]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - net/bluetooth/hidp/core.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: hidp: merge hidp_process_{ctrl,intr}_transmit()
[mirror_ubuntu-artful-kernel.git] / net / bluetooth / hidp / core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
b4f34d8d 4 Copyright (C) 2013 David Herrmann <dh.herrmann@gmail.com>
1da177e4
LT		 5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
8e87d142
YH		 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 21 SOFTWARE IS DISCLAIMED.
22*/
23
b4f34d8d 24#include <linux/kref.h>
1da177e4 25#include <linux/module.h>
1da177e4 26#include <linux/file.h>
aabf6f89 27#include <linux/kthread.h>
364f6351 28#include <linux/hidraw.h>
1da177e4
LT		 29
30#include <net/bluetooth/bluetooth.h>
0a85b964 31#include <net/bluetooth/hci_core.h>
1da177e4
LT		 32#include <net/bluetooth/l2cap.h>
33
34#include "hidp.h"
35
e1aaadd4 36#define VERSION "1.2"
1da177e4
LT		 37
38static DECLARE_RWSEM(hidp_session_sem);
39static LIST_HEAD(hidp_session_list);
40
41static unsigned char hidp_keycode[256] = {
17f09a7e
SJ		 42 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36,
43 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45,
44 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1,
45 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52,
46 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88,
47 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69,
48 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73,
49 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
50 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
51 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94,
52 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0,
53 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
54 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
55 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
56 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
57 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
58 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115,
59 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
1da177e4
LT		 60};
61
62static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
63
b4f34d8d
DH		 64static int hidp_session_probe(struct l2cap_conn *conn,
65 struct l2cap_user *user);
66static void hidp_session_remove(struct l2cap_conn *conn,
67 struct l2cap_user *user);
68static int hidp_session_thread(void *arg);
69static void hidp_session_terminate(struct hidp_session *s);
70
3764eaa9
DH		 71static inline void hidp_schedule(struct hidp_session *session)
72{
73 struct sock *ctrl_sk = session->ctrl_sock->sk;
74 struct sock *intr_sk = session->intr_sock->sk;
75
76 wake_up_interruptible(sk_sleep(ctrl_sk));
77 wake_up_interruptible(sk_sleep(intr_sk));
78}
79
5205185d 80static void hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
1da177e4 81{
d31dbf6e 82 memset(ci, 0, sizeof(*ci));
1da177e4
LT		 83 bacpy(&ci->bdaddr, &session->bdaddr);
84
85 ci->flags = session->flags;
dcc07647 86 ci->state = BT_CONNECTED;
1da177e4
LT		 87
88 ci->vendor = 0x0000;
89 ci->product = 0x0000;
90 ci->version = 0x0000;
1da177e4
LT		 91
92 if (session->input) {
93 ci->vendor = session->input->id.vendor;
94 ci->product = session->input->id.product;
95 ci->version = session->input->id.version;
96 if (session->input->name)
97 strncpy(ci->name, session->input->name, 128);
98 else
99 strncpy(ci->name, "HID Boot Device", 128);
100 }
e1aaadd4
MH		 101
102 if (session->hid) {
103 ci->vendor = session->hid->vendor;
104 ci->product = session->hid->product;
105 ci->version = session->hid->version;
106 strncpy(ci->name, session->hid->name, 128);
107 }
1da177e4
LT		 108}
109
91f5cca3
AM		 110static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
111 unsigned int type, unsigned int code, int value)
1da177e4 112{
1da177e4 113 unsigned char newleds;
e1aaadd4 114 struct sk_buff *skb;
1da177e4 115
e1aaadd4 116 BT_DBG("session %p type %d code %d value %d", session, type, code, value);
1da177e4
LT		 117
118 if (type != EV_LED)
119 return -1;
120
121 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
122 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
123 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
124 (!!test_bit(LED_CAPSL, dev->led) << 1) |
125 (!!test_bit(LED_NUML, dev->led));
126
127 if (session->leds == newleds)
128 return 0;
129
130 session->leds = newleds;
131
5a08ecce
AE		 132 skb = alloc_skb(3, GFP_ATOMIC);
133 if (!skb) {
1da177e4
LT		 134 BT_ERR("Can't allocate memory for new frame");
135 return -ENOMEM;
136 }
137
138 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
139 *skb_put(skb, 1) = 0x01;
140 *skb_put(skb, 1) = newleds;
141
142 skb_queue_tail(&session->intr_transmit, skb);
143
144 hidp_schedule(session);
145
146 return 0;
147}
148
e1aaadd4
MH		 149static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
150{
5be39466 151 struct hid_device *hid = input_get_drvdata(dev);
e1aaadd4
MH		 152 struct hidp_session *session = hid->driver_data;
153
154 return hidp_queue_event(session, dev, type, code, value);
155}
156
157static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
158{
5be39466 159 struct hidp_session *session = input_get_drvdata(dev);
e1aaadd4
MH		 160
161 return hidp_queue_event(session, dev, type, code, value);
162}
163
1da177e4
LT		 164static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
