1 /* 2 HIDP implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org> 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License version 2 as 7 published by the Free Software Foundation; 8 9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 20 SOFTWARE IS DISCLAIMED. 21 */ 22 23 #include <linux/module.h> 24 25 #include <linux/types.h> 26 #include <linux/errno.h> 27 #include <linux/kernel.h> 28 #include <linux/sched.h> 29 #include <linux/slab.h> 30 #include <linux/poll.h> 31 #include <linux/freezer.h> 32 #include <linux/fcntl.h> 33 #include <linux/skbuff.h> 34 #include <linux/socket.h> 35 #include <linux/ioctl.h> 36 #include <linux/file.h> 37 #include <linux/init.h> 38 #include <linux/wait.h> 39 #include <linux/mutex.h> 40 #include <linux/kthread.h> 41 #include <net/sock.h> 42 43 #include <linux/input.h> 44 #include <linux/hid.h> 45 #include <linux/hidraw.h> 46 47 #include <net/bluetooth/bluetooth.h> 48 #include <net/bluetooth/hci_core.h> 49 #include <net/bluetooth/l2cap.h> 50 51 #include "hidp.h" 52 53 #define VERSION "1.2" 54 55 static DECLARE_RWSEM(hidp_session_sem); 56 static LIST_HEAD(hidp_session_list); 57 58 static unsigned char hidp_keycode[256] = { 59 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 60 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 61 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1, 62 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52, 63 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88, 64 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69, 65 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73, 66 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190, 67 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135, 68 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94, 69 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0, 70 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 71 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 72 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 73 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 74 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 75 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115, 76 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140 77 }; 78 79 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }; 80 81 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr) 82 { 83 struct hidp_session *session; 84 struct list_head *p; 85 86 BT_DBG(""); 87 88 list_for_each(p, &hidp_session_list) { 89 session = list_entry(p, struct hidp_session, list); 90 if (!bacmp(bdaddr, &session->bdaddr)) 91 return session; 92 } 93 return NULL; 94 } 95 96 static void __hidp_link_session(struct hidp_session *session) 97 { 98 __module_get(THIS_MODULE); 99 list_add(&session->list, &hidp_session_list); 100 101 hci_conn_hold_device(session->conn); 102 } 103 104 static void __hidp_unlink_session(struct hidp_session *session) 105 { 106 hci_conn_put_device(session->conn); 107 108 list_del(&session->list); 109 module_put(THIS_MODULE); 110 } 111 112 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci) 113 { 114 memset(ci, 0, sizeof(*ci)); 115 bacpy(&ci->bdaddr, &session->bdaddr); 116 117 ci->flags = session->flags; 118 ci->state = session->state; 119 120 ci->vendor = 0x0000; 121 ci->product = 0x0000; 122 ci->version = 0x0000; 123 124 if (session->input) { 125 ci->vendor = session->input->id.vendor; 126 ci->product = session->input->id.product; 127 ci->version = session->input->id.version; 128 if (session->input->name) 129 strncpy(ci->name, session->input->name, 128); 130 else 131 strncpy(ci->name, "HID Boot Device", 128); 132 } 133 134 if (session->hid) { 135 ci->vendor = session->hid->vendor; 136 ci->product = session->hid->product; 137 ci->version = session->hid->version; 138 strncpy(ci->name, session->hid->name, 128); 139 } 140 } 141 142 static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev, 143 unsigned int type, unsigned int code, int value) 144 { 145 unsigned char