projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Bluetooth: hidp: don't send boot-protocol messages as HID-reports
[deliverable/linux.git] / net / bluetooth / hidp / core.c
1 /*
2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4 Copyright (C) 2013 David Herrmann <dh.herrmann@gmail.com>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22 */
23
24 #include <linux/kref.h>
25 #include <linux/module.h>
26 #include <linux/file.h>
27 #include <linux/kthread.h>
28 #include <linux/hidraw.h>
29
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/l2cap.h>
33
34 #include "hidp.h"
35
36 #define VERSION "1.2"
37
38 static DECLARE_RWSEM(hidp_session_sem);
39 static LIST_HEAD(hidp_session_list);
40
41 static unsigned char hidp_keycode[256] = {
42 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36,
43 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45,
44 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1,
45 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52,
46 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88,
47 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69,
48 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73,
49 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
50 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
51 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94,
52 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0,
53 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
54 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
55 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
56 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
57 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
58 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115,
59 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
60 };
61
62 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
63
64 static int hidp_session_probe(struct l2cap_conn *conn,
65 struct l2cap_user *user);
66 static void hidp_session_remove(struct l2cap_conn *conn,
67 struct l2cap_user *user);
68 static int hidp_session_thread(void *arg);
69 static void hidp_session_terminate(struct hidp_session *s);
70
71 static void hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
72 {
73 memset(ci, 0, sizeof(*ci));
74 bacpy(&ci->bdaddr, &session->bdaddr);
75
76 ci->flags = session->flags;
77 ci->state = BT_CONNECTED;
78
79 ci->vendor = 0x0000;
80 ci->product = 0x0000;
81 ci->version = 0x0000;
82
83 if (session->input) {
84 ci->vendor = session->input->id.vendor;
85 ci->product = session->input->id.product;
86 ci->version = session->input->id.version;
87 if (session->input->name)
88 strncpy(ci->name, session->input->name, 128);
89 else
90 strncpy(ci->name, "HID Boot Device", 128);
91 }
92
93 if (session->hid) {
94 ci->vendor = session->hid->vendor;
95 ci->product = session->hid->product;
96 ci->version = session->hid->version;
97 strncpy(ci->name, session->hid->name, 128);
98 }
99 }
100
101 /* assemble skb, queue message on @transmit and wake up the session thread */
102 static int hidp_send_message(struct hidp_session *session, struct socket *sock,
103 struct sk_buff_head *transmit, unsigned char hdr,
104 const unsigned char *data, int size)
105 {
106 struct sk_buff *skb;
107 struct sock *sk = sock->sk;
108
109 BT_DBG("session %p data %p size %d", session, data, size);
110
111 if (atomic_read(&session->terminate))
112 return -EIO;
113
114 skb = alloc_skb(size + 1, GFP_ATOMIC);
115 if (!skb) {
116 BT_ERR("Can't allocate memory for new frame");
117 return -ENOMEM;
118 }
119
120 *skb_put(skb, 1) = hdr;
121 if (data && size > 0)
122 memcpy(skb_put(skb, size), data, size);
123
124 skb_queue_tail(transmit, skb);
125 wake_up_interruptible(sk_sleep(sk));
126
127 return 0;
128 }
129
130 static int hidp_send_ctrl_message(struct hidp_session *session,
131 unsigned char hdr, const unsigned char *data,
132 int size)
133 {
134 return hidp_send_message(session, session->ctrl_sock,
135 &session->ctrl_transmit, hdr, data, size);
136 }
137
138 static int hidp_send_intr_message(struct hidp_session *session,
139 unsigned char hdr, const unsigned char *data,
140 int size)
141 {
142 return hidp_send_message(session, session->intr_sock,
143 &session->intr_transmit, hdr, data, size);
144 }
145
146 static int hidp_input_event(struct input_dev *dev, unsigned int type,
147 unsigned int code, int value)
148 {
149 struct hidp_session *session = input_get_drvdata(dev);
150 unsigned char newleds;
151 unsigned char hdr, data[2];
152
153 BT_DBG("session %p type %d code %d value %d",
154 session, type, code, value);
155
156 if (type != EV_LED)
157 return -1;
158
159 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
160 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
161 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
162 (!!test_bit(LED_CAPSL, dev->led) << 1) |
163 (!!test_bit(LED_NUML, dev->led));
164
165 if (session->leds == newleds)
166 return 0;
167
168 session->leds = newleds;
169
170 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
171 data[0] = 0x01;
172 data[1] = newleds;
173
174 return hidp_send_intr_message(session, hdr, data, 2);
175 }
176
177 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
178 {
179 struct input_dev *dev = session->input;
