1 /* 2 HIDP implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org> 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License version 2 as 7 published by the Free Software Foundation; 8 9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 20 SOFTWARE IS DISCLAIMED. 21 */ 22 23 #include <linux/module.h> 24 25 #include <linux/types.h> 26 #include <linux/errno.h> 27 #include <linux/kernel.h> 28 #include <linux/sched.h> 29 #include <linux/slab.h> 30 #include <linux/poll.h> 31 #include <linux/fcntl.h> 32 #include <linux/skbuff.h> 33 #include <linux/socket.h> 34 #include <linux/ioctl.h> 35 #include <linux/file.h> 36 #include <linux/init.h> 37 #include <linux/wait.h> 38 #include <net/sock.h> 39 40 #include <linux/input.h> 41 #include <linux/hid.h> 42 43 #include <net/bluetooth/bluetooth.h> 44 #include <net/bluetooth/hci_core.h> 45 #include <net/bluetooth/l2cap.h> 46 47 #include "hidp.h" 48 49 #ifndef CONFIG_BT_HIDP_DEBUG 50 #undef BT_DBG 51 #define BT_DBG(D...) 52 #endif 53 54 #define VERSION "1.2" 55 56 static DECLARE_RWSEM(hidp_session_sem); 57 static LIST_HEAD(hidp_session_list); 58 59 static unsigned char hidp_keycode[256] = { 60 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 37, 38, 61 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 21, 44, 2, 3, 62 4, 5, 6, 7, 8, 9, 10, 11, 28, 1, 14, 15, 57, 12, 13, 26, 63 27, 43, 43, 39, 40, 41, 51, 52, 53, 58, 59, 60, 61, 62, 63, 64, 64 65, 66, 67, 68, 87, 88, 99, 70,119,110,102,104,111,107,109,106, 65 105,108,103, 69, 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 66 72, 73, 82, 83, 86,127,116,117,183,184,185,186,187,188,189,190, 67 191,192,193,194,134,138,130,132,128,129,131,137,133,135,136,113, 68 115,114, 0, 0, 0,121, 0, 89, 93,124, 92, 94, 95, 0, 0, 0, 69 122,123, 90, 91, 85, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 70 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 71 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 72 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 73 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 74 29, 42, 56,125, 97, 54,100,126,164,166,165,163,161,115,114,113, 75 150,158,159,128,136,177,178,176,142,152,173,140 76 }; 77 78 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }; 79 80 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr) 81 { 82 struct hidp_session *session; 83 struct list_head *p; 84 85 BT_DBG(""); 86 87 list_for_each(p, &hidp_session_list) { 88 session = list_entry(p, struct hidp_session, list); 89 if (!bacmp(bdaddr, &session->bdaddr)) 90 return session; 91 } 92 return NULL; 93 } 94 95 static void __hidp_link_session(struct hidp_session *session) 96 { 97 __module_get(THIS_MODULE); 98 list_add(&session->list, &hidp_session_list); 99 } 100 101 static void __hidp_unlink_session(struct hidp_session *session) 102 { 103 list_del(&session->list); 104 module_put(THIS_MODULE); 105 } 106 107 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci) 108 { 109 bacpy(&ci->bdaddr, &session->bdaddr); 110 111 ci->flags = session->flags; 112 ci->state = session->state; 113 114 ci->vendor = 0x0000; 115 ci->product = 0x0000; 116 ci->version = 0x0000; 117 memset(ci->name, 0, 128); 118 119 if (session->input) { 120 ci->vendor = session->input->id.vendor; 121 ci->product = session->input->id.product; 122 ci->version = session->input->id.version; 123 if (session->input->name) 124 strncpy(ci->name, session->input->name, 128); 125 else 126 strncpy(ci->name, "HID Boot Device", 128); 127 } 128 129 if (session->hid) { 130 ci->vendor = session->hid->vendor; 131 ci->product = session->hid->product; 132 ci->version = session->hid->version; 133 strncpy(ci->name, session->hid->name, 128); 134 } 135 } 136 137 static inline int hidp_queue_event(struct hidp_session *session, struct input_dev *dev, 138 unsigned int type, unsigned int code, int value) 139 { 140 unsigned char newleds; 141 struct sk_buff *skb; 142 143 BT_DBG("session %p type %d code %d value %d", session, type, code, value); 144 145 if (type != EV_LED) 146 return -1; 147 148 newleds = (!!test_bit(LED_KANA, dev->led) << 3) | 149 (!!test_bit(LED_COMPOSE, dev->led) << 3) | 150 (!!test_bit(LED_SCROLLL, dev->led) << 2) | 151 (!!test_bit(LED_CAPSL, dev->led) << 1) | 152 (!!test_bit(LED_NUML, dev->led)); 153 154 if (session->leds == newleds) 155 return 0; 156 157 session->leds = newleds; 158 159 if (!