1 /* 2 HIDP implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org> 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License version 2 as 7 published by the Free Software Foundation; 8 9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 20 SOFTWARE IS DISCLAIMED. 21 */ 22 23 #include <linux/module.h> 24 25 #include <linux/types.h> 26 #include <linux/errno.h> 27 #include <linux/kernel.h> 28 #include <linux/sched.h> 29 #include <linux/slab.h> 30 #include <linux/poll.h> 31 #include <linux/freezer.h> 32 #include <linux/fcntl.h> 33 #include <linux/skbuff.h> 34 #include <linux/socket.h> 35 #include <linux/ioctl.h> 36 #include <linux/file.h> 37 #include <linux/init.h> 38 #include <linux/wait.h> 39 #include <net/sock.h> 40 41 #include <linux/input.h> 42 #include <linux/hid.h> 43 44 #include <net/bluetooth/bluetooth.h> 45 #include <net/bluetooth/hci_core.h> 46 #include <net/bluetooth/l2cap.h> 47 48 #include "hidp.h" 49 50 #define VERSION "1.2" 51 52 static DECLARE_RWSEM(hidp_session_sem); 53 static LIST_HEAD(hidp_session_list); 54 55 static unsigned char hidp_keycode[256] = { 56 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 37, 38, 57 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 21, 44, 2, 3, 58 4, 5, 6, 7, 8, 9, 10, 11, 28, 1, 14, 15, 57, 12, 13, 26, 59 27, 43, 43, 39, 40, 41, 51, 52, 53, 58, 59, 60, 61, 62, 63, 64, 60 65, 66, 67, 68, 87, 88, 99, 70,119,110,102,104,111,107,109,106, 61 105,108,103, 69, 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 62 72, 73, 82, 83, 86,127,116,117,183,184,185,186,187,188,189,190, 63 191,192,193,194,134,138,130,132,128,129,131,137,133,135,136,113, 64 115,114, 0, 0, 0,121, 0, 89, 93,124, 92, 94, 95, 0, 0, 0, 65 122,123, 90, 91, 85, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 66 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 67 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 68 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 69 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 70 29, 42, 56,125, 97, 54,100,126,164,166,165,163,161,115,114,113, 71 150,158,159,128,136,177,178,176,142,152,173,140 72 }; 73 74 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }; 75 76 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr) 77 { 78 struct hidp_session *session; 79 struct list_head *p; 80 81 BT_DBG(""); 82 83 list_for_each(p, &hidp_session_list) { 84 session = list_entry(p, struct hidp_session, list); 85 if (!bacmp(bdaddr, &session->bdaddr)) 86 return session; 87 } 88 return NULL; 89 } 90 91 static void __hidp_link_session(struct hidp_session *session) 92 { 93 __module_get(THIS_MODULE); 94 list_add(&session->list, &hidp_session_list); 95 } 96 97 static void __hidp_unlink_session(struct hidp_session *session) 98 { 99 list_del(&session->list); 100 module_put(THIS_MODULE); 101 } 102 103 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci) 104 { 105 bacpy(&ci->bdaddr, &session->bdaddr); 106 107 ci->flags = session->flags; 108 ci->state = session->state; 109 110 ci->vendor = 0x0000; 111 ci->product = 0x0000; 112 ci->version = 0x0000; 113 memset(ci->name, 0, 128); 114 115 if (session->input) { 116 ci->vendor = session->input->id.vendor; 117 ci->product = session->input->id.product; 118 ci->version = session->input->id.version; 119 if (session->input->name) 120 strncpy(ci->name, session->input->name, 128); 121 else 122 strncpy(ci->name, "HID Boot Device", 128); 123 } 124 125 if (session->hid) { 126 ci->vendor = session->hid->vendor; 127 ci->product = session->hid->product; 128 ci->version = session->hid->version; 129 strncpy(ci->name, session->hid->name, 128); 130 } 131 } 132 133 static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev, 134 unsigned int type, unsigned int code, int value) 135 { 136 unsigned char newleds; 137 struct sk_buff *skb; 138 139 BT_DBG("session %p type %d code %d value %d", session, type, code, value); 140 141 if (type != EV_LED) 142 return -1; 143 144 newleds = (!!test_bit(LED_KANA, dev->led) << 3) | 145 (!!test_bit(LED_COMPOSE, dev->led) << 3) | 146 (!!test_bit(LED_SCROLLL, dev->led) << 2) | 147 (!!test_bit(LED_CAPSL, dev->led) << 1) | 148 (!!test_bit(LED_NUML, dev->led)); 149 150 if (session->leds == newleds) 151 return 0; 152 153 session->leds = newleds; 154 155 if (!