1 /* 2 HIDP implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org> 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License version 2 as 7 published by the Free Software Foundation; 8 9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 20 SOFTWARE IS DISCLAIMED. 21 */ 22 23 #include <linux/module.h> 24 25 #include <linux/types.h> 26 #include <linux/errno.h> 27 #include <linux/kernel.h> 28 #include <linux/sched.h> 29 #include <linux/slab.h> 30 #include <linux/poll.h> 31 #include <linux/freezer.h> 32 #include <linux/fcntl.h> 33 #include <linux/skbuff.h> 34 #include <linux/socket.h> 35 #include <linux/ioctl.h> 36 #include <linux/file.h> 37 #include <linux/init.h> 38 #include <linux/wait.h> 39 #include <net/sock.h> 40 41 #include <linux/input.h> 42 #include <linux/hid.h> 43 #include <linux/hidraw.h> 44 45 #include <net/bluetooth/bluetooth.h> 46 #include <net/bluetooth/hci_core.h> 47 #include <net/bluetooth/l2cap.h> 48 49 #include "hidp.h" 50 51 #define VERSION "1.2" 52 53 static DECLARE_RWSEM(hidp_session_sem); 54 static LIST_HEAD(hidp_session_list); 55 56 static unsigned char hidp_keycode[256] = { 57 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 37, 38, 58 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 21, 44, 2, 3, 59 4, 5, 6, 7, 8, 9, 10, 11, 28, 1, 14, 15, 57, 12, 13, 26, 60 27, 43, 43, 39, 40, 41, 51, 52, 53, 58, 59, 60, 61, 62, 63, 64, 61 65, 66, 67, 68, 87, 88, 99, 70,119,110,102,104,111,107,109,106, 62 105,108,103, 69, 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 63 72, 73, 82, 83, 86,127,116,117,183,184,185,186,187,188,189,190, 64 191,192,193,194,134,138,130,132,128,129,131,137,133,135,136,113, 65 115,114, 0, 0, 0,121, 0, 89, 93,124, 92, 94, 95, 0, 0, 0, 66 122,123, 90, 91, 85, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 67 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 68 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 69 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 70 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 71 29, 42, 56,125, 97, 54,100,126,164,166,165,163,161,115,114,113, 72 150,158,159,128,136,177,178,176,142,152,173,140 73 }; 74 75 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }; 76 77 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr) 78 { 79 struct hidp_session *session; 80 struct list_head *p; 81 82 BT_DBG(""); 83 84 list_for_each(p, &hidp_session_list) { 85 session = list_entry(p, struct hidp_session, list); 86 if (!bacmp(bdaddr, &session->bdaddr)) 87 return session; 88 } 89 return NULL; 90 } 91 92 static void __hidp_link_session(struct hidp_session *session) 93 { 94 __module_get(THIS_MODULE); 95 list_add(&session->list, &hidp_session_list); 96 97 hci_conn_hold_device(session->conn); 98 } 99 100 static void __hidp_unlink_session(struct hidp_session *session) 101 { 102 hci_conn_put_device(session->conn); 103 104 list_del(&session->list); 105 module_put(THIS_MODULE); 106 } 107 108 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci) 109 { 110 bacpy(&ci->bdaddr, &session->bdaddr); 111 112 ci->flags = session->flags; 113 ci->state = session->state; 114 115 ci->vendor = 0x0000; 116 ci->product = 0x0000; 117 ci->version = 0x0000; 118 memset(ci->name, 0, 128); 119 120 if (session->input) { 121 ci->vendor = session->input->id.vendor; 122 ci->product = session->input->id.product; 123 ci->version = session->input->id.version; 124 if (session->input->name) 125 strncpy(ci->name, session->input->name, 128); 126 else 127 strncpy(ci->name, "HID Boot Device", 128); 128 } 129 130 if (session->hid) { 131 ci->vendor = session->hid->vendor; 132 ci->product = session->hid->product; 133 ci->version = session->hid->version; 134 strncpy(ci->name, session->hid->name, 128); 135 } 136 } 137 138 