180 unsigned char *keys = session->keys;
181 unsigned char *udata = skb->data + 1;
182 signed char *sdata = skb->data + 1;
183 int i, size = skb->len - 1;
184
185 switch (skb->data[0]) {
186 case 0x01: /* Keyboard report */
187 for (i = 0; i < 8; i++)
188 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
189
190 /* If all the key codes have been set to 0x01, it means
191 * too many keys were pressed at the same time. */
192 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
193 break;
194
195 for (i = 2; i < 8; i++) {
196 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
197 if (hidp_keycode[keys[i]])
198 input_report_key(dev, hidp_keycode[keys[i]], 0);
199 else
200 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
201 }
202
203 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
204 if (hidp_keycode[udata[i]])
205 input_report_key(dev, hidp_keycode[udata[i]], 1);
206 else
207 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
208 }
209 }
210
211 memcpy(keys, udata, 8);
212 break;
213
214 case 0x02: /* Mouse report */
215 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
216 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
217 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
218 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
219 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
220
221 input_report_rel(dev, REL_X, sdata[1]);
222 input_report_rel(dev, REL_Y, sdata[2]);
223
224 if (size > 3)
225 input_report_rel(dev, REL_WHEEL, sdata[3]);
226 break;
227 }
228
229 input_sync(dev);
230 }
231
232 static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
233 {
234 unsigned char buf[32], hdr;
235 int rsize;
236
237 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
238 if (rsize > sizeof(buf))
239 return -EIO;
240
241 hid_output_report(report, buf);
242 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
243
244 return hidp_send_intr_message(session, hdr, buf, rsize);
245 }
246
247 static int hidp_get_raw_report(struct hid_device *hid,
248 unsigned char report_number,
249 unsigned char *data, size_t count,
250 unsigned char report_type)
251 {
252 struct hidp_session *session = hid->driver_data;
253 struct sk_buff *skb;
254 size_t len;
255 int numbered_reports = hid->report_enum[report_type].numbered;
256 int ret;
257
258 if (atomic_read(&session->terminate))
259 return -EIO;
260
261 switch (report_type) {
262 case HID_FEATURE_REPORT:
263 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
264 break;
265 case HID_INPUT_REPORT:
266 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
267 break;
268 case HID_OUTPUT_REPORT:
269 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
270 break;
271 default:
272 return -EINVAL;
273 }
274
275 if (mutex_lock_interruptible(&session->report_mutex))
276 return -ERESTARTSYS;
277
278 /* Set up our wait, and send the report request to the device. */
279 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
280 session->waiting_report_number = numbered_reports ? report_number : -1;
281 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
282 data[0] = report_number;
283 ret = hidp_send_ctrl_message(session, report_type, data, 1);
284 if (ret)
285 goto err;
286
287 /* Wait for the return of the report. The returned report
288 gets put in session->report_return. */
289 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
290 !atomic_read(&session->terminate)) {
291 int res;
292
293 res = wait_event_interruptible_timeout(session->report_queue,
294 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)
295 || atomic_read(&session->terminate),
296 5*HZ);
297 if (res == 0) {
298 /* timeout */
299 ret = -EIO;
300 goto err;
301 }
302 if (res < 0) {
303 /* signal */
304 ret = -ERESTARTSYS;
305 goto err;
306 }
307 }
308
309 skb = session->report_return;
310 if (skb) {
311 len = skb->len < count ? skb->len : count;
312 memcpy(data, skb->data, len);
313
314 kfree_skb(skb);
315 session->report_return = NULL;
316 } else {
317 /* Device returned a HANDSHAKE, indicating protocol error. */
318 len = -EIO;
319 }
320
321 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
322 mutex_unlock(&session->report_mutex);
323
324 return len;
325
326 err:
327 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
328 mutex_unlock(&session->report_mutex);
329 return ret;
330 }
331
332 static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
333 unsigned char report_type)
334 {
335 struct hidp_session *session = hid->driver_data;
336 int ret;
337
338 switch (report_type) {
339 case HID_FEATURE_REPORT:
340 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
341 break;
342 case HID_OUTPUT_REPORT:
343 report_type = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
344 break;
345 default:
346 return -EINVAL;
347 }
348
349 if (mutex_lock_interruptible(&session->report_mutex))
350 return -ERESTARTSYS;
351
352 /* Set up our wait, and send the report request to the device. */
353 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
354 ret = hidp_send_ctrl_message(session, report_type, data, count);
355 if (ret)
356 goto err;
357
358 /* Wait for the ACK from the device. */
359 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) &&
360 !atomic_read(&session->terminate)) {
361 int res;
362
