1/* 2 HIDP implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org> 4 5 This program is free software; you can redistribute it and/or modify 6 it under the terms of the GNU General Public License version 2 as 7 published by the Free Software Foundation; 8 9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 20 SOFTWARE IS DISCLAIMED. 21*/ 22 23#include <linux/module.h> 24 25#include <linux/types.h> 26#include <linux/errno.h> 27#include <linux/kernel.h> 28#include <linux/sched.h> 29#include <linux/slab.h> 30#include <linux/poll.h> 31#include <linux/fcntl.h> 32#include <linux/skbuff.h> 33#include <linux/socket.h> 34#include <linux/ioctl.h> 35#include <linux/file.h> 36#include <linux/init.h> 37#include <linux/wait.h> 38#include <net/sock.h> 39 40#include <linux/input.h> 41#include <linux/hid.h> 42 43#include <net/bluetooth/bluetooth.h> 44#include <net/bluetooth/hci_core.h> 45#include <net/bluetooth/l2cap.h> 46 47#include "hidp.h" 48 49#ifndef CONFIG_BT_HIDP_DEBUG 50#undef BT_DBG 51#define BT_DBG(D...) 52#endif 53 54#define VERSION "1.2" 55 56static DECLARE_RWSEM(hidp_session_sem); 57static LIST_HEAD(hidp_session_list); 58 59static unsigned char hidp_keycode[256] = { 60 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 37, 38, 61 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 21, 44, 2, 3, 62 4, 5, 6, 7, 8, 9, 10, 11, 28, 1, 14, 15, 57, 12, 13, 26, 63 27, 43, 43, 39, 40, 41, 51, 52, 53, 58, 59, 60, 61, 62, 63, 64, 64 65, 66, 67, 68, 87, 88, 99, 70,119,110,102,104,111,107,109,106, 65 105,108,103, 69, 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 66 72, 73, 82, 83, 86,127,116,117,183,184,185,186,187,188,189,190, 67 191,192,193,194,134,138,130,132,128,129,131,137,133,135,136,113, 68 115,114, 0, 0, 0,121, 0, 89, 93,124, 92, 94, 95, 0, 0, 0, 69 122,123, 90, 91, 85, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 70 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 71 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 72 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 73 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 74 29, 42, 56,125, 97, 54,100,126,164,166,165,163,161,115,114,113, 75 150,158,159,128,136,177,178,176,142,152,173,140 76}; 77 78static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }; 79 80static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr) 81{ 82 struct hidp_session *session; 83 struct list_head *p; 84 85 BT_DBG(""); 86 87 list_for_each(p, &hidp_session_list) { 88 session = list_entry(p, struct hidp_session, list); 89 if (!bacmp(bdaddr, &session->bdaddr)) 90 return session; 91 } 92 return NULL; 93} 94 95static void __hidp_link_session(struct hidp_session *session) 96{ 97 __module_get(THIS_MODULE); 98 list_add(&session->list, &hidp_session_list); 99} 100 101static void __hidp_unlink_session(struct hidp_session *session) 102{ 103 list_del(&session->list); 104 module_put(THIS_MODULE); 105} 106 107static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci) 108{ 109 bacpy(&ci->bdaddr, &session->bdaddr); 110 111 ci->flags = session->flags; 112 ci->state = session->state; 113 114 ci->vendor = 0x0000; 115 ci->product = 0x0000; 116 ci->version = 0x0000; 117 memset(ci->name, 0, 128); 118 119 if (session->input) { 120 ci->vendor = session->input->id.vendor; 121 ci->product = session->input->id.product; 122 ci->version = session->input->id.version; 123 if (session->input->name) 124 strncpy(ci->name, session->input->name, 128); 125 else 126 strncpy(ci->name, "HID Boot Device", 128); 127 } 128 129 if (session->hid) { 130 ci->vendor = session->hid->vendor; 