1 /* 2 HIDP implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org> 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License version 2 as 7 published by the Free Software Foundation; 8 9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 20 SOFTWARE IS DISCLAIMED. 21 */ 22 23 #include <linux/module.h> 24 25 #include <linux/types.h> 26 #include <linux/errno.h> 27 #include <linux/kernel.h> 28 #include <linux/sched.h> 29 #include <linux/slab.h> 30 #include <linux/poll.h> 31 #include <linux/fcntl.h> 32 #include <linux/skbuff.h> 33 #include <linux/socket.h> 34 #include <linux/ioctl.h> 35 #include <linux/file.h> 36 #include <linux/init.h> 37 #include <linux/wait.h> 38 #include <net/sock.h> 39 40 #include <linux/input.h> 41 #include <linux/hid.h> 42 43 #include <net/bluetooth/bluetooth.h> 44 #include <net/bluetooth/hci_core.h> 45 #include <net/bluetooth/l2cap.h> 46 47 #include "hidp.h" 48 49 #ifndef CONFIG_BT_HIDP_DEBUG 50 #undef BT_DBG 51 #define BT_DBG(D...) 52 #endif 53 54 #define VERSION "1.2" 55 56 static DECLARE_RWSEM(hidp_session_sem); 57 static LIST_HEAD(hidp_session_list); 58 59 static unsigned char hidp_keycode[256] = { 60 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 37, 38, 61 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 21, 44, 2, 3, 62 4, 5, 6, 7, 8, 9, 10, 11, 28, 1, 14, 15, 57, 12, 13, 26, 63 27, 43, 43, 39, 40, 41, 51, 52, 53, 58, 59, 60, 61, 62, 63, 64, 64 65, 66, 67, 68, 87, 88, 99, 70,119,110,102,104,111,107,109,106, 65 105,108,103, 69, 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 66 72, 73, 82, 83, 86,127,116,117,183,184,185,186,187,188,189,190, 67 191,192,193,194,134,138,130,132,128,129,131,137,133,135,136,113, 68 115,114, 0, 0, 0,121, 0, 89, 93,124, 92, 94, 95, 0, 0, 0, 69 122,123, 90, 91, 85, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 70 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 71 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 72 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 73 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 74 29, 42, 56,125, 97, 54,100,126,164,166,165,163,161,115,114,113, 75 150,158,159,128,136,177,178,176,142,152,173,140 76 }; 77 78 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }; 79 80 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr) 81 { 82 struct hidp_session *session; 83 struct list_head *p; 84 85 BT_DBG(""); 86 87 list_for_each(p, &hidp_session_list) { 88 session = list_entry(p, struct hidp_session, list); 89 if (!bacmp(bdaddr, &session->bdaddr)) 90 return session; 91 } 92 return NULL; 93 } 94 95 static void __hidp_link_session(struct hidp_session *session) 96 { 97 __module_get(THIS_MODULE); 98 list_add(&session->list, &hidp_session_list); 99 } 100 101 static void __hidp_unlink_session(struct hidp_session *session) 102 { 103 list_del(&session->list); 104 module_put(THIS_MODULE); 105 } 106 107 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci) 108 { 109 bacpy(&ci->bdaddr, &session->bdaddr); 110 111 ci->flags = session->flags; 112 ci->state = session->state; 113 114 ci->vendor = 0x0000; 115 ci->product = 0x0000; 116 ci->version = 0x0000; 117 memset(ci->name, 0, 128); 118 119 if (session->input) { 120 ci->vendor = session->input->id.vendor; 121 ci->product = session->input->id.product; 122 ci->version = session->input->id.version; 123 if (session->input->name) 124 strncpy(ci->name, session->input->name, 128); 125 else 126 strncpy(ci->name, "HID Boot Device", 128); 127 } 128 129 if (session->hid) { 130 ci->vendor = session->hid->vendor; 131 ci->product = session->hid->product; 132 ci->version = session->hid->version; 133 strncpy(ci->name, session->hid->name, 128); 134 } 135 } 136 137 static inline int hidp_queue_event(struct hidp_session *session, struct input_dev *dev, 138 unsigned int type, unsigned int code, int value) 139 { 140 unsigned char newleds; 141 struct sk_buff *skb; 142 143 BT_DBG("session %p type %d code %d value %d", session, type, code, value); 144 145 if (type != EV_LED) 146 return -1; 147 148 newleds = (!!test_bit(LED_KANA, dev->led) << 3) | 149 (!!test_bit(LED_COMPOSE, dev->led) << 3) | 150 (!!test_bit(LED_SCROLLL, dev->led) << 2) | 151 (!!test_bit(LED_CAPSL, dev->led) << 1) | 152 (!!test_bit(LED_NUML, dev->led)); 153 154 if (session->leds == newleds) 155 return 0; 156 157 session->leds = newleds; 158 159 if (!(skb = alloc_skb(3, GFP_ATOMIC))) { 160 BT_ERR("Can't allocate memory for new frame"); 161 return -ENOMEM; 162 } 163 164 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; 165 *skb_put(skb, 1) = 0x01; 166 *skb_put(skb, 1) = newleds; 167 168 skb_queue_tail(&session->intr_transmit, skb); 169 170 hidp_schedule(session); 171 172 return 0; 173 } 174 175 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 176 { 177 struct hid_device *hid = dev->private; 178 struct hidp_session *session = hid->driver_data; 179 180 return hidp_queue_event(session, dev, type, code, value); 181 } 182 183 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 184 { 185 struct hidp_session *session = dev->private; 186 187 return hidp_queue_event(session, dev, type, code, value); 188 } 189 190 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) 191 { 192 struct input_dev *dev = session->input; 193 unsigned char *keys = session->keys; 194 unsigned char *udata = skb->data + 1; 195 signed char *sdata = skb->data + 1; 196 int i, size = skb->len - 1; 197 198 switch (skb->data[0]) { 199 case 0x01: /* Keyboard report */ 200 for (i = 0; i < 8; i++) 201 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1); 202 203 /* If all the key codes have been set to 0x01, it means 204 * too many keys were pressed at the same time. */ 205 if (!memcmp(udata + 2, hidp_mkeyspat, 6)) 206 break; 207 208 for (i = 2; i < 8; i++) { 209 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) { 210 if (hidp_keycode[keys[i]]) 211 input_report_key(dev, hidp_keycode[keys[i]], 0); 212 else 213 BT_ERR("Unknown key (scancode %#x) released.", keys[i]); 214 } 215 216 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) { 217 if (hidp_keycode[udata[i]]) 218 input_report_key(dev, hidp_keycode[udata[i]], 1); 219 else 220 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]); 221 } 222 } 223 224 memcpy(keys, udata, 8); 225 break; 226 227 case 0x02: /* Mouse report */ 228 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01); 229 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02); 230 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04); 231 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08); 232 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10); 233 234 input_report_rel(dev, REL_X, sdata[1]); 235 input_report_rel(dev, REL_Y, sdata[2]); 236 237 if (size > 3) 238 input_report_rel(dev, REL_WHEEL, sdata[3]); 239 break; 240 } 241 242 input_sync(dev); 243 } 244 245 static inline int hidp_queue_report(struct hidp_session *session, unsigned char *data, int size) 246 { 247 struct sk_buff *skb; 248 249 BT_DBG("session %p hid %p data %p size %d", session, device, data, size); 250 251 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) { 252 BT_ERR("Can't allocate memory for new frame"); 253 return -ENOMEM; 254 } 255 256 *skb_put(skb, 