]>
Commit | Line | Data |
---|---|---|
8e87d142 | 1 | /* |
1da177e4 LT |
2 | HIDP implementation for Linux Bluetooth stack (BlueZ). |
3 | Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org> | |
b4f34d8d | 4 | Copyright (C) 2013 David Herrmann <dh.herrmann@gmail.com> |
1da177e4 LT |
5 | |
6 | This program is free software; you can redistribute it and/or modify | |
7 | it under the terms of the GNU General Public License version 2 as | |
8 | published by the Free Software Foundation; | |
9 | ||
10 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS | |
11 | OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
12 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. | |
13 | IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY | |
8e87d142 YH |
14 | CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES |
15 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |
16 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
1da177e4 LT |
17 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
18 | ||
8e87d142 YH |
19 | ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, |
20 | COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS | |
1da177e4 LT |
21 | SOFTWARE IS DISCLAIMED. |
22 | */ | |
23 | ||
b4f34d8d | 24 | #include <linux/kref.h> |
1da177e4 | 25 | #include <linux/module.h> |
1da177e4 | 26 | #include <linux/file.h> |
aabf6f89 | 27 | #include <linux/kthread.h> |
364f6351 | 28 | #include <linux/hidraw.h> |
1da177e4 LT |
29 | |
30 | #include <net/bluetooth/bluetooth.h> | |
0a85b964 | 31 | #include <net/bluetooth/hci_core.h> |
1da177e4 LT |
32 | #include <net/bluetooth/l2cap.h> |
33 | ||
34 | #include "hidp.h" | |
35 | ||
e1aaadd4 | 36 | #define VERSION "1.2" |
1da177e4 LT |
37 | |
38 | static DECLARE_RWSEM(hidp_session_sem); | |
39 | static LIST_HEAD(hidp_session_list); | |
40 | ||
41 | static unsigned char hidp_keycode[256] = { | |
17f09a7e SJ |
42 | 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, |
43 | 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, | |
44 | 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1, | |
45 | 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52, | |
46 | 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88, | |
47 | 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69, | |
48 | 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73, | |
49 | 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190, | |
50 | 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135, | |
51 | 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94, | |
52 | 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0, | |
53 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, | |
54 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, | |
55 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, | |
56 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, | |
57 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, | |
58 | 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115, | |
59 | 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140 | |
1da177e4 LT |
60 | }; |
61 | ||
62 | static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }; | |
63 | ||
b4f34d8d DH |
64 | static int hidp_session_probe(struct l2cap_conn *conn, |
65 | struct l2cap_user *user); | |
66 | static void hidp_session_remove(struct l2cap_conn *conn, | |
67 | struct l2cap_user *user); | |
68 | static int hidp_session_thread(void *arg); | |
69 | static void hidp_session_terminate(struct hidp_session *s); | |
70 | ||
5205185d | 71 | static void hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci) |
1da177e4 | 72 | { |
d31dbf6e | 73 | memset(ci, 0, sizeof(*ci)); |
1da177e4 LT |
74 | bacpy(&ci->bdaddr, &session->bdaddr); |
75 | ||
76 | ci->flags = session->flags; | |
dcc07647 | 77 | ci->state = BT_CONNECTED; |
1da177e4 | 78 | |
1da177e4 LT |
79 | if (session->input) { |
80 | ci->vendor = session->input->id.vendor; | |
81 | ci->product = session->input->id.product; | |
82 | ci->version = session->input->id.version; | |
83 | if (session->input->name) | |
673e1dd7 | 84 | strlcpy(ci->name, session->input->name, 128); |
1da177e4 | 85 | else |
673e1dd7 CG |
86 | strlcpy(ci->name, "HID Boot Device", 128); |
87 | } else if (session->hid) { | |
e1aaadd4 MH |
88 | ci->vendor = session->hid->vendor; |
89 | ci->product = session->hid->product; | |
90 | ci->version = session->hid->version; | |
673e1dd7 | 91 | strlcpy(ci->name, session->hid->name, 128); |
e1aaadd4 | 92 | } |
1da177e4 LT |
93 | } |
94 | ||
41edc0c0 DH |
95 | /* assemble skb, queue message on @transmit and wake up the session thread */ |
96 | static int hidp_send_message(struct hidp_session *session, struct socket *sock, | |
97 | struct sk_buff_head *transmit, unsigned char hdr, | |
98 | const unsigned char *data, int size) | |
99 | { | |
100 | struct sk_buff *skb; | |
101 | struct sock *sk = sock->sk; | |
102 | ||
103 | BT_DBG("session %p data %p size %d", session, data, size); | |
104 | ||
105 | if (atomic_read(&session->terminate)) | |
106 | return -EIO; | |
107 | ||
108 | skb = alloc_skb(size + 1, GFP_ATOMIC); | |
109 | if (!skb) { | |
110 | BT_ERR("Can't allocate memory for new frame"); | |
111 | return -ENOMEM; | |
112 | } | |
113 | ||
114 | *skb_put(skb, 1) = hdr; | |
115 | if (data && size > 0) | |
116 | memcpy(skb_put(skb, size), data, size); | |
117 | ||
118 | skb_queue_tail(transmit, skb); | |
119 | wake_up_interruptible(sk_sleep(sk)); | |
120 | ||
121 | return 0; | |
122 | } | |
123 | ||
124 | static int hidp_send_ctrl_message(struct hidp_session *session, | |
125 | unsigned char hdr, const unsigned char *data, | |
126 | int size) | |
127 | { | |
128 | return hidp_send_message(session, session->ctrl_sock, | |
129 | &session->ctrl_transmit, hdr, data, size); | |
130 | } | |
131 | ||
132 | static int hidp_send_intr_message(struct hidp_session *session, | |
133 | unsigned char hdr, const unsigned char *data, | |
134 | int size) | |
135 | { | |
136 | return hidp_send_message(session, session->intr_sock, | |
137 | &session->intr_transmit, hdr, data, size); | |
138 | } | |
139 | ||
af87b3d0 DH |
140 | static int hidp_input_event(struct input_dev *dev, unsigned int type, |
141 | unsigned int code, int value) | |
1da177e4 | 142 | { |
af87b3d0 | 143 | struct hidp_session *session = input_get_drvdata(dev); |
1da177e4 | 144 | unsigned char newleds; |
41edc0c0 | 145 | unsigned char hdr, data[2]; |
1da177e4 | 146 | |
af87b3d0 DH |
147 | BT_DBG("session %p type %d code %d value %d", |
148 | session, type, code, value); | |
1da177e4 LT |
