xref: /openbmc/linux/net/bluetooth/hidp/core.c (revision b6dcefde)
1 /*
2    HIDP implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4 
5    This program is free software; you can redistribute it and/or modify
6    it under the terms of the GNU General Public License version 2 as
7    published by the Free Software Foundation;
8 
9    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 
18    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20    SOFTWARE IS DISCLAIMED.
21 */
22 
23 #include <linux/module.h>
24 
25 #include <linux/types.h>
26 #include <linux/errno.h>
27 #include <linux/kernel.h>
28 #include <linux/sched.h>
29 #include <linux/slab.h>
30 #include <linux/poll.h>
31 #include <linux/freezer.h>
32 #include <linux/fcntl.h>
33 #include <linux/skbuff.h>
34 #include <linux/socket.h>
35 #include <linux/ioctl.h>
36 #include <linux/file.h>
37 #include <linux/init.h>
38 #include <linux/wait.h>
39 #include <net/sock.h>
40 
41 #include <linux/input.h>
42 #include <linux/hid.h>
43 #include <linux/hidraw.h>
44 
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
47 #include <net/bluetooth/l2cap.h>
48 
49 #include "hidp.h"
50 
51 #define VERSION "1.2"
52 
53 static DECLARE_RWSEM(hidp_session_sem);
54 static LIST_HEAD(hidp_session_list);
55 
56 static unsigned char hidp_keycode[256] = {
57 	  0,  0,  0,  0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 37, 38,
58 	 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 21, 44,  2,  3,
59 	  4,  5,  6,  7,  8,  9, 10, 11, 28,  1, 14, 15, 57, 12, 13, 26,
60 	 27, 43, 43, 39, 40, 41, 51, 52, 53, 58, 59, 60, 61, 62, 63, 64,
61 	 65, 66, 67, 68, 87, 88, 99, 70,119,110,102,104,111,107,109,106,
62 	105,108,103, 69, 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71,
63 	 72, 73, 82, 83, 86,127,116,117,183,184,185,186,187,188,189,190,
64 	191,192,193,194,134,138,130,132,128,129,131,137,133,135,136,113,
65 	115,114,  0,  0,  0,121,  0, 89, 93,124, 92, 94, 95,  0,  0,  0,
66 	122,123, 90, 91, 85,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
67 	  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
68 	  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
69 	  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
70 	  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,
71 	 29, 42, 56,125, 97, 54,100,126,164,166,165,163,161,115,114,113,
72 	150,158,159,128,136,177,178,176,142,152,173,140
73 };
74 
75 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
76 
77 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
78 {
79 	struct hidp_session *session;
80 	struct list_head *p;
81 
82 	BT_DBG("");
83 
84 	list_for_each(p, &hidp_session_list) {
85 		session = list_entry(p, struct hidp_session, list);
86 		if (!bacmp(bdaddr, &session->bdaddr))
87 			return session;
88 	}
89 	return NULL;
90 }
91 
92 static void __hidp_link_session(struct hidp_session *session)
93 {
94 	__module_get(THIS_MODULE);
95 	list_add(&session->list, &hidp_session_list);
96 
97 	hci_conn_hold_device(session->conn);
98 }
99 
100 static void __hidp_unlink_session(struct hidp_session *session)
101 {
102 	hci_conn_put_device(session->conn);
103 
104 	list_del(&session->list);
105 	module_put(THIS_MODULE);
106 }
107 
108 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
109 {
110 	bacpy(&ci->bdaddr, &session->bdaddr);
111 
112 	ci->flags = session->flags;
113 	ci->state = session->state;
114 
115 	ci->vendor  = 0x0000;
116 	ci->product = 0x0000;
117 	ci->version = 0x0000;
118 	memset(ci->name, 0, 128);
119 
120 	if (session->input) {
121 		ci->vendor  = session->input->id.vendor;
122 		ci->product = session->input->id.product;
123 		ci->version = session->input->id.version;
124 		if (session->input->name)
125 			strncpy(ci->name, session->input->name, 128);
126 		else
127 			strncpy(ci->name, "HID Boot Device", 128);
128 	}
129 
130 	if (session->hid) {
131 		ci->vendor  = session->hid->vendor;
132 		ci->product = session->hid->product;
133 		ci->version = session->hid->version;