(skb = alloc_skb(3, GFP_ATOMIC))) { 160 BT_ERR("Can't allocate memory for new frame"); 161 return -ENOMEM; 162 } 163 164 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; 165 *skb_put(skb, 1) = 0x01; 166 *skb_put(skb, 1) = newleds; 167 168 skb_queue_tail(&session->intr_transmit, skb); 169 170 hidp_schedule(session); 171 172 return 0; 173 } 174 175 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 176 { 177 struct hid_device *hid = dev->private; 178 struct hidp_session *session = hid->driver_data; 179 180 return hidp_queue_event(session, dev, type, code, value); 181 } 182 183 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 184 { 185 struct hidp_session *session = dev->private; 186 187 return hidp_queue_event(session, dev, type, code, value); 188 } 189 190 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) 191 { 192 struct input_dev *dev = session->input; 193 unsigned char *keys = session->keys; 194 unsigned char *udata = skb->data + 1; 195 signed char *sdata = skb->data + 1; 196 int i, size = skb->len - 1; 197 198 switch (skb->data[0]) { 199 case 0x01: /* Keyboard report */ 200 for (i = 0; i < 8; i++) 201 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1); 202 203 /* If all the key codes have been set to 0x01, it means 204 * too many keys were pressed at the same time. */ 205 if (!memcmp(udata + 2, hidp_mkeyspat, 6)) 206 break; 207 208 for (i = 2; i < 8; i++) { 209 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) { 210 if (hidp_keycode[keys[i]]) 211 input_report_key(dev, hidp_keycode[keys[i]], 0); 212 else 213 BT_ERR("Unknown key (scancode %#x) released.", keys[i]); 214 } 215 216 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) { 217 if (hidp_keycode[udata[i]]) 218 input_report_key(dev, hidp_keycode[udata[i]], 1); 219 else 220 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]); 221 } 222 } 223 224 memcpy(keys, udata, 8); 225 break; 226 227 case 0x02: /* Mouse report */ 228 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01); 229 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02); 230 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04); 231 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08); 232 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10); 233 234 input_report_rel(dev, REL_X, sdata[1]); 235 input_report_rel(dev, REL_Y, sdata[2]); 236 237 if (size > 3) 238 input_report_rel(dev, REL_WHEEL, sdata[3]); 239 break; 240 } 241 242 input_sync(dev); 243 } 244 245 static inline int hidp_queue_report(struct hidp_session *session, unsigned char *data, int size) 246 { 247 struct sk_buff *skb; 248 249 BT_DBG("session %p hid %p data %p size %d", session, device, data, size); 250 251 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) { 252 BT_ERR("Can't allocate memory for new frame"); 253 return -ENOMEM; 254 } 255 256 *skb_put(skb, 1) = 0xa2; 257 if (size > 0) 258 memcpy(skb_put(skb, size), data, size); 259 260 skb_queue_tail(&session->intr_transmit, skb); 261 262 hidp_schedule(session); 263 264 return 0; 265 } 266 267 static int hidp_send_report(struct hidp_session *session, struct hid_report *report) 268 { 269 unsigned char buf[32]; 270 int rsize; 271 272 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0); 273 if (rsize > sizeof(buf)) 274 return -EIO; 275 276 hid_output_report(report, buf); 277 278 return hidp_queue_report(session, buf, rsize); 279 } 280 281 static void hidp_idle_timeout(unsigned long arg) 282 { 283 struct hidp_session *session = (struct hidp_session *) arg; 284 285 atomic_inc(&session->terminate); 286 hidp_schedule(session); 287 } 288 289 static inline void hidp_set_timer(struct hidp_session *session) 290 { 291 if (session->idle_to > 0) 292 mod_timer(&session->timer, jiffies + HZ * session->idle_to); 293 } 294 295 static inline void hidp_del_timer(struct hidp_session *session) 