(skb = alloc_skb(3, GFP_ATOMIC))) { 156 BT_ERR("Can't allocate memory for new frame"); 157 return -ENOMEM; 158 } 159 160 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; 161 *skb_put(skb, 1) = 0x01; 162 *skb_put(skb, 1) = newleds; 163 164 skb_queue_tail(&session->intr_transmit, skb); 165 166 hidp_schedule(session); 167 168 return 0; 169 } 170 171 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 172 { 173 struct hid_device *hid = input_get_drvdata(dev); 174 struct hidp_session *session = hid->driver_data; 175 176 return hidp_queue_event(session, dev, type, code, value); 177 } 178 179 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 180 { 181 struct hidp_session *session = input_get_drvdata(dev); 182 183 return hidp_queue_event(session, dev, type, code, value); 184 } 185 186 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) 187 { 188 struct input_dev *dev = session->input; 189 unsigned char *keys = session->keys; 190 unsigned char *udata = skb->data + 1; 191 signed char *sdata = skb->data + 1; 192 int i, size = skb->len - 1; 193 194 switch (skb->data[0]) { 195 case 0x01: /* Keyboard report */ 196 for (i = 0; i < 8; i++) 197 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1); 198 199 /* If all the key codes have been set to 0x01, it means 200 * too many keys were pressed at the same time. */ 201 if (!memcmp(udata + 2, hidp_mkeyspat, 6)) 202 break; 203 204 for (i = 2; i < 8; i++) { 205 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) { 206 if (hidp_keycode[keys[i]]) 207 input_report_key(dev, hidp_keycode[keys[i]], 0); 208 else 209 BT_ERR("Unknown key (scancode %#x) released.", keys[i]); 210 } 211 212 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) { 213 if (hidp_keycode[udata[i]]) 214 input_report_key(dev, hidp_keycode[udata[i]], 1); 215 else 216 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]); 217 } 218 } 219 220 memcpy(keys, udata, 8); 221 break; 222 223 case 0x02: /* Mouse report */ 224 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01); 225 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02); 226 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04); 227 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08); 228 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10); 229 230 input_report_rel(dev, REL_X, sdata[1]); 231 input_report_rel(dev, REL_Y, sdata[2]); 232 233 if (size > 3) 234 input_report_rel(dev, REL_WHEEL, sdata[3]); 235 break; 236 } 237 238 input_sync(dev); 239 } 240 241 static int hidp_queue_report(struct hidp_session *session, 242 unsigned char *data, int size) 243 { 244 struct sk_buff *skb; 245 246 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size); 247 248 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) { 249 BT_ERR("Can't allocate memory for new frame"); 250 return -ENOMEM; 251 } 252 253 *skb_put(skb, 1) = 0xa2; 254 if (size > 0) 255 memcpy(skb_put(skb, size), data, size); 256 257 skb_queue_tail(&session->intr_transmit, skb); 258 259 hidp_schedule(session); 260 261 return 0; 262 } 263 264 static int hidp_send_report(struct hidp_session *session, struct hid_report *report) 265 { 266 unsigned char buf[32]; 