xref: /openbmc/linux/net/bluetooth/hidp/core.c (revision 9ac8d3fb)
1 /*
2    HIDP implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4 
5    This program is free software; you can redistribute it and/or modify
6    it under the terms of the GNU General Public License version 2 as
7    published by the Free Software Foundation;
8 
9    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 
18    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20    SOFTWARE IS DISCLAIMED.
21 */
22 
23 #include <linux/module.h>
24 
25 #include <linux/types.h>
26 #include <linux/errno.h>
27 #include <linux/kernel.h>
28 #include <linux/sched.h>
29 #include <linux/slab.h>
30 #include <linux/poll.h>
31 #include <linux/freezer.h>
32 #include <linux/fcntl.h>
33 #include <linux/skbuff.h>
34 #include <linux/socket.h>
35 #include <linux/ioctl.h>
36 #include <linux/file.h>
37 #include <linux/init.h>
38 #include <linux/wait.h>
39 #include <net/sock.h>
40 
41 #include <linux/input.h>
42 #include <linux/hid.h>
43 
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
46 #include <net/bluetooth/l2cap.h>
47 
48 #include "hidp.h"
49 
50 #ifndef CONFIG_BT_HIDP_DEBUG
51 #undef  BT_DBG
52 #define BT_DBG(D...)
53 #endif
54 
55 #define VERSION "1.2"
56 
57 static DECLARE_RWSEM(hidp_session_sem);
58 static LIST_HEAD(hidp_session_list);
59 
60 static unsigned char hidp_keycode[256] = {
61 	  0,  0,  0,  0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 37, 38,
62 	 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 21, 44,  2,  3,
63 	  4,  5,  6,  7,  8,  9, 10, 11, 28,  1, 14, 15, 57, 12, 13, 26,
64 	 27, 43, 43, 39, 40, 41, 51, 52, 53, 58, 59, 60, 61, 62, 63, 64,
65 	 65, 66, 67, 68, 87, 88, 99, 70,119,110,102,104,111,107,109,106,
66 	105,108,103, 69, 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71,
67 	 72, 73, 82, 83, 86,127,116,117,183,184,185,186,187,188,189,190,
68 	191,192,193,194,134,138,130,132,128,129,131,137,133,135,136,113,
69 	115,114,  0,  0,  0,121,  0, 89, 93,124, 92, 94, 95,  0,  0,  0,
70 	122,123, 90, 91, 85,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
71 	  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
72 	  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
73 	  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
74 	  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
75 	 29, 42, 56,125, 97, 54,100,126,164,166,165,163,161,115,114,113,
76 	150,158,159,128,136,177,178,176,142,152,173,140
77 };
78 
79 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
80 
81 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
82 {
83 	struct hidp_session *session;
84 	struct list_head *p;
85 
86 	BT_DBG("");
87 
88 	list_for_each(p, &hidp_session_list) {
89 		session = list_entry(p, struct hidp_session, list);
90 		if (!bacmp(bdaddr, &session->bdaddr))
91 			return session;
92 	}
93 	return NULL;
94 }
95 
96 static void __hidp_link_session(struct hidp_session *session)
97 {
98 	__module_get(THIS_MODULE);
99 	list_add(&session->list, &hidp_session_list);
100 }
101 
102 static void __hidp_unlink_session(struct hidp_session *session)
103 {
104 	list_del(&session->list);
105 	module_put(THIS_MODULE);
106 }
107 
108 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
109 {
110 	bacpy(&ci->bdaddr, &session->bdaddr);
111 
112 	ci->flags = session->flags;
113 	ci->state = session->state;
114 
115 	ci->vendor  = 0x0000;
116 	ci->product = 0x0000;
117 	ci->version = 0x0000;
118 	memset(ci->name, 0, 128);
119 
120 	if (session->input) {
121 		ci->vendor  = session->input->id.vendor;
122 		ci->product = session->input->id.product;
123 		ci->version = session->input->id.version;
124 		if (session->input->name)
125 			strncpy(ci->name, session->input->name, 128);
126 		else
127 			strncpy(ci->name, "HID Boot Device", 128);
128 	}
129 
130 	if (session->hid) {
131 		ci->vendor  = session->hid->vendor;
132 		ci->product = session->hid->product;
