1 /* 2 HIDP implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org> 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License version 2 as 7 published by the Free Software Foundation; 8 9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 20 SOFTWARE IS DISCLAIMED. 21 */ 22 23 #include <linux/module.h> 24 25 #include <linux/types.h> 26 #include <linux/errno.h> 27 #include <linux/kernel.h> 28 #include <linux/sched.h> 29 #include <linux/slab.h> 30 #include <linux/poll.h> 31 #include <linux/freezer.h> 32 #include <linux/fcntl.h> 33 #include <linux/skbuff.h> 34 #include <linux/socket.h> 35 #include <linux/ioctl.h> 36 #include <linux/file.h> 37 #include <linux/init.h> 38 #include <linux/wait.h> 39 #include <linux/mutex.h> 40 #include <linux/kthread.h> 41 #include <net/sock.h> 42 43 #include <linux/input.h> 44 #include <linux/hid.h> 45 #include <linux/hidraw.h> 46 47 #include <net/bluetooth/bluetooth.h> 48 #include <net/bluetooth/hci_core.h> 49 #include <net/bluetooth/l2cap.h> 50 51 #include "hidp.h" 52 53 #define VERSION "1.2" 54 55 static DECLARE_RWSEM(hidp_session_sem); 56 static LIST_HEAD(hidp_session_list); 57 58 static unsigned char hidp_keycode[256] = { 59 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 60 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 61 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1, 62 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52, 63 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88, 64 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69, 65 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73, 66 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190, 67 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135, 68 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94, 69 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0, 70 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 71 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 72 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 73 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 74 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 75 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115, 76 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140 77 }; 78 79 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }; 80 81 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr) 82 { 83 struct hidp_session *session; 84 struct list_head *p; 85 86 BT_DBG(""); 87 88 list_for_each(p, &hidp_session_list) { 89 session = list_entry(p, struct hidp_session, list); 90 if (!bacmp(bdaddr, &session->bdaddr)) 91 return session; 92 } 93 return NULL; 94 } 95 96 static void __hidp_link_session(struct hidp_session *session) 97 { 98 __module_get(THIS_MODULE); 99 list_add(&session->list, &hidp_session_list); 100 101 hci_conn_hold_device(session->conn); 102 } 103 104 static void __hidp_unlink_session(struct hidp_session *session) 105 { 106 hci_conn_put_device(session->conn); 107 108 list_del(&session->list); 109 module_put(THIS_MODULE); 110 } 111 112 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci) 113 { 114 memset(ci, 0, sizeof(*ci)); 115 bacpy(&ci->bdaddr, &session->bdaddr); 116 117 ci->flags = session->flags; 118 ci->state = session->state; 119 120 ci->vendor = 0x0000; 121 ci->product = 0x0000; 122 ci->version = 0x0000; 123 124 if (session->input) { 125 ci->vendor = session->input->id.vendor; 126 ci->product = session->input->id.product; 127 ci->version = session->input->id.version; 128 if (session->input->name) 129 strncpy(ci->name, session->input->name, 128); 130 else 131 strncpy(ci->name, "HID Boot Device", 128); 132 } 133 134 if (session->hid) { 135 ci->vendor = session->hid->vendor; 136 ci->product = session->hid->product; 137 ci->version = session->hid->version; 138 strncpy(ci->name, session->hid->name, 128); 139 } 140 } 141 142 static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev, 143 unsigned int type, unsigned int code, int value) 144 { 145 unsigned char newleds; 146 struct