296 { 297 if (session->idle_to > 0) 298 del_timer(&session->timer); 299 } 300 301 static int __hidp_send_ctrl_message(struct hidp_session *session, 302 unsigned char hdr, unsigned char *data, int size) 303 { 304 struct sk_buff *skb; 305 306 BT_DBG("session %p data %p size %d", session, data, size); 307 308 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) { 309 BT_ERR("Can't allocate memory for new frame"); 310 return -ENOMEM; 311 } 312 313 *skb_put(skb, 1) = hdr; 314 if (data && size > 0) 315 memcpy(skb_put(skb, size), data, size); 316 317 skb_queue_tail(&session->ctrl_transmit, skb); 318 319 return 0; 320 } 321 322 static int inline hidp_send_ctrl_message(struct hidp_session *session, 323 unsigned char hdr, unsigned char *data, int size) 324 { 325 int err; 326 327 err = __hidp_send_ctrl_message(session, hdr, data, size); 328 329 hidp_schedule(session); 330 331 return err; 332 } 333 334 static inline void hidp_process_handshake(struct hidp_session *session, unsigned char param) 335 { 336 BT_DBG("session %p param 0x%02x", session, param); 337 338 switch (param) { 339 case HIDP_HSHK_SUCCESSFUL: 340 /* FIXME: Call into SET_ GET_ handlers here */ 341 break; 342 343 case HIDP_HSHK_NOT_READY: 344 case HIDP_HSHK_ERR_INVALID_REPORT_ID: 345 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST: 346 case HIDP_HSHK_ERR_INVALID_PARAMETER: 347 /* FIXME: Call into SET_ GET_ handlers here */ 348 break; 349 350 case HIDP_HSHK_ERR_UNKNOWN: 351 break; 352 353 case HIDP_HSHK_ERR_FATAL: 354 /* Device requests a reboot, as this is the only way this error 355 * can be recovered. */ 356 __hidp_send_ctrl_message(session, 357 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0); 358 break; 359 360 default: 361 __hidp_send_ctrl_message(session, 362 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 363 break; 364 } 365 } 366 367 static inline void hidp_process_hid_control(struct hidp_session *session, unsigned char param) 368 { 369 BT_DBG("session %p param 0x%02x", session, param); 370 371 switch (param) { 372 case HIDP_CTRL_NOP: 373 break; 374 375 case HIDP_CTRL_VIRTUAL_CABLE_UNPLUG: 376 /* Flush the transmit queues */ 377 skb_queue_purge(&session->ctrl_transmit); 378 skb_queue_purge(&session->intr_transmit); 379 380 /* Kill session thread */ 381 atomic_inc(&session->terminate); 382 break; 383 384 case HIDP_CTRL_HARD_RESET: 385 case HIDP_CTRL_SOFT_RESET: 386 case HIDP_CTRL_SUSPEND: 387 case HIDP_CTRL_EXIT_SUSPEND: 388 /* FIXME: We have to parse these and return no error */ 389 break; 390 391 default: 392 __hidp_send_ctrl_message(session, 393 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 394 break; 395 } 396 } 397 398 static inline void hidp_process_data(struct hidp_session *session, struct sk_buff *skb, unsigned char param) 399 { 400 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param); 401 402 switch (param) { 403 case HIDP_DATA_RTYPE_INPUT: 404 hidp_set_timer(session); 405 406 if (session->input) 407 hidp_input_report(session, skb); 408 409 if (session->hid) 410 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0); 411 412 break; 413 414 case HIDP_DATA_RTYPE_OTHER: 415 case HIDP_DATA_RTYPE_OUPUT: 416 case HIDP_DATA_RTYPE_FEATURE: 417 break; 418 419 default: 420 __hidp_send_ctrl_message(session, 421 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 422 } 423 } 424 425 static inline void hidp_recv_ctrl_frame(struct hidp_session *session, struct sk_buff *skb) 426 { 427 unsigned char hdr, type, param; 428 429 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 430 431 hdr = skb->data[0]; 432 skb_pull(skb, 1); 433 434 type = hdr & HIDP_HEADER_TRANS_MASK; 435 param = hdr & HIDP_HEADER_PARAM_MASK; 436 437 switch (type) { 438 case HIDP_TRANS_HANDSHAKE: 439 hidp_process_handshake(session, param); 440 break; 441 442 case HIDP_TRANS_HID_CONTROL: 443 hidp_process_hid_control(session, param); 444 break; 445 446 case HIDP_TRANS_DATA: 447 hidp_process_data(session, skb, param); 448 break; 449 450 default: 451 __hidp_send_ctrl_message(session, 452 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0); 453 break; 