]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/bluetooth/hidp/core.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Use #include <linux/uaccess.h> instead of <asm/uaccess.h>
[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / hidp / core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
8e87d142
YH		 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 20 SOFTWARE IS DISCLAIMED.
21*/
22
1da177e4
LT		 23#include <linux/module.h>
24
25#include <linux/types.h>
26#include <linux/errno.h>
27#include <linux/kernel.h>
1da177e4
LT		 28#include <linux/sched.h>
29#include <linux/slab.h>
30#include <linux/poll.h>
83144186 31#include <linux/freezer.h>
1da177e4
LT		 32#include <linux/fcntl.h>
33#include <linux/skbuff.h>
34#include <linux/socket.h>
35#include <linux/ioctl.h>
36#include <linux/file.h>
37#include <linux/init.h>
38#include <linux/wait.h>
0ff1731a 39#include <linux/mutex.h>
1da177e4
LT		 40#include <net/sock.h>
41
42#include <linux/input.h>
e1aaadd4 43#include <linux/hid.h>
364f6351 44#include <linux/hidraw.h>
1da177e4
LT		 45
46#include <net/bluetooth/bluetooth.h>
0a85b964 47#include <net/bluetooth/hci_core.h>
1da177e4
LT		 48#include <net/bluetooth/l2cap.h>
49
50#include "hidp.h"
51
e1aaadd4 52#define VERSION "1.2"
1da177e4
LT		 53
54static DECLARE_RWSEM(hidp_session_sem);
55static LIST_HEAD(hidp_session_list);
56
57static unsigned char hidp_keycode[256] = {
58 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 37, 38,
59 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 21, 44, 2, 3,
60 4, 5, 6, 7, 8, 9, 10, 11, 28, 1, 14, 15, 57, 12, 13, 26,
61 27, 43, 43, 39, 40, 41, 51, 52, 53, 58, 59, 60, 61, 62, 63, 64,
62 65, 66, 67, 68, 87, 88, 99, 70,119,110,102,104,111,107,109,106,
63 105,108,103, 69, 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71,
64 72, 73, 82, 83, 86,127,116,117,183,184,185,186,187,188,189,190,
65 191,192,193,194,134,138,130,132,128,129,131,137,133,135,136,113,
66 115,114, 0, 0, 0,121, 0, 89, 93,124, 92, 94, 95, 0, 0, 0,
67 122,123, 90, 91, 85, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
68 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
69 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
70 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
71 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
72 29, 42, 56,125, 97, 54,100,126,164,166,165,163,161,115,114,113,
73 150,158,159,128,136,177,178,176,142,152,173,140
74};
75
76static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
77
78static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
79{
80 struct hidp_session *session;
81 struct list_head *p;
82
83 BT_DBG("");
84
85 list_for_each(p, &hidp_session_list) {
86 session = list_entry(p, struct hidp_session, list);
87 if (!bacmp(bdaddr, &session->bdaddr))
88 return session;
89 }
90 return NULL;
91}
92
93static void __hidp_link_session(struct hidp_session *session)
94{
95 __module_get(THIS_MODULE);
96 list_add(&session->list, &hidp_session_list);
edad6388
MH		 97
98 hci_conn_hold_device(session->conn);
1da177e4
LT		 99}
100
101static void __hidp_unlink_session(struct hidp_session *session)
102{
edad6388
MH		 103 hci_conn_put_device(session->conn);
104
1da177e4
LT		 105 list_del(&session->list);
106 module_put(THIS_MODULE);
107}
108
109static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
110{
d31dbf6e 111 memset(ci, 0, sizeof(*ci));
1da177e4
LT		 112 bacpy(&ci->bdaddr, &session->bdaddr);
113
114 ci->flags = session->flags;
115 ci->state = session->state;
116
117 ci->vendor = 0x0000;
118 ci->product = 0x0000;
119 ci->version = 0x0000;
1da177e4
LT		 120
121 if (session->input) {
122 ci->vendor = session->input->id.vendor;
123 ci->product = session->input->id.product;
124 ci->version = session->input->id.version;
125 if (session->input->name)
126 strncpy(ci->name, session->input->name, 128);
127 else
128 strncpy(ci->name, "HID Boot Device", 128);
129 }
e1aaadd4
MH		 130
131 if (session->hid) {
132 ci->vendor = session->hid->vendor;
133 ci->product = session->hid->product;
134 ci->version = session->hid->version;
135 strncpy(ci->name, session->hid->name, 128);
136 }
1da177e4
LT		 137}
138
91f5cca3
AM		 139static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
140 unsigned int type, unsigned int code, int value)
1da177e4 141{
1da177e4 142 unsigned char newleds;
