2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4 Copyright (C) 2013 David Herrmann <dh.herrmann@gmail.com>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
24 #include <linux/kref.h>
25 #include <linux/module.h>
26 #include <linux/file.h>
27 #include <linux/kthread.h>
28 #include <linux/hidraw.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/l2cap.h>
38 static DECLARE_RWSEM(hidp_session_sem
);
39 static LIST_HEAD(hidp_session_list
);
41 static unsigned char hidp_keycode
[256] = {
42 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36,
43 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45,
44 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1,
45 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52,
46 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88,
47 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69,
48 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73,
49 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
50 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
51 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94,
52 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0,
53 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
54 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
55 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
56 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
57 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
58 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115,
59 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
62 static unsigned char hidp_mkeyspat
[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
64 static int hidp_session_probe(struct l2cap_conn
*conn
,
65 struct l2cap_user
*user
);
66 static void hidp_session_remove(struct l2cap_conn
*conn
,
67 struct l2cap_user
*user
);
68 static int hidp_session_thread(void *arg
);
69 static void hidp_session_terminate(struct hidp_session
*s
);
71 static void hidp_copy_session(struct hidp_session
*session
, struct hidp_conninfo
*ci
)
73 memset(ci
, 0, sizeof(*ci
));
74 bacpy(&ci
->bdaddr
, &session
->bdaddr
);
76 ci
->flags
= session
->flags
;
77 ci
->state
= BT_CONNECTED
;
84 ci
->vendor
= session
->input
->id
.vendor
;
85 ci
->product
= session
->input
->id
.product
;
86 ci
->version
= session
->input
->id
.version
;
87 if (session
->input
->name
)
88 strncpy(ci
->name
, session
->input
->name
, 128);
90 strncpy(ci
->name
, "HID Boot Device", 128);
94 ci
->vendor
= session
->hid
->vendor
;
95 ci
->product
= session
->hid
->product
;
96 ci
->version
= session
->hid
->version
;
97 strncpy(ci
->name
, session
->hid
->name
, 128);
101 /* assemble skb, queue message on @transmit and wake up the session thread */
102 static int hidp_send_message(struct hidp_session
*session
, struct socket
*sock
,
103 struct sk_buff_head
*transmit
, unsigned char hdr
,
104 const unsigned char *data
, int size
)
107 struct sock
*sk
= sock
->sk
;
109 BT_DBG("session %p data %p size %d", session
, data
, size
);
111 if (atomic_read(&session
->terminate
))
114 skb
= alloc_skb(size
+ 1, GFP_ATOMIC
);
116 BT_ERR("Can't allocate memory for new frame");
120 *skb_put(skb
, 1) = hdr
;
121 if (data
&& size
> 0)
122 memcpy(skb_put(skb
, size
), data
, size
);
124 skb_queue_tail(transmit
, skb
);
125 wake_up_interruptible(sk_sleep(sk
));
130 static int hidp_send_ctrl_message(struct hidp_session
*session
,
131 unsigned char hdr
, const unsigned char *data
,
134 return hidp_send_message(session
, session
->ctrl_sock
,
135 &session
->ctrl_transmit
, hdr
, data
, size
);
138 static int hidp_send_intr_message(struct hidp_session
*session
,
139 unsigned char hdr
, const unsigned char *data
,
142 return hidp_send_message(session
, session
->intr_sock
,
143 &session
->intr_transmit
, hdr
, data
, size
);
146 static int hidp_input_event(struct input_dev
*dev
, unsigned int type
,
147 unsigned int code
, int value
)
149 struct hidp_session
*session
= input_get_drvdata(dev
);
150 unsigned char newleds
;
151 unsigned char hdr
, data
[2];
153 BT_DBG("session %p type %d code %d value %d",
154 session
, type
, code
, value
);
159 newleds
