]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/bluetooth/hidp/core.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add missing braces to an "else if"
[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / hidp / core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
b4f34d8d 4 Copyright (C) 2013 David Herrmann <dh.herrmann@gmail.com>
1da177e4
LT		 5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
8e87d142
YH		 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 21 SOFTWARE IS DISCLAIMED.
22*/
23
b4f34d8d 24#include <linux/kref.h>
1da177e4 25#include <linux/module.h>
1da177e4 26#include <linux/file.h>
aabf6f89 27#include <linux/kthread.h>
364f6351 28#include <linux/hidraw.h>
1da177e4
LT		 29
30#include <net/bluetooth/bluetooth.h>
0a85b964 31#include <net/bluetooth/hci_core.h>
1da177e4
LT		 32#include <net/bluetooth/l2cap.h>
33
34#include "hidp.h"
35
e1aaadd4 36#define VERSION "1.2"
1da177e4
LT		 37
38static DECLARE_RWSEM(hidp_session_sem);
39static LIST_HEAD(hidp_session_list);
40
41static unsigned char hidp_keycode[256] = {
17f09a7e
SJ		 42 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36,
43 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45,
44 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1,
45 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52,
46 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88,
47 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69,
48 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73,
49 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
50 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
51 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94,
52 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0,
53 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
54 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
55 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
56 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
57 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
58 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115,
59 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
1da177e4
LT		 60};
61
62static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
63
b4f34d8d
DH		 64static int hidp_session_probe(struct l2cap_conn *conn,
65 struct l2cap_user *user);
66static void hidp_session_remove(struct l2cap_conn *conn,
67 struct l2cap_user *user);
68static int hidp_session_thread(void *arg);
69static void hidp_session_terminate(struct hidp_session *s);
70
5205185d 71static void hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
1da177e4 72{
d31dbf6e 73 memset(ci, 0, sizeof(*ci));
1da177e4
LT		 74 bacpy(&ci->bdaddr, &session->bdaddr);
75
76 ci->flags = session->flags;
dcc07647 77 ci->state = BT_CONNECTED;
1da177e4 78
1da177e4
LT		 79 if (session->input) {
80 ci->vendor = session->input->id.vendor;
81 ci->product = session->input->id.product;
82 ci->version = session->input->id.version;
83 if (session->input->name)
673e1dd7 84 strlcpy(ci->name, session->input->name, 128);
1da177e4 85 else
673e1dd7
CG		 86 strlcpy(ci->name, "HID Boot Device", 128);
87 } else if (session->hid) {
e1aaadd4
MH		 88 ci->vendor = session->hid->vendor;
89 ci->product = session->hid->product;
90 ci->version = session->hid->version;
673e1dd7 91 strlcpy(ci->name, session->hid->name, 128);
e1aaadd4 92 }
1da177e4
LT		 93}
94
41edc0c0
DH		 95/* assemble skb, queue message on @transmit and wake up the session thread */
96static int hidp_send_message(struct hidp_session *session, struct socket *sock,
97 struct sk_buff_head *transmit, unsigned char hdr,
98 const unsigned char *data, int size)
99{
100 struct sk_buff *skb;
101 struct sock *sk = sock->sk;
102
103 BT_DBG("session %p data %p size %d", session, data, size);
104
105 if (atomic_read(&session->terminate))
106 return -EIO;
107
108 skb = alloc_skb(size + 1, GFP_ATOMIC);
109 if (!skb) {
110 BT_ERR("Can't allocate memory for new frame");
111 return -ENOMEM;
112 }
113
114 *skb_put(skb, 1) = hdr;
115 if (data && size > 0)
116 memcpy(skb_put(skb, size), data, size);
117
118 skb_queue_tail(transmit, skb);
119 wake_up_interruptible(sk_sleep(sk));
120
121 return 0;
122}
123
124static int hidp_send_ctrl_message(struct hidp_session *session,
125 unsigned char hdr, const unsigned char *data,
126 int size)
127{
128 return hidp_send_message(session, session->ctrl_sock,
129 &session->ctrl_transmit, hdr, data, size);
130}
131
132static int hidp_send_intr_message(struct hidp_session *session,
133 unsigned char hdr, const unsigned char *data,
134 int size)
135{
136 return hidp_send_message(session, session->intr_sock,
137 &session->intr_transmit, hdr, data, size);
138}
139
af87b3d0
DH		 140static int hidp_input_event(struct input_dev *dev, unsigned int type,
141 unsigned int code, int value)
1da177e4 142{
af87b3d0 143 struct hidp_session *session = input_get_drvdata(dev);
1da177e4 144 unsigned char newleds;
41edc0c0 145 unsigned char hdr, data[2];
1da177e4 146
af87b3d0
DH		 147 BT_DBG("session %p type %d code %d value %d",
148 session, type, code, value);
1da177e4
LT		 149
150 if (type != EV_LED)
151 return -1;
152
153 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
154 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
155 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
156 (!!test_bit(LED_CAPSL, dev->led) << 1) |