131 ci->product = session->hid->product; 132 ci->version = session->hid->version; 133 strncpy(ci->name, session->hid->name, 128); 134 } 135} 136 137static inline int hidp_queue_event(struct hidp_session *session, struct input_dev *dev, 138 unsigned int type, unsigned int code, int value) 139{ 140 unsigned char newleds; 141 struct sk_buff *skb; 142 143 BT_DBG("session %p type %d code %d value %d", session, type, code, value); 144 145 if (type != EV_LED) 146 return -1; 147 148 newleds = (!!test_bit(LED_KANA, dev->led) << 3) | 149 (!!test_bit(LED_COMPOSE, dev->led) << 3) | 150 (!!test_bit(LED_SCROLLL, dev->led) << 2) | 151 (!!test_bit(LED_CAPSL, dev->led) << 1) | 152 (!!test_bit(LED_NUML, dev->led)); 153 154 if (session->leds == newleds) 155 return 0; 156 157 session->leds = newleds; 158 159 if (!(skb = alloc_skb(3, GFP_ATOMIC))) { 160 BT_ERR("Can't allocate memory for new frame"); 161 return -ENOMEM; 162 } 163 164 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; 165 *skb_put(skb, 1) = 0x01; 166 *skb_put(skb, 1) = newleds; 167 168 skb_queue_tail(&session->intr_transmit, skb); 169 170 hidp_schedule(session); 171 172 return 0; 173} 174 175static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 176{ 177 struct hid_device *hid = input_get_drvdata(dev); 178 struct hidp_session *session = hid->driver_data; 179 180 return hidp_queue_event(session, dev, type, code, value); 181} 182 183static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 184{ 185 struct hidp_session *session = input_get_drvdata(dev); 186 187 return hidp_queue_event(session, dev, type, code, value); 188} 189 190static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) 191{ 192 struct input_dev *dev = session->input; 193 unsigned char *keys = session->keys; 194 unsigned char *udata = skb->data + 1; 195 signed char *sdata = skb->data + 1; 196 int i, size = skb->len - 1; 197 198 switch (skb->data[0]) { 199 case 0x01: /* Keyboard report */ 200 for (i = 0; i < 8; i++) 201 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1); 202 203 /* If all the key codes have been set to 0x01, it means 204 * too many keys were pressed at the same time. */ 205 if (!memcmp(udata + 2, hidp_mkeyspat, 6)) 206 break; 207 208 for (i = 2; i < 8; i++) { 209 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) { 210 if (hidp_keycode[keys[i]]) 211 input_report_key(dev, hidp_keycode[keys[i]], 0); 212 else 213 BT_ERR("Unknown key (scancode %#x) released.", keys[i]); 214 } 215 216 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) { 217 if (hidp_keycode[udata[i]]) 218 input_report_key(dev, hidp_keycode[udata[i]], 1); 219 else 220 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]); 221 } 222 } 223 224 memcpy(keys, udata, 8); 225 break; 226 227 case 0x02: /* Mouse report */ 228 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01); 229 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02); 230 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04); 231 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08); 232 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10); 233 234 input_report_rel(dev, REL_X, sdata[1]); 235 input_report_rel(dev, REL_Y, sdata[2]); 236 237 if (size > 3) 238 input_report_rel(dev, REL_WHEEL, sdata[3]); 239 break; 240 } 241 242 input_sync(dev); 243} 244 245static inline int hidp_queue_report(struct hidp_session *session, unsigned char *data, int size) 246{ 247 struct sk_buff *skb; 248 249 BT_DBG("session %p hid %p data %p size %d", session, device, data, size); 250 251 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) { 