133 		ci->version = session->hid->version;
134 		strncpy(ci->name, session->hid->name, 128);
135 	}
136 }
137 
138 static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
139 				unsigned int type, unsigned int code, int value)
140 {
141 	unsigned char newleds;
142 	struct sk_buff *skb;
143 
144 	BT_DBG("session %p type %d code %d value %d", session, type, code, value);
145 
146 	if (type != EV_LED)
147 		return -1;
148 
149 	newleds = (!!test_bit(LED_KANA,    dev->led) << 3) |
150 		  (!!test_bit(LED_COMPOSE, dev->led) << 3) |
151 		  (!!test_bit(LED_SCROLLL, dev->led) << 2) |
152 		  (!!test_bit(LED_CAPSL,   dev->led) << 1) |
153 		  (!!test_bit(LED_NUML,    dev->led));
154 
155 	if (session->leds == newleds)
156 		return 0;
157 
158 	session->leds = newleds;
159 
160 	if (!(skb = alloc_skb(3, GFP_ATOMIC))) {
161 		BT_ERR("Can't allocate memory for new frame");
162 		return -ENOMEM;
163 	}
164 
165 	*skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
166 	*skb_put(skb, 1) = 0x01;
167 	*skb_put(skb, 1) = newleds;
168 
169 	skb_queue_tail(&session->intr_transmit, skb);
170 
171 	hidp_schedule(session);
172 
173 	return 0;
174 }
175 
176 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
177 {
178 	struct hid_device *hid = input_get_drvdata(dev);
179 	struct hidp_session *session = hid->driver_data;
180 
181 	return hidp_queue_event(session, dev, type, code, value);
182 }
183 
184 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
185 {
186 	struct hidp_session *session = input_get_drvdata(dev);
187 
188 	return hidp_queue_event(session, dev, type, code, value);
189 }
190 
191 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
192 {
193 	struct input_dev *dev = session->input;
194 	unsigned char *keys = session->keys;
195 	unsigned char *udata = skb->data + 1;
196 	signed char *sdata = skb->data + 1;
197 	int i, size = skb->len - 1;
198 
199 	switch (skb->data[0]) {
200 	case 0x01:	/* Keyboard report */
201 		for (i = 0; i < 8; i++)
202 			input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
203 
204 		/* If all the key codes have been set to 0x01, it means
205 		 * too many keys were pressed at the same time. */
206 		if (!memcmp(udata + 2, hidp_mkeyspat, 6))
207 			break;
208 
209 		for (i = 2; i < 8; i++) {
210 			if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
211 				if (hidp_keycode[keys[i]])
212 					input_report_key(dev, hidp_keycode[keys[i]], 0);
213 				else
214 					BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
215 			}
216 
217 			if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
218 				if (hidp_keycode[udata[i]])
219 					input_report_key(dev, hidp_keycode[udata[i]], 1);
220 				else
221 					BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
222 			}
223 		}
224 
225 		memcpy(keys, udata, 8);
226 		break;
227 
228 	case 0x02:	/* Mouse report */
229 		input_report_key(dev, BTN_LEFT,   sdata[0] & 0x01);
230 		input_report_key(dev, BTN_RIGHT,  sdata[0] & 0x02);
231 		input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
232 		input_report_key(dev, BTN_SIDE,   sdata[0] & 0x08);
233 		input_report_key(dev, BTN_EXTRA,  sdata[0] & 0x10);
234 
235 		input_report_rel(dev, REL_X, sdata[1]);
236 		input_report_rel(dev, REL_Y, sdata[2]);
237 
238 		if (size > 3)
239 			input_report_rel(dev, REL_WHEEL, sdata[3]);
240 		break;
241 	}
242 
243 	input_sync(dev);
244 }
245 
246 static int hidp_queue_report(struct hidp_session *session,
247 				unsigned char *data, int size)
248 {
249 	struct sk_buff *skb;
250 
251 	BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
252 
253 	if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
254 		BT_ERR("Can't allocate memory for new frame");
255 		return -ENOMEM;
256 	}
257 
258 	*skb_put(skb, 1) = 0xa2;
259 	if (size > 0)
260 		memcpy(skb_put(skb, size), data, size);
261 
262 	skb_queue_tail(&session->intr_transmit, skb);
263 
