]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - net/bluetooth/hidp/core.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: hidp: remove unused session->state field
[mirror_ubuntu-artful-kernel.git] / net / bluetooth / hidp / core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
8e87d142
YH		 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 20 SOFTWARE IS DISCLAIMED.
21*/
22
1da177e4 23#include <linux/module.h>
1da177e4 24#include <linux/file.h>
aabf6f89 25#include <linux/kthread.h>
364f6351 26#include <linux/hidraw.h>
1da177e4
LT		 27
28#include <net/bluetooth/bluetooth.h>
0a85b964 29#include <net/bluetooth/hci_core.h>
1da177e4
LT		 30#include <net/bluetooth/l2cap.h>
31
32#include "hidp.h"
33
e1aaadd4 34#define VERSION "1.2"
1da177e4
LT		 35
36static DECLARE_RWSEM(hidp_session_sem);
37static LIST_HEAD(hidp_session_list);
38
39static unsigned char hidp_keycode[256] = {
17f09a7e
SJ		 40 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36,
41 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45,
42 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1,
43 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52,
44 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88,
45 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69,
46 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73,
47 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
48 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
49 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94,
50 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0,
51 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
52 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
53 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
54 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
55 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
56 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115,
57 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
1da177e4
LT		 58};
59
60static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
61
62static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
63{
64 struct hidp_session *session;
1da177e4
LT		 65
66 BT_DBG("");
67
cd11cdd2 68 list_for_each_entry(session, &hidp_session_list, list) {
1da177e4
LT		 69 if (!bacmp(bdaddr, &session->bdaddr))
70 return session;
71 }
8035ded4 72
1da177e4
LT		 73 return NULL;
74}
75
1da177e4
LT		 76static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
77{
d31dbf6e 78 memset(ci, 0, sizeof(*ci));
1da177e4
LT		 79 bacpy(&ci->bdaddr, &session->bdaddr);
80
81 ci->flags = session->flags;
dcc07647 82 ci->state = BT_CONNECTED;
1da177e4
LT		 83
84 ci->vendor = 0x0000;
85 ci->product = 0x0000;
86 ci->version = 0x0000;
1da177e4
LT		 87
88 if (session->input) {
89 ci->vendor = session->input->id.vendor;
90 ci->product = session->input->id.product;
91 ci->version = session->input->id.version;
92 if (session->input->name)
93 strncpy(ci->name, session->input->name, 128);
94 else
95 strncpy(ci->name, "HID Boot Device", 128);
96 }
e1aaadd4
MH		 97
98 if (session->hid) {
99 ci->vendor = session->hid->vendor;
100 ci->product = session->hid->product;
101 ci->version = session->hid->version;
102 strncpy(ci->name, session->hid->name, 128);
103 }
1da177e4
LT		 104}
105
91f5cca3
AM		 106static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
107 unsigned int type, unsigned int code, int value)
1da177e4 108{
1da177e4 109 unsigned char newleds;
e1aaadd4 110 struct sk_buff *skb;
1da177e4 111
e1aaadd4 112 BT_DBG("session %p type %d code %d value %d", session, type, code, value);
1da177e4
LT		 113
114 if (type != EV_LED)
115 return -1;
116
117 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
118 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
119 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
120 (!!test_bit(LED_CAPSL, dev->led) << 1) |
121 (!!test_bit(LED_NUML, dev->led));
122
123 if (session->leds == newleds)
124 return 0;
125
126 session->leds = newleds;
127
5a08ecce
AE		 128 skb = alloc_skb(3, GFP_ATOMIC);
129 if (!skb) {
1da177e4
LT		 130 BT_ERR("Can't allocate memory for new frame");
131 return -ENOMEM;
132 }
133
134 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
135 *skb_put(skb, 1) = 0x01;
136 *skb_put(skb, 1) = newleds;
137
138 skb_queue_tail(&session->intr_transmit, skb);
139
140 hidp_schedule(session);
141
142 return 0;
