1 /* 2 HIDP implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org> 4 Copyright (C) 2013 David Herrmann <dh.herrmann@gmail.com> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 #include <linux/kref.h> 25 #include <linux/module.h> 26 #include <linux/file.h> 27 #include <linux/kthread.h> 28 #include <linux/hidraw.h> 29 30 #include <net/bluetooth/bluetooth.h> 31 #include <net/bluetooth/hci_core.h> 32 #include <net/bluetooth/l2cap.h> 33 34 #include "hidp.h" 35 36 #define VERSION "1.2" 37 38 static DECLARE_RWSEM(hidp_session_sem); 39 static LIST_HEAD(hidp_session_list); 40 41 static unsigned char hidp_keycode[256] = { 42 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 43 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 44 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1, 45 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52, 46 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88, 47 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69, 48 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73, 49 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190, 50 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135, 51 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94, 52 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0, 53 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 54 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 55 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 56 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 57 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 58 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115, 59 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140 60 }; 61 62 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }; 63 64 static int hidp_session_probe(struct l2cap_conn *conn, 65 struct l2cap_user *user); 66 static void hidp_session_remove(struct l2cap_conn *conn, 67 struct l2cap_user *user); 68 static int hidp_session_thread(void *arg); 69 static void hidp_session_terminate(struct hidp_session *s); 70 71 static void hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci) 72 { 73 memset(ci, 0, sizeof(*ci)); 74 bacpy(&ci->bdaddr, &session->bdaddr); 75 76 ci->flags = session->flags; 77 ci->state = BT_CONNECTED; 78 79 if (session->input) { 80 ci->vendor = session->input->id.vendor; 81 ci->product = session->input->id.product; 82 ci->version = session->input->id.version; 83 if (session->input->name) 84 strlcpy(ci->name, session->input->name, 128); 85 else 86 strlcpy(ci->name, "HID Boot Device", 128); 87 } else if (session->hid) { 88 ci->vendor = session->hid->vendor; 89 ci->product = session->hid->product; 90 ci->version = session->hid->version; 91 strlcpy(ci->name, session->hid->name, 128); 92 } 93 } 94 95 /* assemble skb, queue message on @transmit and wake up the session thread */ 96 static int hidp_send_message(struct hidp_session *session, struct socket *sock, 97 struct sk_buff_head *transmit, unsigned char hdr, 98 const unsigned char *data, int size) 99 { 100 struct sk_buff *skb; 101 struct sock *sk = sock->sk; 102 103 BT_DBG("session %p data %p size %d", session, data, size); 104 105 if (atomic_read(&session->terminate)) 106 return -EIO; 107 108 skb = alloc_skb(size + 1, GFP_ATOMIC); 109 if (!skb) { 110 BT_ERR("Can't allocate memory for new frame"); 111 return -ENOMEM; 112 } 113 114 *skb_put(skb, 1) = hdr; 115 if (data && size > 0) 116 memcpy(skb_put(skb, size), data, size); 117 118 skb_queue_tail(transmit, skb); 119 wake_up_interruptible(sk_sleep(sk)); 120 121 return 0; 122 } 123 124 static int hidp_send_ctrl_message(struct hidp_session *session, 125 unsigned char hdr, const unsigned char *data, 126 int size) 127 { 128 return hidp_send_message(session, session->ctrl_sock, 129 &session->ctrl_transmit, hdr, data, size); 130 } 131 132 static int hidp_send_intr_message(struct hidp_session *session, 133 unsigned char hdr, const unsigned char *data, 134 int size) 135 { 136 return hidp_send_message(session, session->intr_sock, 137 &session->intr_transmit, hdr, data, size); 138 } 139 140 static int hidp_input_event(struct input_dev *dev, unsigned int type, 141 unsigned int code, int value) 142 { 143 struct hidp_session *session = input_get_drvdata(dev); 144 unsigned char newleds; 145 unsigned char hdr, data[2]; 146 147 BT_DBG("session %p type %d code %d value %d", 148 session, type, code, value); 149 150 if (type != EV_LED) 151 return -1; 152 153 newleds = (!!test_bit(LED_KANA, dev->led) << 3) | 154 (!!test_bit(LED_COMPOSE, dev->led) << 3) | 155 (!!test_bit(LED_SCROLLL, dev->led) << 2) | 156 (!!test_bit(LED_CAPSL, dev->led) << 1) | 157 (!!test_bit(LED_NUML, dev->led)); 158 159 if (session->leds == newleds) 160 return 0; 161 162 session->leds = newleds; 163 164 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; 165 data[0] = 0x01; 166 data[1] = newleds; 167 168 return hidp_send_intr_message(session, hdr, data, 2); 169 } 170 171 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) 172 { 173 struct input_dev *dev = session->input; 174 unsigned char *keys = session->keys; 175 unsigned char *udata = skb->data + 1; 176 signed char *sdata = skb->data + 1; 177 int i, size = skb->len - 1; 178 179 switch (skb->data[0]) { 180 case 0x01: /* Keyboard report */ 181 for (i = 0; i < 8; i++) 182 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1); 183 184 /* If all the key codes have been set to 0x01, it means 185 * too many keys were pressed at the same time. */ 186 if (!memcmp(udata + 2, hidp_mkeyspat, 6)) 187 break; 188 189 for (i = 2; i < 8; i++) { 190 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) { 191 if (hidp_keycode[keys[i]]) 192 input_report_key(dev, hidp_keycode[keys[i]], 0); 193 else 194 BT_ERR("Unknown key (scancode %#x) released.", keys[i]); 195 } 196 197 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) { 198 if (hidp_keycode[udata[i]]) 199 input_report_key(dev, hidp_keycode[udata[i]], 1); 200 else 201 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]); 202 } 203 } 204 205 memcpy(keys, udata, 8); 206 break; 207 208 case 0x02: /* Mouse report */ 209 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01); 210 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02); 211 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04); 212 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08); 213 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10); 214 215 input_report_rel(dev, REL_X, sdata[1]); 216 input_report_rel(dev, REL_Y, sdata[2]); 217 218 if (size > 3) 219 input_report_rel(dev, REL_WHEEL, sdata[3]); 220 break; 221 } 222 223 input_sync(dev); 224 } 225 226 static int hidp_send_report(struct hidp_session *session, struct hid_report *report) 227 { 228 unsigned char hdr; 229 u8 *buf; 230 int rsize, ret; 231 232 buf = hid_alloc_report_buf(report, GFP_ATOMIC); 233 if (!buf) 234 return -EIO; 235 236 hid_output_report(report, buf); 237 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; 238 239 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0); 240 ret = hidp_send_intr_message(session, hdr, buf, rsize); 241 242 kfree(buf); 243 return ret; 244 } 245 246 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, 247 unsigned int code, int value) 248 { 249 struct hid_device *hid = input_get_drvdata(dev); 250 struct hidp_session *session = hid->driver_data; 251 struct hid_field *field; 252 int offset; 253 254 BT_DBG("session %p type %d code %d value %d", 255 session, type, code, value); 256 257 if (type != EV_LED) 258 return -1; 259 260 offset = hidinput_find_field(hid, type, code, &field); 261 if (offset == -1) { 262 hid_warn(dev, "event field not found\n"); 263 return -1; 264 } 265 266 hid_set_field(field, offset, value); 267 268 return hidp_send_report(session, field->report); 269 } 270 271 static int hidp_get_raw_report(struct hid_device *hid, 272 unsigned char report_number, 273 unsigned char *data, size_t count, 274 unsigned char report_type) 275 { 276 struct hidp_session *session = hid->driver_data; 277 struct sk_buff *skb; 278 size_t len; 279 int numbered_reports = hid->report_enum[report_type].numbered; 280 int ret; 281 282 if (atomic_read(&session->terminate)) 283 return -EIO; 284 285 switch (report_type) { 286 case HID_FEATURE_REPORT: 287 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE; 288 break; 289 case HID_INPUT_REPORT: 290 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT; 291 break; 292 case HID_OUTPUT_REPORT: 293 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT; 294 break; 295 default: 296 return -EINVAL; 297 } 298 299 if (mutex_lock_interruptible(&session->report_mutex)) 300 return -ERESTARTSYS; 301 302 /* Set up our wait, and send the report request to the device. */ 303 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK; 304 session->waiting_report_number = numbered_reports ? report_number : -1; 305 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 306 data[0] = report_number; 307 ret = hidp_send_ctrl_message(session, report_type, data, 1); 308 if (ret) 309 goto err; 310 311 /* Wait for the return of the report. The returned report 312 gets put in session->report_return. */ 313 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) && 314 !atomic_read(&session->terminate)) { 315 int res; 316 317 res = wait_event_interruptible_timeout(session->report_queue, 318 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) 319 || atomic_read(&session->terminate), 320 5*HZ); 321 if (res == 0) { 322 /* timeout */ 323 ret = -EIO; 324 goto err; 325 } 326 if (res < 0) { 327 /* signal */ 328 ret = -ERESTARTSYS; 329 goto err; 330 } 331 } 332 333 skb = session->report_return; 334 if (skb) { 335 len = skb->len < count ? skb->len : count; 336 memcpy(data, skb->data, len); 337 338 kfree_skb(skb); 339 session->report_return = NULL; 340 } else { 341 /* Device returned a HANDSHAKE, indicating protocol error. */ 342 len = -EIO; 343 } 344 345 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 346 mutex_unlock(&session->report_mutex); 347 348 return len; 349 350 err: 351 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 352 mutex_unlock(&session->report_mutex); 353 return ret; 354 } 355 356 static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count, 357 unsigned char report_type) 358 { 359 struct hidp_session *session = hid->driver_data; 