projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'ixp4xx' of git://git.kernel.org/pub/scm/linux/kernel/git/chris/linux-2.6
[linux-2.6-block.git] / net / bluetooth / hidp / core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
8e87d142
YH		 18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 20 SOFTWARE IS DISCLAIMED.
21*/
22
1da177e4
LT		 23#include <linux/module.h>
24
25#include <linux/types.h>
26#include <linux/errno.h>
27#include <linux/kernel.h>
1da177e4
LT		 28#include <linux/sched.h>
29#include <linux/slab.h>
30#include <linux/poll.h>
83144186 31#include <linux/freezer.h>
1da177e4
LT		 32#include <linux/fcntl.h>
33#include <linux/skbuff.h>
34#include <linux/socket.h>
35#include <linux/ioctl.h>
36#include <linux/file.h>
37#include <linux/init.h>
38#include <linux/wait.h>
39#include <net/sock.h>
40
41#include <linux/input.h>
e1aaadd4 42#include <linux/hid.h>
364f6351 43#include <linux/hidraw.h>
1da177e4
LT		 44
45#include <net/bluetooth/bluetooth.h>
0a85b964 46#include <net/bluetooth/hci_core.h>
1da177e4
LT		 47#include <net/bluetooth/l2cap.h>
48
49#include "hidp.h"
50
e1aaadd4 51#define VERSION "1.2"
1da177e4
LT		 52
53static DECLARE_RWSEM(hidp_session_sem);
54static LIST_HEAD(hidp_session_list);
55
56static unsigned char hidp_keycode[256] = {
57 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36, 37, 38,
58 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45, 21, 44, 2, 3,
59 4, 5, 6, 7, 8, 9, 10, 11, 28, 1, 14, 15, 57, 12, 13, 26,
60 27, 43, 43, 39, 40, 41, 51, 52, 53, 58, 59, 60, 61, 62, 63, 64,
61 65, 66, 67, 68, 87, 88, 99, 70,119,110,102,104,111,107,109,106,
62 105,108,103, 69, 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71,
63 72, 73, 82, 83, 86,127,116,117,183,184,185,186,187,188,189,190,
64 191,192,193,194,134,138,130,132,128,129,131,137,133,135,136,113,
65 115,114, 0, 0, 0,121, 0, 89, 93,124, 92, 94, 95, 0, 0, 0,
66 122,123, 90, 91, 85, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
67 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
68 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
69 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
70 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
71 29, 42, 56,125, 97, 54,100,126,164,166,165,163,161,115,114,113,
72 150,158,159,128,136,177,178,176,142,152,173,140
73};
74
75static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
76
77static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
78{
79 struct hidp_session *session;
80 struct list_head *p;
81
82 BT_DBG("");
83
84 list_for_each(p, &hidp_session_list) {
85 session = list_entry(p, struct hidp_session, list);
86 if (!bacmp(bdaddr, &session->bdaddr))
87 return session;
88 }
89 return NULL;
90}
91
92static void __hidp_link_session(struct hidp_session *session)
93{
94 __module_get(THIS_MODULE);
95 list_add(&session->list, &hidp_session_list);
edad6388
MH		 96
97 hci_conn_hold_device(session->conn);
1da177e4
LT		 98}
99
100static void __hidp_unlink_session(struct hidp_session *session)
101{
edad6388
MH		 102 hci_conn_put_device(session->conn);
103
1da177e4
LT		 104 list_del(&session->list);
105 module_put(THIS_MODULE);
106}
107
108static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
109{
110 bacpy(&ci->bdaddr, &session->bdaddr);
111
112 ci->flags = session->flags;
113 ci->state = session->state;
114
115 ci->vendor = 0x0000;
116 ci->product = 0x0000;
117 ci->version = 0x0000;
118 memset(ci->name, 0, 128);
119
120 if (session->input) {
121 ci->vendor = session->input->id.vendor;
