Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
core.c
Go to the documentation of this file.
1 /*
2  HIDP implementation for Linux Bluetooth stack (BlueZ).
3  Copyright (C) 2003-2004 Marcel Holtmann <[email protected]>
4 
5  This program is free software; you can redistribute it and/or modify
6  it under the terms of the GNU General Public License version 2 as
7  published by the Free Software Foundation;
8 
9  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10  OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12  IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13  CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14  WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15  ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16  OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 
18  ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19  COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20  SOFTWARE IS DISCLAIMED.
21 */
22 
23 #include <linux/module.h>
24 #include <linux/file.h>
25 #include <linux/kthread.h>
26 #include <linux/hidraw.h>
27 
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/l2cap.h>
31 
32 #include "hidp.h"
33 
34 #define VERSION "1.2"
35 
36 static DECLARE_RWSEM(hidp_session_sem);
37 static LIST_HEAD(hidp_session_list);
38 
39 static unsigned char hidp_keycode[256] = {
40  0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36,
41  37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45,
42  21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1,
43  14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52,
44  53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88,
45  99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69,
46  98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73,
47  82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
48  191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
49  136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94,
50  95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0,
51  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
52  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
53  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
54  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
55  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
56  29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115,
57  114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
58 };
59 
60 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
61 
62 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
63 {
64  struct hidp_session *session;
65 
66  BT_DBG("");
67 
68  list_for_each_entry(session, &hidp_session_list, list) {
69  if (!bacmp(bdaddr, &session->bdaddr))
70  return session;
71  }
72 
73  return NULL;
74 }
75 
76 static void __hidp_link_session(struct hidp_session *session)
77 {
78  list_add(&session->list, &hidp_session_list);
79 }
80 
81 static void __hidp_unlink_session(struct hidp_session *session)
82 {
83  hci_conn_put_device(session->conn);
84 
85  list_del(&session->list);
86 }
87 
88 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
89 {
90  memset(ci, 0, sizeof(*ci));
91  bacpy(&ci->bdaddr, &session->bdaddr);
92 
93  ci->flags = session->flags;
94  ci->state = session->state;
95 
96  ci->vendor = 0x0000;
97  ci->product = 0x0000;
98  ci->version = 0x0000;
99 
100  if (session->input) {
101  ci->vendor = session->input->id.vendor;
102  ci->product = session->input->id.product;
103  ci->version = session->input->id.version;
104  if (session->input->name)
105  strncpy(ci->name, session->input->name, 128);
106  else
107  strncpy(ci->name, "HID Boot Device", 128);
108  }
109 
110  if (session->hid) {
111  ci->vendor = session->hid->vendor;
112  ci->product = session->hid->product;
113  ci->version = session->hid->version;
114  strncpy(ci->name, session->hid->name, 128);
115  }
116 }
117 
118 static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
119  unsigned int type, unsigned int code, int value)
120 {
121  unsigned char newleds;
122  struct sk_buff *skb;
123 
124  BT_DBG("session %p type %d code %d value %d", session, type, code, value);
125 
126  if (type != EV_LED)
127  return -1;
128 
129  newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