149 | |
150 | if (type != EV_LED) | |
151 | return -1; | |
152 | ||
153 | newleds = (!!test_bit(LED_KANA, dev->led) << 3) | | |
154 | (!!test_bit(LED_COMPOSE, dev->led) << 3) | | |
155 | (!!test_bit(LED_SCROLLL, dev->led) << 2) | | |
156 | (!!test_bit(LED_CAPSL, dev->led) << 1) | | |
157 | (!!test_bit(LED_NUML, dev->led)); | |
158 | ||
159 | if (session->leds == newleds) | |
160 | return 0; | |
161 | ||
162 | session->leds = newleds; | |
163 | ||
41edc0c0 DH |
164 | hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; |
165 | data[0] = 0x01; | |
166 | data[1] = newleds; | |
1da177e4 | 167 | |
41edc0c0 | 168 | return hidp_send_intr_message(session, hdr, data, 2); |
1da177e4 LT |
169 | } |
170 | ||
171 | static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) | |
172 | { | |
173 | struct input_dev *dev = session->input; | |
174 | unsigned char *keys = session->keys; | |
175 | unsigned char *udata = skb->data + 1; | |
176 | signed char *sdata = skb->data + 1; | |
177 | int i, size = skb->len - 1; | |
178 | ||
179 | switch (skb->data[0]) { | |
180 | case 0x01: /* Keyboard report */ | |
181 | for (i = 0; i < 8; i++) | |
182 | input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1); | |
183 | ||
184 | /* If all the key codes have been set to 0x01, it means | |
185 | * too many keys were pressed at the same time. */ | |
186 | if (!memcmp(udata + 2, hidp_mkeyspat, 6)) | |
187 | break; | |
188 | ||
189 | for (i = 2; i < 8; i++) { | |
190 | if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) { | |
191 | if (hidp_keycode[keys[i]]) | |
192 | input_report_key(dev, hidp_keycode[keys[i]], 0); | |
193 | else | |
194 | BT_ERR("Unknown key (scancode %#x) released.", keys[i]); | |
195 | } | |
196 | ||
197 | if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) { | |
198 | if (hidp_keycode[udata[i]]) | |
199 | input_report_key(dev, hidp_keycode[udata[i]], 1); | |
200 | else | |
201 | BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]); | |
202 | } | |
203 | } | |
204 | ||
205 | memcpy(keys, udata, 8); | |
206 | break; | |
207 | ||
208 | case 0x02: /* Mouse report */ | |
209 | input_report_key(dev, BTN_LEFT, sdata[0] & 0x01); | |
210 | input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02); | |
211 | input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04); | |
212 | input_report_key(dev, BTN_SIDE, sdata[0] & 0x08); | |
213 | input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10); | |
214 | ||
215 | input_report_rel(dev, REL_X, sdata[1]); | |
216 | input_report_rel(dev, REL_Y, sdata[2]); | |
217 | ||
218 | if (size > 3) | |
219 | input_report_rel(dev, REL_WHEEL, sdata[3]); | |
220 | break; | |
221 | } | |
222 | ||
223 | input_sync(dev); | |
224 | } | |
225 | ||
e1aaadd4 MH |
226 | static int hidp_send_report(struct hidp_session *session, struct hid_report *report) |
227 | { | |
41edc0c0 | 228 | unsigned char buf[32], hdr; |
e1aaadd4 MH |
229 | int rsize; |
230 | ||
231 | rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0); | |
232 | if (rsize > sizeof(buf)) | |
233 | return -EIO; | |
234 | ||
235 | hid_output_report(report, buf); | |
41edc0c0 | 236 | hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; |
e1aaadd4 | 237 | |
41edc0c0 | 238 | return hidp_send_intr_message(session, hdr, buf, rsize); |
e1aaadd4 MH |
239 | } |
240 | ||
0ff1731a AO |
241 | static int hidp_get_raw_report(struct hid_device *hid, |
242 | unsigned char report_number, | |
243 | unsigned char *data, size_t count, | |
244 | unsigned char report_type) | |
245 | { | |
246 | struct hidp_session *session = hid->driver_data; | |
247 | struct sk_buff *skb; | |
248 | size_t len; | |
249 | int numbered_reports = hid->report_enum[report_type].numbered; | |
794d1756 | 250 | int ret; |
0ff1731a | 251 | |
fd86c9be KR |
252 | if (atomic_read(&session->terminate)) |
253 | return -EIO; | |
254 | ||
0ff1731a AO |
255 | switch (report_type) { |
256 | case HID_FEATURE_REPORT: | |
257 | report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE; | |
258 | break; | |
259 | case HID_INPUT_REPORT: | |
260 | report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT; | |
261 | break; | |
262 | case HID_OUTPUT_REPORT: | |
263 | report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT; | |
264 | break; | |
265 | default: | |
266 | return -EINVAL; | |
267 | } | |
268 | ||
269 | if (mutex_lock_interruptible(&session->report_mutex)) | |
270 | return -ERESTARTSYS; | |
271 | ||
272 | /* Set up our wait, and send the report request to the device. */ | |
273 | session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK; | |
274 | session->waiting_report_number = numbered_reports ? report_number : -1; | |
275 | set_bit(HIDP_WAITING_FOR_RETURN, &session->flags); | |
276 | data[0] = report_number; | |
41edc0c0 | 277 | ret = hidp_send_ctrl_message(session, report_type, data, 1); |
794d1756 DH |
278 | if (ret) |
279 | goto err; | |
0ff1731a AO |
280 | |
281 | /* Wait for the return of the report. The returned report | |
282 | gets put in session->report_return. */ | |
e3492dc3 DH |
283 | while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) && |
284 | !atomic_read(&session->terminate)) { | |
0ff1731a AO |
285 | int res; |
286 | ||
287 | res = wait_event_interruptible_timeout(session->report_queue, | |
e3492dc3 DH |
288 | !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) |
289 | || atomic_read(&session->terminate), | |
0ff1731a AO |
290 | 5*HZ); |
291 | if (res == 0) { | |
292 | /* timeout */ | |
794d1756 DH |
293 | ret = -EIO; |
294 | goto err; | |
0ff1731a AO |
295 | } |
296 | if (res < 0) { | |
297 | /* signal */ | |
794d1756 DH |
298 | ret = -ERESTARTSYS; |
299 | goto err; | |
0ff1731a AO |
300 | } |
301 | } | |
302 | ||
303 | skb = session->report_return; | |
304 | if (skb) { | |
305 | len = skb->len < count ? skb->len : count; | |
306 | memcpy(data, skb->data, len); | |
307 | ||
308 | kfree_skb(skb); | |
309 | session->report_return = NULL; | |
310 | } else { | |
311 | /* Device returned a HANDSHAKE, indicating protocol error. */ | |
312 | len = -EIO; | |
313 | } | |
314 | ||
315 | clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); | |
316 | mutex_unlock(&session->report_mutex); | |
317 | ||
318 | return len; | |
319 | ||
794d1756 | 320 | err: |
0ff1731a AO |
321 | clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); |
322 | mutex_unlock(&session->report_mutex); | |
794d1756 | 323 | return ret; |
0ff1731a AO |
324 | } |
325 | ||
d4bfa033 JK |
326 | static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count, |
