1 /* 2 HIDP implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org> 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License version 2 as 7 published by the Free Software Foundation; 8 9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 20 SOFTWARE IS DISCLAIMED. 21 */ 22 23 #include <linux/module.h> 24 25 #include <linux/types.h> 26 #include <linux/errno.h> 27 #include <linux/kernel.h> 28 #include <linux/sched.h> 29 #include <linux/slab.h> 30 #include <linux/poll.h> 31 #include <linux/freezer.h> 32 #include <linux/fcntl.h> 33 #include <linux/skbuff.h> 34 #include <linux/socket.h> 35 #include <linux/ioctl.h> 36 #include <linux/file.h> 37 #include <linux/init.h> 38 #include <linux/wait.h> 39 #include <net/sock.h> 40 41 #include <linux/input.h> 42 #include <linux/hid.h> 43 44 #include <net/bluetooth/bluetooth.h> 45 #include <net/bluetooth/hci_core.h> 46 #include <net/bluetooth/l2cap.h> 47 48 #include "hidp.h" 49 50 #ifndef CONFIG_BT_HIDP_DEBUG 51 #undef BT_DBG 52 #define BT_DBG(D...) 53 #endif 54 55 #define VERSION "1.2" 56 57 static DECLARE_RWSEM(hidp_session_sem); 58 static LIST_HEAD(hidp_session_list); 59 60 static unsigned char hidp_keycode[256] = { 61 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 37, 38, 62 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 21, 44, 2, 3, 63 4, 5, 6, 7, 8, 9, 10, 11, 28, 1, 14, 15, 57, 12, 13, 26, 64 27, 43, 43, 39, 40, 41, 51, 52, 53, 58, 59, 60, 61, 62, 63, 64, 65 65, 66, 67, 68, 87, 88, 99, 70,119,110,102,104,111,107,109,106, 66 105,108,103, 69, 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 67 72, 73, 82, 83, 86,127,116,117,183,184,185,186,187,188,189,190, 68 191,192,193,194,134,138,130,132,128,129,131,137,133,135,136,113, 69 115,114, 0, 0, 0,121, 0, 89, 93,124, 92, 94, 95, 0, 0, 0, 70 122,123, 90, 91, 85, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 71 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 72 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 73 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 74 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 75 29, 42, 56,125, 97, 54,100,126,164,166,165,163,161,115,114,113, 76 150,158,159,128,136,177,178,176,142,152,173,140 77 }; 78 79 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }; 80 81 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr) 82 { 83 struct hidp_session *session; 84 struct list_head *p; 85 86 BT_DBG(""); 87 88 list_for_each(p, &hidp_session_list) { 89 session = list_entry(p, struct hidp_session, list); 90 if (!bacmp(bdaddr, &session->bdaddr)) 91 return session; 92 } 93 return NULL; 94 } 95 96 static void __hidp_link_session(struct hidp_session *session) 97 { 98 __module_get(THIS_MODULE); 99 list_add(&session->list, &hidp_session_list); 100 } 101 102 static void __hidp_unlink_session(struct hidp_session *session) 103 { 104 list_del(&session->list); 105 module_put(THIS_MODULE); 106 } 107 108 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci) 109 { 110 bacpy(&ci->bdaddr, &session->bdaddr); 111 112 ci->flags = session->flags; 113 ci->state = session->state; 114 115 ci->vendor = 0x0000; 116 ci->product = 0x0000; 117 ci->version = 0x0000; 118 memset(ci->name, 0, 128); 119 120 if (session->input) { 121 ci->vendor = session->input->id.vendor; 122 ci->product = session->input->id.product; 123 ci->version = session->input->id.version; 124 if (session->input->name) 125 strncpy(ci->name, session->input->name, 128); 126 else 127 strncpy(ci->name, "HID Boot Device", 128); 128 } 129 130 if (session->hid) { 131 ci->vendor = session->hid->vendor; 132 ci->product = session->hid->product; 