1 /* 2 HIDP implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org> 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License version 2 as 7 published by the Free Software Foundation; 8 9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 20 SOFTWARE IS DISCLAIMED. 21 */ 22 23 #include <linux/module.h> 24 25 #include <linux/types.h> 26 #include <linux/errno.h> 27 #include <linux/kernel.h> 28 #include <linux/sched.h> 29 #include <linux/slab.h> 30 #include <linux/poll.h> 31 #include <linux/freezer.h> 32 #include <linux/fcntl.h> 33 #include <linux/skbuff.h> 34 #include <linux/socket.h> 35 #include <linux/ioctl.h> 36 #include <linux/file.h> 37 #include <linux/init.h> 38 #include <linux/wait.h> 39 #include <linux/mutex.h> 40 #include <linux/kthread.h> 41 #include <net/sock.h> 42 43 #include <linux/input.h> 44 #include <linux/hid.h> 45 #include <linux/hidraw.h> 46 47 #include <net/bluetooth/bluetooth.h> 48 #include <net/bluetooth/hci_core.h> 49 #include <net/bluetooth/l2cap.h> 50 51 #include "hidp.h" 52 53 #define VERSION "1.2" 54 55 static DECLARE_RWSEM(hidp_session_sem); 56 static LIST_HEAD(hidp_session_list); 57 58 static unsigned char hidp_keycode[256] = { 59 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 60 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 61 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1, 62 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52, 63 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88, 64 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69, 65 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73, 66 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190, 67 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135, 68 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94, 69 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0, 70 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 71 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 72 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 73 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 74 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 75 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115, 76 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140 77 }; 78 79 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }; 80 81 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr) 82 { 83 struct hidp_session *session; 84 struct list_head *p; 85 86 BT_DBG(""); 87 88 list_for_each(p, &hidp_session_list) { 89 session = list_entry(p, struct hidp_session, list); 90 if (!bacmp(bdaddr, &session->bdaddr)) 91 return session; 92 } 93 return NULL; 94 } 95 96 static void __hidp_link_session(struct hidp_session *session) 97 { 98 __module_get(THIS_MODULE); 99 list_add(&session->list, &hidp_session_list); 100 101 hci_conn_hold_device(session->conn); 102 } 103 104 static void __hidp_unlink_session(struct hidp_session *session) 105 { 106 hci_conn_put_device(session->conn); 107 108 list_del(&session->list); 109 module_put(THIS_MODULE); 110 } 111 112 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci) 113 { 114 memset(ci, 0, sizeof(*ci)); 115 bacpy(&ci->bdaddr, &session->bdaddr); 116 117 ci->flags = session->flags; 118 ci->state = session->state; 119 120 ci->vendor = 0x0000; 121 ci->product = 0x0000; 122 ci->version = 0x0000; 123 124 if (session->input) { 125 ci->vendor = session->input->id.vendor; 126 ci->product = session->input->id.product; 127 ci->version = session->input->id.version; 128 if (session->input->name) 129 strncpy(ci->name, session->input->name, 128); 130 else 131 strncpy(ci->name, "HID Boot Device", 128); 132 } 133 134 if (session->hid) { 135 ci->vendor = session->hid->vendor; 136 ci->product = session->hid->product; 137 ci->version = session->hid->version; 138 strncpy(ci->name, session->hid->name, 128); 139 } 140 } 141 142 static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev, 143 unsigned int type, unsigned int code, int value) 144 { 145 unsigned char newleds; 146 struct sk_buff *skb; 147 148 