252 BT_ERR("Can't allocate memory for new frame"); 253 return -ENOMEM; 254 } 255 256 *skb_put(skb, 1) = 0xa2; 257 if (size > 0) 258 memcpy(skb_put(skb, size), data, size); 259 260 skb_queue_tail(&session->intr_transmit, skb); 261 262 hidp_schedule(session); 263 264 return 0; 265} 266 267static int hidp_send_report(struct hidp_session *session, struct hid_report *report) 268{ 269 unsigned char buf[32]; 270 int rsize; 271 272 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0); 273 if (rsize > sizeof(buf)) 274 return -EIO; 275 276 hid_output_report(report, buf); 277 278 return hidp_queue_report(session, buf, rsize); 279} 280 281static void hidp_idle_timeout(unsigned long arg) 282{ 283 struct hidp_session *session = (struct hidp_session *) arg; 284 285 atomic_inc(&session->terminate); 286 hidp_schedule(session); 287} 288 289static inline void hidp_set_timer(struct hidp_session *session) 290{ 291 if (session->idle_to > 0) 292 mod_timer(&session->timer, jiffies + HZ * session->idle_to); 293} 294 295static inline void hidp_del_timer(struct hidp_session *session) 296{ 297 if (session->idle_to > 0) 298 del_timer(&session->timer); 299} 300 301static int __hidp_send_ctrl_message(struct hidp_session *session, 302 unsigned char hdr, unsigned char *data, int size) 303{ 304 struct sk_buff *skb; 305 306 BT_DBG("session %p data %p size %d", session, data, size); 307 308 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) { 309 BT_ERR("Can't allocate memory for new frame"); 310 return -ENOMEM; 311 } 312 313 *skb_put(skb, 1) = hdr; 314 if (data && size > 0) 315 memcpy(skb_put(skb, size), data, size); 316 317 skb_queue_tail(&session->ctrl_transmit, skb); 318 319 return 0; 320} 321 322static inline int hidp_send_ctrl_message(struct hidp_session *session, 323 unsigned char hdr, unsigned char *data, int size) 324{ 325 int err; 326 327 err = __hidp_send_ctrl_message(session, hdr, data, size); 328 329 hidp_schedule(session); 330 331 return err; 332} 333 334static inline void hidp_process_handshake(struct hidp_session *session, unsigned char param) 335{ 336 BT_DBG("session %p param 0x%02x", session, param); 337 338 switch (param) { 339 case HIDP_HSHK_SUCCESSFUL: 340 break; 341 342 case HIDP_HSHK_NOT_READY: 343 case HIDP_HSHK_ERR_INVALID_REPORT_ID: 344 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST: 345 case HIDP_HSHK_ERR_INVALID_PARAMETER: 346 break; 347 348 case HIDP_HSHK_ERR_UNKNOWN: 349 break; 350 351 case HIDP_HSHK_ERR_FATAL: 352 /* Device requests a reboot, as this is the only way this error 353 * can be recovered. */ 354 __hidp_send_ctrl_message(session, 355 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0); 356 break; 357 358 default: 359 __hidp_send_ctrl_message(session, 360 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 361 break; 362 } 363} 364 365static inline void hidp_process_hid_control(struct hidp_session *session, unsigned char param) 366{ 367 BT_DBG("session %p param 0x%02x", session, param); 368 369 switch (param) { 370 case HIDP_CTRL_NOP: 371 break; 372 373 case HIDP_CTRL_VIRTUAL_CABLE_UNPLUG: 374 /* Flush the transmit queues */ 375 skb_queue_purge(&session->ctrl_transmit); 376 skb_queue_purge(&session->intr_transmit); 377 378 /* Kill session thread */ 379 atomic_inc(&session->terminate); 380 break; 381 382 case HIDP_CTRL_HARD_RESET: 383 case HIDP_CTRL_SOFT_RESET: 384 case HIDP_CTRL_SUSPEND: 385 case HIDP_CTRL_EXIT_SUSPEND: 386 break; 387 388 default: 389 __hidp_send_ctrl_message(session, 390 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 391 break; 392 } 393} 