Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
[linux-2.6.git] / net / bluetooth / hidp / core.c
blob0c699cdc3696edbdf7e7c3d3e213a88979da662e
1 /*
2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4 Copyright (C) 2013 David Herrmann <dh.herrmann@gmail.com>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
24 #include <linux/kref.h>
25 #include <linux/module.h>
26 #include <linux/file.h>
27 #include <linux/kthread.h>
28 #include <linux/hidraw.h>
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/l2cap.h>
34 #include "hidp.h"
36 #define VERSION "1.2"
38 static DECLARE_RWSEM(hidp_session_sem);
39 static LIST_HEAD(hidp_session_list);
41 static unsigned char hidp_keycode[256] = {
42 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36,
43 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45,
44 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1,
45 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52,
46 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88,
47 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69,
48 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73,
49 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
50 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
51 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94,
52 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0,
53 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
54 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
55 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
56 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
57 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
58 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115,
59 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
62 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
64 static int hidp_session_probe(struct l2cap_conn *conn,
65 struct l2cap_user *user);
66 static void hidp_session_remove(struct l2cap_conn *conn,
67 struct l2cap_user *user);
68 static int hidp_session_thread(void *arg);
69 static void hidp_session_terminate(struct hidp_session *s);
71 static void hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
73 memset(ci, 0, sizeof(*ci));
74 bacpy(&ci->bdaddr, &session->bdaddr);
76 ci->flags = session->flags;
77 ci->state = BT_CONNECTED;
79 if (session->input) {
80 ci->vendor = session->input->id.vendor;
81 ci->product = session->input->id.product;
82 ci->version = session->input->id.version;
83 if (session->input->name)
84 strlcpy(ci->name, session->input->name, 128);
85 else
86 strlcpy(ci->name, "HID Boot Device", 128);
87 } else if (session->hid) {
88 ci->vendor = session->hid->vendor;
89 ci->product = session->hid->product;
90 ci->version = session->hid->version;
91 strlcpy(ci->name, session->hid->name, 128);
95 /* assemble skb, queue message on @transmit and wake up the session thread */
96 static int hidp_send_message(struct hidp_session *session, struct socket *sock,
97 struct sk_buff_head *transmit, unsigned char hdr,
98 const unsigned char *data, int size)
100 struct sk_buff *skb;
101 struct sock *sk = sock->sk;
103 BT_DBG("session %p data %p size %d", session, data, size);
105 if (atomic_read(&session->terminate))
106 return -EIO;
108 skb = alloc_skb(size + 1, GFP_ATOMIC);
109 if (!skb) {
110 BT_ERR("Can't allocate memory for new frame");
111 return -ENOMEM;
114 *skb_put(skb, 1) = hdr;
115 if (data && size > 0)
116 memcpy(skb_put(skb, size), data, size);
118 skb_queue_tail(transmit, skb);
119 wake_up_interruptible(sk_sleep(sk));
121 return 0;
124 static int hidp_send_ctrl_message(struct hidp_session *session,
125 unsigned char hdr, const unsigned char *data,
126 int size)
128 return hidp_send_message(session, session->ctrl_sock,
129 &session->ctrl_transmit, hdr, data, size);
132 static int hidp_send_intr_message(struct hidp_session *session,
133 unsigned char hdr, const unsigned char *data,
134 int size)
136 return hidp_send_message(session, session->intr_sock,
137 &session->intr_transmit, hdr, data, size);
140 static int hidp_input_event(struct input_dev *dev, unsigned int type,
141 unsigned int code, int value)
143 struct hidp_session *session = input_get_drvdata(dev);
144 unsigned char newleds;
145 unsigned char hdr, data[2];
147 BT_DBG("session %p type %d code %d value %d",
148 session, type, code, value);
150 if (type != EV_LED)
151 return -1;
153 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
154 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
155 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
156 (!!test_bit(LED_CAPSL, dev->led) << 1) |
157 (!!test_bit(LED_NUML, dev->led));
159 if (session->leds == newleds)
160 return 0;
162 session->leds = newleds;
164 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
165 data[0] = 0x01;
166 data[1] = newleds;
168 return hidp_send_intr_message(session, hdr, data, 2);
171 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
173 struct input_dev *dev = session->input;
174 unsigned char *keys = session->keys;
175 unsigned char *udata = skb->data + 1;
176 signed char *sdata = skb->data + 1;
177 int i, size = skb->len - 1;
179 switch (skb->data[0]) {