143}
144
e1aaadd4
MH		 145static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
146{
5be39466 147 struct hid_device *hid = input_get_drvdata(dev);
e1aaadd4
MH		 148 struct hidp_session *session = hid->driver_data;
149
150 return hidp_queue_event(session, dev, type, code, value);
151}
152
153static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
154{
5be39466 155 struct hidp_session *session = input_get_drvdata(dev);
e1aaadd4
MH		 156
157 return hidp_queue_event(session, dev, type, code, value);
158}
159
1da177e4
LT		 160static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
161{
162 struct input_dev *dev = session->input;
163 unsigned char *keys = session->keys;
164 unsigned char *udata = skb->data + 1;
165 signed char *sdata = skb->data + 1;
166 int i, size = skb->len - 1;
167
168 switch (skb->data[0]) {
169 case 0x01: /* Keyboard report */
170 for (i = 0; i < 8; i++)
171 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
172
173 /* If all the key codes have been set to 0x01, it means
174 * too many keys were pressed at the same time. */
175 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
176 break;
177
178 for (i = 2; i < 8; i++) {
179 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
180 if (hidp_keycode[keys[i]])
181 input_report_key(dev, hidp_keycode[keys[i]], 0);
182 else
183 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
184 }
185
186 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
187 if (hidp_keycode[udata[i]])
188 input_report_key(dev, hidp_keycode[udata[i]], 1);
189 else
190 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
191 }
192 }
193
194 memcpy(keys, udata, 8);
195 break;
196
197 case 0x02: /* Mouse report */
198 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
199 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
200 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
201 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
202 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
203
204 input_report_rel(dev, REL_X, sdata[1]);
205 input_report_rel(dev, REL_Y, sdata[2]);
206
207 if (size > 3)
208 input_report_rel(dev, REL_WHEEL, sdata[3]);
209 break;
210 }
211
212 input_sync(dev);
213}
214
6bf8268f 215static int __hidp_send_ctrl_message(struct hidp_session *session,
1d0c4da8
GP		 216 unsigned char hdr, unsigned char *data,
217 int size)
6bf8268f
BN		 218{
219 struct sk_buff *skb;
220
221 BT_DBG("session %p data %p size %d", session, data, size);
222
794d1756
DH		 223 if (atomic_read(&session->terminate))
224 return -EIO;
225
5a08ecce
AE		 226 skb = alloc_skb(size + 1, GFP_ATOMIC);
227 if (!skb) {
6bf8268f
BN		 228 BT_ERR("Can't allocate memory for new frame");
229 return -ENOMEM;
230 }
231
232 *skb_put(skb, 1) = hdr;
233 if (data && size > 0)
234 memcpy(skb_put(skb, size), data, size);
235
236 skb_queue_tail(&session->ctrl_transmit, skb);
237
238 return 0;
239}
240
6039aa73 241static int hidp_send_ctrl_message(struct hidp_session *session,
6bf8268f
BN		 242 unsigned char hdr, unsigned char *data, int size)
243{
244 int err;
245
246 err = __hidp_send_ctrl_message(session, hdr, data, size);
247
248 hidp_schedule(session);
249
250 return err;
251}
252
91f5cca3
AM		 253static int hidp_queue_report(struct hidp_session *session,
254 unsigned char *data, int size)
e1aaadd4
MH		 255{
256 struct sk_buff *skb;
257
6792b5ec 258 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
e1aaadd4 259
5a08ecce
AE		 260 skb = alloc_skb(size + 1, GFP_ATOMIC);
261 if (!skb) {
e1aaadd4
MH		 262 BT_ERR("Can't allocate memory for new frame");
263 return -ENOMEM;
264 }
265
266 *skb_put(skb, 1) = 0xa2;
267 if (size > 0)
268 memcpy(skb_put(skb, size), data, size);
269
270 skb_queue_tail(&session->intr_transmit, skb);
271
272 hidp_schedule(session);
273
274 return 0;
275}
276
277static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
278{
279 unsigned char buf[32];
280 int rsize;
281
282 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
283 if (rsize > sizeof(buf))
284 return -EIO;
285
286 hid_output_report(report, buf);
287
288 return hidp_queue_report(session, buf, rsize);
289}
290
0ff1731a
AO		 291static int hidp_get_raw_report(struct hid_device *hid,
292 unsigned char report_number,
293 unsigned char *data, size_t count,
294 unsigned char report_type)
295{
296 struct hidp_session *session = hid->driver_data;
297 struct sk_buff *skb;