157 (!!test_bit(LED_NUML, dev->led));
158
159 if (session->leds == newleds)
160 return 0;
161
162 session->leds = newleds;
163
41edc0c0
DH		 164 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
165 data[0] = 0x01;
166 data[1] = newleds;
1da177e4 167
41edc0c0 168 return hidp_send_intr_message(session, hdr, data, 2);
1da177e4
LT		 169}
170
171static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
172{
173 struct input_dev *dev = session->input;
174 unsigned char *keys = session->keys;
175 unsigned char *udata = skb->data + 1;
176 signed char *sdata = skb->data + 1;
177 int i, size = skb->len - 1;
178
179 switch (skb->data[0]) {
180 case 0x01: /* Keyboard report */
181 for (i = 0; i < 8; i++)
182 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
183
184 /* If all the key codes have been set to 0x01, it means
185 * too many keys were pressed at the same time. */
186 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
187 break;
188
189 for (i = 2; i < 8; i++) {
190 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
191 if (hidp_keycode[keys[i]])
192 input_report_key(dev, hidp_keycode[keys[i]], 0);
193 else
194 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
195 }
196
197 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
198 if (hidp_keycode[udata[i]])
199 input_report_key(dev, hidp_keycode[udata[i]], 1);
200 else
201 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
202 }
203 }
204
205 memcpy(keys, udata, 8);
206 break;
207
208 case 0x02: /* Mouse report */
209 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
210 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
211 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
212 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
213 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
214
215 input_report_rel(dev, REL_X, sdata[1]);
216 input_report_rel(dev, REL_Y, sdata[2]);
217
218 if (size > 3)
219 input_report_rel(dev, REL_WHEEL, sdata[3]);
220 break;
221 }
222
223 input_sync(dev);
224}
225
e1aaadd4
MH		 226static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
227{
41edc0c0 228 unsigned char buf[32], hdr;
e1aaadd4
MH		 229 int rsize;
230
231 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
232 if (rsize > sizeof(buf))
233 return -EIO;
234
235 hid_output_report(report, buf);
41edc0c0 236 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
e1aaadd4 237
41edc0c0 238 return hidp_send_intr_message(session, hdr, buf, rsize);
e1aaadd4
MH		 239}
240
0ff1731a
AO		 241static int hidp_get_raw_report(struct hid_device *hid,
242 unsigned char report_number,
243 unsigned char *data, size_t count,
244 unsigned char report_type)
245{
246 struct hidp_session *session = hid->driver_data;
247 struct sk_buff *skb;
248 size_t len;
249 int numbered_reports = hid->report_enum[report_type].numbered;
794d1756 250 int ret;
0ff1731a 251
fd86c9be
KR		 252 if (atomic_read(&session->terminate))
253 return -EIO;
254
0ff1731a
AO		 255 switch (report_type) {
256 case HID_FEATURE_REPORT:
257 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
258 break;
259 case HID_INPUT_REPORT:
260 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
261 break;
262 case HID_OUTPUT_REPORT:
263 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
264 break;
265 default:
266 return -EINVAL;
267 }
268
269 if (mutex_lock_interruptible(&session->report_mutex))
270 return -ERESTARTSYS;
271
272 /* Set up our wait, and send the report request to the device. */
273 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
274 session->waiting_report_number = numbered_reports ? report_number : -1;
275 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
276 data[0] = report_number;
41edc0c0 277 ret = hidp_send_ctrl_message(session, report_type, data, 1);
794d1756
DH		 278 if (ret)
279 goto err;
0ff1731a
AO		 280
281 /* Wait for the return of the report. The returned report
282 gets put in session->report_return. */
e3492dc3
DH		 283 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
284 !atomic_read(&session->terminate)) {
0ff1731a
AO		 285 int res;
286
287 res = wait_event_interruptible_timeout(session->report_queue,
e3492dc3
DH		 288 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)
289 || atomic_read(&session->terminate),
0ff1731a
AO		 290 5*HZ);
291 if (res == 0) {
292 /* timeout */
794d1756
DH		 293 ret = -EIO;
294 goto err;
0ff1731a
AO		 295 }
296 if (res < 0) {
297 /* signal */
794d1756
DH		 298 ret = -ERESTARTSYS;
299 goto err;
0ff1731a
AO		 300 }
301 }
302
303 skb = session->report_return;
304 if (skb) {
305 len = skb->len < count ? skb->len : count;
306 memcpy(data, skb->data, len);
307
308 kfree_skb(skb);
309 session->report_return = NULL;
310 } else {
311 /* Device returned a HANDSHAKE, indicating protocol error. */
312 len = -EIO;
313 }
314
315 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
316 mutex_unlock(&session->report_mutex);
317
318 return len;
319
794d1756 320err:
0ff1731a
AO		 321 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
322 mutex_unlock(&session->report_mutex);
794d1756 323 return ret;
0ff1731a
AO		 324}
325
d4bfa033
JK		 326static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
327 unsigned char report_type)
2da31939 328{
0825411a
AO		 329 struct hidp_session *session = hid->driver_data;
330 int ret;
331
e73dcfbf 332 if (report_type == HID_OUTPUT_REPORT) {