360 int ret; 361 362 if (report_type == HID_OUTPUT_REPORT) { 363 report_type = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; 364 return hidp_send_intr_message(session, report_type, 365 data, count); 366 } else if (report_type != HID_FEATURE_REPORT) { 367 return -EINVAL; 368 } 369 370 if (mutex_lock_interruptible(&session->report_mutex)) 371 return -ERESTARTSYS; 372 373 /* Set up our wait, and send the report request to the device. */ 374 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); 375 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE; 376 ret = hidp_send_ctrl_message(session, report_type, data, count); 377 if (ret) 378 goto err; 379 380 /* Wait for the ACK from the device. */ 381 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) && 382 !atomic_read(&session->terminate)) { 383 int res; 384 385 res = wait_event_interruptible_timeout(session->report_queue, 386 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) 387 || atomic_read(&session->terminate), 388 10*HZ); 389 if (res == 0) { 390 /* timeout */ 391 ret = -EIO; 392 goto err; 393 } 394 if (res < 0) { 395 /* signal */ 396 ret = -ERESTARTSYS; 397 goto err; 398 } 399 } 400 401 if (!session->output_report_success) { 402 ret = -EIO; 403 goto err; 404 } 405 406 ret = count; 407 408 err: 409 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); 410 mutex_unlock(&session->report_mutex); 411 return ret; 412 } 413 414 static void hidp_idle_timeout(unsigned long arg) 415 { 416 struct hidp_session *session = (struct hidp_session *) arg; 417 418 hidp_session_terminate(session); 419 } 420 421 static void hidp_set_timer(struct hidp_session *session) 422 { 423 if (session->idle_to > 0) 424 mod_timer(&session->timer, jiffies + HZ * session->idle_to); 425 } 426 427 static void hidp_del_timer(struct hidp_session *session) 428 { 429 if (session->idle_to > 0) 430 del_timer(&session->timer); 431 } 432 433 static void hidp_process_report(struct hidp_session *session, 434 int type, const u8 *data, int len, int intr) 435 { 436 if (len > HID_MAX_BUFFER_SIZE) 437 len = HID_MAX_BUFFER_SIZE; 438 439 memcpy(session->input_buf, data, len); 440 hid_input_report(session->hid, type, session->input_buf, len, intr); 441 } 442 443 static void hidp_process_handshake(struct hidp_session *session, 444 unsigned char param) 445 { 446 BT_DBG("session %p param 0x%02x", session, param); 447 session->output_report_success = 0; /* default condition */ 448 449 switch (param) { 450 case HIDP_HSHK_SUCCESSFUL: 451 /* FIXME: Call into SET_ GET_ handlers here */ 452 session->output_report_success = 1; 453 break; 454 455 case HIDP_HSHK_NOT_READY: 456 case HIDP_HSHK_ERR_INVALID_REPORT_ID: 457 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST: 458 case HIDP_HSHK_ERR_INVALID_PARAMETER: 459 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) 460 wake_up_interruptible(&session->report_queue); 461 462 /* FIXME: Call into SET_ GET_ handlers here */ 463 break; 464 465 case HIDP_HSHK_ERR_UNKNOWN: 466 break; 467 468 case HIDP_HSHK_ERR_FATAL: 469 /* Device requests a reboot, as this is the only way this error 470 * can be recovered. */ 471 hidp_send_ctrl_message(session, 472 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0); 473 break; 474 475 default: 476 hidp_send_ctrl_message(session, 477 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 478 break; 479 } 480 481 /* Wake up the waiting thread. */ 482 if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) 483 wake_up_interruptible(&session->report_queue); 484 } 485 486 static void hidp_process_hid_control(struct hidp_session *session, 487 unsigned char param) 488 { 489 BT_DBG("session %p param 0x%02x", session, param); 490 491 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) { 492 /* Flush the transmit queues */ 493 skb_queue_purge(&session->ctrl_transmit); 494 skb_queue_purge(&session->intr_transmit); 495 496 hidp_session_terminate(session); 497 } 498 } 499 500 /* Returns true if the passed-in skb should be freed by the caller. */ 501 static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb, 502 unsigned char param) 503 { 504 int done_with_skb = 1; 505 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param); 506 507 switch (param) { 508 case HIDP_DATA_RTYPE_INPUT: 509 hidp_set_timer(session); 510 511 if (session->input) 512 hidp_input_report(session, skb); 513 514 if (session->hid) 515 hidp_process_report(session, HID_INPUT_REPORT, 516 skb->data, skb->len, 0); 517 break; 518 519 case HIDP_DATA_RTYPE_OTHER: 520 case HIDP_DATA_RTYPE_OUPUT: 521 case HIDP_DATA_RTYPE_FEATURE: 522 break; 523 524 default: 525 hidp_send_ctrl_message(session, 526 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 527 } 528 529 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) && 530 param == session->waiting_report_type) { 531 if (session->waiting_report_number < 0 || 532 session->waiting_report_number == skb->data[0]) { 533 /* hidp_get_raw_report() is waiting on this report. */ 534 session->report_return = skb; 535 done_with_skb = 0; 536 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 537 wake_up_interruptible(&session->report_queue); 538 } 539 } 540 541 return