1/* 2 HIDP implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org> 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License version 2 as 7 published by the Free Software Foundation; 8 9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 20 SOFTWARE IS DISCLAIMED. 21*/ 22 23#include <linux/module.h> 24 25#include <linux/types.h> 26#include <linux/errno.h> 27#include <linux/kernel.h> 28#include <linux/sched.h> 29#include <linux/slab.h> 30#include <linux/poll.h> 31#include <linux/freezer.h> 32#include <linux/fcntl.h> 33#include <linux/skbuff.h> 34#include <linux/socket.h> 35#include <linux/ioctl.h> 36#include <linux/file.h> 37#include <linux/init.h> 38#include <linux/wait.h> 39#include <net/sock.h> 40 41#include <linux/input.h> 42#include <linux/hid.h> 43#include <linux/hidraw.h> 44 45#include <net/bluetooth/bluetooth.h> 46#include <net/bluetooth/hci_core.h> 47#include <net/bluetooth/l2cap.h> 48 49#include "hidp.h" 50 51#define VERSION "1.2" 52 53static DECLARE_RWSEM(hidp_session_sem); 54static LIST_HEAD(hidp_session_list); 55 56static unsigned char hidp_keycode[256] = { 57 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 37, 38, 58 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 21, 44, 2, 3, 59 4, 5, 6, 7, 8, 9, 10, 11, 28, 1, 14, 15, 57, 12, 13, 26, 60 27, 43, 43, 39, 40, 41, 51, 52, 53, 58, 59, 60, 61, 62, 63, 64, 61 65, 66, 67, 68, 87, 88, 99, 70,119,110,102,104,111,107,109,106, 62 105,108,103, 69, 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 63 72, 73, 82, 83, 86,127,116,117,183,184,185,186,187,188,189,190, 64 191,192,193,194,134,138,130,132,128,129,131,137,133,135,136,113, 65 115,114, 0, 0, 0,121, 0, 89, 93,124, 92, 94, 95, 0, 0, 0, 66 122,123, 90, 91, 85, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 67 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 68 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 69 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 70 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 71 29, 42, 56,125, 97, 54,100,126,164,166,165,163,161,115,114,113, 72 150,158,159,128,136,177,178,176,142,152,173,140 73}; 74 75static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }; 76 77static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr) 78{ 79 struct hidp_session *session; 80 struct list_head *p; 81 82 BT_DBG(""); 83 84 list_for_each(p, &hidp_session_list) { 85 session = list_entry(p, struct hidp_session, list); 86 if (!bacmp(bdaddr, &session->bdaddr)) 87 return session; 88 } 89 return NULL; 90} 91 92static void __hidp_link_session(struct hidp_session *session) 93{ 94 __module_get(THIS_MODULE); 95 list_add(&session->list, &hidp_session_list); 96 97 hci_conn_hold_device(session->conn); 98} 99 100static void __hidp_unlink_session(struct hidp_session *session) 101{ 102 hci_conn_put_device(session->conn); 103 104 list_del(&session->list); 105 module_put(THIS_MODULE); 106} 107 108static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci) 109{ 110 bacpy(&ci->bdaddr, &session->bdaddr); 111 112 ci->flags = session->flags; 113 ci->state = session->state; 114 115 ci->vendor = 0x0000; 116 ci->product = 0x0000; 117 ci->version = 0x0000; 118 memset(ci->name, 0, 128); 119 120 if (session->input) { 121 ci->vendor = session->input->id.vendor; 122 ci->product = session->input->id.product; 123 ci->version = session->input->id.version; 124 if (session->input->name) 125 strncpy(ci->name, session->input->name, 128); 126 else 127 strncpy(ci->name, "HID Boot Device", 128); 128 } 129 130 if (session->hid) { 131 ci->vendor = session->hid->vendor; 132 ci->product = session->hid->product; 133 ci->version = session->hid->version; 134 strncpy(ci->name, session->hid->name, 128); 135 } 136} 137 138static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev, 139 unsigned int type, unsigned int code, int value) 140{ 141 unsigned char newleds; 142 struct sk_buff *skb; 143 144 BT_DBG("session %p type %d code %d value %d", session, type, code, value); 145 146 if (type != EV_LED) 147 return -1; 148 149 newleds = (!!test_bit(LED_KANA, dev->led) << 3) | 150 (!!test_bit(LED_COMPOSE, dev->led) << 3) | 151 (!!test_bit(LED_SCROLLL, dev->led) << 2) | 152 (!!test_bit(LED_CAPSL, dev->led) << 1) | 153 (!!test_bit(LED_NUML, dev->led)); 154 155 if (session->leds == newleds) 156 return 0; 157 158 session->leds = newleds; 159 160 if (!