newleds; 146 struct sk_buff *skb; 147 148 BT_DBG("session %p type %d code %d value %d", session, type, code, value); 149 150 if (type != EV_LED) 151 return -1; 152 153 newleds = (!!test_bit(LED_KANA, dev->led) << 3) | 154 (!!test_bit(LED_COMPOSE, dev->led) << 3) | 155 (!!test_bit(LED_SCROLLL, dev->led) << 2) | 156 (!!test_bit(LED_CAPSL, dev->led) << 1) | 157 (!!test_bit(LED_NUML, dev->led)); 158 159 if (session->leds == newleds) 160 return 0; 161 162 session->leds = newleds; 163 164 skb = alloc_skb(3, GFP_ATOMIC); 165 if (!skb) { 166 BT_ERR("Can't allocate memory for new frame"); 167 return -ENOMEM; 168 } 169 170 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; 171 *skb_put(skb, 1) = 0x01; 172 *skb_put(skb, 1) = newleds; 173 174 skb_queue_tail(&session->intr_transmit, skb); 175 176 hidp_schedule(session); 177 178 return 0; 179 } 180 181 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 182 { 183 struct hid_device *hid = input_get_drvdata(dev); 184 struct hidp_session *session = hid->driver_data; 185 186 return hidp_queue_event(session, dev, type, code, value); 187 } 188 189 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 190 { 191 struct hidp_session *session = input_get_drvdata(dev); 192 193 return hidp_queue_event(session, dev, type, code, value); 194 } 195 196 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) 197 { 198 struct input_dev *dev = session->input; 199 unsigned char *keys = session->keys; 200 unsigned char *udata = skb->data + 1; 201 signed char *sdata = skb->data + 1; 202 int i, size = skb->len - 1; 203 204 switch (skb->data[0]) { 205 case 0x01: /* Keyboard report */ 206 for (i = 0; i < 8; i++) 207 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1); 208 209 /* If all the key codes have been set to 0x01, it means 210 * too many keys were pressed at the same time. */ 211 if (!memcmp(udata + 2, hidp_mkeyspat, 6)) 212 break; 213 214 for (i = 2; i < 8; i++) { 215 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) { 216 if (hidp_keycode[keys[i]]) 217 input_report_key(dev, hidp_keycode[keys[i]], 0); 218 else 219 BT_ERR("Unknown key (scancode %#x) released.", keys[i]); 220 } 221 222 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) { 223 if (hidp_keycode[udata[i]]) 224 input_report_key(dev, hidp_keycode[udata[i]], 1); 225 else 226 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]); 227 } 228 } 229 230 memcpy(keys, udata, 8); 231 break; 232 233 case 0x02: /* Mouse report */ 234 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01); 235 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02); 236 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04); 237 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08); 238 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10); 239 240 input_report_rel(dev, REL_X, sdata[1]); 241 input_report_rel(dev, REL_Y, sdata[2]); 242 243 if (size > 3) 244 input_report_rel(dev, REL_WHEEL, sdata[3]); 245 break; 246 } 247 248 input_sync(dev); 249 } 250 251 static int __hidp_send_ctrl_message(struct hidp_session *session, 252 unsigned char hdr, unsigned char *data, int size) 253 { 254 struct sk_buff *skb; 255 256 BT_DBG("session %p data %p size %d", session, data, size); 257 258 skb = alloc_skb(size + 1, GFP_ATOMIC); 259 if (!skb) { 260 BT_ERR("Can't allocate memory for new frame"); 261 return -ENOMEM; 262 } 263 264 *skb_put(skb, 1) = hdr; 265 if (data && size > 0) 266 memcpy(skb_put(skb, size), data, size); 267 268 skb_queue_tail(&session->ctrl_transmit, skb); 269 270 return 0; 271 } 272 273 static inline int hidp_send_ctrl_message(struct hidp_session *session, 274 unsigned char hdr, unsigned char *data, int size) 275 { 276 int err; 277 278 err = __hidp_send_ctrl_message(session, hdr, data, size); 279 280 hidp_schedule(session); 281 282 return err; 283 } 284 285 static int hidp_queue_report(struct hidp_session *session, 286 unsigned char *data, int size) 287 { 288 struct sk_buff *skb; 289 290 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size); 