done_with_skb; 542 } 543 544 static void hidp_recv_ctrl_frame(struct hidp_session *session, 545 struct sk_buff *skb) 546 { 547 unsigned char hdr, type, param; 548 int free_skb = 1; 549 550 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 551 552 hdr = skb->data[0]; 553 skb_pull(skb, 1); 554 555 type = hdr & HIDP_HEADER_TRANS_MASK; 556 param = hdr & HIDP_HEADER_PARAM_MASK; 557 558 switch (type) { 559 case HIDP_TRANS_HANDSHAKE: 560 hidp_process_handshake(session, param); 561 break; 562 563 case HIDP_TRANS_HID_CONTROL: 564 hidp_process_hid_control(session, param); 565 break; 566 567 case HIDP_TRANS_DATA: 568 free_skb = hidp_process_data(session, skb, param); 569 break; 570 571 default: 572 hidp_send_ctrl_message(session, 573 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0); 574 break; 575 } 576 577 if (free_skb) 578 kfree_skb(skb); 579 } 580 581 static void hidp_recv_intr_frame(struct hidp_session *session, 582 struct sk_buff *skb) 583 { 584 unsigned char hdr; 585 586 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 587 588 hdr = skb->data[0]; 589 skb_pull(skb, 1); 590 591 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) { 592 hidp_set_timer(session); 593 594 if (session->input) 595 hidp_input_report(session, skb); 596 597 if (session->hid) { 598 hidp_process_report(session, HID_INPUT_REPORT, 599 skb->data, skb->len, 1); 600 BT_DBG("report len %d", skb->len); 601 } 602 } else { 603 BT_DBG("Unsupported protocol header 0x%02x", hdr); 604 } 605 606 kfree_skb(skb); 607 } 608 609 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len) 610 { 611 struct kvec iv = { data, len }; 612 struct msghdr msg; 613 614 BT_DBG("sock %p data %p len %d", sock, data, len); 615 616 if (!len) 617 return 0; 618 619 memset(&msg, 0, sizeof(msg)); 620 621 return kernel_sendmsg(sock, &msg, &iv, 1, len); 622 } 623 624 /* dequeue message from @transmit and send via @sock */ 625 static void hidp_process_transmit(struct hidp_session *session, 626 struct sk_buff_head *transmit, 627 struct socket *sock) 628 { 629 struct sk_buff *skb; 630 int ret; 631 632 BT_DBG("session %p", session); 633 634 while ((skb = skb_dequeue(transmit))) { 635 ret = hidp_send_frame(sock, skb->data, skb->len); 636 if (ret == -EAGAIN) { 637 skb_queue_head(transmit, skb); 638 break; 639 } else if (ret < 0) { 640 hidp_session_terminate(session); 641 kfree_skb(skb); 642 break; 643 } 644 645 hidp_set_timer(session); 646 kfree_skb(skb); 647 } 648 } 649 650 static int hidp_setup_input(struct hidp_session *session, 651 struct hidp_connadd_req *req) 652 { 653 struct input_dev *input; 654 int i; 655 656 input = input_allocate_device(); 657 if (!input) 658 return -ENOMEM; 659 660 session->input = input; 661 662 input_set_drvdata(input, session); 663 664 input->name = "Bluetooth HID Boot Protocol Device"; 665 666 input->id.bustype = BUS_BLUETOOTH; 667 input->id.vendor = req->vendor; 668 input->id.product = req->product; 669 input->id.version = req->version; 670 671 if (req->subclass & 0x40) { 672 set_bit(EV_KEY, input->evbit); 673 set_bit(EV_LED, input->evbit); 674 set_bit(EV_REP, input->evbit); 675 676 set_bit(LED_NUML, input->ledbit); 677 set_bit(LED_CAPSL, input->ledbit); 678 set_bit(LED_SCROLLL, input->ledbit); 679 set_bit(LED_COMPOSE, input->ledbit); 680 set_bit(LED_KANA, input->ledbit); 681 682 for (i = 0; i < sizeof(hidp_keycode); i++) 683 set_bit(hidp_keycode[i], input->keybit); 684 clear_bit(0, input->keybit); 685 } 686 687 if (req->subclass & 0x80) { 688 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL); 689 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) | 690 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE); 691 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y); 692 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) | 693 BIT_MASK(BTN_EXTRA); 694 input->relbit[0] |= BIT_MASK(REL_WHEEL); 695 } 696 697 input->dev.parent = &session->conn->hcon->dev; 698 699 input->event = hidp_input_event; 700 701 return 0; 702 } 703 704 static int hidp_open(struct hid_device *hid) 705 { 706 return 0; 707 } 708 709 static void hidp_close(struct hid_device *hid) 710 { 711 } 712 713 static int hidp_parse(struct hid_device *hid) 714 { 715 struct hidp_session *session = hid->driver_data; 716 717 return hid_parse_report(session->hid, session->rd_data, 718 session->rd_size); 719 } 720 721 static int hidp_start(struct hid_device *hid) 722 { 723 return 0; 724 } 725 726 static void hidp_stop(struct hid_device *hid) 727 { 728 struct hidp_session *session = hid->driver_data; 729 730 skb_queue_purge(&session->ctrl_transmit); 731 skb_queue_purge(&session->intr_transmit); 732 733 hid->claimed = 0; 734 } 735 736 static struct hid_ll_driver hidp_hid_driver = { 737 .parse = hidp_parse, 738 .start = hidp_start, 739 .stop = hidp_stop, 740 .open = hidp_open, 741 .close = hidp_close, 742 .hidinput_input_event = hidp_hidinput_event, 743 }; 744 745 /* This function sets up the hid device. It does not add it 746 to the HID system. That is done in hidp_add_connection(). */ 747 static int hidp_setup_hid(struct hidp_session *session, 748 struct hidp_connadd_req *req) 749 { 750 struct hid_device *hid; 751 int