= (!!test_bit(LED_KANA
, dev
->led
) << 3) |
160 (!!test_bit(LED_COMPOSE
, dev
->led
) << 3) |
161 (!!test_bit(LED_SCROLLL
, dev
->led
) << 2) |
162 (!!test_bit(LED_CAPSL
, dev
->led
) << 1) |
163 (!!test_bit(LED_NUML
, dev
->led
));
165 if (session
->leds
== newleds
)
168 session
->leds
= newleds
;
170 hdr
= HIDP_TRANS_DATA
| HIDP_DATA_RTYPE_OUPUT
;
174 return hidp_send_intr_message(session
, hdr
, data
, 2);
177 static void hidp_input_report(struct hidp_session
*session
, struct sk_buff
*skb
)
179 struct input_dev
*dev
= session
->input
;
180 unsigned char *keys
= session
->keys
;
181 unsigned char *udata
= skb
->data
+ 1;
182 signed char *sdata
= skb
->data
+ 1;
183 int i
, size
= skb
->len
- 1;
185 switch (skb
->data
[0]) {
186 case 0x01: /* Keyboard report */
187 for (i
= 0; i
< 8; i
++)
188 input_report_key(dev
, hidp_keycode
[i
+ 224], (udata
[0] >> i
) & 1);
190 /* If all the key codes have been set to 0x01, it means
191 * too many keys were pressed at the same time. */
192 if (!memcmp(udata
+ 2, hidp_mkeyspat
, 6))
195 for (i
= 2; i
< 8; i
++) {
196 if (keys
[i
] > 3 && memscan(udata
+ 2, keys
[i
], 6) == udata
+ 8) {
197 if (hidp_keycode
[keys
[i
]])
198 input_report_key(dev
, hidp_keycode
[keys
[i
]], 0);
200 BT_ERR("Unknown key (scancode %#x) released.", keys
[i
]);
203 if (udata
[i
] > 3 && memscan(keys
+ 2, udata
[i
], 6) == keys
+ 8) {
204 if (hidp_keycode
[udata
[i
]])
205 input_report_key(dev
, hidp_keycode
[udata
[i
]], 1);
207 BT_ERR("Unknown key (scancode %#x) pressed.", udata
[i
]);
211 memcpy(keys
, udata
, 8);
214 case 0x02: /* Mouse report */
215 input_report_key(dev
, BTN_LEFT
, sdata
[0] & 0x01);
216 input_report_key(dev
, BTN_RIGHT
, sdata
[0] & 0x02);
217 input_report_key(dev
, BTN_MIDDLE
, sdata
[0] & 0x04);
218 input_report_key(dev
, BTN_SIDE
, sdata
[0] & 0x08);
219 input_report_key(dev
, BTN_EXTRA
, sdata
[0] & 0x10);
221 input_report_rel(dev
, REL_X
, sdata
[1]);
222 input_report_rel(dev
, REL_Y
, sdata
[2]);
225 input_report_rel(dev
, REL_WHEEL
, sdata
[3]);
232 static int hidp_send_report(struct hidp_session
*session
, struct hid_report
*report
)
234 unsigned char buf
[32], hdr
;
237 rsize
= ((report
->size
- 1) >> 3) + 1 + (report
->id
> 0);
238 if (rsize
> sizeof(buf
))
241 hid_output_report(report
, buf
);
242 hdr
= HIDP_TRANS_DATA
| HIDP_DATA_RTYPE_OUPUT
;
244 return hidp_send_intr_message(session
, hdr
, buf
, rsize
);
247 static int hidp_get_raw_report(struct hid_device
*hid
,
248 unsigned char report_number
,
249 unsigned char *data
, size_t count
,
250 unsigned char report_type
)
252 struct hidp_session
*session
= hid
->driver_data
;
255 int numbered_reports
= hid
->report_enum
[report_type
].numbered
;
258 if (atomic_read(&session
->terminate
))
261 switch (report_type
) {
262 case HID_FEATURE_REPORT
:
263 report_type
= HIDP_TRANS_GET_REPORT
| HIDP_DATA_RTYPE_FEATURE
;
265 case HID_INPUT_REPORT
:
266 report_type
= HIDP_TRANS_GET_REPORT
| HIDP_DATA_RTYPE_INPUT
;
268 case HID_OUTPUT_REPORT
:
269 report_type
= HIDP_TRANS_GET_REPORT
| HIDP_DATA_RTYPE_OUPUT
;
275 if (mutex_lock_interruptible(&session
->report_mutex
))
278 /* Set up our wait, and send the report request to the device. */
279 session
->waiting_report_type
= report_type
& HIDP_DATA_RTYPE_MASK
;
280 session
->waiting_report_number
= numbered_reports
? report_number
: -1;
281 set_bit(HIDP_WAITING_FOR_RETURN
, &session
->flags
);
282 data
[0] = report_number
;
283 ret
= hidp_send_ctrl_message(session
, report_type
, data
, 1);
287 /* Wait for the return of the report. The returned report
288 gets put in session->report_return. */
289 while (test_bit(HIDP_WAITING_FOR_RETURN
, &session
->flags
) &&
290 !atomic_read(&session
->terminate
)) {
293 res
= wait_event_interruptible_timeout(session
->report_queue
,
294 !test_bit(HIDP_WAITING_FOR_RETURN
, &session
->flags
)
295 || atomic_read(&session
->terminate
),
309 skb
= session
->report_return
;
311 len
= skb
->len
< count
? skb
->len
: count
;
312 memcpy(data
, skb
->data
, len
);
315 session
->report_return
= NULL
;
317 /* Device returned a HANDSHAKE, indicating protocol error. */