133 ci->version = session->hid->version; 134 strncpy(ci->name, session->hid->name, 128); 135 } 136 } 137 138 static inline int hidp_queue_event(struct hidp_session *session, struct input_dev *dev, 139 unsigned int type, unsigned int code, int value) 140 { 141 unsigned char newleds; 142 struct sk_buff *skb; 143 144 BT_DBG("session %p type %d code %d value %d", session, type, code, value); 145 146 if (type != EV_LED) 147 return -1; 148 149 newleds = (!!test_bit(LED_KANA, dev->led) << 3) | 150 (!!test_bit(LED_COMPOSE, dev->led) << 3) | 151 (!!test_bit(LED_SCROLLL, dev->led) << 2) | 152 (!!test_bit(LED_CAPSL, dev->led) << 1) | 153 (!!test_bit(LED_NUML, dev->led)); 154 155 if (session->leds == newleds) 156 return 0; 157 158 session->leds = newleds; 159 160 if (!(skb = alloc_skb(3, GFP_ATOMIC))) { 161 BT_ERR("Can't allocate memory for new frame"); 162 return -ENOMEM; 163 } 164 165 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; 166 *skb_put(skb, 1) = 0x01; 167 *skb_put(skb, 1) = newleds; 168 169 skb_queue_tail(&session->intr_transmit, skb); 170 171 hidp_schedule(session); 172 173 return 0; 174 } 175 176 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 177 { 178 struct hid_device *hid = input_get_drvdata(dev); 179 struct hidp_session *session = hid->driver_data; 180 181 return hidp_queue_event(session, dev, type, code, value); 182 } 183 184 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 185 { 186 struct hidp_session *session = input_get_drvdata(dev); 187 188 return hidp_queue_event(session, dev, type, code, value); 189 } 190 191 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) 192 { 193 struct input_dev *dev = session->input; 194 unsigned char *keys = session->keys; 195 unsigned char *udata = skb->data + 1; 196 signed char *sdata = skb->data + 1; 197 int i, size = skb->len - 1; 198 199 switch (skb->data[0]) { 200 case 0x01: /* Keyboard report */ 201 for (i = 0; i < 8; i++) 202 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1); 203 204 /* If all the key codes have been set to 0x01, it means 205 * too many keys were pressed at the same time. */ 206 if (!memcmp(udata + 2, hidp_mkeyspat, 6)) 207 break; 208 209 for (i = 2; i < 8; i++) { 210 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) { 211 if (hidp_keycode[keys[i]]) 212 input_report_key(dev, hidp_keycode[keys[i]], 0); 213 else 214 BT_ERR("Unknown key (scancode %#x) released.", keys[i]); 215 } 216 217 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) { 218 if (hidp_keycode[udata[i]]) 219 input_report_key(dev, hidp_keycode[udata[i]], 1); 220 else 221 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]); 222 } 223 } 224 225 memcpy(keys, udata, 8); 226 break; 227 228 case 0x02: /* Mouse report */ 229 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01); 230 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02); 231 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04); 232 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08); 233 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10); 234 235 input_report_rel(dev, REL_X, sdata[1]); 236 input_report_rel(dev, REL_Y, sdata[2]); 237 238 if (size > 3) 239 input_report_rel(dev, REL_WHEEL, sdata[3]); 240 break; 241 } 242 243 input_sync(dev); 244 } 245 246 static inline int hidp_queue_report(struct hidp_session *session, unsigned char *data, int size) 247 { 248 struct sk_buff *skb; 249 250 BT_DBG("session %p hid %p data %p size %d", session, device, data, size); 251 252 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) { 253 BT_ERR("Can't allocate memory for new frame"); 254 return -ENOMEM; 255 } 256 257 *skb_put(skb, 1) = 0xa2; 258 if (size > 0) 259 memcpy(skb_put(skb, size), data, size); 260 261 skb_queue_tail(&session->intr_transmit, skb); 262 263 hidp_schedule(session); 264 265 return 0; 266 } 267 268 static int hidp_send_report(struct hidp_session *session, struct hid_report *report) 269 { 270 unsigned char buf[32]; 271 int rsize; 272 273 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0); 274 if (rsize > sizeof(buf)) 275 return -EIO; 276 277 hid_output_report(report, buf); 278 279 return hidp_queue_report(session, buf, rsize); 280 } 281 282 static void hidp_idle_timeout(unsigned long arg) 283 { 284 struct hidp_session *session = (struct hidp_session *) arg; 285 286 atomic_inc(&session->terminate); 287 hidp_schedule(session); 288 } 289 290 static inline void hidp_set_timer(struct hidp_session *session) 291 { 292 if (session->idle_to > 0) 293 mod_timer(&session->timer, jiffies + HZ * session->idle_to); 294 } 295 296 static inline void hidp_del_timer(struct hidp_session *session) 297 { 298 if (session->idle_to > 0) 299 del_timer(&session->timer); 300 } 301 302 static int __hidp_send_ctrl_message(struct hidp_session *session, 303 unsigned char hdr, unsigned char *data, int size) 304 { 305 struct sk_buff *skb; 306 307 BT_DBG("session %p data %p size %d", session, data, size); 308 309 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) { 310 BT_ERR("Can't allocate memory for new frame"); 311 return -ENOMEM; 312 } 313 314 *skb_put(skb, 1) = hdr; 315 if (data && size > 0) 316 memcpy(skb_put(skb, size), data, size); 317 318 skb_queue_tail(&session->ctrl_transmit, skb); 319 320 return 0; 321 } 322 323 static inline int hidp_send_ctrl_message(struct hidp_session *session, 324 unsigned char hdr, unsigned char *data, int size) 325 { 326 int err; 327 328 err = __hidp_send_ctrl_message(session, hdr, data, size); 329 330 hidp_schedule(session); 331 332 return err; 333 } 334 335 static inline void hidp_process_handshake(struct hidp_session *session, unsigned char param) 336 { 337 BT_DBG("session %p param 0x%02x", session, param); 338 339 switch (param) { 340 case HIDP_HSHK_SUCCESSFUL: 341 /* FIXME: Call into SET_ GET_ handlers here */ 342 break; 343 344 case HIDP_HSHK_NOT_READY: 345 case HIDP_HSHK_ERR_INVALID_REPORT_ID: 346 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST: 347 case HIDP_HSHK_ERR_INVALID_PARAMETER: 348 /* FIXME: Call into SET_ GET_ handlers here */ 349 break; 350 351 case HIDP_HSHK_ERR_UNKNOWN: 352 break; 353 354 case HIDP_HSHK_ERR_FATAL: 355 /* Device requests a reboot, as this is the only way this error 356 * can be recovered. */ 357 __hidp_send_ctrl_message(session, 358 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0); 359 break; 360 361 default: 362 __hidp_send_ctrl_message(session, 363 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 364 break; 365 } 366 } 367 368 static inline void hidp_process_hid_control(struct hidp_session *session, unsigned char param) 369 { 370 BT_DBG("session %p param 0x%02x", session, param); 371 372 switch (param) { 373 case HIDP_CTRL_NOP: 374 break; 375 376 case HIDP_CTRL_VIRTUAL_CABLE_UNPLUG: 377 /* Flush the transmit queues */ 378 skb_queue_purge(&session->ctrl_transmit); 379 skb_queue_purge(&session->intr_transmit); 380 381 /* Kill session thread */ 382 atomic_inc(&session->terminate); 383 break; 384 385 case HIDP_CTRL_HARD_RESET: 386 case HIDP_CTRL_SOFT_RESET: 387 case HIDP_CTRL_SUSPEND: 388 case HIDP_CTRL_EXIT_SUSPEND: 389 /* FIXME: We have to parse these and return no error */ 390 break; 391 392 default: 393 __hidp_send_ctrl_message(session, 394 