1) = 0xa2; 257 if (size > 0) 258 memcpy(skb_put(skb, size), data, size); 259 260 skb_queue_tail(&session->intr_transmit, skb); 261 262 hidp_schedule(session); 263 264 return 0; 265 } 266 267 static int hidp_send_report(struct hidp_session *session, struct hid_report *report) 268 { 269 unsigned char buf[32]; 270 int rsize; 271 272 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0); 273 if (rsize > sizeof(buf)) 274 return -EIO; 275 276 hid_output_report(report, buf); 277 278 return hidp_queue_report(session, buf, rsize); 279 } 280 281 static void hidp_idle_timeout(unsigned long arg) 282 { 283 struct hidp_session *session = (struct hidp_session *) arg; 284 285 atomic_inc(&session->terminate); 286 hidp_schedule(session); 287 } 288 289 static inline void hidp_set_timer(struct hidp_session *session) 290 { 291 if (session->idle_to > 0) 292 mod_timer(&session->timer, jiffies + HZ * session->idle_to); 293 } 294 295 static inline void hidp_del_timer(struct hidp_session *session) 296 { 297 if (session->idle_to > 0) 298 del_timer(&session->timer); 299 } 300 301 static int __hidp_send_ctrl_message(struct hidp_session *session, 302 unsigned char hdr, unsigned char *data, int size) 303 { 304 struct sk_buff *skb; 305 306 BT_DBG("session %p data %p size %d", session, data, size); 307 308 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) { 309 BT_ERR("Can't allocate memory for new frame"); 310 return -ENOMEM; 311 } 312 313 *skb_put(skb, 1) = hdr; 314 if (data && size > 0) 315 memcpy(skb_put(skb, size), data, size); 316 317 skb_queue_tail(&session->ctrl_transmit, skb); 318 319 return 0; 320 } 321 322 static inline int hidp_send_ctrl_message(struct hidp_session *session, 323 unsigned char hdr, unsigned char *data, int size) 324 { 325 int err; 326 327 err = __hidp_send_ctrl_message(session, hdr, data, size); 328 329 hidp_schedule(session); 330 331 return err; 332 } 333 334 static inline void hidp_process_handshake(struct hidp_session *session, unsigned char param) 335 { 336 BT_DBG("session %p param 0x%02x", session, param); 337 338 switch (param) { 339 case HIDP_HSHK_SUCCESSFUL: 340 /* FIXME: Call into SET_ GET_ handlers here */ 341 break; 342 343 case HIDP_HSHK_NOT_READY: 344 case HIDP_HSHK_ERR_INVALID_REPORT_ID: 345 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST: 346 case HIDP_HSHK_ERR_INVALID_PARAMETER: 347 /* FIXME: Call into SET_ GET_ handlers here */ 348 break; 349 350 case HIDP_HSHK_ERR_UNKNOWN: 351 break; 352 353 case HIDP_HSHK_ERR_FATAL: 354 /* Device requests a reboot, as this is the only way this error 355 * can be recovered. */ 356 __hidp_send_ctrl_message(session, 357 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0); 358 break; 359 360 default: 361 __hidp_send_ctrl_message(session, 362 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 363 break; 364 } 365 } 366 367 static inline void hidp_process_hid_control(struct hidp_session *session, unsigned char param) 368 { 369 BT_DBG("session %p param 0x%02x", session, param); 370 371 switch (param) { 372 case HIDP_CTRL_NOP: 373 break; 374 375 case HIDP_CTRL_VIRTUAL_CABLE_UNPLUG: 376 /* Flush the transmit queues */ 377 skb_queue_purge(&session->ctrl_transmit); 378 skb_queue_purge(&session->intr_transmit); 379 380 /* Kill session thread */ 381 atomic_inc(&session->terminate); 382 break; 383 384 case HIDP_CTRL_HARD_RESET: 385 case HIDP_CTRL_SOFT_RESET: 386 case HIDP_CTRL_SUSPEND: 387 case HIDP_CTRL_EXIT_SUSPEND: 388 /* FIXME: We have to parse these and return no error */ 389 break; 390 391 default: 392 __hidp_send_ctrl_message(session, 393 