Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
awilliam
GitHub Repository: awilliam/linux-vfio
 Path: blob/master/net/bluetooth/hidp/core.c
15109 views
1
/*

2
   HIDP implementation for Linux Bluetooth stack (BlueZ).

3
   Copyright (C) 2003-2004 Marcel Holtmann <[email protected]>

4


5
   This program is free software; you can redistribute it and/or modify

6
   it under the terms of the GNU General Public License version 2 as

7
   published by the Free Software Foundation;

8


9
   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS

10
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

11
   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.

12
   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY

13
   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES

14
   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

15
   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

16
   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

17


18
   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,

19
   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS

20
   SOFTWARE IS DISCLAIMED.

21
*/

22


23
#include <linux/module.h>

24


25
#include <linux/types.h>

26
#include <linux/errno.h>

27
#include <linux/kernel.h>

28
#include <linux/sched.h>

29
#include <linux/slab.h>

30
#include <linux/poll.h>

31
#include <linux/freezer.h>

32
#include <linux/fcntl.h>

33
#include <linux/skbuff.h>

34
#include <linux/socket.h>

35
#include <linux/ioctl.h>

36
#include <linux/file.h>

37
#include <linux/init.h>

38
#include <linux/wait.h>

39
#include <linux/mutex.h>

40
#include <linux/kthread.h>

41
#include <net/sock.h>

42


43
#include <linux/input.h>

44
#include <linux/hid.h>

45
#include <linux/hidraw.h>

46


47
#include <net/bluetooth/bluetooth.h>

48
#include <net/bluetooth/hci_core.h>

49
#include <net/bluetooth/l2cap.h>

50


51
#include "hidp.h"

52


53
#define VERSION "1.2"

54


55
static DECLARE_RWSEM(hidp_session_sem);

56
static LIST_HEAD(hidp_session_list);

57


58
static unsigned char hidp_keycode[256] = {

59
	  0,   0,   0,   0,  30,  48,  46,  32,  18,  33,  34,  35,  23,  36,

60
	 37,  38,  50,  49,  24,  25,  16,  19,  31,  20,  22,  47,  17,  45,

61
	 21,  44,   2,   3,   4,   5,   6,   7,   8,   9,  10,  11,  28,   1,

62
	 14,  15,  57,  12,  13,  26,  27,  43,  43,  39,  40,  41,  51,  52,

63
	 53,  58,  59,  60,  61,  62,  63,  64,  65,  66,  67,  68,  87,  88,

64
	 99,  70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103,  69,

65
	 98,  55,  74,  78,  96,  79,  80,  81,  75,  76,  77,  71,  72,  73,

66
	 82,  83,  86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,

67
	191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,

68
	136, 113, 115, 114,   0,   0,   0, 121,   0,  89,  93, 124,  92,  94,

69
	 95,   0,   0,   0, 122, 123,  90,  91,  85,   0,   0,   0,   0,   0,

70
	  0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,

71
	  0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,

72
	  0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,

73
	  0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,

74
	  0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,

75
	 29,  42,  56, 125,  97,  54, 100, 126, 164, 166, 165, 163, 161, 115,

76
	114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140

77
};

78


79
static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };

80


81
static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)

82
{

83
	struct hidp_session *session;

84
	struct list_head *p;

85


86
	BT_DBG("");

87


88
	list_for_each(p, &hidp_session_list) {

89
		session = list_entry(p, struct hidp_session, list);

90
		if (!bacmp(bdaddr, &session->bdaddr))

91
			return session;

92
	}

93
	return NULL;

94
}

95


96
static void __hidp_link_session(struct hidp_session *session)

97
{

98
	__module_get(THIS_MODULE);

99
	list_add(&session->list, &hidp_session_list);

100


101
	hci_conn_hold_device(session->conn);

102
}

103


104
static void __hidp_unlink_session(struct hidp_session *session)

105
{

106
	hci_conn_put_device(session->conn);

107


108
	list_del(&session->list);

109
	module_put(THIS_MODULE);

110
}

111


112
static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)

113
{

114
	memset(ci, 0, sizeof(*ci));

115
	bacpy(&ci->bdaddr, &session->bdaddr);

116


117
	ci->flags = session->flags;

118
	ci->state = session->state;

119


120
	ci->vendor  = 0x0000;

121
	ci->product = 0x0000;

122
	ci->version = 0x0000;

123


124
	if (session->input) {

125
		ci->vendor  = session->input->id.vendor;

126
		ci->product = session->input->id.product;

127
		ci->version = session->input->id.version;

128
		if (session->input->name)

129
			strncpy(ci->name, session->input->name, 128);

