1 /* 2 HIDP implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org> 4 Copyright (C) 2013 David Herrmann <dh.herrmann@gmail.com> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 #include <linux/kref.h> 25 #include <linux/module.h> 26 #include <linux/file.h> 27 #include <linux/kthread.h> 28 #include <linux/hidraw.h> 29 30 #include <net/bluetooth/bluetooth.h> 31 #include <net/bluetooth/hci_core.h> 32 #include <net/bluetooth/l2cap.h> 33 34 #include "hidp.h" 35 36 #define VERSION "1.2" 37 38 static DECLARE_RWSEM(hidp_session_sem); 39 static DECLARE_WAIT_QUEUE_HEAD(hidp_session_wq); 40 static LIST_HEAD(hidp_session_list); 41 42 static unsigned char hidp_keycode[256] = { 43 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 44 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 45 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1, 46 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52, 47 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88, 48 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69, 49 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73, 50 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190, 51 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135, 52 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94, 53 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0, 54 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 55 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 56 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 57 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 58 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 59 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115, 60 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140 61 }; 62 63 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }; 64 65 static int hidp_session_probe(struct l2cap_conn *conn, 66 struct l2cap_user *user); 67 static void hidp_session_remove(struct l2cap_conn *conn, 68 struct l2cap_user *user); 69 static int hidp_session_thread(void *arg); 70 static void hidp_session_terminate(struct hidp_session *s); 71 72 static void hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci) 73 { 74 u32 valid_flags = 0; 75 memset(ci, 0, sizeof(*ci)); 76 bacpy(&ci->bdaddr, &session->bdaddr); 77 78 ci->flags = session->flags & valid_flags; 79 ci->state = BT_CONNECTED; 80 81 if (session->input) { 82 ci->vendor = session->input->id.vendor; 83 ci->product = session->input->id.product; 84 ci->version = session->input->id.version; 85 if (session->input->name) 86 strlcpy(ci->name, session->input->name, 128); 87 else 88 strlcpy(ci->name, "HID Boot Device", 128); 89 } else if (session->hid) { 90 ci->vendor = session->hid->vendor; 91 ci->product = session->hid->product; 92 ci->version = session->hid->version; 93 strlcpy(ci->name, session->hid->name, 128); 94 } 95 } 96 97 /* assemble skb, queue message on @transmit and wake up the session thread */ 98 static int hidp_send_message(struct hidp_session *session, struct socket *sock, 99 struct sk_buff_head *transmit, unsigned char hdr, 100 const unsigned char *data, int size) 101 { 102 struct sk_buff *skb; 103 struct sock *sk = sock->sk; 104 105 BT_DBG("session %p data %p size %d", session, data, size); 106 107 if (atomic_read(&session->terminate)) 108 return -EIO; 109 110 skb = alloc_skb(size + 1, GFP_ATOMIC); 111 if (!skb) { 112 BT_ERR("Can't allocate memory for new frame"); 113 return -ENOMEM; 114 } 115 116 skb_put_u8(skb, hdr); 117 if (data && size > 0) 118 skb_put_data(skb, data, size); 119 120 skb_queue_tail(transmit, skb); 121 wake_up_interruptible(sk_sleep(sk)); 122 123 return 0; 124 } 125 126 static int hidp_send_ctrl_message(struct hidp_session *session, 127 unsigned char hdr, const unsigned char *data, 128 int size) 129 { 130 return hidp_send_message(session, session->ctrl_sock, 131 &session->ctrl_transmit, hdr, data, size); 132 } 133 134 static int hidp_send_intr_message(struct hidp_session *session, 135 unsigned char hdr, const unsigned char *data, 136 int size) 137 { 138 return hidp_send_message(session, session->intr_sock, 139 &session->intr_transmit, hdr, data, size); 140 } 141 142 static int hidp_input_event(struct input_dev *dev, unsigned int type, 143 unsigned int code, int value) 144 { 145 struct hidp_session *session = input_get_drvdata(dev); 146 unsigned char newleds; 147 unsigned char hdr, data[2]; 148 149 BT_DBG("session %p type %d code %d value %d", 150 session, type, code, value); 151 152 if (type != EV_LED) 153 return -1; 154 155 newleds = (!!test_bit(LED_KANA, dev->led) << 3) | 156 (!!test_bit(LED_COMPOSE, dev->led) << 3) | 157 (!!test_bit(LED_SCROLLL, dev->led) << 2) | 158 (!!test_bit(LED_CAPSL, dev->led) << 1) | 159 (!!test_bit(LED_NUML, dev->led) << 0); 160 161 if (session->leds == newleds) 162 return 0; 163 164 session->leds = newleds; 165 166 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; 167 data[0] = 0x01; 168 data[1] = newleds; 169 170 return hidp_send_intr_message(session, hdr, data, 2); 171 } 172 173 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) 174 { 175 struct input_dev *dev = session->input; 176 unsigned char *keys = session->keys; 177 unsigned char *udata = skb->data + 1; 178 signed char *sdata = skb->data + 1; 179 int i, size = skb->len - 1; 180 181 switch (skb->data[0]) { 