projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
HID: hidp: fallback to input session properly if hid is blacklisted
[deliverable/linux.git] / net / bluetooth / hidp / core.c
1 /*
2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as
7 published by the Free Software Foundation;
8
9 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
10 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
11 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
12 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
13 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
14 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
19 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
20 SOFTWARE IS DISCLAIMED.
21 */
22
23 #include <linux/module.h>
24 #include <linux/file.h>
25 #include <linux/kthread.h>
26 #include <linux/hidraw.h>
27
28 #include <net/bluetooth/bluetooth.h>
29 #include <net/bluetooth/hci_core.h>
30 #include <net/bluetooth/l2cap.h>
31
32 #include "hidp.h"
33
34 #define VERSION "1.2"
35
36 static DECLARE_RWSEM(hidp_session_sem);
37 static LIST_HEAD(hidp_session_list);
38
39 static unsigned char hidp_keycode[256] = {
40 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36,
41 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45,
42 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1,
43 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52,
44 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88,
45 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69,
46 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73,
47 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
48 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
49 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94,
50 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0,
51 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
52 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
53 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
54 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
55 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
56 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115,
57 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
58 };
59
60 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
61
62 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
63 {
64 struct hidp_session *session;
65
66 BT_DBG("");
67
68 list_for_each_entry(session, &hidp_session_list, list) {
69 if (!bacmp(bdaddr, &session->bdaddr))
70 return session;
71 }
72
73 return NULL;
74 }
75
76 static void __hidp_link_session(struct hidp_session *session)
77 {
78 list_add(&session->list, &hidp_session_list);
79 }
80
81 static void __hidp_unlink_session(struct hidp_session *session)
82 {
83 hci_conn_put_device(session->conn);
84
85 list_del(&session->list);
86 }
87
88 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
89 {
90 memset(ci, 0, sizeof(*ci));
91 bacpy(&ci->bdaddr, &session->bdaddr);
92
93 ci->flags = session->flags;
94 ci->state = session->state;
95
96 ci->vendor = 0x0000;
97 ci->product = 0x0000;
98 ci->version = 0x0000;
99
100 if (session->input) {
101 ci->vendor = session->input->id.vendor;
102 ci->product = session->input->id.product;
103 ci->version = session->input->id.version;
104 if (session->input->name)
105 strncpy(ci->name, session->input->name, 128);
106 else
107 strncpy(ci->name, "HID Boot Device", 128);
108 }
109
110 if (session->hid) {
111 ci->vendor = session->hid->vendor;
112 ci->product = session->hid->product;
113 ci->version = session->hid->version;
114 strncpy(ci->name, session->hid->name, 128);
115 }
116 }
117
118 static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
119 unsigned int type, unsigned int code, int value)
120 {
121 unsigned char newleds;
122 struct sk_buff *skb;
123
124 BT_DBG("session %p type %d code %d value %d", session, type, code, value);
125
126 if (type != EV_LED)
127 return -1;
128
129 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