130
		else

131
			strncpy(ci->name, "HID Boot Device", 128);

132
	}

133


134
	if (session->hid) {

135
		ci->vendor  = session->hid->vendor;

136
		ci->product = session->hid->product;

137
		ci->version = session->hid->version;

138
		strncpy(ci->name, session->hid->name, 128);

139
	}

140
}

141


142
static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,

143
				unsigned int type, unsigned int code, int value)

144
{

145
	unsigned char newleds;

146
	struct sk_buff *skb;

147


148
	BT_DBG("session %p type %d code %d value %d", session, type, code, value);

149


150
	if (type != EV_LED)

151
		return -1;

152


153
	newleds = (!!test_bit(LED_KANA,    dev->led) << 3) |

154
		  (!!test_bit(LED_COMPOSE, dev->led) << 3) |

155
		  (!!test_bit(LED_SCROLLL, dev->led) << 2) |

156
		  (!!test_bit(LED_CAPSL,   dev->led) << 1) |

157
		  (!!test_bit(LED_NUML,    dev->led));

158


159
	if (session->leds == newleds)

160
		return 0;

161


162
	session->leds = newleds;

163


164
	skb = alloc_skb(3, GFP_ATOMIC);

165
	if (!skb) {

166
		BT_ERR("Can't allocate memory for new frame");

167
		return -ENOMEM;

168
	}

169


170
	*skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;

171
	*skb_put(skb, 1) = 0x01;

172
	*skb_put(skb, 1) = newleds;

173


174
	skb_queue_tail(&session->intr_transmit, skb);

175


176
	hidp_schedule(session);

177


178
	return 0;

179
}

180


181
static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)

182
{

183
	struct hid_device *hid = input_get_drvdata(dev);

184
	struct hidp_session *session = hid->driver_data;

185


186
	return hidp_queue_event(session, dev, type, code, value);

187
}

188


189
static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)

190
{

191
	struct hidp_session *session = input_get_drvdata(dev);

192


193
	return hidp_queue_event(session, dev, type, code, value);

194
}

195


196
static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)

197
{

198
	struct input_dev *dev = session->input;

199
	unsigned char *keys = session->keys;

200
	unsigned char *udata = skb->data + 1;

201
	signed char *sdata = skb->data + 1;

202
	int i, size = skb->len - 1;

203


204
	switch (skb->data[0]) {

205
	case 0x01:	/* Keyboard report */

206
		for (i = 0; i < 8; i++)

207
			input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);

208


209
		/* If all the key codes have been set to 0x01, it means

210
		 * too many keys were pressed at the same time. */

211
		if (!memcmp(udata + 2, hidp_mkeyspat, 6))

212
			break;

213


214
		for (i = 2; i < 8; i++) {

215
			if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {

216
				if (hidp_keycode[keys[i]])

217
					input_report_key(dev, hidp_keycode[keys[i]], 0);

218
				else

219
					BT_ERR("Unknown key (scancode %#x) released.", keys[i]);

220
			}

221


222
			if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {

223
				if (hidp_keycode[udata[i]])

224
					input_report_key(dev, hidp_keycode[udata[i]], 1);

225
				else

226
					BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);

227
			}

228
		}

229


230
		memcpy(keys, udata, 8);

231
		break;

232


233
	case 0x02:	/* Mouse report */

234
		input_report_key(dev, BTN_LEFT,   sdata[0] & 0x01);

235
		input_report_key(dev, BTN_RIGHT,  sdata[0] & 0x02);

236
		input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);

237
		input_report_key(dev, BTN_SIDE,   sdata[0] & 0x08);

238
		input_report_key(dev, BTN_EXTRA,  sdata[0] & 0x10);

239


240
		input_report_rel(dev, REL_X, sdata[1]);

241
		input_report_rel(dev, REL_Y, sdata[2]);

242


243
		if (size > 3)

244
			input_report_rel(dev, REL_WHEEL, sdata[3]);

245
		break;

246
	}

247


248
	input_sync(dev);

249
}

250


251
static int __hidp_send_ctrl_message(struct hidp_session *session,

252
			unsigned char hdr, unsigned char *data, int size)

253
{

254
	struct sk_buff *skb;

255


256
	BT_DBG("session %p data %p size %d", session, data, size);

257


258
	skb = alloc_skb(size + 1, GFP_ATOMIC);

259
	if (!skb) {

260
		BT_ERR("Can't allocate memory for new frame");

261
		return -ENOMEM;

262
	}

263


264
	*skb_put(skb, 1) = hdr;

265
	if (data && size > 0)

266
		memcpy(skb_put(skb, size), data, size);

267


268
	skb_queue_tail(&session->ctrl_transmit, skb);