122 ci->product = session->input->id.product;
123 ci->version = session->input->id.version;
124 if (session->input->name)
125 strncpy(ci->name, session->input->name, 128);
126 else
127 strncpy(ci->name, "HID Boot Device", 128);
128 }
e1aaadd4
MH		 129
130 if (session->hid) {
131 ci->vendor = session->hid->vendor;
132 ci->product = session->hid->product;
133 ci->version = session->hid->version;
134 strncpy(ci->name, session->hid->name, 128);
135 }
1da177e4
LT		 136}
137
91f5cca3
AM		 138static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
139 unsigned int type, unsigned int code, int value)
1da177e4 140{
1da177e4 141 unsigned char newleds;
e1aaadd4 142 struct sk_buff *skb;
1da177e4 143
e1aaadd4 144 BT_DBG("session %p type %d code %d value %d", session, type, code, value);
1da177e4
LT		 145
146 if (type != EV_LED)
147 return -1;
148
149 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
150 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
151 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
152 (!!test_bit(LED_CAPSL, dev->led) << 1) |
153 (!!test_bit(LED_NUML, dev->led));
154
155 if (session->leds == newleds)
156 return 0;
157
158 session->leds = newleds;
159
160 if (!(skb = alloc_skb(3, GFP_ATOMIC))) {
161 BT_ERR("Can't allocate memory for new frame");
162 return -ENOMEM;
163 }
164
165 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
166 *skb_put(skb, 1) = 0x01;
167 *skb_put(skb, 1) = newleds;
168
169 skb_queue_tail(&session->intr_transmit, skb);
170
171 hidp_schedule(session);
172
173 return 0;
174}
175
e1aaadd4
MH		 176static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
177{
5be39466 178 struct hid_device *hid = input_get_drvdata(dev);
e1aaadd4
MH		 179 struct hidp_session *session = hid->driver_data;
180
181 return hidp_queue_event(session, dev, type, code, value);
182}
183
184static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
185{
5be39466 186 struct hidp_session *session = input_get_drvdata(dev);
e1aaadd4
MH		 187
188 return hidp_queue_event(session, dev, type, code, value);
189}
190
1da177e4
LT		 191static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
192{
193 struct input_dev *dev = session->input;
194 unsigned char *keys = session->keys;
195 unsigned char *udata = skb->data + 1;
196 signed char *sdata = skb->data + 1;
197 int i, size = skb->len - 1;
198
199 switch (skb->data[0]) {
200 case 0x01: /* Keyboard report */
201 for (i = 0; i < 8; i++)
202 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
203
204 /* If all the key codes have been set to 0x01, it means
205 * too many keys were pressed at the same time. */
206 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
207 break;
208
209 for (i = 2; i < 8; i++) {
210 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
211 if (hidp_keycode[keys[i]])
212 input_report_key(dev, hidp_keycode[keys[i]], 0);
213 else
214 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
215 }
216
217 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
218 if (hidp_keycode[udata[i]])
219 input_report_key(dev, hidp_keycode[udata[i]], 1);
220 else
221 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
222 }
223 }
224
225 memcpy(keys, udata, 8);
226 break;
227
228 case 0x02: /* Mouse report */
229 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
230 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
231 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
232 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
233 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