BT_DBG("session %p type %d code %d value %d", session, type, code, value); 149 150 if (type != EV_LED) 151 return -1; 152 153 newleds = (!!test_bit(LED_KANA, dev->led) << 3) | 154 (!!test_bit(LED_COMPOSE, dev->led) << 3) | 155 (!!test_bit(LED_SCROLLL, dev->led) << 2) | 156 (!!test_bit(LED_CAPSL, dev->led) << 1) | 157 (!!test_bit(LED_NUML, dev->led)); 158 159 if (session->leds == newleds) 160 return 0; 161 162 session->leds = newleds; 163 164 skb = alloc_skb(3, GFP_ATOMIC); 165 if (!skb) { 166 BT_ERR("Can't allocate memory for new frame"); 167 return -ENOMEM; 168 } 169 170 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; 171 *skb_put(skb, 1) = 0x01; 172 *skb_put(skb, 1) = newleds; 173 174 skb_queue_tail(&session->intr_transmit, skb); 175 176 hidp_schedule(session); 177 178 return 0; 179 } 180 181 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 182 { 183 struct hid_device *hid = input_get_drvdata(dev); 184 struct hidp_session *session = hid->driver_data; 185 186 return hidp_queue_event(session, dev, type, code, value); 187 } 188 189 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 190 { 191 struct hidp_session *session = input_get_drvdata(dev); 192 193 return hidp_queue_event(session, dev, type, code, value); 194 } 195 196 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) 197 { 198 struct input_dev *dev = session->input; 199 unsigned char *keys = session->keys; 200 unsigned char *udata = skb->data + 1; 201 signed char *sdata = skb->data + 1; 202 int i, size = skb->len - 1; 203 204 switch (skb->data[0]) { 205 case 0x01: /* Keyboard report */ 206 for (i = 0; i < 8; i++) 207 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1); 208 209 /* If all the key codes have been set to 0x01, it means 210 * too many keys were pressed at the same time. */ 211 if (!memcmp(udata + 2, hidp_mkeyspat, 6)) 212 break; 213 214 for (i = 2; i < 8; i++) { 215 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) { 216 if (hidp_keycode[keys[i]]) 217 input_report_key(dev, hidp_keycode[keys[i]], 0); 218 else 219 BT_ERR("Unknown key (scancode %#x) released.", keys[i]); 220 } 221 222 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) { 223 if (hidp_keycode[udata[i]]) 224 input_report_key(dev, hidp_keycode[udata[i]], 1); 225 else 226 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]); 227 } 228 } 229 230 memcpy(keys, udata, 8); 231 break; 232 233 case 0x02: /* Mouse report */ 234 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01); 235 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02); 236 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04); 237 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08); 238 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10); 239 240 input_report_rel(dev, REL_X, sdata[1]); 241 input_report_rel(dev, REL_Y, sdata[2]); 242 243 if (size > 3) 244 input_report_rel(dev, REL_WHEEL, sdata[3]); 245 break; 246 } 247 248 input_sync(dev); 249 } 250 251 static int __hidp_send_ctrl_message(struct hidp_session *session, 252 unsigned char hdr, unsigned char *data, int size) 253 { 254 struct sk_buff *skb; 255 256 BT_DBG("session %p data %p size %d", session, data, size); 257 258 skb = alloc_skb(size + 1, GFP_ATOMIC); 259 if (!skb) { 260 BT_ERR("Can't allocate memory for new frame"); 261 return -ENOMEM; 262 } 263 264 *skb_put(skb, 1) = hdr; 265 if (data && size > 0) 266 memcpy(skb_put(skb, size), data, size); 267 268 skb_queue_tail(&session->ctrl_transmit, skb); 269 270 return 0; 271 } 272 273 static inline int hidp_send_ctrl_message(struct hidp_session *session, 274 unsigned char hdr, unsigned char *data, int size) 275 { 276 int err; 277 278 err = __hidp_send_ctrl_message(session, hdr, data, size); 279 280 hidp_schedule(session); 281 282 return err; 283 } 284 285 static int hidp_queue_report(struct hidp_session *session, 286 unsigned char *data, int size) 287 { 288 struct sk_buff *skb; 289 290 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size); 291 292 skb = alloc_skb(size + 1, GFP_ATOMIC); 293 if (!skb) { 294 