err; 752 753 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL); 754 if (!session->rd_data) 755 return -ENOMEM; 756 757 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) { 758 err = -EFAULT; 759 goto fault; 760 } 761 session->rd_size = req->rd_size; 762 763 hid = hid_allocate_device(); 764 if (IS_ERR(hid)) { 765 err = PTR_ERR(hid); 766 goto fault; 767 } 768 769 session->hid = hid; 770 771 hid->driver_data = session; 772 773 hid->bus = BUS_BLUETOOTH; 774 hid->vendor = req->vendor; 775 hid->product = req->product; 776 hid->version = req->version; 777 hid->country = req->country; 778 779 strncpy(hid->name, req->name, sizeof(req->name) - 1); 780 781 snprintf(hid->phys, sizeof(hid->phys), "%pMR", 782 &l2cap_pi(session->ctrl_sock->sk)->chan->src); 783 784 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR", 785 &l2cap_pi(session->ctrl_sock->sk)->chan->dst); 786 787 hid->dev.parent = &session->conn->hcon->dev; 788 hid->ll_driver = &hidp_hid_driver; 789 790 hid->hid_get_raw_report = hidp_get_raw_report; 791 hid->hid_output_raw_report = hidp_output_raw_report; 792 793 /* True if device is blacklisted in drivers/hid/hid-core.c */ 794 if (hid_ignore(hid)) { 795 hid_destroy_device(session->hid); 796 session->hid = NULL; 797 return -ENODEV; 798 } 799 800 return 0; 801 802 fault: 803 kfree(session->rd_data); 804 session->rd_data = NULL; 805 806 return err; 807 } 808 809 /* initialize session devices */ 810 static int hidp_session_dev_init(struct hidp_session *session, 811 struct hidp_connadd_req *req) 812 { 813 int ret; 814 815 if (req->rd_size > 0) { 816 ret = hidp_setup_hid(session, req); 817 if (ret && ret != -ENODEV) 818 return ret; 819 } 820 821 if (!session->hid) { 822 ret = hidp_setup_input(session, req); 823 if (ret < 0) 824 return ret; 825 } 826 827 return 0; 828 } 829 830 /* destroy session devices */ 831 static void hidp_session_dev_destroy(struct hidp_session *session) 832 { 833 if (session->hid) 834 put_device(&session->hid->dev); 835 else if (session->input) 836 input_put_device(session->input); 837 838 kfree(session->rd_data); 839 session->rd_data = NULL; 840 } 841 842 /* add HID/input devices to their underlying bus systems */ 843 static int hidp_session_dev_add(struct hidp_session *session) 844 { 845 int ret; 846 847 /* Both HID and input systems drop a ref-count when unregistering the 848 * device but they don't take a ref-count when registering them. Work 849 * around this by explicitly taking a refcount during registration 850 * which is dropped automatically by unregistering the devices. */ 851 852 if (session->hid) { 853 ret = hid_add_device(session->hid); 854 if (ret) 855 return ret; 856 get_device(&session->hid->dev); 857 } else if (session->input) { 858 ret = input_register_device(session->input); 859 if (ret) 860 return ret; 861 input_get_device(session->input); 862 } 863 864 return 0; 865 } 866 867 /* remove HID/input devices from their bus systems */ 868 static void hidp_session_dev_del(struct hidp_session *session) 869 { 870 if (session->hid) 871 hid_destroy_device(session->hid); 872 else if (session->input) 873 input_unregister_device(session->input); 874 } 875 876 /* 877 * Asynchronous device registration 878 * HID device drivers might want to perform I/O during initialization to 879 * detect device types. Therefore, call device registration in a separate 880 * worker so the HIDP thread can schedule I/O operations. 881 * Note that this must be called after the worker thread was initialized 882 * successfully. This will then add the devices and increase session state 883 * on success, otherwise it will terminate the session thread. 884 */ 885 static void hidp_session_dev_work(struct work_struct *work) 886 { 887 struct hidp_session *session = container_of(work, 888 struct hidp_session, 889 dev_init); 890 int ret; 891 892 ret = hidp_session_dev_add(session); 893 if (!ret) 894 atomic_inc(&session->state); 895 else 896 hidp_session_terminate(session); 897 } 898 899 /* 900 * Create new session object 901 * Allocate session object, initialize static fields, copy input data into the 902 * object and take a reference to all sub-objects. 903 * This returns 0 on success and puts a pointer to the new session object in 904 * \out. Otherwise, an error code is returned. 905 * The new session object has an initial ref-count of 1. 906 */ 907 static int hidp_session_new(struct hidp_session **out, const bdaddr_t *bdaddr, 908 struct socket *ctrl_sock, 909 struct socket *intr_sock, 910 struct hidp_connadd_req *req, 911 struct l2cap_conn *conn) 912 { 913 struct hidp_session *session; 914 int ret; 915 struct bt_sock *ctrl, *intr; 916 917 ctrl = bt_sk(ctrl_sock->sk); 918 intr = bt_sk(intr_sock->sk); 919 920 session = kzalloc(sizeof(*session), GFP_KERNEL); 921 if (!session) 922 return -ENOMEM; 923 924 /* object and runtime management */ 925 kref_init(&session->ref); 926 atomic_set(&session->state, HIDP_SESSION_IDLING); 927 init_waitqueue_head(&session->state_queue); 928 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID); 929 930 /* connection management */ 931 bacpy(&session->bdaddr, bdaddr); 932 session->conn = conn; 933 session->user.probe = hidp_session_probe; 934 session->user.remove = hidp_session_remove; 935 session->ctrl_sock = ctrl_sock; 936 session->intr_sock = intr_sock; 937 skb_queue_head_init(&session->ctrl_transmit); 938 skb_queue_head_init(&session->intr_transmit); 939 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl)->chan->omtu, 940 l2cap_pi(ctrl)->chan->imtu); 941 session->intr_mtu = min_t(uint, l2cap_pi(intr)->chan->omtu, 942 l2cap_pi(intr)->chan->imtu); 943 session->idle_to = req->idle_to; 944 945 /* device management */ 946 INIT_WORK(&session->dev_init, hidp_session_dev_work); 947 setup_timer(&session->timer, hidp_idle_timeout, 948 (unsigned long)session); 949 950 /* session data */ 951 mutex_init(&session->report_mutex); 952 init_waitqueue_head(&session->report_queue); 953 954 ret = hidp_session_dev_init(session, req); 955 if (ret) 956 goto err_free; 957 958 l2cap_conn_get(session->conn); 959 get_file(session->intr_sock->file); 960 get_file(session->ctrl_sock->file); 961 *out = session; 962 return 0; 963 964 err_free: 965 kfree(session); 966 return ret; 967 } 968 969 /* increase ref-count of the given session by one */ 970 static void hidp_session_get(struct hidp_session *session) 971 { 972 kref_get(&session->ref); 973 } 974 975 /* release callback */ 976 static void session_free(struct kref *ref) 977 { 978 struct hidp_session *session = container_of(ref, struct hidp_session, 979 ref); 980 981 hidp_session_dev_destroy(session); 982 skb_queue_purge(&session->ctrl_transmit); 983 skb_queue_purge(&session->intr_transmit); 984 fput(session->intr_sock->file); 985 fput(session->ctrl_sock->file); 986 l2cap_conn_put(session->conn); 987 kfree(session); 988 } 989 990 /* decrease ref-count of the given session by one */ 991 static void hidp_session_put(struct hidp_session *session) 992 { 993 kref_put(&session->ref, session_free); 994 } 995 996 /* 997 * Search the list of active sessions for a session with target address 998 * \bdaddr. You must hold at least a read-lock on \hidp_session_sem. As long as 999 * you do not release this lock, the session objects cannot vanish and you can 1000 * safely take a reference to the session yourself. 1001 */ 1002 static struct hidp_session *__hidp_session_find(const bdaddr_t *bdaddr) 1003 { 1004 struct hidp_session *session; 1005 1006 list_for_each_entry(session, &hidp_session_list, list) { 1007 if (!bacmp(bdaddr, &session->bdaddr)) 1008 return session; 1009 } 1010 1011 return NULL; 1012 } 1013 1014 /* 1015 * Same as __hidp_session_find() but no locks must be held. This also takes a 1016 * reference of the returned session (if non-NULL) so you must drop this 1017 * reference if you no longer use the object. 1018 */ 1019 static struct hidp_session *hidp_session_find(const bdaddr_t *bdaddr) 1020 { 1021 struct hidp_session *session; 1022 1023 down_read(&hidp_session_sem); 1024 1025 session = __hidp_session_find(bdaddr); 1026 if (session) 1027 hidp_session_get(session); 1028 1029 up_read(&hidp_session_sem); 1030 1031 return session; 1032 } 1033 1034 /* 1035 * Start session synchronously 1036 * This starts a session thread and waits until initialization 1037 * is done or returns an error if it couldn't be started. 1038 * If this returns 0 the session thread is up and running. You must call 1039 * hipd_session_stop_sync() before deleting any runtime resources. 1040 */ 1041 static int hidp_session_start_sync(struct hidp_session *session) 1042 { 1043 unsigned int vendor, product; 1044 1045 if (session->hid) { 1046 vendor = session->hid->vendor; 1047 product = session->hid->product; 1048 } else if (session->input) { 1049 vendor = session->input->id.vendor; 1050 product = session->input->id.product; 1051 } else { 1052 vendor = 0x0000; 1053 product = 0x0000; 1054 } 1055 1056 session->task = kthread_run(hidp_session_thread, session, 1057 "khidpd_%04x%04x", vendor, product); 1058 if (IS_ERR(session->task)) 1059 return PTR_ERR(session->task); 1060 1061 while (atomic_read(&session->state) <= HIDP_SESSION_IDLING) 1062 wait_event(session->state_queue, 1063 atomic_read(&session->state) > HIDP_SESSION_IDLING); 1064 1065 return 0; 1066 } 1067 1068 /* 1069 * Terminate session thread 1070 * Wake up session thread and notify it to stop. This is asynchronous and 1071 * returns immediately. Call this whenever a runtime error occurs and you want 1072 * the session to stop. 1073 * Note: wake_up_process() performs any necessary memory-barriers for us. 1074 */ 1075 static void hidp_session_terminate(struct hidp_session *session) 1076 { 1077 atomic_inc(&session->terminate); 1078 wake_up_process(session->task); 1079 } 1080 1081 /* 1082 * Probe HIDP session 1083 * This is called from the l2cap_conn core when our l2cap_user object is bound 1084 * to the hci-connection. We get the session via the \user object and can now 1085 * start the session thread, link it into the global session list and 1086 * schedule HID/input device registration. 1087 * The global session-list owns its own reference to the session object so you 1088 * can drop your own reference after registering the l2cap_user object. 