269


270
	return 0;

271
}

272


273
static inline int hidp_send_ctrl_message(struct hidp_session *session,

274
			unsigned char hdr, unsigned char *data, int size)

275
{

276
	int err;

277


278
	err = __hidp_send_ctrl_message(session, hdr, data, size);

279


280
	hidp_schedule(session);

281


282
	return err;

283
}

284


285
static int hidp_queue_report(struct hidp_session *session,

286
				unsigned char *data, int size)

287
{

288
	struct sk_buff *skb;

289


290
	BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);

291


292
	skb = alloc_skb(size + 1, GFP_ATOMIC);

293
	if (!skb) {

294
		BT_ERR("Can't allocate memory for new frame");

295
		return -ENOMEM;

296
	}

297


298
	*skb_put(skb, 1) = 0xa2;

299
	if (size > 0)

300
		memcpy(skb_put(skb, size), data, size);

301


302
	skb_queue_tail(&session->intr_transmit, skb);

303


304
	hidp_schedule(session);

305


306
	return 0;

307
}

308


309
static int hidp_send_report(struct hidp_session *session, struct hid_report *report)

310
{

311
	unsigned char buf[32];

312
	int rsize;

313


314
	rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);

315
	if (rsize > sizeof(buf))

316
		return -EIO;

317


318
	hid_output_report(report, buf);

319


320
	return hidp_queue_report(session, buf, rsize);

321
}

322


323
static int hidp_get_raw_report(struct hid_device *hid,

324
		unsigned char report_number,

325
		unsigned char *data, size_t count,

326
		unsigned char report_type)

327
{

328
	struct hidp_session *session = hid->driver_data;

329
	struct sk_buff *skb;

330
	size_t len;

331
	int numbered_reports = hid->report_enum[report_type].numbered;

332


333
	switch (report_type) {

334
	case HID_FEATURE_REPORT:

335
		report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;

336
		break;

337
	case HID_INPUT_REPORT:

338
		report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;

339
		break;

340
	case HID_OUTPUT_REPORT:

341
		report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;

342
		break;

343
	default:

344
		return -EINVAL;

345
	}

346


347
	if (mutex_lock_interruptible(&session->report_mutex))

348
		return -ERESTARTSYS;

349


350
	/* Set up our wait, and send the report request to the device. */

351
	session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;

352
	session->waiting_report_number = numbered_reports ? report_number : -1;

353
	set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);

354
	data[0] = report_number;

355
	if (hidp_send_ctrl_message(hid->driver_data, report_type, data, 1))

356
		goto err_eio;

357


358
	/* Wait for the return of the report. The returned report

359
	   gets put in session->report_return.  */

360
	while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) {

361
		int res;

362


363
		res = wait_event_interruptible_timeout(session->report_queue,

364
			!test_bit(HIDP_WAITING_FOR_RETURN, &session->flags),

365
			5*HZ);

366
		if (res == 0) {

367
			/* timeout */

368
			goto err_eio;

369
		}

370
		if (res < 0) {

371
			/* signal */

372
			goto err_restartsys;

373
		}

374
	}

375


376
	skb = session->report_return;

377
	if (skb) {

378
		len = skb->len < count ? skb->len : count;

379
		memcpy(data, skb->data, len);

380


381
		kfree_skb(skb);

382
		session->report_return = NULL;

383
	} else {

384
		/* Device returned a HANDSHAKE, indicating  protocol error. */

385
		len = -EIO;

386
	}

387


388
	clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);

389
	mutex_unlock(&session->report_mutex);

390


391
	return len;

392


393
err_restartsys:

394
	clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);

395
	mutex_unlock(&session->report_mutex);

396
	return -ERESTARTSYS;

397
err_eio:

398
	clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);

399
	mutex_unlock(&session->report_mutex);

400
	return -EIO;

401
}

402


403
static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,

404
		unsigned char report_type)

405
{

406
	struct hidp_session *session = hid->driver_data;

407
	int ret;

408


409
	switch (report_type) {

410
	case HID_FEATURE_REPORT:

411
		report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;

412
		break;

413
	case HID_OUTPUT_REPORT:

414
		report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT;

415
		break;

416
	default:

417
		return -EINVAL;

418
	}

419


420
	if (mutex_lock_interruptible(&session->report_mutex))

421
		return -ERESTARTSYS;

422


423
	/* Set up our wait, and send the report request to the device. */

424
	set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);

425
	if (hidp_send_ctrl_message(hid->driver_data, report_type,

426
			data, count)) {

427
		ret = -ENOMEM;

428
		goto err;

429
	}

430


431
	/* Wait for the ACK from the device. */

432
	while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) {

433
		int res;