134 		strncpy(ci->name, session->hid->name, 128);
135 	}
136 }
137 
138 static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
139 				unsigned int type, unsigned int code, int value)
140 {
141 	unsigned char newleds;
142 	struct sk_buff *skb;
143 
144 	BT_DBG("session %p type %d code %d value %d", session, type, code, value);
145 
146 	if (type != EV_LED)
147 		return -1;
148 
149 	newleds = (!!test_bit(LED_KANA,    dev->led) << 3) |
150 		  (!!test_bit(LED_COMPOSE, dev->led) << 3) |
151 		  (!!test_bit(LED_SCROLLL, dev->led) << 2) |
152 		  (!!test_bit(LED_CAPSL,   dev->led) << 1) |
153 		  (!!test_bit(LED_NUML,    dev->led));
154 
155 	if (session->leds == newleds)
156 		return 0;
157 
158 	session->leds = newleds;
159 
160 	if (!(skb = alloc_skb(3, GFP_ATOMIC))) {
161 		BT_ERR("Can't allocate memory for new frame");
162 		return -ENOMEM;
163 	}
164 
165 	*skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
166 	*skb_put(skb, 1) = 0x01;
167 	*skb_put(skb, 1) = newleds;
168 
169 	skb_queue_tail(&session->intr_transmit, skb);
170 
171 	hidp_schedule(session);
172 
173 	return 0;
174 }
175 
176 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
177 {
178 	struct hid_device *hid = input_get_drvdata(dev);
179 	struct hidp_session *session = hid->driver_data;
180 
181 	return hidp_queue_event(session, dev, type, code, value);
182 }
183 
184 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
185 {
186 	struct hidp_session *session = input_get_drvdata(dev);
187 
188 	return hidp_queue_event(session, dev, type, code, value);
189 }
190 
191 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
192 {
193 	struct input_dev *dev = session->input;
194 	unsigned char *keys = session->keys;
195 	unsigned char *udata = skb->data + 1;
196 	signed char *sdata = skb->data + 1;
197 	int i, size = skb->len - 1;
198 
199 	switch (skb->data[0]) {
200 	case 0x01:	/* Keyboard report */
201 		for (i = 0; i < 8; i++)
202 			input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
203 
204 		/* If all the key codes have been set to 0x01, it means
205 		 * too many keys were pressed at the same time. */
206 		if (!memcmp(udata + 2, hidp_mkeyspat, 6))
207 			break;
208 
209 		for (i = 2; i < 8; i++) {
210 			if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
211 				if (hidp_keycode[keys[i]])
212 					input_report_key(dev, hidp_keycode[keys[i]], 0);
213 				else
214 					BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
215 			}
216 
217 			if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
218 				if (hidp_keycode[udata[i]])
219 					input_report_key(dev, hidp_keycode[udata[i]], 1);
220 				else
221 					BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
222 			}
223 		}
224 
225 		memcpy(keys, udata, 8);
226 		break;
227 
228 	case 0x02:	/* Mouse report */
229 		input_report_key(dev, BTN_LEFT,   sdata[0] & 0x01);
230 		input_report_key(dev, BTN_RIGHT,  sdata[0] & 0x02);
231 		input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
232 		input_report_key(dev, BTN_SIDE,   sdata[0] & 0x08);
233 		input_report_key(dev, BTN_EXTRA,  sdata[0] & 0x10);
234 
235 		input_report_rel(dev, REL_X, sdata[1]);
236 		input_report_rel(dev, REL_Y, sdata[2]);
237 
238 		if (size > 3)
239 			input_report_rel(dev, REL_WHEEL, sdata[3]);
240 		break;
241 	}
242 
243 	input_sync(dev);
244 }
245 
246 static int __hidp_send_ctrl_message(struct hidp_session *session,
247 			unsigned char hdr, unsigned char *data, int size)
248 {
249 	struct sk_buff *skb;
250 
251 	BT_DBG("session %p data %p size %d", session, data, size);
252 
253 	if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
254 		BT_ERR("Can't allocate memory for new frame");
255 		return -ENOMEM;
256 	}
257 
258 	*skb_put(skb, 1) = hdr;
259 	if (data && size > 0)
260 		memcpy(skb_put(skb, size), data, size);
261 
262 	skb_queue_tail(&session->ctrl_transmit, skb);
263 
264 	return 0;
265 }
266 
267 static inline int hidp_send_ctrl_message(struct hidp_session *session,