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 394 break; 395 } 396 } 397 398 static inline void hidp_process_data(struct hidp_session *session, struct sk_buff *skb, unsigned char param) 399 { 400 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param); 401 402 switch (param) { 403 case HIDP_DATA_RTYPE_INPUT: 404 hidp_set_timer(session); 405 406 if (session->input) 407 hidp_input_report(session, skb); 408 409 if (session->hid) 410 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0); 411 412 break; 413 414 case HIDP_DATA_RTYPE_OTHER: 415 case HIDP_DATA_RTYPE_OUPUT: 416 case HIDP_DATA_RTYPE_FEATURE: 417 break; 418 419 default: 420 __hidp_send_ctrl_message(session, 421 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 422 } 423 } 424 425 static inline void hidp_recv_ctrl_frame(struct hidp_session *session, struct sk_buff *skb) 426 { 427 unsigned char hdr, type, param; 428 429 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 430 431 hdr = skb->data[0]; 432 skb_pull(skb, 1); 433 434 type = hdr & HIDP_HEADER_TRANS_MASK; 435 param = hdr & HIDP_HEADER_PARAM_MASK; 436 437 switch (type) { 438 case HIDP_TRANS_HANDSHAKE: 439 hidp_process_handshake(session, param); 440 break; 441 442 case HIDP_TRANS_HID_CONTROL: 443 hidp_process_hid_control(session, param); 444 break; 445 446 case HIDP_TRANS_DATA: 447 hidp_process_data(session, skb, param); 448 break; 449 450 default: 451 __hidp_send_ctrl_message(session, 452 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0); 453 break; 454 } 455 456 kfree_skb(skb); 457 } 458 459 static inline void hidp_recv_intr_frame(struct hidp_session *session, struct sk_buff *skb) 460 { 461 unsigned char hdr; 462 463 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 464 465 hdr = skb->data[0]; 466 skb_pull(skb, 1); 467 468 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) { 469 hidp_set_timer(session); 470 471 if (session->input) 472 hidp_input_report(session, skb); 473 474 if (session->hid) { 475 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1); 476 BT_DBG("report len %d", skb->len); 477 } 478 } else { 479 BT_DBG("Unsupported protocol header 0x%02x", hdr); 480 } 481 482 kfree_skb(skb); 483 } 484 485 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len) 486 { 487 struct kvec iv = { data, len }; 488 struct msghdr msg; 489 490 BT_DBG("sock %p data %p len %d", sock, data, len); 491 492 if (!len) 493 return 0; 494 495 memset(&msg, 0, sizeof(msg)); 496 497 return kernel_sendmsg(sock, &msg, &iv, 1, len); 498 } 499 500 static void hidp_process_transmit(struct hidp_session *session) 501 { 502 struct sk_buff *skb; 503 504 BT_DBG("session %p", session); 505 506 while ((skb = skb_dequeue(&session->ctrl_transmit))) { 507 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) { 508 skb_queue_head(&session->ctrl_transmit, skb); 509 break; 510 } 511 512 hidp_set_timer(session); 513 kfree_skb(skb); 514 } 515 516 while ((skb = skb_dequeue(&session->intr_transmit))) { 517 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) { 518 skb_queue_head(&session->intr_transmit, skb); 519 break; 520 } 521 522 hidp_set_timer(session); 523 kfree_skb(skb); 524 } 525 } 526 527 static int hidp_session(void *arg) 528 { 529 struct hidp_session *session = arg; 530 struct sock *ctrl_sk = session->ctrl_sock->sk; 531 struct sock *intr_sk = session->intr_sock->sk; 532 struct sk_buff *skb; 533 int vendor = 0x0000, product = 0x0000; 534 wait_queue_t ctrl_wait, intr_wait; 535 536 BT_DBG("session %p", session); 537 538 if (session->input) { 539 vendor = session->input->id.vendor; 540 product = session->input->id.product; 541 } 542 543 