434


435
		res = wait_event_interruptible_timeout(session->report_queue,

436
			!test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags),

437
			10*HZ);

438
		if (res == 0) {

439
			/* timeout */

440
			ret = -EIO;

441
			goto err;

442
		}

443
		if (res < 0) {

444
			/* signal */

445
			ret = -ERESTARTSYS;

446
			goto err;

447
		}

448
	}

449


450
	if (!session->output_report_success) {

451
		ret = -EIO;

452
		goto err;

453
	}

454


455
	ret = count;

456


457
err:

458
	clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);

459
	mutex_unlock(&session->report_mutex);

460
	return ret;

461
}

462


463
static void hidp_idle_timeout(unsigned long arg)

464
{

465
	struct hidp_session *session = (struct hidp_session *) arg;

466


467
	atomic_inc(&session->terminate);

468
	wake_up_process(session->task);

469
}

470


471
static void hidp_set_timer(struct hidp_session *session)

472
{

473
	if (session->idle_to > 0)

474
		mod_timer(&session->timer, jiffies + HZ * session->idle_to);

475
}

476


477
static inline void hidp_del_timer(struct hidp_session *session)

478
{

479
	if (session->idle_to > 0)

480
		del_timer(&session->timer);

481
}

482


483
static void hidp_process_handshake(struct hidp_session *session,

484
					unsigned char param)

485
{

486
	BT_DBG("session %p param 0x%02x", session, param);

487
	session->output_report_success = 0; /* default condition */

488


489
	switch (param) {

490
	case HIDP_HSHK_SUCCESSFUL:

491
		/* FIXME: Call into SET_ GET_ handlers here */

492
		session->output_report_success = 1;

493
		break;

494


495
	case HIDP_HSHK_NOT_READY:

496
	case HIDP_HSHK_ERR_INVALID_REPORT_ID:

497
	case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:

498
	case HIDP_HSHK_ERR_INVALID_PARAMETER:

499
		if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) {

500
			clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);

501
			wake_up_interruptible(&session->report_queue);

502
		}

503
		/* FIXME: Call into SET_ GET_ handlers here */

504
		break;

505


506
	case HIDP_HSHK_ERR_UNKNOWN:

507
		break;

508


509
	case HIDP_HSHK_ERR_FATAL:

510
		/* Device requests a reboot, as this is the only way this error

511
		 * can be recovered. */

512
		__hidp_send_ctrl_message(session,

513
			HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);

514
		break;

515


516
	default:

517
		__hidp_send_ctrl_message(session,

518
			HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);

519
		break;

520
	}

521


522
	/* Wake up the waiting thread. */

523
	if (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) {

524
		clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);

525
		wake_up_interruptible(&session->report_queue);

526
	}

527
}

528


529
static void hidp_process_hid_control(struct hidp_session *session,

530
					unsigned char param)

531
{

532
	BT_DBG("session %p param 0x%02x", session, param);

533


534
	if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {

535
		/* Flush the transmit queues */

536
		skb_queue_purge(&session->ctrl_transmit);

537
		skb_queue_purge(&session->intr_transmit);

538


539
		atomic_inc(&session->terminate);

540
		wake_up_process(current);

541
	}

542
}

543


544
/* Returns true if the passed-in skb should be freed by the caller. */

545
static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,

546
				unsigned char param)

547
{

548
	int done_with_skb = 1;

549
	BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);

550


551
	switch (param) {

552
	case HIDP_DATA_RTYPE_INPUT:

553
		hidp_set_timer(session);

554


555
		if (session->input)

556
			hidp_input_report(session, skb);

557


558
		if (session->hid)

559
			hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);

560
		break;

561


562
	case HIDP_DATA_RTYPE_OTHER:

563
	case HIDP_DATA_RTYPE_OUPUT:

564
	case HIDP_DATA_RTYPE_FEATURE:

565
		break;

566


567
	default:

568
		__hidp_send_ctrl_message(session,

569
			HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);

570
	}

571


572
	if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&

573
				param == session->waiting_report_type) {

574
		if (session->waiting_report_number < 0 ||

575
		    session->waiting_report_number == skb->data[0]) {

576
			/* hidp_get_raw_report() is waiting on this report. */

577
			session->report_return = skb;

578
			done_with_skb = 0;

579
			clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);

580
			wake_up_interruptible(&session->report_queue);

581
		}

582
	}

583


584
	return done_with_skb;

585
}

586


587
static void hidp_recv_ctrl_frame(struct hidp_session *session,

588
					struct sk_buff *skb)

589
{

590
	unsigned char hdr, type, param;

591
	int free_skb = 1;