(skb = alloc_skb(3, GFP_ATOMIC))) { 161 BT_ERR("Can't allocate memory for new frame"); 162 return -ENOMEM; 163 } 164 165 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; 166 *skb_put(skb, 1) = 0x01; 167 *skb_put(skb, 1) = newleds; 168 169 skb_queue_tail(&session->intr_transmit, skb); 170 171 hidp_schedule(session); 172 173 return 0; 174} 175 176static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 177{ 178 struct hid_device *hid = input_get_drvdata(dev); 179 struct hidp_session *session = hid->driver_data; 180 181 return hidp_queue_event(session, dev, type, code, value); 182} 183 184static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 185{ 186 struct hidp_session *session = input_get_drvdata(dev); 187 188 return hidp_queue_event(session, dev, type, code, value); 189} 190 191static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) 192{ 193 struct input_dev *dev = session->input; 194 unsigned char *keys = session->keys; 195 unsigned char *udata = skb->data + 1; 196 signed char *sdata = skb->data + 1; 197 int i, size = skb->len - 1; 198 199 switch (skb->data[0]) { 200 case 0x01: /* Keyboard report */ 201 for (i = 0; i < 8; i++) 202 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1); 203 204 /* If all the key codes have been set to 0x01, it means 205 * too many keys were pressed at the same time. */ 206 if (!memcmp(udata + 2, hidp_mkeyspat, 6)) 207 break; 208 209 for (i = 2; i < 8; i++) { 210 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) { 211 if (hidp_keycode[keys[i]]) 212 input_report_key(dev, hidp_keycode[keys[i]], 0); 213 else 214 BT_ERR("Unknown key (scancode %#x) released.", keys[i]); 215 } 216 217 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) { 218 if (hidp_keycode[udata[i]]) 219 input_report_key(dev, hidp_keycode[udata[i]], 1); 220 else 221 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]); 222 } 223 } 224 225 memcpy(keys, udata, 8); 226 break; 227 228 case 0x02: /* Mouse report */ 229 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01); 230 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02); 231 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04); 232 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08); 233 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10); 234 235 input_report_rel(dev, REL_X, sdata[1]); 236 input_report_rel(dev, REL_Y, sdata[2]); 237 238 if (size > 3) 239 input_report_rel(dev, REL_WHEEL, sdata[3]); 240 break; 241 } 242 243 input_sync(dev); 244} 245 246static int __hidp_send_ctrl_message(struct hidp_session *session, 247 unsigned char hdr, unsigned char *data, int size) 248{ 249 struct sk_buff *skb; 250 251 BT_DBG("session %p data %p size %d", session, data, size); 252 253 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) { 254 BT_ERR("Can't allocate memory for new frame"); 255 return -ENOMEM; 256 } 257 258 *skb_put(skb, 1) = hdr; 259 if (data && size > 0) 260 memcpy(skb_put(skb, size), data, size); 261 262 skb_queue_tail(&session->ctrl_transmit, skb); 263 264 return 0; 265} 266 267static inline int hidp_send_ctrl_message(struct hidp_session *session, 268 unsigned char hdr, unsigned char *data, int size) 269{ 270 int err; 271 272 err = __hidp_send_ctrl_message(session, hdr, data, size); 