327 | unsigned char report_type) | |
2da31939 | 328 | { |
0825411a AO |
329 | struct hidp_session *session = hid->driver_data; |
330 | int ret; | |
331 | ||
e73dcfbf | 332 | if (report_type == HID_OUTPUT_REPORT) { |
41edc0c0 | 333 | report_type = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; |
e73dcfbf DH |
334 | return hidp_send_intr_message(session, report_type, |
335 | data, count); | |
336 | } else if (report_type != HID_FEATURE_REPORT) { | |
d4bfa033 JK |
337 | return -EINVAL; |
338 | } | |
339 | ||
0825411a AO |
340 | if (mutex_lock_interruptible(&session->report_mutex)) |
341 | return -ERESTARTSYS; | |
342 | ||
343 | /* Set up our wait, and send the report request to the device. */ | |
344 | set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); | |
e73dcfbf | 345 | report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE; |
41edc0c0 | 346 | ret = hidp_send_ctrl_message(session, report_type, data, count); |
794d1756 | 347 | if (ret) |
0825411a | 348 | goto err; |
0825411a AO |
349 | |
350 | /* Wait for the ACK from the device. */ | |
e3492dc3 DH |
351 | while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) && |
352 | !atomic_read(&session->terminate)) { | |
0825411a AO |
353 | int res; |
354 | ||
355 | res = wait_event_interruptible_timeout(session->report_queue, | |
e3492dc3 DH |
356 | !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) |
357 | || atomic_read(&session->terminate), | |
0825411a AO |
358 | 10*HZ); |
359 | if (res == 0) { | |
360 | /* timeout */ | |
361 | ret = -EIO; | |
362 | goto err; | |
363 | } | |
364 | if (res < 0) { | |
365 | /* signal */ | |
366 | ret = -ERESTARTSYS; | |
367 | goto err; | |
368 | } | |
369 | } | |
370 | ||
371 | if (!session->output_report_success) { | |
372 | ret = -EIO; | |
373 | goto err; | |
374 | } | |
375 | ||
376 | ret = count; | |
377 | ||
378 | err: | |
379 | clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); | |
380 | mutex_unlock(&session->report_mutex); | |
381 | return ret; | |
2da31939 JK |
382 | } |
383 | ||
1da177e4 LT |
384 | static void hidp_idle_timeout(unsigned long arg) |
385 | { | |
386 | struct hidp_session *session = (struct hidp_session *) arg; | |
387 | ||
5205185d | 388 | hidp_session_terminate(session); |
1da177e4 LT |
389 | } |
390 | ||
91f5cca3 | 391 | static void hidp_set_timer(struct hidp_session *session) |
1da177e4 LT |
392 | { |
393 | if (session->idle_to > 0) | |
394 | mod_timer(&session->timer, jiffies + HZ * session->idle_to); | |
395 | } | |
396 | ||
6039aa73 | 397 | static void hidp_del_timer(struct hidp_session *session) |
1da177e4 LT |
398 | { |
399 | if (session->idle_to > 0) | |
400 | del_timer(&session->timer); | |
401 | } | |
402 | ||
91f5cca3 AM |
403 | static void hidp_process_handshake(struct hidp_session *session, |
404 | unsigned char param) | |
1da177e4 LT |
405 | { |
406 | BT_DBG("session %p param 0x%02x", session, param); | |
0825411a | 407 | session->output_report_success = 0; /* default condition */ |
1da177e4 LT |
408 | |
409 | switch (param) { | |
410 | case HIDP_HSHK_SUCCESSFUL: | |
411 | /* FIXME: Call into SET_ GET_ handlers here */ | |
0825411a | 412 | session->output_report_success = 1; |
1da177e4 LT |
413 | break; |
414 | ||
415 | case HIDP_HSHK_NOT_READY: | |
416 | case HIDP_HSHK_ERR_INVALID_REPORT_ID: | |
417 | case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST: | |
418 | case HIDP_HSHK_ERR_INVALID_PARAMETER: | |
ab88f714 | 419 | if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) |
0ff1731a | 420 | wake_up_interruptible(&session->report_queue); |
ab88f714 | 421 | |
1da177e4 LT |
422 | /* FIXME: Call into SET_ GET_ handlers here */ |
423 | break; | |
424 | ||
425 | case HIDP_HSHK_ERR_UNKNOWN: | |
426 | break; | |
427 | ||
428 | case HIDP_HSHK_ERR_FATAL: | |
429 | /* Device requests a reboot, as this is the only way this error | |
8e87d142 | 430 | * can be recovered. */ |
41edc0c0 | 431 | hidp_send_ctrl_message(session, |
1da177e4 LT |
432 | HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0); |
433 | break; | |
434 | ||
435 | default: | |
41edc0c0 | 436 | hidp_send_ctrl_message(session, |
1da177e4 LT |
437 | HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); |
438 | break; | |
439 | } | |
0825411a AO |
440 | |
441 | /* Wake up the waiting thread. */ | |
ab88f714 | 442 | if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) |
0825411a | 443 | wake_up_interruptible(&session->report_queue); |
1da177e4 LT |
444 | } |
445 | ||
91f5cca3 AM |
446 | static void hidp_process_hid_control(struct hidp_session *session, |
447 | unsigned char param) | |
1da177e4 LT |
448 | { |
449 | BT_DBG("session %p param 0x%02x", session, param); | |
450 | ||
eff001e3 | 451 | if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) { |
1da177e4 LT |
452 | /* Flush the transmit queues */ |
453 | skb_queue_purge(&session->ctrl_transmit); | |
454 | skb_queue_purge(&session->intr_transmit); | |
455 | ||
5205185d | 456 | hidp_session_terminate(session); |
1da177e4 LT |
457 | } |
458 | } | |
459 | ||
0ff1731a AO |
460 | /* Returns true if the passed-in skb should be freed by the caller. */ |
461 | static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb, | |
91f5cca3 | 462 | unsigned char param) |
1da177e4 | 463 | { |
0ff1731a | 464 | int done_with_skb = 1; |
1da177e4 LT |
465 | BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param); |
466 | ||
467 | switch (param) { | |
468 | case HIDP_DATA_RTYPE_INPUT: | |
469 | hidp_set_timer(session); | |
470 | ||
471 | if (session->input) | |
472 | hidp_input_report(session, skb); | |
e1aaadd4 MH |
473 | |
474 | if (session->hid) | |
475 | hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0); | |
1da177e4 LT |
476 | break; |
477 | ||
478 | case HIDP_DATA_RTYPE_OTHER: | |
479 | case HIDP_DATA_RTYPE_OUPUT: | |
480 | case HIDP_DATA_RTYPE_FEATURE: | |
481 | break; | |
482 | ||
483 | default: | |
41edc0c0 | 484 | hidp_send_ctrl_message(session, |
1da177e4 LT |
485 | HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); |
486 | } | |
0ff1731a AO |
487 | |
488 | if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) && | |
489 | param == session->waiting_report_type) { | |
490 | if (session->waiting_report_number < 0 || | |
491 | session->waiting_report_number == skb->data[0]) { | |
492 | /* hidp_get_raw_report() is waiting on this report. */ | |
493 | session->report_return = skb; | |
494 | done_with_skb = 0; | |
495 | clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags); | |
496 | wake_up_interruptible(&session->report_queue); | |