454 } 455 456 kfree_skb(skb); 457 } 458 459 static inline void hidp_recv_intr_frame(struct hidp_session *session, struct sk_buff *skb) 460 { 461 unsigned char hdr; 462 463 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 464 465 hdr = skb->data[0]; 466 skb_pull(skb, 1); 467 468 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) { 469 hidp_set_timer(session); 470 471 if (session->input) 472 hidp_input_report(session, skb); 473 474 if (session->hid) { 475 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1); 476 BT_DBG("report len %d", skb->len); 477 } 478 } else { 479 BT_DBG("Unsupported protocol header 0x%02x", hdr); 480 } 481 482 kfree_skb(skb); 483 } 484 485 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len) 486 { 487 struct kvec iv = { data, len }; 488 struct msghdr msg; 489 490 BT_DBG("sock %p data %p len %d", sock, data, len); 491 492 if (!len) 493 return 0; 494 495 memset(&msg, 0, sizeof(msg)); 496 497 return kernel_sendmsg(sock, &msg, &iv, 1, len); 498 } 499 500 static void hidp_process_transmit(struct hidp_session *session) 501 { 502 struct sk_buff *skb; 503 504 BT_DBG("session %p", session); 505 506 while ((skb = skb_dequeue(&session->ctrl_transmit))) { 507 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) { 508 skb_queue_head(&session->ctrl_transmit, skb); 509 break; 510 } 511 512 hidp_set_timer(session); 513 kfree_skb(skb); 514 } 515 516 while ((skb = skb_dequeue(&session->intr_transmit))) { 517 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) { 518 skb_queue_head(&session->intr_transmit, skb); 519 break; 520 } 521 522 hidp_set_timer(session); 523 kfree_skb(skb); 524 } 525 } 526 527 static int hidp_session(void *arg) 528 { 529 struct hidp_session *session = arg; 530 struct sock *ctrl_sk = session->ctrl_sock->sk; 531 struct sock *intr_sk = session->intr_sock->sk; 532 struct sk_buff *skb; 533 int vendor = 0x0000, product = 0x0000; 534 wait_queue_t ctrl_wait, intr_wait; 535 536 BT_DBG("session %p", session); 537 538 if (session->input) { 539 vendor = session->input->id.vendor; 540 product = session->input->id.product; 541 } 542 543 if (session->hid) { 544 vendor = session->hid->vendor; 545 product = session->hid->product; 546 } 547 548 daemonize("khidpd_%04x%04x", vendor, product); 549 set_user_nice(current, -15); 550 current->flags |= PF_NOFREEZE; 551 552 init_waitqueue_entry(&ctrl_wait, current); 553 init_waitqueue_entry(&intr_wait, current); 554 add_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait); 555 add_wait_queue(intr_sk->sk_sleep, &intr_wait); 556 while (!atomic_read(&session->terminate)) { 557 set_current_state(TASK_INTERRUPTIBLE); 558 559 if (ctrl_sk->sk_state != BT_CONNECTED || intr_sk->sk_state != BT_CONNECTED) 560 break; 561 562 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) { 563 skb_orphan(skb); 564 hidp_recv_ctrl_frame(session, skb); 565 } 566 567 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) { 568 skb_orphan(skb); 569 hidp_recv_intr_frame(session, skb); 570 } 571 572 hidp_process_transmit(session); 573 574 schedule(); 575 } 576 set_current_state(TASK_RUNNING); 577 remove_wait_queue(intr_sk->sk_sleep, &intr_wait); 578 remove_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait); 579 580 down_write(&hidp_session_sem); 581 582 hidp_del_timer(session); 583 584 fput(session->intr_sock->file); 585 586 wait_event_timeout(*(ctrl_sk->sk_sleep), 587 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500)); 588 589 fput(session->ctrl_sock->file); 590 591 __hidp_unlink_session(session); 592 593 if (session->input) { 594 input_unregister_device(session->input); 595 session->input = NULL; 596 } 597 598 if (session->hid) { 599 if (session->hid->claimed & HID_CLAIMED_INPUT) 600 hidinput_disconnect(session->hid); 601 hid_free_device(session->hid); 602 } 603 604 up_write(&hidp_session_sem); 605 606 kfree(session); 607 return 0; 608 } 609 610 static struct device *hidp_get_device(struct hidp_session *session) 611 { 612 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src; 613 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst; 614 struct