182 case 0x01: /* Keyboard report */ 183 for (i = 0; i < 8; i++) 184 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1); 185 186 /* If all the key codes have been set to 0x01, it means 187 * too many keys were pressed at the same time. */ 188 if (!memcmp(udata + 2, hidp_mkeyspat, 6)) 189 break; 190 191 for (i = 2; i < 8; i++) { 192 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) { 193 if (hidp_keycode[keys[i]]) 194 input_report_key(dev, hidp_keycode[keys[i]], 0); 195 else 196 BT_ERR("Unknown key (scancode %#x) released.", keys[i]); 197 } 198 199 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) { 200 if (hidp_keycode[udata[i]]) 201 input_report_key(dev, hidp_keycode[udata[i]], 1); 202 else 203 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]); 204 } 205 } 206 207 memcpy(keys, udata, 8); 208 break; 209 210 case 0x02: /* Mouse report */ 211 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01); 212 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02); 213 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04); 214 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08); 215 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10); 216 217 input_report_rel(dev, REL_X, sdata[1]); 218 input_report_rel(dev, REL_Y, sdata[2]); 219 220 if (size > 3) 221 input_report_rel(dev, REL_WHEEL, sdata[3]); 222 break; 223 } 224 225 input_sync(dev); 226 } 227 228 static int hidp_get_raw_report(struct hid_device *hid, 229 unsigned char report_number, 230 unsigned char *data, size_t count, 231 unsigned char report_type) 232 { 233 struct hidp_session *session = hid->driver_data; 234 struct sk_buff *skb; 235 size_t len; 236 int numbered_reports = hid->report_enum[report_type].numbered; 237 int ret; 238 239 if (atomic_read(&session->terminate)) 240 return -EIO; 241 242 switch (report_type) { 243 case HID_FEATURE_REPORT: 244 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE; 245 break; 246 case HID_INPUT_REPORT: 247 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT; 248 break; 249 case HID_OUTPUT_REPORT: 250 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT; 251 break; 252 default: 253 return -EINVAL; 254 } 255 256 if (mutex_lock_interruptible(&session->report_mutex)) 257 return -ERESTARTSYS; 258 259 /* Set up our wait, and send the report request to the device. */ 260 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK; 261 session->waiting_report_number = numbered_reports ? report_number : -1; 262 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 263 data[0] = report_number; 264 ret = hidp_send_ctrl_message(session, report_type, data, 1); 265 if (ret) 266 goto err; 267 268 /* Wait for the return of the report. The returned report 269 gets put in session->report_return. */ 270 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) && 271 !atomic_read(&session->terminate)) { 272 int res; 273 274 res = wait_event_interruptible_timeout(session->report_queue, 275 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) 276 || atomic_read(&session->terminate), 277 5*HZ); 278 if (res == 0) { 279 /* timeout */ 280 ret = -EIO; 281 goto err; 282 } 283 if (res < 0) { 284 /* signal */ 285 ret = -ERESTARTSYS; 286 goto err; 287 } 288 } 289 290 skb = session->report_return; 291 if (skb) { 292 len = skb->len < count ? skb->len : count; 293 memcpy(data, skb->data, len); 294 295 kfree_skb(skb); 296 session->report_return = NULL; 297 } else { 298 /* Device returned a HANDSHAKE, indicating protocol error. */ 299 len = -EIO; 300 } 301 302 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 303 mutex_unlock(&session->report_mutex); 304 305 return len; 306 307 err: 308 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 309 mutex_unlock(&session->report_mutex); 310 return ret; 311 } 312 313 static int hidp_set_raw_report(struct hid_device *hid, unsigned char reportnum, 314 unsigned char *data, size_t count, 315 unsigned char report_type) 316 { 317 struct hidp_session *session = hid->driver_data; 318 int ret; 319 320 switch (report_type) { 321 case HID_FEATURE_REPORT: 322 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE; 323 break; 324 case HID_INPUT_REPORT: 325 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_INPUT; 326 break; 327 case HID_OUTPUT_REPORT: 328 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT; 329 break; 330 default: 331 return -EINVAL; 332 } 333 334 if (mutex_lock_interruptible(&session->report_mutex)) 335 return -ERESTARTSYS; 336 337 /* Set up our wait, and send the report request to the device. */ 338 data[0] = reportnum; 339 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); 340 ret = hidp_send_ctrl_message(session, report_type, data, count); 341 if (ret) 342 goto err; 343 344 /* Wait for the ACK from the device. */ 345 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) && 346 !atomic_read(&session->terminate)) { 347 int res; 348 349 res = wait_event_interruptible_timeout(session->report_queue, 350 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) 351 || atomic_read(&session->terminate), 352 10*HZ); 353 if (res == 0) { 354 /* timeout */ 355 ret = -EIO; 356 goto err; 357 } 358 if (res < 0) { 359 /* signal */ 360 ret = -ERESTARTSYS; 361 goto err; 362 } 363 } 364 365 if (!session->output_report_success) { 366 ret = -EIO; 367 goto err; 368 } 369 370 ret = count; 371 372 err: 373 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); 374 mutex_unlock(&session->report_mutex); 375 return ret; 376 } 377 378 static int hidp_output_report(struct hid_device *hid, __u8 *data, size_t count) 379 { 380 struct hidp_session *session = hid->driver_data; 381 382 return hidp_send_intr_message(session, 383 HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT, 384 data, count); 385 } 386 387 static int hidp_raw_request(struct hid_device *hid, unsigned char reportnum, 388 __u8 *buf, size_t len, unsigned char rtype, 389 int reqtype) 390 { 391 switch (reqtype) { 392 case HID_REQ_GET_REPORT: 393 return hidp_get_raw_report(hid, reportnum, buf, len, rtype); 394 case HID_REQ_SET_REPORT: 395 return hidp_set_raw_report(hid, reportnum, buf, len, rtype); 396 default: 397 return -EIO; 398 } 399 } 400 401 static void hidp_idle_timeout(struct timer_list *t) 402 { 403 struct hidp_session *session = from_timer(session, t, timer); 404 405 /* The HIDP user-space API only contains calls to add and remove 406 * devices. There is no way to forward events of any kind. Therefore, 407 * we have to forcefully disconnect a device on idle-timeouts. This is 408 * unfortunate and weird API design, but it is spec-compliant and 409 * required for backwards-compatibility. Hence, on idle-timeout, we 410 * signal driver-detach events, so poll() will be woken up with an 411 * error-condition on both sockets. 412 */ 413 414 session->intr_sock->sk->sk_err = EUNATCH; 415 session->ctrl_sock->sk->sk_err = EUNATCH; 416 wake_up_interruptible(sk_sleep(session->intr_sock->sk)); 417 wake_up_interruptible(sk_sleep(session->ctrl_sock->sk)); 418 419 hidp_session_terminate(session); 420 } 421 422 static void hidp_set_timer(struct hidp_session *session) 423 { 424 if (session->idle_to > 0) 425 mod_timer(&session->timer, jiffies + HZ * session->idle_to); 426 } 427 428 static void hidp_del_timer(struct hidp_session *session) 429 { 430 if (session->idle_to > 0) 431 del_timer(&session->timer); 432 } 433 434 static void hidp_process_report(struct hidp_session *session, int type, 435 const u8 *data, unsigned int len, int intr) 436 { 437 if (len > HID_MAX_BUFFER_SIZE) 438 len = HID_MAX_BUFFER_SIZE; 439 440 memcpy(session->input_buf, data, len); 441 hid_input_report(session->hid, type, session->input_buf, len, intr); 442 } 443 444 static void hidp_process_handshake(struct hidp_session *session, 445 unsigned char param) 446 { 447 BT_DBG("session %p param 0x%02x", session, param); 448 session->output_report_success = 0; /* default condition */ 449 450 switch (param) { 451 case HIDP_HSHK_SUCCESSFUL: 452 /* FIXME: Call into SET_ GET_ handlers here */ 453 session->output_report_success = 1; 454 break; 455 456 case HIDP_HSHK_NOT_READY: 457 case HIDP_HSHK_ERR_INVALID_REPORT_ID: 458 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST: 459 case HIDP_HSHK_ERR_INVALID_PARAMETER: 460 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) 461 wake_up_interruptible(&session->report_queue); 462 463 /* FIXME: Call into SET_ GET_ handlers here */ 464 break; 465 466 case HIDP_HSHK_ERR_UNKNOWN: 467 break; 468 469 case HIDP_HSHK_ERR_FATAL: 470 /* Device requests a reboot, as this is the only way this error 471 * can be recovered. */ 472 hidp_send_ctrl_message(session, 473 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0); 474 break; 475 476 default: 477 hidp_send_ctrl_message(session, 478 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 479 break; 480 } 481 482 /* Wake up the waiting thread. */ 483 if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) 484 wake_up_interruptible(&session->report_queue); 485 } 486 487 static void hidp_process_hid_control(struct hidp_session *session, 488 unsigned char param) 489 { 490 BT_DBG("session %p param 0x%02x", session, param); 491 492 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) { 493 /* Flush the transmit queues */ 494 skb_queue_purge(&session->ctrl_transmit); 495 skb_queue_purge(&session->intr_transmit); 496 497 hidp_session_terminate(session); 498 } 499 } 500 501 /* Returns true if the passed-in skb should be freed by the caller. */ 502 static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb, 503 unsigned char param) 504 { 505 int done_with_skb = 1; 506 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param); 507 508 switch (param) { 509 case HIDP_DATA_RTYPE_INPUT: 510 hidp_set_timer(session); 511 512 if (session->input) 513 hidp_input_report(session, skb); 514 515 if (session->hid) 516 hidp_process_report(session, HID_INPUT_REPORT, 517 skb->data, skb->len, 0); 518 break; 519 520 case HIDP_DATA_RTYPE_OTHER: 521 case HIDP_DATA_RTYPE_OUPUT: 522 case HIDP_DATA_RTYPE_FEATURE: 523 break; 524 525 default: 526 hidp_send_ctrl_message(session, 527 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 528 } 529 530 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) && 531 param == session->waiting_report_type) { 532 if (session->waiting_report_number < 0 || 533 session->waiting_report_number == skb->data[0]) { 534 /* hidp_get_raw_report() is waiting on this report. */ 535 session->report_return = skb; 536 done_with_skb = 0; 537 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 538 wake_up_interruptible(&session->report_queue); 539 } 540 } 541 542 return done_with_skb; 543 } 