273 274 hidp_schedule(session); 275 276 return err; 277} 278 279static int hidp_queue_report(struct hidp_session *session, 280 unsigned char *data, int size) 281{ 282 struct sk_buff *skb; 283 284 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size); 285 286 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) { 287 BT_ERR("Can't allocate memory for new frame"); 288 return -ENOMEM; 289 } 290 291 *skb_put(skb, 1) = 0xa2; 292 if (size > 0) 293 memcpy(skb_put(skb, size), data, size); 294 295 skb_queue_tail(&session->intr_transmit, skb); 296 297 hidp_schedule(session); 298 299 return 0; 300} 301 302static int hidp_send_report(struct hidp_session *session, struct hid_report *report) 303{ 304 unsigned char buf[32]; 305 int rsize; 306 307 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0); 308 if (rsize > sizeof(buf)) 309 return -EIO; 310 311 hid_output_report(report, buf); 312 313 return hidp_queue_report(session, buf, rsize); 314} 315 316static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count, 317 unsigned char report_type) 318{ 319 switch (report_type) { 320 case HID_FEATURE_REPORT: 321 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE; 322 break; 323 case HID_OUTPUT_REPORT: 324 report_type = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; 325 break; 326 default: 327 return -EINVAL; 328 } 329 330 if (hidp_send_ctrl_message(hid->driver_data, report_type, 331 data, count)) 332 return -ENOMEM; 333 return count; 334} 335 336static void hidp_idle_timeout(unsigned long arg) 337{ 338 struct hidp_session *session = (struct hidp_session *) arg; 339 340 atomic_inc(&session->terminate); 341 hidp_schedule(session); 342} 343 344static void hidp_set_timer(struct hidp_session *session) 345{ 346 if (session->idle_to > 0) 347 mod_timer(&session->timer, jiffies + HZ * session->idle_to); 348} 349 350static inline void hidp_del_timer(struct hidp_session *session) 351{ 352 if (session->idle_to > 0) 353 del_timer(&session->timer); 354} 355 356static void hidp_process_handshake(struct hidp_session *session, 357 unsigned char param) 358{ 359 BT_DBG("session %p param 0x%02x", session, param); 360 361 switch (param) { 362 case HIDP_HSHK_SUCCESSFUL: 363 break; 364 365 case HIDP_HSHK_NOT_READY: 366 case HIDP_HSHK_ERR_INVALID_REPORT_ID: 367 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST: 368 case HIDP_HSHK_ERR_INVALID_PARAMETER: 369 break; 370 371 case HIDP_HSHK_ERR_UNKNOWN: 372 break; 373 374 case HIDP_HSHK_ERR_FATAL: 375 /* Device requests a reboot, as this is the only way this error 376 * can be recovered. */ 377 __hidp_send_ctrl_message(session, 378 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0); 379 break; 380 381 default: 382 __hidp_send_ctrl_message(session, 383 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 384 break; 385 } 386} 387 388static void hidp_process_hid_control(struct hidp_session *session, 389 unsigned char param) 390{ 391 BT_DBG("session %p param 0x%02x", session, param); 392 393 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) { 394 /* Flush the transmit queues */ 395 skb_queue_purge(&session->ctrl_transmit); 396 skb_queue_purge(&session->intr_transmit); 397 398 /* Kill session thread */ 399 atomic_inc(&session->terminate); 400 hidp_schedule(session); 401 } 402} 403 404static void hidp_process_data(struct hidp_session *session, struct sk_buff *skb, 405 unsigned char param) 406{ 407 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param); 408 409 switch (param) { 410 case HIDP_DATA_RTYPE_INPUT: 411 hidp_set_timer(session); 412 413 if (session->input) 414 hidp_input_report(session, skb); 415 416 if (session->hid) 417 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0); 418 419 break; 420 421 case HIDP_DATA_RTYPE_OTHER: 422 case HIDP_DATA_RTYPE_OUPUT: 423 case HIDP_DATA_RTYPE_FEATURE: 