130 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
131 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
132 (!!test_bit(LED_CAPSL, dev->led) << 1) |
133 (!!test_bit(LED_NUML, dev->led));
134
135 if (session->leds == newleds)
136 return 0;
137
138 session->leds = newleds;
139
140 skb = alloc_skb(3, GFP_ATOMIC);
141 if (!skb) {
142 BT_ERR("Can't allocate memory for new frame");
143 return -ENOMEM;
144 }
145
146 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
147 *skb_put(skb, 1) = 0x01;
148 *skb_put(skb, 1) = newleds;
149
150 skb_queue_tail(&session->intr_transmit, skb);
151
152 hidp_schedule(session);
153
154 return 0;
155 }
156
157 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
158 {
159 struct hid_device *hid = input_get_drvdata(dev);
160 struct hidp_session *session = hid->driver_data;
161
162 return hidp_queue_event(session, dev, type, code, value);
163 }
164
165 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
166 {
167 struct hidp_session *session = input_get_drvdata(dev);
168
169 return hidp_queue_event(session, dev, type, code, value);
170 }
171
172 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
173 {
174 struct input_dev *dev = session->input;
175 unsigned char *keys = session->keys;
176 unsigned char *udata = skb->data + 1;
177 signed char *sdata = skb->data + 1;
178 int i, size = skb->len - 1;
179
180 switch (skb->data[0]) {
181 case 0x01: /* Keyboard report */
182 for (i = 0; i < 8; i++)
183 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
184
185 /* If all the key codes have been set to 0x01, it means
186 * too many keys were pressed at the same time. */
187 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
188 break;
189
190 for (i = 2; i < 8; i++) {
191 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
192 if (hidp_keycode[keys[i]])
193 input_report_key(dev, hidp_keycode[keys[i]], 0);
194 else
195 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
196 }
197
198 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
199 if (hidp_keycode[udata[i]])
200 input_report_key(dev, hidp_keycode[udata[i]], 1);
201 else
202 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
203 }
204 }
205
206 memcpy(keys, udata, 8);
207 break;
208
209 case 0x02: /* Mouse report */
210 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
211 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
212 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
213 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
214 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
215
216 input_report_rel(dev, REL_X, sdata[1]);
217 input_report_rel(dev, REL_Y, sdata[2]);
218
219 if (size > 3)
220 input_report_rel(dev, REL_WHEEL, sdata[3]);
221 break;
222 }
223
224 input_sync(dev);
225 }
226
227 static int __hidp_send_ctrl_message(struct hidp_session *session,
228 unsigned char hdr, unsigned char *data,
229 int size)
230 {
231 struct sk_buff *skb;
232
233 BT_DBG("session %p data %p size %d", session, data, size);
234
235 if (atomic_read(&session->terminate))
236 return -EIO;
237
238 skb = alloc_skb(size + 1, GFP_ATOMIC);
239 if (!skb) {
240 BT_ERR("Can't allocate memory for new frame");
241 return -ENOMEM;
242 }
243
244 *skb_put(skb, 1) = hdr;
245 if (data && size > 0)
246 memcpy(skb_put(skb, size), data, size);
247
248 skb_queue_tail(&session->ctrl_transmit, skb);
249
250 return 0;
251 }
252
253 static int hidp_send_ctrl_message(struct hidp_session *session,
254 unsigned char hdr, unsigned char *data, int size)
255 {
256 int err;
257
258 err = __hidp_send_ctrl_message(session, hdr, data, size);
259
260 hidp_schedule(session);
261
262 return err;
263 }
264
265 static int hidp_queue_report(struct hidp_session *session,
266 unsigned char *data, int size)
267 {
268 struct sk_buff *skb;
269
270 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
271
272 skb = alloc_skb(size + 1, GFP_ATOMIC);
273 if (!skb) {
274 BT_ERR("Can't allocate memory for new frame");
275 return -ENOMEM;
276 }
277
