]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/bluetooth/hidp/core.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: hidp: merge 'send' functions into hidp_send_message()
[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / hidp / core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
b4f34d8d 4 Copyright (C) 2013 David Herrmann <dh.herrmann@gmail.com>
1da177e4
LT		 5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
8e87d142
YH		 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 21 SOFTWARE IS DISCLAIMED.
22*/
23
b4f34d8d 24#include <linux/kref.h>
1da177e4 25#include <linux/module.h>
1da177e4 26#include <linux/file.h>
aabf6f89 27#include <linux/kthread.h>
364f6351 28#include <linux/hidraw.h>
1da177e4
LT		 29
30#include <net/bluetooth/bluetooth.h>
0a85b964 31#include <net/bluetooth/hci_core.h>
1da177e4
LT		 32#include <net/bluetooth/l2cap.h>
33
34#include "hidp.h"
35
e1aaadd4 36#define VERSION "1.2"
1da177e4
LT		 37
38static DECLARE_RWSEM(hidp_session_sem);
39static LIST_HEAD(hidp_session_list);
40
41static unsigned char hidp_keycode[256] = {
17f09a7e
SJ		 42 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36,
43 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45,
44 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1,
45 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52,
46 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88,
47 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69,
48 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73,
49 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
50 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
51 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94,
52 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0,
53 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
54 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
55 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
56 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
57 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
58 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115,
59 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
1da177e4
LT		 60};
61
62static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
63
b4f34d8d
DH		 64static int hidp_session_probe(struct l2cap_conn *conn,
65 struct l2cap_user *user);
66static void hidp_session_remove(struct l2cap_conn *conn,
67 struct l2cap_user *user);
68static int hidp_session_thread(void *arg);
69static void hidp_session_terminate(struct hidp_session *s);
70
5205185d 71static void hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
1da177e4 72{
d31dbf6e 73 memset(ci, 0, sizeof(*ci));
1da177e4
LT		 74 bacpy(&ci->bdaddr, &session->bdaddr);
75
76 ci->flags = session->flags;
dcc07647 77 ci->state = BT_CONNECTED;
1da177e4
LT		 78
79 ci->vendor = 0x0000;
80 ci->product = 0x0000;
81 ci->version = 0x0000;
1da177e4
LT		 82
83 if (session->input) {
84 ci->vendor = session->input->id.vendor;
85 ci->product = session->input->id.product;
86 ci->version = session->input->id.version;
87 if (session->input->name)
88 strncpy(ci->name, session->input->name, 128);
89 else
90 strncpy(ci->name, "HID Boot Device", 128);
91 }
e1aaadd4
MH		 92
93 if (session->hid) {
94 ci->vendor = session->hid->vendor;
95 ci->product = session->hid->product;
96 ci->version = session->hid->version;
97 strncpy(ci->name, session->hid->name, 128);
98 }
1da177e4
LT		 99}
100
41edc0c0
DH		 101/* assemble skb, queue message on @transmit and wake up the session thread */
102static int hidp_send_message(struct hidp_session *session, struct socket *sock,
103 struct sk_buff_head *transmit, unsigned char hdr,
104 const unsigned char *data, int size)
105{
106 struct sk_buff *skb;
107 struct sock *sk = sock->sk;
108
109 BT_DBG("session %p data %p size %d", session, data, size);
110
111 if (atomic_read(&session->terminate))
112 return -EIO;
113
114 skb = alloc_skb(size + 1, GFP_ATOMIC);
115 if (!skb) {
116 BT_ERR("Can't allocate memory for new frame");
117 return -ENOMEM;
118 }
119
120 *skb_put(skb, 1) = hdr;
121 if (data && size > 0)
122 memcpy(skb_put(skb, size), data, size);
123
124 skb_queue_tail(transmit, skb);
125 wake_up_interruptible(sk_sleep(sk));
126
127 return 0;
128}
129
130static int hidp_send_ctrl_message(struct hidp_session *session,
131 unsigned char hdr, const unsigned char *data,
132 int size)
133{
134 return hidp_send_message(session, session->ctrl_sock,
135 &session->ctrl_transmit, hdr, data, size);
136}
137
138static int hidp_send_intr_message(struct hidp_session *session,
139 unsigned char hdr, const unsigned char *data,
140 int size)
141{
142 return hidp_send_message(session, session->intr_sock,
143 &session->intr_transmit, hdr, data, size);
144}
145
91f5cca3
AM		 146static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
147 unsigned int type, unsigned int code, int value)
1da177e4 148{
1da177e4 149 unsigned char newleds;
41edc0c0 150 unsigned char hdr, data[2];
1da177e4 151
e1aaadd4 152 BT_DBG("session %p type %d code %d value %d", session, type, code, value);
1da177e4
LT		 153
154 if (type != EV_LED)
155 return -1;
156
157 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
158 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
159 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