165{
166 struct input_dev *dev = session->input;
167 unsigned char *keys = session->keys;
168 unsigned char *udata = skb->data + 1;
169 signed char *sdata = skb->data + 1;
170 int i, size = skb->len - 1;
171
172 switch (skb->data[0]) {
173 case 0x01: /* Keyboard report */
174 for (i = 0; i < 8; i++)
175 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
176
177 /* If all the key codes have been set to 0x01, it means
178 * too many keys were pressed at the same time. */
179 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
180 break;
181
182 for (i = 2; i < 8; i++) {
183 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
184 if (hidp_keycode[keys[i]])
185 input_report_key(dev, hidp_keycode[keys[i]], 0);
186 else
187 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
188 }
189
190 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
191 if (hidp_keycode[udata[i]])
192 input_report_key(dev, hidp_keycode[udata[i]], 1);
193 else
194 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
195 }
196 }
197
198 memcpy(keys, udata, 8);
199 break;
200
201 case 0x02: /* Mouse report */
202 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
203 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
204 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
205 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
206 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
207
208 input_report_rel(dev, REL_X, sdata[1]);
209 input_report_rel(dev, REL_Y, sdata[2]);
210
211 if (size > 3)
212 input_report_rel(dev, REL_WHEEL, sdata[3]);
213 break;
214 }
215
216 input_sync(dev);
217}
218
6bf8268f 219static int __hidp_send_ctrl_message(struct hidp_session *session,
1d0c4da8
GP		 220 unsigned char hdr, unsigned char *data,
221 int size)
6bf8268f
BN		 222{
223 struct sk_buff *skb;
224
225 BT_DBG("session %p data %p size %d", session, data, size);
226
794d1756
DH		 227 if (atomic_read(&session->terminate))
228 return -EIO;
229
5a08ecce
AE		 230 skb = alloc_skb(size + 1, GFP_ATOMIC);
231 if (!skb) {
6bf8268f
BN		 232 BT_ERR("Can't allocate memory for new frame");
233 return -ENOMEM;
234 }
235
236 *skb_put(skb, 1) = hdr;
237 if (data && size > 0)
238 memcpy(skb_put(skb, size), data, size);
239
240 skb_queue_tail(&session->ctrl_transmit, skb);
241
242 return 0;
243}
244
6039aa73 245static int hidp_send_ctrl_message(struct hidp_session *session,
6bf8268f
BN		 246 unsigned char hdr, unsigned char *data, int size)
247{
248 int err;
249
250 err = __hidp_send_ctrl_message(session, hdr, data, size);
251
252 hidp_schedule(session);
253
254 return err;
255}
256
91f5cca3
AM		 257static int hidp_queue_report(struct hidp_session *session,
258 unsigned char *data, int size)
e1aaadd4
MH		 259{
260 struct sk_buff *skb;
261
6792b5ec 262 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
e1aaadd4 263
5a08ecce
AE		 264 skb = alloc_skb(size + 1, GFP_ATOMIC);
265 if (!skb) {
e1aaadd4
MH		 266 BT_ERR("Can't allocate memory for new frame");
267 return -ENOMEM;
268 }
269
270 *skb_put(skb, 1) = 0xa2;
271 if (size > 0)
272 memcpy(skb_put(skb, size), data, size);
273
274 skb_queue_tail(&session->intr_transmit, skb);
275
276 hidp_schedule(session);
277
278 return 0;
279}
280
281static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
282{
283 unsigned char buf[32];
284 int rsize;
285
286 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
287 if (rsize > sizeof(buf))
288 return -EIO;
289
290 hid_output_report(report, buf);
291
292 return hidp_queue_report(session, buf, rsize);
293}
294
0ff1731a
AO		 295static int hidp_get_raw_report(struct hid_device *hid,
296 unsigned char report_number,
297 unsigned char *data, size_t count,
298 unsigned char report_type)
299{
300 struct hidp_session *session = hid->driver_data;
301 struct sk_buff *skb;
302 size_t len;
303 int numbered_reports = hid->report_enum[report_type].numbered;
794d1756 304 int ret;
0ff1731a 305
fd86c9be
KR		 306 if (atomic_read(&session->terminate))
307 return -EIO;
308
0ff1731a
AO		 309 switch (report_type) {
310 case HID_FEATURE_REPORT:
311 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
312 break;
313 case HID_INPUT_REPORT:
314 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
315 break;
316 case HID_OUTPUT_REPORT:
317 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
318 break;
319 default:
320 return -EINVAL;
321 }
322
323 if (mutex_lock_interruptible(&session->report_mutex))
324 return -ERESTARTSYS;
325
326 /* Set up our wait, and send the report request to the device. */
327 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
328 session->waiting_report_number = numbered_reports ? report_number : -1;
329 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
330 data[0] = report_number;
794d1756
DH		 331 ret = hidp_send_ctrl_message(hid->driver_data, report_type, data, 1);
332 if (ret)
333 goto err;
0ff1731a
AO		 334
335 /* Wait for the return of the report. The returned report
336 gets put in session->report_return. */
e3492dc3
DH		 337 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
338 !atomic_read(&session->terminate)) {
0ff1731a
AO		 339 int res;
340
341 res = wait_event_interruptible_timeout(session->report_queue,
e3492dc3
DH		 342 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)
343 || atomic_read(&session->terminate),
0ff1731a
AO		 344 5*HZ);
345 if (res == 0) {
346 /* timeout */
794d1756
DH		 347 ret = -EIO;