BT_ERR("Can't allocate memory for new frame"); 295 return -ENOMEM; 296 } 297 298 *skb_put(skb, 1) = 0xa2; 299 if (size > 0) 300 memcpy(skb_put(skb, size), data, size); 301 302 skb_queue_tail(&session->intr_transmit, skb); 303 304 hidp_schedule(session); 305 306 return 0; 307 } 308 309 static int hidp_send_report(struct hidp_session *session, struct hid_report *report) 310 { 311 unsigned char buf[32]; 312 int rsize; 313 314 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0); 315 if (rsize > sizeof(buf)) 316 return -EIO; 317 318 hid_output_report(report, buf); 319 320 return hidp_queue_report(session, buf, rsize); 321 } 322 323 static int hidp_get_raw_report(struct hid_device *hid, 324 unsigned char report_number, 325 unsigned char *data, size_t count, 326 unsigned char report_type) 327 { 328 struct hidp_session *session = hid->driver_data; 329 struct sk_buff *skb; 330 size_t len; 331 int numbered_reports = hid->report_enum[report_type].numbered; 332 333 switch (report_type) { 334 case HID_FEATURE_REPORT: 335 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE; 336 break; 337 case HID_INPUT_REPORT: 338 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT; 339 break; 340 case HID_OUTPUT_REPORT: 341 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT; 342 break; 343 default: 344 return -EINVAL; 345 } 346 347 if (mutex_lock_interruptible(&session->report_mutex)) 348 return -ERESTARTSYS; 349 350 /* Set up our wait, and send the report request to the device. */ 351 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK; 352 session->waiting_report_number = numbered_reports ? report_number : -1; 353 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 354 data[0] = report_number; 355 if (hidp_send_ctrl_message(hid->driver_data, report_type, data, 1)) 356 goto err_eio; 357 358 /* Wait for the return of the report. The returned report 359 gets put in session->report_return. */ 360 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) { 361 int res; 362 363 res = wait_event_interruptible_timeout(session->report_queue, 364 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags), 365 5*HZ); 366 if (res == 0) { 367 /* timeout */ 368 goto err_eio; 369 } 370 if (res < 0) { 371 /* signal */ 372 goto err_restartsys; 373 } 374 } 375 376 skb = session->report_return; 377 if (skb) { 378 len = skb->len < count ? skb->len : count; 379 memcpy(data, skb->data, len); 380 381 kfree_skb(skb); 382 session->report_return = NULL; 383 } else { 384 /* Device returned a HANDSHAKE, indicating protocol error. */ 385 len = -EIO; 386 } 387 388 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 389 mutex_unlock(&session->report_mutex); 390 391 return len; 392 393 err_restartsys: 394 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 395 mutex_unlock(&session->report_mutex); 396 return -ERESTARTSYS; 397 err_eio: 398 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 399 mutex_unlock(&session->report_mutex); 400 return -EIO; 401 } 402 403 static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count, 404 unsigned char report_type) 405 { 406 struct hidp_session *session = hid->driver_data; 407 int ret; 408 409 switch (report_type) { 410 case HID_FEATURE_REPORT: 411 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE; 412 break; 413 case HID_OUTPUT_REPORT: 414 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT; 415 break; 416 default: 417 return -EINVAL; 418 } 419 420 if (mutex_lock_interruptible(&session->report_mutex)) 421 return -ERESTARTSYS; 422 423 /* Set up our wait, and send the report request to the device. */ 424 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); 425 if (hidp_send_ctrl_message(hid->driver_data, report_type, 426 data, count)) { 427 ret = -ENOMEM; 428 goto err; 429 } 430 431 /* Wait for the ACK from the device. */ 432 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) { 433 int res; 434 435 res = wait_event_interruptible_timeout(session->report_queue, 436 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags), 437 10*HZ); 438 if (res == 0) { 439 /* timeout */ 440 ret = -EIO; 441 goto err; 442 } 443 if (res < 0) { 444 /* signal */ 445 ret = -ERESTARTSYS; 446 goto err; 447 } 448 } 449 450 if (!session->output_report_success) { 451 ret = -EIO; 452 goto err; 453 } 454 455 ret = count; 456 457 err: 458 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); 459 mutex_unlock(&session->report_mutex); 460 return ret; 461 } 462 463 static void hidp_idle_timeout(unsigned long arg) 464 { 465 struct hidp_session *session = (struct hidp_session *) arg; 466 467 atomic_inc(&session->terminate); 468 wake_up_process(session->task); 469 } 470 471 static void hidp_set_timer(struct hidp_session *session) 472 { 473 if (session->idle_to > 0) 474 mod_timer(&session->timer, jiffies + HZ * session->idle_to); 475 } 476 477 static inline void hidp_del_timer(struct hidp_session *session) 478 { 479 if (session->idle_to > 0) 480 del_timer(&session->timer); 481 } 482 483 static void hidp_process_handshake(struct hidp_session *session, 484 unsigned char param) 485 { 486 BT_DBG("session %p param 0x%02x", session, param); 487 session->output_report_success = 0; /* default condition */ 488 489 switch (param) { 490 case HIDP_HSHK_SUCCESSFUL: 491 /* FIXME: Call into SET_ GET_ handlers here */ 492 session->output_report_success = 1; 493 break; 494 495 case HIDP_HSHK_NOT_READY: 496 case HIDP_HSHK_ERR_INVALID_REPORT_ID: 497 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST: 498 case HIDP_HSHK_ERR_INVALID_PARAMETER: 499 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) { 500 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 501 wake_up_interruptible(&session->report_queue); 502 } 503 /* FIXME: Call into SET_ GET_ handlers here */ 504 break; 505 506 case HIDP_HSHK_ERR_UNKNOWN: 507 break; 508 509 case HIDP_HSHK_ERR_FATAL: 510 /* Device requests a reboot, as this is the only way this error 511 * can be recovered. */ 512 __hidp_send_ctrl_message(session, 513 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0); 514 break; 515 516 default: 517 __hidp_send_ctrl_message(session, 518 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 519 break; 520 } 521 522 /* Wake up the waiting thread. */ 523 if (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) { 524 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); 525 wake_up_interruptible(&session->report_queue); 526 } 527 } 528 529 static void hidp_process_hid_control(struct hidp_session *session, 530 unsigned char param) 531 { 532 BT_DBG("session %p param 0x%02x", session, param); 533 534 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) { 535 /* Flush the transmit queues */ 536 skb_queue_purge(&session->ctrl_transmit); 537 skb_queue_purge(&session->intr_transmit); 538 539 atomic_inc(&session->terminate); 540 wake_up_process(current); 541 } 542 } 543 544 /* Returns true if the passed-in skb should be freed by the caller. */ 545 static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb, 546 unsigned char param) 547 { 548 int done_with_skb = 1; 549 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param); 550 551 switch (param) { 552 case HIDP_DATA_RTYPE_INPUT: 553 hidp_set_timer(session); 554 555 if (session->input) 556 hidp_input_report(session, skb); 557 558 if (session->hid) 559 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0); 560 break; 561 562 case HIDP_DATA_RTYPE_OTHER: 563 case HIDP_DATA_RTYPE_OUPUT: 564 case HIDP_DATA_RTYPE_FEATURE: 565 break; 566 567 default: 568 __hidp_send_ctrl_message(session, 569 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 570 } 571 572 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) && 573 param == session->waiting_report_type) { 574 if (session->waiting_report_number < 0 || 575 session->waiting_report_number == skb->data[0]) { 576 /* hidp_get_raw_report() is waiting on this report. */ 577 session->report_return = skb; 578 done_with_skb = 0; 579 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 580 wake_up_interruptible(&session->report_queue); 581 } 582 } 583 584 return done_with_skb; 585 } 586 587 static void hidp_recv_ctrl_frame(struct hidp_session *session, 588 struct sk_buff *skb) 589 { 590 unsigned char hdr, type, param; 591 int free_skb = 1; 592 593 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 594 595 hdr = skb->data[0]; 596 skb_pull(skb, 1); 597 598 type = hdr & HIDP_HEADER_TRANS_MASK; 599 param = hdr & HIDP_HEADER_PARAM_MASK; 600 601 switch (type) { 602 case HIDP_TRANS_HANDSHAKE: 603 hidp_process_handshake(session, param); 604 break; 605 606 case HIDP_TRANS_HID_CONTROL: 607 hidp_process_hid_control(session, param); 608 break; 609 610 case HIDP_TRANS_DATA: 611 free_skb = hidp_process_data(session, skb, param); 612 break; 613 614 default: 615 __hidp_send_ctrl_message(session, 616 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0); 617 break; 618 } 619 620 if (free_skb) 621 kfree_skb(skb); 622 } 623 624 static void hidp_recv_intr_frame(struct hidp_session *session, 625 struct sk_buff *skb) 626 { 627 unsigned char hdr; 628 629 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 630 631 hdr = skb->data[0]; 632 skb_pull(skb, 1); 633 634 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) { 635 hidp_set_timer(session); 636 637 if (session->input) 638 hidp_input_report(session, skb); 639 640 if (session->hid) { 641 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1); 642 BT_DBG("report len %d", skb->len); 643 } 644 } else { 645 BT_DBG("Unsupported protocol header 0x%02x", hdr); 646 } 647 648 kfree_skb(skb); 649 } 650 651 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len) 652 { 653 struct kvec iv = { data, len }; 654 struct msghdr msg; 655 656 BT_DBG("sock %p data %p len %d", sock, data, len); 657 658 if (!len) 659 return 0; 660 661 memset(&msg, 0, sizeof(msg)); 662 663 return kernel_sendmsg(sock, &msg, &iv, 1, len); 664 } 665 666 static void hidp_process_transmit(struct hidp_session *session) 667 { 668 struct sk_buff *skb; 669 670 BT_DBG("session %p", session); 671 672 while ((skb = skb_dequeue(&session->ctrl_transmit))) { 673 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) { 674 skb_queue_head(&session->ctrl_transmit, skb); 675 break; 676 } 677 678 hidp_set_timer(session); 679 kfree_skb(skb); 680 } 681 682 while ((skb = skb_dequeue(&session->intr_transmit))) { 683 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) { 684 skb_queue_head(&session->intr_transmit, skb); 685 break; 686 } 687 688 hidp_set_timer(session); 689 kfree_skb(skb); 690 } 691 } 692 693 static int hidp_session(void *arg) 694 { 695 struct hidp_session *session = arg; 696 struct sock *ctrl_sk = session->ctrl_sock->sk; 697 struct sock *intr_sk = session->intr_sock->sk; 698 struct sk_buff *skb; 699 wait_queue_t ctrl_wait, intr_wait; 700 701 BT_DBG("session %p", session); 702 703 set_user_nice(current, -15); 704 705 init_waitqueue_entry(&ctrl_wait, current); 706 init_waitqueue_entry(&intr_wait, current); 707 add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait); 708 add_wait_queue(sk_sleep(intr_sk), &intr_wait); 709 session->waiting_for_startup = 0; 710 wake_up_interruptible(&session->startup_queue); 711 set_current_state(TASK_INTERRUPTIBLE); 712 while (!atomic_read(&session->terminate)) { 713 if (ctrl_sk->sk_state != BT_CONNECTED || 714 intr_sk->sk_state != BT_CONNECTED) 715 break; 716 717 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) { 718 skb_orphan(skb); 719 if (!skb_linearize(skb)) 720 hidp_recv_ctrl_frame(session, skb); 721 else 722 kfree_skb(skb); 723 } 724 725 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) { 726 skb_orphan(skb); 727 if (!skb_linearize(skb)) 728 hidp_recv_intr_frame(session, skb); 729 else 730 kfree_skb(skb); 731 } 732 733 hidp_process_transmit(session); 734 735 schedule(); 736 set_current_state(TASK_INTERRUPTIBLE); 737 } 738 set_current_state(TASK_RUNNING); 739 remove_wait_queue(sk_sleep(intr_sk), &intr_wait); 740 remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait); 741 742 down_write(&hidp_session_sem); 743 744 hidp_del_timer(session); 745 746 if (session->input) { 747 