291 292 skb = alloc_skb(size + 1, GFP_ATOMIC); 293 if (!skb) { 294 BT_ERR("Can't allocate memory for new frame"); 295 return -ENOMEM; 296 } 297 298 *skb_put(skb, 1) = 0xa2; 299 if (size > 0) 300 memcpy(skb_put(skb, size), data, size); 301 302 skb_queue_tail(&session->intr_transmit, skb); 303 304 hidp_schedule(session); 305 306 return 0; 307 } 308 309 static int hidp_send_report(struct hidp_session *session, struct hid_report *report) 310 { 311 unsigned char buf[32]; 312 int rsize; 313 314 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0); 315 if (rsize > sizeof(buf)) 316 return -EIO; 317 318 hid_output_report(report, buf); 319 320 return hidp_queue_report(session, buf, rsize); 321 } 322 323 static int hidp_get_raw_report(struct hid_device *hid, 324 unsigned char report_number, 325 unsigned char *data, size_t count, 326 unsigned char report_type) 327 { 328 struct hidp_session *session = hid->driver_data; 329 struct sk_buff *skb; 330 size_t len; 331 int numbered_reports = hid->report_enum[report_type].numbered; 332 333 switch (report_type) { 334 case HID_FEATURE_REPORT: 335 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE; 336 break; 337 case HID_INPUT_REPORT: 338 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT; 339 break; 340 case HID_OUTPUT_REPORT: 341 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT; 342 break; 343 default: 344 return -EINVAL; 345 } 346 347 if (mutex_lock_interruptible(&session->report_mutex)) 348 return -ERESTARTSYS; 349 350 /* Set up our wait, and send the report request to the device. */ 351 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK; 352 session->waiting_report_number = numbered_reports ? report_number : -1; 353 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 354 data[0] = report_number; 355 if (hidp_send_ctrl_message(hid->driver_data, report_type, data, 1)) 356 goto err_eio; 357 358 /* Wait for the return of the report. The returned report 359 gets put in session->report_return. */ 360 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) { 361 int res; 362 363 res = wait_event_interruptible_timeout(session->report_queue, 364 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags), 365 5*HZ); 366 if (res == 0) { 367 /* timeout */ 368 goto err_eio; 369 } 370 if (res < 0) { 371 /* signal */ 372 goto err_restartsys; 373 } 374 } 375 376 skb = session->report_return; 377 if (skb) { 378 len = skb->len < count ? skb->len : count; 379 memcpy(data, skb->data, len); 380 381 kfree_skb(skb); 382 session->report_return = NULL; 383 } else { 384 /* Device returned a HANDSHAKE, indicating protocol error. */ 385 len = -EIO; 386 } 387 388 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 389 mutex_unlock(&session->report_mutex); 390 391 return len; 392 393 err_restartsys: 394 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 395 mutex_unlock(&session->report_mutex); 396 return -ERESTARTSYS; 397 err_eio: 398 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 399 mutex_unlock(&session->report_mutex); 400 return -EIO; 401 } 402 403 static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count, 404 unsigned char report_type) 405 { 406 struct hidp_session *session = hid->driver_data; 407 int ret; 408 409 switch (report_type) { 410 case HID_FEATURE_REPORT: 411 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE; 412 break; 413 case HID_OUTPUT_REPORT: 414 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT; 415 break; 416 default: 417 return -EINVAL; 418 } 419 420 if (mutex_lock_interruptible(&session->report_mutex)) 421 return -ERESTARTSYS; 422 423 /* Set up our wait, and send the report request to the device. */ 424 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); 425 if (hidp_send_ctrl_message(hid->driver_data, report_type, 426 data, count)) { 427 ret = -ENOMEM; 428 goto err; 429 } 430 431 /* Wait for the ACK from the device. */ 432 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) { 433 int res; 434 435 res = wait_event_interruptible_timeout(session->report_queue, 436 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags), 437 10*HZ); 438 if (res == 0) { 439 /* timeout */ 440 ret = -EIO; 441 goto err; 442 } 443 if (res < 0) { 444 /* signal */ 445 ret = -ERESTARTSYS; 446 goto err; 447 } 448 } 449 450 if (!session->output_report_success) { 451 ret = -EIO; 452 goto err; 453 } 454 455 ret = count; 456 457 err: 458 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); 459 mutex_unlock(&session->report_mutex); 460 return ret; 461 } 462 463 static void hidp_idle_timeout(unsigned long arg) 464 { 465 struct hidp_session *session = (struct hidp_session *) arg; 466 467 kthread_stop(session->task); 468 } 469 470 static void hidp_set_timer(struct hidp_session *session) 471 { 472 if (session->idle_to > 0) 473 mod_timer(&session->timer, jiffies + HZ * session->idle_to); 474 } 475 476 static inline void hidp_del_timer(struct hidp_session *session) 477 { 478 if (session->idle_to > 0) 479 del_timer(&session->timer); 480 } 481 482 static void hidp_process_handshake(struct hidp_session *session, 483 unsigned char param) 484 { 485 BT_DBG("session %p param 0x%02x", session, param); 486 session->output_report_success = 0; /* default condition */ 487 488 switch (param) { 489 case HIDP_HSHK_SUCCESSFUL: 490 /* FIXME: Call into SET_ GET_ handlers here */ 491 session->output_report_success = 1; 492 break; 493 494 case HIDP_HSHK_NOT_READY: 495 case HIDP_HSHK_ERR_INVALID_REPORT_ID: 496 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST: 497 case HIDP_HSHK_ERR_INVALID_PARAMETER: 498 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) { 499 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 500 wake_up_interruptible(&session->report_queue); 501 } 502 /* FIXME: Call into SET_ GET_ handlers here */ 503 break; 504 505 case HIDP_HSHK_ERR_UNKNOWN: 506 break; 507 508 case HIDP_HSHK_ERR_FATAL: 509 /* Device requests a reboot, as this is the only way this error 510 * can be recovered. */ 511 __hidp_send_ctrl_message(session, 512 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0); 513 break; 514 515 default: 516 __hidp_send_ctrl_message(session, 517 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 518 break; 519 } 520 521 /* Wake up the waiting thread. */ 522 if (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) { 523 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); 524 wake_up_interruptible(&session->report_queue); 525 } 526 } 527 528 static void hidp_process_hid_control(struct hidp_session *session, 529 unsigned char param) 530 { 531 BT_DBG("session %p param 0x%02x", session, param); 532 533 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) { 534 /* Flush the transmit queues */ 535 skb_queue_purge(&session->ctrl_transmit); 536 skb_queue_purge(&session->intr_transmit); 537 538 kthread_stop(session->task); 539 } 540 } 541 542 /* Returns true if the passed-in skb should be freed by the caller. */ 543 static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb, 544 unsigned char param) 545 { 546 int done_with_skb = 1; 547 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param); 548 549 switch (param) { 550 case HIDP_DATA_RTYPE_INPUT: 551 hidp_set_timer(session); 552 553 if (session->input) 554 hidp_input_report(session, skb); 555 556 if (session->hid) 557 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0); 558 break; 559 560 case HIDP_DATA_RTYPE_OTHER: 561 case HIDP_DATA_RTYPE_OUPUT: 562 case HIDP_DATA_RTYPE_FEATURE: 563 break; 564 565 default: 566 __hidp_send_ctrl_message(session, 567 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 568 } 569 570 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) && 571 param == session->waiting_report_type) { 572 if (session->waiting_report_number < 0 || 573 session->waiting_report_number == skb->data[0]) { 574 /* hidp_get_raw_report() is waiting on this report. */ 575 session->report_return = skb; 576 done_with_skb = 0; 577 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 