298 size_t len;
299 int numbered_reports = hid->report_enum[report_type].numbered;
794d1756 300 int ret;
0ff1731a 301
fd86c9be
KR		 302 if (atomic_read(&session->terminate))
303 return -EIO;
304
0ff1731a
AO		 305 switch (report_type) {
306 case HID_FEATURE_REPORT:
307 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
308 break;
309 case HID_INPUT_REPORT:
310 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
311 break;
312 case HID_OUTPUT_REPORT:
313 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
314 break;
315 default:
316 return -EINVAL;
317 }
318
319 if (mutex_lock_interruptible(&session->report_mutex))
320 return -ERESTARTSYS;
321
322 /* Set up our wait, and send the report request to the device. */
323 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
324 session->waiting_report_number = numbered_reports ? report_number : -1;
325 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
326 data[0] = report_number;
794d1756
DH		 327 ret = hidp_send_ctrl_message(hid->driver_data, report_type, data, 1);
328 if (ret)
329 goto err;
0ff1731a
AO		 330
331 /* Wait for the return of the report. The returned report
332 gets put in session->report_return. */
333 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) {
334 int res;
335
336 res = wait_event_interruptible_timeout(session->report_queue,
337 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags),
338 5*HZ);
339 if (res == 0) {
340 /* timeout */
794d1756
DH		 341 ret = -EIO;
342 goto err;
0ff1731a
AO		 343 }
344 if (res < 0) {
345 /* signal */
794d1756
DH		 346 ret = -ERESTARTSYS;
347 goto err;
0ff1731a
AO		 348 }
349 }
350
351 skb = session->report_return;
352 if (skb) {
353 len = skb->len < count ? skb->len : count;
354 memcpy(data, skb->data, len);
355
356 kfree_skb(skb);
357 session->report_return = NULL;
358 } else {
359 /* Device returned a HANDSHAKE, indicating protocol error. */
360 len = -EIO;
361 }
362
363 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
364 mutex_unlock(&session->report_mutex);
365
366 return len;
367
794d1756 368err:
0ff1731a
AO		 369 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
370 mutex_unlock(&session->report_mutex);
794d1756 371 return ret;
0ff1731a
AO		 372}
373
d4bfa033
JK		 374static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
375 unsigned char report_type)
2da31939 376{
0825411a
AO		 377 struct hidp_session *session = hid->driver_data;
378 int ret;
379
d4bfa033
JK		 380 switch (report_type) {
381 case HID_FEATURE_REPORT:
382 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
383 break;
384 case HID_OUTPUT_REPORT:
97e1efbb 385 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT;
d4bfa033
JK		 386 break;
387 default:
388 return -EINVAL;
389 }
390
0825411a
AO		 391 if (mutex_lock_interruptible(&session->report_mutex))
392 return -ERESTARTSYS;
393
394 /* Set up our wait, and send the report request to the device. */
395 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
794d1756
DH		 396 ret = hidp_send_ctrl_message(hid->driver_data, report_type, data,
397 count);
398 if (ret)
0825411a 399 goto err;
0825411a
AO		 400
401 /* Wait for the ACK from the device. */
402 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) {
403 int res;
404
405 res = wait_event_interruptible_timeout(session->report_queue,
406 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags),
407 10*HZ);
408 if (res == 0) {
409 /* timeout */
410 ret = -EIO;
411 goto err;
412 }
413 if (res < 0) {
414 /* signal */
415 ret = -ERESTARTSYS;
416 goto err;
417 }
418 }
419
420 if (!session->output_report_success) {
421 ret = -EIO;
422 goto err;
423 }
424
425 ret = count;
426
427err:
428 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
429 mutex_unlock(&session->report_mutex);
430 return ret;
2da31939
JK		 431}
432
1da177e4
LT		 433static void hidp_idle_timeout(unsigned long arg)
434{
435 struct hidp_session *session = (struct hidp_session *) arg;
436
7bb59df8
PH		 437 atomic_inc(&session->terminate);
438 wake_up_process(session->task);
1da177e4
LT		 439}
440
91f5cca3 441static void hidp_set_timer(struct hidp_session *session)
1da177e4
LT		 442{
443 if (session->idle_to > 0)
444 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
445}
446
6039aa73 447static void hidp_del_timer(struct hidp_session *session)
1da177e4
LT		 448{
449 if (session->idle_to > 0)
450 del_timer(&session->timer);
451}
452