592


593
	BT_DBG("session %p skb %p len %d", session, skb, skb->len);

594


595
	hdr = skb->data[0];

596
	skb_pull(skb, 1);

597


598
	type = hdr & HIDP_HEADER_TRANS_MASK;

599
	param = hdr & HIDP_HEADER_PARAM_MASK;

600


601
	switch (type) {

602
	case HIDP_TRANS_HANDSHAKE:

603
		hidp_process_handshake(session, param);

604
		break;

605


606
	case HIDP_TRANS_HID_CONTROL:

607
		hidp_process_hid_control(session, param);

608
		break;

609


610
	case HIDP_TRANS_DATA:

611
		free_skb = hidp_process_data(session, skb, param);

612
		break;

613


614
	default:

615
		__hidp_send_ctrl_message(session,

616
			HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);

617
		break;

618
	}

619


620
	if (free_skb)

621
		kfree_skb(skb);

622
}

623


624
static void hidp_recv_intr_frame(struct hidp_session *session,

625
				struct sk_buff *skb)

626
{

627
	unsigned char hdr;

628


629
	BT_DBG("session %p skb %p len %d", session, skb, skb->len);

630


631
	hdr = skb->data[0];

632
	skb_pull(skb, 1);

633


634
	if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {

635
		hidp_set_timer(session);

636


637
		if (session->input)

638
			hidp_input_report(session, skb);

639


640
		if (session->hid) {

641
			hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);

642
			BT_DBG("report len %d", skb->len);

643
		}

644
	} else {

645
		BT_DBG("Unsupported protocol header 0x%02x", hdr);

646
	}

647


648
	kfree_skb(skb);

649
}

650


651
static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)

652
{

653
	struct kvec iv = { data, len };

654
	struct msghdr msg;

655


656
	BT_DBG("sock %p data %p len %d", sock, data, len);

657


658
	if (!len)

659
		return 0;

660


661
	memset(&msg, 0, sizeof(msg));

662


663
	return kernel_sendmsg(sock, &msg, &iv, 1, len);

664
}

665


666
static void hidp_process_transmit(struct hidp_session *session)

667
{

668
	struct sk_buff *skb;

669


670
	BT_DBG("session %p", session);

671


672
	while ((skb = skb_dequeue(&session->ctrl_transmit))) {

673
		if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {

674
			skb_queue_head(&session->ctrl_transmit, skb);

675
			break;

676
		}

677


678
		hidp_set_timer(session);

679
		kfree_skb(skb);

680
	}

681


682
	while ((skb = skb_dequeue(&session->intr_transmit))) {

683
		if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {

684
			skb_queue_head(&session->intr_transmit, skb);

685
			break;

686
		}

687


688
		hidp_set_timer(session);

689
		kfree_skb(skb);

690
	}

691
}

692


693
static int hidp_session(void *arg)

694
{

695
	struct hidp_session *session = arg;

696
	struct sock *ctrl_sk = session->ctrl_sock->sk;

697
	struct sock *intr_sk = session->intr_sock->sk;

698
	struct sk_buff *skb;

699
	wait_queue_t ctrl_wait, intr_wait;

700


701
	BT_DBG("session %p", session);

702


703
	set_user_nice(current, -15);

704


705
	init_waitqueue_entry(&ctrl_wait, current);

706
	init_waitqueue_entry(&intr_wait, current);

707
	add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);

708
	add_wait_queue(sk_sleep(intr_sk), &intr_wait);

709
	session->waiting_for_startup = 0;

710
	wake_up_interruptible(&session->startup_queue);

711
	set_current_state(TASK_INTERRUPTIBLE);

712
	while (!atomic_read(&session->terminate)) {

713
		if (ctrl_sk->sk_state != BT_CONNECTED ||

714
				intr_sk->sk_state != BT_CONNECTED)

715
			break;

716


717
		while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {

718
			skb_orphan(skb);

719
			hidp_recv_ctrl_frame(session, skb);

720
		}

721


722
		while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {

723
			skb_orphan(skb);

724
			hidp_recv_intr_frame(session, skb);

725
		}

726


727
		hidp_process_transmit(session);

728


729
		schedule();

730
		set_current_state(TASK_INTERRUPTIBLE);

731
	}

732
	set_current_state(TASK_RUNNING);

733
	remove_wait_queue(sk_sleep(intr_sk), &intr_wait);

734
	remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);

735


736
	down_write(&hidp_session_sem);

737


738
	hidp_del_timer(session);

739


740
	if (session->input) {

741
		input_unregister_device(session->input);

742
		session->input = NULL;

743
	}

744


745
	if (session->hid) {

746
		hid_destroy_device(session->hid);