180 case 0x01: /* Keyboard report */
181 for (i = 0; i < 8; i++)
182 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
184 /* If all the key codes have been set to 0x01, it means
185 * too many keys were pressed at the same time. */
186 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
187 break;
189 for (i = 2; i < 8; i++) {
190 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
191 if (hidp_keycode[keys[i]])
192 input_report_key(dev, hidp_keycode[keys[i]], 0);
193 else
194 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
197 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
198 if (hidp_keycode[udata[i]])
199 input_report_key(dev, hidp_keycode[udata[i]], 1);
200 else
201 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
205 memcpy(keys, udata, 8);
206 break;
208 case 0x02: /* Mouse report */
209 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
210 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
211 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
212 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
213 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
215 input_report_rel(dev, REL_X, sdata[1]);
216 input_report_rel(dev, REL_Y, sdata[2]);
218 if (size > 3)
219 input_report_rel(dev, REL_WHEEL, sdata[3]);
220 break;
223 input_sync(dev);
226 static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
228 unsigned char buf[32], hdr;
229 int rsize;
231 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
232 if (rsize > sizeof(buf))
233 return -EIO;
235 hid_output_report(report, buf);
236 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
238 return hidp_send_intr_message(session, hdr, buf, rsize);
241 static int hidp_get_raw_report(struct hid_device *hid,
242 unsigned char report_number,
243 unsigned char *data, size_t count,
244 unsigned char report_type)
246 struct hidp_session *session = hid->driver_data;
247 struct sk_buff *skb;
248 size_t len;
249 int numbered_reports = hid->report_enum[report_type].numbered;
250 int ret;
252 if (atomic_read(&session->terminate))
253 return -EIO;
255 switch (report_type) {
256 case HID_FEATURE_REPORT:
257 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
258 break;
259 case HID_INPUT_REPORT:
260 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
261 break;
262 case HID_OUTPUT_REPORT:
263 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
264 break;
265 default:
266 return -EINVAL;
269 if (mutex_lock_interruptible(&session->report_mutex))
270 return -ERESTARTSYS;
272 /* Set up our wait, and send the report request to the device. */
273 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
274 session->waiting_report_number = numbered_reports ? report_number : -1;
275 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
276 data[0] = report_number;
277 ret = hidp_send_ctrl_message(session, report_type, data, 1);
278 if (ret)
279 goto err;
281 /* Wait for the return of the report. The returned report
282 gets put in session->report_return. */
283 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
284 !atomic_read(&session->terminate)) {
285 int res;
287 res = wait_event_interruptible_timeout(session->report_queue,
288 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)
289 || atomic_read(&session->terminate),
290 5*HZ);
291 if (res == 0) {
292 /* timeout */
293 ret = -EIO;
294 goto err;
296 if (res < 0) {
297 /* signal */
298 ret = -ERESTARTSYS;
299 goto err;
303 skb = session->report_return;
304 if (skb) {
305 len = skb->len < count ? skb->len : count;
306 memcpy(data, skb->data, len);
308 kfree_skb(skb);
309 session->report_return = NULL;
310 } else {
311 /* Device returned a HANDSHAKE, indicating protocol error. */
312 len = -EIO;
315 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
316 mutex_unlock(&session->report_mutex);
318 return len;
320 err:
321 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
322 mutex_unlock(&session->report_mutex);
323 return ret;
326 static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
327 unsigned char report_type)
329 struct hidp_session *session = hid->driver_data;
330 int ret;
332 if (report_type == HID_OUTPUT_REPORT) {
333 report_type = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
334 return hidp_send_intr_message(session, report_type,
335 data, count);
336 } else if (report_type != HID_FEATURE_REPORT) {
337 return -EINVAL;
340 if (mutex_lock_interruptible(&session->report_mutex))
341 return -ERESTARTSYS;
343 /* Set up our wait, and send the report request to the device. */
344 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
345 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
346 ret = hidp_send_ctrl_message(session, report_type, data, count);
347 if (ret)
348 goto err;
350 /* Wait for the ACK from the device. */
351 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) &&
352 !atomic_read(&session->terminate)) {
353 int res;
355 res = wait_event_interruptible_timeout(session->report_queue,
356 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)
357 || atomic_read(&session->terminate),
358 10*HZ);
359 if (res == 0) {
360 /* timeout */
361 ret = -EIO;
362 goto err;
364 if (res < 0) {
365 /* signal */