268 			unsigned char hdr, unsigned char *data, int size)
269 {
270 	int err;
271 
272 	err = __hidp_send_ctrl_message(session, hdr, data, size);
273 
274 	hidp_schedule(session);
275 
276 	return err;
277 }
278 
279 static int hidp_queue_report(struct hidp_session *session,
280 				unsigned char *data, int size)
281 {
282 	struct sk_buff *skb;
283 
284 	BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
285 
286 	if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
287 		BT_ERR("Can't allocate memory for new frame");
288 		return -ENOMEM;
289 	}
290 
291 	*skb_put(skb, 1) = 0xa2;
292 	if (size > 0)
293 		memcpy(skb_put(skb, size), data, size);
294 
295 	skb_queue_tail(&session->intr_transmit, skb);
296 
297 	hidp_schedule(session);
298 
299 	return 0;
300 }
301 
302 static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
303 {
304 	unsigned char buf[32];
305 	int rsize;
306 
307 	rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
308 	if (rsize > sizeof(buf))
309 		return -EIO;
310 
311 	hid_output_report(report, buf);
312 
313 	return hidp_queue_report(session, buf, rsize);
314 }
315 
316 static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count)
317 {
318 	if (hidp_send_ctrl_message(hid->driver_data,
319 			HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE,
320 			data, count))
321 		return -ENOMEM;
322 	return count;
323 }
324 
325 static void hidp_idle_timeout(unsigned long arg)
326 {
327 	struct hidp_session *session = (struct hidp_session *) arg;
328 
329 	atomic_inc(&session->terminate);
330 	hidp_schedule(session);
331 }
332 
333 static void hidp_set_timer(struct hidp_session *session)
334 {
335 	if (session->idle_to > 0)
336 		mod_timer(&session->timer, jiffies + HZ * session->idle_to);
337 }
338 
339 static inline void hidp_del_timer(struct hidp_session *session)
340 {
341 	if (session->idle_to > 0)
342 		del_timer(&session->timer);
343 }
344 
345 static void hidp_process_handshake(struct hidp_session *session,
346 					unsigned char param)
347 {
348 	BT_DBG("session %p param 0x%02x", session, param);
349 
350 	switch (param) {
351 	case HIDP_HSHK_SUCCESSFUL:
352 		/* FIXME: Call into SET_ GET_ handlers here */
353 		break;
354 
355 	case HIDP_HSHK_NOT_READY:
356 	case HIDP_HSHK_ERR_INVALID_REPORT_ID:
357 	case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
358 	case HIDP_HSHK_ERR_INVALID_PARAMETER:
359 		/* FIXME: Call into SET_ GET_ handlers here */
360 		break;
361 
362 	case HIDP_HSHK_ERR_UNKNOWN:
363 		break;
364 
365 	case HIDP_HSHK_ERR_FATAL:
366 		/* Device requests a reboot, as this is the only way this error
367 		 * can be recovered. */
368 		__hidp_send_ctrl_message(session,
369 			HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
370 		break;
371 
372 	default:
373 		__hidp_send_ctrl_message(session,
374 			HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
375 		break;
376 	}
377 }
378 
379 static void hidp_process_hid_control(struct hidp_session *session,
380 					unsigned char param)
381 {
382 	BT_DBG("session %p param 0x%02x", session, param);
383 
384 	if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
385 		/* Flush the transmit queues */
386 		skb_queue_purge(&session->ctrl_transmit);
387 		skb_queue_purge(&session->intr_transmit);
388 
389 		/* Kill session thread */
390 		atomic_inc(&session->terminate);
391 		hidp_schedule(session);
392 	}
393 }
394 
395 static void hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
396 				unsigned char param)
397 {
398 	BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
399 
400 	switch (param) {
401 	case HIDP_DATA_RTYPE_INPUT:
402 		hidp_set_timer(session);
403 
404 		if (session->input)
405 			hidp_input_report(session, skb);
406 
407 		if (session->hid)
408 			hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
409 
410 		break;
411 
412 	case HIDP_DATA_RTYPE_OTHER:
413 	case HIDP_DATA_RTYPE_OUPUT:
414 	case HIDP_DATA_RTYPE_FEATURE:
415 		break;
416 
417 	default:
418 		__hidp_send_ctrl_message(session,
419 			HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
420 	}
421 }
422 
423 static void hidp_recv_ctrl_frame(struct hidp_session *session,
424 					struct sk_buff *skb)
425 {
426 	unsigned char hdr, type, param;
427 
428 	BT_DBG("session %p skb %p len %d", session, skb, skb->len);
429 
430 	hdr = skb->data[0];
431 	skb_pull(skb, 1);
432 
433 	type = hdr & HIDP_HEADER_TRANS_MASK;
434 	param = hdr & HIDP_HEADER_PARAM_MASK;
435 
436 	switch (type) {
437 	case HIDP_TRANS_HANDSHAKE:
438 		hidp_process_handshake(session, param);
439 		break;
440 
441 	case HIDP_TRANS_HID_CONTROL:
442 		hidp_process_hid_control(session, param);
443 		break;
444 
445 	case HIDP_TRANS_DATA:
446 		hidp_process_data(session, skb, param);
447 		break;
448 
449 	default:
450 		__hidp_send_ctrl_message(session,
451 			HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
452 		break;
453 	}
454 
455 	kfree_skb(skb);
456 }
457 
458 static void hidp_recv_intr_frame(struct hidp_session *session,
459 				struct sk_buff *skb)
460 {
461 	unsigned char hdr;
462 
463 	BT_DBG("session %p skb %p len %d", session, skb, skb->len);
464 
465 	hdr = skb->data[0];
466 	skb_pull(skb, 1);
467 
468 	if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
469 		hidp_set_timer(session);
470 
471 		if (session->input)
472 			hidp_input_report(session, skb);
473 
474 		if (session->hid) {
475 			hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
476 			BT_DBG("report len %d", skb->len);
477 		}
478 	} else {
479 		BT_DBG("Unsupported protocol header 0x%02x", hdr);
480 	}
481 
482 	kfree_skb(skb);
483 }
484 
485 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
486 {
487 	struct kvec iv = { data, len };
488 	struct msghdr msg;
489 
490 	BT_DBG("sock %p data %p len %d", sock, data, len);
491 
492 	if (!len)
493 		return 0;
494 
495 	memset(&msg, 0, sizeof(msg));
496 
497 	return kernel_sendmsg(sock, &msg, &iv, 1, len);
498 }
499 
500 static void hidp_process_transmit(struct hidp_session *session)
501 {
502 	struct sk_buff *skb;
503 
504 	BT_DBG("session %p", session);
505 
506 	while ((skb = skb_dequeue(&session->ctrl_transmit))) {
507 		if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
508 			skb_queue_head(&session->ctrl_transmit, skb);
509 			break;
510 		}
511 
512 		hidp_set_timer(session);
513 		kfree_skb(skb);
514 	}
515 
516 	while ((skb = skb_dequeue(&session->intr_transmit))) {
517 		if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
518 			skb_queue_head(&session->intr_transmit, skb);
519 			break;
520 		}
521 
522 		hidp_set_timer(session);
523 		kfree_skb(skb);
524 	}
525 }
526 
527 static int hidp_session(void *arg)
528 {
529 	struct hidp_session *session = arg;
530 	struct sock *ctrl_sk = session->ctrl_sock->sk;
531 	struct sock *intr_sk = session->intr_sock->sk;
532 	struct sk_buff *skb;
533 	int vendor = 0x0000, product = 0x0000;
534 	wait_queue_t ctrl_wait, intr_wait;
535 
536 	BT_DBG("session %p", session);
537 
538 	if (session->input) {
539 		vendor  = session->input->id.vendor;
540 		product = session->input->id.product;
541 	}
542 
543 	if (session->hid) {
544 		vendor  = session->hid->vendor;
545 		product = session->hid->product;
546 	}
547 
548 	daemonize("khidpd_%04x%04x", vendor, product);
549 	set_user_nice(current, -15);
550 
551 	init_waitqueue_entry(&ctrl_wait, current);
552 	init_waitqueue_entry(&intr_wait, current);
553 	add_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
554 	add_wait_queue(intr_sk->sk_sleep, &intr_wait);
555 	while (!atomic_read(&session->terminate)) {
556 		set_current_state(TASK_INTERRUPTIBLE);
557 
558 		if (ctrl_sk->sk_state != BT_CONNECTED || intr_sk->sk_state != BT_CONNECTED)
559 			break;
560 
561 		while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
562 			skb_orphan(skb);
563 			hidp_recv_ctrl_frame(session, skb);
564 		}
565 
566 		while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
567 			skb_orphan(skb);
568 			hidp_recv_intr_frame(session, skb);