91f5cca3
AM		 453static void hidp_process_handshake(struct hidp_session *session,
454 unsigned char param)
1da177e4
LT		 455{
456 BT_DBG("session %p param 0x%02x", session, param);
0825411a 457 session->output_report_success = 0; /* default condition */
1da177e4
LT		 458
459 switch (param) {
460 case HIDP_HSHK_SUCCESSFUL:
461 /* FIXME: Call into SET_ GET_ handlers here */
0825411a 462 session->output_report_success = 1;
1da177e4
LT		 463 break;
464
465 case HIDP_HSHK_NOT_READY:
466 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
467 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
468 case HIDP_HSHK_ERR_INVALID_PARAMETER:
ab88f714 469 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags))
0ff1731a 470 wake_up_interruptible(&session->report_queue);
ab88f714 471
1da177e4
LT		 472 /* FIXME: Call into SET_ GET_ handlers here */
473 break;
474
475 case HIDP_HSHK_ERR_UNKNOWN:
476 break;
477
478 case HIDP_HSHK_ERR_FATAL:
479 /* Device requests a reboot, as this is the only way this error
8e87d142 480 * can be recovered. */
1da177e4
LT		 481 __hidp_send_ctrl_message(session,
482 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
483 break;
484
485 default:
486 __hidp_send_ctrl_message(session,
487 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
488 break;
489 }
0825411a
AO		 490
491 /* Wake up the waiting thread. */
ab88f714 492 if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags))
0825411a 493 wake_up_interruptible(&session->report_queue);
1da177e4
LT		 494}
495
91f5cca3
AM		 496static void hidp_process_hid_control(struct hidp_session *session,
497 unsigned char param)
1da177e4
LT		 498{
499 BT_DBG("session %p param 0x%02x", session, param);
500
eff001e3 501 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
1da177e4
LT		 502 /* Flush the transmit queues */
503 skb_queue_purge(&session->ctrl_transmit);
504 skb_queue_purge(&session->intr_transmit);
505
7bb59df8
PH		 506 atomic_inc(&session->terminate);
507 wake_up_process(current);
1da177e4
LT		 508 }
509}
510
0ff1731a
AO		 511/* Returns true if the passed-in skb should be freed by the caller. */
512static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
91f5cca3 513 unsigned char param)
1da177e4 514{
0ff1731a 515 int done_with_skb = 1;
1da177e4
LT		 516 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
517
518 switch (param) {
519 case HIDP_DATA_RTYPE_INPUT:
520 hidp_set_timer(session);
521
522 if (session->input)
523 hidp_input_report(session, skb);
e1aaadd4
MH		 524
525 if (session->hid)
526 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
1da177e4
LT		 527 break;
528
529 case HIDP_DATA_RTYPE_OTHER:
530 case HIDP_DATA_RTYPE_OUPUT:
531 case HIDP_DATA_RTYPE_FEATURE:
532 break;
533
534 default:
535 __hidp_send_ctrl_message(session,
536 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
537 }
0ff1731a
AO		 538
539 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
540 param == session->waiting_report_type) {
541 if (session->waiting_report_number < 0 ||
542 session->waiting_report_number == skb->data[0]) {
543 /* hidp_get_raw_report() is waiting on this report. */
544 session->report_return = skb;
545 done_with_skb = 0;
546 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
547 wake_up_interruptible(&session->report_queue);
548 }
549 }
550
551 return done_with_skb;
1da177e4
LT		 552}
553
91f5cca3
AM		 554static void hidp_recv_ctrl_frame(struct hidp_session *session,
555 struct sk_buff *skb)
1da177e4
LT		 556{
557 unsigned char hdr, type, param;
0ff1731a 558 int free_skb = 1;
1da177e4
LT		 559
560 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
561
562 hdr = skb->data[0];
563 skb_pull(skb, 1);
564
565 type = hdr & HIDP_HEADER_TRANS_MASK;
566 param = hdr & HIDP_HEADER_PARAM_MASK;
567
568 switch (type) {
569 case HIDP_TRANS_HANDSHAKE:
570 hidp_process_handshake(session, param);
571 break;
572
573 case HIDP_TRANS_HID_CONTROL:
574 hidp_process_hid_control(session, param);
575 break;
576
577 case HIDP_TRANS_DATA:
0ff1731a 578 free_skb = hidp_process_data(session, skb, param);
1da177e4
LT		 579 break;
580
581 default:
582 __hidp_send_ctrl_message(session,
583 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
584 break;
585 }
586
0ff1731a
AO		 587 if (free_skb)
588 kfree_skb(skb);
1da177e4
LT		 589}
590
91f5cca3
AM		 591static void hidp_recv_intr_frame(struct hidp_session *session,
592 struct sk_buff *skb)