sk_buff *skb; 147 148 BT_DBG("session %p type %d code %d value %d", session, type, code, value); 149 150 if (type != EV_LED) 151 return -1; 152 153 newleds = (!!test_bit(LED_KANA, dev->led) << 3) | 154 (!!test_bit(LED_COMPOSE, dev->led) << 3) | 155 (!!test_bit(LED_SCROLLL, dev->led) << 2) | 156 (!!test_bit(LED_CAPSL, dev->led) << 1) | 157 (!!test_bit(LED_NUML, dev->led)); 158 159 if (session->leds == newleds) 160 return 0; 161 162 session->leds = newleds; 163 164 skb = alloc_skb(3, GFP_ATOMIC); 165 if (!skb) { 166 BT_ERR("Can't allocate memory for new frame"); 167 return -ENOMEM; 168 } 169 170 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; 171 *skb_put(skb, 1) = 0x01; 172 *skb_put(skb, 1) = newleds; 173 174 skb_queue_tail(&session->intr_transmit, skb); 175 176 hidp_schedule(session); 177 178 return 0; 179 } 180 181 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 182 { 183 struct hid_device *hid = input_get_drvdata(dev); 184 struct hidp_session *session = hid->driver_data; 185 186 return hidp_queue_event(session, dev, type, code, value); 187 } 188 189 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 190 { 191 struct hidp_session *session = input_get_drvdata(dev); 192 193 return hidp_queue_event(session, dev, type, code, value); 194 } 195 196 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) 197 { 198 struct input_dev *dev = session->input; 199 unsigned char *keys = session->keys; 200 unsigned char *udata = skb->data + 1; 201 signed char *sdata = skb->data + 1; 202 int i, size = skb->len - 1; 203 204 switch (skb->data[0]) { 205 case 0x01: /* Keyboard report */ 206 for (i = 0; i < 8; i++) 207 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1); 208 209 /* If all the key codes have been set to 0x01, it means 210 * too many keys were pressed at the same time. */ 211 if (!memcmp(udata + 2, hidp_mkeyspat, 6)) 212 break; 213 214 for (i = 2; i < 8; i++) { 215 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) { 216 if (hidp_keycode[keys[i]]) 217 input_report_key(dev, hidp_keycode[keys[i]], 0); 218 else 219 BT_ERR("Unknown key (scancode %#x) released.", keys[i]); 220 } 221 222 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) { 223 if (hidp_keycode[udata[i]]) 224 input_report_key(dev, hidp_keycode[udata[i]], 1); 225 else 226 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]); 227 } 228 } 229 230 memcpy(keys, udata, 8); 231 break; 232 233 case 0x02: /* Mouse report */ 234 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01); 235 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02); 236 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04); 237 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08); 238 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10); 239 240 input_report_rel(dev, REL_X, sdata[1]); 241 input_report_rel(dev, REL_Y, sdata[2]); 242 243 if (size > 3) 244 input_report_rel(dev, REL_WHEEL, sdata[3]); 245 break; 246 } 247 248 input_sync(dev); 249 } 250 251 static int __hidp_send_ctrl_message(struct hidp_session *session, 252 unsigned char hdr, unsigned char *data, int size) 253 { 254 struct sk_buff *skb; 255 256 BT_DBG("session %p data %p size %d", session, data, size); 257 258 skb = alloc_skb(size + 1, GFP_ATOMIC); 259 if (!skb) { 260 BT_ERR("Can't allocate memory for new frame"); 261 return -ENOMEM; 262 } 263 264 *skb_put(skb, 1) = hdr; 265 if (data && size > 0) 266 memcpy(skb_put(skb, size), data, size); 267 268 skb_queue_tail(&session->ctrl_transmit, skb); 269 270 return 0; 271 } 272 273 static inline int hidp_send_ctrl_message(struct hidp_session *session, 274 unsigned char hdr, unsigned char *data, int size) 275 { 276 int err; 277 278 err = __hidp_send_ctrl_message(session, hdr, data, size); 279 280 hidp_schedule(session); 281 282 return err; 283 } 284 285 static int hidp_queue_report(struct hidp_session *session, 286 unsigned char *data, int size) 287 { 288 struct sk_buff *skb; 289 290 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size); 291 292 skb = alloc_skb(size + 1, GFP_ATOMIC); 293 if (!skb) { 294 BT_ERR("Can't allocate memory for new frame"); 295 return -ENOMEM; 296 } 297 298 *skb_put(skb, 1) = 0xa2; 299 if (size > 0) 300 memcpy(skb_put(skb, size), data, size); 301 302 skb_queue_tail(&session->intr_transmit, skb); 303 304 hidp_schedule(session); 305 306 return 0; 307 } 308 309 static int hidp_send_report(struct hidp_session *session, struct hid_report *report) 310 { 311 unsigned char buf[32]; 312 int rsize; 313 314 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0); 315 if (rsize > sizeof(buf)) 316 return -EIO; 317 318 hid_output_report(report, buf); 319 320 return hidp_queue_report(session, buf, rsize); 321 } 322 323 static int hidp_get_raw_report(struct hid_device *hid, 324 unsigned char report_number, 325 unsigned char *data, size_t count, 326 unsigned char report_type) 327 { 328 struct hidp_session *session = hid->driver_data; 329 struct sk_buff *skb; 330 size_t len; 331 int numbered_reports = hid->report_enum[report_type].numbered; 332 333 switch (report_type) { 334 case HID_FEATURE_REPORT: 335 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE; 336 break; 337 case HID_INPUT_REPORT: 338 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT; 339 break; 340 case HID_OUTPUT_REPORT: 341 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT; 342 break; 343 default: 344 return -EINVAL; 345 } 346 347 if (mutex_lock_interruptible(&session->report_mutex)) 348 return -ERESTARTSYS; 349 350 /* Set up our wait, and send the report request to the device. */ 351 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK; 352 session->waiting_report_number = numbered_reports ? report_number : -1; 353 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 354 data[0] = report_number; 355 if (hidp_send_ctrl_message(hid->driver_data, report_type, data, 1)) 356 goto err_eio; 357 358 /* Wait for the return of the report. The returned report 359 gets put in session->report_return. */ 360 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) { 361 int res; 362 363 res = wait_event_interruptible_timeout(session->report_queue, 364 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags), 365 5*HZ); 366 if (res == 0) { 367 /* timeout */ 368 goto err_eio; 369 } 370 if (res < 0) { 371 /* signal */ 372 goto err_restartsys; 373 } 374 } 375 376 skb = session->report_return; 377 if (skb) { 378 len = skb->len < count ? skb->len : count; 379 memcpy(data, skb->data, len); 380 381 kfree_skb(skb); 382 session->report_return = NULL; 383 } else { 384 /* Device returned a HANDSHAKE, indicating protocol error. */ 385 len = -EIO; 386 } 387 388 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 389 mutex_unlock(&session->report_mutex); 390 391 return len; 392 393 err_restartsys: 394 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 395 mutex_unlock(&session->report_mutex); 396 return -ERESTARTSYS; 397 err_eio: 398 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 399 mutex_unlock(&session->report_mutex); 400 return -EIO; 401 } 402 403 static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count, 404 unsigned char report_type) 405 { 406 struct hidp_session *session = hid->driver_data; 407 int ret; 408 409 switch (report_type) { 410 case HID_FEATURE_REPORT: 411 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE; 412 break; 413 case HID_OUTPUT_REPORT: 414 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT; 415 break; 416 default: 417 return -EINVAL; 418 } 419 420 if (mutex_lock_interruptible(&session->report_mutex)) 421 return -ERESTARTSYS; 422 423 /* Set up our wait, and send the report request to the device. */ 424 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); 425 if (hidp_send_ctrl_message(hid->driver_data, report_type, 426 data, count)) { 427 ret = -ENOMEM; 428 goto err; 429 } 430 431 /* Wait for the ACK from the device. */ 432 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) { 433 int res; 434 435 res = wait_event_interruptible_timeout(session->report_queue, 436 