278 *skb_put(skb, 1) = 0xa2;
279 if (size > 0)
280 memcpy(skb_put(skb, size), data, size);
281
282 skb_queue_tail(&session->intr_transmit, skb);
283
284 hidp_schedule(session);
285
286 return 0;
287 }
288
289 static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
290 {
291 unsigned char buf[32];
292 int rsize;
293
294 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
295 if (rsize > sizeof(buf))
296 return -EIO;
297
298 hid_output_report(report, buf);
299
300 return hidp_queue_report(session, buf, rsize);
301 }
302
303 static int hidp_get_raw_report(struct hid_device *hid,
304 unsigned char report_number,
305 unsigned char *data, size_t count,
306 unsigned char report_type)
307 {
308 struct hidp_session *session = hid->driver_data;
309 struct sk_buff *skb;
310 size_t len;
311 int numbered_reports = hid->report_enum[report_type].numbered;
312 int ret;
313
314 switch (report_type) {
315 case HID_FEATURE_REPORT:
316 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
317 break;
318 case HID_INPUT_REPORT:
319 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
320 break;
321 case HID_OUTPUT_REPORT:
322 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
323 break;
324 default:
325 return -EINVAL;
326 }
327
328 if (mutex_lock_interruptible(&session->report_mutex))
329 return -ERESTARTSYS;
330
331 /* Set up our wait, and send the report request to the device. */
332 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
333 session->waiting_report_number = numbered_reports ? report_number : -1;
334 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
335 data[0] = report_number;
336 ret = hidp_send_ctrl_message(hid->driver_data, report_type, data, 1);
337 if (ret)
338 goto err;
339
340 /* Wait for the return of the report. The returned report
341 gets put in session->report_return. */
342 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) {
343 int res;
344
345 res = wait_event_interruptible_timeout(session->report_queue,
346 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags),
347 5*HZ);
348 if (res == 0) {
349 /* timeout */
350 ret = -EIO;
351 goto err;
352 }
353 if (res < 0) {
354 /* signal */
355 ret = -ERESTARTSYS;
356 goto err;
357 }
358 }
359
360 skb = session->report_return;
361 if (skb) {
362 len = skb->len < count ? skb->len : count;
363 memcpy(data, skb->data, len);
364
365 kfree_skb(skb);
366 session->report_return = NULL;
367 } else {
368 /* Device returned a HANDSHAKE, indicating protocol error. */
369 len = -EIO;
370 }
371
372 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
373 mutex_unlock(&session->report_mutex);
374
375 return len;
376
377 err:
378 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
379 mutex_unlock(&session->report_mutex);
380 return ret;
381 }
382
383 static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
384 unsigned char report_type)
385 {
386 struct hidp_session *session = hid->driver_data;
387 int ret;
388
389 switch (report_type) {
390 case HID_FEATURE_REPORT:
391 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
392 break;
393 case HID_OUTPUT_REPORT:
394 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT;
395 break;
396 default:
397 return -EINVAL;
398 }
399
400 if (mutex_lock_interruptible(&session->report_mutex))
401 return -ERESTARTSYS;
402
403 /* Set up our wait, and send the report request to the device. */
404 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
405 ret = hidp_send_ctrl_message(hid->driver_data, report_type, data,
406 count);
407 if (ret)
408 goto err;
409
410 /* Wait for the ACK from the device. */
411 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) {
412 int res;
413
414 res = wait_event_interruptible_timeout(session->report_queue,
415 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags),
416 10*HZ);
417 if (res == 0) {
418 /* timeout */
419 ret = -EIO;
420 goto err;
421 }
422 if (res < 0) {
423 /* signal */
424 ret = -ERESTARTSYS;
425 goto err;
426 }
427 }
428
429 if (!session->output_report_success) {