e1aaadd4 143 struct sk_buff *skb;
1da177e4 144
e1aaadd4 145 BT_DBG("session %p type %d code %d value %d", session, type, code, value);
1da177e4
LT		 146
147 if (type != EV_LED)
148 return -1;
149
150 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
151 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
152 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
153 (!!test_bit(LED_CAPSL, dev->led) << 1) |
154 (!!test_bit(LED_NUML, dev->led));
155
156 if (session->leds == newleds)
157 return 0;
158
159 session->leds = newleds;
160
5a08ecce
AE		 161 skb = alloc_skb(3, GFP_ATOMIC);
162 if (!skb) {
1da177e4
LT		 163 BT_ERR("Can't allocate memory for new frame");
164 return -ENOMEM;
165 }
166
167 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
168 *skb_put(skb, 1) = 0x01;
169 *skb_put(skb, 1) = newleds;
170
171 skb_queue_tail(&session->intr_transmit, skb);
172
173 hidp_schedule(session);
174
175 return 0;
176}
177
e1aaadd4
MH		 178static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
179{
5be39466 180 struct hid_device *hid = input_get_drvdata(dev);
e1aaadd4
MH		 181 struct hidp_session *session = hid->driver_data;
182
183 return hidp_queue_event(session, dev, type, code, value);
184}
185
186static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
187{
5be39466 188 struct hidp_session *session = input_get_drvdata(dev);
e1aaadd4
MH		 189
190 return hidp_queue_event(session, dev, type, code, value);
191}
192
1da177e4
LT		 193static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
194{
195 struct input_dev *dev = session->input;
196 unsigned char *keys = session->keys;
197 unsigned char *udata = skb->data + 1;
198 signed char *sdata = skb->data + 1;
199 int i, size = skb->len - 1;
200
201 switch (skb->data[0]) {
202 case 0x01: /* Keyboard report */
203 for (i = 0; i < 8; i++)
204 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
205
206 /* If all the key codes have been set to 0x01, it means
207 * too many keys were pressed at the same time. */
208 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
209 break;
210
211 for (i = 2; i < 8; i++) {
212 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
213 if (hidp_keycode[keys[i]])
214 input_report_key(dev, hidp_keycode[keys[i]], 0);
215 else
216 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
217 }
218
219 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
220 if (hidp_keycode[udata[i]])
221 input_report_key(dev, hidp_keycode[udata[i]], 1);
222 else
223 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
224 }
225 }
226
227 memcpy(keys, udata, 8);
228 break;
229
230 case 0x02: /* Mouse report */
231 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
232 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
233 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
234 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
235 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
236
237 input_report_rel(dev, REL_X, sdata[1]);
238 input_report_rel(dev, REL_Y, sdata[2]);
239
240 if (size > 3)
241 input_report_rel(dev, REL_WHEEL, sdata[3]);
242 break;
243 }
244
245 input_sync(dev);
246}
247
6bf8268f
BN		 248static int __hidp_send_ctrl_message(struct hidp_session *session,
249 unsigned char hdr, unsigned char *data, int size)
250{
251 struct sk_buff *skb;
252
253 BT_DBG("session %p data %p size %d", session, data, size);
254
5a08ecce
AE		 255 skb = alloc_skb(size + 1, GFP_ATOMIC);
256 if (!skb) {
6bf8268f
BN		 257 BT_ERR("Can't allocate memory for new frame");
258 return -ENOMEM;
259 }
260
261 *skb_put(skb, 1) = hdr;
262 if (data && size > 0)
263 memcpy(skb_put(skb, size), data, size);
264
265 skb_queue_tail(&session->ctrl_transmit, skb);
266
267 return 0;
268}
269
270static inline int hidp_send_ctrl_message(struct hidp_session *session,
271 unsigned char hdr, unsigned char *data, int size)
272{
273 int err;
274
275 err = __hidp_send_ctrl_message(session, hdr, data, size);
276
277 hidp_schedule(session);
278
279 return err;
280}
281
91f5cca3
AM		 282static int hidp_queue_report(struct hidp_session *session,
283 unsigned char *data, int size)
e1aaadd4
MH		 284{
285 struct sk_buff *skb;
286
6792b5ec 287 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
e1aaadd4 288
5a08ecce
AE		 289 skb = alloc_skb(size + 1, GFP_ATOMIC);
290 if (!skb) {
e1aaadd4
