core.c revision 1785dbf9e30be62ab45e34900e574b8307bc98b5
1/* 2 HIDP implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org> 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License version 2 as 7 published by the Free Software Foundation; 8 9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 20 SOFTWARE IS DISCLAIMED. 21*/ 22 23#include <linux/module.h> 24 25#include <linux/types.h> 26#include <linux/errno.h> 27#include <linux/kernel.h> 28#include <linux/sched.h> 29#include <linux/slab.h> 30#include <linux/poll.h> 31#include <linux/freezer.h> 32#include <linux/fcntl.h> 33#include <linux/skbuff.h> 34#include <linux/socket.h> 35#include <linux/ioctl.h> 36#include <linux/file.h> 37#include <linux/init.h> 38#include <linux/wait.h> 39#include <linux/mutex.h> 40#include <linux/kthread.h> 41#include <net/sock.h> 42 43#include <linux/input.h> 44#include <linux/hid.h> 45#include <linux/hidraw.h> 46 47#include <net/bluetooth/bluetooth.h> 48#include <net/bluetooth/hci_core.h> 49#include <net/bluetooth/l2cap.h> 50 51#include "hidp.h" 52 53#define VERSION "1.2" 54 55static DECLARE_RWSEM(hidp_session_sem); 56static LIST_HEAD(hidp_session_list); 57 58static unsigned char hidp_keycode[256] = { 59 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 60 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 61 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1, 62 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52, 63 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88, 64 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69, 65 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73, 66 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190, 67 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135, 68 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94, 69 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0, 70 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 71 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 72 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 73 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 74 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 75 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115, 76 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140 77}; 78 79static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }; 80 81static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr) 82{ 83 struct hidp_session *session; 84 85 BT_DBG(""); 86 87 list_for_each_entry(session, &hidp_session_list, list) { 88 if (!bacmp(bdaddr, &session->bdaddr)) 89 return session; 90 } 91 return NULL; 92} 93 94static void __hidp_link_session(struct hidp_session *session) 95{ 96 __module_get(THIS_MODULE); 97 list_add(&session->list, &hidp_session_list); 98} 99 100static void __hidp_unlink_session(struct hidp_session *session) 101{ 102 hci_conn_put_device(session->conn); 103 104 list_del(&session->list); 105 module_put(THIS_MODULE); 106} 107 108static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci) 109{ 110 memset(ci, 0, sizeof(*ci)); 111 bacpy(&ci->bdaddr, &session->bdaddr); 112 113 ci->flags = session->flags; 114 ci->state = session->state; 115 116 ci->vendor = 0x0000; 117 ci->product = 0x0000; 118 ci->version = 0x0000; 119 120 if (session->input) { 121 ci->vendor = session->input->id.vendor; 122 ci->product = session->input->id.product; 123 ci->version = session->input->id.version; 124 if (session->input->name) 125 strncpy(ci->name, session->input->name, 128); 126 else 127 strncpy(ci->name, "HID Boot Device", 128); 128 } 129 130 if (session->hid) { 131 ci->vendor = session->hid->vendor; 132 ci->product = session->hid->product; 133 ci->version = session->hid->version; 134 strncpy(ci->name, session->hid->name, 128); 135 } 136} 137 138static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev, 139 unsigned int type, unsigned int code, int value) 140{ 141 unsigned char newleds; 142 struct sk_buff *skb; 143 144 BT_DBG("session %p type %d code %d value %d", session, type, code, value); 145 146 if (type != EV_LED) 147 return -1; 148 149 newleds = (!!test_bit(LED_KANA, dev->led) << 3) | 150 (!!test_bit(LED_COMPOSE, dev->led) << 3) | 151 (!!test_bit(LED_SCROLLL, dev->led) << 2) | 152 (!!test_bit(LED_CAPSL, dev->led) << 1) | 153 (!!test_bit(LED_NUML, dev->led)); 154 155 if (session->leds == newleds) 156 return 0; 157 158 session->leds = newleds; 159 160 skb = alloc_skb(3, GFP_ATOMIC); 161 if (!skb) { 162 BT_ERR("Can't allocate memory for new frame"); 163 return -ENOMEM; 164 } 165 166 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; 167 *skb_put(skb, 1) = 0x01; 168 *skb_put(skb, 1) = newleds; 169 170 skb_queue_tail(&session->intr_transmit, skb); 171 172 hidp_schedule(session); 173 174 return 0; 175} 176 177static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 178{ 179 struct hid_device *hid = input_get_drvdata(dev); 180 struct hidp_session *session = hid->driver_data; 181 182 return hidp_queue_event(session, dev, type, code, value); 183} 184 185static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 186{ 187 struct hidp_session *session = input_get_drvdata(dev); 188 189 return hidp_queue_event(session, dev, type, code, value); 190} 191 192static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) 193{ 194 struct input_dev *dev = session->input; 195 unsigned char *keys = session->keys; 196 unsigned char *udata = skb->data + 1; 197 signed char *sdata = skb->data + 1; 198 int i, size = skb->len - 1; 199 200 switch (skb->data[0]) { 201 case 0x01: /* Keyboard report */ 202 for (i = 0; i < 8; i++) 203 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1); 204 205 /* If all the key codes have been set to 0x01, it means 206 * too many keys were pressed at the same time. */ 207 if (!memcmp(udata + 2, hidp_mkeyspat, 6)) 208 break; 209 210 for (i = 2; i < 8; i++) { 211 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) { 212 if (hidp_keycode[keys[i]]) 213 input_report_key(dev, hidp_keycode[keys[i]], 0); 214 else 215 BT_ERR("Unknown key (scancode %#x) released.", keys[i]); 216 } 217 218 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) { 219 if (hidp_keycode[udata[i]]) 220 input_report_key(dev, hidp_keycode[udata[i]], 1); 221 else 222 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]); 223 } 224 } 225 226 memcpy(keys, udata, 8); 227 break; 228 229 case 0x02: /* Mouse report */ 230 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01); 231 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02); 232 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04); 233 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08); 234 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10); 235 236 input_report_rel(dev, REL_X, sdata[1]); 237 input_report_rel(dev, REL_Y, sdata[2]); 238 239 if (size > 3) 240 input_report_rel(dev, REL_WHEEL, sdata[3]); 241 break; 242 } 243 244 input_sync(dev); 245} 246 247static int __hidp_send_ctrl_message(struct hidp_session *session, 248 unsigned char hdr, unsigned char *data, int size) 249{ 250 struct sk_buff *skb; 251 252 BT_DBG("session %p data %p size %d", session, data, size); 253 254 if (atomic_read(&session->terminate)) 255 return -EIO; 256 257 skb = alloc_skb(size + 1, GFP_ATOMIC); 258 if (!skb) { 259 BT_ERR("Can't allocate memory for new frame"); 260 return -ENOMEM; 261 } 262 263 *skb_put(skb, 1) = hdr; 264 if (data && size > 0) 265 memcpy(skb_put(skb, size), data, size); 266 267 skb_queue_tail(&session->ctrl_transmit, skb); 268 269 return 0; 270} 271 272static inline int hidp_send_ctrl_message(struct hidp_session *session, 273 unsigned char hdr, unsigned char *data, int size) 274{ 275 int err; 276 277 err = __hidp_send_ctrl_message(session, hdr, data, size); 278 279 hidp_schedule(session); 280 281 return err; 282} 283 284static int hidp_queue_report(struct hidp_session *session, 285 unsigned char *data, int size) 286{ 287 struct sk_buff *skb; 288 289 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size); 290 291 skb = alloc_skb(size + 1, GFP_ATOMIC); 292 if (!skb) { 293 BT_ERR("Can't allocate memory