578 wake_up_interruptible(&session->report_queue); 579 } 580 } 581 582 return done_with_skb; 583 } 584 585 static void hidp_recv_ctrl_frame(struct hidp_session *session, 586 struct sk_buff *skb) 587 { 588 unsigned char hdr, type, param; 589 int free_skb = 1; 590 591 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 592 593 hdr = skb->data[0]; 594 skb_pull(skb, 1); 595 596 type = hdr & HIDP_HEADER_TRANS_MASK; 597 param = hdr & HIDP_HEADER_PARAM_MASK; 598 599 switch (type) { 600 case HIDP_TRANS_HANDSHAKE: 601 hidp_process_handshake(session, param); 602 break; 603 604 case HIDP_TRANS_HID_CONTROL: 605 hidp_process_hid_control(session, param); 606 break; 607 608 case HIDP_TRANS_DATA: 609 free_skb = hidp_process_data(session, skb, param); 610 break; 611 612 default: 613 __hidp_send_ctrl_message(session, 614 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0); 615 break; 616 } 617 618 if (free_skb) 619 kfree_skb(skb); 620 } 621 622 static void hidp_recv_intr_frame(struct hidp_session *session, 623 struct sk_buff *skb) 624 { 625 unsigned char hdr; 626 627 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 628 629 hdr = skb->data[0]; 630 skb_pull(skb, 1); 631 632 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) { 633 hidp_set_timer(session); 634 635 if (session->input) 636 hidp_input_report(session, skb); 637 638 if (session->hid) { 639 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1); 640 BT_DBG("report len %d", skb->len); 641 } 642 } else { 643 BT_DBG("Unsupported protocol header 0x%02x", hdr); 644 } 645 646 kfree_skb(skb); 647 } 648 649 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len) 650 { 651 struct kvec iv = { data, len }; 652 struct msghdr msg; 653 654 BT_DBG("sock %p data %p len %d", sock, data, len); 655 656 if (!len) 657 return 0; 658 659 memset(&msg, 0, sizeof(msg)); 660 661 return kernel_sendmsg(sock, &msg, &iv, 1, len); 662 } 663 664 static void hidp_process_transmit(struct hidp_session *session) 665 { 666 struct sk_buff *skb; 667 668 BT_DBG("session %p", session); 669 670 while ((skb = skb_dequeue(&session->ctrl_transmit))) { 671 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) { 672 skb_queue_head(&session->ctrl_transmit, skb); 673 break; 674 } 675 676 hidp_set_timer(session); 677 kfree_skb(skb); 678 } 679 680 while ((skb = skb_dequeue(&session->intr_transmit))) { 681 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) { 682 skb_queue_head(&session->intr_transmit, skb); 683 break; 684 } 685 686 hidp_set_timer(session); 687 kfree_skb(skb); 688 } 689 } 690 691 static int hidp_session(void *arg) 692 { 693 struct hidp_session *session = arg; 694 struct sock *ctrl_sk = session->ctrl_sock->sk; 695 struct sock *intr_sk = session->intr_sock->sk; 696 struct sk_buff *skb; 697 wait_queue_t ctrl_wait, intr_wait; 698 699 BT_DBG("session %p", session); 700 701 set_user_nice(current, -15); 702 703 init_waitqueue_entry(&ctrl_wait, current); 704 init_waitqueue_entry(&intr_wait, current); 705 add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait); 706 add_wait_queue(sk_sleep(intr_sk), &intr_wait); 707 session->waiting_for_startup = 0; 708 wake_up_interruptible(&session->startup_queue); 709 while (!kthread_should_stop()) { 710 set_current_state(TASK_INTERRUPTIBLE); 711 712 if (ctrl_sk->sk_state != BT_CONNECTED || 713 intr_sk->sk_state != BT_CONNECTED) 714 break; 715 716 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) { 717 skb_orphan(skb); 718 hidp_recv_ctrl_frame(session, skb); 719 } 720 721 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) { 722 skb_orphan(skb); 723 hidp_recv_intr_frame(session, skb); 724 } 725 726 hidp_process_transmit(session); 727 728 schedule(); 729 } 730 set_current_state(TASK_RUNNING); 731 remove_wait_queue(sk_sleep(intr_sk), &intr_wait); 732 remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait); 733 734 down_write(&hidp_session_sem); 735 736 hidp_del_timer(session); 737 738 if (session->input) { 739 input_unregister_device(session->input); 