130  (!!test_bit(LED_COMPOSE, dev->led) << 3) |
131  (!!test_bit(LED_SCROLLL, dev->led) << 2) |
132  (!!test_bit(LED_CAPSL, dev->led) << 1) |
133  (!!test_bit(LED_NUML, dev->led));
134 
135  if (session->leds == newleds)
136  return 0;
137 
138  session->leds = newleds;
139 
140  skb = alloc_skb(3, GFP_ATOMIC);
141  if (!skb) {
142  BT_ERR("Can't allocate memory for new frame");
143  return -ENOMEM;
144  }
145 
147  *skb_put(skb, 1) = 0x01;
148  *skb_put(skb, 1) = newleds;
149 
150  skb_queue_tail(&session->intr_transmit, skb);
151 
152  hidp_schedule(session);
153 
154  return 0;
155 }
156 
157 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
158 {
159  struct hid_device *hid = input_get_drvdata(dev);
160  struct hidp_session *session = hid->driver_data;
161 
162  return hidp_queue_event(session, dev, type, code, value);
163 }
164 
165 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
166 {
167  struct hidp_session *session = input_get_drvdata(dev);
168 
169  return hidp_queue_event(session, dev, type, code, value);
170 }
171 
172 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
173 {
174  struct input_dev *dev = session->input;
175  unsigned char *keys = session->keys;
176  unsigned char *udata = skb->data + 1;
177  signed char *sdata = skb->data + 1;
178  int i, size = skb->len - 1;
179 
180  switch (skb->data[0]) {
181  case 0x01: /* Keyboard report */
182  for (i = 0; i < 8; i++)
183  input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
184 
185  /* If all the key codes have been set to 0x01, it means
186  * too many keys were pressed at the same time. */
187  if (!memcmp(udata + 2, hidp_mkeyspat, 6))
188  break;
189 
190  for (i = 2; i < 8; i++) {
191  if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
192  if (hidp_keycode[keys[i]])
193  input_report_key(dev, hidp_keycode[keys[i]], 0);
194  else
195  BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
196  }
197 
198  if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
199  if (hidp_keycode[udata[i]])
200  input_report_key(dev, hidp_keycode[udata[i]], 1);
201  else
202  BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
203  }
204  }
205 
206  memcpy(keys, udata, 8);
207  break;
208 
209  case 0x02: /* Mouse report */
210  input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
211  input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
212  input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
213  input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
214  input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
215 
216  input_report_rel(dev, REL_X, sdata[1]);
217  input_report_rel(dev, REL_Y, sdata[2]);
218 
219  if (size > 3)
220  input_report_rel(dev, REL_WHEEL, sdata[3]);
221  break;
222  }
223 
224  input_sync(dev);
225 }
226 
227 static int __hidp_send_ctrl_message(struct hidp_session *session,
228  unsigned char hdr, unsigned char *data,
229  int size)
230 {
231  struct sk_buff *skb;
232 
233  BT_DBG("session %p data %p size %d", session, data, size);
234 
235  if (atomic_read(&session->terminate))
236  return -EIO;
237 
238  skb = alloc_skb(size + 1, GFP_ATOMIC);
239  if (!skb) {
240  BT_ERR("Can't allocate memory for new frame");
241  return -ENOMEM;
242  }
243 
244  *skb_put(skb, 1) = hdr;
245  if (data && size > 0)
246  memcpy(skb_put(skb, size), data, size);
247 
248  skb_queue_tail(&session->ctrl_transmit, skb);
249 
250  return 0;
251 }
252 
253 static int hidp_send_ctrl_message(struct hidp_session *session,
254  unsigned char hdr, unsigned char *data, int size)
255 {
256  int err;
257 
258  err = __hidp_send_ctrl_message(session, hdr, data, size);
259 
260  hidp_schedule(session);
261 
262  return err;
263 }
264 
265 static int hidp_queue_report(struct hidp_session *session,
266  unsigned char *data, int size)
267 {
268  struct sk_buff *skb;
269 
270  BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
271 
272  skb = alloc_skb(size + 1, GFP_ATOMIC);
273  if (!skb) {
274  BT_ERR("Can't allocate memory for new frame");
275  return -ENOMEM;
276  }
277 
278  *skb_put(skb, 1) = 0xa2;
279  if (size > 0)
280  memcpy(skb_put(skb, size), data, size);
281 
282  skb_queue_tail(&session->intr_transmit, skb);
283 
284  hidp_schedule(session);
285 
286  return 0;
287 }
288 
289 static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