if (session->hid) { 544 vendor = session->hid->vendor; 545 product = session->hid->product; 546 } 547 548 daemonize("khidpd_%04x%04x", vendor, product); 549 set_user_nice(current, -15); 550 current->flags |= PF_NOFREEZE; 551 552 init_waitqueue_entry(&ctrl_wait, current); 553 init_waitqueue_entry(&intr_wait, current); 554 add_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait); 555 add_wait_queue(intr_sk->sk_sleep, &intr_wait); 556 while (!atomic_read(&session->terminate)) { 557 set_current_state(TASK_INTERRUPTIBLE); 558 559 if (ctrl_sk->sk_state != BT_CONNECTED || intr_sk->sk_state != BT_CONNECTED) 560 break; 561 562 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) { 563 skb_orphan(skb); 564 hidp_recv_ctrl_frame(session, skb); 565 } 566 567 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) { 568 skb_orphan(skb); 569 hidp_recv_intr_frame(session, skb); 570 } 571 572 hidp_process_transmit(session); 573 574 schedule(); 575 } 576 set_current_state(TASK_RUNNING); 577 remove_wait_queue(intr_sk->sk_sleep, &intr_wait); 578 remove_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait); 579 580 down_write(&hidp_session_sem); 581 582 hidp_del_timer(session); 583 584 fput(session->intr_sock->file); 585 586 wait_event_timeout(*(ctrl_sk->sk_sleep), 587 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500)); 588 589 fput(session->ctrl_sock->file); 590 591 __hidp_unlink_session(session); 592 593 if (session->input) { 594 input_unregister_device(session->input); 595 session->input = NULL; 596 } 597 598 if (session->hid) { 599 if (session->hid->claimed & HID_CLAIMED_INPUT) 600 hidinput_disconnect(session->hid); 601 hid_free_device(session->hid); 602 } 603 604 up_write(&hidp_session_sem); 605 606 kfree(session); 607 return 0; 608 } 609 610 static struct device *hidp_get_device(struct hidp_session *session) 611 { 612 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src; 613 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst; 614 struct hci_dev *hdev; 615 struct hci_conn *conn; 616 617 hdev = hci_get_route(dst, src); 618 if (!hdev) 619 return NULL; 620 621 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 622 623 hci_dev_put(hdev); 624 625 return conn ? &conn->dev : NULL; 626 } 627 628 static inline void hidp_setup_input(struct hidp_session *session, struct hidp_connadd_req *req) 629 { 630 struct input_dev *input = session->input; 631 int i; 632 633 input->private = session; 634 635 input->name = "Bluetooth HID Boot Protocol Device"; 636 637 input->id.bustype = BUS_BLUETOOTH; 638 input->id.vendor = req->vendor; 639 input->id.product = req->product; 640 input->id.version = req->version; 641 642 if (req->subclass & 0x40) { 643 set_bit(EV_KEY, input->evbit); 644 set_bit(EV_LED, input->evbit); 645 set_bit(EV_REP, input->evbit); 646 647 set_bit(LED_NUML, input->ledbit); 648 set_bit(LED_CAPSL, input->ledbit); 649 set_bit(LED_SCROLLL, input->ledbit); 650 set_bit(LED_COMPOSE, input->ledbit); 651 set_bit(LED_KANA, input->ledbit); 652 653 for (i = 0; i < sizeof(hidp_keycode); i++) 654 set_bit(hidp_keycode[i], input->keybit); 655 clear_bit(0, input->keybit); 656 } 657 658 if (req->subclass & 0x80) { 659 input->evbit[0] = BIT(EV_KEY) | BIT(EV_REL); 660 input->keybit[LONG(BTN_MOUSE)] = BIT(BTN_LEFT) | BIT(BTN_RIGHT) | BIT(BTN_MIDDLE); 661 input->relbit[0] = BIT(REL_X) | BIT(REL_Y); 662 input->keybit[LONG(BTN_MOUSE)] |= BIT(BTN_SIDE) | BIT(BTN_EXTRA); 663 input->relbit[0] |= BIT(REL_WHEEL); 664 } 665 666 input->cdev.dev = hidp_get_device(session); 667 668 input->event = hidp_input_event; 669 670 input_register_device(input); 