321 clear_bit(HIDP_WAITING_FOR_RETURN
, &session
->flags
);
322 mutex_unlock(&session
->report_mutex
);
327 clear_bit(HIDP_WAITING_FOR_RETURN
, &session
->flags
);
328 mutex_unlock(&session
->report_mutex
);
332 static int hidp_output_raw_report(struct hid_device
*hid
, unsigned char *data
, size_t count
,
333 unsigned char report_type
)
335 struct hidp_session
*session
= hid
->driver_data
;
338 switch (report_type
) {
339 case HID_FEATURE_REPORT
:
340 report_type
= HIDP_TRANS_SET_REPORT
| HIDP_DATA_RTYPE_FEATURE
;
342 case HID_OUTPUT_REPORT
:
343 report_type
= HIDP_TRANS_DATA
| HIDP_DATA_RTYPE_OUPUT
;
349 if (mutex_lock_interruptible(&session
->report_mutex
))
352 /* Set up our wait, and send the report request to the device. */
353 set_bit(HIDP_WAITING_FOR_SEND_ACK
, &session
->flags
);
354 ret
= hidp_send_ctrl_message(session
, report_type
, data
, count
);
358 /* Wait for the ACK from the device. */
359 while (test_bit(HIDP_WAITING_FOR_SEND_ACK
, &session
->flags
) &&
360 !atomic_read(&session
->terminate
)) {
363 res
= wait_event_interruptible_timeout(session
->report_queue
,
364 !test_bit(HIDP_WAITING_FOR_SEND_ACK
, &session
->flags
)
365 || atomic_read(&session
->terminate
),
379 if (!session
->output_report_success
) {
387 clear_bit(HIDP_WAITING_FOR_SEND_ACK
, &session
->flags
);
388 mutex_unlock(&session
->report_mutex
);
392 static void hidp_idle_timeout(unsigned long arg
)
394 struct hidp_session
*session
= (struct hidp_session
*) arg
;
396 hidp_session_terminate(session
);
399 static void hidp_set_timer(struct hidp_session
*session
)
401 if (session
->idle_to
> 0)
402 mod_timer(&session
->timer
, jiffies
+ HZ
* session
->idle_to
);
405 static void hidp_del_timer(struct hidp_session
*session
)
407 if (session
->idle_to
> 0)
408 del_timer(&session
->timer
);
411 static void hidp_process_handshake(struct hidp_session
*session
,
414 BT_DBG("session %p param 0x%02x", session
, param
);
415 session
->output_report_success
= 0; /* default condition */
418 case HIDP_HSHK_SUCCESSFUL
:
419 /* FIXME: Call into SET_ GET_ handlers here */
420 session
->output_report_success
= 1;
423 case HIDP_HSHK_NOT_READY
:
424 case HIDP_HSHK_ERR_INVALID_REPORT_ID
:
425 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST
:
426 case HIDP_HSHK_ERR_INVALID_PARAMETER
:
427 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN
, &session
->flags
))
428 wake_up_interruptible(&session
->report_queue
);
430 /* FIXME: Call into SET_ GET_ handlers here */
433 case HIDP_HSHK_ERR_UNKNOWN
:
436 case HIDP_HSHK_ERR_FATAL
:
437 /* Device requests a reboot, as this is the only way this error
438 * can be recovered. */
439 hidp_send_ctrl_message(session
,
440 HIDP_TRANS_HID_CONTROL
| HIDP_CTRL_SOFT_RESET
, NULL
, 0);
444 hidp_send_ctrl_message(session
,
445 HIDP_TRANS_HANDSHAKE
| HIDP_HSHK_ERR_INVALID_PARAMETER
, NULL
, 0);
449 /* Wake up the waiting thread. */
450 if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK
, &session
->flags
))
451 wake_up_interruptible(&session
->report_queue
);
454 static void hidp_process_hid_control(struct hidp_session
*session
,
457 BT_DBG("session %p param 0x%02x", session
, param
);
459 if (param
== HIDP_CTRL_VIRTUAL_CABLE_UNPLUG
) {
460 /* Flush the transmit queues */
461 skb_queue_purge(&session
->ctrl_transmit
);
462 skb_queue_purge(&session
->intr_transmit
);
464 hidp_session_terminate(session
);
468 /* Returns true if the passed-in skb should be freed by the caller. */
469 static int hidp_process_data(struct hidp_session
*session
, struct sk_buff
*skb
,
472 int done_with_skb
= 1;
473 BT_DBG("session %p skb %p len %d param 0x%02x", session
, skb
, skb
->len
, param
);
476 case HIDP_DATA_RTYPE_INPUT
:
477 hidp_set_timer(session
);
480 hidp_input_report(session
, skb
);
483 hid_input_report(session
->hid
, HID_INPUT_REPORT
, skb
->data
, skb
->len
, 0);
486 case HIDP_DATA_RTYPE_OTHER
:
487 case HIDP_DATA_RTYPE_OUPUT
:
488 case HIDP_DATA_RTYPE_FEATURE
:
492 hidp_send_ctrl_message(session
,
493 HIDP_TRANS_HANDSHAKE
| HIDP_HSHK_ERR_INVALID_PARAMETER
, NULL
, 0);
496 if (test_bit(HIDP_WAITING_FOR_RETURN
, &session
->flags
) &&
497 param
== session