1089 */ 1090 static int hidp_session_probe(struct l2cap_conn *conn, 1091 struct l2cap_user *user) 1092 { 1093 struct hidp_session *session = container_of(user, 1094 struct hidp_session, 1095 user); 1096 struct hidp_session *s; 1097 int ret; 1098 1099 down_write(&hidp_session_sem); 1100 1101 /* check that no other session for this device exists */ 1102 s = __hidp_session_find(&session->bdaddr); 1103 if (s) { 1104 ret = -EEXIST; 1105 goto out_unlock; 1106 } 1107 1108 if (session->input) { 1109 ret = hidp_session_dev_add(session); 1110 if (ret) 1111 goto out_unlock; 1112 } 1113 1114 ret = hidp_session_start_sync(session); 1115 if (ret) 1116 goto out_del; 1117 1118 /* HID device registration is async to allow I/O during probe */ 1119 if (session->input) 1120 atomic_inc(&session->state); 1121 else 1122 schedule_work(&session->dev_init); 1123 1124 hidp_session_get(session); 1125 list_add(&session->list, &hidp_session_list); 1126 ret = 0; 1127 goto out_unlock; 1128 1129 out_del: 1130 if (session->input) 1131 hidp_session_dev_del(session); 1132 out_unlock: 1133 up_write(&hidp_session_sem); 1134 return ret; 1135 } 1136 1137 /* 1138 * Remove HIDP session 1139 * Called from the l2cap_conn core when either we explicitly unregistered 1140 * the l2cap_user object or if the underlying connection is shut down. 1141 * We signal the hidp-session thread to shut down, unregister the HID/input 1142 * devices and unlink the session from the global list. 1143 * This drops the reference to the session that is owned by the global 1144 * session-list. 1145 * Note: We _must_ not synchronosly wait for the session-thread to shut down. 1146 * This is, because the session-thread might be waiting for an HCI lock that is 1147 * held while we are called. Therefore, we only unregister the devices and 1148 * notify the session-thread to terminate. The thread itself owns a reference 1149 * to the session object so it can safely shut down. 1150 */ 1151 static void hidp_session_remove(struct l2cap_conn *conn, 1152 struct l2cap_user *user) 1153 { 1154 struct hidp_session *session = container_of(user, 1155 struct hidp_session, 1156 user); 1157 1158 down_write(&hidp_session_sem); 1159 1160 hidp_session_terminate(session); 1161 1162 cancel_work_sync(&session->dev_init); 1163 if (session->input || 1164 atomic_read(&session->state) > HIDP_SESSION_PREPARING) 1165 hidp_session_dev_del(session); 1166 1167 list_del(&session->list); 1168 1169 up_write(&hidp_session_sem); 1170 1171 hidp_session_put(session); 1172 } 1173 1174 /* 1175 * Session Worker 1176 * This performs the actual main-loop of the HIDP worker. We first check 1177 * whether the underlying connection is still alive, then parse all pending 1178 * messages and finally send all outstanding messages. 1179 */ 1180 static void hidp_session_run(struct hidp_session *session) 1181 { 1182 struct sock *ctrl_sk = session->ctrl_sock->sk; 1183 struct sock *intr_sk = session->intr_sock->sk; 1184 struct sk_buff *skb; 1185 1186 for (;;) { 1187 /* 1188 * This thread can be woken up two ways: 1189 * - You call hidp_session_terminate() which sets the 1190 * session->terminate flag and wakes this thread up. 1191 * - Via modifying the socket state of ctrl/intr_sock. This 1192 * thread is woken up by ->sk_state_changed(). 1193 * 1194 * Note: set_current_state() performs any necessary 1195 * memory-barriers for us. 1196 */ 1197 set_current_state(TASK_INTERRUPTIBLE); 1198 1199 if (atomic_read(&session->terminate)) 1200 break; 1201 1202 if (ctrl_sk->sk_state != BT_CONNECTED || 1203 intr_sk->sk_state != BT_CONNECTED) 1204 break; 1205 1206 /* parse incoming intr-skbs */ 1207 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) { 1208 skb_orphan(skb); 1209 if (!skb_linearize(skb)) 1210 hidp_recv_intr_frame(session, skb); 1211 else 1212 kfree_skb(skb); 1213 } 1214 1215 /* send pending intr-skbs */ 1216 hidp_process_transmit(session, &session->intr_transmit, 1217 session->intr_sock); 1218 1219 /* parse incoming ctrl-skbs */ 1220 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) { 1221 skb_orphan(skb); 1222 if (!skb_linearize(skb)) 1223 hidp_recv_ctrl_frame(session, skb); 1224 else 1225 kfree_skb(skb); 1226 } 1227 1228 /* send pending ctrl-skbs */ 1229 hidp_process_transmit(session, &session->ctrl_transmit, 1230 session->ctrl_sock); 1231 1232 schedule(); 1233 } 1234 1235 atomic_inc(&session->terminate); 1236 set_current_state(TASK_RUNNING); 1237 } 1238 1239 /* 1240 * HIDP session thread 1241 * This thread runs the I/O for a single HIDP session. Startup is synchronous 1242 * which allows us to take references to ourself here instead of doing that in 1243 * the caller. 1244 * When we are ready to run we notify the caller and call hidp_session_run(). 