366 ret = -ERESTARTSYS;
367 goto err;
371 if (!session->output_report_success) {
372 ret = -EIO;
373 goto err;
376 ret = count;
378 err:
379 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
380 mutex_unlock(&session->report_mutex);
381 return ret;
384 static void hidp_idle_timeout(unsigned long arg)
386 struct hidp_session *session = (struct hidp_session *) arg;
388 hidp_session_terminate(session);
391 static void hidp_set_timer(struct hidp_session *session)
393 if (session->idle_to > 0)
394 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
397 static void hidp_del_timer(struct hidp_session *session)
399 if (session->idle_to > 0)
400 del_timer(&session->timer);
403 static void hidp_process_handshake(struct hidp_session *session,
404 unsigned char param)
406 BT_DBG("session %p param 0x%02x", session, param);
407 session->output_report_success = 0; /* default condition */
409 switch (param) {
410 case HIDP_HSHK_SUCCESSFUL:
411 /* FIXME: Call into SET_ GET_ handlers here */
412 session->output_report_success = 1;
413 break;
415 case HIDP_HSHK_NOT_READY:
416 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
417 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
418 case HIDP_HSHK_ERR_INVALID_PARAMETER:
419 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags))
420 wake_up_interruptible(&session->report_queue);
422 /* FIXME: Call into SET_ GET_ handlers here */
423 break;
425 case HIDP_HSHK_ERR_UNKNOWN:
426 break;
428 case HIDP_HSHK_ERR_FATAL:
429 /* Device requests a reboot, as this is the only way this error
430 * can be recovered. */
431 hidp_send_ctrl_message(session,
432 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
433 break;
435 default:
436 hidp_send_ctrl_message(session,
437 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
438 break;
441 /* Wake up the waiting thread. */
442 if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags))
443 wake_up_interruptible(&session->report_queue);
446 static void hidp_process_hid_control(struct hidp_session *session,
447 unsigned char param)
449 BT_DBG("session %p param 0x%02x", session, param);
451 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
452 /* Flush the transmit queues */
453 skb_queue_purge(&session->ctrl_transmit);
454 skb_queue_purge(&session->intr_transmit);
456 hidp_session_terminate(session);
460 /* Returns true if the passed-in skb should be freed by the caller. */
461 static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
462 unsigned char param)
464 int done_with_skb = 1;
465 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
467 switch (param) {
468 case HIDP_DATA_RTYPE_INPUT:
469 hidp_set_timer(session);
471 if (session->input)
472 hidp_input_report(session, skb);
474 if (session->hid)
475 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
476 break;
478 case HIDP_DATA_RTYPE_OTHER:
479 case HIDP_DATA_RTYPE_OUPUT:
480 case HIDP_DATA_RTYPE_FEATURE:
481 break;
483 default:
484 hidp_send_ctrl_message(session,
485 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
488 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
489 param == session->waiting_report_type) {
490 if (session->waiting_report_number < 0 ||
491 session->waiting_report_number == skb->data[0]) {
492 /* hidp_get_raw_report() is waiting on this report. */
493 session->report_return = skb;
494 done_with_skb = 0;
495 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
496 wake_up_interruptible(&session->report_queue);
500 return done_with_skb;
503 static void hidp_recv_ctrl_frame(struct hidp_session *session,
504 struct sk_buff *skb)
506 unsigned char hdr, type, param;
507 int free_skb = 1;
509 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
511 hdr = skb->data[0];
512 skb_pull(skb, 1);
514 type = hdr & HIDP_HEADER_TRANS_MASK;
515 param = hdr & HIDP_HEADER_PARAM_MASK;
517 switch (type) {
518 case HIDP_TRANS_HANDSHAKE:
519 hidp_process_handshake(session, param);
520 break;
522 case HIDP_TRANS_HID_CONTROL:
523 hidp_process_hid_control(session, param);
524 break;
526 case HIDP_TRANS_DATA:
527 free_skb = hidp_process_data(session, skb, param);
528 break;
530 default:
531 hidp_send_ctrl_message(session,
532 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
533 break;
536 if (free_skb)
537 kfree_skb(skb);
540 static void hidp_recv_intr_frame(struct hidp_session *session,
541 struct sk_buff *skb)
543 unsigned char hdr;
545 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
547 hdr = skb->data[0];
548 skb_pull(skb, 1);
550 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
551 hidp_set_timer(session);
553 if (session->input)
554 hidp_input_report(session, skb);
556 if (session->hid) {
557 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
558 BT_DBG("report len %d", skb->len);
560 } else {
561 BT_DBG("Unsupported protocol header 0x%02x", hdr);
564 kfree_skb(skb);
567 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
569 struct kvec iv = { data, len };
570 struct msghdr msg;
572 BT_DBG("sock %p data %p len %d", sock, data, len);
574 if (!len)
575 return 0;
577 memset(&msg, 0, sizeof(msg));
579 return kernel_sendmsg(sock, &msg, &iv, 1, len);