160 (!!test_bit(LED_CAPSL, dev->led) << 1) |
161 (!!test_bit(LED_NUML, dev->led));
162
163 if (session->leds == newleds)
164 return 0;
165
166 session->leds = newleds;
167
41edc0c0
DH		 168 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
169 data[0] = 0x01;
170 data[1] = newleds;
1da177e4 171
41edc0c0 172 return hidp_send_intr_message(session, hdr, data, 2);
1da177e4
LT		 173}
174
e1aaadd4
MH		 175static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
176{
5be39466 177 struct hid_device *hid = input_get_drvdata(dev);
e1aaadd4
MH		 178 struct hidp_session *session = hid->driver_data;
179
180 return hidp_queue_event(session, dev, type, code, value);
181}
182
183static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
184{
5be39466 185 struct hidp_session *session = input_get_drvdata(dev);
e1aaadd4
MH		 186
187 return hidp_queue_event(session, dev, type, code, value);
188}
189
1da177e4
LT		 190static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
191{
192 struct input_dev *dev = session->input;
193 unsigned char *keys = session->keys;
194 unsigned char *udata = skb->data + 1;
195 signed char *sdata = skb->data + 1;
196 int i, size = skb->len - 1;
197
198 switch (skb->data[0]) {
199 case 0x01: /* Keyboard report */
200 for (i = 0; i < 8; i++)
201 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
202
203 /* If all the key codes have been set to 0x01, it means
204 * too many keys were pressed at the same time. */
205 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
206 break;
207
208 for (i = 2; i < 8; i++) {
209 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
210 if (hidp_keycode[keys[i]])
211 input_report_key(dev, hidp_keycode[keys[i]], 0);
212 else
213 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
214 }
215
216 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
217 if (hidp_keycode[udata[i]])
218 input_report_key(dev, hidp_keycode[udata[i]], 1);
219 else
220 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
221 }
222 }
223
224 memcpy(keys, udata, 8);
225 break;
226
227 case 0x02: /* Mouse report */
228 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
229 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
230 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
231 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
232 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
233
234 input_report_rel(dev, REL_X, sdata[1]);
235 input_report_rel(dev, REL_Y, sdata[2]);
236
237 if (size > 3)
238 input_report_rel(dev, REL_WHEEL, sdata[3]);
239 break;
240 }
241
242 input_sync(dev);
243}
244
e1aaadd4
MH		 245static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
246{
41edc0c0 247 unsigned char buf[32], hdr;
e1aaadd4
MH		 248 int rsize;
249
250 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
251 if (rsize > sizeof(buf))
252 return -EIO;
253
254 hid_output_report(report, buf);
41edc0c0 255 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
e1aaadd4 256
41edc0c0 257 return hidp_send_intr_message(session, hdr, buf, rsize);
e1aaadd4
MH		 258}
259
0ff1731a
AO		 260static int hidp_get_raw_report(struct hid_device *hid,
261 unsigned char report_number,
262 unsigned char *data, size_t count,
263 unsigned char report_type)
264{
265 struct hidp_session *session = hid->driver_data;
266 struct sk_buff *skb;
267 size_t len;
268 int numbered_reports = hid->report_enum[report_type].numbered;
794d1756 269 int ret;
0ff1731a 270
fd86c9be
KR		 271 if (atomic_read(&session->terminate))
272 return -EIO;
273
0ff1731a
AO		 274 switch (report_type) {
275 case HID_FEATURE_REPORT:
276 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
277 break;
278 case HID_INPUT_REPORT:
279 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
280 break;
281 case HID_OUTPUT_REPORT:
282 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
283 break;
284 default:
285 return -EINVAL;
286 }
287
288 if (mutex_lock_interruptible(&session->report_mutex))
289 return -ERESTARTSYS;
290
291 /* Set up our wait, and send the report request to the device. */
292 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
293 session->waiting_report_number = numbered_reports ? report_number : -1;
294 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
295 data[0] = report_number;
41edc0c0 296 ret = hidp_send_ctrl_message(session, report_type, data, 1);
794d1756
DH		 297 if (ret)
298 goto err;
0ff1731a
AO		 299
300 /* Wait for the return of the report. The returned report
301 gets put in session->report_return. */
e3492dc3
DH		 302 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
303 !atomic_read(&session->terminate)) {
0ff1731a
AO		 304 int res;
305
306 res = wait_event_interruptible_timeout(session->report_queue,
e3492dc3
DH		 307 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)
308 || atomic_read(&session->terminate),
0ff1731a
AO		 309 5*HZ);
310 if (res == 0) {
311 /* timeout */
794d1756
DH		 312 ret = -EIO;
313 goto err;
0ff1731a
AO		 314 }
315 if (res < 0) {
316 /* signal */
794d1756
DH		 317 ret = -ERESTARTSYS;
318 goto err;
0ff1731a
AO		 319 }
320 }
321
322 skb = session->report_return;
323 if (skb) {
324 len = skb->len < count ? skb->len : count;
325 memcpy(data, skb->data, len);
326
327 kfree_skb(skb);
328 session->report_return = NULL;
329 } else {