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags), 437 10*HZ); 438 if (res == 0) { 439 /* timeout */ 440 ret = -EIO; 441 goto err; 442 } 443 if (res < 0) { 444 /* signal */ 445 ret = -ERESTARTSYS; 446 goto err; 447 } 448 } 449 450 if (!session->output_report_success) { 451 ret = -EIO; 452 goto err; 453 } 454 455 ret = count; 456 457 err: 458 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); 459 mutex_unlock(&session->report_mutex); 460 return ret; 461 } 462 463 static void hidp_idle_timeout(unsigned long arg) 464 { 465 struct hidp_session *session = (struct hidp_session *) arg; 466 467 atomic_inc(&session->terminate); 468 wake_up_process(session->task); 469 } 470 471 static void hidp_set_timer(struct hidp_session *session) 472 { 473 if (session->idle_to > 0) 474 mod_timer(&session->timer, jiffies + HZ * session->idle_to); 475 } 476 477 static inline void hidp_del_timer(struct hidp_session *session) 478 { 479 if (session->idle_to > 0) 480 del_timer(&session->timer); 481 } 482 483 static void hidp_process_handshake(struct hidp_session *session, 484 unsigned char param) 485 { 486 BT_DBG("session %p param 0x%02x", session, param); 487 session->output_report_success = 0; /* default condition */ 488 489 switch (param) { 490 case HIDP_HSHK_SUCCESSFUL: 491 /* FIXME: Call into SET_ GET_ handlers here */ 492 session->output_report_success = 1; 493 break; 494 495 case HIDP_HSHK_NOT_READY: 496 case HIDP_HSHK_ERR_INVALID_REPORT_ID: 497 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST: 498 case HIDP_HSHK_ERR_INVALID_PARAMETER: 499 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) { 500 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 501 wake_up_interruptible(&session->report_queue); 502 } 503 /* FIXME: Call into SET_ GET_ handlers here */ 504 break; 505 506 case HIDP_HSHK_ERR_UNKNOWN: 507 break; 508 509 case HIDP_HSHK_ERR_FATAL: 510 /* Device requests a reboot, as this is the only way this error 511 * can be recovered. */ 512 __hidp_send_ctrl_message(session, 513 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0); 514 break; 515 516 default: 517 __hidp_send_ctrl_message(session, 518 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 519 break; 520 } 521 522 /* Wake up the waiting thread. */ 523 if (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) { 524 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); 525 wake_up_interruptible(&session->report_queue); 526 } 527 } 528 529 static void hidp_process_hid_control(struct hidp_session *session, 530 unsigned char param) 531 { 532 BT_DBG("session %p param 0x%02x", session, param); 533 534 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) { 535 /* Flush the transmit queues */ 536 skb_queue_purge(&session->ctrl_transmit); 537 skb_queue_purge(&session->intr_transmit); 538 539 atomic_inc(&session->terminate); 540 wake_up_process(current); 541 } 542 } 543 544 /* Returns true if the passed-in skb should be freed by the caller. */ 545 static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb, 546 unsigned char param) 547 { 548 int done_with_skb = 1; 549 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param); 550 551 switch (param) { 552 case HIDP_DATA_RTYPE_INPUT: 553 hidp_set_timer(session); 554 555 if (session->input) 556 hidp_input_report(session, skb); 557 558 if (session->hid) 559 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0); 560 break; 561 562 case HIDP_DATA_RTYPE_OTHER: 563 case HIDP_DATA_RTYPE_OUPUT: 564 case HIDP_DATA_RTYPE_FEATURE: 565 break; 566 567 default: 568 __hidp_send_ctrl_message(session, 569 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 570 } 571 572 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) && 573 param == session->waiting_report_type) { 574 if (session->waiting_report_number < 0 || 575 session->waiting_report_number == skb->data[0]) { 576 /* hidp_get_raw_report() is waiting on this report. */ 577 session->report_return = skb; 578 done_with_skb = 0; 579 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 