394 395static inline void hidp_process_data(struct hidp_session *session, struct sk_buff *skb, unsigned char param) 396{ 397 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param); 398 399 switch (param) { 400 case HIDP_DATA_RTYPE_INPUT: 401 hidp_set_timer(session); 402 403 if (session->input) 404 hidp_input_report(session, skb); 405 406 if (session->hid) 407 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0); 408 409 break; 410 411 case HIDP_DATA_RTYPE_OTHER: 412 case HIDP_DATA_RTYPE_OUPUT: 413 case HIDP_DATA_RTYPE_FEATURE: 414 break; 415 416 default: 417 __hidp_send_ctrl_message(session, 418 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 419 } 420} 421 422static inline void hidp_recv_ctrl_frame(struct hidp_session *session, struct sk_buff *skb) 423{ 424 unsigned char hdr, type, param; 425 426 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 427 428 hdr = skb->data[0]; 429 skb_pull(skb, 1); 430 431 type = hdr & HIDP_HEADER_TRANS_MASK; 432 param = hdr & HIDP_HEADER_PARAM_MASK; 433 434 switch (type) { 435 case HIDP_TRANS_HANDSHAKE: 436 hidp_process_handshake(session, param); 437 break; 438 439 case HIDP_TRANS_HID_CONTROL: 440 hidp_process_hid_control(session, param); 441 break; 442 443 case HIDP_TRANS_DATA: 444 hidp_process_data(session, skb, param); 445 break; 446 447 default: 448 __hidp_send_ctrl_message(session, 449 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0); 450 break; 451 } 452 453 kfree_skb(skb); 454} 455 456static inline void hidp_recv_intr_frame(struct hidp_session *session, struct sk_buff *skb) 457{ 458 unsigned char hdr; 459 460 BT_DBG("session %p skb %p len %d", session, skb, skb->len); 461 462 hdr = skb->data[0]; 463 skb_pull(skb, 1); 464 465 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) { 466 hidp_set_timer(session); 467 468 if (session->input) 469 hidp_input_report(session, skb); 470 471 if (session->hid) { 472 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1); 473 BT_DBG("report len %d", skb->len); 474 } 475 } else { 476 BT_DBG("Unsupported protocol header 0x%02x", hdr); 477 } 478 479 kfree_skb(skb); 480} 481 482static int hidp_send_frame(struct socket *sock, unsigned char *data, int len) 483{ 484 struct kvec iv = { data, len }; 485 struct msghdr msg; 486 487 BT_DBG("sock %p data %p len %d", sock, data, len); 488 489 if (!len) 490 return 0; 491 492 memset(&msg, 0, sizeof(msg)); 493 494 return kernel_sendmsg(sock, &msg, &iv, 1, len); 495} 496 497static void hidp_process_transmit(struct hidp_session *session) 498{ 499 struct sk_buff *skb; 500 501 BT_DBG("session %p", session); 502 503 while ((skb = skb_dequeue(&session->ctrl_transmit))) { 504 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) { 505 skb_queue_head(&session->ctrl_transmit, skb); 506 break; 507 } 508 509 hidp_set_timer(session); 510 kfree_skb(skb); 511 } 512 513 while ((skb = skb_dequeue(&session->intr_transmit))) { 514 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) { 515 skb_queue_head(&session->intr_transmit, skb); 516 break; 517 } 518 519 hidp_set_timer(session); 520 kfree_skb(skb); 521 } 522} 523 524static int hidp_session(void *arg) 525{ 526 struct hidp_session *session = arg; 527 struct sock *ctrl_sk = session->ctrl_sock->sk; 528 struct sock *intr_sk = session->intr_sock->sk; 529 struct sk_buff *skb; 530 int vendor = 0x0000, product = 0x0000; 531 wait_queue_t ctrl_wait, intr_wait; 532 533 BT_DBG("session %p", session); 534 535 if (session->input) { 536 vendor = session->input->id.vendor; 537 product = session->input->id.product; 538 } 539 540 if (session->hid) { 