430 ret = -EIO;
431 goto err;
432 }
433
434 ret = count;
435
436 err:
437 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
438 mutex_unlock(&session->report_mutex);
439 return ret;
440 }
441
442 static void hidp_idle_timeout(unsigned long arg)
443 {
444 struct hidp_session *session = (struct hidp_session *) arg;
445
446 atomic_inc(&session->terminate);
447 wake_up_process(session->task);
448 }
449
450 static void hidp_set_timer(struct hidp_session *session)
451 {
452 if (session->idle_to > 0)
453 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
454 }
455
456 static void hidp_del_timer(struct hidp_session *session)
457 {
458 if (session->idle_to > 0)
459 del_timer(&session->timer);
460 }
461
462 static void hidp_process_handshake(struct hidp_session *session,
463 unsigned char param)
464 {
465 BT_DBG("session %p param 0x%02x", session, param);
466 session->output_report_success = 0; /* default condition */
467
468 switch (param) {
469 case HIDP_HSHK_SUCCESSFUL:
470 /* FIXME: Call into SET_ GET_ handlers here */
471 session->output_report_success = 1;
472 break;
473
474 case HIDP_HSHK_NOT_READY:
475 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
476 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
477 case HIDP_HSHK_ERR_INVALID_PARAMETER:
478 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags))
479 wake_up_interruptible(&session->report_queue);
480
481 /* FIXME: Call into SET_ GET_ handlers here */
482 break;
483
484 case HIDP_HSHK_ERR_UNKNOWN:
485 break;
486
487 case HIDP_HSHK_ERR_FATAL:
488 /* Device requests a reboot, as this is the only way this error
489 * can be recovered. */
490 __hidp_send_ctrl_message(session,
491 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
492 break;
493
494 default:
495 __hidp_send_ctrl_message(session,
496 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
497 break;
498 }
499
500 /* Wake up the waiting thread. */
501 if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags))
502 wake_up_interruptible(&session->report_queue);
503 }
504
505 static void hidp_process_hid_control(struct hidp_session *session,
506 unsigned char param)
507 {
508 BT_DBG("session %p param 0x%02x", session, param);
509
510 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
511 /* Flush the transmit queues */
512 skb_queue_purge(&session->ctrl_transmit);
513 skb_queue_purge(&session->intr_transmit);
514
515 atomic_inc(&session->terminate);
516 wake_up_process(current);
517 }
518 }
519
520 /* Returns true if the passed-in skb should be freed by the caller. */
521 static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
522 unsigned char param)
523 {
524 int done_with_skb = 1;
525 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
526
527 switch (param) {
528 case HIDP_DATA_RTYPE_INPUT:
529 hidp_set_timer(session);
530
531 if (session->input)
532 hidp_input_report(session, skb);
533
534 if (session->hid)
535 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
536 break;
537
538 case HIDP_DATA_RTYPE_OTHER:
539 case HIDP_DATA_RTYPE_OUPUT:
540 case HIDP_DATA_RTYPE_FEATURE:
541 break;
542
543 default:
544 __hidp_send_ctrl_message(session,
545 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
546 }
547
548 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
549 param == session->waiting_report_type) {
550 if (session->waiting_report_number < 0 ||
551 session->waiting_report_number == skb->data[0]) {
552 /* hidp_get_raw_report() is waiting on this report. */
553 session->report_return = skb;
554 done_with_skb = 0;
555 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
556 wake_up_interruptible(&session->report_queue);
557 }
558 }
559
560 return done_with_skb;
561 }
562
563 static void hidp_recv_ctrl_frame(struct hidp_session *session,
564 struct sk_buff *skb)
565 {
566 unsigned char hdr, type, param;
567 int free_skb = 1;
568
569 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
570
571 hdr = skb->data[0];
572 skb_pull(skb, 1);
573
574 type = hdr & HIDP_HEADER_TRANS_MASK;