264 	hidp_schedule(session);
265 
266 	return 0;
267 }
268 
269 static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
270 {
271 	unsigned char buf[32];
272 	int rsize;
273 
274 	rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
275 	if (rsize > sizeof(buf))
276 		return -EIO;
277 
278 	hid_output_report(report, buf);
279 
280 	return hidp_queue_report(session, buf, rsize);
281 }
282 
283 static void hidp_idle_timeout(unsigned long arg)
284 {
285 	struct hidp_session *session = (struct hidp_session *) arg;
286 
287 	atomic_inc(&session->terminate);
288 	hidp_schedule(session);
289 }
290 
291 static void hidp_set_timer(struct hidp_session *session)
292 {
293 	if (session->idle_to > 0)
294 		mod_timer(&session->timer, jiffies + HZ * session->idle_to);
295 }
296 
297 static inline void hidp_del_timer(struct hidp_session *session)
298 {
299 	if (session->idle_to > 0)
300 		del_timer(&session->timer);
301 }
302 
303 static int __hidp_send_ctrl_message(struct hidp_session *session,
304 			unsigned char hdr, unsigned char *data, int size)
305 {
306 	struct sk_buff *skb;
307 
308 	BT_DBG("session %p data %p size %d", session, data, size);
309 
310 	if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
311 		BT_ERR("Can't allocate memory for new frame");
312 		return -ENOMEM;
313 	}
314 
315 	*skb_put(skb, 1) = hdr;
316 	if (data && size > 0)
317 		memcpy(skb_put(skb, size), data, size);
318 
319 	skb_queue_tail(&session->ctrl_transmit, skb);
320 
321 	return 0;
322 }
323 
324 static inline int hidp_send_ctrl_message(struct hidp_session *session,
325 			unsigned char hdr, unsigned char *data, int size)
326 {
327 	int err;
328 
329 	err = __hidp_send_ctrl_message(session, hdr, data, size);
330 
331 	hidp_schedule(session);
332 
333 	return err;
334 }
335 
336 static void hidp_process_handshake(struct hidp_session *session,
337 					unsigned char param)
338 {
339 	BT_DBG("session %p param 0x%02x", session, param);
340 
341 	switch (param) {
342 	case HIDP_HSHK_SUCCESSFUL:
343 		/* FIXME: Call into SET_ GET_ handlers here */
344 		break;
345 
346 	case HIDP_HSHK_NOT_READY:
347 	case HIDP_HSHK_ERR_INVALID_REPORT_ID:
348 	case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
349 	case HIDP_HSHK_ERR_INVALID_PARAMETER:
350 		/* FIXME: Call into SET_ GET_ handlers here */
351 		break;
352 
353 	case HIDP_HSHK_ERR_UNKNOWN:
354 		break;
355 
356 	case HIDP_HSHK_ERR_FATAL:
357 		/* Device requests a reboot, as this is the only way this error
358 		 * can be recovered. */
359 		__hidp_send_ctrl_message(session,
360 			HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
361 		break;
362 
363 	default:
364 		__hidp_send_ctrl_message(session,
365 			HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
366 		break;
367 	}
368 }
369 
370 static void hidp_process_hid_control(struct hidp_session *session,
371 					unsigned char param)
372 {
373 	BT_DBG("session %p param 0x%02x", session, param);
374 
375 	if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
376 		/* Flush the transmit queues */
377 		skb_queue_purge(&session->ctrl_transmit);
378 		skb_queue_purge(&session->intr_transmit);
379 
380 		/* Kill session thread */
381 		atomic_inc(&session->terminate);
382 	}
383 }
384 
385 static void hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
386 				unsigned char param)
387 {
388 	BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
389 
390 	switch (param) {
391 	case HIDP_DATA_RTYPE_INPUT:
392 		hidp_set_timer(session);
393 
394 		if (session->input)
395 			hidp_input_report(session, skb);
396 
397 		if (session->hid)
398 			hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
399 
400 		break;
401 
402 	case HIDP_DATA_RTYPE_OTHER:
403 	case HIDP_DATA_RTYPE_OUPUT:
404 	case HIDP_DATA_RTYPE_FEATURE:
405 		break;
406 
407 	default:
408 		__hidp_send_ctrl_message(session,
409 			HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
410 	}