input_unregister_device(session->input); 748 session->input = NULL; 749 } 750 751 if (session->hid) { 752 hid_destroy_device(session->hid); 753 session->hid = NULL; 754 } 755 756 /* Wakeup user-space polling for socket errors */ 757 session->intr_sock->sk->sk_err = EUNATCH; 758 session->ctrl_sock->sk->sk_err = EUNATCH; 759 760 hidp_schedule(session); 761 762 fput(session->intr_sock->file); 763 764 wait_event_timeout(*(sk_sleep(ctrl_sk)), 765 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500)); 766 767 fput(session->ctrl_sock->file); 768 769 __hidp_unlink_session(session); 770 771 up_write(&hidp_session_sem); 772 773 kfree(session->rd_data); 774 kfree(session); 775 return 0; 776 } 777 778 static struct device *hidp_get_device(struct hidp_session *session) 779 { 780 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src; 781 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst; 782 struct device *device = NULL; 783 struct hci_dev *hdev; 784 785 hdev = hci_get_route(dst, src); 786 if (!hdev) 787 return NULL; 788 789 session->conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 790 if (session->conn) 791 device = &session->conn->dev; 792 793 hci_dev_put(hdev); 794 795 return device; 796 } 797 798 static int hidp_setup_input(struct hidp_session *session, 799 struct hidp_connadd_req *req) 800 { 801 struct input_dev *input; 802 int err, i; 803 804 input = input_allocate_device(); 805 if (!input) 806 return -ENOMEM; 807 808 session->input = input; 809 810 input_set_drvdata(input, session); 811 812 input->name = "Bluetooth HID Boot Protocol Device"; 813 814 input->id.bustype = BUS_BLUETOOTH; 815 input->id.vendor = req->vendor; 816 input->id.product = req->product; 817 input->id.version = req->version; 818 819 if (req->subclass & 0x40) { 820 set_bit(EV_KEY, input->evbit); 821 set_bit(EV_LED, input->evbit); 822 set_bit(EV_REP, input->evbit); 823 824 set_bit(LED_NUML, input->ledbit); 825 set_bit(LED_CAPSL, input->ledbit); 826 set_bit(LED_SCROLLL, input->ledbit); 827 set_bit(LED_COMPOSE, input->ledbit); 828 set_bit(LED_KANA, input->ledbit); 829 830 for (i = 0; i < sizeof(hidp_keycode); i++) 831 set_bit(hidp_keycode[i], input->keybit); 832 clear_bit(0, input->keybit); 833 } 834 835 if (req->subclass & 0x80) { 836 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL); 837 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) | 838 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE); 839 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y); 840 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) | 841 BIT_MASK(BTN_EXTRA); 842 input->relbit[0] |= BIT_MASK(REL_WHEEL); 843 } 844 845 input->dev.parent = hidp_get_device(session); 846 847 input->event = hidp_input_event; 848 849 err = input_register_device(input); 850 if (err < 0) { 851 input_free_device(input); 852 session->input = NULL; 853 return err; 854 } 855 856 return 0; 857 } 858 859 static int hidp_open(struct hid_device *hid) 860 { 861 return 0; 862 } 863 864 static void hidp_close(struct hid_device *hid) 865 { 866 } 867 868 static int hidp_parse(struct hid_device *hid) 869 { 870 struct hidp_session *session = hid->driver_data; 871 872 return hid_parse_report(session->hid, session->rd_data, 873 session->rd_size); 874 } 875 876 static int hidp_start(struct hid_device *hid) 877 { 878 struct hidp_session *session = hid->driver_data; 879 struct hid_report *report; 880 881 if (hid->quirks & HID_QUIRK_NO_INIT_REPORTS) 882 return 0; 883 884 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT]. 885 report_list, list) 886 hidp_send_report(session, report); 887 888 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT]. 