424 break; 425 426 default: 427 __hidp_send_ctrl_message(session, 428 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 429 } 430} 431 432static void hidp_recv_ctrl_frame(struct hidp_session *session, 433 struct sk_buff *skb) 434{ 435 unsigned char hdr, type, param; 436 437 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 438 439 hdr = skb->data[0]; 440 skb_pull(skb, 1); 441 442 type = hdr & HIDP_HEADER_TRANS_MASK; 443 param = hdr & HIDP_HEADER_PARAM_MASK; 444 445 switch (type) { 446 case HIDP_TRANS_HANDSHAKE: 447 hidp_process_handshake(session, param); 448 break; 449 450 case HIDP_TRANS_HID_CONTROL: 451 hidp_process_hid_control(session, param); 452 break; 453 454 case HIDP_TRANS_DATA: 455 hidp_process_data(session, skb, param); 456 break; 457 458 default: 459 __hidp_send_ctrl_message(session, 460 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0); 461 break; 462 } 463 464 kfree_skb(skb); 465} 466 467static void hidp_recv_intr_frame(struct hidp_session *session, 468 struct sk_buff *skb) 469{ 470 unsigned char hdr; 471 472 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 473 474 hdr = skb->data[0]; 475 skb_pull(skb, 1); 476 477 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) { 478 hidp_set_timer(session); 479 480 if (session->input) 481 hidp_input_report(session, skb); 482 483 if (session->hid) { 484 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1); 485 BT_DBG("report len %d", skb->len); 486 } 487 } else { 488 BT_DBG("Unsupported protocol header 0x%02x", hdr); 489 } 490 491 kfree_skb(skb); 492} 493 494static int hidp_send_frame(struct socket *sock, unsigned char *data, int len) 495{ 496 struct kvec iv = { data, len }; 497 struct msghdr msg; 498 499 BT_DBG("sock %p data %p len %d", sock, data, len); 500 501 if (!len) 502 return 0; 503 504 memset(&msg, 0, sizeof(msg)); 505 506 return kernel_sendmsg(sock, &msg, &iv, 1, len); 507} 508 509static void hidp_process_transmit(struct hidp_session *session) 510{ 511 struct sk_buff *skb; 512 513 BT_DBG("session %p", session); 514 515 while ((skb = skb_dequeue(&session->ctrl_transmit))) { 516 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) { 517 skb_queue_head(&session->ctrl_transmit, skb); 518 break; 519 } 520 521 hidp_set_timer(session); 522 kfree_skb(skb); 523 } 524 525 while ((skb = skb_dequeue(&session->intr_transmit))) { 526 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) { 527 skb_queue_head(&session->intr_transmit, skb); 528 break; 529 } 530 531 hidp_set_timer(session); 532 kfree_skb(skb); 533 } 534} 535 536static int hidp_session(void *arg) 537{ 538 struct hidp_session *session = arg; 539 struct sock *ctrl_sk = session->ctrl_sock->sk; 540 struct sock *intr_sk = session->intr_sock->sk; 541 struct sk_buff *skb; 542 int vendor = 0x0000, product = 0x0000; 543 wait_queue_t ctrl_wait, intr_wait; 544 545 BT_DBG("session %p", session); 546 547 if (session->input) { 548 vendor = session->input->id.vendor; 549 product = session->input->id.product; 550 } 551 552 if (session->hid) { 553 vendor = session->hid->vendor; 554 product = session->hid->product; 555 } 556 557 daemonize("khidpd_%04x%04x", vendor, product); 558 set_user_nice(current, -15); 559 560 init_waitqueue_entry(&ctrl_wait, current); 561 init_waitqueue_entry(&intr_wait, current); 562 add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait); 563 add_wait_queue(sk_sleep(intr_sk), &intr_wait); 564 while (!atomic_read(&session->terminate)) { 565 set_current_state(TASK_INTERRUPTIBLE); 566 567 if (ctrl_sk->sk_state != BT_CONNECTED || intr_sk->sk_state != BT_CONNECTED) 568 break; 569 570 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) { 571 skb_orphan(skb); 572 hidp_recv_ctrl_frame(session, skb); 573 } 574 575 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) { 576 