575 param = hdr & HIDP_HEADER_PARAM_MASK;
576
577 switch (type) {
578 case HIDP_TRANS_HANDSHAKE:
579 hidp_process_handshake(session, param);
580 break;
581
582 case HIDP_TRANS_HID_CONTROL:
583 hidp_process_hid_control(session, param);
584 break;
585
586 case HIDP_TRANS_DATA:
587 free_skb = hidp_process_data(session, skb, param);
588 break;
589
590 default:
591 __hidp_send_ctrl_message(session,
592 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
593 break;
594 }
595
596 if (free_skb)
597 kfree_skb(skb);
598 }
599
600 static void hidp_recv_intr_frame(struct hidp_session *session,
601 struct sk_buff *skb)
602 {
603 unsigned char hdr;
604
605 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
606
607 hdr = skb->data[0];
608 skb_pull(skb, 1);
609
610 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
611 hidp_set_timer(session);
612
613 if (session->input)
614 hidp_input_report(session, skb);
615
616 if (session->hid) {
617 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
618 BT_DBG("report len %d", skb->len);
619 }
620 } else {
621 BT_DBG("Unsupported protocol header 0x%02x", hdr);
622 }
623
624 kfree_skb(skb);
625 }
626
627 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
628 {
629 struct kvec iv = { data, len };
630 struct msghdr msg;
631
632 BT_DBG("sock %p data %p len %d", sock, data, len);
633
634 if (!len)
635 return 0;
636
637 memset(&msg, 0, sizeof(msg));
638
639 return kernel_sendmsg(sock, &msg, &iv, 1, len);
640 }
641
642 static void hidp_process_intr_transmit(struct hidp_session *session)
643 {
644 struct sk_buff *skb;
645
646 BT_DBG("session %p", session);
647
648 while ((skb = skb_dequeue(&session->intr_transmit))) {
649 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
650 skb_queue_head(&session->intr_transmit, skb);
651 break;
652 }
653
654 hidp_set_timer(session);
655 kfree_skb(skb);
656 }
657 }
658
659 static void hidp_process_ctrl_transmit(struct hidp_session *session)
660 {
661 struct sk_buff *skb;
662
663 BT_DBG("session %p", session);
664
665 while ((skb = skb_dequeue(&session->ctrl_transmit))) {
666 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
667 skb_queue_head(&session->ctrl_transmit, skb);
668 break;
669 }
670
671 hidp_set_timer(session);
672 kfree_skb(skb);
673 }
674 }
675
676 static int hidp_session(void *arg)
677 {
678 struct hidp_session *session = arg;
679 struct sock *ctrl_sk = session->ctrl_sock->sk;
680 struct sock *intr_sk = session->intr_sock->sk;
681 struct sk_buff *skb;
682 wait_queue_t ctrl_wait, intr_wait;
683
684 BT_DBG("session %p", session);
685
686 __module_get(THIS_MODULE);
687 set_user_nice(current, -15);
688
689 init_waitqueue_entry(&ctrl_wait, current);
690 init_waitqueue_entry(&intr_wait, current);
691 add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
692 add_wait_queue(sk_sleep(intr_sk), &intr_wait);
693 session->waiting_for_startup = 0;
694 wake_up_interruptible(&session->startup_queue);
695 set_current_state(TASK_INTERRUPTIBLE);
696 while (!atomic_read(&session->terminate)) {
697 if (ctrl_sk->sk_state != BT_CONNECTED ||
698 intr_sk->sk_state != BT_CONNECTED)
699 break;
700
701 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
702 skb_orphan(skb);
703 if (!skb_linearize(skb))
704 hidp_recv_intr_frame(session, skb);
705 else
706 kfree_skb(skb);
707 }
708
709 hidp_process_intr_transmit(session);
710
711 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
712 skb_orphan(skb);
713 if (!skb_linearize(skb))
714 hidp_recv_ctrl_frame(session, skb);
715 else
716 kfree_skb(skb);
717 }
718
719 hidp_process_ctrl_transmit(session);
720
721 schedule();
722 set_current_state(TASK_INTERRUPTIBLE);
723 }
724 set_current_state(TASK_RUNNING);
725 remove_wait_queue(sk_sleep(intr_sk), &intr_wait);
726 remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
727
728 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
729 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
730 wake_up_interruptible(&session->report_queue);