MH		 291 BT_ERR("Can't allocate memory for new frame");
292 return -ENOMEM;
293 }
294
295 *skb_put(skb, 1) = 0xa2;
296 if (size > 0)
297 memcpy(skb_put(skb, size), data, size);
298
299 skb_queue_tail(&session->intr_transmit, skb);
300
301 hidp_schedule(session);
302
303 return 0;
304}
305
306static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
307{
308 unsigned char buf[32];
309 int rsize;
310
311 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
312 if (rsize > sizeof(buf))
313 return -EIO;
314
315 hid_output_report(report, buf);
316
317 return hidp_queue_report(session, buf, rsize);
318}
319
0ff1731a
AO		 320static int hidp_get_raw_report(struct hid_device *hid,
321 unsigned char report_number,
322 unsigned char *data, size_t count,
323 unsigned char report_type)
324{
325 struct hidp_session *session = hid->driver_data;
326 struct sk_buff *skb;
327 size_t len;
328 int numbered_reports = hid->report_enum[report_type].numbered;
329
330 switch (report_type) {
331 case HID_FEATURE_REPORT:
332 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
333 break;
334 case HID_INPUT_REPORT:
335 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
336 break;
337 case HID_OUTPUT_REPORT:
338 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
339 break;
340 default:
341 return -EINVAL;
342 }
343
344 if (mutex_lock_interruptible(&session->report_mutex))
345 return -ERESTARTSYS;
346
347 /* Set up our wait, and send the report request to the device. */
348 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
349 session->waiting_report_number = numbered_reports ? report_number : -1;
350 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
351 data[0] = report_number;
352 if (hidp_send_ctrl_message(hid->driver_data, report_type, data, 1))
353 goto err_eio;
354
355 /* Wait for the return of the report. The returned report
356 gets put in session->report_return. */
357 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) {
358 int res;
359
360 res = wait_event_interruptible_timeout(session->report_queue,
361 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags),
362 5*HZ);
363 if (res == 0) {
364 /* timeout */
365 goto err_eio;
366 }
367 if (res < 0) {
368 /* signal */
369 goto err_restartsys;
370 }
371 }
372
373 skb = session->report_return;
374 if (skb) {
375 len = skb->len < count ? skb->len : count;
376 memcpy(data, skb->data, len);
377
378 kfree_skb(skb);
379 session->report_return = NULL;
380 } else {
381 /* Device returned a HANDSHAKE, indicating protocol error. */
382 len = -EIO;
383 }
384
385 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
386 mutex_unlock(&session->report_mutex);
387
388 return len;
389
390err_restartsys:
391 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
392 mutex_unlock(&session->report_mutex);
393 return -ERESTARTSYS;
394err_eio:
395 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
396 mutex_unlock(&session->report_mutex);
397 return -EIO;
398}
399
d4bfa033
JK		 400static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
401 unsigned char report_type)
2da31939 402{
0825411a
AO		 403 struct hidp_session *session = hid->driver_data;
404 int ret;
405
d4bfa033
JK		 406 switch (report_type) {
407 case HID_FEATURE_REPORT:
408 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
409 break;
410 case HID_OUTPUT_REPORT:
97e1efbb 411 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT;
d4bfa033
JK		 412 break;
413 default:
414 return -EINVAL;
415 }
416
0825411a
AO		 417 if (mutex_lock_interruptible(&session->report_mutex))
418 return -ERESTARTSYS;
419
420 /* Set up our wait, and send the report request to the device. */
421 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
d4bfa033 422 if (hidp_send_ctrl_message(hid->driver_data, report_type,
0825411a
AO		 423 data, count)) {
424 ret = -ENOMEM;
425 goto err;
426 }
427
428 /* Wait for the ACK from the device. */
429 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) {
430 int res;
431
432 res = wait_event_interruptible_timeout(session->report_queue,
433 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags),
434 10*HZ);
435 if (res == 0) {
436 /* timeout */
437 ret = -EIO;
438 goto err;
439 }
440 if (res < 0) {
441 /* signal */
442 ret = -ERESTARTSYS;
443 goto err;
444 }
445 }
446
447 if (!session->output_report_success) {
448 ret = -EIO;
449 goto err;
450 }
451