889 report_list, list) 890 hidp_send_report(session, report); 891 892 return 0; 893 } 894 895 static void hidp_stop(struct hid_device *hid) 896 { 897 struct hidp_session *session = hid->driver_data; 898 899 skb_queue_purge(&session->ctrl_transmit); 900 skb_queue_purge(&session->intr_transmit); 901 902 hid->claimed = 0; 903 } 904 905 static struct hid_ll_driver hidp_hid_driver = { 906 .parse = hidp_parse, 907 .start = hidp_start, 908 .stop = hidp_stop, 909 .open = hidp_open, 910 .close = hidp_close, 911 .hidinput_input_event = hidp_hidinput_event, 912 }; 913 914 /* This function sets up the hid device. It does not add it 915 to the HID system. That is done in hidp_add_connection(). */ 916 static int hidp_setup_hid(struct hidp_session *session, 917 struct hidp_connadd_req *req) 918 { 919 struct hid_device *hid; 920 int err; 921 922 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL); 923 if (!session->rd_data) 924 return -ENOMEM; 925 926 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) { 927 err = -EFAULT; 928 goto fault; 929 } 930 session->rd_size = req->rd_size; 931 932 hid = hid_allocate_device(); 933 if (IS_ERR(hid)) { 934 err = PTR_ERR(hid); 935 goto fault; 936 } 937 938 session->hid = hid; 939 940 hid->driver_data = session; 941 942 hid->bus = BUS_BLUETOOTH; 943 hid->vendor = req->vendor; 944 hid->product = req->product; 945 hid->version = req->version; 946 hid->country = req->country; 947 948 strncpy(hid->name, req->name, 128); 949 strncpy(hid->phys, batostr(&bt_sk(session->ctrl_sock->sk)->src), 64); 950 strncpy(hid->uniq, batostr(&bt_sk(session->ctrl_sock->sk)->dst), 64); 951 952 hid->dev.parent = hidp_get_device(session); 953 hid->ll_driver = &hidp_hid_driver; 954 955 hid->hid_get_raw_report = hidp_get_raw_report; 956 hid->hid_output_raw_report = hidp_output_raw_report; 957 958 return 0; 959 960 fault: 961 kfree(session->rd_data); 962 session->rd_data = NULL; 963 964 return err; 965 } 966 967 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock) 968 { 969 struct hidp_session *session, *s; 970 int vendor, product; 971 int err; 972 973 BT_DBG(""); 974 975 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) || 976 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst)) 977 return -ENOTUNIQ; 978 979 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL); 980 if (!session) 981 return -ENOMEM; 982 983 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size); 984 985 down_write(&hidp_session_sem); 986 987 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst); 988 if (s && s->state == BT_CONNECTED) { 989 err = -EEXIST; 990 goto failed; 991 } 992 993 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst); 994 995 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->chan->omtu, 996 l2cap_pi(ctrl_sock->sk)->chan->imtu); 997 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->chan->omtu, 998 l2cap_pi(intr_sock->sk)->chan->imtu); 999 1000 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu); 1001 1002 session->ctrl_sock = ctrl_sock; 1003 session->intr_sock = intr_sock; 1004 session->state = BT_CONNECTED; 1005 1006 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session); 1007 1008 skb_queue_head_init(&session->ctrl_transmit); 1009 skb_queue_head_init(&session->intr_transmit); 1010 1011 mutex_init(&session->report_mutex); 1012 init_waitqueue_head(&session->report_queue); 1013 init_waitqueue_head(&session->startup_queue); 1014 session->waiting_for_startup = 1; 1015 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID); 1016 session->idle_to = req->idle_to; 1017 1018 if (req->rd_size > 0) { 1019 err = hidp_setup_hid(session, req); 1020 if (err && err != -ENODEV) 1021 goto purge; 1022 } 1023 1024 if (!session->hid) { 1025 err = hidp_setup_input(session, req); 1026 if (err < 0) 1027 goto purge; 1028 } 1029 1030 __hidp_link_session(session); 1031 1032 hidp_set_timer(session); 1033 1034 if (session->hid) { 1035 vendor = session->hid->vendor; 1036 product = session->hid->product; 1037 } else if (session->input) { 1038 vendor = session->input->id.vendor; 1039 product = session->input->id.product; 1040 } else { 1041 vendor = 0x0000; 1042 product = 0x0000; 1043 } 1044 1045 session->task = kthread_run(hidp_session, session, "khidpd_%04x%04x", 1046 vendor, product); 1047 if (IS_ERR(session->task)) { 1048 err = PTR_ERR(session->task); 1049 goto unlink; 1050 } 1051 1052 while (session->waiting_for_startup) { 1053 