348 goto err;
0ff1731a
AO		 349 }
350 if (res < 0) {
351 /* signal */
794d1756
DH		 352 ret = -ERESTARTSYS;
353 goto err;
0ff1731a
AO		 354 }
355 }
356
357 skb = session->report_return;
358 if (skb) {
359 len = skb->len < count ? skb->len : count;
360 memcpy(data, skb->data, len);
361
362 kfree_skb(skb);
363 session->report_return = NULL;
364 } else {
365 /* Device returned a HANDSHAKE, indicating protocol error. */
366 len = -EIO;
367 }
368
369 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
370 mutex_unlock(&session->report_mutex);
371
372 return len;
373
794d1756 374err:
0ff1731a
AO		 375 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
376 mutex_unlock(&session->report_mutex);
794d1756 377 return ret;
0ff1731a
AO		 378}
379
d4bfa033
JK		 380static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
381 unsigned char report_type)
2da31939 382{
0825411a
AO		 383 struct hidp_session *session = hid->driver_data;
384 int ret;
385
d4bfa033
JK		 386 switch (report_type) {
387 case HID_FEATURE_REPORT:
388 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
389 break;
390 case HID_OUTPUT_REPORT:
97e1efbb 391 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT;
d4bfa033
JK		 392 break;
393 default:
394 return -EINVAL;
395 }
396
0825411a
AO		 397 if (mutex_lock_interruptible(&session->report_mutex))
398 return -ERESTARTSYS;
399
400 /* Set up our wait, and send the report request to the device. */
401 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
794d1756
DH		 402 ret = hidp_send_ctrl_message(hid->driver_data, report_type, data,
403 count);
404 if (ret)
0825411a 405 goto err;
0825411a
AO		 406
407 /* Wait for the ACK from the device. */
e3492dc3
DH		 408 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) &&
409 !atomic_read(&session->terminate)) {
0825411a
AO		 410 int res;
411
412 res = wait_event_interruptible_timeout(session->report_queue,
e3492dc3
DH		 413 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)
414 || atomic_read(&session->terminate),
0825411a
AO		 415 10*HZ);
416 if (res == 0) {
417 /* timeout */
418 ret = -EIO;
419 goto err;
420 }
421 if (res < 0) {
422 /* signal */
423 ret = -ERESTARTSYS;
424 goto err;
425 }
426 }
427
428 if (!session->output_report_success) {
429 ret = -EIO;
430 goto err;
431 }
432
433 ret = count;
434
435err:
436 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
437 mutex_unlock(&session->report_mutex);
438 return ret;
2da31939
JK		 439}
440
1da177e4
LT		 441static void hidp_idle_timeout(unsigned long arg)
442{
443 struct hidp_session *session = (struct hidp_session *) arg;
444
5205185d 445 hidp_session_terminate(session);
1da177e4
LT		 446}
447
91f5cca3 448static void hidp_set_timer(struct hidp_session *session)
1da177e4
LT		 449{
450 if (session->idle_to > 0)
451 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
452}
453
6039aa73 454static void hidp_del_timer(struct hidp_session *session)
1da177e4
LT		 455{
456 if (session->idle_to > 0)
457 del_timer(&session->timer);
458}
459
91f5cca3
AM		 460static void hidp_process_handshake(struct hidp_session *session,
461 unsigned char param)
1da177e4
LT		 462{
463 BT_DBG("session %p param 0x%02x", session, param);
0825411a 464 session->output_report_success = 0; /* default condition */
1da177e4
LT		 465
466 switch (param) {
467 case HIDP_HSHK_SUCCESSFUL:
468 /* FIXME: Call into SET_ GET_ handlers here */
0825411a 469 session->output_report_success = 1;
1da177e4
LT		 470 break;
471
472 case HIDP_HSHK_NOT_READY:
473 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
474 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
475 case HIDP_HSHK_ERR_INVALID_PARAMETER:
ab88f714 476 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags))
0ff1731a 477 wake_up_interruptible(&session->report_queue);
ab88f714 478
1da177e4
LT		 479 /* FIXME: Call into SET_ GET_ handlers here */
480 break;
481
482 case HIDP_HSHK_ERR_UNKNOWN:
483 break;
484
485 case HIDP_HSHK_ERR_FATAL:
486 /* Device requests a reboot, as this is the only way this error
8e87d142 487 * can be recovered. */
1da177e4
LT		 488 __hidp_send_ctrl_message(session,
489 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
490 break;
491
492 default:
493 __hidp_send_ctrl_message(session,
494 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
495 break;
496 }
0825411a
AO		 497
498 /* Wake up the waiting thread. */
ab88f714 499 if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags))
0825411a 500 wake_up_interruptible(&session->report_queue);
1da177e4
LT		 501}
502
91f5cca3
AM		 503static void hidp_process_hid_control(struct hidp_session *session,
504 unsigned char param)
1da177e4
LT		 505{
506 BT_DBG("session %p param 0x%02x", session, param);
507
eff001e3 508 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
1da177e4
LT		 509 /* Flush the transmit queues */
510 skb_queue_purge(&session->ctrl_transmit);
511 skb_queue_purge(&session->intr_transmit);
512
5205185d 513 hidp_session_terminate(session);
1da177e4
LT		 514 }
515}
516
0ff1731a
AO		 517/* Returns true if the passed-in skb should be freed by the caller. */
518static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
91f5cca3 519 unsigned char param)
1da177e4 520{
0ff1731a 521 int done_with_skb = 1;
1da177e4
LT		 522 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
523
524 switch (param) {
525 case HIDP_DATA_RTYPE_INPUT:
526 hidp_set_timer(session);
527
528 if (session->input)