544 545 static void hidp_recv_ctrl_frame(struct hidp_session *session, 546 struct sk_buff *skb) 547 { 548 unsigned char hdr, type, param; 549 int free_skb = 1; 550 551 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 552 553 hdr = skb->data[0]; 554 skb_pull(skb, 1); 555 556 type = hdr & HIDP_HEADER_TRANS_MASK; 557 param = hdr & HIDP_HEADER_PARAM_MASK; 558 559 switch (type) { 560 case HIDP_TRANS_HANDSHAKE: 561 hidp_process_handshake(session, param); 562 break; 563 564 case HIDP_TRANS_HID_CONTROL: 565 hidp_process_hid_control(session, param); 566 break; 567 568 case HIDP_TRANS_DATA: 569 free_skb = hidp_process_data(session, skb, param); 570 break; 571 572 default: 573 hidp_send_ctrl_message(session, 574 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0); 575 break; 576 } 577 578 if (free_skb) 579 kfree_skb(skb); 580 } 581 582 static void hidp_recv_intr_frame(struct hidp_session *session, 583 struct sk_buff *skb) 584 { 585 unsigned char hdr; 586 587 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 588 589 hdr = skb->data[0]; 590 skb_pull(skb, 1); 591 592 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) { 593 hidp_set_timer(session); 594 595 if (session->input) 596 hidp_input_report(session, skb); 597 598 if (session->hid) { 599 hidp_process_report(session, HID_INPUT_REPORT, 600 skb->data, skb->len, 1); 601 BT_DBG("report len %d", skb->len); 602 } 603 } else { 604 BT_DBG("Unsupported protocol header 0x%02x", hdr); 605 } 606 607 kfree_skb(skb); 608 } 609 610 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len) 611 { 612 struct kvec iv = { data, len }; 613 struct msghdr msg; 614 615 BT_DBG("sock %p data %p len %d", sock, data, len); 616 617 if (!len) 618 return 0; 619 620 memset(&msg, 0, sizeof(msg)); 621 622 return kernel_sendmsg(sock, &msg, &iv, 1, len); 623 } 624 625 /* dequeue message from @transmit and send via @sock */ 626 static void hidp_process_transmit(struct hidp_session *session, 627 struct sk_buff_head *transmit, 628 struct socket *sock) 629 { 630 struct sk_buff *skb; 631 int ret; 632 633 BT_DBG("session %p", session); 634 635 while ((skb = skb_dequeue(transmit))) { 636 ret = hidp_send_frame(sock, skb->data, skb->len); 637 if (ret == -EAGAIN) { 638 skb_queue_head(transmit, skb); 639 break; 640 } else if (ret < 0) { 641 hidp_session_terminate(session); 642 kfree_skb(skb); 643 break; 644 } 645 646 hidp_set_timer(session); 647 kfree_skb(skb); 648 } 649 } 650 651 static int hidp_setup_input(struct hidp_session *session, 652 const struct hidp_connadd_req *req) 653 { 654 struct input_dev *input; 655 int i; 656 657 input = input_allocate_device(); 658 if (!input) 659 return -ENOMEM; 660 661 session->input = input; 662 663 input_set_drvdata(input, session); 664 665 input->name = "Bluetooth HID Boot Protocol Device"; 666 667 input->id.bustype = BUS_BLUETOOTH; 668 input->id.vendor = req->vendor; 669 input->id.product = req->product; 670 input->id.version = req->version; 671 672 if (req->subclass & 0x40) { 673 set_bit(EV_KEY, input->evbit); 674 set_bit(EV_LED, input->evbit); 675 set_bit(EV_REP, input->evbit); 676 677 set_bit(LED_NUML, input->ledbit); 678 set_bit(LED_CAPSL, input->ledbit); 679 set_bit(LED_SCROLLL, input->ledbit); 680 set_bit(LED_COMPOSE, input->ledbit); 681 set_bit(LED_KANA, input->ledbit); 682 683 for (i = 0; i < sizeof(hidp_keycode); i++) 684 set_bit(hidp_keycode[i], input->keybit); 685 clear_bit(0, input->keybit); 686 } 687 688 if (req->subclass & 0x80) { 689 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL); 690 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) | 691 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE); 692 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y); 693 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) | 694 BIT_MASK(BTN_EXTRA); 695 input->relbit[0] |= BIT_MASK(REL_WHEEL); 696 } 697 698 input->dev.parent = &session->conn->hcon->dev; 699 700 input->event = hidp_input_event; 701 702 return 0; 703 } 704 705 static int hidp_open(struct hid_device *hid) 706 { 707 return 0; 708 } 709 710 static void hidp_close(struct hid_device *hid) 711 { 712 } 713 714 static int hidp_parse(struct hid_device *hid) 715 { 716 struct hidp_session *session = hid->driver_data; 717 718 return hid_parse_report(session->hid, session->rd_data, 719 session->rd_size); 720 } 721 722 static int hidp_start(struct hid_device *hid) 723 { 724 return 0; 725 } 726 727 static void hidp_stop(struct hid_device *hid) 728 { 729 struct hidp_session *session = hid->driver_data; 730 731 skb_queue_purge(&session->ctrl_transmit); 732 skb_queue_purge(&session->intr_transmit); 733 734 hid->claimed = 0; 735 } 736 737 struct hid_ll_driver hidp_hid_driver = { 738 .parse = hidp_parse, 739 .start = hidp_start, 740 .stop = hidp_stop, 741 .open = hidp_open, 742 .close = hidp_close, 743 .raw_request = hidp_raw_request, 744 .output_report = hidp_output_report, 745 }; 746 EXPORT_SYMBOL_GPL(hidp_hid_driver); 747 748 /* This function sets up the hid device. It does not add it 749 to the HID system. That is done in hidp_add_connection(). */ 750 static int hidp_setup_hid(struct hidp_session *session, 751 const struct hidp_connadd_req *req) 752 { 753 struct hid_device *hid; 754 int err; 755 756 session->rd_data = memdup_user(req->rd_data, req->rd_size); 757 if (IS_ERR(session->rd_data)) 758 return PTR_ERR(session->rd_data); 759 760 session->rd_size = req->rd_size; 761 762 hid = hid_allocate_device(); 763 if (IS_ERR(hid)) { 764 err = PTR_ERR(hid); 765 goto fault; 766 } 767 768 session->hid = hid; 769 770 hid->driver_data = session; 771 772 hid->bus = BUS_BLUETOOTH; 773 hid->vendor = req->vendor; 774 hid->product = req->product; 775 hid->version = req->version; 776 hid->country = req->country; 777 778 strncpy(hid->name, req->name, sizeof(hid->name)); 779 780 snprintf(hid->phys, sizeof(hid->phys), "%pMR", 781 &l2cap_pi(session->ctrl_sock->sk)->chan->src); 782 783 /* NOTE: Some device modules depend on the dst address being stored in 784 * uniq. Please be aware of this before making changes to this behavior. 