411 }
412 
413 static void hidp_recv_ctrl_frame(struct hidp_session *session,
414 					struct sk_buff *skb)
415 {
416 	unsigned char hdr, type, param;
417 
418 	BT_DBG("session %p skb %p len %d", session, skb, skb->len);
419 
420 	hdr = skb->data[0];
421 	skb_pull(skb, 1);
422 
423 	type = hdr & HIDP_HEADER_TRANS_MASK;
424 	param = hdr & HIDP_HEADER_PARAM_MASK;
425 
426 	switch (type) {
427 	case HIDP_TRANS_HANDSHAKE:
428 		hidp_process_handshake(session, param);
429 		break;
430 
431 	case HIDP_TRANS_HID_CONTROL:
432 		hidp_process_hid_control(session, param);
433 		break;
434 
435 	case HIDP_TRANS_DATA:
436 		hidp_process_data(session, skb, param);
437 		break;
438 
439 	default:
440 		__hidp_send_ctrl_message(session,
441 			HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
442 		break;
443 	}
444 
445 	kfree_skb(skb);
446 }
447 
448 static void hidp_recv_intr_frame(struct hidp_session *session,
449 				struct sk_buff *skb)
450 {
451 	unsigned char hdr;
452 
453 	BT_DBG("session %p skb %p len %d", session, skb, skb->len);
454 
455 	hdr = skb->data[0];
456 	skb_pull(skb, 1);
457 
458 	if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
459 		hidp_set_timer(session);
460 
461 		if (session->input)
462 			hidp_input_report(session, skb);
463 
464 		if (session->hid) {
465 			hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
466 			BT_DBG("report len %d", skb->len);
467 		}
468 	} else {
469 		BT_DBG("Unsupported protocol header 0x%02x", hdr);
470 	}
471 
472 	kfree_skb(skb);
473 }
474 
475 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
476 {
477 	struct kvec iv = { data, len };
478 	struct msghdr msg;
479 
480 	BT_DBG("sock %p data %p len %d", sock, data, len);
481 
482 	if (!len)
483 		return 0;
484 
485 	memset(&msg, 0, sizeof(msg));
486 
487 	return kernel_sendmsg(sock, &msg, &iv, 1, len);
488 }
489 
490 static void hidp_process_transmit(struct hidp_session *session)
491 {
492 	struct sk_buff *skb;
493 
494 	BT_DBG("session %p", session);
495 
496 	while ((skb = skb_dequeue(&session->ctrl_transmit))) {
497 		if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
498 			skb_queue_head(&session->ctrl_transmit, skb);
499 			break;
500 		}
501 
502 		hidp_set_timer(session);
503 		kfree_skb(skb);
504 	}
505 
506 	while ((skb = skb_dequeue(&session->intr_transmit))) {
507 		if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
508 			skb_queue_head(&session->intr_transmit, skb);
509 			break;
510 		}
511 
512 		hidp_set_timer(session);
513 		kfree_skb(skb);
514 	}
515 }
516 
517 static int hidp_session(void *arg)
518 {
519 	struct hidp_session *session = arg;
520 	struct sock *ctrl_sk = session->ctrl_sock->sk;
521 	struct sock *intr_sk = session->intr_sock->sk;
522 	struct sk_buff *skb;
523 	int vendor = 0x0000, product = 0x0000;
524 	wait_queue_t ctrl_wait, intr_wait;
525 
526 	BT_DBG("session %p", session);
527 
528 	if (session->input) {
529 		vendor  = session->input->id.vendor;
530 		product = session->input->id.product;
531 	}
532 
533 	if (session->hid) {
534 		vendor  = session->hid->vendor;
535 		product = session->hid->product;
536 	}
537 
538 	daemonize("khidpd_%04x%04x", vendor, product);
539 	set_user_nice(current, -15);
540 
541 	init_waitqueue_entry(&ctrl_wait, current);
542 	init_waitqueue_entry(&intr_wait, current);
543 	add_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
544 	add_wait_queue(intr_sk->sk_sleep, &intr_wait);
545 	while (!atomic_read(&session->terminate)) {
546 		set_current_state(TASK_INTERRUPTIBLE);
547 
548 		if (ctrl_sk->sk_state != BT_CONNECTED || intr_sk->sk_state != BT_CONNECTED)
549 			break;
550 
551 		while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
552 			skb_orphan(skb);
553 			hidp_recv_ctrl_frame(session, skb);
554 		}
555 
556 		while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
557 			skb_orphan(skb);
558 			hidp_recv_intr_frame(session, skb);
559 		}