363 res = wait_event_interruptible_timeout(session->report_queue,
364 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)
365 || atomic_read(&session->terminate),
366 10*HZ);
367 if (res == 0) {
368 /* timeout */
369 ret = -EIO;
370 goto err;
371 }
372 if (res < 0) {
373 /* signal */
374 ret = -ERESTARTSYS;
375 goto err;
376 }
377 }
378
379 if (!session->output_report_success) {
380 ret = -EIO;
381 goto err;
382 }
383
384 ret = count;
385
386 err:
387 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
388 mutex_unlock(&session->report_mutex);
389 return ret;
390 }
391
392 static void hidp_idle_timeout(unsigned long arg)
393 {
394 struct hidp_session *session = (struct hidp_session *) arg;
395
396 hidp_session_terminate(session);
397 }
398
399 static void hidp_set_timer(struct hidp_session *session)
400 {
401 if (session->idle_to > 0)
402 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
403 }
404
405 static void hidp_del_timer(struct hidp_session *session)
406 {
407 if (session->idle_to > 0)
408 del_timer(&session->timer);
409 }
410
411 static void hidp_process_handshake(struct hidp_session *session,
412 unsigned char param)
413 {
414 BT_DBG("session %p param 0x%02x", session, param);
415 session->output_report_success = 0; /* default condition */
416
417 switch (param) {
418 case HIDP_HSHK_SUCCESSFUL:
419 /* FIXME: Call into SET_ GET_ handlers here */
420 session->output_report_success = 1;
421 break;
422
423 case HIDP_HSHK_NOT_READY:
424 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
425 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
426 case HIDP_HSHK_ERR_INVALID_PARAMETER:
427 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags))
428 wake_up_interruptible(&session->report_queue);
429
430 /* FIXME: Call into SET_ GET_ handlers here */
431 break;
432
433 case HIDP_HSHK_ERR_UNKNOWN:
434 break;
435
436 case HIDP_HSHK_ERR_FATAL:
437 /* Device requests a reboot, as this is the only way this error
438 * can be recovered. */
439 hidp_send_ctrl_message(session,
440 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
441 break;
442
443 default:
444 hidp_send_ctrl_message(session,
445 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
446 break;
447 }
448
449 /* Wake up the waiting thread. */
450 if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags))
451 wake_up_interruptible(&session->report_queue);
452 }
453
454 static void hidp_process_hid_control(struct hidp_session *session,
455 unsigned char param)
456 {
457 BT_DBG("session %p param 0x%02x", session, param);
458
459 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
460 /* Flush the transmit queues */
461 skb_queue_purge(&session->ctrl_transmit);
462 skb_queue_purge(&session->intr_transmit);
463
464 hidp_session_terminate(session);
465 }
466 }
467
468 /* Returns true if the passed-in skb should be freed by the caller. */
469 static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
470 unsigned char param)
471 {
472 int done_with_skb = 1;
473 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
474
475 switch (param) {
476 case HIDP_DATA_RTYPE_INPUT:
477 hidp_set_timer(session);
478
479 if (session->input)
480 hidp_input_report(session, skb);
481
482 if (session->hid)
483 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
484 break;
485
486 case HIDP_DATA_RTYPE_OTHER:
487 case HIDP_DATA_RTYPE_OUPUT:
488 case HIDP_DATA_RTYPE_FEATURE:
489 break;
490
491 default:
492 hidp_send_ctrl_message(session,
493 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
494 }
495
496 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
497 param == session->waiting_report_type) {
498 if (session->waiting_report_number < 0 ||
499 session->waiting_report_number == skb->data[0]) {
500 /* hidp_get_raw_report() is waiting on this report. */
501 session->report_return = skb;
502 done_with_skb = 0;
503 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
504 wake_up_interruptible(&session->report_queue);
505 }
506 }
507
508 return done_with_skb;
509 }
510
511 static void hidp_recv_ctrl_frame(struct hidp_session *session,
512 struct sk_buff *skb)
513 {
514 unsigned char hdr, type, param;
515 int free_skb = 1;
516
517 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
518
519 hdr = skb->data[0];
520 skb_pull(skb, 1);
521
522 type = hdr & HIDP_HEADER_TRANS_MASK;
523 param = hdr & HIDP_HEADER_PARAM_MASK;
524
525 switch (type) {
526 case HIDP_TRANS_HANDSHAKE:
527 hidp_process_handshake(session, param);
528 break;
529
530 case HIDP_TRANS_HID_CONTROL:
531 hidp_process_hid_control(session, param);
532 break;
533
534 case HIDP_TRANS_DATA:
535 free_skb = hidp_process_data(session, skb, param);
536 break;
537
538 default:
539 hidp_send_ctrl_message(session,
540 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
541 break;
542 }
543
544 if (free_skb)
545 kfree_skb(skb);
546 }
547
548 static void hidp_recv_intr_frame(struct hidp_session *session,
549 struct sk_buff *skb)
550 {
551 unsigned char hdr;
552
553 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
554
555 hdr = skb->data[0];
556 skb_pull(skb, 1);
557
558 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
559 hidp_set_timer(session);
560
561 if (session->input)
562 hidp_input_report(session, skb);
563
564 if (session->hid) {
565 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