529 hidp_input_report(session, skb);
e1aaadd4
MH		 530
531 if (session->hid)
532 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
1da177e4
LT		 533 break;
534
535 case HIDP_DATA_RTYPE_OTHER:
536 case HIDP_DATA_RTYPE_OUPUT:
537 case HIDP_DATA_RTYPE_FEATURE:
538 break;
539
540 default:
541 __hidp_send_ctrl_message(session,
542 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
543 }
0ff1731a
AO		 544
545 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
546 param == session->waiting_report_type) {
547 if (session->waiting_report_number < 0 ||
548 session->waiting_report_number == skb->data[0]) {
549 /* hidp_get_raw_report() is waiting on this report. */
550 session->report_return = skb;
551 done_with_skb = 0;
552 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
553 wake_up_interruptible(&session->report_queue);
554 }
555 }
556
557 return done_with_skb;
1da177e4
LT		 558}
559
91f5cca3
AM		 560static void hidp_recv_ctrl_frame(struct hidp_session *session,
561 struct sk_buff *skb)
1da177e4
LT		 562{
563 unsigned char hdr, type, param;
0ff1731a 564 int free_skb = 1;
1da177e4
LT		 565
566 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
567
568 hdr = skb->data[0];
569 skb_pull(skb, 1);
570
571 type = hdr & HIDP_HEADER_TRANS_MASK;
572 param = hdr & HIDP_HEADER_PARAM_MASK;
573
574 switch (type) {
575 case HIDP_TRANS_HANDSHAKE:
576 hidp_process_handshake(session, param);
577 break;
578
579 case HIDP_TRANS_HID_CONTROL:
580 hidp_process_hid_control(session, param);
581 break;
582
583 case HIDP_TRANS_DATA:
0ff1731a 584 free_skb = hidp_process_data(session, skb, param);
1da177e4
LT		 585 break;
586
587 default:
588 __hidp_send_ctrl_message(session,
589 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
590 break;
591 }
592
0ff1731a
AO		 593 if (free_skb)
594 kfree_skb(skb);
1da177e4
LT		 595}
596
91f5cca3
AM		 597static void hidp_recv_intr_frame(struct hidp_session *session,
598 struct sk_buff *skb)
1da177e4
LT		 599{
600 unsigned char hdr;
601
602 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
603
604 hdr = skb->data[0];
605 skb_pull(skb, 1);
606
607 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
608 hidp_set_timer(session);
e1aaadd4 609
1da177e4
LT		 610 if (session->input)
611 hidp_input_report(session, skb);
e1aaadd4
MH		 612
613 if (session->hid) {
614 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
615 BT_DBG("report len %d", skb->len);
616 }
1da177e4
LT		 617 } else {
618 BT_DBG("Unsupported protocol header 0x%02x", hdr);
619 }
620
621 kfree_skb(skb);
622}
623
624static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
625{
626 struct kvec iv = { data, len };
627 struct msghdr msg;
628
629 BT_DBG("sock %p data %p len %d", sock, data, len);
630
631 if (!len)
632 return 0;
633
634 memset(&msg, 0, sizeof(msg));
635
636 return kernel_sendmsg(sock, &msg, &iv, 1, len);
637}
638
7350e6cf
DH		 639/* dequeue message from @transmit and send via @sock */
640static void hidp_process_transmit(struct hidp_session *session,
641 struct sk_buff_head *transmit,
642 struct socket *sock)
1da177e4
LT		 643{
644 struct sk_buff *skb;
2df01200 645 int ret;
1da177e4
LT		 646
647 BT_DBG("session %p", session);
648
7350e6cf
DH		 649 while ((skb = skb_dequeue(transmit))) {
650 ret = hidp_send_frame(sock, skb->data, skb->len);
2df01200 651 if (ret == -EAGAIN) {
7350e6cf 652 skb_queue_head(transmit, skb);
1da177e4 653 break;
2df01200
DH		 654 } else if (ret < 0) {
655 hidp_session_terminate(session);
656 kfree_skb(skb);
657 break;
1da177e4
LT		 658 }
659
660 hidp_set_timer(session);
661 kfree_skb(skb);
662 }
1da177e4
LT		 663}
664
91f5cca3
AM		 665static int hidp_setup_input(struct hidp_session *session,
666 struct hidp_connadd_req *req)
1da177e4 667{
c500c971 668 struct input_dev *input;
3415a5fd 669 int i;
1da177e4 670
c500c971
JS		 671 input = input_allocate_device();
672 if (!input)
673 return -ENOMEM;
674
675 session->input = input;
676
5be39466 677 input_set_drvdata(input, session);
1da177e4 678
34abf91f
DT		 679 input->name = "Bluetooth HID Boot Protocol Device";
680
1da177e4
LT		 681 input->id.bustype = BUS_BLUETOOTH;
682 input->id.vendor = req->vendor;
683 input->id.product = req->product;
684 input->id.version = req->version;
685
686 if (req->subclass & 0x40) {
687 set_bit(EV_KEY, input->evbit);
688 set_bit(EV_LED, input->evbit);
689 set_bit(EV_REP, input->evbit);
690
691 set_bit(LED_NUML, input->ledbit);
692 set_bit(LED_CAPSL, input->ledbit);
693 set_bit(LED_SCROLLL, input->ledbit);
694 set_bit(LED_COMPOSE, input->ledbit);
695 set_bit(LED_KANA, input->ledbit);
696
697 for (i = 0; i < sizeof(hidp_keycode); i++)
698 set_bit(hidp_keycode[i], input->keybit);
699 clear_bit(0, input->keybit);
700 }
701
702 if (req->subclass & 0x80) {
7b19ada2
JS		 703 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
704 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
705 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
706 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
707 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
708 BIT_MASK(BTN_EXTRA);
709 input->relbit[0] |= BIT_MASK(REL_WHEEL);
1da177e4
LT		 710 }
711
5205185d 712 input->dev.parent = &session->conn->hcon->dev;
0a85b964 713
1da177e4
LT		 714 input->event = hidp_input_event;
715
edad6388 716 return 0;
1da177e4
LT		 717}
718
f5ffd462
MH		 719static int hidp_open(struct hid_device *hid)
720{
721 return 0;
722}