452 ret = count;
453
454err:
455 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
456 mutex_unlock(&session->report_mutex);
457 return ret;
2da31939
JK		 458}
459
1da177e4
LT		 460static void hidp_idle_timeout(unsigned long arg)
461{
462 struct hidp_session *session = (struct hidp_session *) arg;
463
464 atomic_inc(&session->terminate);
465 hidp_schedule(session);
466}
467
91f5cca3 468static void hidp_set_timer(struct hidp_session *session)
1da177e4
LT		 469{
470 if (session->idle_to > 0)
471 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
472}
473
474static inline void hidp_del_timer(struct hidp_session *session)
475{
476 if (session->idle_to > 0)
477 del_timer(&session->timer);
478}
479
91f5cca3
AM		 480static void hidp_process_handshake(struct hidp_session *session,
481 unsigned char param)
1da177e4
LT		 482{
483 BT_DBG("session %p param 0x%02x", session, param);
0825411a 484 session->output_report_success = 0; /* default condition */
1da177e4
LT		 485
486 switch (param) {
487 case HIDP_HSHK_SUCCESSFUL:
488 /* FIXME: Call into SET_ GET_ handlers here */
0825411a 489 session->output_report_success = 1;
1da177e4
LT		 490 break;
491
492 case HIDP_HSHK_NOT_READY:
493 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
494 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
495 case HIDP_HSHK_ERR_INVALID_PARAMETER:
0ff1731a
AO		 496 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) {
497 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
498 wake_up_interruptible(&session->report_queue);
499 }
1da177e4
LT		 500 /* FIXME: Call into SET_ GET_ handlers here */
501 break;
502
503 case HIDP_HSHK_ERR_UNKNOWN:
504 break;
505
506 case HIDP_HSHK_ERR_FATAL:
507 /* Device requests a reboot, as this is the only way this error
8e87d142 508 * can be recovered. */
1da177e4
LT		 509 __hidp_send_ctrl_message(session,
510 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
511 break;
512
513 default:
514 __hidp_send_ctrl_message(session,
515 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
516 break;
517 }
0825411a
AO		 518
519 /* Wake up the waiting thread. */
520 if (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) {
521 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
522 wake_up_interruptible(&session->report_queue);
523 }
1da177e4
LT		 524}
525
91f5cca3
AM		 526static void hidp_process_hid_control(struct hidp_session *session,
527 unsigned char param)
1da177e4
LT		 528{
529 BT_DBG("session %p param 0x%02x", session, param);
530
eff001e3 531 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
1da177e4
LT		 532 /* Flush the transmit queues */
533 skb_queue_purge(&session->ctrl_transmit);
534 skb_queue_purge(&session->intr_transmit);
535
536 /* Kill session thread */
537 atomic_inc(&session->terminate);
981b1414 538 hidp_schedule(session);
1da177e4
LT		 539 }
540}
541
0ff1731a
AO		 542/* Returns true if the passed-in skb should be freed by the caller. */
543static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
91f5cca3 544 unsigned char param)
1da177e4 545{
0ff1731a 546 int done_with_skb = 1;
1da177e4
LT		 547 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
548
549 switch (param) {
550 case HIDP_DATA_RTYPE_INPUT:
551 hidp_set_timer(session);
552
553 if (session->input)
554 hidp_input_report(session, skb);
e1aaadd4
MH		 555
556 if (session->hid)
557 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
1da177e4
LT		 558 break;
559
560 case HIDP_DATA_RTYPE_OTHER:
561 case HIDP_DATA_RTYPE_OUPUT:
562 case HIDP_DATA_RTYPE_FEATURE:
563 break;
564
565 default:
566 __hidp_send_ctrl_message(session,
567 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
568 }
0ff1731a
AO		 569
570 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
571 param == session->waiting_report_type) {
572 if (session->waiting_report_number < 0 ||
573 session->waiting_report_number == skb->data[0]) {
574 /* hidp_get_raw_report() is waiting on this report. */
575 session->report_return = skb;
576 done_with_skb = 0;
577 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
578 wake_up_interruptible(&session->report_queue);
579 }
580 }
581
582 return done_with_skb;
1da177e4
LT		 583}
584
91f5cca3
AM		 585static void hidp_recv_ctrl_frame(struct hidp_session *session,
586 struct sk_buff *skb)
1da177e4
LT		 587{
588 unsigned char hdr, type, param;