1da177e4
LT		 593{
594 unsigned char hdr;
595
596 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
597
598 hdr = skb->data[0];
599 skb_pull(skb, 1);
600
601 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
602 hidp_set_timer(session);
e1aaadd4 603
1da177e4
LT		 604 if (session->input)
605 hidp_input_report(session, skb);
e1aaadd4
MH		 606
607 if (session->hid) {
608 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
609 BT_DBG("report len %d", skb->len);
610 }
1da177e4
LT		 611 } else {
612 BT_DBG("Unsupported protocol header 0x%02x", hdr);
613 }
614
615 kfree_skb(skb);
616}
617
618static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
619{
620 struct kvec iv = { data, len };
621 struct msghdr msg;
622
623 BT_DBG("sock %p data %p len %d", sock, data, len);
624
625 if (!len)
626 return 0;
627
628 memset(&msg, 0, sizeof(msg));
629
630 return kernel_sendmsg(sock, &msg, &iv, 1, len);
631}
632
679344e4 633static void hidp_process_intr_transmit(struct hidp_session *session)
1da177e4
LT		 634{
635 struct sk_buff *skb;
636
637 BT_DBG("session %p", session);
638
679344e4
GP		 639 while ((skb = skb_dequeue(&session->intr_transmit))) {
640 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
641 skb_queue_head(&session->intr_transmit, skb);
1da177e4
LT		 642 break;
643 }
644
645 hidp_set_timer(session);
646 kfree_skb(skb);
647 }
679344e4 648}
1da177e4 649
679344e4
GP		 650static void hidp_process_ctrl_transmit(struct hidp_session *session)
651{
652 struct sk_buff *skb;
653
654 BT_DBG("session %p", session);
655
656 while ((skb = skb_dequeue(&session->ctrl_transmit))) {
657 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
658 skb_queue_head(&session->ctrl_transmit, skb);
1da177e4
LT		 659 break;
660 }
661
662 hidp_set_timer(session);
663 kfree_skb(skb);
664 }
1da177e4
LT		 665}
666
667static int hidp_session(void *arg)
668{
669 struct hidp_session *session = arg;
670 struct sock *ctrl_sk = session->ctrl_sock->sk;
671 struct sock *intr_sk = session->intr_sock->sk;
672 struct sk_buff *skb;
1da177e4
LT		 673 wait_queue_t ctrl_wait, intr_wait;
674
675 BT_DBG("session %p", session);
676
25df0845 677 __module_get(THIS_MODULE);
1da177e4 678 set_user_nice(current, -15);
1da177e4
LT		 679
680 init_waitqueue_entry(&ctrl_wait, current);
681 init_waitqueue_entry(&intr_wait, current);
aa395145
ED		 682 add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
683 add_wait_queue(sk_sleep(intr_sk), &intr_wait);
0f69dca2
AO		 684 session->waiting_for_startup = 0;
685 wake_up_interruptible(&session->startup_queue);
7bb59df8
PH		 686 set_current_state(TASK_INTERRUPTIBLE);
687 while (!atomic_read(&session->terminate)) {
17f09a7e
SJ		 688 if (ctrl_sk->sk_state != BT_CONNECTED ||
689 intr_sk->sk_state != BT_CONNECTED)
1da177e4
LT		 690 break;
691
dc0da5cd 692 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
1da177e4 693 skb_orphan(skb);
44935720 694 if (!skb_linearize(skb))
dc0da5cd 695 hidp_recv_intr_frame(session, skb);
44935720
MM		 696 else
697 kfree_skb(skb);
1da177e4
LT		 698 }
699
679344e4
GP		 700 hidp_process_intr_transmit(session);
701
dc0da5cd 702 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
1da177e4 703 skb_orphan(skb);
44935720 704 if (!skb_linearize(skb))
dc0da5cd 705 hidp_recv_ctrl_frame(session, skb);
44935720
MM		 706 else
707 kfree_skb(skb);
1da177e4
LT		 708 }
709
679344e4 710 hidp_process_ctrl_transmit(session);
1da177e4
LT		 711
712 schedule();
7bb59df8 713 set_current_state(TASK_INTERRUPTIBLE);
1da177e4
LT		 714 }
715 set_current_state(TASK_RUNNING);
fd86c9be 716 atomic_inc(&session->terminate);
aa395145
ED		 717 remove_wait_queue(sk_sleep(intr_sk), &intr_wait);
718 remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
1da177e4 719
794d1756
DH		 720 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
721 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
722 wake_up_interruptible(&session->report_queue);
723
1da177e4
LT		 724 down_write(&hidp_session_sem);
725
726 hidp_del_timer(session);
727
1da177e4
LT		 728 if (session->input) {
729 input_unregister_device(session->input);
34abf91f 730 session->input = NULL;
1da177e4
LT		 731 }
732
e1aaadd4 733 if (session->hid) {
85cdaf52 734 hid_destroy_device(session->hid);
edad6388 735 session->hid = NULL;
e1aaadd4
MH		 736 }
737
ec8dab36
MH		 738 /* Wakeup user-space polling for socket errors */