723
724static void hidp_close(struct hid_device *hid)
725{
726}
727
c500c971
JS		 728static int hidp_parse(struct hid_device *hid)
729{
730 struct hidp_session *session = hid->driver_data;
c500c971 731
15c697ce
MP		 732 return hid_parse_report(session->hid, session->rd_data,
733 session->rd_size);
c500c971
JS		 734}
735
736static int hidp_start(struct hid_device *hid)
737{
738 struct hidp_session *session = hid->driver_data;
739 struct hid_report *report;
740
142c69c6
DH		 741 if (hid->quirks & HID_QUIRK_NO_INIT_REPORTS)
742 return 0;
743
c500c971
JS		 744 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
745 report_list, list)
746 hidp_send_report(session, report);
747
748 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
749 report_list, list)
750 hidp_send_report(session, report);
751
c500c971
JS		 752 return 0;
753}
754
755static void hidp_stop(struct hid_device *hid)
756{
757 struct hidp_session *session = hid->driver_data;
758
759 skb_queue_purge(&session->ctrl_transmit);
760 skb_queue_purge(&session->intr_transmit);
761
c500c971
JS		 762 hid->claimed = 0;
763}
764
765static struct hid_ll_driver hidp_hid_driver = {
766 .parse = hidp_parse,
767 .start = hidp_start,
768 .stop = hidp_stop,
769 .open = hidp_open,
770 .close = hidp_close,
771 .hidinput_input_event = hidp_hidinput_event,
772};
773
0f69dca2
AO		 774/* This function sets up the hid device. It does not add it
775 to the HID system. That is done in hidp_add_connection(). */
85cdaf52 776static int hidp_setup_hid(struct hidp_session *session,
91f5cca3 777 struct hidp_connadd_req *req)
e1aaadd4 778{
c500c971 779 struct hid_device *hid;
edad6388 780 int err;
e1aaadd4 781
15c697ce
MP		 782 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
783 if (!session->rd_data)
784 return -ENOMEM;
785
786 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
787 err = -EFAULT;
788 goto fault;
789 }
790 session->rd_size = req->rd_size;
791
c500c971 792 hid = hid_allocate_device();
15c697ce
MP		 793 if (IS_ERR(hid)) {
794 err = PTR_ERR(hid);
795 goto fault;
796 }
e1aaadd4 797
c500c971 798 session->hid = hid;
15c697ce 799
e1aaadd4
MH		 800 hid->driver_data = session;
801
e1aaadd4
MH		 802 hid->bus = BUS_BLUETOOTH;
803 hid->vendor = req->vendor;
804 hid->product = req->product;
805 hid->version = req->version;
c500c971 806 hid->country = req->country;
e1aaadd4 807
0a9ab9bd 808 strncpy(hid->name, req->name, sizeof(req->name) - 1);
fcb73338
AE		 809
810 snprintf(hid->phys, sizeof(hid->phys), "%pMR",
811 &bt_sk(session->ctrl_sock->sk)->src);
812
813 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
814 &bt_sk(session->ctrl_sock->sk)->dst);
e1aaadd4 815
5205185d 816 hid->dev.parent = &session->conn->hcon->dev;
c500c971 817 hid->ll_driver = &hidp_hid_driver;
85cdaf52 818
0ff1731a 819 hid->hid_get_raw_report = hidp_get_raw_report;
2da31939
JK		 820 hid->hid_output_raw_report = hidp_output_raw_report;
821
4529eefa
LS		 822 /* True if device is blacklisted in drivers/hid/hid-core.c */
823 if (hid_ignore(hid)) {
824 hid_destroy_device(session->hid);
825 session->hid = NULL;
826 return -ENODEV;
827 }
828
c500c971 829 return 0;
edad6388 830
15c697ce
MP		 831fault:
832 kfree(session->rd_data);
833 session->rd_data = NULL;
834
edad6388 835 return err;
e1aaadd4
MH		 836}
837
b4f34d8d
DH		 838/* initialize session devices */
839static int hidp_session_dev_init(struct hidp_session *session,
840 struct hidp_connadd_req *req)
841{
842 int ret;
843
844 if (req->rd_size > 0) {
845 ret = hidp_setup_hid(session, req);
846 if (ret && ret != -ENODEV)
847 return ret;
848 }
849
850 if (!session->hid) {
851 ret = hidp_setup_input(session, req);
852 if (ret < 0)
853 return ret;
854 }
855
856 return 0;
857}
858
859/* destroy session devices */
860static void hidp_session_dev_destroy(struct hidp_session *session)
861{
862 if (session->hid)
863 put_device(&session->hid->dev);
864 else if (session->input)
865 input_put_device(session->input);
866
867 kfree(session->rd_data);
868 session->rd_data = NULL;
869}
870
871/* add HID/input devices to their underlying bus systems */
872static int hidp_session_dev_add(struct hidp_session *session)
873{
874 int ret;
875
876 /* Both HID and input systems drop a ref-count when unregistering the
877 * device but they don't take a ref-count when registering them. Work
878 * around this by explicitly taking a refcount during registration
879 * which is dropped automatically by unregistering the devices. */
880
881 if (session->hid) {
882 ret = hid_add_device(session->hid);
883 if (ret)
884 return ret;
885 get_device(&session->hid->dev);
886 } else if (session->input) {
887 ret = input_register_device(session->input);
888 if (ret)
889 return ret;
890 input_get_device(session->input);
891 }
892
893 return 0;
894}
895
896/* remove HID/input devices from their bus systems */
897static void hidp_session_dev_del(struct hidp_session *session)
898{
899 if (session->hid)
900 hid_destroy_device(session->hid);
901 else if (session->input)
902 input_unregister_device(session->input);
903}
904
905/*
906 * Create new session object
907 * Allocate session object, initialize static fields, copy input data into the
908 * object and take a reference to all sub-objects.
909 * This returns 0 on success and puts a pointer to the new session object in
910 * \out. Otherwise, an error code is returned.
911 * The new session object has an initial ref-count of 1.