569 		}
570 
571 		hidp_process_transmit(session);
572 
573 		schedule();
574 	}
575 	set_current_state(TASK_RUNNING);
576 	remove_wait_queue(intr_sk->sk_sleep, &intr_wait);
577 	remove_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
578 
579 	down_write(&hidp_session_sem);
580 
581 	hidp_del_timer(session);
582 
583 	if (session->input) {
584 		input_unregister_device(session->input);
585 		session->input = NULL;
586 	}
587 
588 	if (session->hid) {
589 		hid_destroy_device(session->hid);
590 		session->hid = NULL;
591 	}
592 
593 	/* Wakeup user-space polling for socket errors */
594 	session->intr_sock->sk->sk_err = EUNATCH;
595 	session->ctrl_sock->sk->sk_err = EUNATCH;
596 
597 	hidp_schedule(session);
598 
599 	fput(session->intr_sock->file);
600 
601 	wait_event_timeout(*(ctrl_sk->sk_sleep),
602 		(ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
603 
604 	fput(session->ctrl_sock->file);
605 
606 	__hidp_unlink_session(session);
607 
608 	up_write(&hidp_session_sem);
609 
610 	kfree(session);
611 	return 0;
612 }
613 
614 static struct device *hidp_get_device(struct hidp_session *session)
615 {
616 	bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
617 	bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
618 	struct device *device = NULL;
619 	struct hci_dev *hdev;
620 
621 	hdev = hci_get_route(dst, src);
622 	if (!hdev)
623 		return NULL;
624 
625 	session->conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
626 	if (session->conn)
627 		device = &session->conn->dev;
628 
629 	hci_dev_put(hdev);
630 
631 	return device;
632 }
633 
634 static int hidp_setup_input(struct hidp_session *session,
635 				struct hidp_connadd_req *req)
636 {
637 	struct input_dev *input;
638 	int err, i;
639 
640 	input = input_allocate_device();
641 	if (!input)
642 		return -ENOMEM;
643 
644 	session->input = input;
645 
646 	input_set_drvdata(input, session);
647 
648 	input->name = "Bluetooth HID Boot Protocol Device";
649 
650 	input->id.bustype = BUS_BLUETOOTH;
651 	input->id.vendor  = req->vendor;
652 	input->id.product = req->product;
653 	input->id.version = req->version;
654 
655 	if (req->subclass & 0x40) {
656 		set_bit(EV_KEY, input->evbit);
657 		set_bit(EV_LED, input->evbit);
658 		set_bit(EV_REP, input->evbit);
659 
660 		set_bit(LED_NUML,    input->ledbit);
661 		set_bit(LED_CAPSL,   input->ledbit);
662 		set_bit(LED_SCROLLL, input->ledbit);
663 		set_bit(LED_COMPOSE, input->ledbit);
664 		set_bit(LED_KANA,    input->ledbit);
665 
666 		for (i = 0; i < sizeof(hidp_keycode); i++)
667 			set_bit(hidp_keycode[i], input->keybit);
668 		clear_bit(0, input->keybit);
669 	}
670 
671 	if (req->subclass & 0x80) {
672 		input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
673 		input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
674 			BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
675 		input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
676 		input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
677 			BIT_MASK(BTN_EXTRA);
678 		input->relbit[0] |= BIT_MASK(REL_WHEEL);
679 	}
680 
681 	input->dev.parent = hidp_get_device(session);
682 
683 	input->event = hidp_input_event;
684 
685 	err = input_register_device(input);
686 	if (err < 0) {
687 		hci_conn_put_device(session->conn);
688 		return err;
689 	}
690 
691 	return 0;
692 }
693 
694 static int hidp_open(struct hid_device *hid)
695 {
696 	return 0;
697 }
698 
699 static void hidp_close(struct hid_device *hid)
700 {
701 }
702 
703 static int hidp_parse(struct hid_device *hid)
704 {
705 	struct hidp_session *session = hid->driver_data;
706 
707 	return hid_parse_report(session->hid, session->rd_data,
708 			session->rd_size);
709 }
710 
711 static int hidp_start(struct hid_device *hid)
712 {
713 	struct hidp_session *session = hid->driver_data;
714 	struct hid_report *report;
715 
716 	list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
717 			report_list, list)
718 		hidp_send_report(session, report);