497 | } | |
498 | } | |
499 | ||
500 | return done_with_skb; | |
1da177e4 LT |
501 | } |
502 | ||
91f5cca3 AM |
503 | static void hidp_recv_ctrl_frame(struct hidp_session *session, |
504 | struct sk_buff *skb) | |
1da177e4 LT |
505 | { |
506 | unsigned char hdr, type, param; | |
0ff1731a | 507 | int free_skb = 1; |
1da177e4 LT |
508 | |
509 | BT_DBG("session %p skb %p len %d", session, skb, skb->len); | |
510 | ||
511 | hdr = skb->data[0]; | |
512 | skb_pull(skb, 1); | |
513 | ||
514 | type = hdr & HIDP_HEADER_TRANS_MASK; | |
515 | param = hdr & HIDP_HEADER_PARAM_MASK; | |
516 | ||
517 | switch (type) { | |
518 | case HIDP_TRANS_HANDSHAKE: | |
519 | hidp_process_handshake(session, param); | |
520 | break; | |
521 | ||
522 | case HIDP_TRANS_HID_CONTROL: | |
523 | hidp_process_hid_control(session, param); | |
524 | break; | |
525 | ||
526 | case HIDP_TRANS_DATA: | |
0ff1731a | 527 | free_skb = hidp_process_data(session, skb, param); |
1da177e4 LT |
528 | break; |
529 | ||
530 | default: | |
41edc0c0 | 531 | hidp_send_ctrl_message(session, |
1da177e4 LT |
532 | HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0); |
533 | break; | |
534 | } | |
535 | ||
0ff1731a AO |
536 | if (free_skb) |
537 | kfree_skb(skb); | |
1da177e4 LT |
538 | } |
539 | ||
91f5cca3 AM |
540 | static void hidp_recv_intr_frame(struct hidp_session *session, |
541 | struct sk_buff *skb) | |
1da177e4 LT |
542 | { |
543 | unsigned char hdr; | |
544 | ||
545 | BT_DBG("session %p skb %p len %d", session, skb, skb->len); | |
546 | ||
547 | hdr = skb->data[0]; | |
548 | skb_pull(skb, 1); | |
549 | ||
550 | if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) { | |
551 | hidp_set_timer(session); | |
e1aaadd4 | 552 | |
1da177e4 LT |
553 | if (session->input) |
554 | hidp_input_report(session, skb); | |
e1aaadd4 MH |
555 | |
556 | if (session->hid) { | |
557 | hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1); | |
558 | BT_DBG("report len %d", skb->len); | |
559 | } | |
1da177e4 LT |
560 | } else { |
561 | BT_DBG("Unsupported protocol header 0x%02x", hdr); | |
562 | } | |
563 | ||
564 | kfree_skb(skb); | |
565 | } | |
566 | ||
567 | static int hidp_send_frame(struct socket *sock, unsigned char *data, int len) | |
568 | { | |
569 | struct kvec iv = { data, len }; | |
570 | struct msghdr msg; | |
571 | ||
572 | BT_DBG("sock %p data %p len %d", sock, data, len); | |
573 | ||
574 | if (!len) | |
575 | return 0; | |
576 | ||
577 | memset(&msg, 0, sizeof(msg)); | |
578 | ||
579 | return kernel_sendmsg(sock, &msg, &iv, 1, len); | |
580 | } | |
581 | ||
7350e6cf DH |
582 | /* dequeue message from @transmit and send via @sock */ |
583 | static void hidp_process_transmit(struct hidp_session *session, | |
584 | struct sk_buff_head *transmit, | |
585 | struct socket *sock) | |
1da177e4 LT |
586 | { |
587 | struct sk_buff *skb; | |
2df01200 | 588 | int ret; |
1da177e4 LT |
589 | |
590 | BT_DBG("session %p", session); | |
591 | ||
7350e6cf DH |
592 | while ((skb = skb_dequeue(transmit))) { |
593 | ret = hidp_send_frame(sock, skb->data, skb->len); | |
2df01200 | 594 | if (ret == -EAGAIN) { |
7350e6cf | 595 | skb_queue_head(transmit, skb); |
1da177e4 | 596 | break; |
2df01200 DH |
597 | } else if (ret < 0) { |
598 | hidp_session_terminate(session); | |
599 | kfree_skb(skb); | |
600 | break; | |
1da177e4 LT |
601 | } |
602 | ||
603 | hidp_set_timer(session); | |
604 | kfree_skb(skb); | |
605 | } | |
1da177e4 LT |
606 | } |
607 | ||
91f5cca3 AM |
608 | static int hidp_setup_input(struct hidp_session *session, |
609 | struct hidp_connadd_req *req) | |
1da177e4 | 610 | { |
c500c971 | 611 | struct input_dev *input; |
3415a5fd | 612 | int i; |
1da177e4 | 613 | |
c500c971 JS |
614 | input = input_allocate_device(); |
615 | if (!input) | |
616 | return -ENOMEM; | |
617 | ||
618 | session->input = input; | |
619 | ||
5be39466 | 620 | input_set_drvdata(input, session); |
1da177e4 | 621 | |
34abf91f DT |
622 | input->name = "Bluetooth HID Boot Protocol Device"; |
623 | ||
1da177e4 LT |
624 | input->id.bustype = BUS_BLUETOOTH; |
625 | input->id.vendor = req->vendor; | |
626 | input->id.product = req->product; | |
627 | input->id.version = req->version; | |
628 | ||
629 | if (req->subclass & 0x40) { | |
630 | set_bit(EV_KEY, input->evbit); | |
631 | set_bit(EV_LED, input->evbit); | |
632 | set_bit(EV_REP, input->evbit); | |
633 | ||
634 | set_bit(LED_NUML, input->ledbit); | |
635 | set_bit(LED_CAPSL, input->ledbit); | |
636 | set_bit(LED_SCROLLL, input->ledbit); | |
637 | set_bit(LED_COMPOSE, input->ledbit); | |
638 | set_bit(LED_KANA, input->ledbit); | |
639 | ||
640 | for (i = 0; i < sizeof(hidp_keycode); i++) | |
641 | set_bit(hidp_keycode[i], input->keybit); | |
642 | clear_bit(0, input->keybit); | |
643 | } | |
644 | ||
645 | if (req->subclass & 0x80) { | |
7b19ada2 JS |
646 | input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL); |
647 | input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) | | |
648 | BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE); | |
649 | input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y); | |
650 | input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) | | |
651 | BIT_MASK(BTN_EXTRA); | |
652 | input->relbit[0] |= BIT_MASK(REL_WHEEL); | |
1da177e4 LT |
653 | } |
654 | ||
5205185d | 655 | input->dev.parent = &session->conn->hcon->dev; |
0a85b964 | 656 | |
1da177e4 LT |
657 | input->event = hidp_input_event; |
658 | ||
edad6388 | 659 | return 0; |
1da177e4 LT |
660 | } |
661 | ||
f5ffd462 MH |
662 | static int hidp_open(struct hid_device *hid) |
663 | { | |
664 | return 0; | |
665 | } | |
666 | ||
667 | static void hidp_close(struct hid_device *hid) | |
668 | { | |
669 | } | |
670 | ||
c500c971 JS |
671 | static int hidp_parse(struct hid_device *hid) |
672 | { | |
673 | struct hidp_session *session = hid->driver_data; | |
c500c971 | 674 | |
15c697ce MP |
675 | return hid_parse_report(session->hid, session->rd_data, |
676 | session->rd_size); | |
c500c971 JS |
677 | } |
678 | ||
679 | static int hidp_start(struct hid_device *hid) | |
680 | { | |
681 | struct hidp_session *session = hid->driver_data; | |
682 | struct hid_report *report; | |
683 | ||
142c69c6 DH |
684 | if (hid->quirks & HID_QUIRK_NO_INIT_REPORTS) |
685 | return 0; | |
686 | ||
c500c971 JS |
687 | list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT]. |
688 | report_list, list) | |
689 | hidp_send_report(session, report); | |
690 | ||
691 | list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT]. | |
692 | report_list, list) | |
