Linaro Git Browser
Code Review Sign In
review.linaro.org / kernel / linux-linaro-stable.git / 5205185d461d5902325e457ca80bd421127b7308 / . / net / bluetooth / hidp / core.c
blob: 481bbb8c7220a21b495c3684d6edabd4c39a1ee2 [file] [log] [blame]
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]1/*
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
David Herrmannb4f34d82013-04-06 20:28:46 +0200[diff] [blame]4 Copyright (C) 2013 David Herrmann <dh.herrmann@gmail.com>
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]21 SOFTWARE IS DISCLAIMED.
22*/
23
David Herrmannb4f34d82013-04-06 20:28:46 +0200[diff] [blame]24#include <linux/kref.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]25#include <linux/module.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]26#include <linux/file.h>
Szymon Jancaabf6f82011-04-05 15:37:45 +0200[diff] [blame]27#include <linux/kthread.h>
Marcel Holtmann364f6352009-08-22 14:15:53 -0700[diff] [blame]28#include <linux/hidraw.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]29
30#include <net/bluetooth/bluetooth.h>
Marcel Holtmann0a85b962006-07-06 13:09:02 +0200[diff] [blame]31#include <net/bluetooth/hci_core.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]32#include <net/bluetooth/l2cap.h>
33
34#include "hidp.h"
35
Marcel Holtmanne1aaadd2007-02-17 23:58:49 +0100[diff] [blame]36#define VERSION "1.2"
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]37
38static DECLARE_RWSEM(hidp_session_sem);
39static LIST_HEAD(hidp_session_list);
40
41static unsigned char hidp_keycode[256] = {
Szymon Janc17f09a72011-03-21 14:20:01 +0100[diff] [blame]42 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36,
43 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45,
44 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1,
45 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52,
46 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88,
47 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69,
48 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73,
49 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
50 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
51 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94,
52 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0,
53 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
54 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
55 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
56 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
57 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
58 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115,
59 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]60};
61
62static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
63
David Herrmannb4f34d82013-04-06 20:28:46 +0200[diff] [blame]64static int hidp_session_probe(struct l2cap_conn *conn,
65 struct l2cap_user *user);
66static void hidp_session_remove(struct l2cap_conn *conn,
67 struct l2cap_user *user);
68static int hidp_session_thread(void *arg);
69static void hidp_session_terminate(struct hidp_session *s);
70
David Herrmann3764eaa2013-04-06 20:28:43 +0200[diff] [blame]71static inline void hidp_schedule(struct hidp_session *session)
72{
73 struct sock *ctrl_sk = session->ctrl_sock->sk;
74 struct sock *intr_sk = session->intr_sock->sk;
75
76 wake_up_interruptible(sk_sleep(ctrl_sk));
77 wake_up_interruptible(sk_sleep(intr_sk));
78}
79
David Herrmann52051852013-04-06 20:28:47 +0200[diff] [blame^]80static void hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]81{
Vasiliy Kulikovd31dbf62010-10-30 18:26:31 +0400[diff] [blame]82 memset(ci, 0, sizeof(*ci));
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]83 bacpy(&ci->bdaddr, &session->bdaddr);
84
85 ci->flags = session->flags;
David Herrmanndcc07642013-04-06 20:28:40 +0200[diff] [blame]86 ci->state = BT_CONNECTED;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]87
88 ci->vendor = 0x0000;
89 ci->product = 0x0000;