731
732 down_write(&hidp_session_sem);
733
734 hidp_del_timer(session);
735
736 if (session->input) {
737 input_unregister_device(session->input);
738 session->input = NULL;
739 }
740
741 if (session->hid) {
742 hid_destroy_device(session->hid);
743 session->hid = NULL;
744 }
745
746 /* Wakeup user-space polling for socket errors */
747 session->intr_sock->sk->sk_err = EUNATCH;
748 session->ctrl_sock->sk->sk_err = EUNATCH;
749
750 hidp_schedule(session);
751
752 fput(session->intr_sock->file);
753
754 wait_event_timeout(*(sk_sleep(ctrl_sk)),
755 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
756
757 fput(session->ctrl_sock->file);
758
759 __hidp_unlink_session(session);
760
761 up_write(&hidp_session_sem);
762
763 kfree(session->rd_data);
764 kfree(session);
765 module_put_and_exit(0);
766 return 0;
767 }
768
769 static struct hci_conn *hidp_get_connection(struct hidp_session *session)
770 {
771 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
772 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
773 struct hci_conn *conn;
774 struct hci_dev *hdev;
775
776 hdev = hci_get_route(dst, src);
777 if (!hdev)
778 return NULL;
779
780 hci_dev_lock(hdev);
781 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
782 if (conn)
783 hci_conn_hold_device(conn);
784 hci_dev_unlock(hdev);
785
786 hci_dev_put(hdev);
787
788 return conn;
789 }
790
791 static int hidp_setup_input(struct hidp_session *session,
792 struct hidp_connadd_req *req)
793 {
794 struct input_dev *input;
795 int i;
796
797 input = input_allocate_device();
798 if (!input)
799 return -ENOMEM;
800
801 session->input = input;
802
803 input_set_drvdata(input, session);
804
805 input->name = "Bluetooth HID Boot Protocol Device";
806
807 input->id.bustype = BUS_BLUETOOTH;
808 input->id.vendor = req->vendor;
809 input->id.product = req->product;
810 input->id.version = req->version;
811
812 if (req->subclass & 0x40) {
813 set_bit(EV_KEY, input->evbit);
814 set_bit(EV_LED, input->evbit);
815 set_bit(EV_REP, input->evbit);
816
817 set_bit(LED_NUML, input->ledbit);
818 set_bit(LED_CAPSL, input->ledbit);
819 set_bit(LED_SCROLLL, input->ledbit);
820 set_bit(LED_COMPOSE, input->ledbit);
821 set_bit(LED_KANA, input->ledbit);
822
823 for (i = 0; i < sizeof(hidp_keycode); i++)
824 set_bit(hidp_keycode[i], input->keybit);
825 clear_bit(0, input->keybit);
826 }
827
828 if (req->subclass & 0x80) {
829 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
830 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
831 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
832 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
833 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
834 BIT_MASK(BTN_EXTRA);
835 input->relbit[0] |= BIT_MASK(REL_WHEEL);
836 }
837
838 input->dev.parent = &session->conn->dev;
839
840 input->event = hidp_input_event;
841
842 return 0;
843 }
844
845 static int hidp_open(struct hid_device *hid)
846 {
847 return 0;
848 }
849
850 static void hidp_close(struct hid_device *hid)
851 {
852 }
853
854 static int hidp_parse(struct hid_device *hid)
855 {
856 struct hidp_session *session = hid->driver_data;
857
858 return hid_parse_report(session->hid, session->rd_data,
859 session->rd_size);
860 }
861
862 static int hidp_start(struct hid_device *hid)
863 {
864 struct hidp_session *session = hid->driver_data;
865 struct hid_report *report;
866
867 if (hid->quirks & HID_QUIRK_NO_INIT_REPORTS)
868 return 0;
869
870 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
871 report_list, list)
872 hidp_send_report(session, report);
873
874 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
875 report_list, list)
876 hidp_send_report(session, report);
877
878 return 0;
879 }
880
881 static void hidp_stop(struct hid_device *hid)
882 {
883 struct hidp_session *session = hid->driver_data;
884
885 skb_queue_purge(&session->ctrl_transmit);
886 skb_queue_purge(&session->intr_transmit);
887
888 hid->claimed = 0;
889 }
890
891 static struct hid_ll_driver hidp_hid_driver = {