0ff1731a 589 int free_skb = 1;
1da177e4
LT		 590
591 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
592
593 hdr = skb->data[0];
594 skb_pull(skb, 1);
595
596 type = hdr & HIDP_HEADER_TRANS_MASK;
597 param = hdr & HIDP_HEADER_PARAM_MASK;
598
599 switch (type) {
600 case HIDP_TRANS_HANDSHAKE:
601 hidp_process_handshake(session, param);
602 break;
603
604 case HIDP_TRANS_HID_CONTROL:
605 hidp_process_hid_control(session, param);
606 break;
607
608 case HIDP_TRANS_DATA:
0ff1731a 609 free_skb = hidp_process_data(session, skb, param);
1da177e4
LT		 610 break;
611
612 default:
613 __hidp_send_ctrl_message(session,
614 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
615 break;
616 }
617
0ff1731a
AO		 618 if (free_skb)
619 kfree_skb(skb);
1da177e4
LT		 620}
621
91f5cca3
AM		 622static void hidp_recv_intr_frame(struct hidp_session *session,
623 struct sk_buff *skb)
1da177e4
LT		 624{
625 unsigned char hdr;
626
627 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
628
629 hdr = skb->data[0];
630 skb_pull(skb, 1);
631
632 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
633 hidp_set_timer(session);
e1aaadd4 634
1da177e4
LT		 635 if (session->input)
636 hidp_input_report(session, skb);
e1aaadd4
MH		 637
638 if (session->hid) {
639 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
640 BT_DBG("report len %d", skb->len);
641 }
1da177e4
LT		 642 } else {
643 BT_DBG("Unsupported protocol header 0x%02x", hdr);
644 }
645
646 kfree_skb(skb);
647}
648
649static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
650{
651 struct kvec iv = { data, len };
652 struct msghdr msg;
653
654 BT_DBG("sock %p data %p len %d", sock, data, len);
655
656 if (!len)
657 return 0;
658
659 memset(&msg, 0, sizeof(msg));
660
661 return kernel_sendmsg(sock, &msg, &iv, 1, len);
662}
663
b03efcfb 664static void hidp_process_transmit(struct hidp_session *session)
1da177e4
LT		 665{
666 struct sk_buff *skb;
667
668 BT_DBG("session %p", session);
669
670 while ((skb = skb_dequeue(&session->ctrl_transmit))) {
671 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
672 skb_queue_head(&session->ctrl_transmit, skb);
673 break;
674 }
675
676 hidp_set_timer(session);
677 kfree_skb(skb);
678 }
679
680 while ((skb = skb_dequeue(&session->intr_transmit))) {
681 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
682 skb_queue_head(&session->intr_transmit, skb);
683 break;
684 }
685
686 hidp_set_timer(session);
687 kfree_skb(skb);
688 }
1da177e4
LT		 689}
690
691static int hidp_session(void *arg)
692{
693 struct hidp_session *session = arg;
694 struct sock *ctrl_sk = session->ctrl_sock->sk;
695 struct sock *intr_sk = session->intr_sock->sk;
696 struct sk_buff *skb;
697 int vendor = 0x0000, product = 0x0000;
698 wait_queue_t ctrl_wait, intr_wait;
699
700 BT_DBG("session %p", session);
701
702 if (session->input) {
703 vendor = session->input->id.vendor;
704 product = session->input->id.product;
705 }
706
e1aaadd4
MH		 707 if (session->hid) {
708 vendor = session->hid->vendor;
709 product = session->hid->product;
710 }
711
1da177e4
LT		 712 daemonize("khidpd_%04x%04x", vendor, product);
713 set_user_nice(current, -15);
1da177e4
LT		 714
715 init_waitqueue_entry(&ctrl_wait, current);
716 init_waitqueue_entry(&intr_wait, current);
aa395145
ED		 717 add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
718 add_wait_queue(sk_sleep(intr_sk), &intr_wait);
0f69dca2
AO		 719 session->waiting_for_startup = 0;
720 wake_up_interruptible(&session->startup_queue);
1da177e4
LT		 721 while (!atomic_read(&session->terminate)) {
722 set_current_state(TASK_INTERRUPTIBLE);
723
724 if (ctrl_sk->sk_state != BT_CONNECTED || intr_sk->sk_state != BT_CONNECTED)
725 break;
726
727 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
728 skb_orphan(skb);
729 hidp_recv_ctrl_frame(session, skb);
730 }
731
732 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
733 skb_orphan(skb);
734 hidp_recv_intr_frame(session, skb);
735 }
736
737 hidp_process_transmit(session);
738
739 schedule();
740 }
741 set_current_state(TASK_RUNNING);
aa395145
ED		 742 remove_wait_queue(sk_sleep(intr_sk), &intr_wait);
743 remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
1da177e4
LT		 744
745 down_write(&hidp_session_sem);
746
747 hidp_del_timer(session);
748
1da177e4
LT		 749 if (session->input) {
750 input_unregister_device(session->input);