for new frame"); 294 return -ENOMEM; 295 } 296 297 *skb_put(skb, 1) = 0xa2; 298 if (size > 0) 299 memcpy(skb_put(skb, size), data, size); 300 301 skb_queue_tail(&session->intr_transmit, skb); 302 303 hidp_schedule(session); 304 305 return 0; 306} 307 308static int hidp_send_report(struct hidp_session *session, struct hid_report *report) 309{ 310 unsigned char buf[32]; 311 int rsize; 312 313 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0); 314 if (rsize > sizeof(buf)) 315 return -EIO; 316 317 hid_output_report(report, buf); 318 319 return hidp_queue_report(session, buf, rsize); 320} 321 322static int hidp_get_raw_report(struct hid_device *hid, 323 unsigned char report_number, 324 unsigned char *data, size_t count, 325 unsigned char report_type) 326{ 327 struct hidp_session *session = hid->driver_data; 328 struct sk_buff *skb; 329 size_t len; 330 int numbered_reports = hid->report_enum[report_type].numbered; 331 int ret; 332 333 switch (report_type) { 334 case HID_FEATURE_REPORT: 335 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE; 336 break; 337 case HID_INPUT_REPORT: 338 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT; 339 break; 340 case HID_OUTPUT_REPORT: 341 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT; 342 break; 343 default: 344 return -EINVAL; 345 } 346 347 if (mutex_lock_interruptible(&session->report_mutex)) 348 return -ERESTARTSYS; 349 350 /* Set up our wait, and send the report request to the device. */ 351 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK; 352 session->waiting_report_number = numbered_reports ? report_number : -1; 353 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 354 data[0] = report_number; 355 ret = hidp_send_ctrl_message(hid->driver_data, report_type, data, 1); 356 if (ret) 357 goto err; 358 359 /* Wait for the return of the report. The returned report 360 gets put in session->report_return. */ 361 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) { 362 int res; 363 364 res = wait_event_interruptible_timeout(session->report_queue, 365 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags), 366 5*HZ); 367 if (res == 0) { 368 /* timeout */ 369 ret = -EIO; 370 goto err; 371 } 372 if (res < 0) { 373 /* signal */ 374 ret = -ERESTARTSYS; 375 goto err; 376 } 377 } 378 379 skb = session->report_return; 380 if (skb) { 381 len = skb->len < count ? skb->len : count; 382 memcpy(data, skb->data, len); 383 384 kfree_skb(skb); 385 session->report_return = NULL; 386 } else { 387 /* Device returned a HANDSHAKE, indicating protocol error. */ 388 len = -EIO; 389 } 390 391 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 392 mutex_unlock(&session->report_mutex); 393 394 return len; 395 396err: 397 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 398 mutex_unlock(&session->report_mutex); 399 return ret; 400} 401 402static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count, 403 unsigned char report_type) 404{ 405 struct hidp_session *session = hid->driver_data; 406 int ret; 407 408 switch (report_type) { 409 case HID_FEATURE_REPORT: 410 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE; 411 break; 412 case HID_OUTPUT_REPORT: 413 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT; 414 break; 415 default: 416 return -EINVAL; 417 } 418 419 if (mutex_lock_interruptible(&session->report_mutex)) 420 return -ERESTARTSYS; 421 422 /* Set up our wait, and send the report request to the device. */ 423 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); 424 ret = hidp_send_ctrl_message(hid->driver_data, report_type, data, 425 count); 426 if (ret) 427 goto err; 428 429 /* Wait for the ACK from the device. */ 430 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) { 431 int res; 432 433 res = wait_event_interruptible_timeout(session->report_queue, 434 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags), 435 10*HZ); 436 if (res == 0) { 437 /* timeout */ 438 ret = -EIO; 439 goto err; 440 } 441 if (res < 0) { 442 /* signal */ 443 ret = -ERESTARTSYS; 444 goto err; 445 } 446 } 447 