582 /* dequeue message from @transmit and send via @sock */
583 static void hidp_process_transmit(struct hidp_session *session,
584 struct sk_buff_head *transmit,
585 struct socket *sock)
587 struct sk_buff *skb;
588 int ret;
590 BT_DBG("session %p", session);
592 while ((skb = skb_dequeue(transmit))) {
593 ret = hidp_send_frame(sock, skb->data, skb->len);
594 if (ret == -EAGAIN) {
595 skb_queue_head(transmit, skb);
596 break;
597 } else if (ret < 0) {
598 hidp_session_terminate(session);
599 kfree_skb(skb);
600 break;
603 hidp_set_timer(session);
604 kfree_skb(skb);
608 static int hidp_setup_input(struct hidp_session *session,
609 struct hidp_connadd_req *req)
611 struct input_dev *input;
612 int i;
614 input = input_allocate_device();
615 if (!input)
616 return -ENOMEM;
618 session->input = input;
620 input_set_drvdata(input, session);
622 input->name = "Bluetooth HID Boot Protocol Device";
624 input->id.bustype = BUS_BLUETOOTH;
625 input->id.vendor = req->vendor;
626 input->id.product = req->product;
627 input->id.version = req->version;
629 if (req->subclass & 0x40) {
630 set_bit(EV_KEY, input->evbit);
631 set_bit(EV_LED, input->evbit);
632 set_bit(EV_REP, input->evbit);
634 set_bit(LED_NUML, input->ledbit);
635 set_bit(LED_CAPSL, input->ledbit);
636 set_bit(LED_SCROLLL, input->ledbit);
637 set_bit(LED_COMPOSE, input->ledbit);
638 set_bit(LED_KANA, input->ledbit);
640 for (i = 0; i < sizeof(hidp_keycode); i++)
641 set_bit(hidp_keycode[i], input->keybit);
642 clear_bit(0, input->keybit);
645 if (req->subclass & 0x80) {
646 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
647 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
648 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
649 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
650 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
651 BIT_MASK(BTN_EXTRA);
652 input->relbit[0] |= BIT_MASK(REL_WHEEL);
655 input->dev.parent = &session->conn->hcon->dev;
657 input->event = hidp_input_event;
659 return 0;
662 static int hidp_open(struct hid_device *hid)
664 return 0;
667 static void hidp_close(struct hid_device *hid)
671 static int hidp_parse(struct hid_device *hid)
673 struct hidp_session *session = hid->driver_data;
675 return hid_parse_report(session->hid, session->rd_data,
676 session->rd_size);
679 static int hidp_start(struct hid_device *hid)
681 struct hidp_session *session = hid->driver_data;
682 struct hid_report *report;
684 if (hid->quirks & HID_QUIRK_NO_INIT_REPORTS)
685 return 0;
687 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
688 report_list, list)
689 hidp_send_report(session, report);
691 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
692 report_list, list)
693 hidp_send_report(session, report);
695 return 0;
698 static void hidp_stop(struct hid_device *hid)
700 struct hidp_session *session = hid->driver_data;
702 skb_queue_purge(&session->ctrl_transmit);
703 skb_queue_purge(&session->intr_transmit);
705 hid->claimed = 0;
708 static struct hid_ll_driver hidp_hid_driver = {
709 .parse = hidp_parse,
710 .start = hidp_start,
711 .stop = hidp_stop,
712 .open = hidp_open,
713 .close = hidp_close,
716 /* This function sets up the hid device. It does not add it
717 to the HID system. That is done in hidp_add_connection(). */
718 static int hidp_setup_hid(struct hidp_session *session,
719 struct hidp_connadd_req *req)
721 struct hid_device *hid;
722 int err;
724 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
725 if (!session->rd_data)
726 return -ENOMEM;
728 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
729 err = -EFAULT;
730 goto fault;
732 session->rd_size = req->rd_size;
734 hid = hid_allocate_device();
735 if (IS_ERR(hid)) {
736 err = PTR_ERR(hid);
737 goto fault;
740 session->hid = hid;
742 hid->driver_data = session;
744 hid->bus = BUS_BLUETOOTH;
745 hid->vendor = req->vendor;
746 hid->product = req->product;
747 hid->version = req->version;
748 hid->country = req->country;
750 strncpy(hid->name, req->name, sizeof(req->name) - 1);
752 snprintf(hid->phys, sizeof(hid->phys), "%pMR",
753 &bt_sk(session->ctrl_sock->sk)->src);
755 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
756 &bt_sk(session->ctrl_sock->sk)->dst);
758 hid->dev.parent = &session->conn->hcon->dev;
759 hid->ll_driver = &hidp_hid_driver;
761 hid->hid_get_raw_report = hidp_get_raw_report;
762 hid->hid_output_raw_report = hidp_output_raw_report;
764 /* True if device is blacklisted in drivers/hid/hid-core.c */
765 if (hid_ignore(hid)) {
766 hid_destroy_device(session->hid);
767 session->hid = NULL;
768 return -ENODEV;
771 return 0;
773 fault:
774 kfree(session->rd_data);
775 session->rd_data = NULL;
777 return err;
780 /* initialize session devices */
781 static int hidp_session_dev_init(struct hidp_session *session,
782 struct hidp_connadd_req *req)
784 int ret;
786 if (req->rd_size > 0) {
787 ret = hidp_setup_hid(session, req);
788 if (ret && ret != -ENODEV)
789 return ret;
792 if (!session->hid) {
793 ret = hidp_setup_input(session, req);
794 if (ret < 0)
795 return ret;
798 return 0;
801 /* destroy session devices */
802 static void hidp_session_dev_destroy(struct hidp_session *session)