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 395 break; 396 } 397 } 398 399 static inline void hidp_process_data(struct hidp_session *session, struct sk_buff *skb, unsigned char param) 400 { 401 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param); 402 403 switch (param) { 404 case HIDP_DATA_RTYPE_INPUT: 405 hidp_set_timer(session); 406 407 if (session->input) 408 hidp_input_report(session, skb); 409 410 if (session->hid) 411 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0); 412 413 break; 414 415 case HIDP_DATA_RTYPE_OTHER: 416 case HIDP_DATA_RTYPE_OUPUT: 417 case HIDP_DATA_RTYPE_FEATURE: 418 break; 419 420 default: 421 __hidp_send_ctrl_message(session, 422 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 423 } 424 } 425 426 static inline void hidp_recv_ctrl_frame(struct hidp_session *session, struct sk_buff *skb) 427 { 428 unsigned char hdr, type, param; 429 430 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 431 432 hdr = skb->data[0]; 433 skb_pull(skb, 1); 434 435 type = hdr & HIDP_HEADER_TRANS_MASK; 436 param = hdr & HIDP_HEADER_PARAM_MASK; 437 438 switch (type) { 439 case HIDP_TRANS_HANDSHAKE: 440 hidp_process_handshake(session, param); 441 break; 442 443 case HIDP_TRANS_HID_CONTROL: 444 hidp_process_hid_control(session, param); 445 break; 446 447 case HIDP_TRANS_DATA: 448 hidp_process_data(session, skb, param); 449 break; 450 451 default: 452 __hidp_send_ctrl_message(session, 453 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0); 454 break; 455 } 456 457 kfree_skb(skb); 458 } 459 460 static inline void hidp_recv_intr_frame(struct hidp_session *session, struct sk_buff *skb) 461 { 462 unsigned char hdr; 463 464 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 465 466 hdr = skb->data[0]; 467 skb_pull(skb, 1); 468 469 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) { 470 hidp_set_timer(session); 471 472 if (session->input) 473 hidp_input_report(session, skb); 474 475 if (session->hid) { 476 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1); 477 BT_DBG("report len %d", skb->len); 478 } 479 } else { 480 BT_DBG("Unsupported protocol header 0x%02x", hdr); 481 } 482 483 kfree_skb(skb); 484 } 485 486 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len) 487 { 488 struct kvec iv = { data, len }; 489 struct msghdr msg; 490 491 BT_DBG("sock %p data %p len %d", sock, data, len); 492 493 if (!len) 494 return 0; 495 496 memset(&msg, 0, sizeof(msg)); 497 498 return kernel_sendmsg(sock, &msg, &iv, 1, len); 499 } 500 501 static void hidp_process_transmit(struct hidp_session *session) 502 { 503 struct sk_buff *skb; 504 505 BT_DBG("session %p", session); 506 507 while ((skb = skb_dequeue(&session->ctrl_transmit))) { 508 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) { 509 skb_queue_head(&session->ctrl_transmit, skb); 510 break; 511 } 512 513 hidp_set_timer(session); 514 kfree_skb(skb); 515 } 516 517 while ((skb = skb_dequeue(&session->intr_transmit))) { 518 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) { 519 skb_queue_head(&session->intr_transmit, skb); 520 break; 521 } 522 523 hidp_set_timer(session); 524 kfree_skb(skb); 525 } 526 } 527 528 static int hidp_session(void *arg) 529 { 530 struct hidp_session *session = arg; 531 struct sock *ctrl_sk = session->ctrl_sock->sk; 532 struct sock *intr_sk = session->intr_sock->sk; 533 struct sk_buff *skb; 534 int vendor = 0x0000, product = 0x0000; 535 wait_queue_t ctrl_wait, intr_wait; 536 537 BT_DBG("session %p", session); 538 539 if (session->input) { 540 vendor = session->input->id.vendor; 541 product = session->input->id.product; 