static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev, 139 unsigned int type, unsigned int code, int value) 140 { 141 unsigned char newleds; 142 struct sk_buff *skb; 143 144 BT_DBG("session %p type %d code %d value %d", session, type, code, value); 145 146 if (type != EV_LED) 147 return -1; 148 149 newleds = (!!test_bit(LED_KANA, dev->led) << 3) | 150 (!!test_bit(LED_COMPOSE, dev->led) << 3) | 151 (!!test_bit(LED_SCROLLL, dev->led) << 2) | 152 (!!test_bit(LED_CAPSL, dev->led) << 1) | 153 (!!test_bit(LED_NUML, dev->led)); 154 155 if (session->leds == newleds) 156 return 0; 157 158 session->leds = newleds; 159 160 if (!(skb = alloc_skb(3, GFP_ATOMIC))) { 161 BT_ERR("Can't allocate memory for new frame"); 162 return -ENOMEM; 163 } 164 165 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; 166 *skb_put(skb, 1) = 0x01; 167 *skb_put(skb, 1) = newleds; 168 169 skb_queue_tail(&session->intr_transmit, skb); 170 171 hidp_schedule(session); 172 173 return 0; 174 } 175 176 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 177 { 178 struct hid_device *hid = input_get_drvdata(dev); 179 struct hidp_session *session = hid->driver_data; 180 181 return hidp_queue_event(session, dev, type, code, value); 182 } 183 184 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 185 { 186 struct hidp_session *session = input_get_drvdata(dev); 187 188 return hidp_queue_event(session, dev, type, code, value); 189 } 190 191 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) 192 { 193 struct input_dev *dev = session->input; 194 unsigned char *keys = session->keys; 195 unsigned char *udata = skb->data + 1; 196 signed char *sdata = skb->data + 1; 197 int i, size = skb->len - 1; 198 199 switch (skb->data[0]) { 200 case 0x01: /* Keyboard report */ 201 for (i = 0; i < 8; i++) 202 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1); 203 204 /* If all the key codes have been set to 0x01, it means 205 * too many keys were pressed at the same time. */ 206 if (!memcmp(udata + 2, hidp_mkeyspat, 6)) 207 break; 208 209 for (i = 2; i < 8; i++) { 210 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) { 211 if (hidp_keycode[keys[i]]) 212 input_report_key(dev, hidp_keycode[keys[i]], 0); 213 else 214 BT_ERR("Unknown key (scancode %#x) released.", keys[i]); 215 } 216 217 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) { 218 if (hidp_keycode[udata[i]]) 219 input_report_key(dev, hidp_keycode[udata[i]], 1); 220 else 221 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]); 222 } 223 } 224 225 memcpy(keys, udata, 8); 226 break; 227 228 case 0x02: /* Mouse report */ 229 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01); 230 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02); 231 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04); 232 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08); 233 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10); 234 235 input_report_rel(dev, REL_X, sdata[1]); 236 input_report_rel(dev, REL_Y, sdata[2]); 237 238 if (size > 3) 239 input_report_rel(dev, REL_WHEEL, sdata[3]); 240 break; 241 } 242 243 input_sync(dev); 244 } 245 246 static int hidp_queue_report(struct hidp_session *session, 247 unsigned char *data, int size) 248 { 249 struct sk_buff *skb; 250 251 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size); 252 253 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) { 254 BT_ERR("Can't allocate memory for new frame"); 255 return -ENOMEM; 256 } 257 258 *skb_put(skb, 1) = 0xa2; 259 if (size > 0) 260 memcpy(skb_put(skb, size), data, size); 261 262 skb_queue_tail(&session->intr_transmit, skb); 263 264 hidp_schedule(session); 265 266 return 0; 267 } 268 269 static int hidp_send_report(struct hidp_session *session, struct hid_report *report) 270 { 271 unsigned char buf[32]; 272 int rsize; 273 274 