290 {
291  unsigned char buf[32];
292  int rsize;
293 
294  rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
295  if (rsize > sizeof(buf))
296  return -EIO;
297 
298  hid_output_report(report, buf);
299 
300  return hidp_queue_report(session, buf, rsize);
301 }
302 
303 static int hidp_get_raw_report(struct hid_device *hid,
304  unsigned char report_number,
305  unsigned char *data, size_t count,
306  unsigned char report_type)
307 {
308  struct hidp_session *session = hid->driver_data;
309  struct sk_buff *skb;
310  size_t len;
311  int numbered_reports = hid->report_enum[report_type].numbered;
312  int ret;
313 
314  switch (report_type) {
315  case HID_FEATURE_REPORT:
317  break;
318  case HID_INPUT_REPORT:
320  break;
321  case HID_OUTPUT_REPORT:
323  break;
324  default:
325  return -EINVAL;
326  }
327 
328  if (mutex_lock_interruptible(&session->report_mutex))
329  return -ERESTARTSYS;
330 
331  /* Set up our wait, and send the report request to the device. */
332  session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
333  session->waiting_report_number = numbered_reports ? report_number : -1;
335  data[0] = report_number;
336  ret = hidp_send_ctrl_message(hid->driver_data, report_type, data, 1);
337  if (ret)
338  goto err;
339 
340  /* Wait for the return of the report. The returned report
341  gets put in session->report_return. */
342  while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) {
343  int res;
344 
347  5*HZ);
348  if (res == 0) {
349  /* timeout */
350  ret = -EIO;
351  goto err;
352  }
353  if (res < 0) {
354  /* signal */
355  ret = -ERESTARTSYS;
356  goto err;
357  }
358  }
359 
360  skb = session->report_return;
361  if (skb) {
362  len = skb->len < count ? skb->len : count;
363  memcpy(data, skb->data, len);
364 
365  kfree_skb(skb);
366  session->report_return = NULL;
367  } else {
368  /* Device returned a HANDSHAKE, indicating protocol error. */
369  len = -EIO;
370  }
371 
373  mutex_unlock(&session->report_mutex);
374 
375  return len;
376 
377 err:
379  mutex_unlock(&session->report_mutex);
380  return ret;
381 }
382 
383 static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
384  unsigned char report_type)
385 {
386  struct hidp_session *session = hid->driver_data;
387  int ret;
388 
389  switch (report_type) {
390  case HID_FEATURE_REPORT:
392  break;
393  case HID_OUTPUT_REPORT:
395  break;
396  default:
397  return -EINVAL;
398  }
399 
400  if (mutex_lock_interruptible(&session->report_mutex))
401  return -ERESTARTSYS;
402 
403  /* Set up our wait, and send the report request to the device. */
405  ret = hidp_send_ctrl_message(hid->driver_data, report_type, data,
406  count);
407  if (ret)
408  goto err;
409 
410  /* Wait for the ACK from the device. */
411  while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) {
412  int res;
413 
416  10*HZ);
417  if (res == 0) {
418  /* timeout */
419  ret = -EIO;
420  goto err;
421  }
422  if (res < 0) {
423  /* signal */
424  ret = -ERESTARTSYS;
425  goto err;
426  }
427  }
428 
429  if (!session->output_report_success) {
430  ret = -EIO;
431  goto err;
432  }
433 
434  ret = count;
435 
436 err:
438  mutex_unlock(&session->report_mutex);
439  return ret;
440 }
441 
442 static void hidp_idle_timeout(unsigned long arg)
443 {
444  struct hidp_session *session = (struct hidp_session *) arg;
445 
446  atomic_inc(&session->terminate);
447  wake_up_process(session->task);
448 }
449 
450 static void hidp_set_timer(struct hidp_session *session)
451 {
452  if (session->idle_to > 0)
453  mod_timer(&session->timer, jiffies + HZ * session->idle_to);
454 }
455 
456 static void hidp_del_timer(struct hidp_session *session)
457 {
458  if (session->idle_to > 0)
459  del_timer(&session->timer);
460 }
461 
462 static void hidp_process_handshake(struct hidp_session *session,
463  unsigned char param)
464 {
465  BT_DBG("session %p param 0x%02x", session, param);
466  session->output_report_success = 0; /* default condition */
467 
468  switch (param) {
470  /* FIXME: Call into SET_ GET_ handlers here */
471  session->output_report_success = 1;
472  break;
473 
474  case HIDP_HSHK_NOT_READY:
480 
481  /* FIXME: Call into SET_ GET_ handlers here */
482  break;
483 
485  break;
486 
487  case HIDP_HSHK_ERR_FATAL:
488  /* Device requests a reboot, as this is the only way this error
489  * can be recovered. */
490  __hidp_send_ctrl_message(session,
492  break;
493 
494  default:
495  __hidp_send_ctrl_message(session,
497  break;
498  }
499 
500  /* Wake up the waiting thread. */
503 }
504 
505 static void hidp_process_hid_control(struct hidp_session *session,
506  unsigned char param)
507 {
508  BT_DBG("session %p param 0x%02x", session, param);
509 
510  if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
511  /* Flush the transmit queues */
512  skb_queue_purge(&session->ctrl_transmit);
513  skb_queue_purge(&session->intr_transmit);
514 
515  atomic_inc(&session->terminate);
517  }
518 }
519 
520 /* Returns true if the passed-in skb should be freed by the caller. */
521 static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
522  unsigned char param)
523 {
524  int done_with_skb = 1;
525  BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
526 
527  switch (param) {
529  hidp_set_timer(session);
530 
531  if (session->input)
532  hidp_input_report(session, skb);
533 
534  if (session->hid)
535  hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
536  break;
537 
541  break;
542 
543  default:
544  __hidp_send_ctrl_message(session,
546  }
547 
548  if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
549  param == session->waiting_report_type) {
550  if (session->waiting_report_number < 0 ||
551  session->waiting_report_number == skb->data[0]) {
552  /* hidp_get_raw_report() is waiting on this report. */
553  session->report_return = skb;
554  done_with_skb = 0;
557  }
558  }
559 
560  return done_with_skb;
561 }
562 
563 static void hidp_recv_ctrl_frame(struct hidp_session *session,
564  struct sk_buff *skb)
565 {
566  unsigned char hdr, type, param;
567  int free_skb = 1;
568 
569  BT_DBG("session %p skb %p len %d", session, skb, skb->len);
570 
571  hdr = skb->data[0];
572  skb_pull(skb, 1);
573 
574  type = hdr & HIDP_HEADER_TRANS_MASK;
575  param = hdr & HIDP_HEADER_PARAM_MASK;
576 
577  switch (type) {
579  hidp_process_handshake(session, param);
580  break;
581 
583  hidp_process_hid_control(session, param);
584  break;
585 
586  case HIDP_TRANS_DATA:
587  free_skb = hidp_process_data(session, skb, param);
588  break;
589 
590  default:
591  __hidp_send_ctrl_message(session,
593  break;
594  }
595 
596  if (free_skb)
597  kfree_skb(skb);
598 }
599 
600 static void hidp_recv_intr_frame(struct hidp_session *session,
601  struct sk_buff *skb)
602 {
603  unsigned char hdr;
604 
605  BT_DBG("session %p skb %p len %d", session, skb, skb->len);
606 
607  hdr = skb->data[0];
608  skb_pull(skb, 1);
609 
610  if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
611  hidp_set_timer(session);
612 
613  if (session->input)
614  hidp_input_report(session, skb);
615 
616  if (session->hid) {
617  hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
618  BT_DBG("report len %d", skb->len);
619  }
620  } else {
621  BT_DBG("Unsupported protocol header 0x%02x", hdr);
622  }
623 
624  kfree_skb(skb);
625 }
626 
627 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
628 {
629  struct kvec iv = { data, len };
630  struct msghdr msg;
631 
632  BT_DBG("sock %p data %p len %d", sock, data, len);
633 
634  if (!len)
635  return 0;
636 
637  memset(&msg, 0, sizeof(msg));
638 
639  return kernel_sendmsg(sock, &msg, &iv, 1, len);
640 }
641 
642 static void hidp_process_intr_transmit(struct hidp_session *session)
643 {
644  struct sk_buff *skb;
645 
646  BT_DBG("session %p", session);
647 
648  while ((skb = skb_dequeue(&session->intr_transmit))) {
649  if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
650  skb_queue_head(&session->intr_transmit, skb);
651  break;
652  }
653 
654  hidp_set_timer(session);
655  kfree_skb(skb);
656  }
657 }
658 
659 static void hidp_process_ctrl_transmit(struct hidp_session *session)
660 {
661  struct sk_buff *skb;
662 
663  BT_DBG("session %p", session);
664 
665  while ((skb = skb_dequeue(&session->ctrl_transmit))) {
666  if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
667  skb_queue_head(&session->ctrl_transmit, skb);
668  break;
669  }
670 
671  hidp_set_timer(session);
672  kfree_skb(skb);
673  }
674 }
675 
676 static int hidp_session(void *arg)
677 {
678  struct hidp_session *session = arg;