->waiting_report_type
) {
498 if (session
->waiting_report_number
< 0 ||
499 session
->waiting_report_number
== skb
->data
[0]) {
500 /* hidp_get_raw_report() is waiting on this report. */
501 session
->report_return
= skb
;
503 clear_bit(HIDP_WAITING_FOR_RETURN
, &session
->flags
);
504 wake_up_interruptible(&session
->report_queue
);
508 return done_with_skb
;
511 static void hidp_recv_ctrl_frame(struct hidp_session
*session
,
514 unsigned char hdr
, type
, param
;
517 BT_DBG("session %p skb %p len %d", session
, skb
, skb
->len
);
522 type
= hdr
& HIDP_HEADER_TRANS_MASK
;
523 param
= hdr
& HIDP_HEADER_PARAM_MASK
;
526 case HIDP_TRANS_HANDSHAKE
:
527 hidp_process_handshake(session
, param
);
530 case HIDP_TRANS_HID_CONTROL
:
531 hidp_process_hid_control(session
, param
);
534 case HIDP_TRANS_DATA
:
535 free_skb
= hidp_process_data(session
, skb
, param
);
539 hidp_send_ctrl_message(session
,
540 HIDP_TRANS_HANDSHAKE
| HIDP_HSHK_ERR_UNSUPPORTED_REQUEST
, NULL
, 0);
548 static void hidp_recv_intr_frame(struct hidp_session
*session
,
553 BT_DBG("session %p skb %p len %d", session
, skb
, skb
->len
);
558 if (hdr
== (HIDP_TRANS_DATA
| HIDP_DATA_RTYPE_INPUT
)) {
559 hidp_set_timer(session
);
562 hidp_input_report(session
, skb
);
565 hid_input_report(session
->hid
, HID_INPUT_REPORT
, skb
->data
, skb
->len
, 1);
566 BT_DBG("report len %d", skb
->len
);
569 BT_DBG("Unsupported protocol header 0x%02x", hdr
);
575 static int hidp_send_frame(struct socket
*sock
, unsigned char *data
, int len
)
577 struct kvec iv
= { data
, len
};
580 BT_DBG("sock %p data %p len %d", sock
, data
, len
);
585 memset(&msg
, 0, sizeof(msg
));
587 return kernel_sendmsg(sock
, &msg
, &iv
, 1, len
);
590 /* dequeue message from @transmit and send via @sock */
591 static void hidp_process_transmit(struct hidp_session
*session
,
592 struct sk_buff_head
*transmit
,
598 BT_DBG("session %p", session
);
600 while ((skb
= skb_dequeue(transmit
))) {
601 ret
= hidp_send_frame(sock
, skb
->data
, skb
->len
);
602 if (ret
== -EAGAIN
) {
603 skb_queue_head(transmit
, skb
);
605 } else if (ret
< 0) {
606 hidp_session_terminate(session
);
611 hidp_set_timer(session
);
616 static int hidp_setup_input(struct hidp_session
*session
,
617 struct hidp_connadd_req
*req
)
619 struct input_dev
*input
;
622 input
= input_allocate_device();
626 session
->input
= input
;
628 input_set_drvdata(input
, session
);
630 input
->name
= "Bluetooth HID Boot Protocol Device";
632 input
->id
.bustype
= BUS_BLUETOOTH
;
633 input
->id
.vendor
= req
->vendor
;
634 input
->id
.product
= req
->product
;
635 input
->id
.version
= req
->version
;
637 if (req
->subclass
& 0x40) {
638 set_bit(EV_KEY
, input
->evbit
);
639 set_bit(EV_LED
, input
->evbit
);
640 set_bit(EV_REP
, input
->evbit
);
642 set_bit(LED_NUML
, input
->ledbit
);
643 set_bit(LED_CAPSL
, input
->ledbit
);
644 set_bit(LED_SCROLLL
, input
->ledbit
);
645 set_bit(LED_COMPOSE
, input
->ledbit
);
646 set_bit(LED_KANA
, input
->ledbit
);
648 for (i
= 0; i
< sizeof(hidp_keycode
); i
++)
649 set_bit(hidp_keycode
[i
], input
->keybit
);
650 clear_bit(0, input
->keybit
);
653 if (req
->subclass
& 0x80) {
654 input
->evbit
[0] = BIT_MASK(EV_KEY
) | BIT_MASK(EV_REL
);
655 input
->keybit
[BIT_WORD(BTN_MOUSE
)] = BIT_MASK(BTN_LEFT
) |
656 BIT_MASK(BTN_RIGHT
) | BIT_MASK(BTN_MIDDLE
);
657 input
->relbit
[0] = BIT_MASK(REL_X
) | BIT_MASK(REL_Y
);
658 input
->keybit
[BIT_WORD(BTN_MOUSE
)] |= BIT_MASK(BTN_SIDE
) |
660 input
->relbit
[0] |= BIT_MASK(REL_WHEEL
);
663 input
->dev
.parent
= &session
->conn
->hcon
->dev
;
665 input
->event
= hidp_input_event
;
670 static int hidp_open(struct hid_device
*hid
)
675 static void hidp_close(struct hid_device
*hid
)
679 static int hidp_parse(struct hid_device
*hid
)
681 struct hidp_session
*session
= hid
->driver_data
;
683 return hid_parse_report(session
->hid
, session
->rd_data
,
687 static int hidp_start(struct hid_device
*hid
)
689 struct hidp_session
*session
= hid
->driver_data
;
690 struct hid_report
*report
;
692 if (hid
->quirks
& HID_QUIRK_NO_INIT_REPORTS
)
695 list_for_each_entry(report
, &hid
->report_enum
[HID_INPUT_REPORT
].