566 BT_DBG("report len %d", skb->len);
567 }
568 } else {
569 BT_DBG("Unsupported protocol header 0x%02x", hdr);
570 }
571
572 kfree_skb(skb);
573 }
574
575 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
576 {
577 struct kvec iv = { data, len };
578 struct msghdr msg;
579
580 BT_DBG("sock %p data %p len %d", sock, data, len);
581
582 if (!len)
583 return 0;
584
585 memset(&msg, 0, sizeof(msg));
586
587 return kernel_sendmsg(sock, &msg, &iv, 1, len);
588 }
589
590 /* dequeue message from @transmit and send via @sock */
591 static void hidp_process_transmit(struct hidp_session *session,
592 struct sk_buff_head *transmit,
593 struct socket *sock)
594 {
595 struct sk_buff *skb;
596 int ret;
597
598 BT_DBG("session %p", session);
599
600 while ((skb = skb_dequeue(transmit))) {
601 ret = hidp_send_frame(sock, skb->data, skb->len);
602 if (ret == -EAGAIN) {
603 skb_queue_head(transmit, skb);
604 break;
605 } else if (ret < 0) {
606 hidp_session_terminate(session);
607 kfree_skb(skb);
608 break;
609 }
610
611 hidp_set_timer(session);
612 kfree_skb(skb);
613 }
614 }
615
616 static int hidp_setup_input(struct hidp_session *session,
617 struct hidp_connadd_req *req)
618 {
619 struct input_dev *input;
620 int i;
621
622 input = input_allocate_device();
623 if (!input)
624 return -ENOMEM;
625
626 session->input = input;
627
628 input_set_drvdata(input, session);
629
630 input->name = "Bluetooth HID Boot Protocol Device";
631
632 input->id.bustype = BUS_BLUETOOTH;
633 input->id.vendor = req->vendor;
634 input->id.product = req->product;
635 input->id.version = req->version;
636
637 if (req->subclass & 0x40) {
638 set_bit(EV_KEY, input->evbit);
639 set_bit(EV_LED, input->evbit);
640 set_bit(EV_REP, input->evbit);
641
642 set_bit(LED_NUML, input->ledbit);
643 set_bit(LED_CAPSL, input->ledbit);
644 set_bit(LED_SCROLLL, input->ledbit);
645 set_bit(LED_COMPOSE, input->ledbit);
646 set_bit(LED_KANA, input->ledbit);
647
648 for (i = 0; i < sizeof(hidp_keycode); i++)
649 set_bit(hidp_keycode[i], input->keybit);
650 clear_bit(0, input->keybit);
651 }
652
653 if (req->subclass & 0x80) {
654 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
655 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
656 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
657 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
658 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
659 BIT_MASK(BTN_EXTRA);
660 input->relbit[0] |= BIT_MASK(REL_WHEEL);
661 }
662
663 input->dev.parent = &session->conn->hcon->dev;
664
665 input->event = hidp_input_event;
666
667 return 0;
668 }
669
670 static int hidp_open(struct hid_device *hid)
671 {
672 return 0;
673 }
674
675 static void hidp_close(struct hid_device *hid)
676 {
677 }
678
679 static int hidp_parse(struct hid_device *hid)
680 {
681 struct hidp_session *session = hid->driver_data;
682
683 return hid_parse_report(session->hid, session->rd_data,
684 session->rd_size);
685 }
686
687 static int hidp_start(struct hid_device *hid)
688 {
689 struct hidp_session *session = hid->driver_data;
690 struct hid_report *report;
691
692 if (hid->quirks & HID_QUIRK_NO_INIT_REPORTS)
693 return 0;
694
695 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
696 report_list, list)
697 hidp_send_report(session, report);
698
699 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
700 report_list, list)
701 hidp_send_report(session, report);
702
703 return 0;
704 }
705
706 static void hidp_stop(struct hid_device *hid)
707 {
708 struct hidp_session *session = hid->driver_data;
709
710 skb_queue_purge(&session->ctrl_transmit);
711 skb_queue_purge(&session->intr_transmit);
712
713 hid->claimed = 0;
714 }
715
716 static struct hid_ll_driver hidp_hid_driver = {
717 .parse = hidp_parse,
718 .start = hidp_start,
719 .stop = hidp_stop,
720 .open = hidp_open,
721 .close = hidp_close,
722 };
723
724 /* This function sets up the hid device. It does not add it
725 to the HID system. That is done in hidp_add_connection(). */
726 static int hidp_setup_hid(struct hidp_session *session,
727 struct hidp_connadd_req *req)
728 {
729 struct hid_device *hid;
730 int err;
731
732 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
733 if (!session->rd_data)
734 return -ENOMEM;
735
736 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
737 err = -EFAULT;
738 goto fault;
739 }
740 session->rd_size = req->rd_size;
741
742 hid = hid_allocate_device();
743 if (IS_ERR(hid)) {
744 err = PTR_ERR(hid);
745 goto fault;
746 }
747
748 session->hid = hid;
749
750 hid->driver_data = session;
751
752 hid->bus = BUS_BLUETOOTH;
753 hid->vendor = req->vendor;
754 hid->product = req->product;
755 hid->version = req->version;
756 hid->country = req->country;
757
758 strncpy(hid->name, req->name, sizeof(req->name) - 1);
759
760 snprintf(hid->phys, sizeof(hid->phys), "%pMR",
761 &bt_sk(session->ctrl_sock->sk)->src);
762
763 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
764 &bt_sk(session->ctrl_sock->sk)->dst);
765
766 hid->dev.parent = &session->conn->hcon->dev;
767 hid->ll_driver = &hidp_hid_driver;
768
769 hid->hid_get_raw_report = hidp_get_raw_report;
770 hid->hid_output_raw_report = hidp_output_raw_report;
771
772 /* True if device is blacklisted in drivers/hid/hid-core.c */