41edc0c0 333 report_type = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
e73dcfbf
DH		 334 return hidp_send_intr_message(session, report_type,
335 data, count);
336 } else if (report_type != HID_FEATURE_REPORT) {
d4bfa033
JK		 337 return -EINVAL;
338 }
339
0825411a
AO		 340 if (mutex_lock_interruptible(&session->report_mutex))
341 return -ERESTARTSYS;
342
343 /* Set up our wait, and send the report request to the device. */
344 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
e73dcfbf 345 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
41edc0c0 346 ret = hidp_send_ctrl_message(session, report_type, data, count);
794d1756 347 if (ret)
0825411a 348 goto err;
0825411a
AO		 349
350 /* Wait for the ACK from the device. */
e3492dc3
DH		 351 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) &&
352 !atomic_read(&session->terminate)) {
0825411a
AO		 353 int res;
354
355 res = wait_event_interruptible_timeout(session->report_queue,
e3492dc3
DH		 356 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)
357 || atomic_read(&session->terminate),
0825411a
AO		 358 10*HZ);
359 if (res == 0) {
360 /* timeout */
361 ret = -EIO;
362 goto err;
363 }
364 if (res < 0) {
365 /* signal */
366 ret = -ERESTARTSYS;
367 goto err;
368 }
369 }
370
371 if (!session->output_report_success) {
372 ret = -EIO;
373 goto err;
374 }
375
376 ret = count;
377
378err:
379 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
380 mutex_unlock(&session->report_mutex);
381 return ret;
2da31939
JK		 382}
383
1da177e4
LT		 384static void hidp_idle_timeout(unsigned long arg)
385{
386 struct hidp_session *session = (struct hidp_session *) arg;
387
5205185d 388 hidp_session_terminate(session);
1da177e4
LT		 389}
390
91f5cca3 391static void hidp_set_timer(struct hidp_session *session)
1da177e4
LT		 392{
393 if (session->idle_to > 0)
394 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
395}
396
6039aa73 397static void hidp_del_timer(struct hidp_session *session)
1da177e4
LT		 398{
399 if (session->idle_to > 0)
400 del_timer(&session->timer);
401}
402
91f5cca3
AM		 403static void hidp_process_handshake(struct hidp_session *session,
404 unsigned char param)
1da177e4
LT		 405{
406 BT_DBG("session %p param 0x%02x", session, param);
0825411a 407 session->output_report_success = 0; /* default condition */
1da177e4
LT		 408
409 switch (param) {
410 case HIDP_HSHK_SUCCESSFUL:
411 /* FIXME: Call into SET_ GET_ handlers here */
0825411a 412 session->output_report_success = 1;
1da177e4
LT		 413 break;
414
415 case HIDP_HSHK_NOT_READY:
416 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
417 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
418 case HIDP_HSHK_ERR_INVALID_PARAMETER:
ab88f714 419 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags))
0ff1731a 420 wake_up_interruptible(&session->report_queue);
ab88f714 421
1da177e4
LT		 422 /* FIXME: Call into SET_ GET_ handlers here */
423 break;
424
425 case HIDP_HSHK_ERR_UNKNOWN:
426 break;
427
428 case HIDP_HSHK_ERR_FATAL:
429 /* Device requests a reboot, as this is the only way this error
8e87d142 430 * can be recovered. */
41edc0c0 431 hidp_send_ctrl_message(session,
1da177e4
LT		 432 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
433 break;
434
435 default:
41edc0c0 436 hidp_send_ctrl_message(session,
1da177e4
LT		 437 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
438 break;
439 }
0825411a
AO		 440
441 /* Wake up the waiting thread. */
ab88f714 442 if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags))
0825411a 443 wake_up_interruptible(&session->report_queue);
1da177e4
LT		 444}
445
91f5cca3
AM		 446static void hidp_process_hid_control(struct hidp_session *session,
447 unsigned char param)
1da177e4
LT		 448{
449 BT_DBG("session %p param 0x%02x", session, param);
450
eff001e3 451 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
1da177e4
LT		 452 /* Flush the transmit queues */
453 skb_queue_purge(&session->ctrl_transmit);
454 skb_queue_purge(&session->intr_transmit);
455
5205185d 456 hidp_session_terminate(session);
1da177e4
LT		 457 }
458}
459
0ff1731a
AO		 460/* Returns true if the passed-in skb should be freed by the caller. */
461static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
91f5cca3 462 unsigned char param)
1da177e4 463{
0ff1731a 464 int done_with_skb = 1;
1da177e4
LT		 465 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
466
467 switch (param) {
468 case HIDP_DATA_RTYPE_INPUT:
469 hidp_set_timer(session);
470
471 if (session->input)
472 hidp_input_report(session, skb);
e1aaadd4
MH		 473
474 if (session->hid)
475 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
1da177e4
LT		 476 break;
477
478 case HIDP_DATA_RTYPE_OTHER:
479 case HIDP_DATA_RTYPE_OUPUT:
480 case HIDP_DATA_RTYPE_FEATURE:
481 break;
482
483 default:
41edc0c0 484 hidp_send_ctrl_message(session,
1da177e4
LT		 485 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
486 }
0ff1731a
AO		 487
488 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
489 param == session->waiting_report_type) {
490 if (session->waiting_report_number < 0 ||
491 session->waiting_report_number == skb->data[0]) {
492 /* hidp_get_raw_report() is waiting on this report. */
493 session->report_return = skb;
494 done_with_skb = 0;
495 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
496 wake_up_interruptible(&session->report_queue);
497 }
498 }
499
500 return done_with_skb;