90 ci->version = 0x0000;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]91
92 if (session->input) {
93 ci->vendor = session->input->id.vendor;
94 ci->product = session->input->id.product;
95 ci->version = session->input->id.version;
96 if (session->input->name)
97 strncpy(ci->name, session->input->name, 128);
98 else
99 strncpy(ci->name, "HID Boot Device", 128);
100 }
Marcel Holtmanne1aaadd2007-02-17 23:58:49 +0100[diff] [blame]101
102 if (session->hid) {
103 ci->vendor = session->hid->vendor;
104 ci->product = session->hid->product;
105 ci->version = session->hid->version;
106 strncpy(ci->name, session->hid->name, 128);
107 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]108}
109
Andrew Morton91f5cca2008-02-05 03:07:58 -0800[diff] [blame]110static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
111 unsigned int type, unsigned int code, int value)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]112{
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]113 unsigned char newleds;
Marcel Holtmanne1aaadd2007-02-17 23:58:49 +0100[diff] [blame]114 struct sk_buff *skb;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]115
Marcel Holtmanne1aaadd2007-02-17 23:58:49 +0100[diff] [blame]116 BT_DBG("session %p type %d code %d value %d", session, type, code, value);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]117
118 if (type != EV_LED)
119 return -1;
120
121 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
122 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
123 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
124 (!!test_bit(LED_CAPSL, dev->led) << 1) |
125 (!!test_bit(LED_NUML, dev->led));
126
127 if (session->leds == newleds)
128 return 0;
129
130 session->leds = newleds;
131
Andrei Emeltchenko5a08ecc2011-01-11 17:20:20 +0200[diff] [blame]132 skb = alloc_skb(3, GFP_ATOMIC);
133 if (!skb) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]134 BT_ERR("Can't allocate memory for new frame");
135 return -ENOMEM;
136 }
137
138 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
139 *skb_put(skb, 1) = 0x01;
140 *skb_put(skb, 1) = newleds;
141
142 skb_queue_tail(&session->intr_transmit, skb);
143
144 hidp_schedule(session);
145
146 return 0;
147}
148
Marcel Holtmanne1aaadd2007-02-17 23:58:49 +0100[diff] [blame]149static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
150{
Marcel Holtmann5be39462007-05-09 09:15:30 +0200[diff] [blame]151 struct hid_device *hid = input_get_drvdata(dev);
Marcel Holtmanne1aaadd2007-02-17 23:58:49 +0100[diff] [blame]152 struct hidp_session *session = hid->driver_data;
153
154 return hidp_queue_event(session, dev, type, code, value);
155}
156
157static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
158{
Marcel Holtmann5be39462007-05-09 09:15:30 +0200[diff] [blame]159 struct hidp_session *session = input_get_drvdata(dev);
Marcel Holtmanne1aaadd2007-02-17 23:58:49 +0100[diff] [blame]160
161 return hidp_queue_event(session, dev, type, code, value);
162}
163
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]164static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
165{
166 struct input_dev *dev = session->input;
167 unsigned char *keys = session->keys;
168 unsigned char *udata = skb->data + 1;
169 signed char *sdata = skb->data + 1;
170 int i, size = skb->len - 1;
171
172 switch (skb->data[0]) {
173 case 0x01: /* Keyboard report */
174 for (i = 0; i < 8; i++)
175 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
176
177 /* If all the key codes have been set to 0x01, it means
178 * too many keys were pressed at the same time. */
179 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
180 break;
181
182 for (i = 2; i < 8; i++) {
183 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
184 if (hidp_keycode[keys[i]])
185 input_report_key(dev, hidp_keycode[keys[i]], 0);
186 else
187 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
188 }
189
190 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
191 if (hidp_keycode[udata[i]])