739 session->intr_sock->sk->sk_err = EUNATCH;
740 session->ctrl_sock->sk->sk_err = EUNATCH;
741
742 hidp_schedule(session);
743
1c39858b
DW		 744 fput(session->intr_sock->file);
745
aa395145 746 wait_event_timeout(*(sk_sleep(ctrl_sk)),
1c39858b
DW		 747 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
748
749 fput(session->ctrl_sock->file);
750
fc225c3f 751 list_del(&session->list);
1c39858b 752
1da177e4
LT		 753 up_write(&hidp_session_sem);
754
1c97e94c 755 kfree(session->rd_data);
1da177e4 756 kfree(session);
25df0845 757 module_put_and_exit(0);
1da177e4
LT		 758 return 0;
759}
760
3e90dc86 761static struct hci_conn *hidp_get_connection(struct hidp_session *session)
0a85b964
MH		 762{
763 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
764 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
1785dbf9 765 struct hci_conn *conn;
0a85b964 766 struct hci_dev *hdev;
0a85b964
MH		 767
768 hdev = hci_get_route(dst, src);
769 if (!hdev)
770 return NULL;
771
09fd0de5 772 hci_dev_lock(hdev);
1785dbf9 773 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
09fd0de5 774 hci_dev_unlock(hdev);
0a85b964
MH		 775
776 hci_dev_put(hdev);
777
1785dbf9 778 return conn;
0a85b964
MH		 779}
780
91f5cca3
AM		 781static int hidp_setup_input(struct hidp_session *session,
782 struct hidp_connadd_req *req)
1da177e4 783{
c500c971 784 struct input_dev *input;
3415a5fd 785 int i;
1da177e4 786
c500c971
JS		 787 input = input_allocate_device();
788 if (!input)
789 return -ENOMEM;
790
791 session->input = input;
792
5be39466 793 input_set_drvdata(input, session);
1da177e4 794
34abf91f
DT		 795 input->name = "Bluetooth HID Boot Protocol Device";
796
1da177e4
LT		 797 input->id.bustype = BUS_BLUETOOTH;
798 input->id.vendor = req->vendor;
799 input->id.product = req->product;
800 input->id.version = req->version;
801
802 if (req->subclass & 0x40) {
803 set_bit(EV_KEY, input->evbit);
804 set_bit(EV_LED, input->evbit);
805 set_bit(EV_REP, input->evbit);
806
807 set_bit(LED_NUML, input->ledbit);
808 set_bit(LED_CAPSL, input->ledbit);
809 set_bit(LED_SCROLLL, input->ledbit);
810 set_bit(LED_COMPOSE, input->ledbit);
811 set_bit(LED_KANA, input->ledbit);
812
813 for (i = 0; i < sizeof(hidp_keycode); i++)
814 set_bit(hidp_keycode[i], input->keybit);
815 clear_bit(0, input->keybit);
816 }
817
818 if (req->subclass & 0x80) {
7b19ada2
JS		 819 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
820 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
821 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
822 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
823 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
824 BIT_MASK(BTN_EXTRA);
825 input->relbit[0] |= BIT_MASK(REL_WHEEL);
1da177e4
LT		 826 }
827
1785dbf9 828 input->dev.parent = &session->conn->dev;
0a85b964 829
1da177e4
LT		 830 input->event = hidp_input_event;
831
edad6388 832 return 0;
1da177e4
LT		 833}
834
f5ffd462
MH		 835static int hidp_open(struct hid_device *hid)
836{
837 return 0;
838}
839
840static void hidp_close(struct hid_device *hid)
841{
842}
843
c500c971
JS		 844static int hidp_parse(struct hid_device *hid)
845{
846 struct hidp_session *session = hid->driver_data;
c500c971 847
15c697ce
MP		 848 return hid_parse_report(session->hid, session->rd_data,
849 session->rd_size);
c500c971
JS		 850}
851
852static int hidp_start(struct hid_device *hid)
853{
854 struct hidp_session *session = hid->driver_data;
855 struct hid_report *report;
856
142c69c6
DH		 857 if (hid->quirks & HID_QUIRK_NO_INIT_REPORTS)
858 return 0;
859
c500c971
JS		 860 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
861 report_list, list)
862 hidp_send_report(session, report);
863
864 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
865 report_list, list)
866 hidp_send_report(session, report);
867
c500c971
JS		 868 return 0;
869}
870
871static void hidp_stop(struct hid_device *hid)
872{
873 struct hidp_session *session = hid->driver_data;
874
875 skb_queue_purge(&session->ctrl_transmit);
876 skb_queue_purge(&session->intr_transmit);
877
c500c971
JS		 878 hid->claimed = 0;
879}
880
881static struct hid_ll_driver hidp_hid_driver = {
882 .parse = hidp_parse,
883 .start = hidp_start,
884 .stop = hidp_stop,
885 .open = hidp_open,
886 .close = hidp_close,
887 .hidinput_input_event = hidp_hidinput_event,
888};
889
0f69dca2
AO		 890/* This function sets up the hid device. It does not add it