671 } 672 673 static int hidp_open(struct hid_device *hid) 674 { 675 return 0; 676 } 677 678 static void hidp_close(struct hid_device *hid) 679 { 680 } 681 682 static const struct { 683 __u16 idVendor; 684 __u16 idProduct; 685 unsigned quirks; 686 } hidp_blacklist[] = { 687 /* Apple wireless Mighty Mouse */ 688 { 0x05ac, 0x030c, HID_QUIRK_MIGHTYMOUSE | HID_QUIRK_INVERT_HWHEEL }, 689 690 { } /* Terminating entry */ 691 }; 692 693 static void hidp_setup_quirks(struct hid_device *hid) 694 { 695 unsigned int n; 696 697 for (n = 0; hidp_blacklist[n].idVendor; n++) 698 if (hidp_blacklist[n].idVendor == le16_to_cpu(hid->vendor) && 699 hidp_blacklist[n].idProduct == le16_to_cpu(hid->product)) 700 hid->quirks = hidp_blacklist[n].quirks; 701 } 702 703 static inline void hidp_setup_hid(struct hidp_session *session, struct hidp_connadd_req *req) 704 { 705 struct hid_device *hid = session->hid; 706 struct hid_report *report; 707 bdaddr_t src, dst; 708 709 baswap(&src, &bt_sk(session->ctrl_sock->sk)->src); 710 baswap(&dst, &bt_sk(session->ctrl_sock->sk)->dst); 711 712 hid->driver_data = session; 713 714 hid->country = req->country; 715 716 hid->bus = BUS_BLUETOOTH; 717 hid->vendor = req->vendor; 718 hid->product = req->product; 719 hid->version = req->version; 720 721 strncpy(hid->name, req->name, 128); 722 strncpy(hid->phys, batostr(&src), 64); 723 strncpy(hid->uniq, batostr(&dst), 64); 724 725 hid->dev = hidp_get_device(session); 726 727 hid->hid_open = hidp_open; 728 hid->hid_close = hidp_close; 729 730 hid->hidinput_input_event = hidp_hidinput_event; 731 732 hidp_setup_quirks(hid); 733 734 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].report_list, list) 735 hidp_send_report(session, report); 736 737 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].report_list, list) 738 hidp_send_report(session, report); 739 740 if (hidinput_connect(hid) == 0) { 741 hid->claimed |= HID_CLAIMED_INPUT; 742 hid_ff_init(hid); 743 } 744 } 745 746 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock) 747 { 748 struct hidp_session *session, *s; 749 int err; 750 751 BT_DBG(""); 752 753 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) || 754 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst)) 755 return -ENOTUNIQ; 756 757 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL); 758 if (!session) 759 return -ENOMEM; 760 761 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size); 762 763 if (req->rd_size > 0) { 764 unsigned char *buf = kmalloc(req->rd_size, GFP_KERNEL); 765 766 if (!buf) { 767 kfree(session); 768 return -ENOMEM; 769 } 770 771 if (copy_from_user(buf, req->rd_data, req->rd_size)) { 772 kfree(buf); 773 kfree(session); 774 return -EFAULT; 775 } 776 777 session->hid = hid_parse_report(buf, req->rd_size); 778 779 kfree(buf); 780 781 if (!session->hid) { 782 kfree(session); 783 return -EINVAL; 784 } 785 } 786 787 if (!session->hid) { 788 session->input = input_allocate_device(); 789 if (!session->input) { 790 kfree(session); 791 return -ENOMEM; 792 } 793 } 794 795 down_write(&hidp_session_sem); 796 797 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst); 798 if (s && s->state == BT_CONNECTED) { 799 err = -EEXIST; 800 goto failed; 801 } 802 803 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst); 804 805 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu); 806 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu); 807 808 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu); 809 810 session->ctrl_sock = ctrl_sock; 811 session->intr_sock = intr_sock; 812 session->state = BT_CONNECTED; 813 814 