1da177e4
LT		 501}
502
91f5cca3
AM		 503static void hidp_recv_ctrl_frame(struct hidp_session *session,
504 struct sk_buff *skb)
1da177e4
LT		 505{
506 unsigned char hdr, type, param;
0ff1731a 507 int free_skb = 1;
1da177e4
LT		 508
509 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
510
511 hdr = skb->data[0];
512 skb_pull(skb, 1);
513
514 type = hdr & HIDP_HEADER_TRANS_MASK;
515 param = hdr & HIDP_HEADER_PARAM_MASK;
516
517 switch (type) {
518 case HIDP_TRANS_HANDSHAKE:
519 hidp_process_handshake(session, param);
520 break;
521
522 case HIDP_TRANS_HID_CONTROL:
523 hidp_process_hid_control(session, param);
524 break;
525
526 case HIDP_TRANS_DATA:
0ff1731a 527 free_skb = hidp_process_data(session, skb, param);
1da177e4
LT		 528 break;
529
530 default:
41edc0c0 531 hidp_send_ctrl_message(session,
1da177e4
LT		 532 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
533 break;
534 }
535
0ff1731a
AO		 536 if (free_skb)
537 kfree_skb(skb);
1da177e4
LT		 538}
539
91f5cca3
AM		 540static void hidp_recv_intr_frame(struct hidp_session *session,
541 struct sk_buff *skb)
1da177e4
LT		 542{
543 unsigned char hdr;
544
545 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
546
547 hdr = skb->data[0];
548 skb_pull(skb, 1);
549
550 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
551 hidp_set_timer(session);
e1aaadd4 552
1da177e4
LT		 553 if (session->input)
554 hidp_input_report(session, skb);
e1aaadd4
MH		 555
556 if (session->hid) {
557 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
558 BT_DBG("report len %d", skb->len);
559 }
1da177e4
LT		 560 } else {
561 BT_DBG("Unsupported protocol header 0x%02x", hdr);
562 }
563
564 kfree_skb(skb);
565}
566
567static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
568{
569 struct kvec iv = { data, len };
570 struct msghdr msg;
571
572 BT_DBG("sock %p data %p len %d", sock, data, len);
573
574 if (!len)
575 return 0;
576
577 memset(&msg, 0, sizeof(msg));
578
579 return kernel_sendmsg(sock, &msg, &iv, 1, len);
580}
581
7350e6cf
DH		 582/* dequeue message from @transmit and send via @sock */
583static void hidp_process_transmit(struct hidp_session *session,
584 struct sk_buff_head *transmit,
585 struct socket *sock)
1da177e4
LT		 586{
587 struct sk_buff *skb;
2df01200 588 int ret;
1da177e4
LT		 589
590 BT_DBG("session %p", session);
591
7350e6cf
DH		 592 while ((skb = skb_dequeue(transmit))) {
593 ret = hidp_send_frame(sock, skb->data, skb->len);
2df01200 594 if (ret == -EAGAIN) {
7350e6cf 595 skb_queue_head(transmit, skb);
1da177e4 596 break;
2df01200
DH		 597 } else if (ret < 0) {
598 hidp_session_terminate(session);
599 kfree_skb(skb);
600 break;
1da177e4
LT		 601 }
602
603 hidp_set_timer(session);
604 kfree_skb(skb);
605 }
1da177e4
LT		 606}
607
91f5cca3
AM		 608static int hidp_setup_input(struct hidp_session *session,
609 struct hidp_connadd_req *req)
1da177e4 610{
c500c971 611 struct input_dev *input;
3415a5fd 612 int i;
1da177e4 613
c500c971
JS		 614 input = input_allocate_device();
615 if (!input)
616 return -ENOMEM;
617
618 session->input = input;
619
5be39466 620 input_set_drvdata(input, session);
1da177e4 621
34abf91f
DT		 622 input->name = "Bluetooth HID Boot Protocol Device";
623
1da177e4
LT		 624 input->id.bustype = BUS_BLUETOOTH;
625 input->id.vendor = req->vendor;
626 input->id.product = req->product;
627 input->id.version = req->version;
628
629 if (req->subclass & 0x40) {
630 set_bit(EV_KEY, input->evbit);
631 set_bit(EV_LED, input->evbit);
632 set_bit(EV_REP, input->evbit);
633
634 set_bit(LED_NUML, input->ledbit);
635 set_bit(LED_CAPSL, input->ledbit);
636 set_bit(LED_SCROLLL, input->ledbit);
637 set_bit(LED_COMPOSE, input->ledbit);
638 set_bit(LED_KANA, input->ledbit);
639
640 for (i = 0; i < sizeof(hidp_keycode); i++)
641 set_bit(hidp_keycode[i], input->keybit);
642 clear_bit(0, input->keybit);
643 }
644
645 if (req->subclass & 0x80) {
7b19ada2
JS		 646 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
647 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
648 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
649 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
650 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
651 BIT_MASK(BTN_EXTRA);
652 input->relbit[0] |= BIT_MASK(REL_WHEEL);
1da177e4
LT		 653 }
654
5205185d 655 input->dev.parent = &session->conn->hcon->dev;
0a85b964 656
1da177e4
LT		 657 input->event = hidp_input_event;
658
edad6388 659 return 0;
1da177e4
LT		 660}
661
f5ffd462
MH		 662static int hidp_open(struct hid_device *hid)
663{
664 return 0;
665}
666
667static void hidp_close(struct hid_device *hid)
668{
669}
670
c500c971
JS		 671static int hidp_parse(struct hid_device *hid)
672{
673 struct hidp_session *session = hid->driver_data;
c500c971 674
15c697ce
MP		 675 return hid_parse_report(session->hid, session->rd_data,
676 session->rd_size);
c500c971
JS		 677}
678
679static int hidp_start(struct hid_device *hid)
680{
681 struct hidp_session *session = hid->driver_data;
682 struct hid_report *report;
683
142c69c6
DH		 684 if (hid->quirks & HID_QUIRK_NO_INIT_REPORTS)
685 return 0;
686
c500c971
JS		 687 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
688 report_list, list)
689 hidp_send_report(session, report);
690
691 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
692 report_list, list)
693 hidp_send_report(session, report);
694
c500c971
JS		 695 return 0;