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0); 275 if (rsize > sizeof(buf)) 276 return -EIO; 277 278 hid_output_report(report, buf); 279 280 return hidp_queue_report(session, buf, rsize); 281 } 282 283 static void hidp_idle_timeout(unsigned long arg) 284 { 285 struct hidp_session *session = (struct hidp_session *) arg; 286 287 atomic_inc(&session->terminate); 288 hidp_schedule(session); 289 } 290 291 static void hidp_set_timer(struct hidp_session *session) 292 { 293 if (session->idle_to > 0) 294 mod_timer(&session->timer, jiffies + HZ * session->idle_to); 295 } 296 297 static inline void hidp_del_timer(struct hidp_session *session) 298 { 299 if (session->idle_to > 0) 300 del_timer(&session->timer); 301 } 302 303 static int __hidp_send_ctrl_message(struct hidp_session *session, 304 unsigned char hdr, unsigned char *data, int size) 305 { 306 struct sk_buff *skb; 307 308 BT_DBG("session %p data %p size %d", session, data, size); 309 310 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) { 311 BT_ERR("Can't allocate memory for new frame"); 312 return -ENOMEM; 313 } 314 315 *skb_put(skb, 1) = hdr; 316 if (data && size > 0) 317 memcpy(skb_put(skb, size), data, size); 318 319 skb_queue_tail(&session->ctrl_transmit, skb); 320 321 return 0; 322 } 323 324 static inline int hidp_send_ctrl_message(struct hidp_session *session, 325 unsigned char hdr, unsigned char *data, int size) 326 { 327 int err; 328 329 err = __hidp_send_ctrl_message(session, hdr, data, size); 330 331 hidp_schedule(session); 332 333 return err; 334 } 335 336 static void hidp_process_handshake(struct hidp_session *session, 337 unsigned char param) 338 { 339 BT_DBG("session %p param 0x%02x", session, param); 340 341 switch (param) { 342 case HIDP_HSHK_SUCCESSFUL: 343 /* FIXME: Call into SET_ GET_ handlers here */ 344 break; 345 346 case HIDP_HSHK_NOT_READY: 347 case HIDP_HSHK_ERR_INVALID_REPORT_ID: 348 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST: 349 case HIDP_HSHK_ERR_INVALID_PARAMETER: 350 /* FIXME: Call into SET_ GET_ handlers here */ 351 break; 352 353 case HIDP_HSHK_ERR_UNKNOWN: 354 break; 355 356 case HIDP_HSHK_ERR_FATAL: 357 /* Device requests a reboot, as this is the only way this error 358 * can be recovered. */ 359 __hidp_send_ctrl_message(session, 360 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0); 361 break; 362 363 default: 364 __hidp_send_ctrl_message(session, 365 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 366 break; 367 } 368 } 369 370 static void hidp_process_hid_control(struct hidp_session *session, 371 unsigned char param) 372 { 373 BT_DBG("session %p param 0x%02x", session, param); 374 375 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) { 376 /* Flush the transmit queues */ 377 skb_queue_purge(&session->ctrl_transmit); 378 skb_queue_purge(&session->intr_transmit); 379 380 /* Kill session thread */ 381 atomic_inc(&session->terminate); 382 hidp_schedule(session); 383 } 384 } 385 386 static void hidp_process_data(struct hidp_session *session, struct sk_buff *skb, 387 unsigned char param) 388 { 389 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param); 390 391 switch (param) { 392 case HIDP_DATA_RTYPE_INPUT: 393 hidp_set_timer(session); 394 395 if (session->input) 396 hidp_input_report(session, skb); 397 398 if (session->hid) 399 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0); 400 401 break; 402 403 case HIDP_DATA_RTYPE_OTHER: 404 case HIDP_DATA_RTYPE_OUPUT: 405 case HIDP_DATA_RTYPE_FEATURE: 406 break; 407 408 default: 409 __hidp_send_ctrl_message(session, 410 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 411 } 412 } 413 414 static void hidp_recv_ctrl_frame(struct hidp_session *session, 415 struct sk_buff *skb) 416 { 417 unsigned char hdr, type, param; 418 419 