330 /* Device returned a HANDSHAKE, indicating protocol error. */
331 len = -EIO;
332 }
333
334 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
335 mutex_unlock(&session->report_mutex);
336
337 return len;
338
794d1756 339err:
0ff1731a
AO		 340 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
341 mutex_unlock(&session->report_mutex);
794d1756 342 return ret;
0ff1731a
AO		 343}
344
d4bfa033
JK		 345static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
346 unsigned char report_type)
2da31939 347{
0825411a
AO		 348 struct hidp_session *session = hid->driver_data;
349 int ret;
350
d4bfa033
JK		 351 switch (report_type) {
352 case HID_FEATURE_REPORT:
353 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
354 break;
355 case HID_OUTPUT_REPORT:
41edc0c0 356 report_type = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
d4bfa033
JK		 357 break;
358 default:
359 return -EINVAL;
360 }
361
0825411a
AO		 362 if (mutex_lock_interruptible(&session->report_mutex))
363 return -ERESTARTSYS;
364
365 /* Set up our wait, and send the report request to the device. */
366 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
41edc0c0 367 ret = hidp_send_ctrl_message(session, report_type, data, count);
794d1756 368 if (ret)
0825411a 369 goto err;
0825411a
AO		 370
371 /* Wait for the ACK from the device. */
e3492dc3
DH		 372 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) &&
373 !atomic_read(&session->terminate)) {
0825411a
AO		 374 int res;
375
376 res = wait_event_interruptible_timeout(session->report_queue,
e3492dc3
DH		 377 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)
378 || atomic_read(&session->terminate),
0825411a
AO		 379 10*HZ);
380 if (res == 0) {
381 /* timeout */
382 ret = -EIO;
383 goto err;
384 }
385 if (res < 0) {
386 /* signal */
387 ret = -ERESTARTSYS;
388 goto err;
389 }
390 }
391
392 if (!session->output_report_success) {
393 ret = -EIO;
394 goto err;
395 }
396
397 ret = count;
398
399err:
400 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
401 mutex_unlock(&session->report_mutex);
402 return ret;
2da31939
JK		 403}
404
1da177e4
LT		 405static void hidp_idle_timeout(unsigned long arg)
406{
407 struct hidp_session *session = (struct hidp_session *) arg;
408
5205185d 409 hidp_session_terminate(session);
1da177e4
LT		 410}
411
91f5cca3 412static void hidp_set_timer(struct hidp_session *session)
1da177e4
LT		 413{
414 if (session->idle_to > 0)
415 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
416}
417
6039aa73 418static void hidp_del_timer(struct hidp_session *session)
1da177e4
LT		 419{
420 if (session->idle_to > 0)
421 del_timer(&session->timer);
422}
423
91f5cca3
AM		 424static void hidp_process_handshake(struct hidp_session *session,
425 unsigned char param)
1da177e4
LT		 426{
427 BT_DBG("session %p param 0x%02x", session, param);
0825411a 428 session->output_report_success = 0; /* default condition */
1da177e4
LT		 429
430 switch (param) {
431 case HIDP_HSHK_SUCCESSFUL:
432 /* FIXME: Call into SET_ GET_ handlers here */
0825411a 433 session->output_report_success = 1;
1da177e4
LT		 434 break;
435
436 case HIDP_HSHK_NOT_READY:
437 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
438 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
439 case HIDP_HSHK_ERR_INVALID_PARAMETER:
ab88f714 440 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags))
0ff1731a 441 wake_up_interruptible(&session->report_queue);
ab88f714 442
1da177e4
LT		 443 /* FIXME: Call into SET_ GET_ handlers here */
444 break;
445
446 case HIDP_HSHK_ERR_UNKNOWN:
447 break;
448
449 case HIDP_HSHK_ERR_FATAL:
450 /* Device requests a reboot, as this is the only way this error
8e87d142 451 * can be recovered. */
41edc0c0 452 hidp_send_ctrl_message(session,
1da177e4
LT		 453 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
454 break;
455
456 default:
41edc0c0 457 hidp_send_ctrl_message(session,
1da177e4
LT		 458 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
459 break;
460 }
0825411a
AO		 461
462 /* Wake up the waiting thread. */
ab88f714 463 if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags))
0825411a 464 wake_up_interruptible(&session->report_queue);
1da177e4
LT		 465}
466
91f5cca3
AM		 467static void hidp_process_hid_control(struct hidp_session *session,
468 unsigned char param)
1da177e4
LT		 469{
470 BT_DBG("session %p param 0x%02x", session, param);
471
eff001e3 472 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
1da177e4
LT		 473 /* Flush the transmit queues */
474 skb_queue_purge(&session->ctrl_transmit);
475 skb_queue_purge(&session->intr_transmit);
476
5205185d 477 hidp_session_terminate(session);
1da177e4
LT		 478 }
479}
480
0ff1731a
AO		 481/* Returns true if the passed-in skb should be freed by the caller. */
482static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
91f5cca3 483 unsigned char param)
1da177e4 484{
0ff1731a 485 int done_with_skb = 1;
1da177e4
LT		 486 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
487
488 switch (param) {
489 case HIDP_DATA_RTYPE_INPUT:
490 hidp_set_timer(session);
491
492 if (session->input)
493 hidp_input_report(session, skb);
e1aaadd4
MH		 494
495 if (session->hid)
496 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
1da177e4
LT		 497 break;
498
499 case HIDP_DATA_RTYPE_OTHER:
500 case HIDP_DATA_RTYPE_OUPUT:
501 case HIDP_DATA_RTYPE_FEATURE:
502 break;
503
504 default:
41edc0c0 505 hidp_send_ctrl_message(session,
1da177e4
LT		 506 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
507 }
0ff1731a
AO		 508
509 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
510 param == session->waiting_report_type) {
511 if (session->waiting_report_number < 0 ||
512 session->waiting_report_number == skb->data[0]) {
513 /* hidp_get_raw_report() is waiting on this report. */
514 session->report_return = skb;
515 done_with_skb = 0;
516 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
517 wake_up_interruptible(&session->report_queue);
518 }
519 }
520
521 return done_with_skb;
1da177e4
LT		 522}
523
91f5cca3
AM		 524static void hidp_recv_ctrl_frame(struct hidp_session *session,
525 struct sk_buff *skb)
1da177e4
LT		 526{
527 unsigned char hdr, type, param;
0ff1731a 528 int free_skb = 1;
1da177e4
LT		 529
530 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
531
532 hdr = skb->data[0];
533 skb_pull(skb, 1);
534
535 type = hdr & HIDP_HEADER_TRANS_MASK;
536 param = hdr & HIDP_HEADER_PARAM_MASK;
537
538 switch (type) {
539 case HIDP_TRANS_HANDSHAKE:
540 hidp_process_handshake(session, param);
541 break;
542
543 case HIDP_TRANS_HID_CONTROL:
544 hidp_process_hid_control(session, param);
545 break;
546
547 case HIDP_TRANS_DATA:
0ff1731a 548 free_skb = hidp_process_data(session, skb, param);
1da177e4
LT		 549 break;
550
551 default:
41edc0c0 552 hidp_send_ctrl_message(session,
1da177e4
LT		 553 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
554 break;
555 }
556
0ff1731a
AO		 557 if (free_skb)
558 kfree_skb(skb);
1da177e4
LT		 559}
560
91f5cca3
AM		 561static void hidp_recv_intr_frame(struct hidp_session *session,
562 struct sk_buff *skb)
1da177e4
LT		 563{
564 unsigned char hdr;
565
566 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
567
568 hdr = skb->data[0];
569 skb_pull(skb, 1);
570
571 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
572 hidp_set_timer(session);
e1aaadd4 573
1da177e4
LT		 574 if (session->input)
575 hidp_input_report(session, skb);
e1aaadd4
MH		 576
577 if (session->hid) {
578 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
579 BT_DBG("report len %d", skb->len);
580 }
1da177e4
LT		 581 } else {
582 BT_DBG("Unsupported protocol header 0x%02x", hdr);
583 }
584
585 kfree_skb(skb);
586}
587
588static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
589{
590 struct kvec iv = { data, len };
591 struct msghdr msg;
592
593 BT_DBG("sock %p data %p len %d", sock, data, len);
594
595 if (!len)
596 return 0;
597
598 memset(&msg, 0, sizeof(msg));
599
600 return kernel_sendmsg(sock, &msg, &iv, 1, len);
601}
602
7350e6cf
DH		 603/* dequeue message from @transmit and send via @sock */
604static void hidp_process_transmit(struct hidp_session *session,
605 struct sk_buff_head *transmit,
606 struct socket *sock)
1da177e4
LT		 607{
608 struct sk_buff *skb;
2df01200 609 int ret;
1da177e4
LT		 610
611 BT_DBG("session %p", session);
612
7350e6cf
DH		 613 while ((skb = skb_dequeue(transmit))) {
614 ret = hidp_send_frame(sock, skb->data, skb->len);
2df01200 615 if (ret == -EAGAIN) {
7350e6cf 616 skb_queue_head(transmit, skb);
1da177e4 617 break;
2df01200
DH		 618 } else if (ret < 0) {
619 hidp_session_terminate(session);
620 kfree_skb(skb);
621 break;
1da177e4
LT		 622 }
623
624 hidp_set_timer(session);
625 kfree_skb(skb);
626 }
1da177e4
LT		 627}
628
91f5cca3
AM		 629static int hidp_setup_input(struct hidp_session *session,
630 struct hidp_connadd_req *req)
1da177e4 631{
c500c971 632 struct input_dev *input;
3415a5fd 633 int i;
1da177e4 634
c500c971
JS		 635 input = input_allocate_device();
636 if (!input)
637 return -ENOMEM;
638
639 session->input = input;
640
5be39466 641 input_set_drvdata(input, session);
1da177e4 642
34abf91f
DT		 643 input->name = "Bluetooth HID Boot Protocol Device";
644
1da177e4
LT		 645 input->id.bustype = BUS_BLUETOOTH;
646 input->id.vendor = req->vendor;
647 input->id.product = req->product;
648 input->id.version = req->version;
649
650 if (req->subclass & 0x40) {
651 set_bit(EV_KEY, input->evbit);
652 set_bit(EV_LED, input->evbit);
653 set_bit(EV_REP, input->evbit);
654
655 set_bit(LED_NUML, input->ledbit);
656 set_bit(LED_CAPSL, input->ledbit);
657 set_bit(LED_SCROLLL, input->ledbit);
658 set_bit(LED_COMPOSE, input->ledbit);
659 set_bit(LED_KANA, input->ledbit);
660
661 for (i = 0; i < sizeof(hidp_keycode); i++)
662 set_bit(hidp_keycode[i], input->keybit);
663 clear_bit(0, input->keybit);
664 }
665
666 if (req->subclass & 0x80) {
7b19ada2
JS		 667 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
668 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
669 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
670 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
671 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
672 BIT_MASK(BTN_EXTRA);
673 input->relbit[0] |= BIT_MASK(REL_WHEEL);
1da177e4
LT		 674 }
675
5205185d 676 input->dev.parent = &session->conn->hcon->dev;
0a85b964 677
1da177e4
LT		 678 input->event = hidp_input_event;
679
edad6388 680 return 0;
1da177e4
LT		 681}
682
f5ffd462
MH		 683static int hidp_open(struct hid_device *hid)
684{
685 return 0;
686}
687
688static void hidp_close(struct hid_device *hid)
689{
690}
691
c500c971