697 hidp_send_report(session
, report
);
699 list_for_each_entry(report
, &hid
->report_enum
[HID_FEATURE_REPORT
].
701 hidp_send_report(session
, report
);
706 static void hidp_stop(struct hid_device
*hid
)
708 struct hidp_session
*session
= hid
->driver_data
;
710 skb_queue_purge(&session
->ctrl_transmit
);
711 skb_queue_purge(&session
->intr_transmit
);
716 static struct hid_ll_driver hidp_hid_driver
= {
724 /* This function sets up the hid device. It does not add it
725 to the HID system. That is done in hidp_add_connection(). */
726 static int hidp_setup_hid(struct hidp_session
*session
,
727 struct hidp_connadd_req
*req
)
729 struct hid_device
*hid
;
732 session
->rd_data
= kzalloc(req
->rd_size
, GFP_KERNEL
);
733 if (!session
->rd_data
)
736 if (copy_from_user(session
->rd_data
, req
->rd_data
, req
->rd_size
)) {
740 session
->rd_size
= req
->rd_size
;
742 hid
= hid_allocate_device();
750 hid
->driver_data
= session
;
752 hid
->bus
= BUS_BLUETOOTH
;
753 hid
->vendor
= req
->vendor
;
754 hid
->product
= req
->product
;
755 hid
->version
= req
->version
;
756 hid
->country
= req
->country
;
758 strncpy(hid
->name
, req
->name
, sizeof(req
->name
) - 1);
760 snprintf(hid
->phys
, sizeof(hid
->phys
), "%pMR",
761 &bt_sk(session
->ctrl_sock
->sk
)->src
);
763 snprintf(hid
->uniq
, sizeof(hid
->uniq
), "%pMR",
764 &bt_sk(session
->ctrl_sock
->sk
)->dst
);
766 hid
->dev
.parent
= &session
->conn
->hcon
->dev
;
767 hid
->ll_driver
= &hidp_hid_driver
;
769 hid
->hid_get_raw_report
= hidp_get_raw_report
;
770 hid
->hid_output_raw_report
= hidp_output_raw_report
;
772 /* True if device is blacklisted in drivers/hid/hid-core.c */
773 if (hid_ignore(hid
)) {
774 hid_destroy_device(session
->hid
);
782 kfree(session
->rd_data
);
783 session
->rd_data
= NULL
;
788 /* initialize session devices */
789 static int hidp_session_dev_init(struct hidp_session
*session
,
790 struct hidp_connadd_req
*req
)
794 if (req
->rd_size
> 0) {
795 ret
= hidp_setup_hid(session
, req
);
796 if (ret
&& ret
!= -ENODEV
)
801 ret
= hidp_setup_input(session
, req
);
809 /* destroy session devices */
810 static void hidp_session_dev_destroy(struct hidp_session
*session
)
813 put_device(&session
->hid
->dev
);
814 else if (session
->input
)
815 input_put_device(session
->input
);
817 kfree(session
->rd_data
);
818 session
->rd_data
= NULL
;
821 /* add HID/input devices to their underlying bus systems */
822 static int hidp_session_dev_add(struct hidp_session
*session
)
826 /* Both HID and input systems drop a ref-count when unregistering the
827 * device but they don't take a ref-count when registering them. Work
828 * around this by explicitly taking a refcount during registration
829 * which is dropped automatically by unregistering the devices. */
832 ret
= hid_add_device(session
->hid
);
835 get_device(&session
->hid
->dev
);
836 } else if (session
->input
) {
837 ret
= input_register_device(session
->input
);
840 input_get_device(session
->input
);
846 /* remove HID/input devices from their bus systems */
847 static void hidp_session_dev_del(struct hidp_session
*session
)
850 hid_destroy_device(session
->hid
);
851 else if (session
->input
)
852 input_unregister_device(session
->input
);
856 * Create new session object
857 * Allocate session object, initialize static fields, copy input data into the
858 * object and take a reference to all sub-objects.
859 * This returns 0 on success and puts a pointer to the new session object in
860 * \out. Otherwise, an error code is returned.
861 * The new session object has an initial ref-count of 1.