773 if (hid_ignore(hid)) {
774 hid_destroy_device(session->hid);
775 session->hid = NULL;
776 return -ENODEV;
777 }
778
779 return 0;
780
781 fault:
782 kfree(session->rd_data);
783 session->rd_data = NULL;
784
785 return err;
786 }
787
788 /* initialize session devices */
789 static int hidp_session_dev_init(struct hidp_session *session,
790 struct hidp_connadd_req *req)
791 {
792 int ret;
793
794 if (req->rd_size > 0) {
795 ret = hidp_setup_hid(session, req);
796 if (ret && ret != -ENODEV)
797 return ret;
798 }
799
800 if (!session->hid) {
801 ret = hidp_setup_input(session, req);
802 if (ret < 0)
803 return ret;
804 }
805
806 return 0;
807 }
808
809 /* destroy session devices */
810 static void hidp_session_dev_destroy(struct hidp_session *session)
811 {
812 if (session->hid)
813 put_device(&session->hid->dev);
814 else if (session->input)
815 input_put_device(session->input);
816
817 kfree(session->rd_data);
818 session->rd_data = NULL;
819 }
820
821 /* add HID/input devices to their underlying bus systems */
822 static int hidp_session_dev_add(struct hidp_session *session)
823 {
824 int ret;
825
826 /* Both HID and input systems drop a ref-count when unregistering the
827 * device but they don't take a ref-count when registering them. Work
828 * around this by explicitly taking a refcount during registration
829 * which is dropped automatically by unregistering the devices. */
830
831 if (session->hid) {
832 ret = hid_add_device(session->hid);
833 if (ret)
834 return ret;
835 get_device(&session->hid->dev);
836 } else if (session->input) {
837 ret = input_register_device(session->input);
838 if (ret)
839 return ret;
840 input_get_device(session->input);
841 }
842
843 return 0;
844 }
845
846 /* remove HID/input devices from their bus systems */
847 static void hidp_session_dev_del(struct hidp_session *session)
848 {
849 if (session->hid)
850 hid_destroy_device(session->hid);
851 else if (session->input)
852 input_unregister_device(session->input);
853 }
854
855 /*
856 * Create new session object
857 * Allocate session object, initialize static fields, copy input data into the
858 * object and take a reference to all sub-objects.
859 * This returns 0 on success and puts a pointer to the new session object in
860 * \out. Otherwise, an error code is returned.
861 * The new session object has an initial ref-count of 1.
862 */
863 static int hidp_session_new(struct hidp_session **out, const bdaddr_t *bdaddr,
864 struct socket *ctrl_sock,
865 struct socket *intr_sock,
866 struct hidp_connadd_req *req,
867 struct l2cap_conn *conn)
868 {
869 struct hidp_session *session;
870 int ret;
871 struct bt_sock *ctrl, *intr;
872
873 ctrl = bt_sk(ctrl_sock->sk);
874 intr = bt_sk(intr_sock->sk);
875
876 session = kzalloc(sizeof(*session), GFP_KERNEL);
877 if (!session)
878 return -ENOMEM;
879
880 /* object and runtime management */
881 kref_init(&session->ref);
882 atomic_set(&session->state, HIDP_SESSION_IDLING);
883 init_waitqueue_head(&session->state_queue);
884 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
885
886 /* connection management */
887 bacpy(&session->bdaddr, bdaddr);
888 session->conn = conn;
889 session->user.probe = hidp_session_probe;
890 session->user.remove = hidp_session_remove;
891 session->ctrl_sock = ctrl_sock;
892 session->intr_sock = intr_sock;
893 skb_queue_head_init(&session->ctrl_transmit);
894 skb_queue_head_init(&session->intr_transmit);
895 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl)->chan->omtu,
896 l2cap_pi(ctrl)->chan->imtu);
897 session->intr_mtu = min_t(uint, l2cap_pi(intr)->chan->omtu,
898 l2cap_pi(intr)->chan->imtu);
899 session->idle_to = req->idle_to;
900
901 /* device management */
902 setup_timer(&session->timer, hidp_idle_timeout,
903 (unsigned long)session);
904
905 /* session data */
906 mutex_init(&session->report_mutex);
907 init_waitqueue_head(&session->report_queue);
908
909 ret = hidp_session_dev_init(session, req);
910 if (ret)
911 goto err_free;
912
913 l2cap_conn_get(session->conn);
914 get_file(session->intr_sock->file);
915 get_file(session->ctrl_sock->file);
916 *out = session;
917 return 0;
918
919 err_free:
920 kfree(session);
921 return ret;
922 }
923
924 /* increase ref-count of the given session by one */
925 static void hidp_session_get(struct hidp_session *session)
926 {
927 kref_get(&session->ref);
928 }
929
930 /* release callback */
931 static void session_free(struct kref *ref)
932 {
933 struct hidp_session *session = container_of(ref, struct hidp_session,
934 ref);
935
936 hidp_session_dev_destroy(session);
937 skb_queue_purge(&session->ctrl_transmit);
938 skb_queue_purge(&session->intr_transmit);
939 fput(session->intr_sock->file);
940 fput(session->ctrl_sock->file);
941 l2cap_conn_put(session->conn);
942 kfree(session);
943 }
944
945 /* decrease ref-count of the given session by one */
946 static void hidp_session_put(struct hidp_session *session)
947 {
948 kref_put(&session->ref, session_free);
949 }
950
951 /*
952 * Search the list of active sessions for a session with target address
953 * \bdaddr. You must hold at least a read-lock on \hidp_session_sem. As long as
954 * you do not release this lock, the session objects cannot vanish and you can
955 * safely take a reference to the session yourself.