234
235 input_report_rel(dev, REL_X, sdata[1]);
236 input_report_rel(dev, REL_Y, sdata[2]);
237
238 if (size > 3)
239 input_report_rel(dev, REL_WHEEL, sdata[3]);
240 break;
241 }
242
243 input_sync(dev);
244}
245
91f5cca3
AM		 246static int hidp_queue_report(struct hidp_session *session,
247 unsigned char *data, int size)
e1aaadd4
MH		 248{
249 struct sk_buff *skb;
250
6792b5ec 251 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
e1aaadd4
MH		 252
253 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
254 BT_ERR("Can't allocate memory for new frame");
255 return -ENOMEM;
256 }
257
258 *skb_put(skb, 1) = 0xa2;
259 if (size > 0)
260 memcpy(skb_put(skb, size), data, size);
261
262 skb_queue_tail(&session->intr_transmit, skb);
263
264 hidp_schedule(session);
265
266 return 0;
267}
268
269static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
270{
271 unsigned char buf[32];
272 int rsize;
273
274 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
275 if (rsize > sizeof(buf))
276 return -EIO;
277
278 hid_output_report(report, buf);
279
280 return hidp_queue_report(session, buf, rsize);
281}
282
1da177e4
LT		 283static void hidp_idle_timeout(unsigned long arg)
284{
285 struct hidp_session *session = (struct hidp_session *) arg;
286
287 atomic_inc(&session->terminate);
288 hidp_schedule(session);
289}
290
91f5cca3 291static void hidp_set_timer(struct hidp_session *session)
1da177e4
LT		 292{
293 if (session->idle_to > 0)
294 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
295}
296
297static inline void hidp_del_timer(struct hidp_session *session)
298{
299 if (session->idle_to > 0)
300 del_timer(&session->timer);
301}
302
303static int __hidp_send_ctrl_message(struct hidp_session *session,
304 unsigned char hdr, unsigned char *data, int size)
305{
306 struct sk_buff *skb;
307
308 BT_DBG("session %p data %p size %d", session, data, size);
309
310 if (!(skb = alloc_skb(size + 1, GFP_ATOMIC))) {
311 BT_ERR("Can't allocate memory for new frame");
312 return -ENOMEM;
313 }
314
315 *skb_put(skb, 1) = hdr;
316 if (data && size > 0)
317 memcpy(skb_put(skb, size), data, size);
318
319 skb_queue_tail(&session->ctrl_transmit, skb);
320
321 return 0;
322}
323
b6f99a21 324static inline int hidp_send_ctrl_message(struct hidp_session *session,
1da177e4
LT		 325 unsigned char hdr, unsigned char *data, int size)
326{
327 int err;
328
329 err = __hidp_send_ctrl_message(session, hdr, data, size);
330
331 hidp_schedule(session);
332
333 return err;
334}
335
91f5cca3
AM		 336static void hidp_process_handshake(struct hidp_session *session,
337 unsigned char param)
1da177e4
LT		 338{
339 BT_DBG("session %p param 0x%02x", session, param);
340
341 switch (param) {
342 case HIDP_HSHK_SUCCESSFUL:
343 /* FIXME: Call into SET_ GET_ handlers here */
344 break;
345
346 case HIDP_HSHK_NOT_READY:
347 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
348 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
349 case HIDP_HSHK_ERR_INVALID_PARAMETER:
350 /* FIXME: Call into SET_ GET_ handlers here */
351 break;
352
353 case HIDP_HSHK_ERR_UNKNOWN:
354 break;
355
356 case HIDP_HSHK_ERR_FATAL:
357 /* Device requests a reboot, as this is the only way this error
8e87d142 358 * can be recovered. */
1da177e4
LT		 359 __hidp_send_ctrl_message(session,
360 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
361 break;
362
363 default:
364 __hidp_send_ctrl_message(session,
365 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
366 break;
367 }
368}
369