747
		session->hid = NULL;

748
	}

749


750
	/* Wakeup user-space polling for socket errors */

751
	session->intr_sock->sk->sk_err = EUNATCH;

752
	session->ctrl_sock->sk->sk_err = EUNATCH;

753


754
	hidp_schedule(session);

755


756
	fput(session->intr_sock->file);

757


758
	wait_event_timeout(*(sk_sleep(ctrl_sk)),

759
		(ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));

760


761
	fput(session->ctrl_sock->file);

762


763
	__hidp_unlink_session(session);

764


765
	up_write(&hidp_session_sem);

766


767
	kfree(session);

768
	return 0;

769
}

770


771
static struct device *hidp_get_device(struct hidp_session *session)

772
{

773
	bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;

774
	bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;

775
	struct device *device = NULL;

776
	struct hci_dev *hdev;

777


778
	hdev = hci_get_route(dst, src);

779
	if (!hdev)

780
		return NULL;

781


782
	session->conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);

783
	if (session->conn)

784
		device = &session->conn->dev;

785


786
	hci_dev_put(hdev);

787


788
	return device;

789
}

790


791
static int hidp_setup_input(struct hidp_session *session,

792
				struct hidp_connadd_req *req)

793
{

794
	struct input_dev *input;

795
	int err, i;

796


797
	input = input_allocate_device();

798
	if (!input)

799
		return -ENOMEM;

800


801
	session->input = input;

802


803
	input_set_drvdata(input, session);

804


805
	input->name = "Bluetooth HID Boot Protocol Device";

806


807
	input->id.bustype = BUS_BLUETOOTH;

808
	input->id.vendor  = req->vendor;

809
	input->id.product = req->product;

810
	input->id.version = req->version;

811


812
	if (req->subclass & 0x40) {

813
		set_bit(EV_KEY, input->evbit);

814
		set_bit(EV_LED, input->evbit);

815
		set_bit(EV_REP, input->evbit);

816


817
		set_bit(LED_NUML,    input->ledbit);

818
		set_bit(LED_CAPSL,   input->ledbit);

819
		set_bit(LED_SCROLLL, input->ledbit);

820
		set_bit(LED_COMPOSE, input->ledbit);

821
		set_bit(LED_KANA,    input->ledbit);

822


823
		for (i = 0; i < sizeof(hidp_keycode); i++)

824
			set_bit(hidp_keycode[i], input->keybit);

825
		clear_bit(0, input->keybit);

826
	}

827


828
	if (req->subclass & 0x80) {

829
		input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);

830
		input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |

831
			BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);

832
		input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);

833
		input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |

834
			BIT_MASK(BTN_EXTRA);

835
		input->relbit[0] |= BIT_MASK(REL_WHEEL);

836
	}

837


838
	input->dev.parent = hidp_get_device(session);

839


840
	input->event = hidp_input_event;

841


842
	err = input_register_device(input);

843
	if (err < 0) {

844
		hci_conn_put_device(session->conn);

845
		return err;

846
	}

847


848
	return 0;

849
}

850


851
static int hidp_open(struct hid_device *hid)

852
{

853
	return 0;

854
}

855


856
static void hidp_close(struct hid_device *hid)

857
{

858
}

859


860
static int hidp_parse(struct hid_device *hid)

861
{

862
	struct hidp_session *session = hid->driver_data;

863


864
	return hid_parse_report(session->hid, session->rd_data,

865
			session->rd_size);

866
}

867


868
static int hidp_start(struct hid_device *hid)

869
{

870
	struct hidp_session *session = hid->driver_data;

871
	struct hid_report *report;

872


873
	list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].

874
			report_list, list)

875
		hidp_send_report(session, report);

876


877
	list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].

878
			report_list, list)

879
		hidp_send_report(session, report);

880


881
	return 0;

882
}

883


884
static void hidp_stop(struct hid_device *hid)

885
{

886
	struct hidp_session *session = hid->driver_data;

887


888
	skb_queue_purge(&session->ctrl_transmit);

889
	skb_queue_purge(&session->intr_transmit);

890


891
	hid->claimed = 0;

892
}

893


894
static struct hid_ll_driver hidp_hid_driver = {

895
	.parse = hidp_parse,

896
	.start = hidp_start,

897
	.stop = hidp_stop,

898
	.open  = hidp_open,

899
	.close = hidp_close,

900
	.hidinput_input_event = hidp_hidinput_event,

901
};

902


903
/* This function sets up the hid device. It does not add it

904
   to the HID system. That is done in hidp_add_connection(). */

905
static int hidp_setup_hid(struct hidp_session *session,

906
				struct hidp_connadd_req *req)

