hdev) 614 return NULL; 615 616 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 617 618 hci_dev_put(hdev); 619 620 return conn ? &conn->dev : NULL; 621 } 622 623 static int hidp_setup_input(struct hidp_session *session, 624 struct hidp_connadd_req *req) 625 { 626 struct input_dev *input; 627 int i; 628 629 input = input_allocate_device(); 630 if (!input) 631 return -ENOMEM; 632 633 session->input = input; 634 635 input_set_drvdata(input, session); 636 637 input->name = "Bluetooth HID Boot Protocol Device"; 638 639 input->id.bustype = BUS_BLUETOOTH; 640 input->id.vendor = req->vendor; 641 input->id.product = req->product; 642 input->id.version = req->version; 643 644 if (req->subclass & 0x40) { 645 set_bit(EV_KEY, input->evbit); 646 set_bit(EV_LED, input->evbit); 647 set_bit(EV_REP, input->evbit); 648 649 set_bit(LED_NUML, input->ledbit); 650 set_bit(LED_CAPSL, input->ledbit); 651 set_bit(LED_SCROLLL, input->ledbit); 652 set_bit(LED_COMPOSE, input->ledbit); 653 set_bit(LED_KANA, input->ledbit); 654 655 for (i = 0; i < sizeof(hidp_keycode); i++) 656 set_bit(hidp_keycode[i], input->keybit); 657 clear_bit(0, input->keybit); 658 } 659 660 if (req->subclass & 0x80) { 661 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL); 662 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) | 663 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE); 664 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y); 665 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) | 666 BIT_MASK(BTN_EXTRA); 667 input->relbit[0] |= BIT_MASK(REL_WHEEL); 668 } 669 670 input->dev.parent = hidp_get_device(session); 671 672 input->event = hidp_input_event; 673 674 return input_register_device(input); 675 } 676 677 static int hidp_open(struct hid_device *hid) 678 { 679 return 0; 680 } 681 682 static void hidp_close(struct hid_device *hid) 683 { 684 } 685 686 static int hidp_parse(struct hid_device *hid) 687 { 688 struct hidp_session *session = hid->driver_data; 689 struct hidp_connadd_req *req = session->req; 690 unsigned char *buf; 691 int ret; 692 693 buf = kmalloc(req->rd_size, GFP_KERNEL); 694 if (!buf) 695 return -ENOMEM; 696 697 if (copy_from_user(buf, req->rd_data, req->rd_size)) { 698 kfree(buf); 699 return -EFAULT; 700 } 701 702 ret = hid_parse_report(session->hid, buf, req->rd_size); 703 704 kfree(buf); 705 706 if (ret) 707 return ret; 708 709 session->req = NULL; 710 711 return 0; 712 } 713 714 static int hidp_start(struct hid_device *hid) 715 { 716 struct hidp_session *session = hid->driver_data; 717 struct hid_report *report; 718 719 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT]. 720 report_list, list) 721 hidp_send_report(session, report); 722 723 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT]. 724 report_list, list) 725 hidp_send_report(session, report); 726 727 return 0; 728 } 729 730 static void hidp_stop(struct hid_device *hid) 731 { 732 struct hidp_session *session = hid->driver_data; 733 734 skb_queue_purge(&session->ctrl_transmit); 735 skb_queue_purge(&session->intr_transmit); 736 737 if (hid->claimed & HID_CLAIMED_INPUT) 738 hidinput_disconnect(hid); 739 hid->claimed = 0; 740 } 741 742 static struct hid_ll_driver hidp_hid_driver = { 743 .parse = hidp_parse, 744 .start = hidp_start, 745 .stop = hidp_stop, 746 .open = hidp_open, 747 .close = hidp_close, 748 .hidinput_input_event = hidp_hidinput_event, 749 }; 750 751 static int hidp_setup_hid(struct hidp_session *session, 752 struct hidp_connadd_req *req) 753 { 754 struct hid_device *hid; 755 bdaddr_t src, dst; 756 int ret; 757 758 hid = hid_allocate_device(); 759 if (IS_ERR(hid)) { 760 ret = PTR_ERR(session->hid); 761 goto err; 762 } 763 764 session->hid = hid; 765 session->req = req; 766 hid->driver_data = session; 767 768 baswap(&src, &bt_sk(session->ctrl_sock->sk)->src); 769 baswap(&dst, &bt_sk(session->ctrl_sock->sk)->dst); 770 771 hid->bus = BUS_BLUETOOTH; 772 hid->vendor = req->vendor; 773 hid->product = req->product; 774 hid->version = req->version; 775 hid->country = req->country; 776 777 strncpy(hid->name, req->name, 128); 778 strncpy(hid->phys, batostr(&src), 64); 779 strncpy(hid->uniq, batostr(&dst), 64); 780 781 hid->dev.parent = hidp_get_device(session); 782 hid->ll_driver = &hidp_hid_driver; 783 784 ret = hid_add_device(hid); 785 if (ret) 786 goto err_hid; 787 788 return 0; 789 err_hid: 790 hid_destroy_device(hid); 791 session->hid = NULL; 792 err: 793 return ret; 794 } 795 796 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock) 797 { 798 struct hidp_session *session, *s; 799 int err; 800 801 BT_DBG(""); 802 803 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) || 804 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst)) 805 return -ENOTUNIQ; 806 807 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL); 808 if (!session) 809 return -ENOMEM; 810 811 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size); 812 813 