skb_orphan(skb); 577 hidp_recv_intr_frame(session, skb); 578 } 579 580 hidp_process_transmit(session); 581 582 schedule(); 583 } 584 set_current_state(TASK_RUNNING); 585 remove_wait_queue(sk_sleep(intr_sk), &intr_wait); 586 remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait); 587 588 down_write(&hidp_session_sem); 589 590 hidp_del_timer(session); 591 592 if (session->input) { 593 input_unregister_device(session->input); 594 session->input = NULL; 595 } 596 597 if (session->hid) { 598 hid_destroy_device(session->hid); 599 session->hid = NULL; 600 } 601 602 /* Wakeup user-space polling for socket errors */ 603 session->intr_sock->sk->sk_err = EUNATCH; 604 session->ctrl_sock->sk->sk_err = EUNATCH; 605 606 hidp_schedule(session); 607 608 fput(session->intr_sock->file); 609 610 wait_event_timeout(*(sk_sleep(ctrl_sk)), 611 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500)); 612 613 fput(session->ctrl_sock->file); 614 615 __hidp_unlink_session(session); 616 617 up_write(&hidp_session_sem); 618 619 kfree(session); 620 return 0; 621} 622 623static struct device *hidp_get_device(struct hidp_session *session) 624{ 625 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src; 626 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst; 627 struct device *device = NULL; 628 struct hci_dev *hdev; 629 630 hdev = hci_get_route(dst, src); 631 if (!hdev) 632 return NULL; 633 634 session->conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 635 if (session->conn) 636 device = &session->conn->dev; 637 638 hci_dev_put(hdev); 639 640 return device; 641} 642 643static int hidp_setup_input(struct hidp_session *session, 644 struct hidp_connadd_req *req) 645{ 646 struct input_dev *input; 647 int err, i; 648 649 input = input_allocate_device(); 650 if (!input) 651 return -ENOMEM; 652 653 session->input = input; 654 655 input_set_drvdata(input, session); 656 657 input->name = "Bluetooth HID Boot Protocol Device"; 658 659 input->id.bustype = BUS_BLUETOOTH; 660 input->id.vendor = req->vendor; 661 input->id.product = req->product; 662 input->id.version = req->version; 663 664 if (req->subclass & 0x40) { 665 set_bit(EV_KEY, input->evbit); 666 set_bit(EV_LED, input->evbit); 667 set_bit(EV_REP, input->evbit); 668 669 set_bit(LED_NUML, input->ledbit); 670 set_bit(LED_CAPSL, input->ledbit); 671 set_bit(LED_SCROLLL, input->ledbit); 672 set_bit(LED_COMPOSE, input->ledbit); 673 set_bit(LED_KANA, input->ledbit); 674 675 for (i = 0; i < sizeof(hidp_keycode); i++) 676 set_bit(hidp_keycode[i], input->keybit); 677 clear_bit(0, input->keybit); 678 } 679 680 if (req->subclass & 0x80) { 681 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL); 682 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) | 683 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE); 684 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y); 685 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) | 686 BIT_MASK(BTN_EXTRA); 687 input->relbit[0] |= BIT_MASK(REL_WHEEL); 688 } 689 690 input->dev.parent = hidp_get_device(session); 691 692 input->event = hidp_input_event; 693 694 err = input_register_device(input); 695 if (err < 0) { 696 hci_conn_put_device(session->conn); 697 return err; 698 } 699 700 return 0; 701} 702 703static int hidp_open(struct hid_device *hid) 704{ 705 return 0; 706} 707 708static void hidp_close(struct hid_device *hid) 709{ 710} 711 712static int hidp_parse(struct hid_device *hid) 713{ 714 struct hidp_session *session = hid->driver_data; 715 716 return hid_parse_report(session->hid, session->rd_data, 717 session->rd_size); 718} 719 720static int hidp_start(struct hid_device *hid) 721{ 722 struct hidp_session *session = hid->driver_data; 723 struct hid_report *report; 724 725 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT]. 