192 input_report_key(dev, hidp_keycode[udata[i]], 1);
193 else
194 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
195 }
196 }
197
198 memcpy(keys, udata, 8);
199 break;
200
201 case 0x02: /* Mouse report */
202 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
203 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
204 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
205 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
206 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
207
208 input_report_rel(dev, REL_X, sdata[1]);
209 input_report_rel(dev, REL_Y, sdata[2]);
210
211 if (size > 3)
212 input_report_rel(dev, REL_WHEEL, sdata[3]);
213 break;
214 }
215
216 input_sync(dev);
217}
218
Bastien Nocera6bf82682010-01-20 12:00:42 +0000[diff] [blame]219static int __hidp_send_ctrl_message(struct hidp_session *session,
Gustavo Padovan1d0c4da2012-06-09 19:22:42 -0300[diff] [blame]220 unsigned char hdr, unsigned char *data,
221 int size)
Bastien Nocera6bf82682010-01-20 12:00:42 +0000[diff] [blame]222{
223 struct sk_buff *skb;
224
225 BT_DBG("session %p data %p size %d", session, data, size);
226
David Herrmann794d1752011-08-26 14:06:02 +0200[diff] [blame]227 if (atomic_read(&session->terminate))
228 return -EIO;
229
Andrei Emeltchenko5a08ecc2011-01-11 17:20:20 +0200[diff] [blame]230 skb = alloc_skb(size + 1, GFP_ATOMIC);
231 if (!skb) {
Bastien Nocera6bf82682010-01-20 12:00:42 +0000[diff] [blame]232 BT_ERR("Can't allocate memory for new frame");
233 return -ENOMEM;
234 }
235
236 *skb_put(skb, 1) = hdr;
237 if (data && size > 0)
238 memcpy(skb_put(skb, size), data, size);
239
240 skb_queue_tail(&session->ctrl_transmit, skb);
241
242 return 0;
243}
244
Gustavo Padovan6039aa72012-05-23 04:04:18 -0300[diff] [blame]245static int hidp_send_ctrl_message(struct hidp_session *session,
Bastien Nocera6bf82682010-01-20 12:00:42 +0000[diff] [blame]246 unsigned char hdr, unsigned char *data, int size)
247{
248 int err;
249
250 err = __hidp_send_ctrl_message(session, hdr, data, size);
251
252 hidp_schedule(session);
253
254 return err;
255}
256
Andrew Morton91f5cca2008-02-05 03:07:58 -0800[diff] [blame]257static int hidp_queue_report(struct hidp_session *session,
258 unsigned char *data, int size)
Marcel Holtmanne1aaadd2007-02-17 23:58:49 +0100[diff] [blame]259{
260 struct sk_buff *skb;
261
Dave Young6792b5e2007-10-20 14:15:39 +0200[diff] [blame]262 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
Marcel Holtmanne1aaadd2007-02-17 23:58:49 +0100[diff] [blame]263
Andrei Emeltchenko5a08ecc2011-01-11 17:20:20 +0200[diff] [blame]264 skb = alloc_skb(size + 1, GFP_ATOMIC);
265 if (!skb) {
Marcel Holtmanne1aaadd2007-02-17 23:58:49 +0100[diff] [blame]266 BT_ERR("Can't allocate memory for new frame");
267 return -ENOMEM;
268 }
269
270 *skb_put(skb, 1) = 0xa2;
271 if (size > 0)
272 memcpy(skb_put(skb, size), data, size);
273
274 skb_queue_tail(&session->intr_transmit, skb);
275
276 hidp_schedule(session);
277
278 return 0;
279}
280
281static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
282{
283 unsigned char buf[32];
284 int rsize;
285
286 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
287 if (rsize > sizeof(buf))
288 return -EIO;
289
290 hid_output_report(report, buf);
291
292 return hidp_queue_report(session, buf, rsize);
293}
294
Alan Ott0ff17312011-01-18 03:04:40 -0500[diff] [blame]295static int hidp_get_raw_report(struct hid_device *hid,
296 unsigned char report_number,
297 unsigned char *data, size_t count,
Jiri Kosinad4bfa032010-01-29 15:03:36 +0100[diff] [blame]298 unsigned char report_type)
Jiri Kosina2da31932009-11-26 16:20:56 +0100[diff] [blame]299{
Alan Ott0ff17312011-01-18 03:04:40 -0500[diff] [blame]300 struct hidp_session *session = hid->driver_data;
301 struct sk_buff *skb;
302 size_t len;
303 int numbered_reports = hid->report_enum[report_type].numbered;
David Herrmann794d1752011-08-26 14:06:02 +0200[diff] [blame]304 int ret;
Alan Ott0ff17312011-01-18 03:04:40 -0500[diff] [blame]305