JS		 692static int hidp_parse(struct hid_device *hid)
693{
694 struct hidp_session *session = hid->driver_data;
c500c971 695
15c697ce
MP		 696 return hid_parse_report(session->hid, session->rd_data,
697 session->rd_size);
c500c971
JS		 698}
699
700static int hidp_start(struct hid_device *hid)
701{
702 struct hidp_session *session = hid->driver_data;
703 struct hid_report *report;
704
142c69c6
DH		 705 if (hid->quirks & HID_QUIRK_NO_INIT_REPORTS)
706 return 0;
707
c500c971
JS		 708 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
709 report_list, list)
710 hidp_send_report(session, report);
711
712 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
713 report_list, list)
714 hidp_send_report(session, report);
715
c500c971
JS		 716 return 0;
717}
718
719static void hidp_stop(struct hid_device *hid)
720{
721 struct hidp_session *session = hid->driver_data;
722
723 skb_queue_purge(&session->ctrl_transmit);
724 skb_queue_purge(&session->intr_transmit);
725
c500c971
JS		 726 hid->claimed = 0;
727}
728
729static struct hid_ll_driver hidp_hid_driver = {
730 .parse = hidp_parse,
731 .start = hidp_start,
732 .stop = hidp_stop,
733 .open = hidp_open,
734 .close = hidp_close,
735 .hidinput_input_event = hidp_hidinput_event,
736};
737
0f69dca2
AO		 738/* This function sets up the hid device. It does not add it
739 to the HID system. That is done in hidp_add_connection(). */
85cdaf52 740static int hidp_setup_hid(struct hidp_session *session,
91f5cca3 741 struct hidp_connadd_req *req)
e1aaadd4 742{
c500c971 743 struct hid_device *hid;
edad6388 744 int err;
e1aaadd4 745
15c697ce
MP		 746 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
747 if (!session->rd_data)
748 return -ENOMEM;
749
750 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
751 err = -EFAULT;
752 goto fault;
753 }
754 session->rd_size = req->rd_size;
755
c500c971 756 hid = hid_allocate_device();
15c697ce
MP		 757 if (IS_ERR(hid)) {
758 err = PTR_ERR(hid);
759 goto fault;
760 }
e1aaadd4 761
c500c971 762 session->hid = hid;
15c697ce 763
e1aaadd4
MH		 764 hid->driver_data = session;
765
e1aaadd4
MH		 766 hid->bus = BUS_BLUETOOTH;
767 hid->vendor = req->vendor;
768 hid->product = req->product;
769 hid->version = req->version;
c500c971 770 hid->country = req->country;
e1aaadd4 771
0a9ab9bd 772 strncpy(hid->name, req->name, sizeof(req->name) - 1);
fcb73338
AE		 773
774 snprintf(hid->phys, sizeof(hid->phys), "%pMR",
775 &bt_sk(session->ctrl_sock->sk)->src);
776
777 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
778 &bt_sk(session->ctrl_sock->sk)->dst);
e1aaadd4 779
5205185d 780 hid->dev.parent = &session->conn->hcon->dev;
c500c971 781 hid->ll_driver = &hidp_hid_driver;
85cdaf52 782
0ff1731a 783 hid->hid_get_raw_report = hidp_get_raw_report;
2da31939
JK		 784 hid->hid_output_raw_report = hidp_output_raw_report;
785
4529eefa
LS		 786 /* True if device is blacklisted in drivers/hid/hid-core.c */
787 if (hid_ignore(hid)) {
788 hid_destroy_device(session->hid);
789 session->hid = NULL;
790 return -ENODEV;
791 }
792
c500c971 793 return 0;
edad6388 794
15c697ce
MP		 795fault:
796 kfree(session->rd_data);
797 session->rd_data = NULL;
798
edad6388 799 return err;
e1aaadd4
MH		 800}
801
b4f34d8d
DH		 802/* initialize session devices */
803static int hidp_session_dev_init(struct hidp_session *session,
804 struct hidp_connadd_req *req)
805{
806 int ret;
807
808 if (req->rd_size > 0) {
809 ret = hidp_setup_hid(session, req);
810 if (ret && ret != -ENODEV)
811 return ret;
812 }
813
814 if (!session->hid) {
815 ret = hidp_setup_input(session, req);
816 if (ret < 0)
817 return ret;
818 }
819
820 return 0;
821}
822
823/* destroy session devices */
824static void hidp_session_dev_destroy(struct hidp_session *session)
825{
826 if (session->hid)
827 put_device(&session->hid->dev);
828 else if (session->input)
829 input_put_device(session->input);
830
831 kfree(session->rd_data);
832 session->rd_data = NULL;
833}
834
835/* add HID/input devices to their underlying bus systems */
836static int hidp_session_dev_add(struct hidp_session *session)
837{
838 int ret;
839
840 /* Both HID and input systems drop a ref-count when unregistering the
841 * device but they don't take a ref-count when registering them. Work
842 * around this by explicitly taking a refcount during registration
843 * which is dropped automatically by unregistering the devices. */
844
845 if (session->hid) {
846 ret = hid_add_device(session->hid);
847 if (ret)
848 return ret;
849 get_device(&session->hid->dev);
850 } else if (session->input) {
851 ret = input_register_device(session->input);
852 if (ret)
853 return ret;
854 input_get_device(session->input);
855 }
856
857 return 0;
858}
859
860/* remove HID/input devices from their bus systems */
861static void hidp_session_dev_del(struct hidp_session *session)
862{
863 if (session->hid)
864 hid_destroy_device(session->hid);
865 else if (session->input)
866 input_unregister_device(session->input);
867}
868
869/*
870 * Create new session object
871 * Allocate session object, initialize static fields, copy input data into the
872 * object and take a reference to all sub-objects.
873 * This returns 0 on success and puts a pointer to the new session object in
874 * \out. Otherwise, an error code is returned.
875 * The new session object has an initial ref-count of 1.