726 report_list, list) 727 hidp_send_report(session, report); 728 729 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT]. 730 report_list, list) 731 hidp_send_report(session, report); 732 733 return 0; 734} 735 736static void hidp_stop(struct hid_device *hid) 737{ 738 struct hidp_session *session = hid->driver_data; 739 740 skb_queue_purge(&session->ctrl_transmit); 741 skb_queue_purge(&session->intr_transmit); 742 743 hid->claimed = 0; 744} 745 746static struct hid_ll_driver hidp_hid_driver = { 747 .parse = hidp_parse, 748 .start = hidp_start, 749 .stop = hidp_stop, 750 .open = hidp_open, 751 .close = hidp_close, 752 .hidinput_input_event = hidp_hidinput_event, 753}; 754 755static int hidp_setup_hid(struct hidp_session *session, 756 struct hidp_connadd_req *req) 757{ 758 struct hid_device *hid; 759 bdaddr_t src, dst; 760 int err; 761 762 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL); 763 if (!session->rd_data) 764 return -ENOMEM; 765 766 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) { 767 err = -EFAULT; 768 goto fault; 769 } 770 session->rd_size = req->rd_size; 771 772 hid = hid_allocate_device(); 773 if (IS_ERR(hid)) { 774 err = PTR_ERR(hid); 775 goto fault; 776 } 777 778 session->hid = hid; 779 780 hid->driver_data = session; 781 782 baswap(&src, &bt_sk(session->ctrl_sock->sk)->src); 783 baswap(&dst, &bt_sk(session->ctrl_sock->sk)->dst); 784 785 hid->bus = BUS_BLUETOOTH; 786 hid->vendor = req->vendor; 787 hid->product = req->product; 788 hid->version = req->version; 789 hid->country = req->country; 790 791 strncpy(hid->name, req->name, 128); 792 strncpy(hid->phys, batostr(&src), 64); 793 strncpy(hid->uniq, batostr(&dst), 64); 794 795 hid->dev.parent = hidp_get_device(session); 796 hid->ll_driver = &hidp_hid_driver; 797 798 hid->hid_output_raw_report = hidp_output_raw_report; 799 800 err = hid_add_device(hid); 801 if (err < 0) 802 goto failed; 803 804 return 0; 805 806failed: 807 hid_destroy_device(hid); 808 session->hid = NULL; 809 810fault: 811 kfree(session->rd_data); 812 session->rd_data = NULL; 813 814 return err; 815} 816 817int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock) 818{ 819 struct hidp_session *session, *s; 820 int err; 821 822 BT_DBG(""); 823 824 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) || 825 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst)) 826 return -ENOTUNIQ; 827 828 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL); 829 if (!session) 830 return -ENOMEM; 831 832 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size); 833 834 down_write(&hidp_session_sem); 835 836 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst); 837 if (s && s->state == BT_CONNECTED) { 838 err = -EEXIST; 839 goto failed; 840 } 841 842 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst); 843 844 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu); 845 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu); 846 847 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu); 848 849 session->ctrl_sock = ctrl_sock; 850 session->intr_sock = intr_sock; 851 session->state = BT_CONNECTED; 852 853 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session); 854 855 skb_queue_head_init(&session->ctrl_transmit); 856 skb_queue_head_init(&session->intr_transmit); 857 858 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID); 859 session->idle_to = req->idle_to; 860 861 if (req->rd_size > 0) { 862 err = hidp_setup_hid(session, req); 863 if (err && err != -ENODEV) 864 goto purge; 865 } 866 867 if (!session->hid) { 868 err = hidp_setup_input(session, req); 869 if (err < 0) 870 goto purge; 871 } 872 873 __hidp_link_session(session); 874 875 hidp_set_timer(session); 876 877 err = kernel_thread(hidp_session, session, CLONE_KERNEL); 878 if (err < 0) 879 goto unlink; 880 881 if (session->input) { 882 