679  struct sock *ctrl_sk = session->ctrl_sock->sk;
680  struct sock *intr_sk = session->intr_sock->sk;
681  struct sk_buff *skb;
682  wait_queue_t ctrl_wait, intr_wait;
683 
684  BT_DBG("session %p", session);
685 
686  __module_get(THIS_MODULE);
687  set_user_nice(current, -15);
688 
689  init_waitqueue_entry(&ctrl_wait, current);
690  init_waitqueue_entry(&intr_wait, current);
691  add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
692  add_wait_queue(sk_sleep(intr_sk), &intr_wait);
693  session->waiting_for_startup = 0;
696  while (!atomic_read(&session->terminate)) {
697  if (ctrl_sk->sk_state != BT_CONNECTED ||
698  intr_sk->sk_state != BT_CONNECTED)
699  break;
700 
701  while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
702  skb_orphan(skb);
703  if (!skb_linearize(skb))
704  hidp_recv_intr_frame(session, skb);
705  else
706  kfree_skb(skb);
707  }
708 
709  hidp_process_intr_transmit(session);
710 
711  while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
712  skb_orphan(skb);
713  if (!skb_linearize(skb))
714  hidp_recv_ctrl_frame(session, skb);
715  else
716  kfree_skb(skb);
717  }
718 
719  hidp_process_ctrl_transmit(session);
720 
721  schedule();
723  }
725  remove_wait_queue(sk_sleep(intr_sk), &intr_wait);
726  remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
727 
731 
732  down_write(&hidp_session_sem);
733 
734  hidp_del_timer(session);
735 
736  if (session->input) {
737  input_unregister_device(session->input);
738  session->input = NULL;
739  }
740 
741  if (session->hid) {
742  hid_destroy_device(session->hid);
743  session->hid = NULL;
744  }
745 
746  /* Wakeup user-space polling for socket errors */
747  session->intr_sock->sk->sk_err = EUNATCH;
748  session->ctrl_sock->sk->sk_err = EUNATCH;
749 
750  hidp_schedule(session);
751 
752  fput(session->intr_sock->file);
753 
754  wait_event_timeout(*(sk_sleep(ctrl_sk)),
755  (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
756 
757  fput(session->ctrl_sock->file);
758 
759  __hidp_unlink_session(session);
760 
761  up_write(&hidp_session_sem);
762 
763  kfree(session->rd_data);
764  kfree(session);
766  return 0;
767 }
768 
769 static struct hci_conn *hidp_get_connection(struct hidp_session *session)
770 {
771  bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
772  bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
773  struct hci_conn *conn;
774  struct hci_dev *hdev;
775 
776  hdev = hci_get_route(dst, src);
777  if (!hdev)
778  return NULL;
779 
780  hci_dev_lock(hdev);
781  conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
782  if (conn)
783  hci_conn_hold_device(conn);
784  hci_dev_unlock(hdev);
785 
786  hci_dev_put(hdev);
787 
788  return conn;
789 }
790 
791 static int hidp_setup_input(struct hidp_session *session,
792  struct hidp_connadd_req *req)
793 {
794  struct input_dev *input;
795  int i;
796 
797  input = input_allocate_device();
798  if (!input)
799  return -ENOMEM;
800 
801  session->input = input;
802 
803  input_set_drvdata(input, session);
804 
805  input->name = "Bluetooth HID Boot Protocol Device";
806 
807  input->id.bustype = BUS_BLUETOOTH;
808  input->id.vendor = req->vendor;
809  input->id.product = req->product;
810  input->id.version = req->version;
811 
812  if (req->subclass & 0x40) {
813  set_bit(EV_KEY, input->evbit);
814  set_bit(EV_LED, input->evbit);
815  set_bit(EV_REP, input->evbit);
816 
817  set_bit(LED_NUML, input->ledbit);
818  set_bit(LED_CAPSL, input->ledbit);
819  set_bit(LED_SCROLLL, input->ledbit);
820  set_bit(LED_COMPOSE, input->ledbit);
821  set_bit(LED_KANA, input->ledbit);
822 
823  for (i = 0; i < sizeof(hidp_keycode); i++)
824  set_bit(hidp_keycode[i], input->keybit);
825  clear_bit(0, input->keybit);
826  }
827 
828  if (req->subclass & 0x80) {
829  input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
830  input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
832  input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
833  input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
835  input->relbit[0] |= BIT_MASK(REL_WHEEL);
836  }
837 
838  input->dev.parent = &session->conn->dev;
839 
840  input->event = hidp_input_event;
841 
842  return 0;
843 }
844 
845 static int hidp_open(struct hid_device *hid)
846 {
847  return 0;
848 }
849 