542 } 543 544 if (session->hid) { 545 vendor = session->hid->vendor; 546 product = session->hid->product; 547 } 548 549 daemonize("khidpd_%04x%04x", vendor, product); 550 set_user_nice(current, -15); 551 552 init_waitqueue_entry(&ctrl_wait, current); 553 init_waitqueue_entry(&intr_wait, current); 554 add_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait); 555 add_wait_queue(intr_sk->sk_sleep, &intr_wait); 556 while (!atomic_read(&session->terminate)) { 557 set_current_state(TASK_INTERRUPTIBLE); 558 559 if (ctrl_sk->sk_state != BT_CONNECTED || intr_sk->sk_state != BT_CONNECTED) 560 break; 561 562 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) { 563 skb_orphan(skb); 564 hidp_recv_ctrl_frame(session, skb); 565 } 566 567 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) { 568 skb_orphan(skb); 569 hidp_recv_intr_frame(session, skb); 570 } 571 572 hidp_process_transmit(session); 573 574 schedule(); 575 } 576 set_current_state(TASK_RUNNING); 577 remove_wait_queue(intr_sk->sk_sleep, &intr_wait); 578 remove_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait); 579 580 down_write(&hidp_session_sem); 581 582 hidp_del_timer(session); 583 584 if (session->input) { 585 input_unregister_device(session->input); 586 session->input = NULL; 587 } 588 589 if (session->hid) { 590 if (session->hid->claimed & HID_CLAIMED_INPUT) 591 hidinput_disconnect(session->hid); 592 hid_free_device(session->hid); 593 } 594 595 fput(session->intr_sock->file); 596 597 wait_event_timeout(*(ctrl_sk->sk_sleep), 598 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500)); 599 600 fput(session->ctrl_sock->file); 601 602 __hidp_unlink_session(session); 603 604 up_write(&hidp_session_sem); 605 606 kfree(session); 607 return 0; 608 } 609 610 static struct device *hidp_get_device(struct hidp_session *session) 611 { 612 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src; 613 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst; 614 struct hci_dev *hdev; 615 struct hci_conn *conn; 616 617 hdev = hci_get_route(dst, src); 618 if (!hdev) 619 return NULL; 620 621 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 622 623 hci_dev_put(hdev); 624 625 return conn ? &conn->dev : NULL; 626 } 627 628 static inline int hidp_setup_input(struct hidp_session *session, struct hidp_connadd_req *req) 629 { 630 struct input_dev *input = session->input; 631 int i; 632 633 input_set_drvdata(input, session); 634 635 input->name = "Bluetooth HID Boot Protocol Device"; 636 637 input->id.bustype = BUS_BLUETOOTH; 638 input->id.vendor = req->vendor; 639 input->id.product = req->product; 640 input->id.version = req->version; 641 642 if (req->subclass & 0x40) { 643 set_bit(EV_KEY, input->evbit); 644 set_bit(EV_LED, input->evbit); 645 set_bit(EV_REP, input->evbit); 646 647 set_bit(LED_NUML, input->ledbit); 648 set_bit(LED_CAPSL, input->ledbit); 649 set_bit(LED_SCROLLL, input->ledbit); 650 set_bit(LED_COMPOSE, input->ledbit); 651 set_bit(LED_KANA, input->ledbit); 652 653 for (i = 0; i < sizeof(hidp_keycode); i++) 654 set_bit(hidp_keycode[i], input->keybit); 655 clear_bit(0, input->keybit); 656 } 657 658 if (req->subclass & 0x80) { 659 input->evbit[0] = BIT(EV_KEY) | BIT(EV_REL); 660 input->keybit[LONG(BTN_MOUSE)] = BIT(BTN_LEFT) | BIT(BTN_RIGHT) | BIT(BTN_MIDDLE); 661 input->relbit[0] = BIT(REL_X) | BIT(REL_Y); 662 input->keybit[LONG(BTN_MOUSE)] |= BIT(BTN_SIDE) | BIT(BTN_EXTRA); 663 input->relbit[0] |= BIT(REL_WHEEL); 664 } 665 666 input->dev.parent = hidp_get_device(session); 667 668 input->event = hidp_input_event; 669 670 return input_register_device(input); 671 } 672 673 