541 vendor = session->hid->vendor; 542 product = session->hid->product; 543 } 544 545 daemonize("khidpd_%04x%04x", vendor, product); 546 set_user_nice(current, -15); 547 current->flags |= PF_NOFREEZE; 548 549 init_waitqueue_entry(&ctrl_wait, current); 550 init_waitqueue_entry(&intr_wait, current); 551 add_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait); 552 add_wait_queue(intr_sk->sk_sleep, &intr_wait); 553 while (!atomic_read(&session->terminate)) { 554 set_current_state(TASK_INTERRUPTIBLE); 555 556 if (ctrl_sk->sk_state != BT_CONNECTED || intr_sk->sk_state != BT_CONNECTED) 557 break; 558 559 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) { 560 skb_orphan(skb); 561 hidp_recv_ctrl_frame(session, skb); 562 } 563 564 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) { 565 skb_orphan(skb); 566 hidp_recv_intr_frame(session, skb); 567 } 568 569 hidp_process_transmit(session); 570 571 schedule(); 572 } 573 set_current_state(TASK_RUNNING); 574 remove_wait_queue(intr_sk->sk_sleep, &intr_wait); 575 remove_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait); 576 577 down_write(&hidp_session_sem); 578 579 hidp_del_timer(session); 580 581 if (session->input) { 582 input_unregister_device(session->input); 583 session->input = NULL; 584 } 585 586 if (session->hid) { 587 if (session->hid->claimed & HID_CLAIMED_INPUT) 588 hidinput_disconnect(session->hid); 589 hid_free_device(session->hid); 590 } 591 592 fput(session->intr_sock->file); 593 594 wait_event_timeout(*(ctrl_sk->sk_sleep), 595 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500)); 596 597 fput(session->ctrl_sock->file); 598 599 __hidp_unlink_session(session); 600 601 up_write(&hidp_session_sem); 602 603 kfree(session); 604 return 0; 605} 606 607static struct device *hidp_get_device(struct hidp_session *session) 608{ 609 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src; 610 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst; 611 struct hci_dev *hdev; 612 struct hci_conn *conn; 613 614 hdev = hci_get_route(dst, src); 615 if (!hdev) 616 return NULL; 617 618 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); 619 620 hci_dev_put(hdev); 621 622 return conn ? &conn->dev : NULL; 623} 624 625static inline void hidp_setup_input(struct hidp_session *session, struct hidp_connadd_req *req) 626{ 627 struct input_dev *input = session->input; 628 int i; 629 630 input_set_drvdata(input, session); 631 632 input->name = "Bluetooth HID Boot Protocol Device"; 633 634 input->id.bustype = BUS_BLUETOOTH; 635 input->id.vendor = req->vendor; 636 input->id.product = req->product; 637 input->id.version = req->version; 638 639 if (req->subclass & 0x40) { 640 set_bit(EV_KEY, input->evbit); 641 set_bit(EV_LED, input->evbit); 642 set_bit(EV_REP, input->evbit); 643 644 set_bit(LED_NUML, input->ledbit); 645 set_bit(LED_CAPSL, input->ledbit); 646 set_bit(LED_SCROLLL, input->ledbit); 647 set_bit(LED_COMPOSE, input->ledbit); 648 set_bit(LED_KANA, input->ledbit); 649 650 for (i = 0; i < sizeof(hidp_keycode); i++) 651 set_bit(hidp_keycode[i], input->keybit); 652 clear_bit(0, input->keybit); 653 } 654 655 if (req->subclass & 0x80) { 656 input->evbit[0] = BIT(EV_KEY) | BIT(EV_REL); 657 input->keybit[LONG(BTN_MOUSE)] = BIT(BTN_LEFT) | BIT(BTN_RIGHT) | BIT(BTN_MIDDLE); 658 input->relbit[0] = BIT(REL_X) | BIT(REL_Y); 659 input->keybit[LONG(BTN_MOUSE)] |= BIT(BTN_SIDE) | BIT(BTN_EXTRA); 660 input->relbit[0] |= BIT(REL_WHEEL); 661 } 662 663 input->dev.parent = hidp_get_device(session); 664 665 input->event = hidp_input_event; 666 667 input_register_device(input); 