448 if (!session->output_report_success) { 449 ret = -EIO; 450 goto err; 451 } 452 453 ret = count; 454 455err: 456 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); 457 mutex_unlock(&session->report_mutex); 458 return ret; 459} 460 461static void hidp_idle_timeout(unsigned long arg) 462{ 463 struct hidp_session *session = (struct hidp_session *) arg; 464 465 atomic_inc(&session->terminate); 466 wake_up_process(session->task); 467} 468 469static void hidp_set_timer(struct hidp_session *session) 470{ 471 if (session->idle_to > 0) 472 mod_timer(&session->timer, jiffies + HZ * session->idle_to); 473} 474 475static inline void hidp_del_timer(struct hidp_session *session) 476{ 477 if (session->idle_to > 0) 478 del_timer(&session->timer); 479} 480 481static void hidp_process_handshake(struct hidp_session *session, 482 unsigned char param) 483{ 484 BT_DBG("session %p param 0x%02x", session, param); 485 session->output_report_success = 0; /* default condition */ 486 487 switch (param) { 488 case HIDP_HSHK_SUCCESSFUL: 489 /* FIXME: Call into SET_ GET_ handlers here */ 490 session->output_report_success = 1; 491 break; 492 493 case HIDP_HSHK_NOT_READY: 494 case HIDP_HSHK_ERR_INVALID_REPORT_ID: 495 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST: 496 case HIDP_HSHK_ERR_INVALID_PARAMETER: 497 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) 498 wake_up_interruptible(&session->report_queue); 499 500 /* FIXME: Call into SET_ GET_ handlers here */ 501 break; 502 503 case HIDP_HSHK_ERR_UNKNOWN: 504 break; 505 506 case HIDP_HSHK_ERR_FATAL: 507 /* Device requests a reboot, as this is the only way this error 508 * can be recovered. */ 509 __hidp_send_ctrl_message(session, 510 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0); 511 break; 512 513 default: 514 __hidp_send_ctrl_message(session, 515 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 516 break; 517 } 518 519 /* Wake up the waiting thread. */ 520 if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) 521 wake_up_interruptible(&session->report_queue); 522} 523 524static void hidp_process_hid_control(struct hidp_session *session, 525 unsigned char param) 526{ 527 BT_DBG("session %p param 0x%02x", session, param); 528 529 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) { 530 /* Flush the transmit queues */ 531 skb_queue_purge(&session->ctrl_transmit); 532 skb_queue_purge(&session->intr_transmit); 533 534 atomic_inc(&session->terminate); 535 wake_up_process(current); 536 } 537} 538 539/* Returns true if the passed-in skb should be freed by the caller. */ 540static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb, 541 unsigned char param) 542{ 543 int done_with_skb = 1; 544 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param); 545 546 switch (param) { 547 case HIDP_DATA_RTYPE_INPUT: 548 hidp_set_timer(session); 549 550 if (session->input) 551 hidp_input_report(session, skb); 552 553 if (session->hid) 554 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0); 555 break; 556 557 case HIDP_DATA_RTYPE_OTHER: 558 case HIDP_DATA_RTYPE_OUPUT: 559 case HIDP_DATA_RTYPE_FEATURE: 560 break; 561 562 default: 563 __hidp_send_ctrl_message(session, 564 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 565 } 566 567 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) && 568 param == session->waiting_report_type) { 569 if (session->waiting_report_number < 0 || 570 session->waiting_report_number == skb->data[0]) { 571 /* hidp_get_raw_report() is waiting on this report. */ 572 session->report_return = skb; 573 done_with_skb = 0; 574 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 575 wake_up_interruptible(&session->report_queue); 576 } 577 } 578 579 return done_with_skb; 580} 581 582static void hidp_recv_ctrl_frame(struct hidp_session *session, 583 struct sk_buff *skb) 584{ 585 unsigned char hdr, type, param; 586 int free_skb = 1; 587 588 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 589 590 hdr = skb->data[0]; 591 skb_pull(skb, 1); 592 593 type = hdr & HIDP_HEADER_TRANS_MASK; 