804 if (session->hid)
805 put_device(&session->hid->dev);
806 else if (session->input)
807 input_put_device(session->input);
809 kfree(session->rd_data);
810 session->rd_data = NULL;
813 /* add HID/input devices to their underlying bus systems */
814 static int hidp_session_dev_add(struct hidp_session *session)
816 int ret;
818 /* Both HID and input systems drop a ref-count when unregistering the
819 * device but they don't take a ref-count when registering them. Work
820 * around this by explicitly taking a refcount during registration
821 * which is dropped automatically by unregistering the devices. */
823 if (session->hid) {
824 ret = hid_add_device(session->hid);
825 if (ret)
826 return ret;
827 get_device(&session->hid->dev);
828 } else if (session->input) {
829 ret = input_register_device(session->input);
830 if (ret)
831 return ret;
832 input_get_device(session->input);
835 return 0;
838 /* remove HID/input devices from their bus systems */
839 static void hidp_session_dev_del(struct hidp_session *session)
841 if (session->hid)
842 hid_destroy_device(session->hid);
843 else if (session->input)
844 input_unregister_device(session->input);
848 * Asynchronous device registration
849 * HID device drivers might want to perform I/O during initialization to
850 * detect device types. Therefore, call device registration in a separate
851 * worker so the HIDP thread can schedule I/O operations.
852 * Note that this must be called after the worker thread was initialized
853 * successfully. This will then add the devices and increase session state
854 * on success, otherwise it will terminate the session thread.
856 static void hidp_session_dev_work(struct work_struct *work)
858 struct hidp_session *session = container_of(work,
859 struct hidp_session,
860 dev_init);
861 int ret;
863 ret = hidp_session_dev_add(session);
864 if (!ret)
865 atomic_inc(&session->state);
866 else
867 hidp_session_terminate(session);
871 * Create new session object
872 * Allocate session object, initialize static fields, copy input data into the
873 * object and take a reference to all sub-objects.
874 * This returns 0 on success and puts a pointer to the new session object in
875 * \out. Otherwise, an error code is returned.
876 * The new session object has an initial ref-count of 1.
878 static int hidp_session_new(struct hidp_session **out, const bdaddr_t *bdaddr,
879 struct socket *ctrl_sock,
880 struct socket *intr_sock,
881 struct hidp_connadd_req *req,
882 struct l2cap_conn *conn)
884 struct hidp_session *session;
885 int ret;
886 struct bt_sock *ctrl, *intr;
888 ctrl = bt_sk(ctrl_sock->sk);
889 intr = bt_sk(intr_sock->sk);
891 session = kzalloc(sizeof(*session), GFP_KERNEL);
892 if (!session)
893 return -ENOMEM;
895 /* object and runtime management */
896 kref_init(&session->ref);
897 atomic_set(&session->state, HIDP_SESSION_IDLING);
898 init_waitqueue_head(&session->state_queue);
899 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
901 /* connection management */
902 bacpy(&session->bdaddr, bdaddr);
903 session->conn = conn;
904 session->user.probe = hidp_session_probe;
905 session->user.remove = hidp_session_remove;
906 session->ctrl_sock = ctrl_sock;
907 session->intr_sock = intr_sock;
908 skb_queue_head_init(&session->ctrl_transmit);
909 skb_queue_head_init(&session->intr_transmit);
910 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl)->chan->omtu,
911 l2cap_pi(ctrl)->chan->imtu);
912 session->intr_mtu = min_t(uint, l2cap_pi(intr)->chan->omtu,
913 l2cap_pi(intr)->chan->imtu);
914 session->idle_to = req->idle_to;
916 /* device management */
917 INIT_WORK(&session->dev_init, hidp_session_dev_work);
918 setup_timer(&session->timer, hidp_idle_timeout,
919 (unsigned long)session);
921 /* session data */
922 mutex_init(&session->report_mutex);
923 init_waitqueue_head(&session->report_queue);
925 ret = hidp_session_dev_init(session, req);
926 if (ret)
927 goto err_free;
929 l2cap_conn_get(session->conn);
930 get_file(session->intr_sock->file);
931 get_file(session->ctrl_sock->file);
932 *out = session;
933 return 0;
935 err_free:
936 kfree(session);
937 return ret;
940 /* increase ref-count of the given session by one */
941 static void hidp_session_get(struct hidp_session *session)
943 kref_get(&session->ref);
946 /* release callback */
947 static void session_free(struct kref *ref)
949 struct hidp_session *session = container_of(ref, struct hidp_session,
950 ref);
952 hidp_session_dev_destroy(session);
953 skb_queue_purge(&session->ctrl_transmit);
954 skb_queue_purge(&session->intr_transmit);
955 fput(session->intr_sock->file);
956 fput(session->ctrl_sock->file);
957 l2cap_conn_put(session->conn);
958 kfree(session);
961 /* decrease ref-count of the given session by one */
962 static void hidp_session_put(struct hidp_session *session)
964 kref_put(&session->ref, session_free);
968 * Search the list of active sessions for a session with target address
969 * \bdaddr. You must hold at least a read-lock on \hidp_session_sem. As long as
970 * you do not release this lock, the session objects cannot vanish and you can
971 * safely take a reference to the session yourself.