719 
720 	list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
721 			report_list, list)
722 		hidp_send_report(session, report);
723 
724 	return 0;
725 }
726 
727 static void hidp_stop(struct hid_device *hid)
728 {
729 	struct hidp_session *session = hid->driver_data;
730 
731 	skb_queue_purge(&session->ctrl_transmit);
732 	skb_queue_purge(&session->intr_transmit);
733 
734 	hid->claimed = 0;
735 }
736 
737 static struct hid_ll_driver hidp_hid_driver = {
738 	.parse = hidp_parse,
739 	.start = hidp_start,
740 	.stop = hidp_stop,
741 	.open  = hidp_open,
742 	.close = hidp_close,
743 	.hidinput_input_event = hidp_hidinput_event,
744 };
745 
746 static int hidp_setup_hid(struct hidp_session *session,
747 				struct hidp_connadd_req *req)
748 {
749 	struct hid_device *hid;
750 	bdaddr_t src, dst;
751 	int err;
752 
753 	session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
754 	if (!session->rd_data)
755 		return -ENOMEM;
756 
757 	if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
758 		err = -EFAULT;
759 		goto fault;
760 	}
761 	session->rd_size = req->rd_size;
762 
763 	hid = hid_allocate_device();
764 	if (IS_ERR(hid)) {
765 		err = PTR_ERR(hid);
766 		goto fault;
767 	}
768 
769 	session->hid = hid;
770 
771 	hid->driver_data = session;
772 
773 	baswap(&src, &bt_sk(session->ctrl_sock->sk)->src);
774 	baswap(&dst, &bt_sk(session->ctrl_sock->sk)->dst);
775 
776 	hid->bus     = BUS_BLUETOOTH;
777 	hid->vendor  = req->vendor;
778 	hid->product = req->product;
779 	hid->version = req->version;
780 	hid->country = req->country;
781 
782 	strncpy(hid->name, req->name, 128);
783 	strncpy(hid->phys, batostr(&src), 64);
784 	strncpy(hid->uniq, batostr(&dst), 64);
785 
786 	hid->dev.parent = hidp_get_device(session);
787 	hid->ll_driver = &hidp_hid_driver;
788 
789 	hid->hid_output_raw_report = hidp_output_raw_report;
790 
791 	err = hid_add_device(hid);
792 	if (err < 0)
793 		goto failed;
794 
795 	return 0;
796 
797 failed:
798 	hid_destroy_device(hid);
799 	session->hid = NULL;
800 
801 fault:
802 	kfree(session->rd_data);
803 	session->rd_data = NULL;
804 
805 	return err;
806 }
807 
808 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
809 {
810 	struct hidp_session *session, *s;
811 	int err;
812 
813 	BT_DBG("");
814 
815 	if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
816 			bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
817 		return -ENOTUNIQ;
818 
819 	session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
820 	if (!session)
821 		return -ENOMEM;
822 
823 	BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);
824 
825 	down_write(&hidp_session_sem);
826 
827 	s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
828 	if (s && s->state == BT_CONNECTED) {
829 		err = -EEXIST;
830 		goto failed;
831 	}
832 
833 	bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
834 
835 	session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu);
836 	session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu);
837 
838 	BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
839 
840 	session->ctrl_sock = ctrl_sock;
841 	session->intr_sock = intr_sock;
842 	session->state     = BT_CONNECTED;
843 
844 	setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session);
845 
846 	skb_queue_head_init(&session->ctrl_transmit);
847 	skb_queue_head_init(&session->intr_transmit);
848 
849 	session->flags   = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
850 	session->idle_to = req->idle_to;
851 
852 	if (req->rd_size > 0) {
853 		err = hidp_setup_hid(session, req);
854 		if (err && err != -ENODEV)
855 			goto purge;
856 	}
857 
858 	if (!session->hid) {
859 		err = hidp_setup_input(session, req);
860 		if (err < 0)
861 			goto purge;
862 	}
863 
864 	__hidp_link_session(session);
865 
866 	hidp_set_timer(session);
867 
868 	err = kernel_thread(hidp_session, session, CLONE_KERNEL);
869 	if (err < 0)
870 		goto unlink;
871 
872 	if (session->input) {
873 		hidp_send_ctrl_message(session,