267 int rsize; 268 269 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0); 270 if (rsize > sizeof(buf)) 271 return -EIO; 272 273 hid_output_report(report, buf); 274 275 return hidp_queue_report(session, buf, rsize); 276 } 277 278 static void hidp_idle_timeout(unsigned long arg) 279 { 280 struct hidp_session *session = (struct hidp_session *) arg; 281 282 atomic_inc(&session->terminate); 283 hidp_schedule(session); 284 } 285 286 static void hidp_set_timer(struct hidp_session *session) 287 { 288 if (session->idle_to > 0) 289 mod_timer(&session->timer, jiffies + HZ * session->idle_to); 290 } 291 292 static inline void hidp_del_timer(struct hidp_session *session) 293 { 294 if (session->idle_to > 0) 295 del_timer(&session->timer); 296 } 297 298 static int __hidp_send_ctrl_message(struct hidp_session *session, 299 unsigned char hdr, unsigned char *data, int size) 300 { 301 struct sk_buff *skb; 302 303 BT_DBG("session %p data %p size %d", session, data, size); 304 305 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) { 306 BT_ERR("Can't allocate memory for new frame"); 307 return -ENOMEM; 308 } 309 310 *skb_put(skb, 1) = hdr; 311 if (data && size > 0) 312 memcpy(skb_put(skb, size), data, size); 313 314 skb_queue_tail(&session->ctrl_transmit, skb); 315 316 return 0; 317 } 318 319 static inline int hidp_send_ctrl_message(struct hidp_session *session, 320 unsigned char hdr, unsigned char *data, int size) 321 { 322 int err; 323 324 err = __hidp_send_ctrl_message(session, hdr, data, size); 325 326 hidp_schedule(session); 327 328 return err; 329 } 330 331 static void hidp_process_handshake(struct hidp_session *session, 332 unsigned char param) 333 { 334 BT_DBG("session %p param 0x%02x", session, param); 335 336 switch (param) { 337 case HIDP_HSHK_SUCCESSFUL: 338 /* FIXME: Call into SET_ GET_ handlers here */ 339 break; 340 341 case HIDP_HSHK_NOT_READY: 342 case HIDP_HSHK_ERR_INVALID_REPORT_ID: 343 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST: 344 case HIDP_HSHK_ERR_INVALID_PARAMETER: 345 /* FIXME: Call into SET_ GET_ handlers here */ 346 break; 347 348 case HIDP_HSHK_ERR_UNKNOWN: 349 break; 350 351 case HIDP_HSHK_ERR_FATAL: 352 /* Device requests a reboot, as this is the only way this error 353 * can be recovered. */ 354 __hidp_send_ctrl_message(session, 355 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0); 356 break; 357 358 default: 359 __hidp_send_ctrl_message(session, 360 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 361 break; 362 } 363 } 364 365 static void hidp_process_hid_control(struct hidp_session *session, 366 unsigned char param) 367 { 368 BT_DBG("session %p param 0x%02x", session, param); 369 370 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) { 371 /* Flush the transmit queues */ 372 skb_queue_purge(&session->ctrl_transmit); 373 skb_queue_purge(&session->intr_transmit); 374 375 /* Kill session thread */ 376 atomic_inc(&session->terminate); 377 } 378 } 379 380 static void hidp_process_data(struct hidp_session *session, struct sk_buff *skb, 381 unsigned char param) 382 { 383 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param); 384 385 switch (param) { 386 case HIDP_DATA_RTYPE_INPUT: 387 hidp_set_timer(session); 388 389 if (session->input) 390 hidp_input_report(session, skb); 391 392 if (session->hid) 393 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0); 394 395 break; 396 397 case HIDP_DATA_RTYPE_OTHER: 398 case HIDP_DATA_RTYPE_OUPUT: 399 case HIDP_DATA_RTYPE_FEATURE: 400 break; 401 402 default: 403 __hidp_send_ctrl_message(session, 404 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 405 } 406 } 407 408 static void hidp_recv_ctrl_frame(struct hidp_session *session, 409 struct