696}
697
698static void hidp_stop(struct hid_device *hid)
699{
700 struct hidp_session *session = hid->driver_data;
701
702 skb_queue_purge(&session->ctrl_transmit);
703 skb_queue_purge(&session->intr_transmit);
704
c500c971
JS		 705 hid->claimed = 0;
706}
707
708static struct hid_ll_driver hidp_hid_driver = {
709 .parse = hidp_parse,
710 .start = hidp_start,
711 .stop = hidp_stop,
712 .open = hidp_open,
713 .close = hidp_close,
c500c971
JS		 714};
715
0f69dca2
AO		 716/* This function sets up the hid device. It does not add it
717 to the HID system. That is done in hidp_add_connection(). */
85cdaf52 718static int hidp_setup_hid(struct hidp_session *session,
91f5cca3 719 struct hidp_connadd_req *req)
e1aaadd4 720{
c500c971 721 struct hid_device *hid;
edad6388 722 int err;
e1aaadd4 723
15c697ce
MP		 724 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
725 if (!session->rd_data)
726 return -ENOMEM;
727
728 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
729 err = -EFAULT;
730 goto fault;
731 }
732 session->rd_size = req->rd_size;
733
c500c971 734 hid = hid_allocate_device();
15c697ce
MP		 735 if (IS_ERR(hid)) {
736 err = PTR_ERR(hid);
737 goto fault;
738 }
e1aaadd4 739
c500c971 740 session->hid = hid;
15c697ce 741
e1aaadd4
MH		 742 hid->driver_data = session;
743
e1aaadd4
MH		 744 hid->bus = BUS_BLUETOOTH;
745 hid->vendor = req->vendor;
746 hid->product = req->product;
747 hid->version = req->version;
c500c971 748 hid->country = req->country;
e1aaadd4 749
0a9ab9bd 750 strncpy(hid->name, req->name, sizeof(req->name) - 1);
fcb73338
AE		 751
752 snprintf(hid->phys, sizeof(hid->phys), "%pMR",
753 &bt_sk(session->ctrl_sock->sk)->src);
754
755 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
756 &bt_sk(session->ctrl_sock->sk)->dst);
e1aaadd4 757
5205185d 758 hid->dev.parent = &session->conn->hcon->dev;
c500c971 759 hid->ll_driver = &hidp_hid_driver;
85cdaf52 760
0ff1731a 761 hid->hid_get_raw_report = hidp_get_raw_report;
2da31939
JK		 762 hid->hid_output_raw_report = hidp_output_raw_report;
763
4529eefa
LS		 764 /* True if device is blacklisted in drivers/hid/hid-core.c */
765 if (hid_ignore(hid)) {
766 hid_destroy_device(session->hid);
767 session->hid = NULL;
768 return -ENODEV;
769 }
770
c500c971 771 return 0;
edad6388 772
15c697ce
MP		 773fault:
774 kfree(session->rd_data);
775 session->rd_data = NULL;
776
edad6388 777 return err;
e1aaadd4
MH		 778}
779
b4f34d8d
DH		 780/* initialize session devices */
781static int hidp_session_dev_init(struct hidp_session *session,
782 struct hidp_connadd_req *req)
783{
784 int ret;
785
786 if (req->rd_size > 0) {
787 ret = hidp_setup_hid(session, req);
788 if (ret && ret != -ENODEV)
789 return ret;
790 }
791
792 if (!session->hid) {
793 ret = hidp_setup_input(session, req);
794 if (ret < 0)
795 return ret;
796 }
797
798 return 0;
799}
800
801/* destroy session devices */
802static void hidp_session_dev_destroy(struct hidp_session *session)
803{
804 if (session->hid)
805 put_device(&session->hid->dev);
806 else if (session->input)
807 input_put_device(session->input);
808
809 kfree(session->rd_data);
810 session->rd_data = NULL;
811}
812
813/* add HID/input devices to their underlying bus systems */
814static int hidp_session_dev_add(struct hidp_session *session)
815{
816 int ret;
817
818 /* Both HID and input systems drop a ref-count when unregistering the
819 * device but they don't take a ref-count when registering them. Work
820 * around this by explicitly taking a refcount during registration
821 * which is dropped automatically by unregistering the devices. */
822
823 if (session->hid) {
824 ret = hid_add_device(session->hid);
825 if (ret)
826 return ret;
827 get_device(&session->hid->dev);
828 } else if (session->input) {
829 ret = input_register_device(session->input);
830 if (ret)
831 return ret;
832 input_get_device(session->input);
833 }
834
835 return 0;
836}
837
838/* remove HID/input devices from their bus systems */
839static void hidp_session_dev_del(struct hidp_session *session)
840{
841 if (session->hid)
842 hid_destroy_device(session->hid);
843 else if (session->input)
844 input_unregister_device(session->input);
845}
846
4e713cdf
DH		 847/*
848 * Asynchronous device registration
849 * HID device drivers might want to perform I/O during initialization to
850 * detect device types. Therefore, call device registration in a separate
851 * worker so the HIDP thread can schedule I/O operations.
852 * Note that this must be called after the worker thread was initialized
853 * successfully. This will then add the devices and increase session state
854 * on success, otherwise it will terminate the session thread.
855 */
856static void hidp_session_dev_work(struct work_struct *work)
857{
858 struct hidp_session *session = container_of(work,
859 struct hidp_session,
860 dev_init);
861 int ret;
862
863 ret = hidp_session_dev_add(session);
864 if (!ret)
865 atomic_inc(&session->state);
866 else
867 hidp_session_terminate(session);
868}
869
b4f34d8d
DH		 870/*
871 * Create new session object
872 * Allocate session object, initialize static fields, copy input data into the
873 * object and take a reference to all sub-objects.
874 * This returns 0 on success and puts a pointer to the new session object in
875 * \out. Otherwise, an error code is returned.
876 * The new session object has an initial ref-count of 1.