init_timer(&session->timer); 815 816 session->timer.function = hidp_idle_timeout; 817 session->timer.data = (unsigned long) session; 818 819 skb_queue_head_init(&session->ctrl_transmit); 820 skb_queue_head_init(&session->intr_transmit); 821 822 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID); 823 session->idle_to = req->idle_to; 824 825 if (session->input) 826 hidp_setup_input(session, req); 827 828 if (session->hid) 829 hidp_setup_hid(session, req); 830 831 __hidp_link_session(session); 832 833 hidp_set_timer(session); 834 835 err = kernel_thread(hidp_session, session, CLONE_KERNEL); 836 if (err < 0) 837 goto unlink; 838 839 if (session->input) { 840 hidp_send_ctrl_message(session, 841 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0); 842 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE); 843 844 session->leds = 0xff; 845 hidp_input_event(session->input, EV_LED, 0, 0); 846 } 847 848 up_write(&hidp_session_sem); 849 return 0; 850 851 unlink: 852 hidp_del_timer(session); 853 854 __hidp_unlink_session(session); 855 856 if (session->input) { 857 input_unregister_device(session->input); 858 session->input = NULL; /* don't try to free it here */ 859 } 860 861 failed: 862 up_write(&hidp_session_sem); 863 864 if (session->hid) 865 hid_free_device(session->hid); 866 867 kfree(session->input); 868 kfree(session); 869 return err; 870 } 871 872 int hidp_del_connection(struct hidp_conndel_req *req) 873 { 874 struct hidp_session *session; 875 int err = 0; 876 877 BT_DBG(""); 878 879 down_read(&hidp_session_sem); 880 881 session = __hidp_get_session(&req->bdaddr); 882 if (session) { 883 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) { 884 hidp_send_ctrl_message(session, 885 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0); 886 } else { 887 /* Flush the transmit queues */ 888 skb_queue_purge(&session->ctrl_transmit); 889 skb_queue_purge(&session->intr_transmit); 890 891 /* Kill session thread */ 892 atomic_inc(&session->terminate); 893 hidp_schedule(session); 894 } 895 } else 896 err = -ENOENT; 897 898 up_read(&hidp_session_sem); 899 return err; 900 } 901 902 int hidp_get_connlist(struct hidp_connlist_req *req) 903 { 904 struct list_head *p; 905 int err = 0, n = 0; 906 907 BT_DBG(""); 908 909 down_read(&hidp_session_sem); 910 911 list_for_each(p, &hidp_session_list) { 912 struct hidp_session *session; 913 struct hidp_conninfo ci; 914 915 session = list_entry(p, struct hidp_session, list); 916 917 __hidp_copy_session(session, &ci); 918 919 if (copy_to_user(req->ci, &ci, sizeof(ci))) { 920 err = -EFAULT; 921 break; 922 } 923 924 if (++n >= req->cnum) 925 break; 926 927 req->ci++; 928 } 929 req->cnum = n; 930 931 up_read(&hidp_session_sem); 932 return err; 933 } 934 935 int hidp_get_conninfo(struct hidp_conninfo *ci) 936 { 937 struct hidp_session *session; 938 int err = 0; 939 940 down_read(&hidp_session_sem); 941 942 session = __hidp_get_session(&ci->bdaddr); 943 if (session) 944 __hidp_copy_session(session, ci); 945 else 946 err = -ENOENT; 947 948 up_read(&hidp_session_sem); 949 return err; 950 } 951 952 static int __init hidp_init(void) 953 { 954 l2cap_load(); 955 956 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION); 957 958 return hidp_init_sockets(); 959 } 960 961 static void __exit hidp_exit(void) 962 { 963 hidp_cleanup_sockets(); 964 } 965 966 module_init(hidp_init); 967 module_exit(hidp_exit); 968 969 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 970 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION); 971 MODULE_VERSION(VERSION); 972 MODULE_LICENSE("GPL"); 973 MODULE_ALIAS("bt-proto-6"); 974