850 static void hidp_close(struct hid_device *hid)
851 {
852 }
853 
854 static int hidp_parse(struct hid_device *hid)
855 {
856  struct hidp_session *session = hid->driver_data;
857 
858  return hid_parse_report(session->hid, session->rd_data,
859  session->rd_size);
860 }
861 
862 static int hidp_start(struct hid_device *hid)
863 {
864  struct hidp_session *session = hid->driver_data;
865  struct hid_report *report;
866 
868  return 0;
869 
871  report_list, list)
872  hidp_send_report(session, report);
873 
874  list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
875  report_list, list)
876  hidp_send_report(session, report);
877 
878  return 0;
879 }
880 
881 static void hidp_stop(struct hid_device *hid)
882 {
883  struct hidp_session *session = hid->driver_data;
884 
885  skb_queue_purge(&session->ctrl_transmit);
886  skb_queue_purge(&session->intr_transmit);
887 
888  hid->claimed = 0;
889 }
890 
891 static struct hid_ll_driver hidp_hid_driver = {
892  .parse = hidp_parse,
893  .start = hidp_start,
894  .stop = hidp_stop,
895  .open = hidp_open,
896  .close = hidp_close,
897  .hidinput_input_event = hidp_hidinput_event,
898 };
899 
900 /* This function sets up the hid device. It does not add it
901  to the HID system. That is done in hidp_add_connection(). */
902 static int hidp_setup_hid(struct hidp_session *session,
903  struct hidp_connadd_req *req)
904 {
905  struct hid_device *hid;
906  int err;
907 
908  session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
909  if (!session->rd_data)
910  return -ENOMEM;
911 
912  if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
913  err = -EFAULT;
914  goto fault;
915  }
916  session->rd_size = req->rd_size;
917 
918  hid = hid_allocate_device();
919  if (IS_ERR(hid)) {
920  err = PTR_ERR(hid);
921  goto fault;
922  }
923 
924  session->hid = hid;
925 
926  hid->driver_data = session;
927 
928  hid->bus = BUS_BLUETOOTH;
929  hid->vendor = req->vendor;
930  hid->product = req->product;
931  hid->version = req->version;
932  hid->country = req->country;
933 
934  strncpy(hid->name, req->name, 128);
935  strncpy(hid->phys, batostr(&bt_sk(session->ctrl_sock->sk)->src), 64);
936  strncpy(hid->uniq, batostr(&bt_sk(session->ctrl_sock->sk)->dst), 64);
937 
938  hid->dev.parent = &session->conn->dev;
939  hid->ll_driver = &hidp_hid_driver;
940 
941  hid->hid_get_raw_report = hidp_get_raw_report;
942  hid->hid_output_raw_report = hidp_output_raw_report;
943 
944  return 0;
945 
946 fault:
947  kfree(session->rd_data);
948  session->rd_data = NULL;
949 
950  return err;
951 }
952 
953 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
954 {
955  struct hidp_session *session, *s;
956  int vendor, product;
957  int err;
958 
959  BT_DBG("");
960 
961  if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
962  bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
963  return -ENOTUNIQ;
964 
965  BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);
966 
967  down_write(&hidp_session_sem);
968 
969  s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
970  if (s && s->state == BT_CONNECTED) {
971  up_write(&hidp_session_sem);
972  return -EEXIST;
973  }
974 
975  session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
976  if (!session) {
977  up_write(&hidp_session_sem);
978  return -ENOMEM;
979  }
980 
981  bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
982 
983  session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->chan->omtu,
984  l2cap_pi(ctrl_sock->sk)->chan->imtu);
985  session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->chan->omtu,
986  l2cap_pi(intr_sock->sk)->chan->imtu);
987 
988  BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
989 
990  session->ctrl_sock = ctrl_sock;
991  session->intr_sock = intr_sock;
992  session->state = BT_CONNECTED;
993 
994  session->conn = hidp_get_connection(session);
995  if (!session->conn) {
996  err = -ENOTCONN;
997  goto failed;
998  }
999 
1000  setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session);
1001 
1002  skb_queue_head_init(&session->ctrl_transmit);
1003  skb_queue_head_init(&session->intr_transmit);
1004 
1005  mutex_init(&session->report_mutex);
1006  init_waitqueue_head(&session->report_queue);
1007  init_waitqueue_head(&session->startup_queue);