877 */
878static int hidp_session_new(struct hidp_session **out, const bdaddr_t *bdaddr,
879 struct socket *ctrl_sock,
880 struct socket *intr_sock,
881 struct hidp_connadd_req *req,
882 struct l2cap_conn *conn)
883{
884 struct hidp_session *session;
885 int ret;
886 struct bt_sock *ctrl, *intr;
887
888 ctrl = bt_sk(ctrl_sock->sk);
889 intr = bt_sk(intr_sock->sk);
890
891 session = kzalloc(sizeof(*session), GFP_KERNEL);
892 if (!session)
893 return -ENOMEM;
894
895 /* object and runtime management */
896 kref_init(&session->ref);
897 atomic_set(&session->state, HIDP_SESSION_IDLING);
898 init_waitqueue_head(&session->state_queue);
899 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
900
901 /* connection management */
902 bacpy(&session->bdaddr, bdaddr);
903 session->conn = conn;
904 session->user.probe = hidp_session_probe;
905 session->user.remove = hidp_session_remove;
906 session->ctrl_sock = ctrl_sock;
907 session->intr_sock = intr_sock;
908 skb_queue_head_init(&session->ctrl_transmit);
909 skb_queue_head_init(&session->intr_transmit);
910 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl)->chan->omtu,
911 l2cap_pi(ctrl)->chan->imtu);
912 session->intr_mtu = min_t(uint, l2cap_pi(intr)->chan->omtu,
913 l2cap_pi(intr)->chan->imtu);
914 session->idle_to = req->idle_to;
915
916 /* device management */
4e713cdf 917 INIT_WORK(&session->dev_init, hidp_session_dev_work);
b4f34d8d
DH		 918 setup_timer(&session->timer, hidp_idle_timeout,
919 (unsigned long)session);
920
921 /* session data */
922 mutex_init(&session->report_mutex);
923 init_waitqueue_head(&session->report_queue);
924
925 ret = hidp_session_dev_init(session, req);
926 if (ret)
927 goto err_free;
928
929 l2cap_conn_get(session->conn);
930 get_file(session->intr_sock->file);
931 get_file(session->ctrl_sock->file);
932 *out = session;
933 return 0;
934
935err_free:
936 kfree(session);
937 return ret;
938}
939
940/* increase ref-count of the given session by one */
941static void hidp_session_get(struct hidp_session *session)
942{
943 kref_get(&session->ref);
944}
945
946/* release callback */
947static void session_free(struct kref *ref)
948{
949 struct hidp_session *session = container_of(ref, struct hidp_session,
950 ref);
951
952 hidp_session_dev_destroy(session);
953 skb_queue_purge(&session->ctrl_transmit);
954 skb_queue_purge(&session->intr_transmit);
955 fput(session->intr_sock->file);
956 fput(session->ctrl_sock->file);
957 l2cap_conn_put(session->conn);
958 kfree(session);
959}
960
961/* decrease ref-count of the given session by one */
962static void hidp_session_put(struct hidp_session *session)
963{
964 kref_put(&session->ref, session_free);
965}
966
967/*
968 * Search the list of active sessions for a session with target address
969 * \bdaddr. You must hold at least a read-lock on \hidp_session_sem. As long as
970 * you do not release this lock, the session objects cannot vanish and you can
971 * safely take a reference to the session yourself.
972 */
973static struct hidp_session *__hidp_session_find(const bdaddr_t *bdaddr)
974{
975 struct hidp_session *session;
976
977 list_for_each_entry(session, &hidp_session_list, list) {
978 if (!bacmp(bdaddr, &session->bdaddr))
979 return session;
980 }
981
982 return NULL;
983}
984
985/*
986 * Same as __hidp_session_find() but no locks must be held. This also takes a
987 * reference of the returned session (if non-NULL) so you must drop this
988 * reference if you no longer use the object.
989 */
990static struct hidp_session *hidp_session_find(const bdaddr_t *bdaddr)
991{
992 struct hidp_session *session;
993
994 down_read(&hidp_session_sem);
995
996 session = __hidp_session_find(bdaddr);
997 if (session)
998 hidp_session_get(session);
999
1000 up_read(&hidp_session_sem);
1001
1002 return session;
1003}
1004
1005/*
1006 * Start session synchronously
1007 * This starts a session thread and waits until initialization
1008 * is done or returns an error if it couldn't be started.
1009 * If this returns 0 the session thread is up and running. You must call
1010 * hipd_session_stop_sync() before deleting any runtime resources.
1011 */
1012static int hidp_session_start_sync(struct hidp_session *session)
1013{
1014 unsigned int vendor, product;
1015
1016 if (session->hid) {
1017 vendor = session->hid->vendor;
1018 product = session->hid->product;
1019 } else if (session->input) {
1020 vendor = session->input->id.vendor;
1021 product = session->input->id.product;
1022 } else {
1023 vendor = 0x0000;
1024 product = 0x0000;
1025 }
1026
1027 session->task = kthread_run(hidp_session_thread, session,
1028 "khidpd_%04x%04x", vendor, product);
1029 if (IS_ERR(session->task))
1030 return PTR_ERR(session->task);
1031
1032 while (atomic_read(&session->state) <= HIDP_SESSION_IDLING)
1033 wait_event(session->state_queue,
1034 atomic_read(&session->state) > HIDP_SESSION_IDLING);
1035
1036 return 0;
1037}
1038
1039/*
1040 * Terminate session thread
1041 * Wake up session thread and notify it to stop. This is asynchronous and
1042 * returns immediately. Call this whenever a runtime error occurs and you want
1043 * the session to stop.
1044 * Note: wake_up_process() performs any necessary memory-barriers for us.
1045 */
1046static void hidp_session_terminate(struct hidp_session *session)
1047{
1048 atomic_inc(&session->terminate);
1049 wake_up_process(session->task);
1050}
1051
1052/*
1053 * Probe HIDP session
1054 * This is called from the l2cap_conn core when our l2cap_user object is bound
1055 * to the hci-connection. We get the session via the \user object and can now
4e713cdf
DH		 1056 * start the session thread, link it into the global session list and
1057 * schedule HID/input device registration.
b4f34d8d
DH		 1058 * The global session-list owns its own reference to the session object so you
1059 * can drop your own reference after registering the l2cap_user object.