693 | hidp_send_report(session, report); | |
694 | ||
c500c971 JS |
695 | return 0; |
696 | } | |
697 | ||
698 | static void hidp_stop(struct hid_device *hid) | |
699 | { | |
700 | struct hidp_session *session = hid->driver_data; | |
701 | ||
702 | skb_queue_purge(&session->ctrl_transmit); | |
703 | skb_queue_purge(&session->intr_transmit); | |
704 | ||
c500c971 JS |
705 | hid->claimed = 0; |
706 | } | |
707 | ||
708 | static struct hid_ll_driver hidp_hid_driver = { | |
709 | .parse = hidp_parse, | |
710 | .start = hidp_start, | |
711 | .stop = hidp_stop, | |
712 | .open = hidp_open, | |
713 | .close = hidp_close, | |
c500c971 JS |
714 | }; |
715 | ||
0f69dca2 AO |
716 | /* This function sets up the hid device. It does not add it |
717 | to the HID system. That is done in hidp_add_connection(). */ | |
85cdaf52 | 718 | static int hidp_setup_hid(struct hidp_session *session, |
91f5cca3 | 719 | struct hidp_connadd_req *req) |
e1aaadd4 | 720 | { |
c500c971 | 721 | struct hid_device *hid; |
edad6388 | 722 | int err; |
e1aaadd4 | 723 | |
15c697ce MP |
724 | session->rd_data = kzalloc(req->rd_size, GFP_KERNEL); |
725 | if (!session->rd_data) | |
726 | return -ENOMEM; | |
727 | ||
728 | if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) { | |
729 | err = -EFAULT; | |
730 | goto fault; | |
731 | } | |
732 | session->rd_size = req->rd_size; | |
733 | ||
c500c971 | 734 | hid = hid_allocate_device(); |
15c697ce MP |
735 | if (IS_ERR(hid)) { |
736 | err = PTR_ERR(hid); | |
737 | goto fault; | |
738 | } | |
e1aaadd4 | 739 | |
c500c971 | 740 | session->hid = hid; |
15c697ce | 741 | |
e1aaadd4 MH |
742 | hid->driver_data = session; |
743 | ||
e1aaadd4 MH |
744 | hid->bus = BUS_BLUETOOTH; |
745 | hid->vendor = req->vendor; | |
746 | hid->product = req->product; | |
747 | hid->version = req->version; | |
c500c971 | 748 | hid->country = req->country; |
e1aaadd4 | 749 | |
0a9ab9bd | 750 | strncpy(hid->name, req->name, sizeof(req->name) - 1); |
fcb73338 AE |
751 | |
752 | snprintf(hid->phys, sizeof(hid->phys), "%pMR", | |
753 | &bt_sk(session->ctrl_sock->sk)->src); | |
754 | ||
755 | snprintf(hid->uniq, sizeof(hid->uniq), "%pMR", | |
756 | &bt_sk(session->ctrl_sock->sk)->dst); | |
e1aaadd4 | 757 | |
5205185d | 758 | hid->dev.parent = &session->conn->hcon->dev; |
c500c971 | 759 | hid->ll_driver = &hidp_hid_driver; |
85cdaf52 | 760 | |
0ff1731a | 761 | hid->hid_get_raw_report = hidp_get_raw_report; |
2da31939 JK |
762 | hid->hid_output_raw_report = hidp_output_raw_report; |
763 | ||
4529eefa LS |
764 | /* True if device is blacklisted in drivers/hid/hid-core.c */ |
765 | if (hid_ignore(hid)) { | |
766 | hid_destroy_device(session->hid); | |
767 | session->hid = NULL; | |
768 | return -ENODEV; | |
769 | } | |
770 | ||
c500c971 | 771 | return 0; |
edad6388 | 772 | |
15c697ce MP |
773 | fault: |
774 | kfree(session->rd_data); | |
775 | session->rd_data = NULL; | |
776 | ||
edad6388 | 777 | return err; |
e1aaadd4 MH |
778 | } |
779 | ||
b4f34d8d DH |
780 | /* initialize session devices */ |
781 | static int hidp_session_dev_init(struct hidp_session *session, | |
782 | struct hidp_connadd_req *req) | |
783 | { | |
784 | int ret; | |
785 | ||
786 | if (req->rd_size > 0) { | |
787 | ret = hidp_setup_hid(session, req); | |
788 | if (ret && ret != -ENODEV) | |
789 | return ret; | |
790 | } | |
791 | ||
792 | if (!session->hid) { | |
793 | ret = hidp_setup_input(session, req); | |
794 | if (ret < 0) | |
795 | return ret; | |
796 | } | |
797 | ||
798 | return 0; | |
799 | } | |
800 | ||
801 | /* destroy session devices */ | |
802 | static void hidp_session_dev_destroy(struct hidp_session *session) | |
803 | { | |
804 | if (session->hid) | |
805 | put_device(&session->hid->dev); | |
806 | else if (session->input) | |
807 | input_put_device(session->input); | |
808 | ||
809 | kfree(session->rd_data); | |
810 | session->rd_data = NULL; | |
811 | } | |
812 | ||
813 | /* add HID/input devices to their underlying bus systems */ | |
814 | static int hidp_session_dev_add(struct hidp_session *session) | |
815 | { | |
816 | int ret; | |
817 | ||
818 | /* Both HID and input systems drop a ref-count when unregistering the | |
819 | * device but they don't take a ref-count when registering them. Work | |
820 | * around this by explicitly taking a refcount during registration | |
821 | * which is dropped automatically by unregistering the devices. */ | |
822 | ||
823 | if (session->hid) { | |
824 | ret = hid_add_device(session->hid); | |
825 | if (ret) | |
826 | return ret; | |
827 | get_device(&session->hid->dev); | |
828 | } else if (session->input) { | |
829 | ret = input_register_device(session->input); | |
830 | if (ret) | |
831 | return ret; | |
832 | input_get_device(session->input); | |
833 | } | |
834 | ||
835 | return 0; | |
836 | } | |
837 | ||
838 | /* remove HID/input devices from their bus systems */ | |
839 | static void hidp_session_dev_del(struct hidp_session *session) | |
840 | { | |
841 | if (session->hid) | |
842 | hid_destroy_device(session->hid); | |
843 | else if (session->input) | |
844 | input_unregister_device(session->input); | |
845 | } | |
846 | ||
4e713cdf DH |
847 | /* |
848 | * Asynchronous device registration | |
849 | * HID device drivers might want to perform I/O during initialization to | |
850 | * detect device types. Therefore, call device registration in a separate | |
851 | * worker so the HIDP thread can schedule I/O operations. | |
852 | * Note that this must be called after the worker thread was initialized | |
853 | * successfully. This will then add the devices and increase session state | |
854 | * on success, otherwise it will terminate the session thread. | |
855 | */ | |
856 | static void hidp_session_dev_work(struct work_struct *work) | |
857 | { | |
858 | struct hidp_session *session = container_of(work, | |
859 | struct hidp_session, | |
860 | dev_init); | |
861 | int ret; | |
862 | ||
863 | ret = hidp_session_dev_add(session); | |
864 | if (!ret) | |
865 | atomic_inc(&session->state); | |
866 | else | |
867 | hidp_session_terminate(session); | |
868 | } | |
869 | ||
b4f34d8d DH |
870 | /* |
871 | * Create new session object | |
872 | * Allocate session object, initialize static fields, copy input data into the | |
873 | * object and take a reference to all sub-objects. | |
874 | * This returns 0 on success and puts a pointer to the new session object in | |
875 | * \out. Otherwise, an error code is returned. | |
876 | * The new session object has an initial ref-count of 1. | |
877 | */ | |