891 to the HID system. That is done in hidp_add_connection(). */
85cdaf52 892static int hidp_setup_hid(struct hidp_session *session,
91f5cca3 893 struct hidp_connadd_req *req)
e1aaadd4 894{
c500c971 895 struct hid_device *hid;
edad6388 896 int err;
e1aaadd4 897
15c697ce
MP		 898 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
899 if (!session->rd_data)
900 return -ENOMEM;
901
902 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
903 err = -EFAULT;
904 goto fault;
905 }
906 session->rd_size = req->rd_size;
907
c500c971 908 hid = hid_allocate_device();
15c697ce
MP		 909 if (IS_ERR(hid)) {
910 err = PTR_ERR(hid);
911 goto fault;
912 }
e1aaadd4 913
c500c971 914 session->hid = hid;
15c697ce 915
e1aaadd4
MH		 916 hid->driver_data = session;
917
e1aaadd4
MH		 918 hid->bus = BUS_BLUETOOTH;
919 hid->vendor = req->vendor;
920 hid->product = req->product;
921 hid->version = req->version;
c500c971 922 hid->country = req->country;
e1aaadd4 923
0a9ab9bd 924 strncpy(hid->name, req->name, sizeof(req->name) - 1);
fcb73338
AE		 925
926 snprintf(hid->phys, sizeof(hid->phys), "%pMR",
927 &bt_sk(session->ctrl_sock->sk)->src);
928
929 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
930 &bt_sk(session->ctrl_sock->sk)->dst);
e1aaadd4 931
1785dbf9 932 hid->dev.parent = &session->conn->dev;
c500c971 933 hid->ll_driver = &hidp_hid_driver;
85cdaf52 934
0ff1731a 935 hid->hid_get_raw_report = hidp_get_raw_report;
2da31939
JK		 936 hid->hid_output_raw_report = hidp_output_raw_report;
937
4529eefa
LS		 938 /* True if device is blacklisted in drivers/hid/hid-core.c */
939 if (hid_ignore(hid)) {
940 hid_destroy_device(session->hid);
941 session->hid = NULL;
942 return -ENODEV;
943 }
944
c500c971 945 return 0;
edad6388 946
15c697ce
MP		 947fault:
948 kfree(session->rd_data);
949 session->rd_data = NULL;
950
edad6388 951 return err;
e1aaadd4
MH		 952}
953
1da177e4
LT		 954int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
955{
956 struct hidp_session *session, *s;
aabf6f89 957 int vendor, product;
1da177e4
LT		 958 int err;
959
960 BT_DBG("");
961
b3916db3
DH		 962 if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock))
963 return -EINVAL;
1da177e4
LT		 964 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
965 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
966 return -ENOTUNIQ;
967
e1aaadd4
MH		 968 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);
969
1da177e4
LT		 970 down_write(&hidp_session_sem);
971
972 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
dcc07647 973 if (s) {
81b25cd0
GP		 974 up_write(&hidp_session_sem);
975 return -EEXIST;
976 }
977
978 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
979 if (!session) {
980 up_write(&hidp_session_sem);
981 return -ENOMEM;
1da177e4
LT		 982 }
983
984 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
985
0c1bc5c6
GP		 986 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->chan->omtu,
987 l2cap_pi(ctrl_sock->sk)->chan->imtu);
988 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->chan->omtu,
989 l2cap_pi(intr_sock->sk)->chan->imtu);
1da177e4
LT		 990
991 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
992
993 session->ctrl_sock = ctrl_sock;
994 session->intr_sock = intr_sock;
1da177e4 995
3c32fa93
GP		 996 session->conn = hidp_get_connection(session);
997 if (!session->conn) {
998 err = -ENOTCONN;
999 goto failed;
1000 }
1001
b24b8a24 1002 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session);
1da177e4
LT		 1003
1004 skb_queue_head_init(&session->ctrl_transmit);
1005 skb_queue_head_init(&session->intr_transmit);
1006
0ff1731a
AO		 1007 mutex_init(&session->report_mutex);
1008 init_waitqueue_head(&session->report_queue);
0f69dca2
AO		 1009 init_waitqueue_head(&session->startup_queue);
1010 session->waiting_for_startup = 1;
1da177e4
LT		 1011 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
1012 session->idle_to = req->idle_to;
1013
fc225c3f 1014 list_add(&session->list, &hidp_session_list);
1785dbf9 1015
c500c971 1016 if (req->rd_size > 0) {
85cdaf52 1017 err = hidp_setup_hid(session, req);
4529eefa 1018 if (err && err != -ENODEV)
edad6388 1019 goto purge;
c500c971
JS		 1020 }
1021
1022 if (!session->hid) {
1023 err = hidp_setup_input(session, req);
1024 if (err < 0)
edad6388 1025 goto purge;
85cdaf52 1026 }
e1aaadd4 1027
1da177e4
LT		 1028 hidp_set_timer(session);
1029
aabf6f89
SJ		 1030 if (session->hid) {