785 */ 786 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR", 787 &l2cap_pi(session->ctrl_sock->sk)->chan->dst); 788 789 hid->dev.parent = &session->conn->hcon->dev; 790 hid->ll_driver = &hidp_hid_driver; 791 792 /* True if device is blacklisted in drivers/hid/hid-quirks.c */ 793 if (hid_ignore(hid)) { 794 hid_destroy_device(session->hid); 795 session->hid = NULL; 796 return -ENODEV; 797 } 798 799 return 0; 800 801 fault: 802 kfree(session->rd_data); 803 session->rd_data = NULL; 804 805 return err; 806 } 807 808 /* initialize session devices */ 809 static int hidp_session_dev_init(struct hidp_session *session, 810 const struct hidp_connadd_req *req) 811 { 812 int ret; 813 814 if (req->rd_size > 0) { 815 ret = hidp_setup_hid(session, req); 816 if (ret && ret != -ENODEV) 817 return ret; 818 } 819 820 if (!session->hid) { 821 ret = hidp_setup_input(session, req); 822 if (ret < 0) 823 return ret; 824 } 825 826 return 0; 827 } 828 829 /* destroy session devices */ 830 static void hidp_session_dev_destroy(struct hidp_session *session) 831 { 832 if (session->hid) 833 put_device(&session->hid->dev); 834 else if (session->input) 835 input_put_device(session->input); 836 837 kfree(session->rd_data); 838 session->rd_data = NULL; 839 } 840 841 /* add HID/input devices to their underlying bus systems */ 842 static int hidp_session_dev_add(struct hidp_session *session) 843 { 844 int ret; 845 846 /* Both HID and input systems drop a ref-count when unregistering the 847 * device but they don't take a ref-count when registering them. Work 848 * around this by explicitly taking a refcount during registration 849 * which is dropped automatically by unregistering the devices. */ 850 851 if (session->hid) { 852 ret = hid_add_device(session->hid); 853 if (ret) 854 return ret; 855 get_device(&session->hid->dev); 856 } else if (session->input) { 857 ret = input_register_device(session->input); 858 if (ret) 859 return ret; 860 input_get_device(session->input); 861 } 862 863 return 0; 864 } 865 866 /* remove HID/input devices from their bus systems */ 867 static void hidp_session_dev_del(struct hidp_session *session) 868 { 869 if (session->hid) 870 hid_destroy_device(session->hid); 871 else if (session->input) 872 input_unregister_device(session->input); 873 } 874 875 /* 876 * Asynchronous device registration 877 * HID device drivers might want to perform I/O during initialization to 878 * detect device types. Therefore, call device registration in a separate 879 * worker so the HIDP thread can schedule I/O operations. 880 * Note that this must be called after the worker thread was initialized 881 * successfully. This will then add the devices and increase session state 882 * on success, otherwise it will terminate the session thread. 883 */ 884 static void hidp_session_dev_work(struct work_struct *work) 885 { 886 struct hidp_session *session = container_of(work, 887 struct hidp_session, 888 dev_init); 889 int ret; 890 891 ret = hidp_session_dev_add(session); 892 if (!ret) 893 atomic_inc(&session->state); 894 else 895 hidp_session_terminate(session); 896 } 897 898 /* 899 * Create new session object 900 * Allocate session object, initialize static fields, copy input data into the 901 * object and take a reference to all sub-objects. 902 * This returns 0 on success and puts a pointer to the new session object in 903 * \out. Otherwise, an error code is returned. 904 * The new session object has an initial ref-count of 1. 905 */ 906 static int hidp_session_new(struct hidp_session **out, const bdaddr_t *bdaddr, 907 struct socket *ctrl_sock, 908 struct socket *intr_sock, 909 const struct hidp_connadd_req *req, 910 struct l2cap_conn *conn) 911 { 912 struct hidp_session *session; 913 int ret; 914 struct bt_sock *ctrl, *intr; 915 916 ctrl = bt_sk(ctrl_sock->sk); 917 intr = bt_sk(intr_sock->sk); 918 919 session = kzalloc(sizeof(*session), GFP_KERNEL); 920 if (!session) 921 return -ENOMEM; 922 923 /* object and runtime management */ 924 kref_init(&session->ref); 925 atomic_set(&session->state, HIDP_SESSION_IDLING); 926 init_waitqueue_head(&session->state_queue); 927 session->flags = req->flags & BIT(HIDP_BLUETOOTH_VENDOR_ID); 928 929 /* connection management */ 930 bacpy(&session->bdaddr, bdaddr); 931 session->conn = l2cap_conn_get(conn); 932 session->user.probe = hidp_session_probe; 933 session->user.remove = hidp_session_remove; 934 INIT_LIST_HEAD(&session->user.list); 935 session->ctrl_sock = ctrl_sock; 936 session->intr_sock = intr_sock; 937 skb_queue_head_init(&session->ctrl_transmit); 938 skb_queue_head_init(&session->intr_transmit); 