sk_buff *skb) 410 { 411 unsigned char hdr, type, param; 412 413 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 414 415 hdr = skb->data[0]; 416 skb_pull(skb, 1); 417 418 type = hdr & HIDP_HEADER_TRANS_MASK; 419 param = hdr & HIDP_HEADER_PARAM_MASK; 420 421 switch (type) { 422 case HIDP_TRANS_HANDSHAKE: 423 hidp_process_handshake(session, param); 424 break; 425 426 case HIDP_TRANS_HID_CONTROL: 427 hidp_process_hid_control(session, param); 428 break; 429 430 case HIDP_TRANS_DATA: 431 hidp_process_data(session, skb, param); 432 break; 433 434 default: 435 __hidp_send_ctrl_message(session, 436 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0); 437 break; 438 } 439 440 kfree_skb(skb); 441 } 442 443 static void hidp_recv_intr_frame(struct hidp_session *session, 444 struct sk_buff *skb) 445 { 446 unsigned char hdr; 447 448 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 449 450 hdr = skb->data[0]; 451 skb_pull(skb, 1); 452 453 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) { 454 hidp_set_timer(session); 455 456 if (session->input) 457 hidp_input_report(session, skb); 458 459 if (session->hid) { 460 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1); 461 BT_DBG("report len %d", skb->len); 462 } 463 } else { 464 BT_DBG("Unsupported protocol header 0x%02x", hdr); 465 } 466 467 kfree_skb(skb); 468 } 469 470 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len) 471 { 472 struct kvec iv = { data, len }; 473 struct msghdr msg; 474 475 BT_DBG("sock %p data %p len %d", sock, data, len); 476 477 if (!len) 478 return 0; 479 480 memset(&msg, 0, sizeof(msg)); 481 482 return kernel_sendmsg(sock, &msg, &iv, 1, len); 483 } 484 485 static void hidp_process_transmit(struct hidp_session *session) 486 { 487 struct sk_buff *skb; 488 489 BT_DBG("session %p", session); 490 491 while ((skb = skb_dequeue(&session->ctrl_transmit))) { 492 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) { 493 skb_queue_head(&session->ctrl_transmit, skb); 494 break; 495 } 496 497 hidp_set_timer(session); 498 kfree_skb(skb); 499 } 500 501 while ((skb = skb_dequeue(&session->intr_transmit))) { 502 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) { 503 skb_queue_head(&session->intr_transmit, skb); 504 break; 505 } 506 507 hidp_set_timer(session); 508 kfree_skb(skb); 509 } 510 } 511 512 static int hidp_session(void *arg) 513 { 514 struct hidp_session *session = arg; 515 struct sock *ctrl_sk = session->ctrl_sock->sk; 516 struct sock *intr_sk = session->intr_sock->sk; 517 struct sk_buff *skb; 518 int vendor = 0x0000, product = 0x0000; 519 wait_queue_t ctrl_wait, intr_wait; 520 521 BT_DBG("session %p", session); 522 523 if (session->input) { 524 vendor = session->input->id.vendor; 525 product = session->input->id.product; 526 } 527 528 if (session->hid) { 529 vendor = session->hid->vendor; 530 product = session->hid->product; 531 } 532 533 daemonize("khidpd_%04x%04x", vendor, product); 534 set_user_nice(current, -15); 535 536 init_waitqueue_entry(&ctrl_wait, current); 537 init_waitqueue_entry(&intr_wait, current); 538 add_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait); 539 add_wait_queue(intr_sk->sk_sleep, &intr_wait); 540 while (!atomic_read(&session->terminate)) { 541 set_current_state(TASK_INTERRUPTIBLE); 542 543 if (ctrl_sk->sk_state != BT_CONNECTED || intr_sk->sk_state != BT_CONNECTED) 544 break; 545 546 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) { 547 skb_orphan(skb); 548 hidp_recv_ctrl_frame(session, skb); 549 } 550 551 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) { 552 skb_orphan(skb); 553 hidp_recv_intr_frame(session, skb); 554 } 555 556 hidp_process_transmit(session); 557 558 schedule(); 559 } 560 