594 param = hdr & HIDP_HEADER_PARAM_MASK; 595 596 switch (type) { 597 case HIDP_TRANS_HANDSHAKE: 598 hidp_process_handshake(session, param); 599 break; 600 601 case HIDP_TRANS_HID_CONTROL: 602 hidp_process_hid_control(session, param); 603 break; 604 605 case HIDP_TRANS_DATA: 606 free_skb = hidp_process_data(session, skb, param); 607 break; 608 609 default: 610 __hidp_send_ctrl_message(session, 611 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0); 612 break; 613 } 614 615 if (free_skb) 616 kfree_skb(skb); 617} 618 619static void hidp_recv_intr_frame(struct hidp_session *session, 620 struct sk_buff *skb) 621{ 622 unsigned char hdr; 623 624 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 625 626 hdr = skb->data[0]; 627 skb_pull(skb, 1); 628 629 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) { 630 hidp_set_timer(session); 631 632 if (session->input) 633 hidp_input_report(session, skb); 634 635 if (session->hid) { 636 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1); 637 BT_DBG("report len %d", skb->len); 638 } 639 } else { 640 BT_DBG("Unsupported protocol header 0x%02x", hdr); 641 } 642 643 kfree_skb(skb); 644} 645 646static int hidp_send_frame(struct socket *sock, unsigned char *data, int len) 647{ 648 struct kvec iv = { data, len }; 649 struct msghdr msg; 650 651 BT_DBG("sock %p data %p len %d", sock, data, len); 652 653 if (!len) 654 return 0; 655 656 memset(&msg, 0, sizeof(msg)); 657 658 return kernel_sendmsg(sock, &msg, &iv, 1, len); 659} 660 661static void hidp_process_intr_transmit(struct hidp_session *session) 662{ 663 struct sk_buff *skb; 664 665 BT_DBG("session %p", session); 666 667 while ((skb = skb_dequeue(&session->intr_transmit))) { 668 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) { 669 skb_queue_head(&session->intr_transmit, skb); 670 break; 671 } 672 673 hidp_set_timer(session); 674 kfree_skb(skb); 675 } 676} 677 678static void hidp_process_ctrl_transmit(struct hidp_session *session) 679{ 680 struct sk_buff *skb; 681 682 BT_DBG("session %p", session); 683 684 while ((skb = skb_dequeue(&session->ctrl_transmit))) { 685 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) { 686 skb_queue_head(&session->ctrl_transmit, skb); 687 break; 688 } 689 690 hidp_set_timer(session); 691 kfree_skb(skb); 692 } 693} 694 695static int hidp_session(void *arg) 696{ 697 struct hidp_session *session = arg; 698 struct sock *ctrl_sk = session->ctrl_sock->sk; 699 struct sock *intr_sk = session->intr_sock->sk; 700 struct sk_buff *skb; 701 wait_queue_t ctrl_wait, intr_wait; 702 703 BT_DBG("session %p", session); 704 705 set_user_nice(current, -15); 706 707 init_waitqueue_entry(&ctrl_wait, current); 708 init_waitqueue_entry(&intr_wait, current); 709 add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait); 710 add_wait_queue(sk_sleep(intr_sk), &intr_wait); 711 session->waiting_for_startup = 0; 712 wake_up_interruptible(&session->startup_queue); 713 set_current_state(TASK_INTERRUPTIBLE); 714 while (!atomic_read(&session->terminate)) { 715 if (ctrl_sk->sk_state != BT_CONNECTED || 716 intr_sk->sk_state != BT_CONNECTED) 717 break; 718 719 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) { 720 skb_orphan(skb); 721 if (!skb_linearize(skb)) 722 hidp_recv_intr_frame(session, skb); 723 else 724 kfree_skb(skb); 725 } 726 727 hidp_process_intr_transmit(session); 728 729 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) { 730 skb_orphan(skb); 731 if (!skb_linearize(skb)) 732 hidp_recv_ctrl_frame(session, skb); 733 else 734 kfree_skb(skb); 735 } 736 737 hidp_process_ctrl_transmit(session); 738 739 schedule(); 740 set_current_state(TASK_INTERRUPTIBLE); 741 } 742 set_current_state(TASK_RUNNING); 743 remove_wait_queue(sk_sleep(intr_sk), &intr_wait); 744 remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait); 745 746 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); 747 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 748 wake_up_interruptible(&session->report_queue); 749 750 down_write(&hidp_session_sem); 751 752 