939 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl)->chan->omtu, 940 l2cap_pi(ctrl)->chan->imtu); 941 session->intr_mtu = min_t(uint, l2cap_pi(intr)->chan->omtu, 942 l2cap_pi(intr)->chan->imtu); 943 session->idle_to = req->idle_to; 944 945 /* device management */ 946 INIT_WORK(&session->dev_init, hidp_session_dev_work); 947 timer_setup(&session->timer, hidp_idle_timeout, 0); 948 949 /* session data */ 950 mutex_init(&session->report_mutex); 951 init_waitqueue_head(&session->report_queue); 952 953 ret = hidp_session_dev_init(session, req); 954 if (ret) 955 goto err_free; 956 957 get_file(session->intr_sock->file); 958 get_file(session->ctrl_sock->file); 959 *out = session; 960 return 0; 961 962 err_free: 963 l2cap_conn_put(session->conn); 964 kfree(session); 965 return ret; 966 } 967 968 /* increase ref-count of the given session by one */ 969 static void hidp_session_get(struct hidp_session *session) 970 { 971 kref_get(&session->ref); 972 } 973 974 /* release callback */ 975 static void session_free(struct kref *ref) 976 { 977 struct hidp_session *session = container_of(ref, struct hidp_session, 978 ref); 979 980 hidp_session_dev_destroy(session); 981 skb_queue_purge(&session->ctrl_transmit); 982 skb_queue_purge(&session->intr_transmit); 983 fput(session->intr_sock->file); 984 fput(session->ctrl_sock->file); 985 l2cap_conn_put(session->conn); 986 kfree(session); 987 } 988 989 /* decrease ref-count of the given session by one */ 990 static void hidp_session_put(struct hidp_session *session) 991 { 992 kref_put(&session->ref, session_free); 993 } 994 995 /* 996 * Search the list of active sessions for a session with target address 997 * \bdaddr. You must hold at least a read-lock on \hidp_session_sem. As long as 998 * you do not release this lock, the session objects cannot vanish and you can 999 * safely take a reference to the session yourself. 1000 */ 1001 static struct hidp_session *__hidp_session_find(const bdaddr_t *bdaddr) 1002 { 1003 struct hidp_session *session; 1004 1005 list_for_each_entry(session, &hidp_session_list, list) { 1006 if (!bacmp(bdaddr, &session->bdaddr)) 1007 return session; 1008 } 1009 1010 return NULL; 1011 } 1012 1013 /* 1014 * Same as __hidp_session_find() but no locks must be held. This also takes a 1015 * reference of the returned session (if non-NULL) so you must drop this 1016 * reference if you no longer use the object. 1017 */ 1018 static struct hidp_session *hidp_session_find(const bdaddr_t *bdaddr) 1019 { 1020 struct hidp_session *session; 1021 1022 down_read(&hidp_session_sem); 1023 1024 session = __hidp_session_find(bdaddr); 1025 if (session) 1026 hidp_session_get(session); 1027 1028 up_read(&hidp_session_sem); 1029 1030 return session; 1031 } 1032 1033 /* 1034 * Start session synchronously 1035 * This starts a session thread and waits until initialization 1036 * is done or returns an error if it couldn't be started. 1037 * If this returns 0 the session thread is up and running. You must call 1038 * hipd_session_stop_sync() before deleting any runtime resources. 1039 */ 1040 static int hidp_session_start_sync(struct hidp_session *session) 1041 { 1042 unsigned int vendor, product; 1043 1044 if (session->hid) { 1045 vendor = session->hid->vendor; 1046 product = session->hid->product; 1047 } else if (session->input) { 1048 vendor = session->input->id.vendor; 1049 product = session->input->id.product; 1050 } else { 1051 vendor = 0x0000; 1052 product = 0x0000; 1053 } 1054 1055 session->task = kthread_run(hidp_session_thread, session, 1056 "khidpd_%04x%04x", vendor, product); 1057 if (IS_ERR(session->task)) 1058 return PTR_ERR(session->task); 1059 1060 while (atomic_read(&session->state) <= HIDP_SESSION_IDLING) 1061 wait_event(session->state_queue, 1062 atomic_read(&session->state) > HIDP_SESSION_IDLING); 1063 1064 return 0; 1065 } 1066 1067 /* 1068 * Terminate session thread 1069 * Wake up session thread and notify it to stop. This is asynchronous and 1070 * returns immediately. Call this whenever a runtime error occurs and you want 1071 * the session to stop. 1072 * Note: wake_up_interruptible() performs any necessary memory-barriers for us. 1073 */ 1074 static void hidp_session_terminate(struct hidp_session *session) 1075 { 1076 atomic_inc(&session->terminate); 1077 /* 1078 * See the comment preceding the call to wait_woken() 1079 * in hidp_session_run(). 1080 */ 1081 wake_up_interruptible(&hidp_session_wq); 1082 } 1083 1084 /* 1085 * Probe HIDP session 1086 * This is called from the l2cap_conn core when our l2cap_user object is bound 1087 * to the hci-connection. We get the session via the \user object and can now 1088 * start the session thread, link it into the global session list and 1089 * schedule HID/input device registration. 1090 * The global session-list owns its own reference to the session object so you 1091 * can drop your own reference after registering the l2cap_user object. 