Karl Reltonfd86c9b2013-02-20 18:16:19 +0000[diff] [blame]306 if (atomic_read(&session->terminate))
307 return -EIO;
308
Jiri Kosinad4bfa032010-01-29 15:03:36 +0100[diff] [blame]309 switch (report_type) {
310 case HID_FEATURE_REPORT:
Alan Ott0ff17312011-01-18 03:04:40 -0500[diff] [blame]311 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
312 break;
313 case HID_INPUT_REPORT:
314 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
Jiri Kosinad4bfa032010-01-29 15:03:36 +0100[diff] [blame]315 break;
316 case HID_OUTPUT_REPORT:
Alan Ott0ff17312011-01-18 03:04:40 -0500[diff] [blame]317 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
Jiri Kosinad4bfa032010-01-29 15:03:36 +0100[diff] [blame]318 break;
319 default:
320 return -EINVAL;
321 }
322
Alan Ott0ff17312011-01-18 03:04:40 -0500[diff] [blame]323 if (mutex_lock_interruptible(&session->report_mutex))
324 return -ERESTARTSYS;
325
326 /* Set up our wait, and send the report request to the device. */
327 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
328 session->waiting_report_number = numbered_reports ? report_number : -1;
329 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
330 data[0] = report_number;
David Herrmann794d1752011-08-26 14:06:02 +0200[diff] [blame]331 ret = hidp_send_ctrl_message(hid->driver_data, report_type, data, 1);
332 if (ret)
333 goto err;
Alan Ott0ff17312011-01-18 03:04:40 -0500[diff] [blame]334
335 /* Wait for the return of the report. The returned report
336 gets put in session->report_return. */
David Herrmanne3492dc2013-04-06 20:28:41 +0200[diff] [blame]337 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
338 !atomic_read(&session->terminate)) {
Alan Ott0ff17312011-01-18 03:04:40 -0500[diff] [blame]339 int res;
340
341 res = wait_event_interruptible_timeout(session->report_queue,
David Herrmanne3492dc2013-04-06 20:28:41 +0200[diff] [blame]342 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)
343 || atomic_read(&session->terminate),
Alan Ott0ff17312011-01-18 03:04:40 -0500[diff] [blame]344 5*HZ);
345 if (res == 0) {
346 /* timeout */
David Herrmann794d1752011-08-26 14:06:02 +0200[diff] [blame]347 ret = -EIO;
348 goto err;
Alan Ott0ff17312011-01-18 03:04:40 -0500[diff] [blame]349 }
350 if (res < 0) {
351 /* signal */
David Herrmann794d1752011-08-26 14:06:02 +0200[diff] [blame]352 ret = -ERESTARTSYS;
353 goto err;
Alan Ott0ff17312011-01-18 03:04:40 -0500[diff] [blame]354 }
355 }
356
357 skb = session->report_return;
358 if (skb) {
359 len = skb->len < count ? skb->len : count;
360 memcpy(data, skb->data, len);
361
362 kfree_skb(skb);
363 session->report_return = NULL;
364 } else {
365 /* Device returned a HANDSHAKE, indicating protocol error. */
366 len = -EIO;
367 }
368
369 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
370 mutex_unlock(&session->report_mutex);
371
372 return len;
373
David Herrmann794d1752011-08-26 14:06:02 +0200[diff] [blame]374err:
Alan Ott0ff17312011-01-18 03:04:40 -0500[diff] [blame]375 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
376 mutex_unlock(&session->report_mutex);
David Herrmann794d1752011-08-26 14:06:02 +0200[diff] [blame]377 return ret;
Alan Ott0ff17312011-01-18 03:04:40 -0500[diff] [blame]378}
379
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]380static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
Jiri Kosina2da31932009-11-26 16:20:56 +0100[diff] [blame]381 unsigned char report_type)
382{
Alan Ott08254112011-01-18 03:04:38 -0500[diff] [blame]383 struct hidp_session *session = hid->driver_data;
384 int ret;
385
Jiri Kosinad4bfa032010-01-29 15:03:36 +0100[diff] [blame]386 switch (report_type) {
387 case HID_FEATURE_REPORT:
388 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
389 break;
390 case HID_OUTPUT_REPORT:
Antonio Ospite97e1efb2011-02-20 18:26:46 +0100[diff] [blame]391 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT;
Jiri Kosinad4bfa032010-01-29 15:03:36 +0100[diff] [blame]392 break;
393 default:
394 return -EINVAL;
395 }
396