740 session->input = NULL; 741 } 742 743 if (session->hid) { 744 hid_destroy_device(session->hid); 745 session->hid = NULL; 746 } 747 748 /* Wakeup user-space polling for socket errors */ 749 session->intr_sock->sk->sk_err = EUNATCH; 750 session->ctrl_sock->sk->sk_err = EUNATCH; 751 752 hidp_schedule(session); 753 754 fput(session->intr_sock->file); 755 756 wait_event_timeout(*(sk_sleep(ctrl_sk)), 757 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500)); 758 759 fput(session->ctrl_sock->file); 760 761 __hidp_unlink_session(session); 762 763 up_write(&hidp_session_sem); 764 765 kfree(session); 766 return 0; 767 } 768 769 static struct device *hidp_get_device(struct hidp_session *session) 770 { 771 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src; 772 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst; 773 struct device *device = NULL; 774 struct hci_dev *hdev; 775 776 hdev = hci_get_route(dst, src); 777 if (!hdev) 778 return NULL; 779 780 session->conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 781 if (session->conn) 782 device = &session->conn->dev; 783 784 hci_dev_put(hdev); 785 786 return device; 787 } 788 789 static int hidp_setup_input(struct hidp_session *session, 790 struct hidp_connadd_req *req) 791 { 792 struct input_dev *input; 793 int err, i; 794 795 input = input_allocate_device(); 796 if (!input) 797 return -ENOMEM; 798 799 session->input = input; 800 801 input_set_drvdata(input, session); 802 803 input->name = "Bluetooth HID Boot Protocol Device"; 804 805 input->id.bustype = BUS_BLUETOOTH; 806 input->id.vendor = req->vendor; 807 input->id.product = req->product; 808 input->id.version = req->version; 809 810 if (req->subclass & 0x40) { 811 set_bit(EV_KEY, input->evbit); 812 set_bit(EV_LED, input->evbit); 813 set_bit(EV_REP, input->evbit); 814 815 set_bit(LED_NUML, input->ledbit); 816 set_bit(LED_CAPSL, input->ledbit); 817 set_bit(LED_SCROLLL, input->ledbit); 818 set_bit(LED_COMPOSE, input->ledbit); 819 set_bit(LED_KANA, input->ledbit); 820 821 for (i = 0; i < sizeof(hidp_keycode); i++) 822 set_bit(hidp_keycode[i], input->keybit); 823 clear_bit(0, input->keybit); 824 } 825 826 if (req->subclass & 0x80) { 827 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL); 828 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) | 829 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE); 830 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y); 831 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) | 832 BIT_MASK(BTN_EXTRA); 833 input->relbit[0] |= BIT_MASK(REL_WHEEL); 834 } 835 836 input->dev.parent = hidp_get_device(session); 837 838 input->event = hidp_input_event; 839 840 err = input_register_device(input); 841 if (err < 0) { 842 hci_conn_put_device(session->conn); 843 return err; 844 } 845 846 return 0; 847 } 848 849 static int hidp_open(struct hid_device *hid) 850 { 851 return 0; 852 } 853 854 static void hidp_close(struct hid_device *hid) 855 { 856 } 857 858 static int hidp_parse(struct hid_device *hid) 859 { 860 struct hidp_session *session = hid->driver_data; 861 862 return hid_parse_report(session->hid, session->rd_data, 863 session->rd_size); 864 } 865 866 static int hidp_start(struct hid_device *hid) 867 { 868 struct hidp_session *session = hid->driver_data; 869 struct hid_report *report; 870 871 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT]. 872 report_list, list) 873 hidp_send_report(session, report); 874 875 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT]. 