560 
561 		hidp_process_transmit(session);
562 
563 		schedule();
564 	}
565 	set_current_state(TASK_RUNNING);
566 	remove_wait_queue(intr_sk->sk_sleep, &intr_wait);
567 	remove_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
568 
569 	down_write(&hidp_session_sem);
570 
571 	hidp_del_timer(session);
572 
573 	if (session->input) {
574 		input_unregister_device(session->input);
575 		session->input = NULL;
576 	}
577 
578 	if (session->hid) {
579 		if (session->hid->claimed & HID_CLAIMED_INPUT)
580 			hidinput_disconnect(session->hid);
581 		hid_destroy_device(session->hid);
582 	}
583 
584 	/* Wakeup user-space polling for socket errors */
585 	session->intr_sock->sk->sk_err = EUNATCH;
586 	session->ctrl_sock->sk->sk_err = EUNATCH;
587 
588 	hidp_schedule(session);
589 
590 	fput(session->intr_sock->file);
591 
592 	wait_event_timeout(*(ctrl_sk->sk_sleep),
593 		(ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
594 
595 	fput(session->ctrl_sock->file);
596 
597 	__hidp_unlink_session(session);
598 
599 	up_write(&hidp_session_sem);
600 
601 	kfree(session);
602 	return 0;
603 }
604 
605 static struct device *hidp_get_device(struct hidp_session *session)
606 {
607 	bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
608 	bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
609 	struct hci_dev *hdev;
610 	struct hci_conn *conn;
611 
612 	hdev = hci_get_route(dst, src);
613 	if (!hdev)
614 		return NULL;
615 
616 	conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
617 
618 	hci_dev_put(hdev);
619 
620 	return conn ? &conn->dev : NULL;
621 }
622 
623 static int hidp_setup_input(struct hidp_session *session,
624 				struct hidp_connadd_req *req)
625 {
626 	struct input_dev *input;
627 	int i;
628 
629 	input = input_allocate_device();
630 	if (!input)
631 		return -ENOMEM;
632 
633 	session->input = input;
634 
635 	input_set_drvdata(input, session);
636 
637 	input->name = "Bluetooth HID Boot Protocol Device";
638 
639 	input->id.bustype = BUS_BLUETOOTH;
640 	input->id.vendor  = req->vendor;
641 	input->id.product = req->product;
642 	input->id.version = req->version;
643 
644 	if (req->subclass & 0x40) {
645 		set_bit(EV_KEY, input->evbit);
646 		set_bit(EV_LED, input->evbit);
647 		set_bit(EV_REP, input->evbit);
648 
649 		set_bit(LED_NUML,    input->ledbit);
650 		set_bit(LED_CAPSL,   input->ledbit);
651 		set_bit(LED_SCROLLL, input->ledbit);
652 		set_bit(LED_COMPOSE, input->ledbit);
653 		set_bit(LED_KANA,    input->ledbit);
654 
655 		for (i = 0; i < sizeof(hidp_keycode); i++)
656 			set_bit(hidp_keycode[i], input->keybit);
657 		clear_bit(0, input->keybit);
658 	}
659 
660 	if (req->subclass & 0x80) {
661 		input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
662 		input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
663 			BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
664 		input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
665 		input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
666 			BIT_MASK(BTN_EXTRA);
667 		input->relbit[0] |= BIT_MASK(REL_WHEEL);
668 	}
669 
670 	input->dev.parent = hidp_get_device(session);
671 
672 	input->event = hidp_input_event;
673 
674 	return input_register_device(input);
675 }
676 
677 static int hidp_open(struct hid_device *hid)
678 {
679 	return 0;
680 }
681 
682 static void hidp_close(struct hid_device *hid)
683 {
684 }
685 
686 static int hidp_parse(struct hid_device *hid)
687 {
688 	struct hidp_session *session = hid->driver_data;
689 	struct hidp_connadd_req *req = session->req;
690 	unsigned char *buf;
691 	int ret;
692 
693 	buf = kmalloc(req->rd_size, GFP_KERNEL);
694 	if (!buf)
695 		return -ENOMEM;
696 
697 	if (copy_from_user(buf, req->rd_data, req->rd_size)) {
698 		kfree(buf);
699 		return -EFAULT;
700 	}
701 
702 	ret = hid_parse_report(session->hid, buf, req->rd_size);
703 
704 	kfree(buf);
705 
706 	if (ret)
707 		return ret;
708 