34abf91f 751 session->input = NULL;
1da177e4
LT		 752 }
753
e1aaadd4 754 if (session->hid) {
85cdaf52 755 hid_destroy_device(session->hid);
edad6388 756 session->hid = NULL;
e1aaadd4
MH		 757 }
758
ec8dab36
MH		 759 /* Wakeup user-space polling for socket errors */
760 session->intr_sock->sk->sk_err = EUNATCH;
761 session->ctrl_sock->sk->sk_err = EUNATCH;
762
763 hidp_schedule(session);
764
1c39858b
DW		 765 fput(session->intr_sock->file);
766
aa395145 767 wait_event_timeout(*(sk_sleep(ctrl_sk)),
1c39858b
DW		 768 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
769
770 fput(session->ctrl_sock->file);
771
772 __hidp_unlink_session(session);
773
1da177e4
LT		 774 up_write(&hidp_session_sem);
775
776 kfree(session);
777 return 0;
778}
779
0a85b964
MH		 780static struct device *hidp_get_device(struct hidp_session *session)
781{
782 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
783 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
edad6388 784 struct device *device = NULL;
0a85b964 785 struct hci_dev *hdev;
0a85b964
MH		 786
787 hdev = hci_get_route(dst, src);
788 if (!hdev)
789 return NULL;
790
edad6388
MH		 791 session->conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
792 if (session->conn)
793 device = &session->conn->dev;
0a85b964
MH		 794
795 hci_dev_put(hdev);
796
edad6388 797 return device;
0a85b964
MH		 798}
799
91f5cca3
AM		 800static int hidp_setup_input(struct hidp_session *session,
801 struct hidp_connadd_req *req)
1da177e4 802{
c500c971 803 struct input_dev *input;
edad6388 804 int err, i;
1da177e4 805
c500c971
JS		 806 input = input_allocate_device();
807 if (!input)
808 return -ENOMEM;
809
810 session->input = input;
811
5be39466 812 input_set_drvdata(input, session);
1da177e4 813
34abf91f
DT		 814 input->name = "Bluetooth HID Boot Protocol Device";
815
1da177e4
LT		 816 input->id.bustype = BUS_BLUETOOTH;
817 input->id.vendor = req->vendor;
818 input->id.product = req->product;
819 input->id.version = req->version;
820
821 if (req->subclass & 0x40) {
822 set_bit(EV_KEY, input->evbit);
823 set_bit(EV_LED, input->evbit);
824 set_bit(EV_REP, input->evbit);
825
826 set_bit(LED_NUML, input->ledbit);
827 set_bit(LED_CAPSL, input->ledbit);
828 set_bit(LED_SCROLLL, input->ledbit);
829 set_bit(LED_COMPOSE, input->ledbit);
830 set_bit(LED_KANA, input->ledbit);
831
832 for (i = 0; i < sizeof(hidp_keycode); i++)
833 set_bit(hidp_keycode[i], input->keybit);
834 clear_bit(0, input->keybit);
835 }
836
837 if (req->subclass & 0x80) {
7b19ada2
JS		 838 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
839 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
840 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
841 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
842 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
843 BIT_MASK(BTN_EXTRA);
844 input->relbit[0] |= BIT_MASK(REL_WHEEL);
1da177e4
LT		 845 }
846
5be39466 847 input->dev.parent = hidp_get_device(session);
0a85b964 848
1da177e4
LT		 849 input->event = hidp_input_event;
850
edad6388
MH		 851 err = input_register_device(input);
852 if (err < 0) {
853 hci_conn_put_device(session->conn);
854 return err;
855 }
856
857 return 0;
1da177e4
LT		 858}
859
f5ffd462
MH		 860static int hidp_open(struct hid_device *hid)
861{
862 return 0;
863}
864
865static void hidp_close(struct hid_device *hid)
866{
867}
868
c500c971
JS		 869static int hidp_parse(struct hid_device *hid)
870{
871 struct hidp_session *session = hid->driver_data;
c500c971 872
15c697ce
MP		 873 return hid_parse_report(session->hid, session->rd_data,
874 session->rd_size);
c500c971
JS		 875}
876
877static int hidp_start(struct hid_device *hid)
878{
879 struct hidp_session *session = hid->driver_data;
880 struct hid_report *report;
881
882 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
883 report_list, list)
884 hidp_send_report(session, report);
885
886 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
887 report_list, list)
888 hidp_send_report(session, report);
889
c500c971
JS		 890 return 0;
891}
892
893static void hidp_stop(struct hid_device *hid)
894{
895 struct hidp_session *session = hid->driver_data;
896
897 skb_queue_purge(&session->ctrl_transmit);
898 skb_queue_purge(&session->intr_transmit);
899
c500c971
JS		 900 hid->claimed = 0;
901}
902