hidp_del_timer(session); 753 754 if (session->input) { 755 input_unregister_device(session->input); 756 session->input = NULL; 757 } 758 759 if (session->hid) { 760 hid_destroy_device(session->hid); 761 session->hid = NULL; 762 } 763 764 /* Wakeup user-space polling for socket errors */ 765 session->intr_sock->sk->sk_err = EUNATCH; 766 session->ctrl_sock->sk->sk_err = EUNATCH; 767 768 hidp_schedule(session); 769 770 fput(session->intr_sock->file); 771 772 wait_event_timeout(*(sk_sleep(ctrl_sk)), 773 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500)); 774 775 fput(session->ctrl_sock->file); 776 777 __hidp_unlink_session(session); 778 779 up_write(&hidp_session_sem); 780 781 kfree(session->rd_data); 782 kfree(session); 783 return 0; 784} 785 786static struct hci_conn *hidp_find_connection(struct hidp_session *session) 787{ 788 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src; 789 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst; 790 struct hci_conn *conn; 791 struct hci_dev *hdev; 792 793 hdev = hci_get_route(dst, src); 794 if (!hdev) 795 return NULL; 796 797 hci_dev_lock_bh(hdev); 798 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 799 if (conn) 800 hci_conn_hold_device(conn); 801 hci_dev_unlock_bh(hdev); 802 803 hci_dev_put(hdev); 804 805 return conn; 806} 807 808static int hidp_setup_input(struct hidp_session *session, 809 struct hidp_connadd_req *req) 810{ 811 struct input_dev *input; 812 int i; 813 814 input = input_allocate_device(); 815 if (!input) 816 return -ENOMEM; 817 818 session->input = input; 819 820 input_set_drvdata(input, session); 821 822 input->name = "Bluetooth HID Boot Protocol Device"; 823 824 input->id.bustype = BUS_BLUETOOTH; 825 input->id.vendor = req->vendor; 826 input->id.product = req->product; 827 input->id.version = req->version; 828 829 if (req->subclass & 0x40) { 830 set_bit(EV_KEY, input->evbit); 831 set_bit(EV_LED, input->evbit); 832 set_bit(EV_REP, input->evbit); 833 834 set_bit(LED_NUML, input->ledbit); 835 set_bit(LED_CAPSL, input->ledbit); 836 set_bit(LED_SCROLLL, input->ledbit); 837 set_bit(LED_COMPOSE, input->ledbit); 838 set_bit(LED_KANA, input->ledbit); 839 840 for (i = 0; i < sizeof(hidp_keycode); i++) 841 set_bit(hidp_keycode[i], input->keybit); 842 clear_bit(0, input->keybit); 843 } 844 845 if (req->subclass & 0x80) { 846 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL); 847 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) | 848 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE); 849 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y); 850 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) | 851 BIT_MASK(BTN_EXTRA); 852 input->relbit[0] |= BIT_MASK(REL_WHEEL); 853 } 854 855 input->dev.parent = &session->conn->dev; 856 857 input->event = hidp_input_event; 858 859 return 0; 860} 861 862static int hidp_open(struct hid_device *hid) 863{ 864 return 0; 865} 866 867static void hidp_close(struct hid_device *hid) 868{ 869} 870 871static int hidp_parse(struct hid_device *hid) 872{ 873 struct hidp_session *session = hid->driver_data; 874 875 return hid_parse_report(session->hid, session->rd_data, 876 session->rd_size); 877} 878 879static int hidp_start(struct hid_device *hid) 880{ 881 struct hidp_session *session = hid->driver_data; 882 struct hid_report *report; 883 884 if (hid->quirks & HID_QUIRK_NO_INIT_REPORTS) 885 return 0; 886 887 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT]. 888 report_list, list) 889 hidp_send_report(session, report); 890 891 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT]. 