912 */
913static int hidp_session_new(struct hidp_session **out, const bdaddr_t *bdaddr,
914 struct socket *ctrl_sock,
915 struct socket *intr_sock,
916 struct hidp_connadd_req *req,
917 struct l2cap_conn *conn)
918{
919 struct hidp_session *session;
920 int ret;
921 struct bt_sock *ctrl, *intr;
922
923 ctrl = bt_sk(ctrl_sock->sk);
924 intr = bt_sk(intr_sock->sk);
925
926 session = kzalloc(sizeof(*session), GFP_KERNEL);
927 if (!session)
928 return -ENOMEM;
929
930 /* object and runtime management */
931 kref_init(&session->ref);
932 atomic_set(&session->state, HIDP_SESSION_IDLING);
933 init_waitqueue_head(&session->state_queue);
934 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
935
936 /* connection management */
937 bacpy(&session->bdaddr, bdaddr);
938 session->conn = conn;
939 session->user.probe = hidp_session_probe;
940 session->user.remove = hidp_session_remove;
941 session->ctrl_sock = ctrl_sock;
942 session->intr_sock = intr_sock;
943 skb_queue_head_init(&session->ctrl_transmit);
944 skb_queue_head_init(&session->intr_transmit);
945 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl)->chan->omtu,
946 l2cap_pi(ctrl)->chan->imtu);
947 session->intr_mtu = min_t(uint, l2cap_pi(intr)->chan->omtu,
948 l2cap_pi(intr)->chan->imtu);
949 session->idle_to = req->idle_to;
950
951 /* device management */
952 setup_timer(&session->timer, hidp_idle_timeout,
953 (unsigned long)session);
954
955 /* session data */
956 mutex_init(&session->report_mutex);
957 init_waitqueue_head(&session->report_queue);
958
959 ret = hidp_session_dev_init(session, req);
960 if (ret)
961 goto err_free;
962
963 l2cap_conn_get(session->conn);
964 get_file(session->intr_sock->file);
965 get_file(session->ctrl_sock->file);
966 *out = session;
967 return 0;
968
969err_free:
970 kfree(session);
971 return ret;
972}
973
974/* increase ref-count of the given session by one */
975static void hidp_session_get(struct hidp_session *session)
976{
977 kref_get(&session->ref);
978}
979
980/* release callback */
981static void session_free(struct kref *ref)
982{
983 struct hidp_session *session = container_of(ref, struct hidp_session,
984 ref);
985
986 hidp_session_dev_destroy(session);
987 skb_queue_purge(&session->ctrl_transmit);
988 skb_queue_purge(&session->intr_transmit);
989 fput(session->intr_sock->file);
990 fput(session->ctrl_sock->file);
991 l2cap_conn_put(session->conn);
992 kfree(session);
993}
994
995/* decrease ref-count of the given session by one */
996static void hidp_session_put(struct hidp_session *session)
997{
998 kref_put(&session->ref, session_free);
999}
1000
1001/*
1002 * Search the list of active sessions for a session with target address
1003 * \bdaddr. You must hold at least a read-lock on \hidp_session_sem. As long as
1004 * you do not release this lock, the session objects cannot vanish and you can
1005 * safely take a reference to the session yourself.
1006 */
1007static struct hidp_session *__hidp_session_find(const bdaddr_t *bdaddr)
1008{
1009 struct hidp_session *session;
1010
1011 list_for_each_entry(session, &hidp_session_list, list) {
1012 if (!bacmp(bdaddr, &session->bdaddr))
1013 return session;
1014 }
1015
1016 return NULL;
1017}
1018
1019/*
1020 * Same as __hidp_session_find() but no locks must be held. This also takes a
1021 * reference of the returned session (if non-NULL) so you must drop this
1022 * reference if you no longer use the object.
1023 */
1024static struct hidp_session *hidp_session_find(const bdaddr_t *bdaddr)
1025{
1026 struct hidp_session *session;
1027
1028 down_read(&hidp_session_sem);
1029
1030 session = __hidp_session_find(bdaddr);
1031 if (session)
1032 hidp_session_get(session);
1033
1034 up_read(&hidp_session_sem);
1035
1036 return session;
1037}
1038
1039/*
1040 * Start session synchronously
1041 * This starts a session thread and waits until initialization
1042 * is done or returns an error if it couldn't be started.
1043 * If this returns 0 the session thread is up and running. You must call
1044 * hipd_session_stop_sync() before deleting any runtime resources.
1045 */
1046static int hidp_session_start_sync(struct hidp_session *session)
1047{
1048 unsigned int vendor, product;
1049
1050 if (session->hid) {
1051 vendor = session->hid->vendor;
1052 product = session->hid->product;
1053 } else if (session->input) {
1054 vendor = session->input->id.vendor;
1055 product = session->input->id.product;
1056 } else {
1057 vendor = 0x0000;
1058 product = 0x0000;
1059 }
1060
1061 session->task = kthread_run(hidp_session_thread, session,
1062 "khidpd_%04x%04x", vendor, product);
1063 if (IS_ERR(session->task))
1064 return PTR_ERR(session->task);
1065
1066 while (atomic_read(&session->state) <= HIDP_SESSION_IDLING)
1067 wait_event(session->state_queue,
1068 atomic_read(&session->state) > HIDP_SESSION_IDLING);
1069
1070 return 0;
1071}
1072
1073/*
1074 * Terminate session thread
1075 * Wake up session thread and notify it to stop. This is asynchronous and
1076 * returns immediately. Call this whenever a runtime error occurs and you want
1077 * the session to stop.
1078 * Note: wake_up_process() performs any necessary memory-barriers for us.
1079 */
1080static void hidp_session_terminate(struct hidp_session *session)
1081{
1082 atomic_inc(&session->terminate);
1083 wake_up_process(session->task);
1084}
1085
1086/*
1087 * Probe HIDP session
1088 * This is called from the l2cap_conn core when our l2cap_user object is bound
1089 * to the hci-connection. We get the session via the \user object and can now
1090 * start the session thread, register the HID/input devices and link it into
1091 * the global session list.
1092 * The global session-list owns its own reference to the session object so you
1093 * can drop your own reference after registering the l2cap_user object.