956 */
957 static struct hidp_session *__hidp_session_find(const bdaddr_t *bdaddr)
958 {
959 struct hidp_session *session;
960
961 list_for_each_entry(session, &hidp_session_list, list) {
962 if (!bacmp(bdaddr, &session->bdaddr))
963 return session;
964 }
965
966 return NULL;
967 }
968
969 /*
970 * Same as __hidp_session_find() but no locks must be held. This also takes a
971 * reference of the returned session (if non-NULL) so you must drop this
972 * reference if you no longer use the object.
973 */
974 static struct hidp_session *hidp_session_find(const bdaddr_t *bdaddr)
975 {
976 struct hidp_session *session;
977
978 down_read(&hidp_session_sem);
979
980 session = __hidp_session_find(bdaddr);
981 if (session)
982 hidp_session_get(session);
983
984 up_read(&hidp_session_sem);
985
986 return session;
987 }
988
989 /*
990 * Start session synchronously
991 * This starts a session thread and waits until initialization
992 * is done or returns an error if it couldn't be started.
993 * If this returns 0 the session thread is up and running. You must call
994 * hipd_session_stop_sync() before deleting any runtime resources.
995 */
996 static int hidp_session_start_sync(struct hidp_session *session)
997 {
998 unsigned int vendor, product;
999
1000 if (session->hid) {
1001 vendor = session->hid->vendor;
1002 product = session->hid->product;
1003 } else if (session->input) {
1004 vendor = session->input->id.vendor;
1005 product = session->input->id.product;
1006 } else {
1007 vendor = 0x0000;
1008 product = 0x0000;
1009 }
1010
1011 session->task = kthread_run(hidp_session_thread, session,
1012 "khidpd_%04x%04x", vendor, product);
1013 if (IS_ERR(session->task))
1014 return PTR_ERR(session->task);
1015
1016 while (atomic_read(&session->state) <= HIDP_SESSION_IDLING)
1017 wait_event(session->state_queue,
1018 atomic_read(&session->state) > HIDP_SESSION_IDLING);
1019
1020 return 0;
1021 }
1022
1023 /*
1024 * Terminate session thread
1025 * Wake up session thread and notify it to stop. This is asynchronous and
1026 * returns immediately. Call this whenever a runtime error occurs and you want
1027 * the session to stop.
1028 * Note: wake_up_process() performs any necessary memory-barriers for us.
1029 */
1030 static void hidp_session_terminate(struct hidp_session *session)
1031 {
1032 atomic_inc(&session->terminate);
1033 wake_up_process(session->task);
1034 }
1035
1036 /*
1037 * Probe HIDP session
1038 * This is called from the l2cap_conn core when our l2cap_user object is bound
1039 * to the hci-connection. We get the session via the \user object and can now
1040 * start the session thread, register the HID/input devices and link it into
1041 * the global session list.
1042 * The global session-list owns its own reference to the session object so you
1043 * can drop your own reference after registering the l2cap_user object.
1044 */
1045 static int hidp_session_probe(struct l2cap_conn *conn,
1046 struct l2cap_user *user)
1047 {
1048 struct hidp_session *session = container_of(user,
1049 struct hidp_session,
1050 user);
1051 struct hidp_session *s;
1052 int ret;
1053
1054 down_write(&hidp_session_sem);
1055
1056 /* check that no other session for this device exists */
1057 s = __hidp_session_find(&session->bdaddr);
1058 if (s) {
1059 ret = -EEXIST;
1060 goto out_unlock;
1061 }
1062
1063 ret = hidp_session_start_sync(session);
1064 if (ret)
1065 goto out_unlock;
1066
1067 ret = hidp_session_dev_add(session);
1068 if (ret)
1069 goto out_stop;
1070
1071 hidp_session_get(session);
1072 list_add(&session->list, &hidp_session_list);
1073 ret = 0;
1074 goto out_unlock;
1075
1076 out_stop:
1077 hidp_session_terminate(session);
1078 out_unlock:
1079 up_write(&hidp_session_sem);
1080 return ret;
1081 }
1082
1083 /*
1084 * Remove HIDP session
1085 * Called from the l2cap_conn core when either we explicitly unregistered
1086 * the l2cap_user object or if the underlying connection is shut down.