set_current_state(TASK_RUNNING); 561 remove_wait_queue(intr_sk->sk_sleep, &intr_wait); 562 remove_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait); 563 564 down_write(&hidp_session_sem); 565 566 hidp_del_timer(session); 567 568 if (session->input) { 569 input_unregister_device(session->input); 570 session->input = NULL; 571 } 572 573 if (session->hid) { 574 if (session->hid->claimed & HID_CLAIMED_INPUT) 575 hidinput_disconnect(session->hid); 576 hid_destroy_device(session->hid); 577 } 578 579 /* Wakeup user-space polling for socket errors */ 580 session->intr_sock->sk->sk_err = EUNATCH; 581 session->ctrl_sock->sk->sk_err = EUNATCH; 582 583 hidp_schedule(session); 584 585 fput(session->intr_sock->file); 586 587 wait_event_timeout(*(ctrl_sk->sk_sleep), 588 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500)); 589 590 fput(session->ctrl_sock->file); 591 592 __hidp_unlink_session(session); 593 594 up_write(&hidp_session_sem); 595 596 kfree(session); 597 return 0; 598 } 599 600 static struct device *hidp_get_device(struct hidp_session *session) 601 { 602 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src; 603 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst; 604 struct hci_dev *hdev; 605 struct hci_conn *conn; 606 607 hdev = hci_get_route(dst, src); 608 if (!hdev) 609 return NULL; 610 611 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 612 613 hci_dev_put(hdev); 614 615 return conn ? &conn->dev : NULL; 616 } 617 618 static int hidp_setup_input(struct hidp_session *session, 619 struct hidp_connadd_req *req) 620 { 621 struct input_dev *input; 622 int i; 623 624 input = input_allocate_device(); 625 if (!input) 626 return -ENOMEM; 627 628 session->input = input; 629 630 input_set_drvdata(input, session); 631 632 input->name = "Bluetooth HID Boot Protocol Device"; 633 634 input->id.bustype = BUS_BLUETOOTH; 635 input->id.vendor = req->vendor; 636 input->id.product = req->product; 637 input->id.version = req->version; 638 639 if (req->subclass & 0x40) { 640 set_bit(EV_KEY, input->evbit); 641 set_bit(EV_LED, input->evbit); 642 set_bit(EV_REP, input->evbit); 643 644 set_bit(LED_NUML, input->ledbit); 645 set_bit(LED_CAPSL, input->ledbit); 646 set_bit(LED_SCROLLL, input->ledbit); 647 set_bit(LED_COMPOSE, input->ledbit); 648 set_bit(LED_KANA, input->ledbit); 649 650 for (i = 0; i < sizeof(hidp_keycode); i++) 651 set_bit(hidp_keycode[i], input->keybit); 652 clear_bit(0, input->keybit); 653 } 654 655 if (req->subclass & 0x80) { 656 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL); 657 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) | 658 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE); 659 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y); 660 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) | 661 BIT_MASK(BTN_EXTRA); 662 input->relbit[0] |= BIT_MASK(REL_WHEEL); 663 } 664 665 input->dev.parent = hidp_get_device(session); 666 667 input->event = hidp_input_event; 668 669 return input_register_device(input); 670 } 671 672 static int hidp_open(struct hid_device *hid) 673 { 674 return 0; 675 } 676 677 static void hidp_close(struct hid_device *hid) 678 { 679 } 680 681 static int hidp_parse(struct hid_device *hid) 682 { 683 struct hidp_session *session = hid->driver_data; 684 struct hidp_connadd_req *req = session->req; 685 unsigned char *buf; 686 int ret; 687 688 buf = kmalloc(req->rd_size, GFP_KERNEL); 689 if (!buf) 690 return -ENOMEM; 691 692 if (copy_from_user(buf, req->rd_data, req->rd_size)) { 693 kfree(buf); 694 return -EFAULT; 695 } 696 697 ret = hid_parse_report(session->hid, buf, req->rd_size); 698 699 kfree(buf); 700 701 if (ret) 702 return ret; 703 704 session->req = NULL; 705 706 return 0; 707 } 708 709 static int hidp_start(struct hid_device *hid) 710 { 711 struct hidp_session *session = hid->driver_data; 712 struct hid_report *report; 713 714 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT]. 