863 static int hidp_session_new(struct hidp_session
**out
, const bdaddr_t
*bdaddr
,
864 struct socket
*ctrl_sock
,
865 struct socket
*intr_sock
,
866 struct hidp_connadd_req
*req
,
867 struct l2cap_conn
*conn
)
869 struct hidp_session
*session
;
871 struct bt_sock
*ctrl
, *intr
;
873 ctrl
= bt_sk(ctrl_sock
->sk
);
874 intr
= bt_sk(intr_sock
->sk
);
876 session
= kzalloc(sizeof(*session
), GFP_KERNEL
);
880 /* object and runtime management */
881 kref_init(&session
->ref
);
882 atomic_set(&session
->state
, HIDP_SESSION_IDLING
);
883 init_waitqueue_head(&session
->state_queue
);
884 session
->flags
= req
->flags
& (1 << HIDP_BLUETOOTH_VENDOR_ID
);
886 /* connection management */
887 bacpy(&session
->bdaddr
, bdaddr
);
888 session
->conn
= conn
;
889 session
->user
.probe
= hidp_session_probe
;
890 session
->user
.remove
= hidp_session_remove
;
891 session
->ctrl_sock
= ctrl_sock
;
892 session
->intr_sock
= intr_sock
;
893 skb_queue_head_init(&session
->ctrl_transmit
);
894 skb_queue_head_init(&session
->intr_transmit
);
895 session
->ctrl_mtu
= min_t(uint
, l2cap_pi(ctrl
)->chan
->omtu
,
896 l2cap_pi(ctrl
)->chan
->imtu
);
897 session
->intr_mtu
= min_t(uint
, l2cap_pi(intr
)->chan
->omtu
,
898 l2cap_pi(intr
)->chan
->imtu
);
899 session
->idle_to
= req
->idle_to
;
901 /* device management */
902 setup_timer(&session
->timer
, hidp_idle_timeout
,
903 (unsigned long)session
);
906 mutex_init(&session
->report_mutex
);
907 init_waitqueue_head(&session
->report_queue
);
909 ret
= hidp_session_dev_init(session
, req
);
913 l2cap_conn_get(session
->conn
);
914 get_file(session
->intr_sock
->file
);
915 get_file(session
->ctrl_sock
->file
);
924 /* increase ref-count of the given session by one */
925 static void hidp_session_get(struct hidp_session
*session
)
927 kref_get(&session
->ref
);
930 /* release callback */
931 static void session_free(struct kref
*ref
)
933 struct hidp_session
*session
= container_of(ref
, struct hidp_session
,
936 hidp_session_dev_destroy(session
);
937 skb_queue_purge(&session
->ctrl_transmit
);
938 skb_queue_purge(&session
->intr_transmit
);
939 fput(session
->intr_sock
->file
);
940 fput(session
->ctrl_sock
->file
);
941 l2cap_conn_put(session
->conn
);
945 /* decrease ref-count of the given session by one */
946 static void hidp_session_put(struct hidp_session
*session
)
948 kref_put(&session
->ref
, session_free
);
952 * Search the list of active sessions for a session with target address
953 * \bdaddr. You must hold at least a read-lock on \hidp_session_sem. As long as
954 * you do not release this lock, the session objects cannot vanish and you can
955 * safely take a reference to the session yourself.
957 static struct hidp_session
*__hidp_session_find(const bdaddr_t
*bdaddr
)
959 struct hidp_session
*session
;
961 list_for_each_entry(session
, &hidp_session_list
, list
) {
962 if (!bacmp(bdaddr
, &session
->bdaddr
))
970 * Same as __hidp_session_find() but no locks must be held. This also takes a
971 * reference of the returned session (if non-NULL) so you must drop this
972 * reference if you no longer use the object.
974 static struct hidp_session
*hidp_session_find(const bdaddr_t
*bdaddr
)
976 struct hidp_session
*session
;
978 down_read(&hidp_session_sem
);
980 session
= __hidp_session_find(bdaddr
);
982 hidp_session_get(session
);
984 up_read(&hidp_session_sem
);
990 * Start session synchronously
991 * This starts a session thread and waits until initialization
992 * is done or returns an error if it couldn't be started.
993 * If this returns 0 the session thread is up and running. You must call
994 * hipd_session_stop_sync() before deleting any runtime resources.
996 static int hidp_session_start_sync(struct hidp_session
*session
)
998 unsigned int vendor
, product
;
1001 vendor
= session
->hid
->vendor
;
1002 product
= session
->hid
->product
;
1003 } else if (session
->input
) {
1004 vendor
= session
->input
->id
.vendor
;
1005 product
= session
->input
->id
.product
;
1011 session
->task
= kthread_run(hidp_session_thread
, session
,
1012 "khidpd_%04x%04x", vendor
, product
);
1013 if (IS_ERR(session
->task
))
1014 return PTR_ERR(session
->task
);
1016 while (atomic_read(&session
->state
) <= HIDP_SESSION_IDLING
)
1017 wait_event(session
->state_queue
,
1018 atomic_read(&session
->state
) > HIDP_SESSION_IDLING
);
1024 * Terminate session thread
1025 * Wake up session thread and notify it to stop. This is asynchronous and
1026 * returns immediately. Call this whenever a runtime error occurs and you want
1027 * the session to stop.
1028 * Note: wake_up_process() performs any necessary memory-barriers for us.
1030 static void hidp_session_terminate(struct hidp_session
*session
)
1032 atomic_inc(&session
->terminate
);
1033 wake_up_process(session
->task
);
1037 * Probe HIDP session
1038 * This is called from the l2cap_conn core when our l2cap_user object is bound
1039 * to the hci-connection. We get the session via the \user object and can now
1040 * start the session thread, register the HID/input devices and link it into
1041 * the global session list.