973 static struct hidp_session *__hidp_session_find(const bdaddr_t *bdaddr)
975 struct hidp_session *session;
977 list_for_each_entry(session, &hidp_session_list, list) {
978 if (!bacmp(bdaddr, &session->bdaddr))
979 return session;
982 return NULL;
986 * Same as __hidp_session_find() but no locks must be held. This also takes a
987 * reference of the returned session (if non-NULL) so you must drop this
988 * reference if you no longer use the object.
990 static struct hidp_session *hidp_session_find(const bdaddr_t *bdaddr)
992 struct hidp_session *session;
994 down_read(&hidp_session_sem);
996 session = __hidp_session_find(bdaddr);
997 if (session)
998 hidp_session_get(session);
1000 up_read(&hidp_session_sem);
1002 return session;
1006 * Start session synchronously
1007 * This starts a session thread and waits until initialization
1008 * is done or returns an error if it couldn't be started.
1009 * If this returns 0 the session thread is up and running. You must call
1010 * hipd_session_stop_sync() before deleting any runtime resources.
1012 static int hidp_session_start_sync(struct hidp_session *session)
1014 unsigned int vendor, product;
1016 if (session->hid) {
1017 vendor = session->hid->vendor;
1018 product = session->hid->product;
1019 } else if (session->input) {
1020 vendor = session->input->id.vendor;
1021 product = session->input->id.product;
1022 } else {
1023 vendor = 0x0000;
1024 product = 0x0000;
1027 session->task = kthread_run(hidp_session_thread, session,
1028 "khidpd_%04x%04x", vendor, product);
1029 if (IS_ERR(session->task))
1030 return PTR_ERR(session->task);
1032 while (atomic_read(&session->state) <= HIDP_SESSION_IDLING)
1033 wait_event(session->state_queue,
1034 atomic_read(&session->state) > HIDP_SESSION_IDLING);
1036 return 0;
1040 * Terminate session thread
1041 * Wake up session thread and notify it to stop. This is asynchronous and
1042 * returns immediately. Call this whenever a runtime error occurs and you want
1043 * the session to stop.
1044 * Note: wake_up_process() performs any necessary memory-barriers for us.
1046 static void hidp_session_terminate(struct hidp_session *session)
1048 atomic_inc(&session->terminate);
1049 wake_up_process(session->task);
1053 * Probe HIDP session
1054 * This is called from the l2cap_conn core when our l2cap_user object is bound
1055 * to the hci-connection. We get the session via the \user object and can now
1056 * start the session thread, link it into the global session list and
1057 * schedule HID/input device registration.
1058 * The global session-list owns its own reference to the session object so you
1059 * can drop your own reference after registering the l2cap_user object.
1061 static int hidp_session_probe(struct l2cap_conn *conn,
1062 struct l2cap_user *user)
1064 struct hidp_session *session = container_of(user,
1065 struct hidp_session,
1066 user);
1067 struct hidp_session *s;
1068 int ret;
1070 down_write(&hidp_session_sem);
1072 /* check that no other session for this device exists */
1073 s = __hidp_session_find(&session->bdaddr);
1074 if (s) {
1075 ret = -EEXIST;
1076 goto out_unlock;
1079 if (session->input) {
1080 ret = hidp_session_dev_add(session);
1081 if (ret)
1082 goto out_unlock;
1085 ret = hidp_session_start_sync(session);
1086 if (ret)
1087 goto out_del;
1089 /* HID device registration is async to allow I/O during probe */
1090 if (session->input)
1091 atomic_inc(&session->state);
1092 else
1093 schedule_work(&session->dev_init);
1095 hidp_session_get(session);
1096 list_add(&session->list, &hidp_session_list);
1097 ret = 0;
1098 goto out_unlock;
1100 out_del:
1101 if (session->input)
1102 hidp_session_dev_del(session);
1103 out_unlock:
1104 up_write(&hidp_session_sem);
1105 return ret;
1109 * Remove HIDP session
1110 * Called from the l2cap_conn core when either we explicitly unregistered
1111 * the l2cap_user object or if the underlying connection is shut down.