1094 */
1095static int hidp_session_probe(struct l2cap_conn *conn,
1096 struct l2cap_user *user)
1097{
1098 struct hidp_session *session = container_of(user,
1099 struct hidp_session,
1100 user);
1101 struct hidp_session *s;
1102 int ret;
1103
1104 down_write(&hidp_session_sem);
1105
1106 /* check that no other session for this device exists */
1107 s = __hidp_session_find(&session->bdaddr);
1108 if (s) {
1109 ret = -EEXIST;
1110 goto out_unlock;
1111 }
1112
1113 ret = hidp_session_start_sync(session);
1114 if (ret)
1115 goto out_unlock;
1116
1117 ret = hidp_session_dev_add(session);
1118 if (ret)
1119 goto out_stop;
1120
1121 hidp_session_get(session);
1122 list_add(&session->list, &hidp_session_list);
1123 ret = 0;
1124 goto out_unlock;
1125
1126out_stop:
1127 hidp_session_terminate(session);
1128out_unlock:
1129 up_write(&hidp_session_sem);
1130 return ret;
1131}
1132
1133/*
1134 * Remove HIDP session
1135 * Called from the l2cap_conn core when either we explicitly unregistered
1136 * the l2cap_user object or if the underlying connection is shut down.
1137 * We signal the hidp-session thread to shut down, unregister the HID/input
1138 * devices and unlink the session from the global list.
1139 * This drops the reference to the session that is owned by the global
1140 * session-list.
1141 * Note: We _must_ not synchronosly wait for the session-thread to shut down.
1142 * This is, because the session-thread might be waiting for an HCI lock that is
1143 * held while we are called. Therefore, we only unregister the devices and
1144 * notify the session-thread to terminate. The thread itself owns a reference
1145 * to the session object so it can safely shut down.
1146 */
1147static void hidp_session_remove(struct l2cap_conn *conn,
1148 struct l2cap_user *user)
1149{
1150 struct hidp_session *session = container_of(user,
1151 struct hidp_session,
1152 user);
1153
1154 down_write(&hidp_session_sem);
1155
1156 hidp_session_terminate(session);
1157 hidp_session_dev_del(session);
1158 list_del(&session->list);
1159
1160 up_write(&hidp_session_sem);
1161
1162 hidp_session_put(session);
1163}
1164
1165/*
1166 * Session Worker
1167 * This performs the actual main-loop of the HIDP worker. We first check
1168 * whether the underlying connection is still alive, then parse all pending
1169 * messages and finally send all outstanding messages.
1170 */
1171static void hidp_session_run(struct hidp_session *session)
1172{
1173 struct sock *ctrl_sk = session->ctrl_sock->sk;
1174 struct sock *intr_sk = session->intr_sock->sk;
1175 struct sk_buff *skb;
1176
1177 for (;;) {
1178 /*
1179 * This thread can be woken up two ways:
1180 * - You call hidp_session_terminate() which sets the
1181 * session->terminate flag and wakes this thread up.
1182 * - Via modifying the socket state of ctrl/intr_sock. This
1183 * thread is woken up by ->sk_state_changed().
1184 *
1185 * Note: set_current_state() performs any necessary
1186 * memory-barriers for us.
1187 */
1188 set_current_state(TASK_INTERRUPTIBLE);
1189
1190 if (atomic_read(&session->terminate))
1191 break;
1192
1193 if (ctrl_sk->sk_state != BT_CONNECTED ||
1194 intr_sk->sk_state != BT_CONNECTED)
1195 break;
1196
1197 /* parse incoming intr-skbs */
1198 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
1199 skb_orphan(skb);
1200 if (!skb_linearize(skb))
1201 hidp_recv_intr_frame(session, skb);
1202 else
1203 kfree_skb(skb);
1204 }
1205
1206 /* send pending intr-skbs */
7350e6cf
DH		 1207 hidp_process_transmit(session, &session->intr_transmit,
1208 session->intr_sock);
b4f34d8d
DH		 1209
1210 /* parse incoming ctrl-skbs */
1211 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
1212 skb_orphan(skb);
1213 if (!skb_linearize(skb))
1214 hidp_recv_ctrl_frame(session, skb);
1215 else
1216 kfree_skb(skb);
1217 }
1218
1219 /* send pending ctrl-skbs */
7350e6cf
DH		 1220 hidp_process_transmit(session, &session->ctrl_transmit,
1221 session->ctrl_sock);
b4f34d8d
DH		 1222
1223 schedule();
1224 }
1225
1226 atomic_inc(&session->terminate);
1227 set_current_state(TASK_RUNNING);
1228}
1229
1230/*
1231 * HIDP session thread
1232 * This thread runs the I/O for a single HIDP session. Startup is synchronous
1233 * which allows us to take references to ourself here instead of doing that in
1234 * the caller.
1235 * When we are ready to run we notify the caller and call hidp_session_run().
1236 */
1237static int hidp_session_thread(void *arg)
1238{
1239 struct hidp_session *session = arg;
1240 wait_queue_t ctrl_wait, intr_wait;
1241
1242 BT_DBG("session %p", session);
1243
1244 /* initialize runtime environment */
1245 hidp_session_get(session);
1246 __module_get(THIS_MODULE);
1247 set_user_nice(current, -15);
1248 hidp_set_timer(session);
1249
1250 init_waitqueue_entry(&ctrl_wait, current);
1251 init_waitqueue_entry(&intr_wait, current);
1252 add_wait_queue(sk_sleep(session->ctrl_sock->sk), &ctrl_wait);
1253 add_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1254 /* This memory barrier is paired with wq_has_sleeper(). See
1255 * sock_poll_wait() for more information why this is needed. */
1256 smp_mb();
1257
1258 /* notify synchronous startup that we're ready */
1259 atomic_inc(&session->state);
1260 wake_up(&session->state_queue);
1261
1262 /* run session */
1263 hidp_session_run(session);
1264
1265 /* cleanup runtime environment */
1266 remove_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1267 remove_wait_queue(sk_sleep(session->intr_sock->sk), &ctrl_wait);
1268 wake_up_interruptible(&session->report_queue);
1269 hidp_del_timer(session);
1270
1271 /*
1272 * If we stopped ourself due to any internal signal, we should try to
1273 * unregister our own session here to avoid having it linger until the
1274 * parent l2cap_conn dies or user-space cleans it up.