down_write(&hidp_session_sem); 814 815 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst); 816 if (s && s->state == BT_CONNECTED) { 817 err = -EEXIST; 818 goto failed; 819 } 820 821 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst); 822 823 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu); 824 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu); 825 826 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu); 827 828 session->ctrl_sock = ctrl_sock; 829 session->intr_sock = intr_sock; 830 session->state = BT_CONNECTED; 831 832 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session); 833 834 skb_queue_head_init(&session->ctrl_transmit); 835 skb_queue_head_init(&session->intr_transmit); 836 837 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID); 838 session->idle_to = req->idle_to; 839 840 if (req->rd_size > 0) { 841 err = hidp_setup_hid(session, req); 842 if (err && err != -ENODEV) 843 goto err_skb; 844 } 845 846 if (!session->hid) { 847 err = hidp_setup_input(session, req); 848 if (err < 0) 849 goto err_skb; 850 } 851 852 __hidp_link_session(session); 853 854 hidp_set_timer(session); 855 856 err = kernel_thread(hidp_session, session, CLONE_KERNEL); 857 if (err < 0) 858 goto unlink; 859 860 if (session->input) { 861 hidp_send_ctrl_message(session, 862 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0); 863 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE); 864 865 session->leds = 0xff; 866 hidp_input_event(session->input, EV_LED, 0, 0); 867 } 868 869 up_write(&hidp_session_sem); 870 return 0; 871 872 unlink: 873 hidp_del_timer(session); 874 875 __hidp_unlink_session(session); 876 877 if (session->input) 878 input_unregister_device(session->input); 879 if (session->hid) 880 hid_destroy_device(session->hid); 881 err_skb: 882 skb_queue_purge(&session->ctrl_transmit); 883 skb_queue_purge(&session->intr_transmit); 884 failed: 885 up_write(&hidp_session_sem); 886 887 input_free_device(session->input); 888 kfree(session); 889 return err; 890 } 891 892 int hidp_del_connection(struct hidp_conndel_req *req) 893 { 894 struct hidp_session *session; 895 int err = 0; 896 897 BT_DBG(""); 898 899 down_read(&hidp_session_sem); 900 901 session = __hidp_get_session(&req->bdaddr); 902 if (session) { 903 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) { 904 hidp_send_ctrl_message(session, 905 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0); 906 } else { 907 /* Flush the transmit queues */ 908 skb_queue_purge(&session->ctrl_transmit); 909 skb_queue_purge(&session->intr_transmit); 910 911 /* Wakeup user-space polling for socket errors */ 912 session->intr_sock->sk->sk_err = EUNATCH; 913 session->ctrl_sock->sk->sk_err = EUNATCH; 914 915 /* Kill session thread */ 916 atomic_inc(&session->terminate); 917 hidp_schedule(session); 918 } 919 } else 920 err = -ENOENT; 921 922 up_read(&hidp_session_sem); 923 return err; 924 } 925 926 int hidp_get_connlist(struct hidp_connlist_req *req) 927 { 928 struct list_head *p; 929 int err = 0, n = 0; 930 931 BT_DBG(""); 932 933 down_read(&hidp_session_sem); 934 935 list_for_each(p, &hidp_session_list) { 936 struct hidp_session *session; 937 struct hidp_conninfo ci; 938 939 session = list_entry(p, struct hidp_session, list); 940 941 __hidp_copy_session(session, &ci); 942 943 if (copy_to_user(req->ci, &ci, sizeof(ci))) { 944 err = -EFAULT; 945 break; 946 } 947 948 if (++n >= req->cnum) 949 break; 950 951 req->ci++; 952 } 953 req->cnum = n; 954 955 up_read(&hidp_session_sem); 956 return err; 957 } 958 959 int hidp_get_conninfo(struct hidp_conninfo *ci) 960 { 961 struct hidp_session *session; 962 int err = 0; 963 964 down_read(&hidp_session_sem); 965 966 session = __hidp_get_session(&ci->bdaddr); 967 if (session) 968 __hidp_copy_session(session, ci); 969 else 970 err = -ENOENT; 971 972 up_read(&hidp_session_sem); 973 return err; 974 } 975 976 static const struct hid_device_id hidp_table[] = { 977 { HID_BLUETOOTH_DEVICE(HID_ANY_ID, HID_ANY_ID) }, 978 { } 979 }; 980 981 static struct hid_driver hidp_driver = { 982 .name = "generic-bluetooth", 983 .id_table = hidp_table, 984 }; 985 986 static int __init hidp_init(void) 987 { 988 int ret; 989 990 l2cap_load(); 991 992 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION); 993 994 ret = hid_register_driver(&hidp_driver); 995 if (ret) 996 goto err; 997 998 ret = hidp_init_sockets(); 999 if (ret) 1000 goto err_drv; 1001 1002 return 0; 1003 err_drv: 1004 hid_unregister_driver(&hidp_driver); 1005 err: 1006 return ret; 1007 } 1008 1009 static void __exit hidp_exit(void) 1010 { 1011 hidp_cleanup_sockets(); 1012 hid_unregister_driver(&hidp_driver); 1013 } 1014 1015 module_init(hidp_init); 1016 module_exit(hidp_exit); 1017 1018 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 1019 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION); 1020 MODULE_VERSION(VERSION); 1021 MODULE_LICENSE("GPL"); 1022 MODULE_ALIAS("bt-proto-6"); 1023