91f5cca3
AM		 370static void hidp_process_hid_control(struct hidp_session *session,
371 unsigned char param)
1da177e4
LT		 372{
373 BT_DBG("session %p param 0x%02x", session, param);
374
eff001e3 375 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
1da177e4
LT		 376 /* Flush the transmit queues */
377 skb_queue_purge(&session->ctrl_transmit);
378 skb_queue_purge(&session->intr_transmit);
379
380 /* Kill session thread */
381 atomic_inc(&session->terminate);
981b1414 382 hidp_schedule(session);
1da177e4
LT		 383 }
384}
385
91f5cca3
AM		 386static void hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
387 unsigned char param)
1da177e4
LT		 388{
389 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
390
391 switch (param) {
392 case HIDP_DATA_RTYPE_INPUT:
393 hidp_set_timer(session);
394
395 if (session->input)
396 hidp_input_report(session, skb);
e1aaadd4
MH		 397
398 if (session->hid)
399 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
400
1da177e4
LT		 401 break;
402
403 case HIDP_DATA_RTYPE_OTHER:
404 case HIDP_DATA_RTYPE_OUPUT:
405 case HIDP_DATA_RTYPE_FEATURE:
406 break;
407
408 default:
409 __hidp_send_ctrl_message(session,
410 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
411 }
412}
413
91f5cca3
AM		 414static void hidp_recv_ctrl_frame(struct hidp_session *session,
415 struct sk_buff *skb)
1da177e4
LT		 416{
417 unsigned char hdr, type, param;
418
419 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
420
421 hdr = skb->data[0];
422 skb_pull(skb, 1);
423
424 type = hdr & HIDP_HEADER_TRANS_MASK;
425 param = hdr & HIDP_HEADER_PARAM_MASK;
426
427 switch (type) {
428 case HIDP_TRANS_HANDSHAKE:
429 hidp_process_handshake(session, param);
430 break;
431
432 case HIDP_TRANS_HID_CONTROL:
433 hidp_process_hid_control(session, param);
434 break;
435
436 case HIDP_TRANS_DATA:
437 hidp_process_data(session, skb, param);
438 break;
439
440 default:
441 __hidp_send_ctrl_message(session,
442 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
443 break;
444 }
445
446 kfree_skb(skb);
447}
448
91f5cca3
AM		 449static void hidp_recv_intr_frame(struct hidp_session *session,
450 struct sk_buff *skb)
1da177e4
LT		 451{
452 unsigned char hdr;
453
454 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
455
456 hdr = skb->data[0];
457 skb_pull(skb, 1);
458
459 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
460 hidp_set_timer(session);
e1aaadd4 461
1da177e4
LT		 462 if (session->input)
463 hidp_input_report(session, skb);
e1aaadd4
MH		 464
465 if (session->hid) {
466 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
467 BT_DBG("report len %d", skb->len);
468 }
1da177e4
LT		 469 } else {
470 BT_DBG("Unsupported protocol header 0x%02x", hdr);
471 }
472
473 kfree_skb(skb);
474}
475
476static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
477{
478 struct kvec iv = { data, len };
479 struct msghdr msg;
480
481 BT_DBG("sock %p data %p len %d", sock, data, len);
482
483 if (!len)
484 return 0;
485
486 memset(&msg, 0, sizeof(msg));
487
488 return kernel_sendmsg(sock, &msg, &iv, 1, len);
489}
490
b03efcfb 491static void hidp_process_transmit(struct hidp_session *session)
1da177e4
LT		 492{
493 struct sk_buff *skb;
494
495 BT_DBG("session %p", session);
496
497 while ((skb = skb_dequeue(&session->ctrl_transmit))) {
498 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
499 skb_queue_head(&session->ctrl_transmit, skb);
500 break;
501 }
502
503 hidp_set_timer(session);
504 kfree_skb(skb);
505 }
506
507 while ((skb = skb_dequeue(&session->intr_transmit))) {