580 wake_up_interruptible(&session->report_queue); 581 } 582 } 583 584 return done_with_skb; 585 } 586 587 static void hidp_recv_ctrl_frame(struct hidp_session *session, 588 struct sk_buff *skb) 589 { 590 unsigned char hdr, type, param; 591 int free_skb = 1; 592 593 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 594 595 hdr = skb->data[0]; 596 skb_pull(skb, 1); 597 598 type = hdr & HIDP_HEADER_TRANS_MASK; 599 param = hdr & HIDP_HEADER_PARAM_MASK; 600 601 switch (type) { 602 case HIDP_TRANS_HANDSHAKE: 603 hidp_process_handshake(session, param); 604 break; 605 606 case HIDP_TRANS_HID_CONTROL: 607 hidp_process_hid_control(session, param); 608 break; 609 610 case HIDP_TRANS_DATA: 611 free_skb = hidp_process_data(session, skb, param); 612 break; 613 614 default: 615 __hidp_send_ctrl_message(session, 616 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0); 617 break; 618 } 619 620 if (free_skb) 621 kfree_skb(skb); 622 } 623 624 static void hidp_recv_intr_frame(struct hidp_session *session, 625 struct sk_buff *skb) 626 { 627 unsigned char hdr; 628 629 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 630 631 hdr = skb->data[0]; 632 skb_pull(skb, 1); 633 634 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) { 635 hidp_set_timer(session); 636 637 if (session->input) 638 hidp_input_report(session, skb); 639 640 if (session->hid) { 641 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1); 642 BT_DBG("report len %d", skb->len); 643 } 644 } else { 645 BT_DBG("Unsupported protocol header 0x%02x", hdr); 646 } 647 648 kfree_skb(skb); 649 } 650 651 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len) 652 { 653 struct kvec iv = { data, len }; 654 struct msghdr msg; 655 656 BT_DBG("sock %p data %p len %d", sock, data, len); 657 658 if (!len) 659 return 0; 660 661 memset(&msg, 0, sizeof(msg)); 662 663 return kernel_sendmsg(sock, &msg, &iv, 1, len); 664 } 665 666 static void hidp_process_transmit(struct hidp_session *session) 667 { 668 struct sk_buff *skb; 669 670 BT_DBG("session %p", session); 671 672 while ((skb = skb_dequeue(&session->ctrl_transmit))) { 673 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) { 674 skb_queue_head(&session->ctrl_transmit, skb); 675 break; 676 } 677 678 hidp_set_timer(session); 679 kfree_skb(skb); 680 } 681 682 while ((skb = skb_dequeue(&session->intr_transmit))) { 683 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) { 684 skb_queue_head(&session->intr_transmit, skb); 685 break; 686 } 687 688 hidp_set_timer(session); 689 kfree_skb(skb); 690 } 691 } 692 693 static int hidp_session(void *arg) 694 { 695 struct hidp_session *session = arg; 696 struct sock *ctrl_sk = session->ctrl_sock->sk; 697 struct sock *intr_sk = session->intr_sock->sk; 698 struct sk_buff *skb; 699 wait_queue_t ctrl_wait, intr_wait; 700 701 BT_DBG("session %p", session); 702 703 set_user_nice(current, -15); 704 705 init_waitqueue_entry(&ctrl_wait, current); 706 init_waitqueue_entry(&intr_wait, current); 707 add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait); 708 add_wait_queue(sk_sleep(intr_sk), &intr_wait); 709 session->waiting_for_startup = 0; 710 wake_up_interruptible(&session->startup_queue); 711 set_current_state(TASK_INTERRUPTIBLE); 712 while (!atomic_read(&session->terminate)) { 713 if (ctrl_sk->sk_state != BT_CONNECTED || 714 intr_sk->sk_state != BT_CONNECTED) 715 break; 716 717 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) { 718 skb_orphan(skb); 719 hidp_recv_ctrl_frame(session, skb); 720 } 721 722 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) { 723 skb_orphan(skb); 724 hidp_recv_intr_frame(session, skb); 725 } 726 727 hidp_process_transmit(session); 728 729 schedule(); 730 set_current_state(TASK_INTERRUPTIBLE); 731 } 732 set_current_state(TASK_RUNNING); 733 remove_wait_queue(sk_sleep(intr_sk), &intr_wait); 734 remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait); 735 736 down_write(&hidp_session_sem); 737 738 hidp_del_timer(session); 739 740 if (session->input) { 741 