1112 * We signal the hidp-session thread to shut down, unregister the HID/input
1113 * devices and unlink the session from the global list.
1114 * This drops the reference to the session that is owned by the global
1115 * session-list.
1116 * Note: We _must_ not synchronosly wait for the session-thread to shut down.
1117 * This is, because the session-thread might be waiting for an HCI lock that is
1118 * held while we are called. Therefore, we only unregister the devices and
1119 * notify the session-thread to terminate. The thread itself owns a reference
1120 * to the session object so it can safely shut down.
1122 static void hidp_session_remove(struct l2cap_conn *conn,
1123 struct l2cap_user *user)
1125 struct hidp_session *session = container_of(user,
1126 struct hidp_session,
1127 user);
1129 down_write(&hidp_session_sem);
1131 hidp_session_terminate(session);
1133 cancel_work_sync(&session->dev_init);
1134 if (session->input ||
1135 atomic_read(&session->state) > HIDP_SESSION_PREPARING)
1136 hidp_session_dev_del(session);
1138 list_del(&session->list);
1140 up_write(&hidp_session_sem);
1142 hidp_session_put(session);
1146 * Session Worker
1147 * This performs the actual main-loop of the HIDP worker. We first check
1148 * whether the underlying connection is still alive, then parse all pending
1149 * messages and finally send all outstanding messages.
1151 static void hidp_session_run(struct hidp_session *session)
1153 struct sock *ctrl_sk = session->ctrl_sock->sk;
1154 struct sock *intr_sk = session->intr_sock->sk;
1155 struct sk_buff *skb;
1157 for (;;) {
1159 * This thread can be woken up two ways:
1160 * - You call hidp_session_terminate() which sets the
1161 * session->terminate flag and wakes this thread up.
1162 * - Via modifying the socket state of ctrl/intr_sock. This
1163 * thread is woken up by ->sk_state_changed().
1165 * Note: set_current_state() performs any necessary
1166 * memory-barriers for us.
1168 set_current_state(TASK_INTERRUPTIBLE);
1170 if (atomic_read(&session->terminate))
1171 break;
1173 if (ctrl_sk->sk_state != BT_CONNECTED ||
1174 intr_sk->sk_state != BT_CONNECTED)
1175 break;
1177 /* parse incoming intr-skbs */
1178 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
1179 skb_orphan(skb);
1180 if (!skb_linearize(skb))
1181 hidp_recv_intr_frame(session, skb);
1182 else
1183 kfree_skb(skb);
1186 /* send pending intr-skbs */
1187 hidp_process_transmit(session, &session->intr_transmit,
1188 session->intr_sock);
1190 /* parse incoming ctrl-skbs */
1191 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
1192 skb_orphan(skb);
1193 if (!skb_linearize(skb))
1194 hidp_recv_ctrl_frame(session, skb);
1195 else
1196 kfree_skb(skb);
1199 /* send pending ctrl-skbs */
1200 hidp_process_transmit(session, &session->ctrl_transmit,
1201 session->ctrl_sock);
1203 schedule();
1206 atomic_inc(&session->terminate);
1207 set_current_state(TASK_RUNNING);
1211 * HIDP session thread
1212 * This thread runs the I/O for a single HIDP session. Startup is synchronous
1213 * which allows us to take references to ourself here instead of doing that in
1214 * the caller.
1215 * When we are ready to run we notify the caller and call hidp_session_run().
1217 static int hidp_session_thread(void *arg)
1219 struct hidp_session *session = arg;
1220 wait_queue_t ctrl_wait, intr_wait;
1222 BT_DBG("session %p", session);
1224 /* initialize runtime environment */
1225 hidp_session_get(session);
1226 __module_get(THIS_MODULE);
1227 set_user_nice(current, -15);
1228 hidp_set_timer(session);
1230 init_waitqueue_entry(&ctrl_wait, current);
1231 init_waitqueue_entry(&intr_wait, current);
1232 add_wait_queue(sk_sleep(session->ctrl_sock->sk), &ctrl_wait);
1233 add_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1234 /* This memory barrier is paired with wq_has_sleeper(). See
1235 * sock_poll_wait() for more information why this is needed. */
1236 smp_mb();
1238 /* notify synchronous startup that we're ready */
1239 atomic_inc(&session->state);
1240 wake_up(&session->state_queue);
1242 /* run session */
1243 hidp_session_run(session);
1245 /* cleanup runtime environment */
1246 remove_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1247 remove_wait_queue(sk_sleep(session->intr_sock->sk), &ctrl_wait);
1248 wake_up_interruptible(&session->report_queue);
1249 hidp_del_timer(session);
1252 * If we stopped ourself due to any internal signal, we should try to
1253 * unregister our own session here to avoid having it linger until the
1254 * parent l2cap_conn dies or user-space cleans it up.