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 420 421 hdr = skb->data[0]; 422 skb_pull(skb, 1); 423 424 type = hdr & HIDP_HEADER_TRANS_MASK; 425 param = hdr & HIDP_HEADER_PARAM_MASK; 426 427 switch (type) { 428 case HIDP_TRANS_HANDSHAKE: 429 hidp_process_handshake(session, param); 430 break; 431 432 case HIDP_TRANS_HID_CONTROL: 433 hidp_process_hid_control(session, param); 434 break; 435 436 case HIDP_TRANS_DATA: 437 hidp_process_data(session, skb, param); 438 break; 439 440 default: 441 __hidp_send_ctrl_message(session, 442 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0); 443 break; 444 } 445 446 kfree_skb(skb); 447 } 448 449 static void hidp_recv_intr_frame(struct hidp_session *session, 450 struct sk_buff *skb) 451 { 452 unsigned char hdr; 453 454 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 455 456 hdr = skb->data[0]; 457 skb_pull(skb, 1); 458 459 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) { 460 hidp_set_timer(session); 461 462 if (session->input) 463 hidp_input_report(session, skb); 464 465 if (session->hid) { 466 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1); 467 BT_DBG("report len %d", skb->len); 468 } 469 } else { 470 BT_DBG("Unsupported protocol header 0x%02x", hdr); 471 } 472 473 kfree_skb(skb); 474 } 475 476 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len) 477 { 478 struct kvec iv = { data, len }; 479 struct msghdr msg; 480 481 BT_DBG("sock %p data %p len %d", sock, data, len); 482 483 if (!len) 484 return 0; 485 486 memset(&msg, 0, sizeof(msg)); 487 488 return kernel_sendmsg(sock, &msg, &iv, 1, len); 489 } 490 491 static void hidp_process_transmit(struct hidp_session *session) 492 { 493 struct sk_buff *skb; 494 495 BT_DBG("session %p", session); 496 497 while ((skb = skb_dequeue(&session->ctrl_transmit))) { 498 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) { 499 skb_queue_head(&session->ctrl_transmit, skb); 500 break; 501 } 502 503 hidp_set_timer(session); 504 kfree_skb(skb); 505 } 506 507 while ((skb = skb_dequeue(&session->intr_transmit))) { 508 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) { 509 skb_queue_head(&session->intr_transmit, skb); 510 break; 511 } 512 513 hidp_set_timer(session); 514 kfree_skb(skb); 515 } 516 } 517 518 static int hidp_session(void *arg) 519 { 520 struct hidp_session *session = arg; 521 struct sock *ctrl_sk = session->ctrl_sock->sk; 522 struct sock *intr_sk = session->intr_sock->sk; 523 struct sk_buff *skb; 524 int vendor = 0x0000, product = 0x0000; 525 wait_queue_t ctrl_wait, intr_wait; 526 527 BT_DBG("session %p", session); 528 529 if (session->input) { 530 vendor = session->input->id.vendor; 531 product = session->input->id.product; 532 } 533 534 if (session->hid) { 535 vendor = session->hid->vendor; 536 product = session->hid->product; 537 } 538 539 daemonize("khidpd_%04x%04x", vendor, product); 540 set_user_nice(current, -15); 541 542 init_waitqueue_entry(&ctrl_wait, current); 543 init_waitqueue_entry(&intr_wait, current); 544 add_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait); 545 add_wait_queue(intr_sk->sk_sleep, &intr_wait); 546 while (!atomic_read(&session->terminate)) { 547 set_current_state(TASK_INTERRUPTIBLE); 548 549 if (ctrl_sk->sk_state != BT_CONNECTED || intr_sk->sk_state != BT_CONNECTED) 550 break; 551 552 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) { 553 skb_orphan(skb); 554 hidp_recv_ctrl_frame(session, skb); 555 } 556 557 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) { 558 skb_orphan(skb); 559 hidp_recv_intr_frame(session, skb); 560 } 561 562 hidp_process_transmit(session); 563 564 schedule(); 565 } 566 set_current_state(TASK_RUNNING); 567 remove_wait_queue(intr_sk->sk_sleep, &intr_wait); 568 remove_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait); 