1245 */ 1246 static int hidp_session_thread(void *arg) 1247 { 1248 struct hidp_session *session = arg; 1249 wait_queue_t ctrl_wait, intr_wait; 1250 1251 BT_DBG("session %p", session); 1252 1253 /* initialize runtime environment */ 1254 hidp_session_get(session); 1255 __module_get(THIS_MODULE); 1256 set_user_nice(current, -15); 1257 hidp_set_timer(session); 1258 1259 init_waitqueue_entry(&ctrl_wait, current); 1260 init_waitqueue_entry(&intr_wait, current); 1261 add_wait_queue(sk_sleep(session->ctrl_sock->sk), &ctrl_wait); 1262 add_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait); 1263 /* This memory barrier is paired with wq_has_sleeper(). See 1264 * sock_poll_wait() for more information why this is needed. */ 1265 smp_mb(); 1266 1267 /* notify synchronous startup that we're ready */ 1268 atomic_inc(&session->state); 1269 wake_up(&session->state_queue); 1270 1271 /* run session */ 1272 hidp_session_run(session); 1273 1274 /* cleanup runtime environment */ 1275 remove_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait); 1276 remove_wait_queue(sk_sleep(session->intr_sock->sk), &ctrl_wait); 1277 wake_up_interruptible(&session->report_queue); 1278 hidp_del_timer(session); 1279 1280 /* 1281 * If we stopped ourself due to any internal signal, we should try to 1282 * unregister our own session here to avoid having it linger until the 1283 * parent l2cap_conn dies or user-space cleans it up. 1284 * This does not deadlock as we don't do any synchronous shutdown. 1285 * Instead, this call has the same semantics as if user-space tried to 1286 * delete the session. 1287 */ 1288 l2cap_unregister_user(session->conn, &session->user); 1289 hidp_session_put(session); 1290 1291 module_put_and_exit(0); 1292 return 0; 1293 } 1294 1295 static int hidp_verify_sockets(struct socket *ctrl_sock, 1296 struct socket *intr_sock) 1297 { 1298 struct l2cap_chan *ctrl_chan, *intr_chan; 1299 struct bt_sock *ctrl, *intr; 1300 struct hidp_session *session; 1301 1302 if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock)) 1303 return -EINVAL; 1304 1305 ctrl_chan = l2cap_pi(ctrl_sock->sk)->chan; 1306 intr_chan = l2cap_pi(intr_sock->sk)->chan; 1307 1308 if (bacmp(&ctrl_chan->src, &intr_chan->src) || 1309 bacmp(&ctrl_chan->dst, &intr_chan->dst)) 1310 return -ENOTUNIQ; 1311 1312 ctrl = bt_sk(ctrl_sock->sk); 1313 intr = bt_sk(intr_sock->sk); 1314 1315 if (ctrl->sk.sk_state != BT_CONNECTED || 1316 intr->sk.sk_state != BT_CONNECTED) 1317 return -EBADFD; 1318 1319 /* early session check, we check again during session registration */ 1320 session = hidp_session_find(&ctrl_chan->dst); 1321 if (session) { 1322 hidp_session_put(session); 1323 return -EEXIST; 1324 } 1325 1326 return 0; 1327 } 1328 1329 int hidp_connection_add(struct hidp_connadd_req *req, 1330 struct socket *ctrl_sock, 1331 struct socket *intr_sock) 1332 { 1333 struct hidp_session *session; 1334 struct l2cap_conn *conn; 1335 struct l2cap_chan *chan = l2cap_pi(ctrl_sock->sk)->chan; 1336 int ret; 1337 1338 ret = hidp_verify_sockets(ctrl_sock, intr_sock); 1339 if (ret) 1340 return ret; 1341 1342 conn = NULL; 1343 l2cap_chan_lock(chan); 1344 if (chan->conn) { 1345 l2cap_conn_get(chan->conn); 1346 conn = chan->conn; 1347 } 1348 l2cap_chan_unlock(chan); 1349 1350 if (!conn) 1351 return -EBADFD; 1352 1353 ret = hidp_session_new(&session, &chan->dst, ctrl_sock, 1354 intr_sock, req, conn); 1355 if (ret) 1356 goto out_conn; 1357 1358 ret = l2cap_register_user(conn, &session->user); 1359 if (ret) 1360 goto out_session; 1361 1362 ret = 0; 1363 1364 out_session: 1365 hidp_session_put(session); 1366 out_conn: 1367 l2cap_conn_put(conn); 1368 return ret; 1369 } 1370 1371 int hidp_connection_del(struct hidp_conndel_req *req) 1372 { 1373 struct hidp_session *session; 1374 1375 session = hidp_session_find(&req->bdaddr); 1376 if (!session) 1377 return -ENOENT; 1378 1379 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) 1380 hidp_send_ctrl_message(session, 1381 HIDP_TRANS_HID_CONTROL | 1382 HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, 1383 NULL, 0); 1384 else 1385 l2cap_unregister_user(session->conn, &session->user); 1386 1387 hidp_session_put(session); 1388 1389 return 0; 1390 } 1391 1392 int hidp_get_connlist(struct hidp_connlist_req *req) 1393 { 1394 struct hidp_session *session; 1395 int err = 0, n = 0; 1396 1397 BT_DBG(""); 1398 1399 down_read(&hidp_session_sem); 1400 1401 list_for_each_entry(session, &hidp_session_list, list) { 1402 struct hidp_conninfo ci; 1403 1404 hidp_copy_session(session, &ci); 1405 1406 if (copy_to_user(req->ci, &ci, sizeof(ci))) { 1407 err = -EFAULT; 1408 break; 1409 } 1410 1411 if (++n >= req->cnum) 1412 break; 1413 1414 req->ci++; 1415 } 1416 req->cnum = n; 1417 1418 up_read(&hidp_session_sem); 1419 return err; 1420 } 1421 1422 int hidp_get_conninfo(struct hidp_conninfo *ci) 1423 { 1424 struct hidp_session *session; 1425 1426 session = hidp_session_find(&ci->bdaddr); 1427 if (session) { 1428 hidp_copy_session(session, ci); 1429 hidp_session_put(session); 1430 } 1431 1432 return session ? 0 : -ENOENT; 1433 } 1434 1435 static int __init hidp_init(void) 1436 { 1437 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION); 1438 1439 return hidp_init_sockets(); 1440 } 1441 1442 static void __exit hidp_exit(void) 1443 { 1444 hidp_cleanup_sockets(); 1445 } 1446 1447 module_init(hidp_init); 1448 module_exit(hidp_exit); 1449 1450 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 1451 MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>"); 1452 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION); 1453 MODULE_VERSION(VERSION); 1454 MODULE_LICENSE("GPL"); 1455 MODULE_ALIAS("bt-proto-6"); 1456