hidp_send_ctrl_message(session, 883 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0); 884 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE); 885 886 session->leds = 0xff; 887 hidp_input_event(session->input, EV_LED, 0, 0); 888 } 889 890 up_write(&hidp_session_sem); 891 return 0; 892 893unlink: 894 hidp_del_timer(session); 895 896 __hidp_unlink_session(session); 897 898 if (session->input) { 899 input_unregister_device(session->input); 900 session->input = NULL; 901 } 902 903 if (session->hid) { 904 hid_destroy_device(session->hid); 905 session->hid = NULL; 906 } 907 908 kfree(session->rd_data); 909 session->rd_data = NULL; 910 911purge: 912 skb_queue_purge(&session->ctrl_transmit); 913 skb_queue_purge(&session->intr_transmit); 914 915failed: 916 up_write(&hidp_session_sem); 917 918 input_free_device(session->input); 919 kfree(session); 920 return err; 921} 922 923int hidp_del_connection(struct hidp_conndel_req *req) 924{ 925 struct hidp_session *session; 926 int err = 0; 927 928 BT_DBG(""); 929 930 down_read(&hidp_session_sem); 931 932 session = __hidp_get_session(&req->bdaddr); 933 if (session) { 934 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) { 935 hidp_send_ctrl_message(session, 936 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0); 937 } else { 938 /* Flush the transmit queues */ 939 skb_queue_purge(&session->ctrl_transmit); 940 skb_queue_purge(&session->intr_transmit); 941 942 /* Wakeup user-space polling for socket errors */ 943 session->intr_sock->sk->sk_err = EUNATCH; 944 session->ctrl_sock->sk->sk_err = EUNATCH; 945 946 /* Kill session thread */ 947 atomic_inc(&session->terminate); 948 hidp_schedule(session); 949 } 950 } else 951 err = -ENOENT; 952 953 up_read(&hidp_session_sem); 954 return err; 955} 956 957int hidp_get_connlist(struct hidp_connlist_req *req) 958{ 959 struct list_head *p; 960 int err = 0, n = 0; 961 962 BT_DBG(""); 963 964 down_read(&hidp_session_sem); 965 966 list_for_each(p, &hidp_session_list) { 967 struct hidp_session *session; 968 struct hidp_conninfo ci; 969 970 session = list_entry(p, struct hidp_session, list); 971 972 __hidp_copy_session(session, &ci); 973 974 if (copy_to_user(req->ci, &ci, sizeof(ci))) { 975 err = -EFAULT; 976 break; 977 } 978 979 if (++n >= req->cnum) 980 break; 981 982 req->ci++; 983 } 984 req->cnum = n; 985 986 up_read(&hidp_session_sem); 987 return err; 988} 989 990int hidp_get_conninfo(struct hidp_conninfo *ci) 991{ 992 struct hidp_session *session; 993 int err = 0; 994 995 down_read(&hidp_session_sem); 996 997 session = __hidp_get_session(&ci->bdaddr); 998 if (session) 999 __hidp_copy_session(session, ci); 1000 else 1001 err = -ENOENT; 1002 1003 up_read(&hidp_session_sem); 1004 return err; 1005} 1006 1007static const struct hid_device_id hidp_table[] = { 1008 { HID_BLUETOOTH_DEVICE(HID_ANY_ID, HID_ANY_ID) }, 1009 { } 1010}; 1011 1012static struct hid_driver hidp_driver = { 1013 .name = "generic-bluetooth", 1014 .id_table = hidp_table, 1015}; 1016 1017static int __init hidp_init(void) 1018{ 1019 int ret; 1020 1021 l2cap_load(); 1022 1023 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION); 1024 1025 ret = hid_register_driver(&hidp_driver); 1026 if (ret) 1027 goto err; 1028 1029 ret = hidp_init_sockets(); 1030 if (ret) 1031 goto err_drv; 1032 1033 return 0; 1034err_drv: 1035 hid_unregister_driver(&hidp_driver); 1036err: 1037 return ret; 1038} 1039 1040static void __exit hidp_exit(void) 1041{ 1042 hidp_cleanup_sockets(); 1043 hid_unregister_driver(&hidp_driver); 1044} 1045 1046module_init(hidp_init); 1047module_exit(hidp_exit); 1048 1049MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 1050MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION); 1051MODULE_VERSION(VERSION); 1052MODULE_LICENSE("GPL"); 1053MODULE_ALIAS("bt-proto-6"); 1054