1087 * We signal the hidp-session thread to shut down, unregister the HID/input
1088 * devices and unlink the session from the global list.
1089 * This drops the reference to the session that is owned by the global
1090 * session-list.
1091 * Note: We _must_ not synchronosly wait for the session-thread to shut down.
1092 * This is, because the session-thread might be waiting for an HCI lock that is
1093 * held while we are called. Therefore, we only unregister the devices and
1094 * notify the session-thread to terminate. The thread itself owns a reference
1095 * to the session object so it can safely shut down.
1096 */
1097 static void hidp_session_remove(struct l2cap_conn *conn,
1098 struct l2cap_user *user)
1099 {
1100 struct hidp_session *session = container_of(user,
1101 struct hidp_session,
1102 user);
1103
1104 down_write(&hidp_session_sem);
1105
1106 hidp_session_terminate(session);
1107 hidp_session_dev_del(session);
1108 list_del(&session->list);
1109
1110 up_write(&hidp_session_sem);
1111
1112 hidp_session_put(session);
1113 }
1114
1115 /*
1116 * Session Worker
1117 * This performs the actual main-loop of the HIDP worker. We first check
1118 * whether the underlying connection is still alive, then parse all pending
1119 * messages and finally send all outstanding messages.
1120 */
1121 static void hidp_session_run(struct hidp_session *session)
1122 {
1123 struct sock *ctrl_sk = session->ctrl_sock->sk;
1124 struct sock *intr_sk = session->intr_sock->sk;
1125 struct sk_buff *skb;
1126
1127 for (;;) {
1128 /*
1129 * This thread can be woken up two ways:
1130 * - You call hidp_session_terminate() which sets the
1131 * session->terminate flag and wakes this thread up.
1132 * - Via modifying the socket state of ctrl/intr_sock. This
1133 * thread is woken up by ->sk_state_changed().
1134 *
1135 * Note: set_current_state() performs any necessary
1136 * memory-barriers for us.
1137 */
1138 set_current_state(TASK_INTERRUPTIBLE);
1139
1140 if (atomic_read(&session->terminate))
1141 break;
1142
1143 if (ctrl_sk->sk_state != BT_CONNECTED ||
1144 intr_sk->sk_state != BT_CONNECTED)
1145 break;
1146
1147 /* parse incoming intr-skbs */
1148 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
1149 skb_orphan(skb);
1150 if (!skb_linearize(skb))
1151 hidp_recv_intr_frame(session, skb);
1152 else
1153 kfree_skb(skb);
1154 }
1155
1156 /* send pending intr-skbs */
1157 hidp_process_transmit(session, &session->intr_transmit,
1158 session->intr_sock);
1159
1160 /* parse incoming ctrl-skbs */
1161 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
1162 skb_orphan(skb);
1163 if (!skb_linearize(skb))
1164 hidp_recv_ctrl_frame(session, skb);
1165 else
1166 kfree_skb(skb);
1167 }
1168
1169 /* send pending ctrl-skbs */
1170 hidp_process_transmit(session, &session->ctrl_transmit,
1171 session->ctrl_sock);
1172
1173 schedule();
1174 }
1175
1176 atomic_inc(&session->terminate);
1177 set_current_state(TASK_RUNNING);
1178 }
1179
1180 /*
1181 * HIDP session thread
1182 * This thread runs the I/O for a single HIDP session. Startup is synchronous
1183 * which allows us to take references to ourself here instead of doing that in
1184 * the caller.
1185 * When we are ready to run we notify the caller and call hidp_session_run().
1186 */
1187 static int hidp_session_thread(void *arg)
1188 {
1189 struct hidp_session *session = arg;
1190 wait_queue_t ctrl_wait, intr_wait;
1191
1192 BT_DBG("session %p", session);
1193
1194 /* initialize runtime environment */
1195 hidp_session_get(session);
1196 __module_get(THIS_MODULE);
1197 set_user_nice(current, -15);
1198 hidp_set_timer(session);
1199
1200 init_waitqueue_entry(&ctrl_wait, current);
1201 init_waitqueue_entry(&intr_wait, current);
1202 add_wait_queue(sk_sleep(session->ctrl_sock->sk), &ctrl_wait);
1203 add_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1204 /* This memory barrier is paired with wq_has_sleeper(). See
1205 * sock_poll_wait() for more information why this is needed. */
1206 smp_mb();
1207
1208 /* notify synchronous startup that we're ready */
1209 atomic_inc(&session->state);
1210 wake_up(&session->state_queue);
1211
1212 /* run session */
1213 hidp_session_run(session);
1214
1215 /* cleanup runtime environment */
1216 remove_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1217 remove_wait_queue(sk_sleep(session->intr_sock->sk), &ctrl_wait);
1218 wake_up_interruptible(&session->report_queue);
1219 hidp_del_timer(session);
1220
1221 /*
1222 * If we stopped ourself due to any internal signal, we should try to
1223 * unregister our own session here to avoid having it linger until the
1224 * parent l2cap_conn dies or user-space cleans it up.