1060 */
1061static int hidp_session_probe(struct l2cap_conn *conn,
1062 struct l2cap_user *user)
1063{
1064 struct hidp_session *session = container_of(user,
1065 struct hidp_session,
1066 user);
1067 struct hidp_session *s;
1068 int ret;
1069
1070 down_write(&hidp_session_sem);
1071
1072 /* check that no other session for this device exists */
1073 s = __hidp_session_find(&session->bdaddr);
1074 if (s) {
1075 ret = -EEXIST;
1076 goto out_unlock;
1077 }
1078
4e713cdf
DH		 1079 if (session->input) {
1080 ret = hidp_session_dev_add(session);
1081 if (ret)
1082 goto out_unlock;
1083 }
1084
b4f34d8d
DH		 1085 ret = hidp_session_start_sync(session);
1086 if (ret)
4e713cdf 1087 goto out_del;
b4f34d8d 1088
4e713cdf
DH		 1089 /* HID device registration is async to allow I/O during probe */
1090 if (session->input)
1091 atomic_inc(&session->state);
1092 else
1093 schedule_work(&session->dev_init);
b4f34d8d
DH		 1094
1095 hidp_session_get(session);
1096 list_add(&session->list, &hidp_session_list);
1097 ret = 0;
1098 goto out_unlock;
1099
4e713cdf
DH		 1100out_del:
1101 if (session->input)
1102 hidp_session_dev_del(session);
b4f34d8d
DH		 1103out_unlock:
1104 up_write(&hidp_session_sem);
1105 return ret;
1106}
1107
1108/*
1109 * Remove HIDP session
1110 * Called from the l2cap_conn core when either we explicitly unregistered
1111 * the l2cap_user object or if the underlying connection is shut down.
1112 * We signal the hidp-session thread to shut down, unregister the HID/input
1113 * devices and unlink the session from the global list.
1114 * This drops the reference to the session that is owned by the global
1115 * session-list.
1116 * Note: We _must_ not synchronosly wait for the session-thread to shut down.
1117 * This is, because the session-thread might be waiting for an HCI lock that is
1118 * held while we are called. Therefore, we only unregister the devices and
1119 * notify the session-thread to terminate. The thread itself owns a reference
1120 * to the session object so it can safely shut down.
1121 */
1122static void hidp_session_remove(struct l2cap_conn *conn,
1123 struct l2cap_user *user)
1124{
1125 struct hidp_session *session = container_of(user,
1126 struct hidp_session,
1127 user);
1128
1129 down_write(&hidp_session_sem);
1130
1131 hidp_session_terminate(session);
4e713cdf
DH		 1132
1133 cancel_work_sync(&session->dev_init);
1134 if (session->input ||
1135 atomic_read(&session->state) > HIDP_SESSION_PREPARING)
1136 hidp_session_dev_del(session);
1137
b4f34d8d
DH		 1138 list_del(&session->list);
1139
1140 up_write(&hidp_session_sem);
1141
1142 hidp_session_put(session);
1143}
1144
1145/*
1146 * Session Worker
1147 * This performs the actual main-loop of the HIDP worker. We first check
1148 * whether the underlying connection is still alive, then parse all pending
1149 * messages and finally send all outstanding messages.
1150 */
1151static void hidp_session_run(struct hidp_session *session)
1152{
1153 struct sock *ctrl_sk = session->ctrl_sock->sk;
1154 struct sock *intr_sk = session->intr_sock->sk;
1155 struct sk_buff *skb;
1156
1157 for (;;) {
1158 /*
1159 * This thread can be woken up two ways:
1160 * - You call hidp_session_terminate() which sets the
1161 * session->terminate flag and wakes this thread up.
1162 * - Via modifying the socket state of ctrl/intr_sock. This
1163 * thread is woken up by ->sk_state_changed().
1164 *
1165 * Note: set_current_state() performs any necessary
1166 * memory-barriers for us.
1167 */
1168 set_current_state(TASK_INTERRUPTIBLE);
1169
1170 if (atomic_read(&session->terminate))
1171 break;
1172
1173 if (ctrl_sk->sk_state != BT_CONNECTED ||
1174 intr_sk->sk_state != BT_CONNECTED)
1175 break;
1176
1177 /* parse incoming intr-skbs */
1178 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
1179 skb_orphan(skb);
1180 if (!skb_linearize(skb))
1181 hidp_recv_intr_frame(session, skb);
1182 else
1183 kfree_skb(skb);
1184 }
1185
1186 /* send pending intr-skbs */
7350e6cf
DH		 1187 hidp_process_transmit(session, &session->intr_transmit,
1188 session->intr_sock);
b4f34d8d
DH		 1189
1190 /* parse incoming ctrl-skbs */
1191 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
1192 skb_orphan(skb);
1193 if (!skb_linearize(skb))
1194 hidp_recv_ctrl_frame(session, skb);
1195 else
1196 kfree_skb(skb);
1197 }
1198
1199 /* send pending ctrl-skbs */
7350e6cf
DH		 1200 hidp_process_transmit(session, &session->ctrl_transmit,
1201 session->ctrl_sock);
b4f34d8d
DH		 1202
1203 schedule();
1204 }
1205
1206 atomic_inc(&session->terminate);
1207 set_current_state(TASK_RUNNING);
1208}
1209
1210/*
1211 * HIDP session thread
1212 * This thread runs the I/O for a single HIDP session. Startup is synchronous
1213 * which allows us to take references to ourself here instead of doing that in
1214 * the caller.
1215 * When we are ready to run we notify the caller and call hidp_session_run().
1216 */
1217static int hidp_session_thread(void *arg)
1218{
1219 struct hidp_session *session = arg;
1220 wait_queue_t ctrl_wait, intr_wait;
1221
1222 BT_DBG("session %p", session);
1223
1224 /* initialize runtime environment */
1225 hidp_session_get(session);
1226 __module_get(THIS_MODULE);
1227 set_user_nice(current, -15);
1228 hidp_set_timer(session);
1229
1230 init_waitqueue_entry(&ctrl_wait, current);
1231 init_waitqueue_entry(&intr_wait, current);
1232 add_wait_queue(sk_sleep(session->ctrl_sock->sk), &ctrl_wait);
1233 add_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1234 /* This memory barrier is paired with wq_has_sleeper(). See
1235 * sock_poll_wait() for more information why this is needed. */
1236 smp_mb();
1237
1238 /* notify synchronous startup that we're ready */
1239 atomic_inc(&session->state);
1240 wake_up(&session->state_queue);
1241
1242 /* run session */
1243 hidp_session_run(session);
1244
1245 /* cleanup runtime environment */
1246 remove_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1247 remove_wait_queue(sk_sleep(session->intr_sock->sk), &ctrl_wait);
1248 wake_up_interruptible(&session->report_queue);
1249 hidp_del_timer(session);
1250
1251 /*
1252 * If we stopped ourself due to any internal signal, we should try to
1253 * unregister our own session here to avoid having it linger until the
1254 * parent l2cap_conn dies or user-space cleans it up.