876 */
877static int hidp_session_new(struct hidp_session **out, const bdaddr_t *bdaddr,
878 struct socket *ctrl_sock,
879 struct socket *intr_sock,
880 struct hidp_connadd_req *req,
881 struct l2cap_conn *conn)
882{
883 struct hidp_session *session;
884 int ret;
885 struct bt_sock *ctrl, *intr;
886
887 ctrl = bt_sk(ctrl_sock->sk);
888 intr = bt_sk(intr_sock->sk);
889
890 session = kzalloc(sizeof(*session), GFP_KERNEL);
891 if (!session)
892 return -ENOMEM;
893
894 /* object and runtime management */
895 kref_init(&session->ref);
896 atomic_set(&session->state, HIDP_SESSION_IDLING);
897 init_waitqueue_head(&session->state_queue);
898 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
899
900 /* connection management */
901 bacpy(&session->bdaddr, bdaddr);
902 session->conn = conn;
903 session->user.probe = hidp_session_probe;
904 session->user.remove = hidp_session_remove;
905 session->ctrl_sock = ctrl_sock;
906 session->intr_sock = intr_sock;
907 skb_queue_head_init(&session->ctrl_transmit);
908 skb_queue_head_init(&session->intr_transmit);
909 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl)->chan->omtu,
910 l2cap_pi(ctrl)->chan->imtu);
911 session->intr_mtu = min_t(uint, l2cap_pi(intr)->chan->omtu,
912 l2cap_pi(intr)->chan->imtu);
913 session->idle_to = req->idle_to;
914
915 /* device management */
916 setup_timer(&session->timer, hidp_idle_timeout,
917 (unsigned long)session);
918
919 /* session data */
920 mutex_init(&session->report_mutex);
921 init_waitqueue_head(&session->report_queue);
922
923 ret = hidp_session_dev_init(session, req);
924 if (ret)
925 goto err_free;
926
927 l2cap_conn_get(session->conn);
928 get_file(session->intr_sock->file);
929 get_file(session->ctrl_sock->file);
930 *out = session;
931 return 0;
932
933err_free:
934 kfree(session);
935 return ret;
936}
937
938/* increase ref-count of the given session by one */
939static void hidp_session_get(struct hidp_session *session)
940{
941 kref_get(&session->ref);
942}
943
944/* release callback */
945static void session_free(struct kref *ref)
946{
947 struct hidp_session *session = container_of(ref, struct hidp_session,
948 ref);
949
950 hidp_session_dev_destroy(session);
951 skb_queue_purge(&session->ctrl_transmit);
952 skb_queue_purge(&session->intr_transmit);
953 fput(session->intr_sock->file);
954 fput(session->ctrl_sock->file);
955 l2cap_conn_put(session->conn);
956 kfree(session);
957}
958
959/* decrease ref-count of the given session by one */
960static void hidp_session_put(struct hidp_session *session)
961{
962 kref_put(&session->ref, session_free);
963}
964
965/*
966 * Search the list of active sessions for a session with target address
967 * \bdaddr. You must hold at least a read-lock on \hidp_session_sem. As long as
968 * you do not release this lock, the session objects cannot vanish and you can
969 * safely take a reference to the session yourself.
970 */
971static struct hidp_session *__hidp_session_find(const bdaddr_t *bdaddr)
972{
973 struct hidp_session *session;
974
975 list_for_each_entry(session, &hidp_session_list, list) {
976 if (!bacmp(bdaddr, &session->bdaddr))
977 return session;
978 }
979
980 return NULL;
981}
982
983/*
984 * Same as __hidp_session_find() but no locks must be held. This also takes a
985 * reference of the returned session (if non-NULL) so you must drop this
986 * reference if you no longer use the object.
987 */
988static struct hidp_session *hidp_session_find(const bdaddr_t *bdaddr)
989{
990 struct hidp_session *session;
991
992 down_read(&hidp_session_sem);
993
994 session = __hidp_session_find(bdaddr);
995 if (session)
996 hidp_session_get(session);
997
998 up_read(&hidp_session_sem);
999
1000 return session;
1001}
1002
1003/*
1004 * Start session synchronously
1005 * This starts a session thread and waits until initialization
1006 * is done or returns an error if it couldn't be started.
1007 * If this returns 0 the session thread is up and running. You must call
1008 * hipd_session_stop_sync() before deleting any runtime resources.
1009 */
1010static int hidp_session_start_sync(struct hidp_session *session)
1011{
1012 unsigned int vendor, product;
1013
1014 if (session->hid) {
1015 vendor = session->hid->vendor;
1016 product = session->hid->product;
1017 } else if (session->input) {
1018 vendor = session->input->id.vendor;
1019 product = session->input->id.product;
1020 } else {
1021 vendor = 0x0000;
1022 product = 0x0000;
1023 }
1024
1025 session->task = kthread_run(hidp_session_thread, session,
1026 "khidpd_%04x%04x", vendor, product);
1027 if (IS_ERR(session->task))
1028 return PTR_ERR(session->task);
1029
1030 while (atomic_read(&session->state) <= HIDP_SESSION_IDLING)
1031 wait_event(session->state_queue,
1032 atomic_read(&session->state) > HIDP_SESSION_IDLING);
1033
1034 return 0;
1035}
1036
1037/*
1038 * Terminate session thread
1039 * Wake up session thread and notify it to stop. This is asynchronous and
1040 * returns immediately. Call this whenever a runtime error occurs and you want
1041 * the session to stop.
1042 * Note: wake_up_process() performs any necessary memory-barriers for us.
1043 */
1044static void hidp_session_terminate(struct hidp_session *session)
1045{
1046 atomic_inc(&session->terminate);
1047 wake_up_process(session->task);
1048}
1049
1050/*
1051 * Probe HIDP session
1052 * This is called from the l2cap_conn core when our l2cap_user object is bound
1053 * to the hci-connection. We get the session via the \user object and can now
1054 * start the session thread, register the HID/input devices and link it into
1055 * the global session list.
1056 * The global session-list owns its own reference to the session object so you
1057 * can drop your own reference after registering the l2cap_user object.