715 report_list, list) 716 hidp_send_report(session, report); 717 718 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT]. 719 report_list, list) 720 hidp_send_report(session, report); 721 722 return 0; 723 } 724 725 static void hidp_stop(struct hid_device *hid) 726 { 727 struct hidp_session *session = hid->driver_data; 728 729 skb_queue_purge(&session->ctrl_transmit); 730 skb_queue_purge(&session->intr_transmit); 731 732 if (hid->claimed & HID_CLAIMED_INPUT) 733 hidinput_disconnect(hid); 734 hid->claimed = 0; 735 } 736 737 static struct hid_ll_driver hidp_hid_driver = { 738 .parse = hidp_parse, 739 .start = hidp_start, 740 .stop = hidp_stop, 741 .open = hidp_open, 742 .close = hidp_close, 743 .hidinput_input_event = hidp_hidinput_event, 744 }; 745 746 static int hidp_setup_hid(struct hidp_session *session, 747 struct hidp_connadd_req *req) 748 { 749 struct hid_device *hid; 750 bdaddr_t src, dst; 751 int ret; 752 753 hid = hid_allocate_device(); 754 if (IS_ERR(hid)) { 755 ret = PTR_ERR(session->hid); 756 goto err; 757 } 758 759 session->hid = hid; 760 session->req = req; 761 hid->driver_data = session; 762 763 baswap(&src, &bt_sk(session->ctrl_sock->sk)->src); 764 baswap(&dst, &bt_sk(session->ctrl_sock->sk)->dst); 765 766 hid->bus = BUS_BLUETOOTH; 767 hid->vendor = req->vendor; 768 hid->product = req->product; 769 hid->version = req->version; 770 hid->country = req->country; 771 772 strncpy(hid->name, req->name, 128); 773 strncpy(hid->phys, batostr(&src), 64); 774 strncpy(hid->uniq, batostr(&dst), 64); 775 776 hid->dev.parent = hidp_get_device(session); 777 hid->ll_driver = &hidp_hid_driver; 778 779 ret = hid_add_device(hid); 780 if (ret) 781 goto err_hid; 782 783 return 0; 784 err_hid: 785 hid_destroy_device(hid); 786 session->hid = NULL; 787 err: 788 return ret; 789 } 790 791 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock) 792 { 793 struct hidp_session *session, *s; 794 int err; 795 796 BT_DBG(""); 797 798 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) || 799 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst)) 800 return -ENOTUNIQ; 801 802 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL); 803 if (!session) 804 return -ENOMEM; 805 806 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size); 807 808 down_write(&hidp_session_sem); 809 810 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst); 811 if (s && s->state == BT_CONNECTED) { 812 err = -EEXIST; 813 goto failed; 814 } 815 816 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst); 817 818 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu); 819 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu); 820 821 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu); 822 823 session->ctrl_sock = ctrl_sock; 824 session->intr_sock = intr_sock; 825 session->state = BT_CONNECTED; 826 827 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session); 828 829 skb_queue_head_init(&session->ctrl_transmit); 830 skb_queue_head_init(&session->intr_transmit); 831 832 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID); 833 session->idle_to = req->idle_to; 834 835 if (req->rd_size > 0) { 836 err = hidp_setup_hid(session, req); 837 if (err && err != -ENODEV) 838 goto err_skb; 839 } 840 841 if (!session->hid) { 842 err = hidp_setup_input(session, req); 843 if (err < 0) 844 goto err_skb; 845 } 846 847 __hidp_link_session(session); 848 849 hidp_set_timer(session); 850 851 err = kernel_thread(hidp_session, session, CLONE_KERNEL); 852 if (err < 0) 