668} 669 670static int hidp_open(struct hid_device *hid) 671{ 672 return 0; 673} 674 675static void hidp_close(struct hid_device *hid) 676{ 677} 678 679static const struct { 680 __u16 idVendor; 681 __u16 idProduct; 682 unsigned quirks; 683} hidp_blacklist[] = { 684 /* Apple wireless Mighty Mouse */ 685 { 0x05ac, 0x030c, HID_QUIRK_MIGHTYMOUSE | HID_QUIRK_INVERT_HWHEEL }, 686 687 { } /* Terminating entry */ 688}; 689 690static void hidp_setup_quirks(struct hid_device *hid) 691{ 692 unsigned int n; 693 694 for (n = 0; hidp_blacklist[n].idVendor; n++) 695 if (hidp_blacklist[n].idVendor == le16_to_cpu(hid->vendor) && 696 hidp_blacklist[n].idProduct == le16_to_cpu(hid->product)) 697 hid->quirks = hidp_blacklist[n].quirks; 698} 699 700static inline void hidp_setup_hid(struct hidp_session *session, struct hidp_connadd_req *req) 701{ 702 struct hid_device *hid = session->hid; 703 struct hid_report *report; 704 bdaddr_t src, dst; 705 706 baswap(&src, &bt_sk(session->ctrl_sock->sk)->src); 707 baswap(&dst, &bt_sk(session->ctrl_sock->sk)->dst); 708 709 hid->driver_data = session; 710 711 hid->country = req->country; 712 713 hid->bus = BUS_BLUETOOTH; 714 hid->vendor = req->vendor; 715 hid->product = req->product; 716 hid->version = req->version; 717 718 strncpy(hid->name, req->name, 128); 719 strncpy(hid->phys, batostr(&src), 64); 720 strncpy(hid->uniq, batostr(&dst), 64); 721 722 hid->dev = hidp_get_device(session); 723 724 hid->hid_open = hidp_open; 725 hid->hid_close = hidp_close; 726 727 hid->hidinput_input_event = hidp_hidinput_event; 728 729 hidp_setup_quirks(hid); 730 731 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].report_list, list) 732 hidp_send_report(session, report); 733 734 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].report_list, list) 735 hidp_send_report(session, report); 736 737 if (hidinput_connect(hid) == 0) 738 hid->claimed |= HID_CLAIMED_INPUT; 739} 740 741int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock) 742{ 743 struct hidp_session *session, *s; 744 int err; 745 746 BT_DBG(""); 747 748 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) || 749 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst)) 750 return -ENOTUNIQ; 751 752 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL); 753 if (!session) 754 return -ENOMEM; 755 756 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size); 757 758 if (req->rd_size > 0) { 759 unsigned char *buf = kmalloc(req->rd_size, GFP_KERNEL); 760 761 if (!buf) { 762 kfree(session); 763 return -ENOMEM; 764 } 765 766 if (copy_from_user(buf, req->rd_data, req->rd_size)) { 767 kfree(buf); 768 kfree(session); 769 return -EFAULT; 770 } 771 772 session->hid = hid_parse_report(buf, req->rd_size); 773 774 kfree(buf); 775 776 if (!session->hid) { 777 kfree(session); 778 return -EINVAL; 779 } 780 } 781 782 if (!session->hid) { 783 session->input = input_allocate_device(); 784 if (!session->input) { 785 kfree(session); 786 return -ENOMEM; 787 } 788 } 789 790 down_write(&hidp_session_sem); 791 792 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst); 793 if (s && s->state == BT_CONNECTED) { 794 err = -EEXIST; 795 goto failed; 796 } 797 798 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst); 799 800 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu); 801 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu); 802 803 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu); 804 805 session->ctrl_sock = ctrl_sock; 806 session->intr_sock = intr_sock; 807 session->state = BT_CONNECTED; 808 809 init_timer(&session->timer); 