1058 */
1059static int hidp_session_probe(struct l2cap_conn *conn,
1060 struct l2cap_user *user)
1061{
1062 struct hidp_session *session = container_of(user,
1063 struct hidp_session,
1064 user);
1065 struct hidp_session *s;
1066 int ret;
1067
1068 down_write(&hidp_session_sem);
1069
1070 /* check that no other session for this device exists */
1071 s = __hidp_session_find(&session->bdaddr);
1072 if (s) {
1073 ret = -EEXIST;
1074 goto out_unlock;
1075 }
1076
1077 ret = hidp_session_start_sync(session);
1078 if (ret)
1079 goto out_unlock;
1080
1081 ret = hidp_session_dev_add(session);
1082 if (ret)
1083 goto out_stop;
1084
1085 hidp_session_get(session);
1086 list_add(&session->list, &hidp_session_list);
1087 ret = 0;
1088 goto out_unlock;
1089
1090out_stop:
1091 hidp_session_terminate(session);
1092out_unlock:
1093 up_write(&hidp_session_sem);
1094 return ret;
1095}
1096
1097/*
1098 * Remove HIDP session
1099 * Called from the l2cap_conn core when either we explicitly unregistered
1100 * the l2cap_user object or if the underlying connection is shut down.
1101 * We signal the hidp-session thread to shut down, unregister the HID/input
1102 * devices and unlink the session from the global list.
1103 * This drops the reference to the session that is owned by the global
1104 * session-list.
1105 * Note: We _must_ not synchronosly wait for the session-thread to shut down.
1106 * This is, because the session-thread might be waiting for an HCI lock that is
1107 * held while we are called. Therefore, we only unregister the devices and
1108 * notify the session-thread to terminate. The thread itself owns a reference
1109 * to the session object so it can safely shut down.
1110 */
1111static void hidp_session_remove(struct l2cap_conn *conn,
1112 struct l2cap_user *user)
1113{
1114 struct hidp_session *session = container_of(user,
1115 struct hidp_session,
1116 user);
1117
1118 down_write(&hidp_session_sem);
1119
1120 hidp_session_terminate(session);
1121 hidp_session_dev_del(session);
1122 list_del(&session->list);
1123
1124 up_write(&hidp_session_sem);
1125
1126 hidp_session_put(session);
1127}
1128
1129/*
1130 * Session Worker
1131 * This performs the actual main-loop of the HIDP worker. We first check
1132 * whether the underlying connection is still alive, then parse all pending
1133 * messages and finally send all outstanding messages.
1134 */
1135static void hidp_session_run(struct hidp_session *session)
1136{
1137 struct sock *ctrl_sk = session->ctrl_sock->sk;
1138 struct sock *intr_sk = session->intr_sock->sk;
1139 struct sk_buff *skb;
1140
1141 for (;;) {
1142 /*
1143 * This thread can be woken up two ways:
1144 * - You call hidp_session_terminate() which sets the
1145 * session->terminate flag and wakes this thread up.
1146 * - Via modifying the socket state of ctrl/intr_sock. This
1147 * thread is woken up by ->sk_state_changed().
1148 *
1149 * Note: set_current_state() performs any necessary
1150 * memory-barriers for us.
1151 */
1152 set_current_state(TASK_INTERRUPTIBLE);
1153
1154 if (atomic_read(&session->terminate))
1155 break;
1156
1157 if (ctrl_sk->sk_state != BT_CONNECTED ||
1158 intr_sk->sk_state != BT_CONNECTED)
1159 break;
1160
1161 /* parse incoming intr-skbs */
1162 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
1163 skb_orphan(skb);
1164 if (!skb_linearize(skb))
1165 hidp_recv_intr_frame(session, skb);
1166 else
1167 kfree_skb(skb);
1168 }
1169
1170 /* send pending intr-skbs */
7350e6cf
DH		 1171 hidp_process_transmit(session, &session->intr_transmit,
1172 session->intr_sock);
b4f34d8d
DH		 1173
1174 /* parse incoming ctrl-skbs */
1175 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
1176 skb_orphan(skb);
1177 if (!skb_linearize(skb))
1178 hidp_recv_ctrl_frame(session, skb);
1179 else
1180 kfree_skb(skb);
1181 }
1182
1183 /* send pending ctrl-skbs */
7350e6cf
DH		 1184 hidp_process_transmit(session, &session->ctrl_transmit,
1185 session->ctrl_sock);
b4f34d8d
DH		 1186
1187 schedule();
1188 }
1189
1190 atomic_inc(&session->terminate);
1191 set_current_state(TASK_RUNNING);
1192}
1193
1194/*
1195 * HIDP session thread
1196 * This thread runs the I/O for a single HIDP session. Startup is synchronous
1197 * which allows us to take references to ourself here instead of doing that in
1198 * the caller.
1199 * When we are ready to run we notify the caller and call hidp_session_run().
1200 */
1201static int hidp_session_thread(void *arg)
1202{
1203 struct hidp_session *session = arg;
1204 wait_queue_t ctrl_wait, intr_wait;
1205
1206 BT_DBG("session %p", session);
1207
1208 /* initialize runtime environment */
1209 hidp_session_get(session);
1210 __module_get(THIS_MODULE);
1211 set_user_nice(current, -15);
1212 hidp_set_timer(session);
1213
1214 init_waitqueue_entry(&ctrl_wait, current);
1215 init_waitqueue_entry(&intr_wait, current);
1216 add_wait_queue(sk_sleep(session->ctrl_sock->sk), &ctrl_wait);
1217 add_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1218 /* This memory barrier is paired with wq_has_sleeper(). See
1219 * sock_poll_wait() for more information why this is needed. */
1220 smp_mb();
1221
1222 /* notify synchronous startup that we're ready */
1223 atomic_inc(&session->state);
1224 wake_up(&session->state_queue);
1225
1226 /* run session */
1227 hidp_session_run(session);
1228
1229 /* cleanup runtime environment */
1230 remove_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1231 remove_wait_queue(sk_sleep(session->intr_sock->sk), &ctrl_wait);
1232 wake_up_interruptible(&session->report_queue);
1233 hidp_del_timer(session);
1234
1235 /*
1236 * If we stopped ourself due to any internal signal, we should try to
1237 * unregister our own session here to avoid having it linger until the
1238 * parent l2cap_conn dies or user-space cleans it up.