903static struct hid_ll_driver hidp_hid_driver = {
904 .parse = hidp_parse,
905 .start = hidp_start,
906 .stop = hidp_stop,
907 .open = hidp_open,
908 .close = hidp_close,
909 .hidinput_input_event = hidp_hidinput_event,
910};
911
0f69dca2
AO		 912/* This function sets up the hid device. It does not add it
913 to the HID system. That is done in hidp_add_connection(). */
85cdaf52 914static int hidp_setup_hid(struct hidp_session *session,
91f5cca3 915 struct hidp_connadd_req *req)
e1aaadd4 916{
c500c971 917 struct hid_device *hid;
edad6388 918 int err;
e1aaadd4 919
15c697ce
MP		 920 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
921 if (!session->rd_data)
922 return -ENOMEM;
923
924 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
925 err = -EFAULT;
926 goto fault;
927 }
928 session->rd_size = req->rd_size;
929
c500c971 930 hid = hid_allocate_device();
15c697ce
MP		 931 if (IS_ERR(hid)) {
932 err = PTR_ERR(hid);
933 goto fault;
934 }
e1aaadd4 935
c500c971 936 session->hid = hid;
15c697ce 937
e1aaadd4
MH		 938 hid->driver_data = session;
939
e1aaadd4
MH		 940 hid->bus = BUS_BLUETOOTH;
941 hid->vendor = req->vendor;
942 hid->product = req->product;
943 hid->version = req->version;
c500c971 944 hid->country = req->country;
e1aaadd4
MH		 945
946 strncpy(hid->name, req->name, 128);
d6b2eb2f
GP		 947 strncpy(hid->phys, batostr(&bt_sk(session->ctrl_sock->sk)->src), 64);
948 strncpy(hid->uniq, batostr(&bt_sk(session->ctrl_sock->sk)->dst), 64);
e1aaadd4 949
85cdaf52 950 hid->dev.parent = hidp_get_device(session);
c500c971 951 hid->ll_driver = &hidp_hid_driver;
85cdaf52 952
0ff1731a 953 hid->hid_get_raw_report = hidp_get_raw_report;
2da31939
JK		 954 hid->hid_output_raw_report = hidp_output_raw_report;
955
c500c971 956 return 0;
edad6388 957
15c697ce
MP		 958fault:
959 kfree(session->rd_data);
960 session->rd_data = NULL;
961
edad6388 962 return err;
e1aaadd4
MH		 963}
964
1da177e4
LT		 965int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
966{
967 struct hidp_session *session, *s;
968 int err;
969
970 BT_DBG("");
971
972 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
973 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
974 return -ENOTUNIQ;
975
25ea6db0 976 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
34abf91f 977 if (!session)
1da177e4 978 return -ENOMEM;
1da177e4 979
e1aaadd4
MH		 980 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);
981
1da177e4
LT		 982 down_write(&hidp_session_sem);
983
984 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
985 if (s && s->state == BT_CONNECTED) {
986 err = -EEXIST;
987 goto failed;
988 }
989
990 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
991
992 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu);
993 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu);
994
995 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
996
997 session->ctrl_sock = ctrl_sock;
998 session->intr_sock = intr_sock;
999 session->state = BT_CONNECTED;
1000
b24b8a24 1001 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session);
1da177e4
LT		 1002
1003 skb_queue_head_init(&session->ctrl_transmit);
1004 skb_queue_head_init(&session->intr_transmit);
1005
0ff1731a
AO		 1006 mutex_init(&session->report_mutex);
1007 init_waitqueue_head(&session->report_queue);
0f69dca2
AO		 1008 init_waitqueue_head(&session->startup_queue);
1009 session->waiting_for_startup = 1;
1da177e4
LT		 1010 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
1011 session->idle_to = req->idle_to;
1012
c500c971 1013 if (req->rd_size > 0) {
85cdaf52 1014 err = hidp_setup_hid(session, req);
d458a9df 1015 if (err && err != -ENODEV)
edad6388 1016 goto purge;
c500c971
JS		 1017 }
1018
1019 if (!session->hid) {
1020 err = hidp_setup_input(session, req);
1021 if (err < 0)
edad6388 1022 goto purge;
85cdaf52 1023 }
e1aaadd4 1024
1da177e4
LT		 1025 __hidp_link_session(session);
1026
1027 hidp_set_timer(session);
1028
1029 err = kernel_thread(hidp_session, session, CLONE_KERNEL);
1030 if (err < 0)
1031 goto unlink;
0f69dca2
AO		 1032 while (session->waiting_for_startup) {
1033 wait_event_interruptible(session->startup_queue,
1034 !session->waiting_for_startup);
1035 }
1036
1037 err = hid_add_device(session->hid);
1038 if (err < 0)
1039 goto err_add_device;
1da177e4
LT		 1040
1041 if (session->input) {
1042 hidp_send_ctrl_message(session,