810 811 session->timer.function = hidp_idle_timeout; 812 session->timer.data = (unsigned long) session; 813 814 skb_queue_head_init(&session->ctrl_transmit); 815 skb_queue_head_init(&session->intr_transmit); 816 817 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID); 818 session->idle_to = req->idle_to; 819 820 if (session->input) 821 hidp_setup_input(session, req); 822 823 if (session->hid) 824 hidp_setup_hid(session, req); 825 826 __hidp_link_session(session); 827 828 hidp_set_timer(session); 829 830 err = kernel_thread(hidp_session, session, CLONE_KERNEL); 831 if (err < 0) 832 goto unlink; 833 834 if (session->input) { 835 hidp_send_ctrl_message(session, 836 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0); 837 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE); 838 839 session->leds = 0xff; 840 hidp_input_event(session->input, EV_LED, 0, 0); 841 } 842 843 up_write(&hidp_session_sem); 844 return 0; 845 846unlink: 847 hidp_del_timer(session); 848 849 __hidp_unlink_session(session); 850 851 if (session->input) { 852 input_unregister_device(session->input); 853 session->input = NULL; /* don't try to free it here */ 854 } 855 856failed: 857 up_write(&hidp_session_sem); 858 859 if (session->hid) 860 hid_free_device(session->hid); 861 862 input_free_device(session->input); 863 kfree(session); 864 return err; 865} 866 867int hidp_del_connection(struct hidp_conndel_req *req) 868{ 869 struct hidp_session *session; 870 int err = 0; 871 872 BT_DBG(""); 873 874 down_read(&hidp_session_sem); 875 876 session = __hidp_get_session(&req->bdaddr); 877 if (session) { 878 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) { 879 hidp_send_ctrl_message(session, 880 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0); 881 } else { 882 /* Flush the transmit queues */ 883 skb_queue_purge(&session->ctrl_transmit); 884 skb_queue_purge(&session->intr_transmit); 885 886 /* Kill session thread */ 887 atomic_inc(&session->terminate); 888 hidp_schedule(session); 889 } 890 } else 891 err = -ENOENT; 892 893 up_read(&hidp_session_sem); 894 return err; 895} 896 897int hidp_get_connlist(struct hidp_connlist_req *req) 898{ 899 struct list_head *p; 900 int err = 0, n = 0; 901 902 BT_DBG(""); 903 904 down_read(&hidp_session_sem); 905 906 list_for_each(p, &hidp_session_list) { 907 struct hidp_session *session; 908 struct hidp_conninfo ci; 909 910 session = list_entry(p, struct hidp_session, list); 911 912 __hidp_copy_session(session, &ci); 913 914 if (copy_to_user(req->ci, &ci, sizeof(ci))) { 915 err = -EFAULT; 916 break; 917 } 918 919 if (++n >= req->cnum) 920 break; 921 922 req->ci++; 923 } 924 req->cnum = n; 925 926 up_read(&hidp_session_sem); 927 return err; 928} 929 930int hidp_get_conninfo(struct hidp_conninfo *ci) 931{ 932 struct hidp_session *session; 933 int err = 0; 934 935 down_read(&hidp_session_sem); 936 937 session = __hidp_get_session(&ci->bdaddr); 938 if (session) 939 __hidp_copy_session(session, ci); 940 else 941 err = -ENOENT; 942 943 up_read(&hidp_session_sem); 944 return err; 945} 946 947static int __init hidp_init(void) 948{ 949 l2cap_load(); 950 951 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION); 952 953 return hidp_init_sockets(); 954} 955 956static void __exit hidp_exit(void) 957{ 958 hidp_cleanup_sockets(); 959} 960 961module_init(hidp_init); 962module_exit(hidp_exit); 963 964MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 965MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION); 966MODULE_VERSION(VERSION); 967MODULE_LICENSE("GPL"); 968MODULE_ALIAS("bt-proto-6"); 969