508 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
509 skb_queue_head(&session->intr_transmit, skb);
510 break;
511 }
512
513 hidp_set_timer(session);
514 kfree_skb(skb);
515 }
1da177e4
LT		 516}
517
518static int hidp_session(void *arg)
519{
520 struct hidp_session *session = arg;
521 struct sock *ctrl_sk = session->ctrl_sock->sk;
522 struct sock *intr_sk = session->intr_sock->sk;
523 struct sk_buff *skb;
524 int vendor = 0x0000, product = 0x0000;
525 wait_queue_t ctrl_wait, intr_wait;
526
527 BT_DBG("session %p", session);
528
529 if (session->input) {
530 vendor = session->input->id.vendor;
531 product = session->input->id.product;
532 }
533
e1aaadd4
MH		 534 if (session->hid) {
535 vendor = session->hid->vendor;
536 product = session->hid->product;
537 }
538
1da177e4
LT		 539 daemonize("khidpd_%04x%04x", vendor, product);
540 set_user_nice(current, -15);
1da177e4
LT		 541
542 init_waitqueue_entry(&ctrl_wait, current);
543 init_waitqueue_entry(&intr_wait, current);
544 add_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
545 add_wait_queue(intr_sk->sk_sleep, &intr_wait);
546 while (!atomic_read(&session->terminate)) {
547 set_current_state(TASK_INTERRUPTIBLE);
548
549 if (ctrl_sk->sk_state != BT_CONNECTED || intr_sk->sk_state != BT_CONNECTED)
550 break;
551
552 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
553 skb_orphan(skb);
554 hidp_recv_ctrl_frame(session, skb);
555 }
556
557 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
558 skb_orphan(skb);
559 hidp_recv_intr_frame(session, skb);
560 }
561
562 hidp_process_transmit(session);
563
564 schedule();
565 }
566 set_current_state(TASK_RUNNING);
567 remove_wait_queue(intr_sk->sk_sleep, &intr_wait);
568 remove_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
569
570 down_write(&hidp_session_sem);
571
572 hidp_del_timer(session);
573
1da177e4
LT		 574 if (session->input) {
575 input_unregister_device(session->input);
34abf91f 576 session->input = NULL;
1da177e4
LT		 577 }
578
e1aaadd4 579 if (session->hid) {
85cdaf52 580 hid_destroy_device(session->hid);
edad6388 581 session->hid = NULL;
e1aaadd4
MH		 582 }
583
ec8dab36
MH		 584 /* Wakeup user-space polling for socket errors */
585 session->intr_sock->sk->sk_err = EUNATCH;
586 session->ctrl_sock->sk->sk_err = EUNATCH;
587
588 hidp_schedule(session);
589
1c39858b
DW		 590 fput(session->intr_sock->file);
591
592 wait_event_timeout(*(ctrl_sk->sk_sleep),
593 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
594
595 fput(session->ctrl_sock->file);
596
597 __hidp_unlink_session(session);
598
1da177e4
LT		 599 up_write(&hidp_session_sem);
600
601 kfree(session);
602 return 0;
603}
604
0a85b964
MH		 605static struct device *hidp_get_device(struct hidp_session *session)
606{
607 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
608 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
edad6388 609 struct device *device = NULL;
0a85b964 610 struct hci_dev *hdev;
0a85b964
MH		 611
612 hdev = hci_get_route(dst, src);
613 if (!hdev)
614 return NULL;
615
edad6388
MH		 616 session->conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
617 if (session->conn)
618 device = &session->conn->dev;
0a85b964
MH		 619
620 hci_dev_put(hdev);
621
edad6388 622 return device;
0a85b964
MH		 623}
624
91f5cca3
AM		 625static int hidp_setup_input(struct hidp_session *session,
626 struct hidp_connadd_req *req)
1da177e4 627{
c500c971 628 struct input_dev *input;
edad6388 629 int err, i;
1da177e4 630
c500c971