1042 * The global session-list owns its own reference to the session object so you
1043 * can drop your own reference after registering the l2cap_user object.
1045 static int hidp_session_probe(struct l2cap_conn
*conn
,
1046 struct l2cap_user
*user
)
1048 struct hidp_session
*session
= container_of(user
,
1049 struct hidp_session
,
1051 struct hidp_session
*s
;
1054 down_write(&hidp_session_sem
);
1056 /* check that no other session for this device exists */
1057 s
= __hidp_session_find(&session
->bdaddr
);
1063 ret
= hidp_session_start_sync(session
);
1067 ret
= hidp_session_dev_add(session
);
1071 hidp_session_get(session
);
1072 list_add(&session
->list
, &hidp_session_list
);
1077 hidp_session_terminate(session
);
1079 up_write(&hidp_session_sem
);
1084 * Remove HIDP session
1085 * Called from the l2cap_conn core when either we explicitly unregistered
1086 * the l2cap_user object or if the underlying connection is shut down.
1087 * We signal the hidp-session thread to shut down, unregister the HID/input
1088 * devices and unlink the session from the global list.
1089 * This drops the reference to the session that is owned by the global
1091 * Note: We _must_ not synchronosly wait for the session-thread to shut down.
1092 * This is, because the session-thread might be waiting for an HCI lock that is
1093 * held while we are called. Therefore, we only unregister the devices and
1094 * notify the session-thread to terminate. The thread itself owns a reference
1095 * to the session object so it can safely shut down.
1097 static void hidp_session_remove(struct l2cap_conn
*conn
,
1098 struct l2cap_user
*user
)
1100 struct hidp_session
*session
= container_of(user
,
1101 struct hidp_session
,
1104 down_write(&hidp_session_sem
);
1106 hidp_session_terminate(session
);
1107 hidp_session_dev_del(session
);
1108 list_del(&session
->list
);
1110 up_write(&hidp_session_sem
);
1112 hidp_session_put(session
);
1117 * This performs the actual main-loop of the HIDP worker. We first check
1118 * whether the underlying connection is still alive, then parse all pending
1119 * messages and finally send all outstanding messages.
1121 static void hidp_session_run(struct hidp_session
*session
)
1123 struct sock
*ctrl_sk
= session
->ctrl_sock
->sk
;
1124 struct sock
*intr_sk
= session
->intr_sock
->sk
;
1125 struct sk_buff
*skb
;
1129 * This thread can be woken up two ways:
1130 * - You call hidp_session_terminate() which sets the
1131 * session->terminate flag and wakes this thread up.
1132 * - Via modifying the socket state of ctrl/intr_sock. This
1133 * thread is woken up by ->sk_state_changed().
1135 * Note: set_current_state() performs any necessary
1136 * memory-barriers for us.
1138 set_current_state(TASK_INTERRUPTIBLE
);
1140 if (atomic_read(&session
->terminate
))
1143 if (ctrl_sk
->sk_state
!= BT_CONNECTED
||
1144 intr_sk
->sk_state
!= BT_CONNECTED
)
1147 /* parse incoming intr-skbs */
1148 while ((skb
= skb_dequeue(&intr_sk
->sk_receive_queue
))) {
1150 if (!skb_linearize(skb
))
1151 hidp_recv_intr_frame(session
, skb
);
1156 /* send pending intr-skbs */
1157 hidp_process_transmit(session
, &session
->intr_transmit
,
1158 session
->intr_sock
);
1160 /* parse incoming ctrl-skbs */
1161 while ((skb
= skb_dequeue(&ctrl_sk
->sk_receive_queue
))) {
1163 if (!skb_linearize(skb
))
1164 hidp_recv_ctrl_frame(session
, skb
);
1169 /* send pending ctrl-skbs */
1170 hidp_process_transmit(session
, &session
->ctrl_transmit
,
1171 session
->ctrl_sock
);
1176 atomic_inc(&session
->terminate
);
1177 set_current_state(TASK_RUNNING
);
1181 * HIDP session thread
1182 * This thread runs the I/O for a single HIDP session. Startup is synchronous
1183 * which allows us to take references to ourself here instead of doing that in
1185 * When we are ready to run we notify the caller and call hidp_session_run().