1255 * This does not deadlock as we don't do any synchronous shutdown.
1256 * Instead, this call has the same semantics as if user-space tried to
1257 * delete the session.
1259 l2cap_unregister_user(session->conn, &session->user);
1260 hidp_session_put(session);
1262 module_put_and_exit(0);
1263 return 0;
1266 static int hidp_verify_sockets(struct socket *ctrl_sock,
1267 struct socket *intr_sock)
1269 struct bt_sock *ctrl, *intr;
1270 struct hidp_session *session;
1272 if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock))
1273 return -EINVAL;
1275 ctrl = bt_sk(ctrl_sock->sk);
1276 intr = bt_sk(intr_sock->sk);
1278 if (bacmp(&ctrl->src, &intr->src) || bacmp(&ctrl->dst, &intr->dst))
1279 return -ENOTUNIQ;
1280 if (ctrl->sk.sk_state != BT_CONNECTED ||
1281 intr->sk.sk_state != BT_CONNECTED)
1282 return -EBADFD;
1284 /* early session check, we check again during session registration */
1285 session = hidp_session_find(&ctrl->dst);
1286 if (session) {
1287 hidp_session_put(session);
1288 return -EEXIST;
1291 return 0;
1294 int hidp_connection_add(struct hidp_connadd_req *req,
1295 struct socket *ctrl_sock,
1296 struct socket *intr_sock)
1298 struct hidp_session *session;
1299 struct l2cap_conn *conn;
1300 struct l2cap_chan *chan = l2cap_pi(ctrl_sock->sk)->chan;
1301 int ret;
1303 ret = hidp_verify_sockets(ctrl_sock, intr_sock);
1304 if (ret)
1305 return ret;
1307 conn = NULL;
1308 l2cap_chan_lock(chan);
1309 if (chan->conn) {
1310 l2cap_conn_get(chan->conn);
1311 conn = chan->conn;
1313 l2cap_chan_unlock(chan);
1315 if (!conn)
1316 return -EBADFD;
1318 ret = hidp_session_new(&session, &bt_sk(ctrl_sock->sk)->dst, ctrl_sock,
1319 intr_sock, req, conn);
1320 if (ret)
1321 goto out_conn;
1323 ret = l2cap_register_user(conn, &session->user);
1324 if (ret)
1325 goto out_session;
1327 ret = 0;
1329 out_session:
1330 hidp_session_put(session);
1331 out_conn:
1332 l2cap_conn_put(conn);
1333 return ret;
1336 int hidp_connection_del(struct hidp_conndel_req *req)
1338 struct hidp_session *session;
1340 session = hidp_session_find(&req->bdaddr);
1341 if (!session)
1342 return -ENOENT;
1344 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG))
1345 hidp_send_ctrl_message(session,
1346 HIDP_TRANS_HID_CONTROL |
1347 HIDP_CTRL_VIRTUAL_CABLE_UNPLUG,
1348 NULL, 0);
1349 else
1350 l2cap_unregister_user(session->conn, &session->user);
1352 hidp_session_put(session);
1354 return 0;
1357 int hidp_get_connlist(struct hidp_connlist_req *req)
1359 struct hidp_session *session;
1360 int err = 0, n = 0;
1362 BT_DBG("");
1364 down_read(&hidp_session_sem);
1366 list_for_each_entry(session, &hidp_session_list, list) {
1367 struct hidp_conninfo ci;
1369 hidp_copy_session(session, &ci);
1371 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1372 err = -EFAULT;
1373 break;
1376 if (++n >= req->cnum)
1377 break;
1379 req->ci++;
1381 req->cnum = n;
1383 up_read(&hidp_session_sem);
1384 return err;
1387 int hidp_get_conninfo(struct hidp_conninfo *ci)
1389 struct hidp_session *session;
1391 session = hidp_session_find(&ci->bdaddr);
1392 if (session) {
1393 hidp_copy_session(session, ci);
1394 hidp_session_put(session);
1397 return session ? 0 : -ENOENT;
1400 static int __init hidp_init(void)
1402 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1404 return hidp_init_sockets();
1407 static void __exit hidp_exit(void)
1409 hidp_cleanup_sockets();
1412 module_init(hidp_init);
1413 module_exit(hidp_exit);
1415 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1416 MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>");
1417 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1418 MODULE_VERSION(VERSION);
1419 MODULE_LICENSE("GPL");
1420 MODULE_ALIAS("bt-proto-6");