JS		 631 input = input_allocate_device();
632 if (!input)
633 return -ENOMEM;
634
635 session->input = input;
636
5be39466 637 input_set_drvdata(input, session);
1da177e4 638
34abf91f
DT		 639 input->name = "Bluetooth HID Boot Protocol Device";
640
1da177e4
LT		 641 input->id.bustype = BUS_BLUETOOTH;
642 input->id.vendor = req->vendor;
643 input->id.product = req->product;
644 input->id.version = req->version;
645
646 if (req->subclass & 0x40) {
647 set_bit(EV_KEY, input->evbit);
648 set_bit(EV_LED, input->evbit);
649 set_bit(EV_REP, input->evbit);
650
651 set_bit(LED_NUML, input->ledbit);
652 set_bit(LED_CAPSL, input->ledbit);
653 set_bit(LED_SCROLLL, input->ledbit);
654 set_bit(LED_COMPOSE, input->ledbit);
655 set_bit(LED_KANA, input->ledbit);
656
657 for (i = 0; i < sizeof(hidp_keycode); i++)
658 set_bit(hidp_keycode[i], input->keybit);
659 clear_bit(0, input->keybit);
660 }
661
662 if (req->subclass & 0x80) {
7b19ada2
JS		 663 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
664 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
665 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
666 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
667 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
668 BIT_MASK(BTN_EXTRA);
669 input->relbit[0] |= BIT_MASK(REL_WHEEL);
1da177e4
LT		 670 }
671
5be39466 672 input->dev.parent = hidp_get_device(session);
0a85b964 673
1da177e4
LT		 674 input->event = hidp_input_event;
675
edad6388
MH		 676 err = input_register_device(input);
677 if (err < 0) {
678 hci_conn_put_device(session->conn);
679 return err;
680 }
681
682 return 0;
1da177e4
LT		 683}
684
f5ffd462
MH		 685static int hidp_open(struct hid_device *hid)
686{
687 return 0;
688}
689
690static void hidp_close(struct hid_device *hid)
691{
692}
693
c500c971
JS		 694static int hidp_parse(struct hid_device *hid)
695{
696 struct hidp_session *session = hid->driver_data;
697 struct hidp_connadd_req *req = session->req;
698 unsigned char *buf;
699 int ret;
700
701 buf = kmalloc(req->rd_size, GFP_KERNEL);
702 if (!buf)
703 return -ENOMEM;
704
705 if (copy_from_user(buf, req->rd_data, req->rd_size)) {
706 kfree(buf);
707 return -EFAULT;
708 }
709
710 ret = hid_parse_report(session->hid, buf, req->rd_size);
711
712 kfree(buf);
713
714 if (ret)
715 return ret;
716
717 session->req = NULL;
718
c500c971
JS		 719 return 0;
720}
721
722static int hidp_start(struct hid_device *hid)
723{
724 struct hidp_session *session = hid->driver_data;
725 struct hid_report *report;
726
727 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
728 report_list, list)
729 hidp_send_report(session, report);
730
731 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
732 report_list, list)
733 hidp_send_report(session, report);
734
c500c971
JS		 735 return 0;
736}
737
738static void hidp_stop(struct hid_device *hid)
739{
740 struct hidp_session *session = hid->driver_data;
741
742 skb_queue_purge(&session->ctrl_transmit);
743 skb_queue_purge(&session->intr_transmit);
744
c500c971
JS		 745 hid->claimed = 0;
746}
747
748static struct hid_ll_driver hidp_hid_driver = {
749 .parse = hidp_parse,
750 .start = hidp_start,
751 .stop = hidp_stop,
752 .open = hidp_open,
753 .close = hidp_close,
754 .hidinput_input_event = hidp_hidinput_event,
755};
756
85cdaf52 757static int hidp_setup_hid(struct hidp_session *session,
91f5cca3 758 struct hidp_connadd_req *req)
e1aaadd4 759{
c500c971 760 struct hid_device *hid;
e1aaadd4 761 bdaddr_t src, dst;
edad6388 762 int err;
e1aaadd4 763