874 			HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
875 		session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
876 
877 		session->leds = 0xff;
878 		hidp_input_event(session->input, EV_LED, 0, 0);
879 	}
880 
881 	up_write(&hidp_session_sem);
882 	return 0;
883 
884 unlink:
885 	hidp_del_timer(session);
886 
887 	__hidp_unlink_session(session);
888 
889 	if (session->input) {
890 		input_unregister_device(session->input);
891 		session->input = NULL;
892 	}
893 
894 	if (session->hid) {
895 		hid_destroy_device(session->hid);
896 		session->hid = NULL;
897 	}
898 
899 	kfree(session->rd_data);
900 	session->rd_data = NULL;
901 
902 purge:
903 	skb_queue_purge(&session->ctrl_transmit);
904 	skb_queue_purge(&session->intr_transmit);
905 
906 failed:
907 	up_write(&hidp_session_sem);
908 
909 	input_free_device(session->input);
910 	kfree(session);
911 	return err;
912 }
913 
914 int hidp_del_connection(struct hidp_conndel_req *req)
915 {
916 	struct hidp_session *session;
917 	int err = 0;
918 
919 	BT_DBG("");
920 
921 	down_read(&hidp_session_sem);
922 
923 	session = __hidp_get_session(&req->bdaddr);
924 	if (session) {
925 		if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
926 			hidp_send_ctrl_message(session,
927 				HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
928 		} else {
929 			/* Flush the transmit queues */
930 			skb_queue_purge(&session->ctrl_transmit);
931 			skb_queue_purge(&session->intr_transmit);
932 
933 			/* Wakeup user-space polling for socket errors */
934 			session->intr_sock->sk->sk_err = EUNATCH;
935 			session->ctrl_sock->sk->sk_err = EUNATCH;
936 
937 			/* Kill session thread */
938 			atomic_inc(&session->terminate);
939 			hidp_schedule(session);
940 		}
941 	} else
942 		err = -ENOENT;
943 
944 	up_read(&hidp_session_sem);
945 	return err;
946 }
947 
948 int hidp_get_connlist(struct hidp_connlist_req *req)
949 {
950 	struct list_head *p;
951 	int err = 0, n = 0;
952 
953 	BT_DBG("");
954 
955 	down_read(&hidp_session_sem);
956 
957 	list_for_each(p, &hidp_session_list) {
958 		struct hidp_session *session;
959 		struct hidp_conninfo ci;
960 
961 		session = list_entry(p, struct hidp_session, list);
962 
963 		__hidp_copy_session(session, &ci);
964 
965 		if (copy_to_user(req->ci, &ci, sizeof(ci))) {
966 			err = -EFAULT;
967 			break;
968 		}
969 
970 		if (++n >= req->cnum)
971 			break;
972 
973 		req->ci++;
974 	}
975 	req->cnum = n;
976 
977 	up_read(&hidp_session_sem);
978 	return err;
979 }
980 
981 int hidp_get_conninfo(struct hidp_conninfo *ci)
982 {
983 	struct hidp_session *session;
984 	int err = 0;
985 
986 	down_read(&hidp_session_sem);
987 
988 	session = __hidp_get_session(&ci->bdaddr);
989 	if (session)
990 		__hidp_copy_session(session, ci);
991 	else
992 		err = -ENOENT;
993 
994 	up_read(&hidp_session_sem);
995 	return err;
996 }
997 
998 static const struct hid_device_id hidp_table[] = {
999 	{ HID_BLUETOOTH_DEVICE(HID_ANY_ID, HID_ANY_ID) },
1000 	{ }
1001 };
1002 
1003 static struct hid_driver hidp_driver = {
1004 	.name = "generic-bluetooth",
1005 	.id_table = hidp_table,
1006 };
1007 
1008 static int __init hidp_init(void)
1009 {
1010 	int ret;
1011 
1012 	l2cap_load();
1013 
1014 	BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1015 
1016 	ret = hid_register_driver(&hidp_driver);
1017 	if (ret)
1018 		goto err;
1019 
1020 	ret = hidp_init_sockets();
1021 	if (ret)
1022 		goto err_drv;
1023 
1024 	return 0;
1025 err_drv:
1026 	hid_unregister_driver(&hidp_driver);
1027 err:
1028 	return ret;
1029 }
1030 
1031 static void __exit hidp_exit(void)
1032 {
1033 	hidp_cleanup_sockets();
1034 	hid_unregister_driver(&hidp_driver);
1035 }
1036 
1037 module_init(hidp_init);
1038 module_exit(hidp_exit);
1039 
1040 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1041 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1042 MODULE_VERSION(VERSION);
1043 MODULE_LICENSE("GPL");
1044 MODULE_ALIAS("bt-proto-6");
1045