878 | static int hidp_session_new(struct hidp_session **out, const bdaddr_t *bdaddr, | |
879 | struct socket *ctrl_sock, | |
880 | struct socket *intr_sock, | |
881 | struct hidp_connadd_req *req, | |
882 | struct l2cap_conn *conn) | |
883 | { | |
884 | struct hidp_session *session; | |
885 | int ret; | |
886 | struct bt_sock *ctrl, *intr; | |
887 | ||
888 | ctrl = bt_sk(ctrl_sock->sk); | |
889 | intr = bt_sk(intr_sock->sk); | |
890 | ||
891 | session = kzalloc(sizeof(*session), GFP_KERNEL); | |
892 | if (!session) | |
893 | return -ENOMEM; | |
894 | ||
895 | /* object and runtime management */ | |
896 | kref_init(&session->ref); | |
897 | atomic_set(&session->state, HIDP_SESSION_IDLING); | |
898 | init_waitqueue_head(&session->state_queue); | |
899 | session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID); | |
900 | ||
901 | /* connection management */ | |
902 | bacpy(&session->bdaddr, bdaddr); | |
903 | session->conn = conn; | |
904 | session->user.probe = hidp_session_probe; | |
905 | session->user.remove = hidp_session_remove; | |
906 | session->ctrl_sock = ctrl_sock; | |
907 | session->intr_sock = intr_sock; | |
908 | skb_queue_head_init(&session->ctrl_transmit); | |
909 | skb_queue_head_init(&session->intr_transmit); | |
910 | session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl)->chan->omtu, | |
911 | l2cap_pi(ctrl)->chan->imtu); | |
912 | session->intr_mtu = min_t(uint, l2cap_pi(intr)->chan->omtu, | |
913 | l2cap_pi(intr)->chan->imtu); | |
914 | session->idle_to = req->idle_to; | |
915 | ||
916 | /* device management */ | |
4e713cdf | 917 | INIT_WORK(&session->dev_init, hidp_session_dev_work); |
b4f34d8d DH |
918 | setup_timer(&session->timer, hidp_idle_timeout, |
919 | (unsigned long)session); | |
920 | ||
921 | /* session data */ | |
922 | mutex_init(&session->report_mutex); | |
923 | init_waitqueue_head(&session->report_queue); | |
924 | ||
925 | ret = hidp_session_dev_init(session, req); | |
926 | if (ret) | |
927 | goto err_free; | |
928 | ||
929 | l2cap_conn_get(session->conn); | |
930 | get_file(session->intr_sock->file); | |
931 | get_file(session->ctrl_sock->file); | |
932 | *out = session; | |
933 | return 0; | |
934 | ||
935 | err_free: | |
936 | kfree(session); | |
937 | return ret; | |
938 | } | |
939 | ||
940 | /* increase ref-count of the given session by one */ | |
941 | static void hidp_session_get(struct hidp_session *session) | |
942 | { | |
943 | kref_get(&session->ref); | |
944 | } | |
945 | ||
946 | /* release callback */ | |
947 | static void session_free(struct kref *ref) | |
948 | { | |
949 | struct hidp_session *session = container_of(ref, struct hidp_session, | |
950 | ref); | |
951 | ||
952 | hidp_session_dev_destroy(session); | |
953 | skb_queue_purge(&session->ctrl_transmit); | |
954 | skb_queue_purge(&session->intr_transmit); | |
955 | fput(session->intr_sock->file); | |
956 | fput(session->ctrl_sock->file); | |
957 | l2cap_conn_put(session->conn); | |
958 | kfree(session); | |
959 | } | |
960 | ||
961 | /* decrease ref-count of the given session by one */ | |
962 | static void hidp_session_put(struct hidp_session *session) | |
963 | { | |
964 | kref_put(&session->ref, session_free); | |
965 | } | |
966 | ||
967 | /* | |
968 | * Search the list of active sessions for a session with target address | |
969 | * \bdaddr. You must hold at least a read-lock on \hidp_session_sem. As long as | |
970 | * you do not release this lock, the session objects cannot vanish and you can | |
971 | * safely take a reference to the session yourself. | |
972 | */ | |
973 | static struct hidp_session *__hidp_session_find(const bdaddr_t *bdaddr) | |
974 | { | |
975 | struct hidp_session *session; | |
976 | ||
977 | list_for_each_entry(session, &hidp_session_list, list) { | |
978 | if (!bacmp(bdaddr, &session->bdaddr)) | |
979 | return session; | |
980 | } | |
981 | ||
982 | return NULL; | |
983 | } | |
984 | ||
985 | /* | |
986 | * Same as __hidp_session_find() but no locks must be held. This also takes a | |
987 | * reference of the returned session (if non-NULL) so you must drop this | |
988 | * reference if you no longer use the object. | |
989 | */ | |
990 | static struct hidp_session *hidp_session_find(const bdaddr_t *bdaddr) | |
991 | { | |
992 | struct hidp_session *session; | |
993 | ||
994 | down_read(&hidp_session_sem); | |
995 | ||
996 | session = __hidp_session_find(bdaddr); | |
997 | if (session) | |
998 | hidp_session_get(session); | |
999 | ||
1000 | up_read(&hidp_session_sem); | |
1001 | ||
1002 | return session; | |
1003 | } | |
1004 | ||
1005 | /* | |
1006 | * Start session synchronously | |
1007 | * This starts a session thread and waits until initialization | |
1008 | * is done or returns an error if it couldn't be started. | |
1009 | * If this returns 0 the session thread is up and running. You must call | |
1010 | * hipd_session_stop_sync() before deleting any runtime resources. | |
1011 | */ | |
1012 | static int hidp_session_start_sync(struct hidp_session *session) | |
1013 | { | |
1014 | unsigned int vendor, product; | |
1015 | ||
1016 | if (session->hid) { | |
1017 | vendor = session->hid->vendor; | |
1018 | product = session->hid->product; | |
1019 | } else if (session->input) { | |
1020 | vendor = session->input->id.vendor; | |
1021 | product = session->input->id.product; | |
1022 | } else { | |
1023 | vendor = 0x0000; | |
1024 | product = 0x0000; | |
1025 | } | |
1026 | ||
1027 | session->task = kthread_run(hidp_session_thread, session, | |
1028 | "khidpd_%04x%04x", vendor, product); | |
1029 | if (IS_ERR(session->task)) | |
1030 | return PTR_ERR(session->task); | |
1031 | ||
1032 | while (atomic_read(&session->state) <= HIDP_SESSION_IDLING) | |
1033 | wait_event(session->state_queue, | |
1034 | atomic_read(&session->state) > HIDP_SESSION_IDLING); | |
1035 | ||
1036 | return 0; | |
1037 | } | |
1038 | ||
1039 | /* | |
1040 | * Terminate session thread | |
1041 | * Wake up session thread and notify it to stop. This is asynchronous and | |
1042 | * returns immediately. Call this whenever a runtime error occurs and you want | |
1043 | * the session to stop. | |
1044 | * Note: wake_up_process() performs any necessary memory-barriers for us. | |
1045 | */ | |
1046 | static void hidp_session_terminate(struct hidp_session *session) | |
1047 | { | |
1048 | atomic_inc(&session->terminate); | |
1049 | wake_up_process(session->task); | |
1050 | } | |
1051 | ||
1052 | /* | |
1053 | * Probe HIDP session | |
1054 | * This is called from the l2cap_conn core when our l2cap_user object is bound | |