c500c971 764 hid = hid_allocate_device();
edad6388
MH		 765 if (IS_ERR(hid))
766 return PTR_ERR(session->hid);
e1aaadd4 767
c500c971
JS		 768 session->hid = hid;
769 session->req = req;
e1aaadd4
MH		 770 hid->driver_data = session;
771
c500c971
JS		 772 baswap(&src, &bt_sk(session->ctrl_sock->sk)->src);
773 baswap(&dst, &bt_sk(session->ctrl_sock->sk)->dst);
e1aaadd4
MH		 774
775 hid->bus = BUS_BLUETOOTH;
776 hid->vendor = req->vendor;
777 hid->product = req->product;
778 hid->version = req->version;
c500c971 779 hid->country = req->country;
e1aaadd4
MH		 780
781 strncpy(hid->name, req->name, 128);
782 strncpy(hid->phys, batostr(&src), 64);
783 strncpy(hid->uniq, batostr(&dst), 64);
784
85cdaf52 785 hid->dev.parent = hidp_get_device(session);
c500c971 786 hid->ll_driver = &hidp_hid_driver;
85cdaf52 787
edad6388
MH		 788 err = hid_add_device(hid);
789 if (err < 0)
790 goto failed;
85cdaf52 791
c500c971 792 return 0;
edad6388
MH		 793
794failed:
c500c971
JS		 795 hid_destroy_device(hid);
796 session->hid = NULL;
edad6388
MH		 797
798 return err;
e1aaadd4
MH		 799}
800
1da177e4
LT		 801int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
802{
803 struct hidp_session *session, *s;
804 int err;
805
806 BT_DBG("");
807
808 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
809 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
810 return -ENOTUNIQ;
811
25ea6db0 812 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
34abf91f 813 if (!session)
1da177e4 814 return -ENOMEM;
1da177e4 815
e1aaadd4
MH		 816 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);
817
1da177e4
LT		 818 down_write(&hidp_session_sem);
819
820 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
821 if (s && s->state == BT_CONNECTED) {
822 err = -EEXIST;
823 goto failed;
824 }
825
826 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
827
828 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->omtu, l2cap_pi(ctrl_sock->sk)->imtu);
829 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->omtu, l2cap_pi(intr_sock->sk)->imtu);
830
831 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
832
833 session->ctrl_sock = ctrl_sock;
834 session->intr_sock = intr_sock;
835 session->state = BT_CONNECTED;
836
b24b8a24 837 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session);
1da177e4
LT		 838
839 skb_queue_head_init(&session->ctrl_transmit);
840 skb_queue_head_init(&session->intr_transmit);
841
842 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
843 session->idle_to = req->idle_to;
844
c500c971 845 if (req->rd_size > 0) {
85cdaf52 846 err = hidp_setup_hid(session, req);
d458a9df 847 if (err && err != -ENODEV)
edad6388 848 goto purge;
c500c971
JS		 849 }
850
851 if (!session->hid) {
852 err = hidp_setup_input(session, req);
853 if (err < 0)
edad6388 854 goto purge;
85cdaf52 855 }
e1aaadd4 856
1da177e4
LT		 857 __hidp_link_session(session);
858
859 hidp_set_timer(session);
860
861 err = kernel_thread(hidp_session, session, CLONE_KERNEL);
862 if (err < 0)
863 goto unlink;
864
865 if (session->input) {
866 hidp_send_ctrl_message(session,
867 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
868 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
869
870 session->leds = 0xff;
871 hidp_input_event(session->input, EV_LED, 0, 0);
872 }
873
874 up_write(&hidp_session_sem);
875 return 0;
876
877unlink:
878 hidp_del_timer(session);
879
880 __hidp_unlink_session(session);
881
edad6388 882 if (session->input) {
1da177e4 883 input_unregister_device(session->input);
edad6388