709 	session->req = NULL;
710 
711 	return 0;
712 }
713 
714 static int hidp_start(struct hid_device *hid)
715 {
716 	struct hidp_session *session = hid->driver_data;
717 	struct hid_report *report;
718 
719 	list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
720 			report_list, list)
721 		hidp_send_report(session, report);
722 
723 	list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
724 			report_list, list)
725 		hidp_send_report(session, report);
726 
727 	return 0;
728 }
729 
730 static void hidp_stop(struct hid_device *hid)
731 {
732 	struct hidp_session *session = hid->driver_data;
733 
734 	skb_queue_purge(&session->ctrl_transmit);
735 	skb_queue_purge(&session->intr_transmit);
736 
737 	if (hid->claimed & HID_CLAIMED_INPUT)
738 		hidinput_disconnect(hid);
739 	hid->claimed = 0;
740 }
741 
742 static struct hid_ll_driver hidp_hid_driver = {
743 	.parse = hidp_parse,
744 	.start = hidp_start,
745 	.stop = hidp_stop,
746 	.open  = hidp_open,
747 	.close = hidp_close,
748 	.hidinput_input_event = hidp_hidinput_event,
749 };
750 
751 static int hidp_setup_hid(struct hidp_session *session,
752 				struct hidp_connadd_req *req)
753 {
754 	struct hid_device *hid;
755 	bdaddr_t src, dst;
756 	int ret;
757 
758 	hid = hid_allocate_device();
759 	if (IS_ERR(hid)) {
760 		ret = PTR_ERR(session->hid);
761 		goto err;
762 	}
763 
764 	session->hid = hid;
765 	session->req = req;
766 	hid->driver_data = session;
767 
768 	baswap(&src, &bt_sk(session->ctrl_sock->sk)->src);
769 	baswap(&dst, &bt_sk(session->ctrl_sock->sk)->dst);
770 
771 	hid->bus     = BUS_BLUETOOTH;
772 	hid->vendor  = req->vendor;
773 	hid->product = req->product;
774 	hid->version = req->version;
775 	hid->country = req->country;
776 
777 	strncpy(hid->name, req->name, 128);
778 	strncpy(hid->phys, batostr(&src), 64);
779 	strncpy(hid->uniq, batostr(&dst), 64);
780 
781 	hid->dev.parent = hidp_get_device(session);
782 	hid->ll_driver = &hidp_hid_driver;
783 
784 	ret = hid_add_device(hid);
785 	if (ret)
786 		goto err_hid;
787 
788 	return 0;
789 err_hid:
790 	hid_destroy_device(hid);
791 	session->hid = NULL;
792 err:
793 	return ret;
794 }
795 
796 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
797 {
798 	struct hidp_session *session, *s;
799 	int err;
800 
801 	BT_DBG("");
802 
803 	if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
804 			bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
805 		return -ENOTUNIQ;
806 
807 	session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
808 	if (!session)
809 		return -ENOMEM;
810 
811 	BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);
812 
813 	down_write(&hidp_session_sem);
814 
815 	s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
816 	if (s && s->state == BT_CONNECTED) {
817 		err = -EEXIST;
818 		goto failed;
819 	}
820 
821 	bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
822 
823 	session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu);
824 	session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu);
825 
826 	BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
827 
828 	session->ctrl_sock = ctrl_sock;
829 	session->intr_sock = intr_sock;
830 	session->state     = BT_CONNECTED;
831 
832 	setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session);
833 
834 	skb_queue_head_init(&session->ctrl_transmit);
835 	skb_queue_head_init(&session->intr_transmit);
836 
837 	session->flags   = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
838 	session->idle_to = req->idle_to;
839 
840 	if (req->rd_size > 0) {
841 		err = hidp_setup_hid(session, req);
842 		if (err && err != -ENODEV)
843 			goto err_skb;
844 	}
845 
846 	if (!session->hid) {
847 		err = hidp_setup_input(session, req);
848 		if (err < 0)
849 			goto err_skb;
850 	}
851 
852 	__hidp_link_session(session);
853 
854 	hidp_set_timer(session);
855 
856 	err = kernel_thread(hidp_session, session, CLONE_KERNEL);