hci_dev *hdev; 615 struct hci_conn *conn; 616 617 hdev = hci_get_route(dst, src); 618 if (!hdev) 619 return NULL; 620 621 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 622 623 hci_dev_put(hdev); 624 625 return conn ? &conn->dev : NULL; 626 } 627 628 static inline void hidp_setup_input(struct hidp_session *session, struct hidp_connadd_req *req) 629 { 630 struct input_dev *input = session->input; 631 int i; 632 633 input->private = session; 634 635 input->name = "Bluetooth HID Boot Protocol Device"; 636 637 input->id.bustype = BUS_BLUETOOTH; 638 input->id.vendor = req->vendor; 639 input->id.product = req->product; 640 input->id.version = req->version; 641 642 if (req->subclass & 0x40) { 643 set_bit(EV_KEY, input->evbit); 644 set_bit(EV_LED, input->evbit); 645 set_bit(EV_REP, input->evbit); 646 647 set_bit(LED_NUML, input->ledbit); 648 set_bit(LED_CAPSL, input->ledbit); 649 set_bit(LED_SCROLLL, input->ledbit); 650 set_bit(LED_COMPOSE, input->ledbit); 651 set_bit(LED_KANA, input->ledbit); 652 653 for (i = 0; i < sizeof(hidp_keycode); i++) 654 set_bit(hidp_keycode[i], input->keybit); 655 clear_bit(0, input->keybit); 656 } 657 658 if (req->subclass & 0x80) { 659 input->evbit[0] = BIT(EV_KEY) | BIT(EV_REL); 660 input->keybit[LONG(BTN_MOUSE)] = BIT(BTN_LEFT) | BIT(BTN_RIGHT) | BIT(BTN_MIDDLE); 661 input->relbit[0] = BIT(REL_X) | BIT(REL_Y); 662 input->keybit[LONG(BTN_MOUSE)] |= BIT(BTN_SIDE) | BIT(BTN_EXTRA); 663 input->relbit[0] |= BIT(REL_WHEEL); 664 } 665 666 input->cdev.dev = hidp_get_device(session); 667 668 input->event = hidp_input_event; 669 670 input_register_device(input); 671 } 672 673 static int hidp_open(struct hid_device *hid) 674 { 675 return 0; 676 } 677 678 static void hidp_close(struct hid_device *hid) 679 { 680 } 681 682 static inline void hidp_setup_hid(struct hidp_session *session, struct hidp_connadd_req *req) 683 { 684 struct hid_device *hid = session->hid; 685 struct hid_report *report; 686 bdaddr_t src, dst; 687 688 baswap(&src, &bt_sk(session->ctrl_sock->sk)->src); 689 baswap(&dst, &bt_sk(session->ctrl_sock->sk)->dst); 690 691 hid->driver_data = session; 692 693 hid->country = req->country; 694 695 hid->bus = BUS_BLUETOOTH; 696 hid->vendor = req->vendor; 697 hid->product = req->product; 698 hid->version = req->version; 699 700 strncpy(hid->name, req->name, 128); 701 strncpy(hid->phys, batostr(&src), 64); 702 strncpy(hid->uniq, batostr(&dst), 64); 703 704 hid->dev = hidp_get_device(session); 705 706 hid->hid_open = hidp_open; 707 hid->hid_close = hidp_close; 708 709 hid->hidinput_input_event = hidp_hidinput_event; 710 711 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].report_list, list) 712 hidp_send_report(session, report); 713 714 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].report_list, list) 715 hidp_send_report(session, report); 716 717 if (hidinput_connect(hid) == 0) { 718 hid->claimed |= HID_CLAIMED_INPUT; 719 hid_ff_init(hid); 720 } 721 } 722 723 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock) 724 { 725 struct hidp_session *session, *s; 726 int err; 727 728 BT_DBG(""); 729 730 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) || 731 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst)) 732 return -ENOTUNIQ; 733 734 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL); 735 if (!session) 736 return -ENOMEM; 737 738 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size); 739 740 if (req->rd_size > 0) { 741 unsigned char *buf = kmalloc(req->rd_size, GFP_KERNEL); 742 743 if (!buf) { 744 kfree(session); 745 return -ENOMEM; 746 } 747 748 if (copy_from_user(buf, req->rd_data, req->rd_size)) { 749 kfree(buf); 750 kfree(session); 751 return -EFAULT; 752 } 753 754 session->hid = hid_parse_report(buf, req->rd_size); 755 756 kfree(buf); 757 758 if (!session->hid) { 759 kfree(session); 760 return -EINVAL; 761 } 762 } 763 764 if (!session->hid) { 765 session->input = input_allocate_device(); 766 if (!session->input) { 767 kfree(session); 768 return -ENOMEM; 769 } 770 } 771 772 down_write(&hidp_session_sem); 773 774 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst); 