892 .parse = hidp_parse,
893 .start = hidp_start,
894 .stop = hidp_stop,
895 .open = hidp_open,
896 .close = hidp_close,
897 .hidinput_input_event = hidp_hidinput_event,
898 };
899
900 /* This function sets up the hid device. It does not add it
901 to the HID system. That is done in hidp_add_connection(). */
902 static int hidp_setup_hid(struct hidp_session *session,
903 struct hidp_connadd_req *req)
904 {
905 struct hid_device *hid;
906 int err;
907
908 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
909 if (!session->rd_data)
910 return -ENOMEM;
911
912 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
913 err = -EFAULT;
914 goto fault;
915 }
916 session->rd_size = req->rd_size;
917
918 hid = hid_allocate_device();
919 if (IS_ERR(hid)) {
920 err = PTR_ERR(hid);
921 goto fault;
922 }
923
924 session->hid = hid;
925
926 hid->driver_data = session;
927
928 hid->bus = BUS_BLUETOOTH;
929 hid->vendor = req->vendor;
930 hid->product = req->product;
931 hid->version = req->version;
932 hid->country = req->country;
933
934 strncpy(hid->name, req->name, 128);
935 strncpy(hid->phys, batostr(&bt_sk(session->ctrl_sock->sk)->src), 64);
936 strncpy(hid->uniq, batostr(&bt_sk(session->ctrl_sock->sk)->dst), 64);
937
938 hid->dev.parent = &session->conn->dev;
939 hid->ll_driver = &hidp_hid_driver;
940
941 hid->hid_get_raw_report = hidp_get_raw_report;
942 hid->hid_output_raw_report = hidp_output_raw_report;
943
944 /* True if device is blacklisted in drivers/hid/hid-core.c */
945 if (hid_ignore(hid)) {
946 hid_destroy_device(session->hid);
947 session->hid = NULL;
948 return -ENODEV;
949 }
950
951 return 0;
952
953 fault:
954 kfree(session->rd_data);
955 session->rd_data = NULL;
956
957 return err;
958 }
959
960 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
961 {
962 struct hidp_session *session, *s;
963 int vendor, product;
964 int err;
965
966 BT_DBG("");
967
968 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
969 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
970 return -ENOTUNIQ;
971
972 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);
973
974 down_write(&hidp_session_sem);
975
976 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
977 if (s && s->state == BT_CONNECTED) {
978 up_write(&hidp_session_sem);
979 return -EEXIST;
980 }
981
982 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
983 if (!session) {
984 up_write(&hidp_session_sem);
985 return -ENOMEM;
986 }
987
988 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
989
990 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->chan->omtu,
991 l2cap_pi(ctrl_sock->sk)->chan->imtu);
992 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->chan->omtu,
993 l2cap_pi(intr_sock->sk)->chan->imtu);
994
995 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
996
997 session->ctrl_sock = ctrl_sock;
998 session->intr_sock = intr_sock;
999 session->state = BT_CONNECTED;
1000
1001 session->conn = hidp_get_connection(session);
1002 if (!session->conn) {
1003 err = -ENOTCONN;
1004 goto failed;
1005 }
1006
1007 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session);
1008
1009 skb_queue_head_init(&session->ctrl_transmit);
1010 skb_queue_head_init(&session->intr_transmit);
1011
1012 mutex_init(&session->report_mutex);
1013 init_waitqueue_head(&session->report_queue);
1014 init_waitqueue_head(&session->startup_queue);
1015 session->waiting_for_startup = 1;
1016 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
1017 session->idle_to = req->idle_to;
1018
1019 __hidp_link_session(session);
1020
1021 if (req->rd_size > 0) {
1022 err = hidp_setup_hid(session, req);
1023 if (err && err != -ENODEV)
1024 goto purge;
1025 }
1026
1027 if (!session->hid) {
1028 err = hidp_setup_input(session, req);
1029 if (err < 0)
1030 goto purge;
1031 }
1032
1033 hidp_set_timer(session);
1034
1035 if (session->hid) {
1036 vendor = session->hid->vendor;
1037 product = session->hid->product;
1038 } else if (session->input) {