input_unregister_device(session->input); 742 session->input = NULL; 743 } 744 745 if (session->hid) { 746 hid_destroy_device(session->hid); 747 session->hid = NULL; 748 } 749 750 /* Wakeup user-space polling for socket errors */ 751 session->intr_sock->sk->sk_err = EUNATCH; 752 session->ctrl_sock->sk->sk_err = EUNATCH; 753 754 hidp_schedule(session); 755 756 fput(session->intr_sock->file); 757 758 wait_event_timeout(*(sk_sleep(ctrl_sk)), 759 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500)); 760 761 fput(session->ctrl_sock->file); 762 763 __hidp_unlink_session(session); 764 765 up_write(&hidp_session_sem); 766 767 kfree(session->rd_data); 768 kfree(session); 769 return 0; 770 } 771 772 static struct device *hidp_get_device(struct hidp_session *session) 773 { 774 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src; 775 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst; 776 struct device *device = NULL; 777 struct hci_dev *hdev; 778 779 hdev = hci_get_route(dst, src); 780 if (!hdev) 781 return NULL; 782 783 session->conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 784 if (session->conn) 785 device = &session->conn->dev; 786 787 hci_dev_put(hdev); 788 789 return device; 790 } 791 792 static int hidp_setup_input(struct hidp_session *session, 793 struct hidp_connadd_req *req) 794 { 795 struct input_dev *input; 796 int err, i; 797 798 input = input_allocate_device(); 799 if (!input) 800 return -ENOMEM; 801 802 session->input = input; 803 804 input_set_drvdata(input, session); 805 806 input->name = "Bluetooth HID Boot Protocol Device"; 807 808 input->id.bustype = BUS_BLUETOOTH; 809 input->id.vendor = req->vendor; 810 input->id.product = req->product; 811 input->id.version = req->version; 812 813 if (req->subclass & 0x40) { 814 set_bit(EV_KEY, input->evbit); 815 set_bit(EV_LED, input->evbit); 816 set_bit(EV_REP, input->evbit); 817 818 set_bit(LED_NUML, input->ledbit); 819 set_bit(LED_CAPSL, input->ledbit); 820 set_bit(LED_SCROLLL, input->ledbit); 821 set_bit(LED_COMPOSE, input->ledbit); 822 set_bit(LED_KANA, input->ledbit); 823 824 for (i = 0; i < sizeof(hidp_keycode); i++) 825 set_bit(hidp_keycode[i], input->keybit); 826 clear_bit(0, input->keybit); 827 } 828 829 if (req->subclass & 0x80) { 830 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL); 831 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) | 832 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE); 833 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y); 834 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) | 835 BIT_MASK(BTN_EXTRA); 836 input->relbit[0] |= BIT_MASK(REL_WHEEL); 837 } 838 839 input->dev.parent = hidp_get_device(session); 840 841 input->event = hidp_input_event; 842 843 err = input_register_device(input); 844 if (err < 0) { 845 input_free_device(input); 846 session->input = NULL; 847 return err; 848 } 849 850 return 0; 851 } 852 853 static int hidp_open(struct hid_device *hid) 854 { 855 return 0; 856 } 857 858 static void hidp_close(struct hid_device *hid) 859 { 860 } 861 862 static int hidp_parse(struct hid_device *hid) 863 { 864 struct hidp_session *session = hid->driver_data; 865 866 return hid_parse_report(session->hid, session->rd_data, 867 session->rd_size); 868 } 869 870 static int hidp_start(struct hid_device *hid) 871 { 872 struct hidp_session *session = hid->driver_data; 873 struct hid_report *report; 874 875 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT]. 876 report_list, list) 877 hidp_send_report(session, report); 878 879 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT]. 