775 if (s && s->state == BT_CONNECTED) { 776 err = -EEXIST; 777 goto failed; 778 } 779 780 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst); 781 782 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu); 783 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu); 784 785 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu); 786 787 session->ctrl_sock = ctrl_sock; 788 session->intr_sock = intr_sock; 789 session->state = BT_CONNECTED; 790 791 init_timer(&session->timer); 792 793 session->timer.function = hidp_idle_timeout; 794 session->timer.data = (unsigned long) session; 795 796 skb_queue_head_init(&session->ctrl_transmit); 797 skb_queue_head_init(&session->intr_transmit); 798 799 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID); 800 session->idle_to = req->idle_to; 801 802 if (session->input) 803 hidp_setup_input(session, req); 804 805 if (session->hid) 806 hidp_setup_hid(session, req); 807 808 __hidp_link_session(session); 809 810 hidp_set_timer(session); 811 812 err = kernel_thread(hidp_session, session, CLONE_KERNEL); 813 if (err < 0) 814 goto unlink; 815 816 if (session->input) { 817 hidp_send_ctrl_message(session, 818 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0); 819 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE); 820 821 session->leds = 0xff; 822 hidp_input_event(session->input, EV_LED, 0, 0); 823 } 824 825 up_write(&hidp_session_sem); 826 return 0; 827 828 unlink: 829 hidp_del_timer(session); 830 831 __hidp_unlink_session(session); 832 833 if (session->input) { 834 input_unregister_device(session->input); 835 session->input = NULL; /* don't try to free it here */ 836 } 837 838 failed: 839 up_write(&hidp_session_sem); 840 841 if (session->hid) 842 hid_free_device(session->hid); 843 844 kfree(session->input); 845 kfree(session); 846 return err; 847 } 848 849 int hidp_del_connection(struct hidp_conndel_req *req) 850 { 851 struct hidp_session *session; 852 int err = 0; 853 854 BT_DBG(""); 855 856 down_read(&hidp_session_sem); 857 858 session = __hidp_get_session(&req->bdaddr); 859 if (session) { 860 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) { 861 hidp_send_ctrl_message(session, 862 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0); 863 } else { 864 /* Flush the transmit queues */ 865 skb_queue_purge(&session->ctrl_transmit); 866 skb_queue_purge(&session->intr_transmit); 867 868 /* Kill session thread */ 869 atomic_inc(&session->terminate); 870 hidp_schedule(session); 871 } 872 } else 873 err = -ENOENT; 874 875 up_read(&hidp_session_sem); 876 return err; 877 } 878 879 int hidp_get_connlist(struct hidp_connlist_req *req) 880 { 881 struct list_head *p; 882 int err = 0, n = 0; 883 884 BT_DBG(""); 885 886 down_read(&hidp_session_sem); 887 888 list_for_each(p, &hidp_session_list) { 889 struct hidp_session *session; 890 struct hidp_conninfo ci; 891 892 session = list_entry(p, struct hidp_session, list); 893 894 __hidp_copy_session(session, &ci); 895 896 if (copy_to_user(req->ci, &ci, sizeof(ci))) { 897 err = -EFAULT; 898 break; 899 } 900 901 if (++n >= req->cnum) 902 break; 903 904 req->ci++; 905 } 906 req->cnum = n; 907 908 up_read(&hidp_session_sem); 909 return err; 910 } 911 912 int hidp_get_conninfo(struct hidp_conninfo *ci) 913 { 914 struct hidp_session *session; 915 int err = 0; 916 917 down_read(&hidp_session_sem); 918 919 session = __hidp_get_session(&ci->bdaddr); 920 if (session) 921 __hidp_copy_session(session, ci); 922 else 923 err = -ENOENT; 924 925 up_read(&hidp_session_sem); 926 return err; 927 } 928 929 static int __init hidp_init(void) 930 { 931 l2cap_load(); 932 933 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION); 934 935 return hidp_init_sockets(); 936 } 937 938 static void __exit hidp_exit(void) 939 { 940 hidp_cleanup_sockets(); 941 } 942 943 module_init(hidp_init); 944 module_exit(hidp_exit); 945 946 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 947 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION); 948 MODULE_VERSION(VERSION); 949 MODULE_LICENSE("GPL"); 950 MODULE_ALIAS("bt-proto-6"); 951