892 report_list, list) 893 hidp_send_report(session, report); 894 895 return 0; 896} 897 898static void hidp_stop(struct hid_device *hid) 899{ 900 struct hidp_session *session = hid->driver_data; 901 902 skb_queue_purge(&session->ctrl_transmit); 903 skb_queue_purge(&session->intr_transmit); 904 905 hid->claimed = 0; 906} 907 908static struct hid_ll_driver hidp_hid_driver = { 909 .parse = hidp_parse, 910 .start = hidp_start, 911 .stop = hidp_stop, 912 .open = hidp_open, 913 .close = hidp_close, 914 .hidinput_input_event = hidp_hidinput_event, 915}; 916 917/* This function sets up the hid device. It does not add it 918 to the HID system. That is done in hidp_add_connection(). */ 919static int hidp_setup_hid(struct hidp_session *session, 920 struct hidp_connadd_req *req) 921{ 922 struct hid_device *hid; 923 int err; 924 925 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL); 926 if (!session->rd_data) 927 return -ENOMEM; 928 929 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) { 930 err = -EFAULT; 931 goto fault; 932 } 933 session->rd_size = req->rd_size; 934 935 hid = hid_allocate_device(); 936 if (IS_ERR(hid)) { 937 err = PTR_ERR(hid); 938 goto fault; 939 } 940 941 session->hid = hid; 942 943 hid->driver_data = session; 944 945 hid->bus = BUS_BLUETOOTH; 946 hid->vendor = req->vendor; 947 hid->product = req->product; 948 hid->version = req->version; 949 hid->country = req->country; 950 951 strncpy(hid->name, req->name, 128); 952 strncpy(hid->phys, batostr(&bt_sk(session->ctrl_sock->sk)->src), 64); 953 strncpy(hid->uniq, batostr(&bt_sk(session->ctrl_sock->sk)->dst), 64); 954 955 hid->dev.parent = &session->conn->dev; 956 hid->ll_driver = &hidp_hid_driver; 957 958 hid->hid_get_raw_report = hidp_get_raw_report; 959 hid->hid_output_raw_report = hidp_output_raw_report; 960 961 return 0; 962 963fault: 964 kfree(session->rd_data); 965 session->rd_data = NULL; 966 967 return err; 968} 969 970int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock) 971{ 972 struct hidp_session *session, *s; 973 int vendor, product; 974 int err; 975 976 BT_DBG(""); 977 978 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) || 979 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst)) 980 return -ENOTUNIQ; 981 982 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL); 983 if (!session) 984 return -ENOMEM; 985 986 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size); 987 988 down_write(&hidp_session_sem); 989 990 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst); 991 if (s && s->state == BT_CONNECTED) { 992 err = -EEXIST; 993 goto failed; 994 } 995 996 session->conn = hidp_find_connection(session); 997 if (!session->conn) { 998 err = -ENOTCONN; 999 goto failed; 1000 } 1001 1002 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst); 1003 1004 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->chan->omtu, 1005 l2cap_pi(ctrl_sock->sk)->chan->imtu); 1006 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->chan->omtu, 1007 l2cap_pi(intr_sock->sk)->chan->imtu); 1008 1009 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu); 1010 1011 session->ctrl_sock = ctrl_sock; 1012 session->intr_sock = intr_sock; 1013 session->state = BT_CONNECTED; 1014 1015 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session); 1016 1017 skb_queue_head_init(&session->ctrl_transmit); 1018 skb_queue_head_init(&session->intr_transmit); 1019 1020 mutex_init(&session->report_mutex); 1021 init_waitqueue_head(&session->report_queue); 1022 init_waitqueue_head(&session->startup_queue); 1023 session->waiting_for_startup = 1; 1024 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID); 1025 session->idle_to = req->idle_to; 1026 1027 __hidp_link_session(session); 1028 1029 if (req->rd_size > 0) { 1030 err = hidp_setup_hid(session, req); 1031 if (err) 1032 goto purge; 1033 } 1034 1035 if (!session->hid) { 1036 err = hidp_setup_input(session, req); 1037 if (err < 0) 1038 goto purge; 1039 } 1040 1041 hidp_set_timer(session); 1042 1043 if (session->hid) { 1044 vendor = session->hid->vendor; 1045 product = session->hid->product; 1046 } else if (session->input) { 1047 vendor = session->input->id.vendor; 1048 product = session->input->id.product; 1049 } else { 1050 vendor = 0x0000; 1051 product = 0x0000; 1052 } 1053 1054 session->task = kthread_run(hidp_session, session, "khidpd_%04x%04x", 1055 vendor, product); 1056 if (IS_ERR(session->task)) { 1057 err = PTR_ERR(session->task); 1058 goto unlink; 1059 } 1060 1061 while (session->waiting_for_startup) { 