wait_event_interruptible(session->startup_queue, 1054 !session->waiting_for_startup); 1055 } 1056 1057 err = hid_add_device(session->hid); 1058 if (err < 0) { 1059 atomic_inc(&session->terminate); 1060 wake_up_process(session->task); 1061 up_write(&hidp_session_sem); 1062 return err; 1063 } 1064 1065 if (session->input) { 1066 hidp_send_ctrl_message(session, 1067 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0); 1068 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE); 1069 1070 session->leds = 0xff; 1071 hidp_input_event(session->input, EV_LED, 0, 0); 1072 } 1073 1074 up_write(&hidp_session_sem); 1075 return 0; 1076 1077 unlink: 1078 hidp_del_timer(session); 1079 1080 __hidp_unlink_session(session); 1081 1082 if (session->input) { 1083 input_unregister_device(session->input); 1084 session->input = NULL; 1085 } 1086 1087 if (session->hid) { 1088 hid_destroy_device(session->hid); 1089 session->hid = NULL; 1090 } 1091 1092 kfree(session->rd_data); 1093 session->rd_data = NULL; 1094 1095 purge: 1096 skb_queue_purge(&session->ctrl_transmit); 1097 skb_queue_purge(&session->intr_transmit); 1098 1099 failed: 1100 up_write(&hidp_session_sem); 1101 1102 kfree(session); 1103 return err; 1104 } 1105 1106 int hidp_del_connection(struct hidp_conndel_req *req) 1107 { 1108 struct hidp_session *session; 1109 int err = 0; 1110 1111 BT_DBG(""); 1112 1113 down_read(&hidp_session_sem); 1114 1115 session = __hidp_get_session(&req->bdaddr); 1116 if (session) { 1117 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) { 1118 hidp_send_ctrl_message(session, 1119 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0); 1120 } else { 1121 /* Flush the transmit queues */ 1122 skb_queue_purge(&session->ctrl_transmit); 1123 skb_queue_purge(&session->intr_transmit); 1124 1125 atomic_inc(&session->terminate); 1126 wake_up_process(session->task); 1127 } 1128 } else 1129 err = -ENOENT; 1130 1131 up_read(&hidp_session_sem); 1132 return err; 1133 } 1134 1135 int hidp_get_connlist(struct hidp_connlist_req *req) 1136 { 1137 struct list_head *p; 1138 int err = 0, n = 0; 1139 1140 BT_DBG(""); 1141 1142 down_read(&hidp_session_sem); 1143 1144 list_for_each(p, &hidp_session_list) { 1145 struct hidp_session *session; 1146 struct hidp_conninfo ci; 1147 1148 session = list_entry(p, struct hidp_session, list); 1149 1150 __hidp_copy_session(session, &ci); 1151 1152 if (copy_to_user(req->ci, &ci, sizeof(ci))) { 1153 err = -EFAULT; 1154 break; 1155 } 1156 1157 if (++n >= req->cnum) 1158 break; 1159 1160 req->ci++; 1161 } 1162 req->cnum = n; 1163 1164 up_read(&hidp_session_sem); 1165 return err; 1166 } 1167 1168 int hidp_get_conninfo(struct hidp_conninfo *ci) 1169 { 1170 struct hidp_session *session; 1171 int err = 0; 1172 1173 down_read(&hidp_session_sem); 1174 1175 session = __hidp_get_session(&ci->bdaddr); 1176 if (session) 1177 __hidp_copy_session(session, ci); 1178 else 1179 err = -ENOENT; 1180 1181 up_read(&hidp_session_sem); 1182 return err; 1183 } 1184 1185 static const struct hid_device_id hidp_table[] = { 1186 { HID_BLUETOOTH_DEVICE(HID_ANY_ID, HID_ANY_ID) }, 1187 { } 1188 }; 1189 1190 static struct hid_driver hidp_driver = { 1191 .name = "generic-bluetooth", 1192 .id_table = hidp_table, 1193 }; 1194 1195 static int __init hidp_init(void) 1196 { 1197 int ret; 1198 1199 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION); 1200 1201 ret = hid_register_driver(&hidp_driver); 1202 if (ret) 1203 goto err; 1204 1205 ret = hidp_init_sockets(); 1206 if (ret) 1207 goto err_drv; 1208 1209 return 0; 1210 err_drv: 1211 hid_unregister_driver(&hidp_driver); 1212 err: 1213 return ret; 1214 } 1215 1216 static void __exit hidp_exit(void) 1217 { 1218 hidp_cleanup_sockets(); 1219 hid_unregister_driver(&hidp_driver); 1220 } 1221 1222 module_init(hidp_init); 1223 module_exit(hidp_exit); 1224 1225 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 1226 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION); 1227 MODULE_VERSION(VERSION); 1228 MODULE_LICENSE("GPL"); 1229 MODULE_ALIAS("bt-proto-6"); 1230