1187 static int hidp_session_thread(void *arg
)
1189 struct hidp_session
*session
= arg
;
1190 wait_queue_t ctrl_wait
, intr_wait
;
1192 BT_DBG("session %p", session
);
1194 /* initialize runtime environment */
1195 hidp_session_get(session
);
1196 __module_get(THIS_MODULE
);
1197 set_user_nice(current
, -15);
1198 hidp_set_timer(session
);
1200 init_waitqueue_entry(&ctrl_wait
, current
);
1201 init_waitqueue_entry(&intr_wait
, current
);
1202 add_wait_queue(sk_sleep(session
->ctrl_sock
->sk
), &ctrl_wait
);
1203 add_wait_queue(sk_sleep(session
->intr_sock
->sk
), &intr_wait
);
1204 /* This memory barrier is paired with wq_has_sleeper(). See
1205 * sock_poll_wait() for more information why this is needed. */
1208 /* notify synchronous startup that we're ready */
1209 atomic_inc(&session
->state
);
1210 wake_up(&session
->state_queue
);
1213 hidp_session_run(session
);
1215 /* cleanup runtime environment */
1216 remove_wait_queue(sk_sleep(session
->intr_sock
->sk
), &intr_wait
);
1217 remove_wait_queue(sk_sleep(session
->intr_sock
->sk
), &ctrl_wait
);
1218 wake_up_interruptible(&session
->report_queue
);
1219 hidp_del_timer(session
);
1222 * If we stopped ourself due to any internal signal, we should try to
1223 * unregister our own session here to avoid having it linger until the
1224 * parent l2cap_conn dies or user-space cleans it up.
1225 * This does not deadlock as we don't do any synchronous shutdown.
1226 * Instead, this call has the same semantics as if user-space tried to
1227 * delete the session.
1229 l2cap_unregister_user(session
->conn
, &session
->user
);
1230 hidp_session_put(session
);
1232 module_put_and_exit(0);
1236 static int hidp_verify_sockets(struct socket
*ctrl_sock
,
1237 struct socket
*intr_sock
)
1239 struct bt_sock
*ctrl
, *intr
;
1240 struct hidp_session
*session
;
1242 if (!l2cap_is_socket(ctrl_sock
) || !l2cap_is_socket(intr_sock
))
1245 ctrl
= bt_sk(ctrl_sock
->sk
);
1246 intr
= bt_sk(intr_sock
->sk
);
1248 if (bacmp(&ctrl
->src
, &intr
->src
) || bacmp(&ctrl
->dst
, &intr
->dst
))
1250 if (ctrl
->sk
.sk_state
!= BT_CONNECTED
||
1251 intr
->sk
.sk_state
!= BT_CONNECTED
)
1254 /* early session check, we check again during session registration */
1255 session
= hidp_session_find(&ctrl
->dst
);
1257 hidp_session_put(session
);
1264 int hidp_connection_add(struct hidp_connadd_req
*req
,
1265 struct socket
*ctrl_sock
,
1266 struct socket
*intr_sock
)
1268 struct hidp_session
*session
;
1269 struct l2cap_conn
*conn
;
1270 struct l2cap_chan
*chan
= l2cap_pi(ctrl_sock
->sk
)->chan
;
1273 ret
= hidp_verify_sockets(ctrl_sock
, intr_sock
);
1278 l2cap_chan_lock(chan
);
1280 l2cap_conn_get(chan
->conn
);
1283 l2cap_chan_unlock(chan
);
1288 ret
= hidp_session_new(&session
, &bt_sk(ctrl_sock
->sk
)->dst
, ctrl_sock
,
1289 intr_sock
, req
, conn
);
1293 ret
= l2cap_register_user(conn
, &session
->user
);
1300 hidp_session_put(session
);
1302 l2cap_conn_put(conn
);
1306 int hidp_connection_del(struct hidp_conndel_req
*req
)
1308 struct hidp_session
*session
;
1310 session
= hidp_session_find(&req
->bdaddr
);
1314 if (req
->flags
& (1 << HIDP_VIRTUAL_CABLE_UNPLUG
))
1315 hidp_send_ctrl_message(session
,
1316 HIDP_TRANS_HID_CONTROL
|
1317 HIDP_CTRL_VIRTUAL_CABLE_UNPLUG
,
1320 l2cap_unregister_user(session
->conn
, &session
->user
);
1322 hidp_session_put(session
);
1327 int hidp_get_connlist(struct hidp_connlist_req
*req
)
1329 struct hidp_session
*session
;
1334 down_read(&hidp_session_sem
);
1336 list_for_each_entry(session
, &hidp_session_list
, list
) {
1337 struct hidp_conninfo ci
;
1339 hidp_copy_session(session
, &ci
);
1341 if (copy_to_user(req
->ci
, &ci
, sizeof(ci
))) {
1346 if (++n
>= req
->cnum
)
1353 up_read(&hidp_session_sem
);
1357 int hidp_get_conninfo(struct hidp_conninfo
*ci
)
1359 struct hidp_session
*session
;
1361 session
= hidp_session_find(&ci
->bdaddr
);
1363 hidp_copy_session(session
, ci
);
1364 hidp_session_put(session
);
1367 return session
? 0 : -ENOENT
;
1370 static int __init
hidp_init(void)
1372 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION
);
1374 return hidp_init_sockets();
1377 static void __exit
hidp_exit(void)
1379 hidp_cleanup_sockets();
1382 module_init(hidp_init
);
1383 module_exit(hidp_exit
);
1385 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1386 MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>");
1387 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION
);
1388 MODULE_VERSION(VERSION
);
1389 MODULE_LICENSE("GPL");
1390 MODULE_ALIAS("bt-proto-6");