1031 vendor = session->hid->vendor;
1032 product = session->hid->product;
1033 } else if (session->input) {
1034 vendor = session->input->id.vendor;
1035 product = session->input->id.product;
1036 } else {
1037 vendor = 0x0000;
1038 product = 0x0000;
1039 }
1040
1041 session->task = kthread_run(hidp_session, session, "khidpd_%04x%04x",
1042 vendor, product);
1043 if (IS_ERR(session->task)) {
1044 err = PTR_ERR(session->task);
1da177e4 1045 goto unlink;
aabf6f89
SJ		 1046 }
1047
0f69dca2
AO		 1048 while (session->waiting_for_startup) {
1049 wait_event_interruptible(session->startup_queue,
1050 !session->waiting_for_startup);
1051 }
1052
3415a5fd
GP		 1053 if (session->hid)
1054 err = hid_add_device(session->hid);
1055 else
1056 err = input_register_device(session->input);
1057
e9d5cb54
PH		 1058 if (err < 0) {
1059 atomic_inc(&session->terminate);
1060 wake_up_process(session->task);
1061 up_write(&hidp_session_sem);
1062 return err;
1063 }
1da177e4
LT		 1064
1065 if (session->input) {
1066 hidp_send_ctrl_message(session,
1067 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
1068 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
1069
1070 session->leds = 0xff;
1071 hidp_input_event(session->input, EV_LED, 0, 0);
1072 }
1073
1074 up_write(&hidp_session_sem);
1075 return 0;
1076
1077unlink:
1078 hidp_del_timer(session);
1079
edad6388 1080 if (session->input) {
1da177e4 1081 input_unregister_device(session->input);
edad6388
MH		 1082 session->input = NULL;
1083 }
1084
1085 if (session->hid) {
85cdaf52 1086 hid_destroy_device(session->hid);
edad6388
MH		 1087 session->hid = NULL;
1088 }
1089
15c697ce
MP		 1090 kfree(session->rd_data);
1091 session->rd_data = NULL;
1092
edad6388 1093purge:
fc225c3f 1094 list_del(&session->list);
1785dbf9 1095
c500c971
JS		 1096 skb_queue_purge(&session->ctrl_transmit);
1097 skb_queue_purge(&session->intr_transmit);
edad6388 1098
c500c971
JS		 1099failed:
1100 up_write(&hidp_session_sem);
e1aaadd4 1101
1da177e4
LT		 1102 kfree(session);
1103 return err;
1104}
1105
1106int hidp_del_connection(struct hidp_conndel_req *req)
1107{
1108 struct hidp_session *session;
1109 int err = 0;
1110
1111 BT_DBG("");
1112
1113 down_read(&hidp_session_sem);
1114
1115 session = __hidp_get_session(&req->bdaddr);
1116 if (session) {
1117 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
1118 hidp_send_ctrl_message(session,
1119 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
1120 } else {
1121 /* Flush the transmit queues */
1122 skb_queue_purge(&session->ctrl_transmit);
1123 skb_queue_purge(&session->intr_transmit);
1124
7bb59df8
PH		 1125 atomic_inc(&session->terminate);
1126 wake_up_process(session->task);
1da177e4
LT		 1127 }
1128 } else
1129 err = -ENOENT;
1130
1131 up_read(&hidp_session_sem);
1132 return err;
1133}
1134
1135int hidp_get_connlist(struct hidp_connlist_req *req)
1136{
cd11cdd2 1137 struct hidp_session *session;
1da177e4
LT		 1138 int err = 0, n = 0;
1139
1140 BT_DBG("");
1141
1142 down_read(&hidp_session_sem);
1143
cd11cdd2 1144 list_for_each_entry(session, &hidp_session_list, list) {
1da177e4
LT		 1145 struct hidp_conninfo ci;
1146
1da177e4
LT		 1147 __hidp_copy_session(session, &ci);
1148
1149 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1150 err = -EFAULT;
1151 break;
1152 }
1153
1154 if (++n >= req->cnum)
1155 break;
1156
1157 req->ci++;
1158 }
1159 req->cnum = n;
1160
1161 up_read(&hidp_session_sem);
1162 return err;
1163}
1164
1165int hidp_get_conninfo(struct hidp_conninfo *ci)
1166{
1167 struct hidp_session *session;
1168 int err = 0;
1169
1170 down_read(&hidp_session_sem);
1171
1172 session = __hidp_get_session(&ci->bdaddr);
1173 if (session)
1174 __hidp_copy_session(session, ci);
1175 else
1176 err = -ENOENT;
1177
1178 up_read(&hidp_session_sem);
1179 return err;
1180}
1181
1182static int __init hidp_init(void)
1183{
1da177e4
LT		 1184 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1185
8215d557 1186 return hidp_init_sockets();
1da177e4
LT		 1187}
1188
1189static void __exit hidp_exit(void)
1190{
1191 hidp_cleanup_sockets();
1192}
1193
1194module_init(hidp_init);
1195module_exit(hidp_exit);
1196
1197MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1198MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1199MODULE_VERSION(VERSION);
1200MODULE_LICENSE("GPL");
1201MODULE_ALIAS("bt-proto-6");
Ubuntu Artful kernel mirror