1275 * This does not deadlock as we don't do any synchronous shutdown.
1276 * Instead, this call has the same semantics as if user-space tried to
1277 * delete the session.
1278 */
1279 l2cap_unregister_user(session->conn, &session->user);
1280 hidp_session_put(session);
1281
1282 module_put_and_exit(0);
1283 return 0;
1284}
1285
1286static int hidp_verify_sockets(struct socket *ctrl_sock,
1287 struct socket *intr_sock)
1288{
1289 struct bt_sock *ctrl, *intr;
1290 struct hidp_session *session;
1291
1292 if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock))
1293 return -EINVAL;
1294
1295 ctrl = bt_sk(ctrl_sock->sk);
1296 intr = bt_sk(intr_sock->sk);
1297
1298 if (bacmp(&ctrl->src, &intr->src) || bacmp(&ctrl->dst, &intr->dst))
1299 return -ENOTUNIQ;
1300 if (ctrl->sk.sk_state != BT_CONNECTED ||
1301 intr->sk.sk_state != BT_CONNECTED)
1302 return -EBADFD;
1303
1304 /* early session check, we check again during session registration */
1305 session = hidp_session_find(&ctrl->dst);
1306 if (session) {
1307 hidp_session_put(session);
1308 return -EEXIST;
1309 }
1310
1311 return 0;
1312}
1313
1314int hidp_connection_add(struct hidp_connadd_req *req,
1315 struct socket *ctrl_sock,
1316 struct socket *intr_sock)
1317{
1318 struct hidp_session *session;
1319 struct l2cap_conn *conn;
1320 struct l2cap_chan *chan = l2cap_pi(ctrl_sock->sk)->chan;
1321 int ret;
1322
1323 ret = hidp_verify_sockets(ctrl_sock, intr_sock);
1324 if (ret)
1325 return ret;
1326
1327 conn = NULL;
1328 l2cap_chan_lock(chan);
1329 if (chan->conn) {
1330 l2cap_conn_get(chan->conn);
1331 conn = chan->conn;
1332 }
1333 l2cap_chan_unlock(chan);
1334
1335 if (!conn)
1336 return -EBADFD;
1337
1338 ret = hidp_session_new(&session, &bt_sk(ctrl_sock->sk)->dst, ctrl_sock,
1339 intr_sock, req, conn);
1340 if (ret)
1341 goto out_conn;
1342
1343 ret = l2cap_register_user(conn, &session->user);
1344 if (ret)
1345 goto out_session;
1346
1347 ret = 0;
1348
1349out_session:
1350 hidp_session_put(session);
1351out_conn:
1352 l2cap_conn_put(conn);
1353 return ret;
1354}
1355
1356int hidp_connection_del(struct hidp_conndel_req *req)
1357{
1358 struct hidp_session *session;
1359
1360 session = hidp_session_find(&req->bdaddr);
1361 if (!session)
1362 return -ENOENT;
1363
1364 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG))
1365 hidp_send_ctrl_message(session,
1366 HIDP_TRANS_HID_CONTROL |
1367 HIDP_CTRL_VIRTUAL_CABLE_UNPLUG,
1368 NULL, 0);
1369 else
1370 l2cap_unregister_user(session->conn, &session->user);
1371
1372 hidp_session_put(session);
1373
1374 return 0;
1375}
1376
1da177e4
LT		 1377int hidp_get_connlist(struct hidp_connlist_req *req)
1378{
cd11cdd2 1379 struct hidp_session *session;
1da177e4
LT		 1380 int err = 0, n = 0;
1381
1382 BT_DBG("");
1383
1384 down_read(&hidp_session_sem);
1385
cd11cdd2 1386 list_for_each_entry(session, &hidp_session_list, list) {
1da177e4
LT		 1387 struct hidp_conninfo ci;
1388
5205185d 1389 hidp_copy_session(session, &ci);
1da177e4
LT		 1390
1391 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1392 err = -EFAULT;
1393 break;
1394 }
1395
1396 if (++n >= req->cnum)
1397 break;
1398
1399 req->ci++;
1400 }
1401 req->cnum = n;
1402
1403 up_read(&hidp_session_sem);
1404 return err;
1405}
1406
1407int hidp_get_conninfo(struct hidp_conninfo *ci)
1408{
1409 struct hidp_session *session;
1da177e4 1410
5205185d
DH		 1411 session = hidp_session_find(&ci->bdaddr);
1412 if (session) {
1413 hidp_copy_session(session, ci);
1414 hidp_session_put(session);
1415 }
1da177e4 1416
5205185d 1417 return session ? 0 : -ENOENT;
1da177e4
LT		 1418}
1419
1420static int __init hidp_init(void)
1421{
1da177e4
LT		 1422 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1423
8215d557 1424 return hidp_init_sockets();
1da177e4
LT		 1425}
1426
1427static void __exit hidp_exit(void)
1428{
1429 hidp_cleanup_sockets();
1430}
1431
1432module_init(hidp_init);
1433module_exit(hidp_exit);
1434
1435MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
b4f34d8d 1436MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>");
1da177e4
LT		 1437MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1438MODULE_VERSION(VERSION);
1439MODULE_LICENSE("GPL");
1440MODULE_ALIAS("bt-proto-6");
Ubuntu Artful kernel mirror