1225 * This does not deadlock as we don't do any synchronous shutdown.
1226 * Instead, this call has the same semantics as if user-space tried to
1227 * delete the session.
1228 */
1229 l2cap_unregister_user(session->conn, &session->user);
1230 hidp_session_put(session);
1231
1232 module_put_and_exit(0);
1233 return 0;
1234 }
1235
1236 static int hidp_verify_sockets(struct socket *ctrl_sock,
1237 struct socket *intr_sock)
1238 {
1239 struct bt_sock *ctrl, *intr;
1240 struct hidp_session *session;
1241
1242 if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock))
1243 return -EINVAL;
1244
1245 ctrl = bt_sk(ctrl_sock->sk);
1246 intr = bt_sk(intr_sock->sk);
1247
1248 if (bacmp(&ctrl->src, &intr->src) || bacmp(&ctrl->dst, &intr->dst))
1249 return -ENOTUNIQ;
1250 if (ctrl->sk.sk_state != BT_CONNECTED ||
1251 intr->sk.sk_state != BT_CONNECTED)
1252 return -EBADFD;
1253
1254 /* early session check, we check again during session registration */
1255 session = hidp_session_find(&ctrl->dst);
1256 if (session) {
1257 hidp_session_put(session);
1258 return -EEXIST;
1259 }
1260
1261 return 0;
1262 }
1263
1264 int hidp_connection_add(struct hidp_connadd_req *req,
1265 struct socket *ctrl_sock,
1266 struct socket *intr_sock)
1267 {
1268 struct hidp_session *session;
1269 struct l2cap_conn *conn;
1270 struct l2cap_chan *chan = l2cap_pi(ctrl_sock->sk)->chan;
1271 int ret;
1272
1273 ret = hidp_verify_sockets(ctrl_sock, intr_sock);
1274 if (ret)
1275 return ret;
1276
1277 conn = NULL;
1278 l2cap_chan_lock(chan);
1279 if (chan->conn) {
1280 l2cap_conn_get(chan->conn);
1281 conn = chan->conn;
1282 }
1283 l2cap_chan_unlock(chan);
1284
1285 if (!conn)
1286 return -EBADFD;
1287
1288 ret = hidp_session_new(&session, &bt_sk(ctrl_sock->sk)->dst, ctrl_sock,
1289 intr_sock, req, conn);
1290 if (ret)
1291 goto out_conn;
1292
1293 ret = l2cap_register_user(conn, &session->user);
1294 if (ret)
1295 goto out_session;
1296
1297 ret = 0;
1298
1299 out_session:
1300 hidp_session_put(session);
1301 out_conn:
1302 l2cap_conn_put(conn);
1303 return ret;
1304 }
1305
1306 int hidp_connection_del(struct hidp_conndel_req *req)
1307 {
1308 struct hidp_session *session;
1309
1310 session = hidp_session_find(&req->bdaddr);
1311 if (!session)
1312 return -ENOENT;
1313
1314 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG))
1315 hidp_send_ctrl_message(session,
1316 HIDP_TRANS_HID_CONTROL |
1317 HIDP_CTRL_VIRTUAL_CABLE_UNPLUG,
1318 NULL, 0);
1319 else
1320 l2cap_unregister_user(session->conn, &session->user);
1321
1322 hidp_session_put(session);
1323
1324 return 0;
1325 }
1326
1327 int hidp_get_connlist(struct hidp_connlist_req *req)
1328 {
1329 struct hidp_session *session;
1330 int err = 0, n = 0;
1331
1332 BT_DBG("");
1333
1334 down_read(&hidp_session_sem);
1335
1336 list_for_each_entry(session, &hidp_session_list, list) {
1337 struct hidp_conninfo ci;
1338
1339 hidp_copy_session(session, &ci);
1340
1341 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1342 err = -EFAULT;
1343 break;
1344 }
1345
1346 if (++n >= req->cnum)
1347 break;
1348
1349 req->ci++;
1350 }
1351 req->cnum = n;
1352
1353 up_read(&hidp_session_sem);
1354 return err;
1355 }
1356
1357 int hidp_get_conninfo(struct hidp_conninfo *ci)
1358 {
1359 struct hidp_session *session;
1360
1361 session = hidp_session_find(&ci->bdaddr);
1362 if (session) {
1363 hidp_copy_session(session, ci);
1364 hidp_session_put(session);
1365 }
1366
1367 return session ? 0 : -ENOENT;
1368 }
1369
1370 static int __init hidp_init(void)
1371 {
1372 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1373
1374 return hidp_init_sockets();
1375 }
1376
1377 static void __exit hidp_exit(void)
1378 {
1379 hidp_cleanup_sockets();
1380 }
1381
1382 module_init(hidp_init);
1383 module_exit(hidp_exit);
1384
1385 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1386 MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>");
1387 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1388 MODULE_VERSION(VERSION);
1389 MODULE_LICENSE("GPL");
1390 MODULE_ALIAS("bt-proto-6");
Linux kernel - Deliverables
This page took 0.117382 seconds and 5 git commands to generate.