Alan Ott08254112011-01-18 03:04:38 -0500[diff] [blame]397 if (mutex_lock_interruptible(&session->report_mutex))
398 return -ERESTARTSYS;
399
400 /* Set up our wait, and send the report request to the device. */
401 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
David Herrmann794d1752011-08-26 14:06:02 +0200[diff] [blame]402 ret = hidp_send_ctrl_message(hid->driver_data, report_type, data,
403 count);
404 if (ret)
Alan Ott08254112011-01-18 03:04:38 -0500[diff] [blame]405 goto err;
Alan Ott08254112011-01-18 03:04:38 -0500[diff] [blame]406
407 /* Wait for the ACK from the device. */
David Herrmanne3492dc2013-04-06 20:28:41 +0200[diff] [blame]408 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) &&
409 !atomic_read(&session->terminate)) {
Alan Ott08254112011-01-18 03:04:38 -0500[diff] [blame]410 int res;
411
412 res = wait_event_interruptible_timeout(session->report_queue,
David Herrmanne3492dc2013-04-06 20:28:41 +0200[diff] [blame]413 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)
414 || atomic_read(&session->terminate),
Alan Ott08254112011-01-18 03:04:38 -0500[diff] [blame]415 10*HZ);
416 if (res == 0) {
417 /* timeout */
418 ret = -EIO;
419 goto err;
420 }
421 if (res < 0) {
422 /* signal */
423 ret = -ERESTARTSYS;
424 goto err;
425 }
426 }
427
428 if (!session->output_report_success) {
429 ret = -EIO;
430 goto err;
431 }
432
433 ret = count;
434
435err:
436 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
437 mutex_unlock(&session->report_mutex);
438 return ret;
Jiri Kosina2da31932009-11-26 16:20:56 +0100[diff] [blame]439}
440
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]441static void hidp_idle_timeout(unsigned long arg)
442{
443 struct hidp_session *session = (struct hidp_session *) arg;
444
David Herrmann52051852013-04-06 20:28:47 +0200[diff] [blame^]445 hidp_session_terminate(session);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]446}
447
Andrew Morton91f5cca2008-02-05 03:07:58 -0800[diff] [blame]448static void hidp_set_timer(struct hidp_session *session)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]449{
450 if (session->idle_to > 0)
451 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
452}
453
Gustavo Padovan6039aa72012-05-23 04:04:18 -0300[diff] [blame]454static void hidp_del_timer(struct hidp_session *session)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]455{
456 if (session->idle_to > 0)
457 del_timer(&session->timer);
458}
459
Andrew Morton91f5cca2008-02-05 03:07:58 -0800[diff] [blame]460static void hidp_process_handshake(struct hidp_session *session,
461 unsigned char param)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]462{
463 BT_DBG("session %p param 0x%02x", session, param);
Alan Ott08254112011-01-18 03:04:38 -0500[diff] [blame]464 session->output_report_success = 0; /* default condition */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]465
466 switch (param) {
467 case HIDP_HSHK_SUCCESSFUL:
468 /* FIXME: Call into SET_ GET_ handlers here */
Alan Ott08254112011-01-18 03:04:38 -0500[diff] [blame]469 session->output_report_success = 1;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]470 break;
471
472 case HIDP_HSHK_NOT_READY:
473 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
474 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
475 case HIDP_HSHK_ERR_INVALID_PARAMETER:
Gustavo F. Padovanab88f712011-10-06 22:05:37 -0300[diff] [blame]476 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags))
Alan Ott0ff17312011-01-18 03:04:40 -0500[diff] [blame]477 wake_up_interruptible(&session->report_queue);
Gustavo F. Padovanab88f712011-10-06 22:05:37 -0300[diff] [blame]478
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]479 /* FIXME: Call into SET_ GET_ handlers here */
480 break;
481
482 case HIDP_HSHK_ERR_UNKNOWN:
483 break;
484
485 case HIDP_HSHK_ERR_FATAL:
486 /* Device requests a reboot, as this is the only way this error
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]487 * can be recovered. */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]488 __hidp_send_ctrl_message(session,