1008  session->waiting_for_startup = 1;
1009  session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
1010  session->idle_to = req->idle_to;
1011 
1012  __hidp_link_session(session);
1013 
1014  if (req->rd_size > 0) {
1015  err = hidp_setup_hid(session, req);
1016  if (err)
1017  goto purge;
1018  }
1019 
1020  if (!session->hid) {
1021  err = hidp_setup_input(session, req);
1022  if (err < 0)
1023  goto purge;
1024  }
1025 
1026  hidp_set_timer(session);
1027 
1028  if (session->hid) {
1029  vendor = session->hid->vendor;
1030  product = session->hid->product;
1031  } else if (session->input) {
1032  vendor = session->input->id.vendor;
1033  product = session->input->id.product;
1034  } else {
1035  vendor = 0x0000;
1036  product = 0x0000;
1037  }
1038 
1039  session->task = kthread_run(hidp_session, session, "khidpd_%04x%04x",
1040  vendor, product);
1041  if (IS_ERR(session->task)) {
1042  err = PTR_ERR(session->task);
1043  goto unlink;
1044  }
1045 
1046  while (session->waiting_for_startup) {
1047  wait_event_interruptible(session->startup_queue,
1048  !session->waiting_for_startup);
1049  }
1050 
1051  if (session->hid)
1052  err = hid_add_device(session->hid);
1053  else
1054  err = input_register_device(session->input);
1055 
1056  if (err < 0) {
1057  atomic_inc(&session->terminate);
1058  wake_up_process(session->task);
1059  up_write(&hidp_session_sem);
1060  return err;
1061  }
1062 
1063  if (session->input) {
1064  hidp_send_ctrl_message(session,
1066  session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
1067 
1068  session->leds = 0xff;
1069  hidp_input_event(session->input, EV_LED, 0, 0);
1070  }
1071 
1072  up_write(&hidp_session_sem);
1073  return 0;
1074 
1075 unlink:
1076  hidp_del_timer(session);
1077 
1078  if (session->input) {
1079  input_unregister_device(session->input);
1080  session->input = NULL;
1081  }
1082 
1083  if (session->hid) {
1084  hid_destroy_device(session->hid);
1085  session->hid = NULL;
1086  }
1087 
1088  kfree(session->rd_data);
1089  session->rd_data = NULL;
1090 
1091 purge:
1092  __hidp_unlink_session(session);
1093 
1094  skb_queue_purge(&session->ctrl_transmit);
1095  skb_queue_purge(&session->intr_transmit);
1096 
1097 failed:
1098  up_write(&hidp_session_sem);
1099 
1100  kfree(session);
1101  return err;
1102 }
1103 
1105 {
1106  struct hidp_session *session;
1107  int err = 0;
1108 
1109  BT_DBG("");
1110 
1111  down_read(&hidp_session_sem);
1112 
1113  session = __hidp_get_session(&req->bdaddr);
1114  if (session) {
1115  if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
1116  hidp_send_ctrl_message(session,
1118  } else {
1119  /* Flush the transmit queues */
1120  skb_queue_purge(&session->ctrl_transmit);
1121  skb_queue_purge(&session->intr_transmit);
1122 
1123  atomic_inc(&session->terminate);
1124  wake_up_process(session->task);
1125  }
1126  } else
1127  err = -ENOENT;
1128 
1129  up_read(&hidp_session_sem);
1130  return err;
1131 }
1132 
1134 {
1135  struct hidp_session *session;
1136  int err = 0, n = 0;
1137 
1138  BT_DBG("");
1139 
1140  down_read(&hidp_session_sem);
1141 
1142  list_for_each_entry(session, &hidp_session_list, list) {
1143  struct hidp_conninfo ci;
1144 
1145  __hidp_copy_session(session, &ci);
1146 
1147  if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1148  err = -EFAULT;
1149  break;
1150  }
1151 
1152  if (++n >= req->cnum)
1153  break;
1154 
1155  req->ci++;
1156  }
1157  req->cnum = n;
1158 
1159  up_read(&hidp_session_sem);
1160  return err;
1161 }
1162 
1164 {
1165  struct hidp_session *session;
1166  int err = 0;
1167 
1168  down_read(&hidp_session_sem);
1169 
1170  session = __hidp_get_session(&ci->bdaddr);
1171  if (session)
1172  __hidp_copy_session(session, ci);
1173  else
1174  err = -ENOENT;
1175 
1176  up_read(&hidp_session_sem);
1177  return err;
1178 }
1179 
1180 static int __init hidp_init(void)
1181 {
1182  BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1183 
1184  return hidp_init_sockets();
1185 }
1186 
1187 static void __exit hidp_exit(void)
1188 {
1190 }
1191 
1192 module_init(hidp_init);
1193 module_exit(hidp_exit);
1194 
1195 MODULE_AUTHOR("Marcel Holtmann <[email protected]>");
1196 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1198 MODULE_LICENSE("GPL");
1199 MODULE_ALIAS("bt-proto-6");