853 goto unlink; 854 855 if (session->input) { 856 hidp_send_ctrl_message(session, 857 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0); 858 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE); 859 860 session->leds = 0xff; 861 hidp_input_event(session->input, EV_LED, 0, 0); 862 } 863 864 up_write(&hidp_session_sem); 865 return 0; 866 867 unlink: 868 hidp_del_timer(session); 869 870 __hidp_unlink_session(session); 871 872 if (session->input) 873 input_unregister_device(session->input); 874 if (session->hid) 875 hid_destroy_device(session->hid); 876 err_skb: 877 skb_queue_purge(&session->ctrl_transmit); 878 skb_queue_purge(&session->intr_transmit); 879 failed: 880 up_write(&hidp_session_sem); 881 882 input_free_device(session->input); 883 kfree(session); 884 return err; 885 } 886 887 int hidp_del_connection(struct hidp_conndel_req *req) 888 { 889 struct hidp_session *session; 890 int err = 0; 891 892 BT_DBG(""); 893 894 down_read(&hidp_session_sem); 895 896 session = __hidp_get_session(&req->bdaddr); 897 if (session) { 898 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) { 899 hidp_send_ctrl_message(session, 900 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0); 901 } else { 902 /* Flush the transmit queues */ 903 skb_queue_purge(&session->ctrl_transmit); 904 skb_queue_purge(&session->intr_transmit); 905 906 /* Wakeup user-space polling for socket errors */ 907 session->intr_sock->sk->sk_err = EUNATCH; 908 session->ctrl_sock->sk->sk_err = EUNATCH; 909 910 /* Kill session thread */ 911 atomic_inc(&session->terminate); 912 hidp_schedule(session); 913 } 914 } else 915 err = -ENOENT; 916 917 up_read(&hidp_session_sem); 918 return err; 919 } 920 921 int hidp_get_connlist(struct hidp_connlist_req *req) 922 { 923 struct list_head *p; 924 int err = 0, n = 0; 925 926 BT_DBG(""); 927 928 down_read(&hidp_session_sem); 929 930 list_for_each(p, &hidp_session_list) { 931 struct hidp_session *session; 932 struct hidp_conninfo ci; 933 934 session = list_entry(p, struct hidp_session, list); 935 936 __hidp_copy_session(session, &ci); 937 938 if (copy_to_user(req->ci, &ci, sizeof(ci))) { 939 err = -EFAULT; 940 break; 941 } 942 943 if (++n >= req->cnum) 944 break; 945 946 req->ci++; 947 } 948 req->cnum = n; 949 950 up_read(&hidp_session_sem); 951 return err; 952 } 953 954 int hidp_get_conninfo(struct hidp_conninfo *ci) 955 { 956 struct hidp_session *session; 957 int err = 0; 958 959 down_read(&hidp_session_sem); 960 961 session = __hidp_get_session(&ci->bdaddr); 962 if (session) 963 __hidp_copy_session(session, ci); 964 else 965 err = -ENOENT; 966 967 up_read(&hidp_session_sem); 968 return err; 969 } 970 971 static const struct hid_device_id hidp_table[] = { 972 { HID_BLUETOOTH_DEVICE(HID_ANY_ID, HID_ANY_ID) }, 973 { } 974 }; 975 976 static struct hid_driver hidp_driver = { 977 .name = "generic-bluetooth", 978 .id_table = hidp_table, 979 }; 980 981 static int __init hidp_init(void) 982 { 983 int ret; 984 985 l2cap_load(); 986 987 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION); 988 989 ret = hid_register_driver(&hidp_driver); 990 if (ret) 991 goto err; 992 993 ret = hidp_init_sockets(); 994 if (ret) 995 goto err_drv; 996 997 return 0; 998 err_drv: 999 hid_unregister_driver(&hidp_driver); 1000 err: 1001 return ret; 1002 } 1003 1004 static void __exit hidp_exit(void) 1005 { 1006 hidp_cleanup_sockets(); 1007 hid_unregister_driver(&hidp_driver); 1008 } 1009 1010 module_init(hidp_init); 1011 module_exit(hidp_exit); 1012 1013 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 1014 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION); 1015 MODULE_VERSION(VERSION); 1016 MODULE_LICENSE("GPL"); 1017 MODULE_ALIAS("bt-proto-6"); 1018