1062 wait_event_interruptible(session->startup_queue, 1063 !session->waiting_for_startup); 1064 } 1065 1066 if (session->hid) 1067 err = hid_add_device(session->hid); 1068 else 1069 err = input_register_device(session->input); 1070 1071 if (err < 0) { 1072 atomic_inc(&session->terminate); 1073 wake_up_process(session->task); 1074 up_write(&hidp_session_sem); 1075 return err; 1076 } 1077 1078 if (session->input) { 1079 hidp_send_ctrl_message(session, 1080 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0); 1081 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE); 1082 1083 session->leds = 0xff; 1084 hidp_input_event(session->input, EV_LED, 0, 0); 1085 } 1086 1087 up_write(&hidp_session_sem); 1088 return 0; 1089 1090unlink: 1091 hidp_del_timer(session); 1092 1093 if (session->input) { 1094 input_unregister_device(session->input); 1095 session->input = NULL; 1096 } 1097 1098 if (session->hid) { 1099 hid_destroy_device(session->hid); 1100 session->hid = NULL; 1101 } 1102 1103 kfree(session->rd_data); 1104 session->rd_data = NULL; 1105 1106purge: 1107 __hidp_unlink_session(session); 1108 1109 skb_queue_purge(&session->ctrl_transmit); 1110 skb_queue_purge(&session->intr_transmit); 1111 1112failed: 1113 up_write(&hidp_session_sem); 1114 1115 kfree(session); 1116 return err; 1117} 1118 1119int hidp_del_connection(struct hidp_conndel_req *req) 1120{ 1121 struct hidp_session *session; 1122 int err = 0; 1123 1124 BT_DBG(""); 1125 1126 down_read(&hidp_session_sem); 1127 1128 session = __hidp_get_session(&req->bdaddr); 1129 if (session) { 1130 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) { 1131 hidp_send_ctrl_message(session, 1132 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0); 1133 } else { 1134 /* Flush the transmit queues */ 1135 skb_queue_purge(&session->ctrl_transmit); 1136 skb_queue_purge(&session->intr_transmit); 1137 1138 atomic_inc(&session->terminate); 1139 wake_up_process(session->task); 1140 } 1141 } else 1142 err = -ENOENT; 1143 1144 up_read(&hidp_session_sem); 1145 return err; 1146} 1147 1148int hidp_get_connlist(struct hidp_connlist_req *req) 1149{ 1150 struct hidp_session *session; 1151 int err = 0, n = 0; 1152 1153 BT_DBG(""); 1154 1155 down_read(&hidp_session_sem); 1156 1157 list_for_each_entry(session, &hidp_session_list, list) { 1158 struct hidp_conninfo ci; 1159 1160 __hidp_copy_session(session, &ci); 1161 1162 if (copy_to_user(req->ci, &ci, sizeof(ci))) { 1163 err = -EFAULT; 1164 break; 1165 } 1166 1167 if (++n >= req->cnum) 1168 break; 1169 1170 req->ci++; 1171 } 1172 req->cnum = n; 1173 1174 up_read(&hidp_session_sem); 1175 return err; 1176} 1177 1178int hidp_get_conninfo(struct hidp_conninfo *ci) 1179{ 1180 struct hidp_session *session; 1181 int err = 0; 1182 1183 down_read(&hidp_session_sem); 1184 1185 session = __hidp_get_session(&ci->bdaddr); 1186 if (session) 1187 __hidp_copy_session(session, ci); 1188 else 1189 err = -ENOENT; 1190 1191 up_read(&hidp_session_sem); 1192 return err; 1193} 1194 1195static const struct hid_device_id hidp_table[] = { 1196 { HID_BLUETOOTH_DEVICE(HID_ANY_ID, HID_ANY_ID) }, 1197 { } 1198}; 1199 1200static struct hid_driver hidp_driver = { 1201 .name = "generic-bluetooth", 1202 .id_table = hidp_table, 1203}; 1204 1205static int __init hidp_init(void) 1206{ 1207 int ret; 1208 1209 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION); 1210 1211 ret = hid_register_driver(&hidp_driver); 1212 if (ret) 1213 goto err; 1214 1215 ret = hidp_init_sockets(); 1216 if (ret) 1217 goto err_drv; 1218 1219 return 0; 1220err_drv: 1221 hid_unregister_driver(&hidp_driver); 1222err: 1223 return ret; 1224} 1225 1226static void __exit hidp_exit(void) 1227{ 1228 hidp_cleanup_sockets(); 1229 hid_unregister_driver(&hidp_driver); 1230} 1231 1232module_init(hidp_init); 1233module_exit(hidp_exit); 1234 1235MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 1236MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION); 1237MODULE_VERSION(VERSION); 1238MODULE_LICENSE("GPL"); 1239MODULE_ALIAS("bt-proto-6"); 1240