1043 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
1044 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
1045
1046 session->leds = 0xff;
1047 hidp_input_event(session->input, EV_LED, 0, 0);
1048 }
1049
1050 up_write(&hidp_session_sem);
1051 return 0;
1052
0f69dca2
AO		 1053err_add_device:
1054 hid_destroy_device(session->hid);
1055 session->hid = NULL;
1056 atomic_inc(&session->terminate);
1057 hidp_schedule(session);
1058
1da177e4
LT		 1059unlink:
1060 hidp_del_timer(session);
1061
1062 __hidp_unlink_session(session);
1063
edad6388 1064 if (session->input) {
1da177e4 1065 input_unregister_device(session->input);
edad6388
MH		 1066 session->input = NULL;
1067 }
1068
1069 if (session->hid) {
85cdaf52 1070 hid_destroy_device(session->hid);
edad6388
MH		 1071 session->hid = NULL;
1072 }
1073
15c697ce
MP		 1074 kfree(session->rd_data);
1075 session->rd_data = NULL;
1076
edad6388 1077purge:
c500c971
JS		 1078 skb_queue_purge(&session->ctrl_transmit);
1079 skb_queue_purge(&session->intr_transmit);
edad6388 1080
c500c971
JS		 1081failed:
1082 up_write(&hidp_session_sem);
e1aaadd4 1083
5be39466 1084 input_free_device(session->input);
1da177e4
LT		 1085 kfree(session);
1086 return err;
1087}
1088
1089int hidp_del_connection(struct hidp_conndel_req *req)
1090{
1091 struct hidp_session *session;
1092 int err = 0;
1093
1094 BT_DBG("");
1095
1096 down_read(&hidp_session_sem);
1097
1098 session = __hidp_get_session(&req->bdaddr);
1099 if (session) {
1100 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
1101 hidp_send_ctrl_message(session,
1102 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
1103 } else {
1104 /* Flush the transmit queues */
1105 skb_queue_purge(&session->ctrl_transmit);
1106 skb_queue_purge(&session->intr_transmit);
1107
ec8dab36
MH		 1108 /* Wakeup user-space polling for socket errors */
1109 session->intr_sock->sk->sk_err = EUNATCH;
1110 session->ctrl_sock->sk->sk_err = EUNATCH;
1111
1da177e4
LT		 1112 /* Kill session thread */
1113 atomic_inc(&session->terminate);
1114 hidp_schedule(session);
1115 }
1116 } else
1117 err = -ENOENT;
1118
1119 up_read(&hidp_session_sem);
1120 return err;
1121}
1122
1123int hidp_get_connlist(struct hidp_connlist_req *req)
1124{
1125 struct list_head *p;
1126 int err = 0, n = 0;
1127
1128 BT_DBG("");
1129
1130 down_read(&hidp_session_sem);
1131
1132 list_for_each(p, &hidp_session_list) {
1133 struct hidp_session *session;
1134 struct hidp_conninfo ci;
1135
1136 session = list_entry(p, struct hidp_session, list);
1137
1138 __hidp_copy_session(session, &ci);
1139
1140 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1141 err = -EFAULT;
1142 break;
1143 }
1144
1145 if (++n >= req->cnum)
1146 break;
1147
1148 req->ci++;
1149 }
1150 req->cnum = n;
1151
1152 up_read(&hidp_session_sem);
1153 return err;
1154}
1155
1156int hidp_get_conninfo(struct hidp_conninfo *ci)
1157{
1158 struct hidp_session *session;
1159 int err = 0;
1160
1161 down_read(&hidp_session_sem);
1162
1163 session = __hidp_get_session(&ci->bdaddr);
1164 if (session)
1165 __hidp_copy_session(session, ci);
1166 else
1167 err = -ENOENT;
1168
1169 up_read(&hidp_session_sem);
1170 return err;
1171}
1172
85cdaf52
JS		 1173static const struct hid_device_id hidp_table[] = {
1174 { HID_BLUETOOTH_DEVICE(HID_ANY_ID, HID_ANY_ID) },
1175 { }
1176};
1177
1178static struct hid_driver hidp_driver = {
1179 .name = "generic-bluetooth",
1180 .id_table = hidp_table,
1181};
1182
1da177e4
LT		 1183static int __init hidp_init(void)
1184{
85cdaf52
JS		 1185 int ret;
1186
1da177e4
LT		 1187 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1188
85cdaf52
JS		 1189 ret = hid_register_driver(&hidp_driver);
1190 if (ret)
1191 goto err;
1192
1193 ret = hidp_init_sockets();
1194 if (ret)
1195 goto err_drv;
1196
1197 return 0;
1198err_drv:
1199 hid_unregister_driver(&hidp_driver);
1200err:
1201 return ret;
1da177e4
LT		 1202}
1203
1204static void __exit hidp_exit(void)
1205{
1206 hidp_cleanup_sockets();
85cdaf52 1207 hid_unregister_driver(&hidp_driver);
1da177e4
LT		 1208}
1209
1210module_init(hidp_init);
1211module_exit(hidp_exit);
1212
1213MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1214MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1215MODULE_VERSION(VERSION);
1216MODULE_LICENSE("GPL");
1217MODULE_ALIAS("bt-proto-6");
ubuntu-zesty-kernel mirror