1239 * This does not deadlock as we don't do any synchronous shutdown.
1240 * Instead, this call has the same semantics as if user-space tried to
1241 * delete the session.
1242 */
1243 l2cap_unregister_user(session->conn, &session->user);
1244 hidp_session_put(session);
1245
1246 module_put_and_exit(0);
1247 return 0;
1248}
1249
1250static int hidp_verify_sockets(struct socket *ctrl_sock,
1251 struct socket *intr_sock)
1252{
1253 struct bt_sock *ctrl, *intr;
1254 struct hidp_session *session;
1255
1256 if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock))
1257 return -EINVAL;
1258
1259 ctrl = bt_sk(ctrl_sock->sk);
1260 intr = bt_sk(intr_sock->sk);
1261
1262 if (bacmp(&ctrl->src, &intr->src) || bacmp(&ctrl->dst, &intr->dst))
1263 return -ENOTUNIQ;
1264 if (ctrl->sk.sk_state != BT_CONNECTED ||
1265 intr->sk.sk_state != BT_CONNECTED)
1266 return -EBADFD;
1267
1268 /* early session check, we check again during session registration */
1269 session = hidp_session_find(&ctrl->dst);
1270 if (session) {
1271 hidp_session_put(session);
1272 return -EEXIST;
1273 }
1274
1275 return 0;
1276}
1277
1278int hidp_connection_add(struct hidp_connadd_req *req,
1279 struct socket *ctrl_sock,
1280 struct socket *intr_sock)
1281{
1282 struct hidp_session *session;
1283 struct l2cap_conn *conn;
1284 struct l2cap_chan *chan = l2cap_pi(ctrl_sock->sk)->chan;
1285 int ret;
1286
1287 ret = hidp_verify_sockets(ctrl_sock, intr_sock);
1288 if (ret)
1289 return ret;
1290
1291 conn = NULL;
1292 l2cap_chan_lock(chan);
1293 if (chan->conn) {
1294 l2cap_conn_get(chan->conn);
1295 conn = chan->conn;
1296 }
1297 l2cap_chan_unlock(chan);
1298
1299 if (!conn)
1300 return -EBADFD;
1301
1302 ret = hidp_session_new(&session, &bt_sk(ctrl_sock->sk)->dst, ctrl_sock,
1303 intr_sock, req, conn);
1304 if (ret)
1305 goto out_conn;
1306
1307 ret = l2cap_register_user(conn, &session->user);
1308 if (ret)
1309 goto out_session;
1310
1311 ret = 0;
1312
1313out_session:
1314 hidp_session_put(session);
1315out_conn:
1316 l2cap_conn_put(conn);
1317 return ret;
1318}
1319
1320int hidp_connection_del(struct hidp_conndel_req *req)
1321{
1322 struct hidp_session *session;
1323
1324 session = hidp_session_find(&req->bdaddr);
1325 if (!session)
1326 return -ENOENT;
1327
1328 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG))
1329 hidp_send_ctrl_message(session,
1330 HIDP_TRANS_HID_CONTROL |
1331 HIDP_CTRL_VIRTUAL_CABLE_UNPLUG,
1332 NULL, 0);
1333 else
1334 l2cap_unregister_user(session->conn, &session->user);
1335
1336 hidp_session_put(session);
1337
1338 return 0;
1339}
1340
1da177e4
LT		 1341int hidp_get_connlist(struct hidp_connlist_req *req)
1342{
cd11cdd2 1343 struct hidp_session *session;
1da177e4
LT		 1344 int err = 0, n = 0;
1345
1346 BT_DBG("");
1347
1348 down_read(&hidp_session_sem);
1349
cd11cdd2 1350 list_for_each_entry(session, &hidp_session_list, list) {
1da177e4
LT		 1351 struct hidp_conninfo ci;
1352
5205185d 1353 hidp_copy_session(session, &ci);
1da177e4
LT		 1354
1355 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1356 err = -EFAULT;
1357 break;
1358 }
1359
1360 if (++n >= req->cnum)
1361 break;
1362
1363 req->ci++;
1364 }
1365 req->cnum = n;
1366
1367 up_read(&hidp_session_sem);
1368 return err;
1369}
1370
1371int hidp_get_conninfo(struct hidp_conninfo *ci)
1372{
1373 struct hidp_session *session;
1da177e4 1374
5205185d
DH		 1375 session = hidp_session_find(&ci->bdaddr);
1376 if (session) {
1377 hidp_copy_session(session, ci);
1378 hidp_session_put(session);
1379 }
1da177e4 1380
5205185d 1381 return session ? 0 : -ENOENT;
1da177e4
LT		 1382}
1383
1384static int __init hidp_init(void)
1385{
1da177e4
LT		 1386 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1387
8215d557 1388 return hidp_init_sockets();
1da177e4
LT		 1389}
1390
1391static void __exit hidp_exit(void)
1392{
1393 hidp_cleanup_sockets();
1394}
1395
1396module_init(hidp_init);
1397module_exit(hidp_exit);
1398
1399MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
b4f34d8d 1400MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>");
1da177e4
LT		 1401MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1402MODULE_VERSION(VERSION);
1403MODULE_LICENSE("GPL");
1404MODULE_ALIAS("bt-proto-6");
ubuntu-zesty-kernel mirror