static int hidp_open(struct hid_device *hid) 674 { 675 return 0; 676 } 677 678 static void hidp_close(struct hid_device *hid) 679 { 680 } 681 682 static const struct { 683 __u16 idVendor; 684 __u16 idProduct; 685 unsigned quirks; 686 } hidp_blacklist[] = { 687 /* Apple wireless Mighty Mouse */ 688 { 0x05ac, 0x030c, HID_QUIRK_MIGHTYMOUSE | HID_QUIRK_INVERT_HWHEEL }, 689 690 { } /* Terminating entry */ 691 }; 692 693 static void hidp_setup_quirks(struct hid_device *hid) 694 { 695 unsigned int n; 696 697 for (n = 0; hidp_blacklist[n].idVendor; n++) 698 if (hidp_blacklist[n].idVendor == le16_to_cpu(hid->vendor) && 699 hidp_blacklist[n].idProduct == le16_to_cpu(hid->product)) 700 hid->quirks = hidp_blacklist[n].quirks; 701 } 702 703 static inline void hidp_setup_hid(struct hidp_session *session, struct hidp_connadd_req *req) 704 { 705 struct hid_device *hid = session->hid; 706 struct hid_report *report; 707 bdaddr_t src, dst; 708 709 baswap(&src, &bt_sk(session->ctrl_sock->sk)->src); 710 baswap(&dst, &bt_sk(session->ctrl_sock->sk)->dst); 711 712 hid->driver_data = session; 713 714 hid->country = req->country; 715 716 hid->bus = BUS_BLUETOOTH; 717 hid->vendor = req->vendor; 718 hid->product = req->product; 719 hid->version = req->version; 720 721 strncpy(hid->name, req->name, 128); 722 strncpy(hid->phys, batostr(&src), 64); 723 strncpy(hid->uniq, batostr(&dst), 64); 724 725 hid->dev = hidp_get_device(session); 726 727 hid->hid_open = hidp_open; 728 hid->hid_close = hidp_close; 729 730 hid->hidinput_input_event = hidp_hidinput_event; 731 732 hidp_setup_quirks(hid); 733 734 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].report_list, list) 735 hidp_send_report(session, report); 736 737 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].report_list, list) 738 hidp_send_report(session, report); 739 740 if (hidinput_connect(hid) == 0) 741 hid->claimed |= HID_CLAIMED_INPUT; 742 } 743 744 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock) 745 { 746 struct hidp_session *session, *s; 747 int err; 748 749 BT_DBG(""); 750 751 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) || 752 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst)) 753 return -ENOTUNIQ; 754 755 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL); 756 if (!session) 757 return -ENOMEM; 758 759 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size); 760 761 if (req->rd_size > 0) { 762 unsigned char *buf = kmalloc(req->rd_size, GFP_KERNEL); 763 764 if (!buf) { 765 kfree(session); 766 return -ENOMEM; 767 } 768 769 if (copy_from_user(buf, req->rd_data, req->rd_size)) { 770 kfree(buf); 771 kfree(session); 772 return -EFAULT; 773 } 774 775 session->hid = hid_parse_report(buf, req->rd_size); 776 777 kfree(buf); 778 779 if (!session->hid) { 780 kfree(session); 781 return -EINVAL; 782 } 783 } 784 785 if (!session->hid) { 786 session->input = input_allocate_device(); 787 if (!session->input) { 788 kfree(session); 789 return -ENOMEM; 790 } 791 } 792 793 down_write(&hidp_session_sem); 794 795 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst); 796 if (s && s->state == BT_CONNECTED) { 797 err = -EEXIST; 798 goto failed; 799 } 800 801 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst); 802 803 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu); 804 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu); 805 806 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu); 807 808 session->ctrl_sock = ctrl_sock; 809 session->intr_sock = intr_sock; 810 session->state = BT_CONNECTED; 811 812 init_timer(&session->timer); 813 814 session->timer.function = hidp_idle_timeout; 815 session->timer.data = (unsigned long) session; 816 817 skb_queue_head_init(&session->ctrl_transmit); 818 skb_queue_head_init(&session->intr_transmit); 819 820 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID); 821 session->idle_to = req->idle_to; 822 823 if (session->input) { 824 err = hidp_setup_input(session, req); 825 if (err < 0) 826 goto failed; 827 } 828 829 if (session->hid) 830 hidp_setup_hid(session, req); 831 832 __hidp_link_session(session); 833 834 hidp_set_timer(session); 835 836 err = kernel_thread(hidp_session, session, CLONE_KERNEL); 837 if (err < 0) 838 goto unlink; 839 840 if (session->input) { 841 hidp_send_ctrl_message(session, 842 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0); 843 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE); 844 845 session->leds = 0xff; 846 hidp_input_event(session->input, EV_LED, 0, 0); 847 } 848 849 up_write(&hidp_session_sem); 850 return 0; 851 852 unlink: 853 hidp_del_timer(session); 854 855 __hidp_unlink_session(session); 856 857 if (session->input) { 858 input_unregister_device(session->input); 859 session->input = NULL; /* don't try to free it here */ 860 } 861 862 failed: 863 up_write(&hidp_session_sem); 864 865 if (session->hid) 866 hid_free_device(session->hid); 867 868 input_free_device(session->input); 869 kfree(session); 870 return err; 871 } 872 873 int hidp_del_connection(struct hidp_conndel_req *req) 874 { 875 struct hidp_session *session; 876 int err = 0; 877 878 BT_DBG(""); 879 880 down_read(&hidp_session_sem); 881 882 session = __hidp_get_session(&req->bdaddr); 883 if (session) { 884 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) { 885 hidp_send_ctrl_message(session, 886 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0); 887 } else { 888 /* Flush the transmit queues */ 889 skb_queue_purge(&session->ctrl_transmit); 890 skb_queue_purge(&session->intr_transmit); 891 892 /* Kill session thread */ 893 atomic_inc(&session->terminate); 894 hidp_schedule(session); 895 } 896 } else 897 err = -ENOENT; 898 899 up_read(&hidp_session_sem); 900 return err; 901 } 902 903 int hidp_get_connlist(struct hidp_connlist_req *req) 904 { 905 struct list_head *p; 906 int err = 0, n = 0; 907 908 BT_DBG(""); 909 910 down_read(&hidp_session_sem); 911 912 list_for_each(p, &hidp_session_list) { 913 struct hidp_session *session; 914 struct hidp_conninfo ci; 915 916 session = list_entry(p, struct hidp_session, list); 917 918 __hidp_copy_session(session, &ci); 919 920 if (copy_to_user(req->ci, &ci, sizeof(ci))) { 921 err = -EFAULT; 922 break; 923 } 924 925 if (++n >= req->cnum) 926 break; 927 928 req->ci++; 929 } 930 req->cnum = n; 931 932 up_read(&hidp_session_sem); 933 return err; 934 } 935 936 int hidp_get_conninfo(struct hidp_conninfo *ci) 937 { 938 struct hidp_session *session; 939 int err = 0; 940 941 down_read(&hidp_session_sem); 942 943 session = __hidp_get_session(&ci->bdaddr); 944 if (session) 945 __hidp_copy_session(session, ci); 946 else 947 err = -ENOENT; 948 949 up_read(&hidp_session_sem); 950 return err; 951 } 952 953 static int __init hidp_init(void) 954 { 955 l2cap_load(); 956 957 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION); 958 959 return hidp_init_sockets(); 960 } 961 962 static void __exit hidp_exit(void) 963 { 964 hidp_cleanup_sockets(); 965 } 966 967 module_init(hidp_init); 968 module_exit(hidp_exit); 969 970 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 971 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION); 972 MODULE_VERSION(VERSION); 973 MODULE_LICENSE("GPL"); 974 MODULE_ALIAS("bt-proto-6"); 975