1055 | * to the hci-connection. We get the session via the \user object and can now | |
4e713cdf DH |
1056 | * start the session thread, link it into the global session list and |
1057 | * schedule HID/input device registration. | |
b4f34d8d DH |
1058 | * The global session-list owns its own reference to the session object so you |
1059 | * can drop your own reference after registering the l2cap_user object. | |
1060 | */ | |
1061 | static int hidp_session_probe(struct l2cap_conn *conn, | |
1062 | struct l2cap_user *user) | |
1063 | { | |
1064 | struct hidp_session *session = container_of(user, | |
1065 | struct hidp_session, | |
1066 | user); | |
1067 | struct hidp_session *s; | |
1068 | int ret; | |
1069 | ||
1070 | down_write(&hidp_session_sem); | |
1071 | ||
1072 | /* check that no other session for this device exists */ | |
1073 | s = __hidp_session_find(&session->bdaddr); | |
1074 | if (s) { | |
1075 | ret = -EEXIST; | |
1076 | goto out_unlock; | |
1077 | } | |
1078 | ||
4e713cdf DH |
1079 | if (session->input) { |
1080 | ret = hidp_session_dev_add(session); | |
1081 | if (ret) | |
1082 | goto out_unlock; | |
1083 | } | |
1084 | ||
b4f34d8d DH |
1085 | ret = hidp_session_start_sync(session); |
1086 | if (ret) | |
4e713cdf | 1087 | goto out_del; |
b4f34d8d | 1088 | |
4e713cdf DH |
1089 | /* HID device registration is async to allow I/O during probe */ |
1090 | if (session->input) | |
1091 | atomic_inc(&session->state); | |
1092 | else | |
1093 | schedule_work(&session->dev_init); | |
b4f34d8d DH |
1094 | |
1095 | hidp_session_get(session); | |
1096 | list_add(&session->list, &hidp_session_list); | |
1097 | ret = 0; | |
1098 | goto out_unlock; | |
1099 | ||
4e713cdf DH |
1100 | out_del: |
1101 | if (session->input) | |
1102 | hidp_session_dev_del(session); | |
b4f34d8d DH |
1103 | out_unlock: |
1104 | up_write(&hidp_session_sem); | |
1105 | return ret; | |
1106 | } | |
1107 | ||
1108 | /* | |
1109 | * Remove HIDP session | |
1110 | * Called from the l2cap_conn core when either we explicitly unregistered | |
1111 | * the l2cap_user object or if the underlying connection is shut down. | |
1112 | * We signal the hidp-session thread to shut down, unregister the HID/input | |
1113 | * devices and unlink the session from the global list. | |
1114 | * This drops the reference to the session that is owned by the global | |
1115 | * session-list. | |
1116 | * Note: We _must_ not synchronosly wait for the session-thread to shut down. | |
1117 | * This is, because the session-thread might be waiting for an HCI lock that is | |
1118 | * held while we are called. Therefore, we only unregister the devices and | |
1119 | * notify the session-thread to terminate. The thread itself owns a reference | |
1120 | * to the session object so it can safely shut down. | |
1121 | */ | |
1122 | static void hidp_session_remove(struct l2cap_conn *conn, | |
1123 | struct l2cap_user *user) | |
1124 | { | |
1125 | struct hidp_session *session = container_of(user, | |
1126 | struct hidp_session, | |
1127 | user); | |
1128 | ||
1129 | down_write(&hidp_session_sem); | |
1130 | ||
1131 | hidp_session_terminate(session); | |
4e713cdf DH |
1132 | |
1133 | cancel_work_sync(&session->dev_init); | |
1134 | if (session->input || | |
1135 | atomic_read(&session->state) > HIDP_SESSION_PREPARING) | |
1136 | hidp_session_dev_del(session); | |
1137 | ||
b4f34d8d DH |
1138 | list_del(&session->list); |
1139 | ||
1140 | up_write(&hidp_session_sem); | |
1141 | ||
1142 | hidp_session_put(session); | |
1143 | } | |
1144 | ||
1145 | /* | |
1146 | * Session Worker | |
1147 | * This performs the actual main-loop of the HIDP worker. We first check | |
1148 | * whether the underlying connection is still alive, then parse all pending | |
1149 | * messages and finally send all outstanding messages. | |
1150 | */ | |
1151 | static void hidp_session_run(struct hidp_session *session) | |
1152 | { | |
1153 | struct sock *ctrl_sk = session->ctrl_sock->sk; | |
1154 | struct sock *intr_sk = session->intr_sock->sk; | |
1155 | struct sk_buff *skb; | |
1156 | ||
1157 | for (;;) { | |
1158 | /* | |
1159 | * This thread can be woken up two ways: | |
1160 | * - You call hidp_session_terminate() which sets the | |
1161 | * session->terminate flag and wakes this thread up. | |
1162 | * - Via modifying the socket state of ctrl/intr_sock. This | |
1163 | * thread is woken up by ->sk_state_changed(). | |
1164 | * | |
1165 | * Note: set_current_state() performs any necessary | |
1166 | * memory-barriers for us. | |
1167 | */ | |
1168 | set_current_state(TASK_INTERRUPTIBLE); | |
1169 | ||
1170 | if (atomic_read(&session->terminate)) | |
1171 | break; | |
1172 | ||
1173 | if (ctrl_sk->sk_state != BT_CONNECTED || | |
1174 | intr_sk->sk_state != BT_CONNECTED) | |
1175 | break; | |
1176 | ||
1177 | /* parse incoming intr-skbs */ | |
1178 | while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) { | |
1179 | skb_orphan(skb); | |
1180 | if (!skb_linearize(skb)) | |
1181 | hidp_recv_intr_frame(session, skb); | |
1182 | else | |
1183 | kfree_skb(skb); | |
1184 | } | |
1185 | ||
1186 | /* send pending intr-skbs */ | |
7350e6cf DH |
1187 | hidp_process_transmit(session, &session->intr_transmit, |
1188 | session->intr_sock); | |
b4f34d8d DH |
1189 | |
1190 | /* parse incoming ctrl-skbs */ | |
1191 | while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) { | |
1192 | skb_orphan(skb); | |
1193 | if (!skb_linearize(skb)) | |
1194 | hidp_recv_ctrl_frame(session, skb); | |
1195 | else | |
1196 | kfree_skb(skb); | |
1197 | } | |
1198 | ||
1199 | /* send pending ctrl-skbs */ | |
7350e6cf DH |
1200 | hidp_process_transmit(session, &session->ctrl_transmit, |
1201 | session->ctrl_sock); | |
b4f34d8d DH |
1202 | |
1203 | schedule(); | |
1204 | } | |
1205 | ||
1206 | atomic_inc(&session->terminate); | |
1207 | set_current_state(TASK_RUNNING); | |
1208 | } | |
1209 | ||
1210 | /* | |
1211 | * HIDP session thread | |
1212 | * This thread runs the I/O for a single HIDP session. Startup is synchronous | |
1213 | * which allows us to take references to ourself here instead of doing that in | |
1214 | * the caller. | |
1215 | * When we are ready to run we notify the caller and call hidp_session_run(). | |
1216 | */ | |
1217 | static int hidp_session_thread(void *arg) | |
1218 | { | |
1219 | struct hidp_session *session = arg; | |
1220 | wait_queue_t ctrl_wait, intr_wait; | |
1221 | ||
1222 | BT_DBG("session %p", session); | |
1223 | ||
1224 | /* initialize runtime environment */ | |
1225 | hidp_session_get(session); | |