MH		 884 session->input = NULL;
885 }
886
887 if (session->hid) {
85cdaf52 888 hid_destroy_device(session->hid);
edad6388
MH		 889 session->hid = NULL;
890 }
891
892purge:
c500c971
JS		 893 skb_queue_purge(&session->ctrl_transmit);
894 skb_queue_purge(&session->intr_transmit);
edad6388 895
c500c971
JS		 896failed:
897 up_write(&hidp_session_sem);
e1aaadd4 898
5be39466 899 input_free_device(session->input);
1da177e4
LT		 900 kfree(session);
901 return err;
902}
903
904int hidp_del_connection(struct hidp_conndel_req *req)
905{
906 struct hidp_session *session;
907 int err = 0;
908
909 BT_DBG("");
910
911 down_read(&hidp_session_sem);
912
913 session = __hidp_get_session(&req->bdaddr);
914 if (session) {
915 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
916 hidp_send_ctrl_message(session,
917 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
918 } else {
919 /* Flush the transmit queues */
920 skb_queue_purge(&session->ctrl_transmit);
921 skb_queue_purge(&session->intr_transmit);
922
ec8dab36
MH		 923 /* Wakeup user-space polling for socket errors */
924 session->intr_sock->sk->sk_err = EUNATCH;
925 session->ctrl_sock->sk->sk_err = EUNATCH;
926
1da177e4
LT		 927 /* Kill session thread */
928 atomic_inc(&session->terminate);
929 hidp_schedule(session);
930 }
931 } else
932 err = -ENOENT;
933
934 up_read(&hidp_session_sem);
935 return err;
936}
937
938int hidp_get_connlist(struct hidp_connlist_req *req)
939{
940 struct list_head *p;
941 int err = 0, n = 0;
942
943 BT_DBG("");
944
945 down_read(&hidp_session_sem);
946
947 list_for_each(p, &hidp_session_list) {
948 struct hidp_session *session;
949 struct hidp_conninfo ci;
950
951 session = list_entry(p, struct hidp_session, list);
952
953 __hidp_copy_session(session, &ci);
954
955 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
956 err = -EFAULT;
957 break;
958 }
959
960 if (++n >= req->cnum)
961 break;
962
963 req->ci++;
964 }
965 req->cnum = n;
966
967 up_read(&hidp_session_sem);
968 return err;
969}
970
971int hidp_get_conninfo(struct hidp_conninfo *ci)
972{
973 struct hidp_session *session;
974 int err = 0;
975
976 down_read(&hidp_session_sem);
977
978 session = __hidp_get_session(&ci->bdaddr);
979 if (session)
980 __hidp_copy_session(session, ci);
981 else
982 err = -ENOENT;
983
984 up_read(&hidp_session_sem);
985 return err;
986}
987
85cdaf52
JS		 988static const struct hid_device_id hidp_table[] = {
989 { HID_BLUETOOTH_DEVICE(HID_ANY_ID, HID_ANY_ID) },
990 { }
991};
992
993static struct hid_driver hidp_driver = {
994 .name = "generic-bluetooth",
995 .id_table = hidp_table,
996};
997
1da177e4
LT		 998static int __init hidp_init(void)
999{
85cdaf52
JS		 1000 int ret;
1001
1da177e4
LT		 1002 l2cap_load();
1003
1004 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1005
85cdaf52
JS		 1006 ret = hid_register_driver(&hidp_driver);
1007 if (ret)
1008 goto err;
1009
1010 ret = hidp_init_sockets();
1011 if (ret)
1012 goto err_drv;
1013
1014 return 0;
1015err_drv:
1016 hid_unregister_driver(&hidp_driver);
1017err:
1018 return ret;
1da177e4
LT		 1019}
1020
1021static void __exit hidp_exit(void)
1022{
1023 hidp_cleanup_sockets();
85cdaf52 1024 hid_unregister_driver(&hidp_driver);
1da177e4
LT		 1025}
1026
1027module_init(hidp_init);
1028module_exit(hidp_exit);
1029
1030MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1031MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1032MODULE_VERSION(VERSION);
1033MODULE_LICENSE("GPL");
1034MODULE_ALIAS("bt-proto-6");
Linux 6.x block layer and io_uring tree(s)