1092 */ 1093 static int hidp_session_probe(struct l2cap_conn *conn, 1094 struct l2cap_user *user) 1095 { 1096 struct hidp_session *session = container_of(user, 1097 struct hidp_session, 1098 user); 1099 struct hidp_session *s; 1100 int ret; 1101 1102 down_write(&hidp_session_sem); 1103 1104 /* check that no other session for this device exists */ 1105 s = __hidp_session_find(&session->bdaddr); 1106 if (s) { 1107 ret = -EEXIST; 1108 goto out_unlock; 1109 } 1110 1111 if (session->input) { 1112 ret = hidp_session_dev_add(session); 1113 if (ret) 1114 goto out_unlock; 1115 } 1116 1117 ret = hidp_session_start_sync(session); 1118 if (ret) 1119 goto out_del; 1120 1121 /* HID device registration is async to allow I/O during probe */ 1122 if (session->input) 1123 atomic_inc(&session->state); 1124 else 1125 schedule_work(&session->dev_init); 1126 1127 hidp_session_get(session); 1128 list_add(&session->list, &hidp_session_list); 1129 ret = 0; 1130 goto out_unlock; 1131 1132 out_del: 1133 if (session->input) 1134 hidp_session_dev_del(session); 1135 out_unlock: 1136 up_write(&hidp_session_sem); 1137 return ret; 1138 } 1139 1140 /* 1141 * Remove HIDP session 1142 * Called from the l2cap_conn core when either we explicitly unregistered 1143 * the l2cap_user object or if the underlying connection is shut down. 1144 * We signal the hidp-session thread to shut down, unregister the HID/input 1145 * devices and unlink the session from the global list. 1146 * This drops the reference to the session that is owned by the global 1147 * session-list. 1148 * Note: We _must_ not synchronosly wait for the session-thread to shut down. 1149 * This is, because the session-thread might be waiting for an HCI lock that is 1150 * held while we are called. Therefore, we only unregister the devices and 1151 * notify the session-thread to terminate. The thread itself owns a reference 1152 * to the session object so it can safely shut down. 1153 */ 1154 static void hidp_session_remove(struct l2cap_conn *conn, 1155 struct l2cap_user *user) 1156 { 1157 struct hidp_session *session = container_of(user, 1158 struct hidp_session, 1159 user); 1160 1161 down_write(&hidp_session_sem); 1162 1163 hidp_session_terminate(session); 1164 1165 cancel_work_sync(&session->dev_init); 1166 if (session->input || 1167 atomic_read(&session->state) > HIDP_SESSION_PREPARING) 1168 hidp_session_dev_del(session); 1169 1170 list_del(&session->list); 1171 1172 up_write(&hidp_session_sem); 1173 1174 hidp_session_put(session); 1175 } 1176 1177 /* 1178 * Session Worker 1179 * This performs the actual main-loop of the HIDP worker. We first check 1180 * whether the underlying connection is still alive, then parse all pending 1181 * messages and finally send all outstanding messages. 1182 */ 1183 static void hidp_session_run(struct hidp_session *session) 1184 { 1185 struct sock *ctrl_sk = session->ctrl_sock->sk; 1186 struct sock *intr_sk = session->intr_sock->sk; 1187 struct sk_buff *skb; 1188 DEFINE_WAIT_FUNC(wait, woken_wake_function); 1189 1190 add_wait_queue(&hidp_session_wq, &wait); 1191 for (;;) { 1192 /* 1193 * This thread can be woken up two ways: 1194 * - You call hidp_session_terminate() which sets the 1195 * session->terminate flag and wakes this thread up. 1196 * - Via modifying the socket state of ctrl/intr_sock. This 1197 * thread is woken up by ->sk_state_changed(). 1198 */ 1199 1200 if (atomic_read(&session->terminate)) 1201 break; 1202 1203 if (ctrl_sk->sk_state != BT_CONNECTED || 1204 intr_sk->sk_state != BT_CONNECTED) 1205 break; 1206 1207 /* parse incoming intr-skbs */ 1208 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) { 1209 skb_orphan(skb); 1210 if (!skb_linearize(skb)) 1211 hidp_recv_intr_frame(session, skb); 1212 else 1213 kfree_skb(skb); 1214 } 1215 1216 /* send pending intr-skbs */ 1217 hidp_process_transmit(session, &session->intr_transmit, 1218 session->intr_sock); 1219 1220 /* parse incoming ctrl-skbs */ 1221 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) { 1222 skb_orphan(skb); 1223 if (!skb_linearize(skb)) 1224 hidp_recv_ctrl_frame(session, skb); 1225 else 1226 kfree_skb(skb); 1227 } 1228 1229 /* send pending ctrl-skbs */ 1230 hidp_process_transmit(session, &session->ctrl_transmit, 1231 session->ctrl_sock); 1232 1233 /* 1234 * wait_woken() performs the necessary memory barriers 1235 * for us; see the header comment for this primitive. 1236 */ 1237 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT); 1238 } 1239 remove_wait_queue(&hidp_session_wq, &wait); 1240 1241 atomic_inc(&session->terminate); 1242 } 1243 1244 static int hidp_session_wake_function(wait_queue_entry_t *wait, 1245 unsigned int mode, 1246 int sync, void *key) 1247 { 1248 wake_up_interruptible(&hidp_session_wq); 1249 return false; 1250 } 1251 1252 /* 1253 * HIDP session thread 1254 * This thread runs the I/O for a single HIDP session. Startup is synchronous 1255 * which allows us to take references to ourself here instead of doing that in 1256 * the caller. 1257 * When we are ready to run we notify the caller and call hidp_session_run(). 