1226 | __module_get(THIS_MODULE); | |
1227 | set_user_nice(current, -15); | |
1228 | hidp_set_timer(session); | |
1229 | ||
1230 | init_waitqueue_entry(&ctrl_wait, current); | |
1231 | init_waitqueue_entry(&intr_wait, current); | |
1232 | add_wait_queue(sk_sleep(session->ctrl_sock->sk), &ctrl_wait); | |
1233 | add_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait); | |
1234 | /* This memory barrier is paired with wq_has_sleeper(). See | |
1235 | * sock_poll_wait() for more information why this is needed. */ | |
1236 | smp_mb(); | |
1237 | ||
1238 | /* notify synchronous startup that we're ready */ | |
1239 | atomic_inc(&session->state); | |
1240 | wake_up(&session->state_queue); | |
1241 | ||
1242 | /* run session */ | |
1243 | hidp_session_run(session); | |
1244 | ||
1245 | /* cleanup runtime environment */ | |
1246 | remove_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait); | |
1247 | remove_wait_queue(sk_sleep(session->intr_sock->sk), &ctrl_wait); | |
1248 | wake_up_interruptible(&session->report_queue); | |
1249 | hidp_del_timer(session); | |
1250 | ||
1251 | /* | |
1252 | * If we stopped ourself due to any internal signal, we should try to | |
1253 | * unregister our own session here to avoid having it linger until the | |
1254 | * parent l2cap_conn dies or user-space cleans it up. | |
1255 | * This does not deadlock as we don't do any synchronous shutdown. | |
1256 | * Instead, this call has the same semantics as if user-space tried to | |
1257 | * delete the session. | |
1258 | */ | |
1259 | l2cap_unregister_user(session->conn, &session->user); | |
1260 | hidp_session_put(session); | |
1261 | ||
1262 | module_put_and_exit(0); | |
1263 | return 0; | |
1264 | } | |
1265 | ||
1266 | static int hidp_verify_sockets(struct socket *ctrl_sock, | |
1267 | struct socket *intr_sock) | |
1268 | { | |
1269 | struct bt_sock *ctrl, *intr; | |
1270 | struct hidp_session *session; | |
1271 | ||
1272 | if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock)) | |
1273 | return -EINVAL; | |
1274 | ||
1275 | ctrl = bt_sk(ctrl_sock->sk); | |
1276 | intr = bt_sk(intr_sock->sk); | |
1277 | ||
1278 | if (bacmp(&ctrl->src, &intr->src) || bacmp(&ctrl->dst, &intr->dst)) | |
1279 | return -ENOTUNIQ; | |
1280 | if (ctrl->sk.sk_state != BT_CONNECTED || | |
1281 | intr->sk.sk_state != BT_CONNECTED) | |
1282 | return -EBADFD; | |
1283 | ||
1284 | /* early session check, we check again during session registration */ | |
1285 | session = hidp_session_find(&ctrl->dst); | |
1286 | if (session) { | |
1287 | hidp_session_put(session); | |
1288 | return -EEXIST; | |
1289 | } | |
1290 | ||
1291 | return 0; | |
1292 | } | |
1293 | ||
1294 | int hidp_connection_add(struct hidp_connadd_req *req, | |
1295 | struct socket *ctrl_sock, | |
1296 | struct socket *intr_sock) | |
1297 | { | |
1298 | struct hidp_session *session; | |
1299 | struct l2cap_conn *conn; | |
1300 | struct l2cap_chan *chan = l2cap_pi(ctrl_sock->sk)->chan; | |
1301 | int ret; | |
1302 | ||
1303 | ret = hidp_verify_sockets(ctrl_sock, intr_sock); | |
1304 | if (ret) | |
1305 | return ret; | |
1306 | ||
1307 | conn = NULL; | |
1308 | l2cap_chan_lock(chan); | |
1309 | if (chan->conn) { | |
1310 | l2cap_conn_get(chan->conn); | |
1311 | conn = chan->conn; | |
1312 | } | |
1313 | l2cap_chan_unlock(chan); | |
1314 | ||
1315 | if (!conn) | |
1316 | return -EBADFD; | |
1317 | ||
1318 | ret = hidp_session_new(&session, &bt_sk(ctrl_sock->sk)->dst, ctrl_sock, | |
1319 | intr_sock, req, conn); | |
1320 | if (ret) | |
1321 | goto out_conn; | |
1322 | ||
1323 | ret = l2cap_register_user(conn, &session->user); | |
1324 | if (ret) | |
1325 | goto out_session; | |
1326 | ||
1327 | ret = 0; | |
1328 | ||
1329 | out_session: | |
1330 | hidp_session_put(session); | |
1331 | out_conn: | |
1332 | l2cap_conn_put(conn); | |
1333 | return ret; | |
1334 | } | |
1335 | ||
1336 | int hidp_connection_del(struct hidp_conndel_req *req) | |
1337 | { | |
1338 | struct hidp_session *session; | |
1339 | ||
1340 | session = hidp_session_find(&req->bdaddr); | |
1341 | if (!session) | |
1342 | return -ENOENT; | |
1343 | ||
1344 | if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) | |
1345 | hidp_send_ctrl_message(session, | |
1346 | HIDP_TRANS_HID_CONTROL | | |
1347 | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, | |
1348 | NULL, 0); | |
1349 | else | |
1350 | l2cap_unregister_user(session->conn, &session->user); | |
1351 | ||
1352 | hidp_session_put(session); | |
1353 | ||
1354 | return 0; | |
1355 | } | |
1356 | ||
1da177e4 LT |
1357 | int hidp_get_connlist(struct hidp_connlist_req *req) |
1358 | { | |
cd11cdd2 | 1359 | struct hidp_session *session; |
1da177e4 LT |
1360 | int err = 0, n = 0; |
1361 | ||
1362 | BT_DBG(""); | |
1363 | ||
1364 | down_read(&hidp_session_sem); | |
1365 | ||
cd11cdd2 | 1366 | list_for_each_entry(session, &hidp_session_list, list) { |
1da177e4 LT |
1367 | struct hidp_conninfo ci; |
1368 | ||
5205185d | 1369 | hidp_copy_session(session, &ci); |
1da177e4 LT |
1370 | |
1371 | if (copy_to_user(req->ci, &ci, sizeof(ci))) { | |
1372 | err = -EFAULT; | |
1373 | break; | |
1374 | } | |
1375 | ||
1376 | if (++n >= req->cnum) | |
1377 | break; | |
1378 | ||
1379 | req->ci++; | |
1380 | } | |
1381 | req->cnum = n; | |
1382 | ||
1383 | up_read(&hidp_session_sem); | |
1384 | return err; | |
1385 | } | |
1386 | ||
1387 | int hidp_get_conninfo(struct hidp_conninfo *ci) | |
1388 | { | |
1389 | struct hidp_session *session; | |
1da177e4 | 1390 | |
5205185d DH |
1391 | session = hidp_session_find(&ci->bdaddr); |
1392 | if (session) { | |
1393 | hidp_copy_session(session, ci); | |
1394 | hidp_session_put(session); | |
1395 | } | |
1da177e4 | 1396 | |
5205185d | 1397 | return session ? 0 : -ENOENT; |
1da177e4 LT |
1398 | } |
1399 | ||
1400 | static int __init hidp_init(void) | |
1401 | { | |
1da177e4 LT |
1402 | BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION); |
1403 | ||
8215d557 | 1404 | return hidp_init_sockets(); |
1da177e4 LT |
1405 | } |
1406 | ||
1407 | static void __exit hidp_exit(void) | |
1408 | { | |
1409 | hidp_cleanup_sockets(); | |
1410 | } | |
1411 | ||
1412 | module_init(hidp_init); | |
1413 | module_exit(hidp_exit); | |
1414 | ||
1415 | MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); | |
b4f34d8d | 1416 | MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>"); |
1da177e4 LT |
1417 | MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION); |
1418 | MODULE_VERSION(VERSION); | |
1419 | MODULE_LICENSE("GPL"); | |
1420 | MODULE_ALIAS("bt-proto-6"); |