1039 vendor = session->input->id.vendor;
1040 product = session->input->id.product;
1041 } else {
1042 vendor = 0x0000;
1043 product = 0x0000;
1044 }
1045
1046 session->task = kthread_run(hidp_session, session, "khidpd_%04x%04x",
1047 vendor, product);
1048 if (IS_ERR(session->task)) {
1049 err = PTR_ERR(session->task);
1050 goto unlink;
1051 }
1052
1053 while (session->waiting_for_startup) {
1054 wait_event_interruptible(session->startup_queue,
1055 !session->waiting_for_startup);
1056 }
1057
1058 if (session->hid)
1059 err = hid_add_device(session->hid);
1060 else
1061 err = input_register_device(session->input);
1062
1063 if (err < 0) {
1064 atomic_inc(&session->terminate);
1065 wake_up_process(session->task);
1066 up_write(&hidp_session_sem);
1067 return err;
1068 }
1069
1070 if (session->input) {
1071 hidp_send_ctrl_message(session,
1072 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
1073 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
1074
1075 session->leds = 0xff;
1076 hidp_input_event(session->input, EV_LED, 0, 0);
1077 }
1078
1079 up_write(&hidp_session_sem);
1080 return 0;
1081
1082 unlink:
1083 hidp_del_timer(session);
1084
1085 if (session->input) {
1086 input_unregister_device(session->input);
1087 session->input = NULL;
1088 }
1089
1090 if (session->hid) {
1091 hid_destroy_device(session->hid);
1092 session->hid = NULL;
1093 }
1094
1095 kfree(session->rd_data);
1096 session->rd_data = NULL;
1097
1098 purge:
1099 __hidp_unlink_session(session);
1100
1101 skb_queue_purge(&session->ctrl_transmit);
1102 skb_queue_purge(&session->intr_transmit);
1103
1104 failed:
1105 up_write(&hidp_session_sem);
1106
1107 kfree(session);
1108 return err;
1109 }
1110
1111 int hidp_del_connection(struct hidp_conndel_req *req)
1112 {
1113 struct hidp_session *session;
1114 int err = 0;
1115
1116 BT_DBG("");
1117
1118 down_read(&hidp_session_sem);
1119
1120 session = __hidp_get_session(&req->bdaddr);
1121 if (session) {
1122 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
1123 hidp_send_ctrl_message(session,
1124 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
1125 } else {
1126 /* Flush the transmit queues */
1127 skb_queue_purge(&session->ctrl_transmit);
1128 skb_queue_purge(&session->intr_transmit);
1129
1130 atomic_inc(&session->terminate);
1131 wake_up_process(session->task);
1132 }
1133 } else
1134 err = -ENOENT;
1135
1136 up_read(&hidp_session_sem);
1137 return err;
1138 }
1139
1140 int hidp_get_connlist(struct hidp_connlist_req *req)
1141 {
1142 struct hidp_session *session;
1143 int err = 0, n = 0;
1144
1145 BT_DBG("");
1146
1147 down_read(&hidp_session_sem);
1148
1149 list_for_each_entry(session, &hidp_session_list, list) {
1150 struct hidp_conninfo ci;
1151
1152 __hidp_copy_session(session, &ci);
1153
1154 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1155 err = -EFAULT;
1156 break;
1157 }
1158
1159 if (++n >= req->cnum)
1160 break;
1161
1162 req->ci++;
1163 }
1164 req->cnum = n;
1165
1166 up_read(&hidp_session_sem);
1167 return err;
1168 }
1169
1170 int hidp_get_conninfo(struct hidp_conninfo *ci)
1171 {
1172 struct hidp_session *session;
1173 int err = 0;
1174
1175 down_read(&hidp_session_sem);
1176
1177 session = __hidp_get_session(&ci->bdaddr);
1178 if (session)
1179 __hidp_copy_session(session, ci);
1180 else
1181 err = -ENOENT;
1182
1183 up_read(&hidp_session_sem);
1184 return err;
1185 }
1186
1187 static int __init hidp_init(void)
1188 {
1189 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1190
1191 return hidp_init_sockets();
1192 }
1193
1194 static void __exit hidp_exit(void)
1195 {
1196 hidp_cleanup_sockets();
1197 }
1198
1199 module_init(hidp_init);
1200 module_exit(hidp_exit);
1201
1202 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1203 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1204 MODULE_VERSION(VERSION);
1205 MODULE_LICENSE("GPL");
1206 MODULE_ALIAS("bt-proto-6");
Linux kernel - Deliverables
This page took 0.075844 seconds and 5 git commands to generate.