1255 * This does not deadlock as we don't do any synchronous shutdown.
1256 * Instead, this call has the same semantics as if user-space tried to
1257 * delete the session.
1258 */
1259 l2cap_unregister_user(session->conn, &session->user);
1260 hidp_session_put(session);
1261
1262 module_put_and_exit(0);
1263 return 0;
1264}
1265
1266static int hidp_verify_sockets(struct socket *ctrl_sock,
1267 struct socket *intr_sock)
1268{
1269 struct bt_sock *ctrl, *intr;
1270 struct hidp_session *session;
1271
1272 if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock))
1273 return -EINVAL;
1274
1275 ctrl = bt_sk(ctrl_sock->sk);
1276 intr = bt_sk(intr_sock->sk);
1277
1278 if (bacmp(&ctrl->src, &intr->src) || bacmp(&ctrl->dst, &intr->dst))
1279 return -ENOTUNIQ;
1280 if (ctrl->sk.sk_state != BT_CONNECTED ||
1281 intr->sk.sk_state != BT_CONNECTED)
1282 return -EBADFD;
1283
1284 /* early session check, we check again during session registration */
1285 session = hidp_session_find(&ctrl->dst);
1286 if (session) {
1287 hidp_session_put(session);
1288 return -EEXIST;
1289 }
1290
1291 return 0;
1292}
1293
1294int hidp_connection_add(struct hidp_connadd_req *req,
1295 struct socket *ctrl_sock,
1296 struct socket *intr_sock)
1297{
1298 struct hidp_session *session;
1299 struct l2cap_conn *conn;
1300 struct l2cap_chan *chan = l2cap_pi(ctrl_sock->sk)->chan;
1301 int ret;
1302
1303 ret = hidp_verify_sockets(ctrl_sock, intr_sock);
1304 if (ret)
1305 return ret;
1306
1307 conn = NULL;
1308 l2cap_chan_lock(chan);
1309 if (chan->conn) {
1310 l2cap_conn_get(chan->conn);
1311 conn = chan->conn;
1312 }
1313 l2cap_chan_unlock(chan);
1314
1315 if (!conn)
1316 return -EBADFD;
1317
1318 ret = hidp_session_new(&session, &bt_sk(ctrl_sock->sk)->dst, ctrl_sock,
1319 intr_sock, req, conn);
1320 if (ret)
1321 goto out_conn;
1322
1323 ret = l2cap_register_user(conn, &session->user);
1324 if (ret)
1325 goto out_session;
1326
1327 ret = 0;
1328
1329out_session:
1330 hidp_session_put(session);
1331out_conn:
1332 l2cap_conn_put(conn);
1333 return ret;
1334}
1335
1336int hidp_connection_del(struct hidp_conndel_req *req)
1337{
1338 struct hidp_session *session;
1339
1340 session = hidp_session_find(&req->bdaddr);
1341 if (!session)
1342 return -ENOENT;
1343
1344 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG))
1345 hidp_send_ctrl_message(session,
1346 HIDP_TRANS_HID_CONTROL |
1347 HIDP_CTRL_VIRTUAL_CABLE_UNPLUG,
1348 NULL, 0);
1349 else
1350 l2cap_unregister_user(session->conn, &session->user);
1351
1352 hidp_session_put(session);
1353
1354 return 0;
1355}
1356
1da177e4
LT		 1357int hidp_get_connlist(struct hidp_connlist_req *req)
1358{
cd11cdd2 1359 struct hidp_session *session;
1da177e4
LT		 1360 int err = 0, n = 0;
1361
1362 BT_DBG("");
1363
1364 down_read(&hidp_session_sem);
1365
cd11cdd2 1366 list_for_each_entry(session, &hidp_session_list, list) {
1da177e4
LT		 1367 struct hidp_conninfo ci;
1368
5205185d 1369 hidp_copy_session(session, &ci);
1da177e4
LT		 1370
1371 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1372 err = -EFAULT;
1373 break;
1374 }
1375
1376 if (++n >= req->cnum)
1377 break;
1378
1379 req->ci++;
1380 }
1381 req->cnum = n;
1382
1383 up_read(&hidp_session_sem);
1384 return err;
1385}
1386
1387int hidp_get_conninfo(struct hidp_conninfo *ci)
1388{
1389 struct hidp_session *session;
1da177e4 1390
5205185d
DH		 1391 session = hidp_session_find(&ci->bdaddr);
1392 if (session) {
1393 hidp_copy_session(session, ci);
1394 hidp_session_put(session);
1395 }
1da177e4 1396
5205185d 1397 return session ? 0 : -ENOENT;
1da177e4
LT		 1398}
1399
1400static int __init hidp_init(void)
1401{
1da177e4
LT		 1402 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1403
8215d557 1404 return hidp_init_sockets();
1da177e4
LT		 1405}
1406
1407static void __exit hidp_exit(void)
1408{
1409 hidp_cleanup_sockets();
1410}
1411
1412module_init(hidp_init);
1413module_exit(hidp_exit);
1414
1415MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
b4f34d8d 1416MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>");
1da177e4
LT		 1417MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1418MODULE_VERSION(VERSION);
1419MODULE_LICENSE("GPL");
1420MODULE_ALIAS("bt-proto-6");
ubuntu-zesty-kernel mirror