880 report_list, list) 881 hidp_send_report(session, report); 882 883 return 0; 884 } 885 886 static void hidp_stop(struct hid_device *hid) 887 { 888 struct hidp_session *session = hid->driver_data; 889 890 skb_queue_purge(&session->ctrl_transmit); 891 skb_queue_purge(&session->intr_transmit); 892 893 hid->claimed = 0; 894 } 895 896 static struct hid_ll_driver hidp_hid_driver = { 897 .parse = hidp_parse, 898 .start = hidp_start, 899 .stop = hidp_stop, 900 .open = hidp_open, 901 .close = hidp_close, 902 .hidinput_input_event = hidp_hidinput_event, 903 }; 904 905 /* This function sets up the hid device. It does not add it 906 to the HID system. That is done in hidp_add_connection(). */ 907 static int hidp_setup_hid(struct hidp_session *session, 908 struct hidp_connadd_req *req) 909 { 910 struct hid_device *hid; 911 int err; 912 913 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL); 914 if (!session->rd_data) 915 return -ENOMEM; 916 917 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) { 918 err = -EFAULT; 919 goto fault; 920 } 921 session->rd_size = req->rd_size; 922 923 hid = hid_allocate_device(); 924 if (IS_ERR(hid)) { 925 err = PTR_ERR(hid); 926 goto fault; 927 } 928 929 session->hid = hid; 930 931 hid->driver_data = session; 932 933 hid->bus = BUS_BLUETOOTH; 934 hid->vendor = req->vendor; 935 hid->product = req->product; 936 hid->version = req->version; 937 hid->country = req->country; 938 939 strncpy(hid->name, req->name, 128); 940 strncpy(hid->phys, batostr(&bt_sk(session->ctrl_sock->sk)->src), 64); 941 strncpy(hid->uniq, batostr(&bt_sk(session->ctrl_sock->sk)->dst), 64); 942 943 hid->dev.parent = hidp_get_device(session); 944 hid->ll_driver = &hidp_hid_driver; 945 946 hid->hid_get_raw_report = hidp_get_raw_report; 947 hid->hid_output_raw_report = hidp_output_raw_report; 948 949 return 0; 950 951 fault: 952 kfree(session->rd_data); 953 session->rd_data = NULL; 954 955 return err; 956 } 957 958 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock) 959 { 960 struct hidp_session *session, *s; 961 int vendor, product; 962 int err; 963 964 BT_DBG(""); 965 966 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) || 967 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst)) 968 return -ENOTUNIQ; 969 970 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL); 971 if (!session) 972 return -ENOMEM; 973 974 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size); 975 976 down_write(&hidp_session_sem); 977 978 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst); 979 if (s && s->state == BT_CONNECTED) { 980 err = -EEXIST; 981 goto failed; 982 } 983 984 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst); 985 986 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->chan->omtu, 987 l2cap_pi(ctrl_sock->sk)->chan->imtu); 988 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->chan->omtu, 989 l2cap_pi(intr_sock->sk)->chan->imtu); 990 991 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu); 992 993 session->ctrl_sock = ctrl_sock; 994 session->intr_sock = intr_sock; 995 session->state = BT_CONNECTED; 996 997 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session); 998 999 skb_queue_head_init(&session->ctrl_transmit); 1000 skb_queue_head_init(&session->intr_transmit); 1001 1002 mutex_init(&session->report_mutex); 1003 init_waitqueue_head(&session->report_queue); 1004 init_waitqueue_head(&session->startup_queue); 1005 session->waiting_for_startup = 1; 1006 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID); 1007 session->idle_to = req->idle_to; 1008 1009 if (req->rd_size > 0) { 1010 err = hidp_setup_hid(session, req); 1011 if (err && err != -ENODEV) 1012 goto purge; 1013 } 1014 1015 if (!session->hid) { 1016 err = hidp_setup_input(session, req); 1017 if (err < 0) 1018 goto purge; 1019 } 1020 1021 __hidp_link_session(session); 1022 1023 hidp_set_timer(session); 1024 1025 if (session->hid) { 1026 vendor = session->hid->vendor; 1027 product = session->hid->product; 1028 } else if (session->input) { 1029 vendor = session->input->id.vendor; 1030 product = session->input->id.product; 1031 } else { 1032 vendor = 0x0000; 1033 product = 0x0000; 1034 } 1035 1036 session->task = kthread_run(hidp_session, session, "khidpd_%04x%04x", 1037 vendor, product); 1038 if (IS_ERR(session->task)) { 1039 err = PTR_ERR(session->task); 1040 goto unlink; 1041 } 1042 1043 while (session->waiting_for_startup) { 1044 wait_event_interruptible(session->startup_queue, 