907
{

908
	struct hid_device *hid;

909
	int err;

910


911
	session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);

912
	if (!session->rd_data)

913
		return -ENOMEM;

914


915
	if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {

916
		err = -EFAULT;

917
		goto fault;

918
	}

919
	session->rd_size = req->rd_size;

920


921
	hid = hid_allocate_device();

922
	if (IS_ERR(hid)) {

923
		err = PTR_ERR(hid);

924
		goto fault;

925
	}

926


927
	session->hid = hid;

928


929
	hid->driver_data = session;

930


931
	hid->bus     = BUS_BLUETOOTH;

932
	hid->vendor  = req->vendor;

933
	hid->product = req->product;

934
	hid->version = req->version;

935
	hid->country = req->country;

936


937
	strncpy(hid->name, req->name, 128);

938
	strncpy(hid->phys, batostr(&bt_sk(session->ctrl_sock->sk)->src), 64);

939
	strncpy(hid->uniq, batostr(&bt_sk(session->ctrl_sock->sk)->dst), 64);

940


941
	hid->dev.parent = hidp_get_device(session);

942
	hid->ll_driver = &hidp_hid_driver;

943


944
	hid->hid_get_raw_report = hidp_get_raw_report;

945
	hid->hid_output_raw_report = hidp_output_raw_report;

946


947
	return 0;

948


949
fault:

950
	kfree(session->rd_data);

951
	session->rd_data = NULL;

952


953
	return err;

954
}

955


956
int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)

957
{

958
	struct hidp_session *session, *s;

959
	int vendor, product;

960
	int err;

961


962
	BT_DBG("");

963


964
	if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||

965
			bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))

966
		return -ENOTUNIQ;

967


968
	session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);

969
	if (!session)

970
		return -ENOMEM;

971


972
	BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);

973


974
	down_write(&hidp_session_sem);

975


976
	s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);

977
	if (s && s->state == BT_CONNECTED) {

978
		err = -EEXIST;

979
		goto failed;

980
	}

981


982
	bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);

983


984
	session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->chan->omtu,

985
					l2cap_pi(ctrl_sock->sk)->chan->imtu);

986
	session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->chan->omtu,

987
					l2cap_pi(intr_sock->sk)->chan->imtu);

988


989
	BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);

990


991
	session->ctrl_sock = ctrl_sock;

992
	session->intr_sock = intr_sock;

993
	session->state     = BT_CONNECTED;

994


995
	setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session);

996


997
	skb_queue_head_init(&session->ctrl_transmit);

998
	skb_queue_head_init(&session->intr_transmit);

999


1000
	mutex_init(&session->report_mutex);

1001
	init_waitqueue_head(&session->report_queue);

1002
	init_waitqueue_head(&session->startup_queue);

1003
	session->waiting_for_startup = 1;

1004
	session->flags   = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);

1005
	session->idle_to = req->idle_to;

1006


1007
	if (req->rd_size > 0) {

1008
		err = hidp_setup_hid(session, req);

1009
		if (err && err != -ENODEV)

1010
			goto purge;

1011
	}

1012


1013
	if (!session->hid) {

1014
		err = hidp_setup_input(session, req);

1015
		if (err < 0)

1016
			goto purge;

1017
	}

1018


1019
	__hidp_link_session(session);

1020


1021
	hidp_set_timer(session);

1022


1023
	if (session->hid) {

1024
		vendor  = session->hid->vendor;

1025
		product = session->hid->product;

1026
	} else if (session->input) {

1027
		vendor  = session->input->id.vendor;

1028
		product = session->input->id.product;

1029
	} else {

1030
		vendor = 0x0000;

1031
		product = 0x0000;

1032
	}

1033


1034
	session->task = kthread_run(hidp_session, session, "khidpd_%04x%04x",

1035
							vendor, product);

1036
	if (IS_ERR(session->task)) {

1037
		err = PTR_ERR(session->task);

1038
		goto unlink;

1039
	}

1040


1041
	while (session->waiting_for_startup) {

1042
		wait_event_interruptible(session->startup_queue,

1043
			!session->waiting_for_startup);

1044
	}

1045


1046
	err = hid_add_device(session->hid);

1047
	if (err < 0)

1048
		goto err_add_device;

1049


1050
	if (session->input) {

1051
		hidp_send_ctrl_message(session,

1052
			HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);

1053
		session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);

1054


1055
		session->leds = 0xff;

1056
		hidp_input_event(session->input, EV_LED, 0, 0);

1057
	}

1058


1059
	up_write(&hidp_session_sem);

1060
	return 0;

1061


1062
err_add_device:

1063
	hid_destroy_device(session->hid);