857 	if (err < 0)
858 		goto unlink;
859 
860 	if (session->input) {
861 		hidp_send_ctrl_message(session,
862 			HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
863 		session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
864 
865 		session->leds = 0xff;
866 		hidp_input_event(session->input, EV_LED, 0, 0);
867 	}
868 
869 	up_write(&hidp_session_sem);
870 	return 0;
871 
872 unlink:
873 	hidp_del_timer(session);
874 
875 	__hidp_unlink_session(session);
876 
877 	if (session->input)
878 		input_unregister_device(session->input);
879 	if (session->hid)
880 		hid_destroy_device(session->hid);
881 err_skb:
882 	skb_queue_purge(&session->ctrl_transmit);
883 	skb_queue_purge(&session->intr_transmit);
884 failed:
885 	up_write(&hidp_session_sem);
886 
887 	input_free_device(session->input);
888 	kfree(session);
889 	return err;
890 }
891 
892 int hidp_del_connection(struct hidp_conndel_req *req)
893 {
894 	struct hidp_session *session;
895 	int err = 0;
896 
897 	BT_DBG("");
898 
899 	down_read(&hidp_session_sem);
900 
901 	session = __hidp_get_session(&req->bdaddr);
902 	if (session) {
903 		if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
904 			hidp_send_ctrl_message(session,
905 				HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
906 		} else {
907 			/* Flush the transmit queues */
908 			skb_queue_purge(&session->ctrl_transmit);
909 			skb_queue_purge(&session->intr_transmit);
910 
911 			/* Wakeup user-space polling for socket errors */
912 			session->intr_sock->sk->sk_err = EUNATCH;
913 			session->ctrl_sock->sk->sk_err = EUNATCH;
914 
915 			/* Kill session thread */
916 			atomic_inc(&session->terminate);
917 			hidp_schedule(session);
918 		}
919 	} else
920 		err = -ENOENT;
921 
922 	up_read(&hidp_session_sem);
923 	return err;
924 }
925 
926 int hidp_get_connlist(struct hidp_connlist_req *req)
927 {
928 	struct list_head *p;
929 	int err = 0, n = 0;
930 
931 	BT_DBG("");
932 
933 	down_read(&hidp_session_sem);
934 
935 	list_for_each(p, &hidp_session_list) {
936 		struct hidp_session *session;
937 		struct hidp_conninfo ci;
938 
939 		session = list_entry(p, struct hidp_session, list);
940 
941 		__hidp_copy_session(session, &ci);
942 
943 		if (copy_to_user(req->ci, &ci, sizeof(ci))) {
944 			err = -EFAULT;
945 			break;
946 		}
947 
948 		if (++n >= req->cnum)
949 			break;
950 
951 		req->ci++;
952 	}
953 	req->cnum = n;
954 
955 	up_read(&hidp_session_sem);
956 	return err;
957 }
958 
959 int hidp_get_conninfo(struct hidp_conninfo *ci)
960 {
961 	struct hidp_session *session;
962 	int err = 0;
963 
964 	down_read(&hidp_session_sem);
965 
966 	session = __hidp_get_session(&ci->bdaddr);
967 	if (session)
968 		__hidp_copy_session(session, ci);
969 	else
970 		err = -ENOENT;
971 
972 	up_read(&hidp_session_sem);
973 	return err;
974 }
975 
976 static const struct hid_device_id hidp_table[] = {
977 	{ HID_BLUETOOTH_DEVICE(HID_ANY_ID, HID_ANY_ID) },
978 	{ }
979 };
980 
981 static struct hid_driver hidp_driver = {
982 	.name = "generic-bluetooth",
983 	.id_table = hidp_table,
984 };
985 
986 static int __init hidp_init(void)
987 {
988 	int ret;
989 
990 	l2cap_load();
991 
992 	BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
993 
994 	ret = hid_register_driver(&hidp_driver);
995 	if (ret)
996 		goto err;
997 
998 	ret = hidp_init_sockets();
999 	if (ret)
1000 		goto err_drv;
1001 
1002 	return 0;
1003 err_drv:
1004 	hid_unregister_driver(&hidp_driver);
1005 err:
1006 	return ret;
1007 }
1008 
1009 static void __exit hidp_exit(void)
1010 {
1011 	hidp_cleanup_sockets();
1012 	hid_unregister_driver(&hidp_driver);
1013 }
1014 
1015 module_init(hidp_init);
1016 module_exit(hidp_exit);
1017 
1018 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1019 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1020 MODULE_VERSION(VERSION);
1021 MODULE_LICENSE("GPL");
1022 MODULE_ALIAS("bt-proto-6");
1023