1045 !session->waiting_for_startup); 1046 } 1047 1048 err = hid_add_device(session->hid); 1049 if (err < 0) { 1050 atomic_inc(&session->terminate); 1051 wake_up_process(session->task); 1052 up_write(&hidp_session_sem); 1053 return err; 1054 } 1055 1056 if (session->input) { 1057 hidp_send_ctrl_message(session, 1058 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0); 1059 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE); 1060 1061 session->leds = 0xff; 1062 hidp_input_event(session->input, EV_LED, 0, 0); 1063 } 1064 1065 up_write(&hidp_session_sem); 1066 return 0; 1067 1068 unlink: 1069 hidp_del_timer(session); 1070 1071 __hidp_unlink_session(session); 1072 1073 if (session->input) { 1074 input_unregister_device(session->input); 1075 session->input = NULL; 1076 } 1077 1078 if (session->hid) { 1079 hid_destroy_device(session->hid); 1080 session->hid = NULL; 1081 } 1082 1083 kfree(session->rd_data); 1084 session->rd_data = NULL; 1085 1086 purge: 1087 skb_queue_purge(&session->ctrl_transmit); 1088 skb_queue_purge(&session->intr_transmit); 1089 1090 failed: 1091 up_write(&hidp_session_sem); 1092 1093 kfree(session); 1094 return err; 1095 } 1096 1097 int hidp_del_connection(struct hidp_conndel_req *req) 1098 { 1099 struct hidp_session *session; 1100 int err = 0; 1101 1102 BT_DBG(""); 1103 1104 down_read(&hidp_session_sem); 1105 1106 session = __hidp_get_session(&req->bdaddr); 1107 if (session) { 1108 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) { 1109 hidp_send_ctrl_message(session, 1110 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0); 1111 } else { 1112 /* Flush the transmit queues */ 1113 skb_queue_purge(&session->ctrl_transmit); 1114 skb_queue_purge(&session->intr_transmit); 1115 1116 atomic_inc(&session->terminate); 1117 wake_up_process(session->task); 1118 } 1119 } else 1120 err = -ENOENT; 1121 1122 up_read(&hidp_session_sem); 1123 return err; 1124 } 1125 1126 int hidp_get_connlist(struct hidp_connlist_req *req) 1127 { 1128 struct list_head *p; 1129 int err = 0, n = 0; 1130 1131 BT_DBG(""); 1132 1133 down_read(&hidp_session_sem); 1134 1135 list_for_each(p, &hidp_session_list) { 1136 struct hidp_session *session; 1137 struct hidp_conninfo ci; 1138 1139 session = list_entry(p, struct hidp_session, list); 1140 1141 __hidp_copy_session(session, &ci); 1142 1143 if (copy_to_user(req->ci, &ci, sizeof(ci))) { 1144 err = -EFAULT; 1145 break; 1146 } 1147 1148 if (++n >= req->cnum) 1149 break; 1150 1151 req->ci++; 1152 } 1153 req->cnum = n; 1154 1155 up_read(&hidp_session_sem); 1156 return err; 1157 } 1158 1159 int hidp_get_conninfo(struct hidp_conninfo *ci) 1160 { 1161 struct hidp_session *session; 1162 int err = 0; 1163 1164 down_read(&hidp_session_sem); 1165 1166 session = __hidp_get_session(&ci->bdaddr); 1167 if (session) 1168 __hidp_copy_session(session, ci); 1169 else 1170 err = -ENOENT; 1171 1172 up_read(&hidp_session_sem); 1173 return err; 1174 } 1175 1176 static const struct hid_device_id hidp_table[] = { 1177 { HID_BLUETOOTH_DEVICE(HID_ANY_ID, HID_ANY_ID) }, 1178 { } 1179 }; 1180 1181 static struct hid_driver hidp_driver = { 1182 .name = "generic-bluetooth", 1183 .id_table = hidp_table, 1184 }; 1185 1186 static int __init hidp_init(void) 1187 { 1188 int ret; 1189 1190 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION); 1191 1192 ret = hid_register_driver(&hidp_driver); 1193 if (ret) 1194 goto err; 1195 1196 ret = hidp_init_sockets(); 1197 if (ret) 1198 goto err_drv; 1199 1200 return 0; 1201 err_drv: 1202 hid_unregister_driver(&hidp_driver); 1203 err: 1204 return ret; 1205 } 1206 1207 static void __exit hidp_exit(void) 1208 { 1209 hidp_cleanup_sockets(); 1210 hid_unregister_driver(&hidp_driver); 1211 } 1212 1213 module_init(hidp_init); 1214 module_exit(hidp_exit); 1215 1216 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 1217 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION); 1218 MODULE_VERSION(VERSION); 1219 MODULE_LICENSE("GPL"); 1220 MODULE_ALIAS("bt-proto-6"); 1221