569 570 down_write(&hidp_session_sem); 571 572 hidp_del_timer(session); 573 574 if (session->input) { 575 input_unregister_device(session->input); 576 session->input = NULL; 577 } 578 579 if (session->hid) { 580 if (session->hid->claimed & HID_CLAIMED_INPUT) 581 hidinput_disconnect(session->hid); 582 if (session->hid->claimed & HID_CLAIMED_HIDRAW) 583 hidraw_disconnect(session->hid); 584 585 hid_destroy_device(session->hid); 586 session->hid = NULL; 587 } 588 589 /* Wakeup user-space polling for socket errors */ 590 session->intr_sock->sk->sk_err = EUNATCH; 591 session->ctrl_sock->sk->sk_err = EUNATCH; 592 593 hidp_schedule(session); 594 595 fput(session->intr_sock->file); 596 597 wait_event_timeout(*(ctrl_sk->sk_sleep), 598 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500)); 599 600 fput(session->ctrl_sock->file); 601 602 __hidp_unlink_session(session); 603 604 up_write(&hidp_session_sem); 605 606 kfree(session); 607 return 0; 608 } 609 610 static struct device *hidp_get_device(struct hidp_session *session) 611 { 612 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src; 613 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst; 614 struct device *device = NULL; 615 struct hci_dev *hdev; 616 617 hdev = hci_get_route(dst, src); 618 if (!hdev) 619 return NULL; 620 621 session->conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 622 if (session->conn) 623 device = &session->conn->dev; 624 625 hci_dev_put(hdev); 626 627 return device; 628 } 629 630 static int hidp_setup_input(struct hidp_session *session, 631 struct hidp_connadd_req *req) 632 { 633 struct input_dev *input; 634 int err, i; 635 636 input = input_allocate_device(); 637 if (!input) 638 return -ENOMEM; 639 640 session->input = input; 641 642 input_set_drvdata(input, session); 643 644 input->name = "Bluetooth HID Boot Protocol Device"; 645 646 input->id.bustype = BUS_BLUETOOTH; 647 input->id.vendor = req->vendor; 648 input->id.product = req->product; 649 input->id.version = req->version; 650 651 if (req->subclass & 0x40) { 652 set_bit(EV_KEY, input->evbit); 653 set_bit(EV_LED, input->evbit); 654 set_bit(EV_REP, input->evbit); 655 656 set_bit(LED_NUML, input->ledbit); 657 set_bit(LED_CAPSL, input->ledbit); 658 set_bit(LED_SCROLLL, input->ledbit); 659 set_bit(LED_COMPOSE, input->ledbit); 660 set_bit(LED_KANA, input->ledbit); 661 662 for (i = 0; i < sizeof(hidp_keycode); i++) 663 set_bit(hidp_keycode[i], input->keybit); 664 clear_bit(0, input->keybit); 665 } 666 667 if (req->subclass & 0x80) { 668 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL); 669 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) | 670 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE); 671 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y); 672 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) | 673 BIT_MASK(BTN_EXTRA); 674 input->relbit[0] |= BIT_MASK(REL_WHEEL); 675 } 676 677 input->dev.parent = hidp_get_device(session); 678 679 input->event = hidp_input_event; 680 681 err = input_register_device(input); 682 if (err < 0) { 683 hci_conn_put_device(session->conn); 684 return err; 685 } 686 687 return 0; 688 } 689 690 static int hidp_open(struct hid_device *hid) 691 { 692 return 0; 693 } 694 695 static void hidp_close(struct hid_device *hid) 696 { 697 } 698 699 static int hidp_parse(struct hid_device *hid) 700 { 701 struct hidp_session *session = hid->driver_data; 702 struct hidp_connadd_req *req = session->req; 703 unsigned char *buf; 704 int ret; 705 706 buf = kmalloc(req->rd_size, GFP_KERNEL); 707 if (!buf) 708 return -ENOMEM; 709 710 if (copy_from_user(buf, req->rd_data, req->rd_size)) { 711 kfree(buf); 712 return -EFAULT; 713 } 714 715 ret = hid_parse_report(session->hid, buf, req->rd_size); 716 717 kfree(buf); 718 719 if (ret) 720 return ret; 721 722 session->req = NULL; 723 724 return 0; 725 } 726 727 static int hidp_start(struct hid_device *hid) 728 { 729 struct hidp_session *session = hid->driver_data; 730 struct hid_report *report; 731 732 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT]. 