1064
	session->hid = NULL;

1065
	atomic_inc(&session->terminate);

1066
	wake_up_process(session->task);

1067


1068
unlink:

1069
	hidp_del_timer(session);

1070


1071
	__hidp_unlink_session(session);

1072


1073
	if (session->input) {

1074
		input_unregister_device(session->input);

1075
		session->input = NULL;

1076
	}

1077


1078
	if (session->hid) {

1079
		hid_destroy_device(session->hid);

1080
		session->hid = NULL;

1081
	}

1082


1083
	kfree(session->rd_data);

1084
	session->rd_data = NULL;

1085


1086
purge:

1087
	skb_queue_purge(&session->ctrl_transmit);

1088
	skb_queue_purge(&session->intr_transmit);

1089


1090
failed:

1091
	up_write(&hidp_session_sem);

1092


1093
	input_free_device(session->input);

1094
	kfree(session);

1095
	return err;

1096
}

1097


1098
int hidp_del_connection(struct hidp_conndel_req *req)

1099
{

1100
	struct hidp_session *session;

1101
	int err = 0;

1102


1103
	BT_DBG("");

1104


1105
	down_read(&hidp_session_sem);

1106


1107
	session = __hidp_get_session(&req->bdaddr);

1108
	if (session) {

1109
		if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {

1110
			hidp_send_ctrl_message(session,

1111
				HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);

1112
		} else {

1113
			/* Flush the transmit queues */

1114
			skb_queue_purge(&session->ctrl_transmit);

1115
			skb_queue_purge(&session->intr_transmit);

1116


1117
			atomic_inc(&session->terminate);

1118
			wake_up_process(session->task);

1119
		}

1120
	} else

1121
		err = -ENOENT;

1122


1123
	up_read(&hidp_session_sem);

1124
	return err;

1125
}

1126


1127
int hidp_get_connlist(struct hidp_connlist_req *req)

1128
{

1129
	struct list_head *p;

1130
	int err = 0, n = 0;

1131


1132
	BT_DBG("");

1133


1134
	down_read(&hidp_session_sem);

1135


1136
	list_for_each(p, &hidp_session_list) {

1137
		struct hidp_session *session;

1138
		struct hidp_conninfo ci;

1139


1140
		session = list_entry(p, struct hidp_session, list);

1141


1142
		__hidp_copy_session(session, &ci);

1143


1144
		if (copy_to_user(req->ci, &ci, sizeof(ci))) {

1145
			err = -EFAULT;

1146
			break;

1147
		}

1148


1149
		if (++n >= req->cnum)

1150
			break;

1151


1152
		req->ci++;

1153
	}

1154
	req->cnum = n;

1155


1156
	up_read(&hidp_session_sem);

1157
	return err;

1158
}

1159


1160
int hidp_get_conninfo(struct hidp_conninfo *ci)

1161
{

1162
	struct hidp_session *session;

1163
	int err = 0;

1164


1165
	down_read(&hidp_session_sem);

1166


1167
	session = __hidp_get_session(&ci->bdaddr);

1168
	if (session)

1169
		__hidp_copy_session(session, ci);

1170
	else

1171
		err = -ENOENT;

1172


1173
	up_read(&hidp_session_sem);

1174
	return err;

1175
}

1176


1177
static const struct hid_device_id hidp_table[] = {

1178
	{ HID_BLUETOOTH_DEVICE(HID_ANY_ID, HID_ANY_ID) },

1179
	{ }

1180
};

1181


1182
static struct hid_driver hidp_driver = {

1183
	.name = "generic-bluetooth",

1184
	.id_table = hidp_table,

1185
};

1186


1187
static int __init hidp_init(void)

1188
{

1189
	int ret;

1190


1191
	BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);

1192


1193
	ret = hid_register_driver(&hidp_driver);

1194
	if (ret)

1195
		goto err;

1196


1197
	ret = hidp_init_sockets();

1198
	if (ret)

1199
		goto err_drv;

1200


1201
	return 0;

1202
err_drv:

1203
	hid_unregister_driver(&hidp_driver);

1204
err:

1205
	return ret;

1206
}

1207


1208
static void __exit hidp_exit(void)

1209
{

1210
	hidp_cleanup_sockets();

1211
	hid_unregister_driver(&hidp_driver);

1212
}

1213


1214
module_init(hidp_init);

1215
module_exit(hidp_exit);

1216


1217
MODULE_AUTHOR("Marcel Holtmann <[email protected]>");

1218
MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);

1219
MODULE_VERSION(VERSION);

1220
MODULE_LICENSE("GPL");

1221
MODULE_ALIAS("bt-proto-6");

1222


1223