876 report_list, list) 877 hidp_send_report(session, report); 878 879 return 0; 880 } 881 882 static void hidp_stop(struct hid_device *hid) 883 { 884 struct hidp_session *session = hid->driver_data; 885 886 skb_queue_purge(&session->ctrl_transmit); 887 skb_queue_purge(&session->intr_transmit); 888 889 hid->claimed = 0; 890 } 891 892 static struct hid_ll_driver hidp_hid_driver = { 893 .parse = hidp_parse, 894 .start = hidp_start, 895 .stop = hidp_stop, 896 .open = hidp_open, 897 .close = hidp_close, 898 .hidinput_input_event = hidp_hidinput_event, 899 }; 900 901 /* This function sets up the hid device. It does not add it 902 to the HID system. That is done in hidp_add_connection(). */ 903 static int hidp_setup_hid(struct hidp_session *session, 904 struct hidp_connadd_req *req) 905 { 906 struct hid_device *hid; 907 int err; 908 909 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL); 910 if (!session->rd_data) 911 return -ENOMEM; 912 913 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) { 914 err = -EFAULT; 915 goto fault; 916 } 917 session->rd_size = req->rd_size; 918 919 hid = hid_allocate_device(); 920 if (IS_ERR(hid)) { 921 err = PTR_ERR(hid); 922 goto fault; 923 } 924 925 session->hid = hid; 926 927 hid->driver_data = session; 928 929 hid->bus = BUS_BLUETOOTH; 930 hid->vendor = req->vendor; 931 hid->product = req->product; 932 hid->version = req->version; 933 hid->country = req->country; 934 935 strncpy(hid->name, req->name, 128); 936 strncpy(hid->phys, batostr(&bt_sk(session->ctrl_sock->sk)->src), 64); 937 strncpy(hid->uniq, batostr(&bt_sk(session->ctrl_sock->sk)->dst), 64); 938 939 hid->dev.parent = hidp_get_device(session); 940 hid->ll_driver = &hidp_hid_driver; 941 942 hid->hid_get_raw_report = hidp_get_raw_report; 943 hid->hid_output_raw_report = hidp_output_raw_report; 944 945 return 0; 946 947 fault: 948 kfree(session->rd_data); 949 session->rd_data = NULL; 950 951 return err; 952 } 953 954 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock) 955 { 956 struct hidp_session *session, *s; 957 int vendor, product; 958 int err; 959 960 BT_DBG(""); 961 962 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) || 963 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst)) 964 return -ENOTUNIQ; 965 966 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL); 967 if (!session) 968 return -ENOMEM; 969 970 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size); 971 972 down_write(&hidp_session_sem); 973 974 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst); 975 if (s && s->state == BT_CONNECTED) { 976 err = -EEXIST; 977 goto failed; 978 } 979 980 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst); 981 982 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->chan->omtu, 983 l2cap_pi(ctrl_sock->sk)->chan->imtu); 984 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->chan->omtu, 985 l2cap_pi(intr_sock->sk)->chan->imtu); 986 987 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu); 988 989 session->ctrl_sock = ctrl_sock; 990 session->intr_sock = intr_sock; 991 session->state = BT_CONNECTED; 992 993 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session); 994 995 skb_queue_head_init(&session->ctrl_transmit); 996 skb_queue_head_init(&session->intr_transmit); 997 998 mutex_init(&session->report_mutex); 999 init_waitqueue_head(&session->report_queue); 1000 init_waitqueue_head(&session->startup_queue); 1001 session->waiting_for_startup = 1; 1002 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID); 1003 session->idle_to = req->idle_to; 1004 1005 if (req->rd_size > 0) { 1006 err = hidp_setup_hid(session, req); 1007 if (err && err != -ENODEV) 1008 goto purge; 1009 } 1010 1011 if (!session->hid) { 1012 err = hidp_setup_input(session, req); 1013 if (err < 0) 1014 goto purge; 1015 } 1016 1017 __hidp_link_session(session); 1018 1019 hidp_set_timer(session); 1020 1021 if (session->hid) { 1022 vendor = session->hid->vendor; 1023 product = session->hid->product; 1024 } else if (session->input) { 1025 vendor = session->input->id.vendor; 1026 product = session->input->id.product; 1027 } else { 1028 vendor = 0x0000; 1029 product = 0x0000; 1030 } 1031 1032 session->task = kthread_run(hidp_session, session, "khidpd_%04x%04x", 1033 vendor, product); 1034 if (IS_ERR(session->task)) { 1035 err = PTR_ERR(session->task); 1036 goto unlink; 1037 } 1038 1039 while (session->waiting_for_startup) { 1040 wait_event_interruptible(session->startup_queue, 1041 !session->waiting_for_startup); 1042 } 1043 1044 err = hid_add_device(session->hid); 1045 if (err < 0) 1046 goto err_add_device; 1047 1048 if (session->input) { 1049 hidp_send_ctrl_message(session, 1050 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0); 1051 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE); 1052 1053 session->leds = 0xff; 1054 hidp_input_event(session->input, EV_LED, 0, 0); 1055 } 1056 1057 up_write(&hidp_session_sem); 1058 return 0; 1059 1060 err_add_device: 1061 hid_destroy_device(session->hid); 1062 session->hid = NULL; 1063 kthread_stop(session->task); 1064 1065 unlink: 1066 hidp_del_timer(session); 1067 1068 __hidp_unlink_session(session); 1069 1070 if (session->input) { 1071 input_unregister_device(session->input); 1072 session->input = NULL; 1073 } 1074 1075 if (session->hid) { 1076 hid_destroy_device(session->hid); 1077 session->hid = NULL; 1078 } 1079 1080 kfree(session->rd_data); 1081 session->rd_data = NULL; 1082 1083 purge: 1084 skb_queue_purge(&session->ctrl_transmit); 1085 skb_queue_purge(&session->intr_transmit); 1086 1087 failed: 1088 up_write(&hidp_session_sem); 1089 1090 input_free_device(session->input); 1091 kfree(session); 1092 return err; 1093 } 1094 1095 int hidp_del_connection(struct hidp_conndel_req *req) 1096 { 1097 struct hidp_session *session; 1098 int err = 0; 1099 1100 BT_DBG(""); 1101 1102 down_read(&hidp_session_sem); 1103 1104 session = __hidp_get_session(&req->bdaddr); 1105 if (session) { 1106 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) { 1107 hidp_send_ctrl_message(session, 1108 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0); 1109 } else { 1110 /* Flush the transmit queues */ 1111 skb_queue_purge(&session->ctrl_transmit); 1112 skb_queue_purge(&session->intr_transmit); 1113 1114 kthread_stop(session->task); 1115 } 1116 } else 1117 err = -ENOENT; 1118 1119 up_read(&hidp_session_sem); 1120 return err; 1121 } 1122 1123 int hidp_get_connlist(struct hidp_connlist_req *req) 1124 { 1125 struct list_head *p; 1126 int err = 0, n = 0; 1127 1128 BT_DBG(""); 1129 1130 down_read(&hidp_session_sem); 1131 1132 list_for_each(p, &hidp_session_list) { 1133 struct hidp_session *session; 1134 struct hidp_conninfo ci; 1135 1136 session = list_entry(p, struct hidp_session, list); 1137 1138 __hidp_copy_session(session, &ci); 1139 1140 if (copy_to_user(req->ci, &ci, sizeof(ci))) { 1141 err = -EFAULT; 1142 break; 1143 } 1144 1145 if (++n >= req->cnum) 1146 break; 1147 1148 req->ci++; 1149 } 1150 req->cnum = n; 1151 1152 up_read(&hidp_session_sem); 1153 return err; 1154 } 1155 1156 int hidp_get_conninfo(struct hidp_conninfo *ci) 1157 { 1158 struct hidp_session *session; 1159 int err = 0; 1160 1161 down_read(&hidp_session_sem); 1162 1163 session = __hidp_get_session(&ci->bdaddr); 1164 if (session) 1165 __hidp_copy_session(session, ci); 1166 else 1167 err = -ENOENT; 1168 1169 up_read(&hidp_session_sem); 1170 return err; 1171 } 1172 1173 static const struct hid_device_id hidp_table[] = { 1174 { HID_BLUETOOTH_DEVICE(HID_ANY_ID, HID_ANY_ID) }, 1175 { } 1176 }; 1177 1178 static struct hid_driver hidp_driver = { 1179 .name = "generic-bluetooth", 1180 .id_table = hidp_table, 1181 }; 1182 1183 static int __init hidp_init(void) 1184 { 1185 int ret; 1186 1187 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION); 1188 1189 ret = hid_register_driver(&hidp_driver); 1190 if (ret) 1191 goto err; 1192 1193 ret = hidp_init_sockets(); 1194 if (ret) 1195 goto err_drv; 1196 1197 return 0; 1198 err_drv: 1199 hid_unregister_driver(&hidp_driver); 1200 err: 1201 return ret; 1202 } 1203 1204 static void __exit hidp_exit(void) 1205 { 1206 hidp_cleanup_sockets(); 1207 hid_unregister_driver(&hidp_driver); 1208 } 1209 1210 module_init(hidp_init); 1211 module_exit(hidp_exit); 1212 1213 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 1214 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION); 1215 MODULE_VERSION(VERSION); 1216 MODULE_LICENSE("GPL"); 1217 MODULE_ALIAS("bt-proto-6"); 1218