1258 */ 1259 static int hidp_session_thread(void *arg) 1260 { 1261 struct hidp_session *session = arg; 1262 DEFINE_WAIT_FUNC(ctrl_wait, hidp_session_wake_function); 1263 DEFINE_WAIT_FUNC(intr_wait, hidp_session_wake_function); 1264 1265 BT_DBG("session %p", session); 1266 1267 /* initialize runtime environment */ 1268 hidp_session_get(session); 1269 __module_get(THIS_MODULE); 1270 set_user_nice(current, -15); 1271 hidp_set_timer(session); 1272 1273 add_wait_queue(sk_sleep(session->ctrl_sock->sk), &ctrl_wait); 1274 add_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait); 1275 /* This memory barrier is paired with wq_has_sleeper(). See 1276 * sock_poll_wait() for more information why this is needed. */ 1277 smp_mb(); 1278 1279 /* notify synchronous startup that we're ready */ 1280 atomic_inc(&session->state); 1281 wake_up(&session->state_queue); 1282 1283 /* run session */ 1284 hidp_session_run(session); 1285 1286 /* cleanup runtime environment */ 1287 remove_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait); 1288 remove_wait_queue(sk_sleep(session->intr_sock->sk), &ctrl_wait); 1289 wake_up_interruptible(&session->report_queue); 1290 hidp_del_timer(session); 1291 1292 /* 1293 * If we stopped ourself due to any internal signal, we should try to 1294 * unregister our own session here to avoid having it linger until the 1295 * parent l2cap_conn dies or user-space cleans it up. 1296 * This does not deadlock as we don't do any synchronous shutdown. 1297 * Instead, this call has the same semantics as if user-space tried to 1298 * delete the session. 1299 */ 1300 l2cap_unregister_user(session->conn, &session->user); 1301 hidp_session_put(session); 1302 1303 module_put_and_exit(0); 1304 return 0; 1305 } 1306 1307 static int hidp_verify_sockets(struct socket *ctrl_sock, 1308 struct socket *intr_sock) 1309 { 1310 struct l2cap_chan *ctrl_chan, *intr_chan; 1311 struct bt_sock *ctrl, *intr; 1312 struct hidp_session *session; 1313 1314 if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock)) 1315 return -EINVAL; 1316 1317 ctrl_chan = l2cap_pi(ctrl_sock->sk)->chan; 1318 intr_chan = l2cap_pi(intr_sock->sk)->chan; 1319 1320 if (bacmp(&ctrl_chan->src, &intr_chan->src) || 1321 bacmp(&ctrl_chan->dst, &intr_chan->dst)) 1322 return -ENOTUNIQ; 1323 1324 ctrl = bt_sk(ctrl_sock->sk); 1325 intr = bt_sk(intr_sock->sk); 1326 1327 if (ctrl->sk.sk_state != BT_CONNECTED || 1328 intr->sk.sk_state != BT_CONNECTED) 1329 return -EBADFD; 1330 1331 /* early session check, we check again during session registration */ 1332 session = hidp_session_find(&ctrl_chan->dst); 1333 if (session) { 1334 hidp_session_put(session); 1335 return -EEXIST; 1336 } 1337 1338 return 0; 1339 } 1340 1341 int hidp_connection_add(const struct hidp_connadd_req *req, 1342 struct socket *ctrl_sock, 1343 struct socket *intr_sock) 1344 { 1345 u32 valid_flags = BIT(HIDP_VIRTUAL_CABLE_UNPLUG) | 1346 BIT(HIDP_BOOT_PROTOCOL_MODE); 1347 struct hidp_session *session; 1348 struct l2cap_conn *conn; 1349 struct l2cap_chan *chan; 1350 int ret; 1351 1352 ret = hidp_verify_sockets(ctrl_sock, intr_sock); 1353 if (ret) 1354 return ret; 1355 1356 if (req->flags & ~valid_flags) 1357 return -EINVAL; 1358 1359 chan = l2cap_pi(ctrl_sock->sk)->chan; 1360 conn = NULL; 1361 l2cap_chan_lock(chan); 1362 if (chan->conn) 1363 conn = l2cap_conn_get(chan->conn); 1364 l2cap_chan_unlock(chan); 1365 1366 if (!conn) 1367 return -EBADFD; 1368 1369 ret = hidp_session_new(&session, &chan->dst, ctrl_sock, 1370 intr_sock, req, conn); 1371 if (ret) 1372 goto out_conn; 1373 1374 ret = l2cap_register_user(conn, &session->user); 1375 if (ret) 1376 goto out_session; 1377 1378 ret = 0; 1379 1380 out_session: 1381 hidp_session_put(session); 1382 out_conn: 1383 l2cap_conn_put(conn); 1384 return ret; 1385 } 1386 1387 int hidp_connection_del(struct hidp_conndel_req *req) 1388 { 1389 u32 valid_flags = BIT(HIDP_VIRTUAL_CABLE_UNPLUG); 1390 struct hidp_session *session; 1391 1392 if (req->flags & ~valid_flags) 1393 return -EINVAL; 1394 1395 session = hidp_session_find(&req->bdaddr); 1396 if (!session) 1397 return -ENOENT; 1398 1399 if (req->flags & BIT(HIDP_VIRTUAL_CABLE_UNPLUG)) 1400 hidp_send_ctrl_message(session, 1401 HIDP_TRANS_HID_CONTROL | 1402 HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, 1403 NULL, 0); 1404 else 1405 l2cap_unregister_user(session->conn, &session->user); 1406 1407 hidp_session_put(session); 1408 1409 return 0; 1410 } 1411 1412 int hidp_get_connlist(struct hidp_connlist_req *req) 1413 { 1414 struct hidp_session *session; 1415 int err = 0, n = 0; 1416 1417 BT_DBG(""); 1418 1419 down_read(&hidp_session_sem); 1420 1421 list_for_each_entry(session, &hidp_session_list, list) { 1422 struct hidp_conninfo ci; 1423 1424 hidp_copy_session(session, &ci); 1425 1426 if (copy_to_user(req->ci, &ci, sizeof(ci))) { 1427 err = -EFAULT; 1428 break; 1429 } 1430 1431 if (++n >= req->cnum) 1432 break; 1433 1434 req->ci++; 1435 } 1436 req->cnum = n; 1437 1438 up_read(&hidp_session_sem); 1439 return err; 1440 } 1441 1442 int hidp_get_conninfo(struct hidp_conninfo *ci) 1443 { 1444 struct hidp_session *session; 1445 1446 session = hidp_session_find(&ci->bdaddr); 1447 if (session) { 1448 hidp_copy_session(session, ci); 1449 hidp_session_put(session); 1450 } 1451 1452 return session ? 0 : -ENOENT; 1453 } 1454 1455 static int __init hidp_init(void) 1456 { 1457 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION); 1458 1459 return hidp_init_sockets(); 1460 } 1461 1462 static void __exit hidp_exit(void) 1463 { 1464 hidp_cleanup_sockets(); 1465 } 1466 1467 module_init(hidp_init); 1468 module_exit(hidp_exit); 1469 1470 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 1471 MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>"); 1472 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION); 1473 MODULE_VERSION(VERSION); 1474 MODULE_LICENSE("GPL"); 1475 MODULE_ALIAS("bt-proto-6"); 1476