733 report_list, list) 734 hidp_send_report(session, report); 735 736 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT]. 737 report_list, list) 738 hidp_send_report(session, report); 739 740 return 0; 741 } 742 743 static void hidp_stop(struct hid_device *hid) 744 { 745 struct hidp_session *session = hid->driver_data; 746 747 skb_queue_purge(&session->ctrl_transmit); 748 skb_queue_purge(&session->intr_transmit); 749 750 if (hid->claimed & HID_CLAIMED_INPUT) 751 hidinput_disconnect(hid); 752 hid->claimed = 0; 753 } 754 755 static struct hid_ll_driver hidp_hid_driver = { 756 .parse = hidp_parse, 757 .start = hidp_start, 758 .stop = hidp_stop, 759 .open = hidp_open, 760 .close = hidp_close, 761 .hidinput_input_event = hidp_hidinput_event, 762 }; 763 764 static int hidp_setup_hid(struct hidp_session *session, 765 struct hidp_connadd_req *req) 766 { 767 struct hid_device *hid; 768 bdaddr_t src, dst; 769 int err; 770 771 hid = hid_allocate_device(); 772 if (IS_ERR(hid)) 773 return PTR_ERR(session->hid); 774 775 session->hid = hid; 776 session->req = req; 777 hid->driver_data = session; 778 779 baswap(&src, &bt_sk(session->ctrl_sock->sk)->src); 780 baswap(&dst, &bt_sk(session->ctrl_sock->sk)->dst); 781 782 hid->bus = BUS_BLUETOOTH; 783 hid->vendor = req->vendor; 784 hid->product = req->product; 785 hid->version = req->version; 786 hid->country = req->country; 787 788 strncpy(hid->name, req->name, 128); 789 strncpy(hid->phys, batostr(&src), 64); 790 strncpy(hid->uniq, batostr(&dst), 64); 791 792 hid->dev.parent = hidp_get_device(session); 793 hid->ll_driver = &hidp_hid_driver; 794 795 err = hid_add_device(hid); 796 if (err < 0) 797 goto failed; 798 799 return 0; 800 801 failed: 802 hid_destroy_device(hid); 803 session->hid = NULL; 804 805 return err; 806 } 807 808 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock) 809 { 810 struct hidp_session *session, *s; 811 int err; 812 813 BT_DBG(""); 814 815 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) || 816 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst)) 817 return -ENOTUNIQ; 818 819 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL); 820 if (!session) 821 return -ENOMEM; 822 823 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size); 824 825 down_write(&hidp_session_sem); 826 827 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst); 828 if (s && s->state == BT_CONNECTED) { 829 err = -EEXIST; 830 goto failed; 831 } 832 833 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst); 834 835 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu); 836 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu); 837 838 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu); 839 840 session->ctrl_sock = ctrl_sock; 841 session->intr_sock = intr_sock; 842 session->state = BT_CONNECTED; 843 844 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session); 845 846 skb_queue_head_init(&session->ctrl_transmit); 847 skb_queue_head_init(&session->intr_transmit); 848 849 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID); 850 session->idle_to = req->idle_to; 851 852 if (req->rd_size > 0) { 853 err = hidp_setup_hid(session, req); 854 if (err && err != -ENODEV) 855 goto purge; 856 } 857 858 if (!session->hid) { 859 err = hidp_setup_input(session, req); 860 if (err < 0) 861 goto purge; 862 } 863 864 __hidp_link_session(session); 865 866 hidp_set_timer(session); 867 868 err = kernel_thread(hidp_session, session, CLONE_KERNEL); 869 if (err < 0) 870 goto unlink; 871 872 if (session->input) { 873 hidp_send_ctrl_message(session, 874 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0); 875 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE); 876 877 session->leds = 0xff; 878 hidp_input_event(session->input, EV_LED, 0, 0); 879 } 880 881 up_write(&hidp_session_sem); 882 return 0; 883 884 unlink: 885 hidp_del_timer(session); 886 887 __hidp_unlink_session(session); 888 889 if (session->input) { 890 input_unregister_device(session->input); 891 session->input = NULL; 892 } 893 894 if (session->hid) { 895 hid_destroy_device(session->hid); 896 session->hid = NULL; 897 } 898 899 purge: 900 skb_queue_purge(&session->ctrl_transmit); 901 skb_queue_purge(&session->intr_transmit); 902 903 failed: 904 up_write(&hidp_session_sem); 905 906 input_free_device(session->input); 907 kfree(session); 908 return err; 909 } 910 911 int hidp_del_connection(struct hidp_conndel_req *req) 912 { 913 struct hidp_session *session; 914 int err = 0; 915 916 BT_DBG(""); 917 918 down_read(&hidp_session_sem); 919 920 session = __hidp_get_session(&req->bdaddr); 921 if (session) { 922 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) { 923 hidp_send_ctrl_message(session, 924 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0); 925 } else { 926 /* Flush the transmit queues */ 927 skb_queue_purge(&session->ctrl_transmit); 928 skb_queue_purge(&session->intr_transmit); 929 930 /* Wakeup user-space polling for socket errors */ 931 session->intr_sock->sk->sk_err = EUNATCH; 932 session->ctrl_sock->sk->sk_err = EUNATCH; 933 934 /* Kill session thread */ 935 atomic_inc(&session->terminate); 936 hidp_schedule(session); 937 } 938 } else 939 err = -ENOENT; 940 941 up_read(&hidp_session_sem); 942 return err; 943 } 944 945 int hidp_get_connlist(struct hidp_connlist_req *req) 946 { 947 struct list_head *p; 948 int err = 0, n = 0; 949 950 BT_DBG(""); 951 952 down_read(&hidp_session_sem); 953 954 list_for_each(p, &hidp_session_list) { 955 struct hidp_session *session; 956 struct hidp_conninfo ci; 957 958 session = list_entry(p, struct hidp_session, list); 959 960 __hidp_copy_session(session, &ci); 961 962 if (copy_to_user(req->ci, &ci, sizeof(ci))) { 963 err = -EFAULT; 964 break; 965 } 966 967 if (++n >= req->cnum) 968 break; 969 970 req->ci++; 971 } 972 req->cnum = n; 973 974 up_read(&hidp_session_sem); 975 return err; 976 } 977 978 int hidp_get_conninfo(struct hidp_conninfo *ci) 979 { 980 struct hidp_session *session; 981 int err = 0; 982 983 down_read(&hidp_session_sem); 984 985 session = __hidp_get_session(&ci->bdaddr); 986 if (session) 987 __hidp_copy_session(session, ci); 988 else 989 err = -ENOENT; 990 991 up_read(&hidp_session_sem); 992 return err; 993 } 994 995 static const struct hid_device_id hidp_table[] = { 996 { HID_BLUETOOTH_DEVICE(HID_ANY_ID, HID_ANY_ID) }, 997 { } 998 }; 999 1000 static struct hid_driver hidp_driver = { 1001 .name = "generic-bluetooth", 1002 .id_table = hidp_table, 1003 }; 1004 1005 static int __init hidp_init(void) 1006 { 1007 int ret; 1008 1009 l2cap_load(); 1010 1011 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION); 1012 1013 ret = hid_register_driver(&hidp_driver); 1014 if (ret) 1015 goto err; 1016 1017 ret = hidp_init_sockets(); 1018 if (ret) 1019 goto err_drv; 1020 1021 return 0; 1022 err_drv: 1023 hid_unregister_driver(&hidp_driver); 1024 err: 1025 return ret; 1026 } 1027 1028 static void __exit hidp_exit(void) 1029 { 1030 hidp_cleanup_sockets(); 1031 hid_unregister_driver(&hidp_driver); 1032 } 1033 1034 module_init(hidp_init); 1035 module_exit(hidp_exit); 1036 1037 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 1038 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION); 1039 MODULE_VERSION(VERSION); 1040 MODULE_LICENSE("GPL"); 1041 MODULE_ALIAS("bt-proto-6"); 1042