489 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
490 break;
491
492 default:
493 __hidp_send_ctrl_message(session,
494 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
495 break;
496 }
Alan Ott08254112011-01-18 03:04:38 -0500[diff] [blame]497
498 /* Wake up the waiting thread. */
Gustavo F. Padovanab88f712011-10-06 22:05:37 -0300[diff] [blame]499 if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags))
Alan Ott08254112011-01-18 03:04:38 -0500[diff] [blame]500 wake_up_interruptible(&session->report_queue);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]501}
502
Andrew Morton91f5cca2008-02-05 03:07:58 -0800[diff] [blame]503static void hidp_process_hid_control(struct hidp_session *session,
504 unsigned char param)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]505{
506 BT_DBG("session %p param 0x%02x", session, param);
507
Dave Youngeff001e2008-02-05 03:07:14 -0800[diff] [blame]508 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]509 /* Flush the transmit queues */
510 skb_queue_purge(&session->ctrl_transmit);
511 skb_queue_purge(&session->intr_transmit);
512
David Herrmann52051852013-04-06 20:28:47 +0200[diff] [blame^]513 hidp_session_terminate(session);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]514 }
515}
516
Alan Ott0ff17312011-01-18 03:04:40 -0500[diff] [blame]517/* Returns true if the passed-in skb should be freed by the caller. */
518static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
Andrew Morton91f5cca2008-02-05 03:07:58 -0800[diff] [blame]519 unsigned char param)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]520{
Alan Ott0ff17312011-01-18 03:04:40 -0500[diff] [blame]521 int done_with_skb = 1;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]522 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
523
524 switch (param) {
525 case HIDP_DATA_RTYPE_INPUT:
526 hidp_set_timer(session);
527
528 if (session->input)
529 hidp_input_report(session, skb);
Marcel Holtmanne1aaadd2007-02-17 23:58:49 +0100[diff] [blame]530
531 if (session->hid)
532 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]533 break;
534
535 case HIDP_DATA_RTYPE_OTHER:
536 case HIDP_DATA_RTYPE_OUPUT:
537 case HIDP_DATA_RTYPE_FEATURE:
538 break;
539
540 default:
541 __hidp_send_ctrl_message(session,
542 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
543 }
Alan Ott0ff17312011-01-18 03:04:40 -0500[diff] [blame]544
545 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
546 param == session->waiting_report_type) {
547 if (session->waiting_report_number < 0 ||
548 session->waiting_report_number == skb->data[0]) {
549 /* hidp_get_raw_report() is waiting on this report. */
550 session->report_return = skb;
551 done_with_skb = 0;
552 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
553 wake_up_interruptible(&session->report_queue);
554 }
555 }
556
557 return done_with_skb;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]558}
559
Andrew Morton91f5cca2008-02-05 03:07:58 -0800[diff] [blame]560static void hidp_recv_ctrl_frame(struct hidp_session *session,
561 struct sk_buff *skb)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]562{
563 unsigned char hdr, type, param;
Alan Ott0ff17312011-01-18 03:04:40 -0500[diff] [blame]564 int free_skb = 1;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]565
566 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
567
568 hdr = skb->data[0];
569 skb_pull(skb, 1);
570
571 type = hdr & HIDP_HEADER_TRANS_MASK;
572 param = hdr & HIDP_HEADER_PARAM_MASK;
573
574 switch (type) {
575 case HIDP_TRANS_HANDSHAKE:
576 hidp_process_handshake(session, param);
577 break;
578
579 case HIDP_TRANS_HID_CONTROL:
580 hidp_process_hid_control(session, param);
581 break;
582
583 case HIDP_TRANS_DATA:
Alan Ott0ff17312011-01-18 03:04:40 -0500[diff] [blame]584 free_skb = hidp_process_data(session, skb, param);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]585 break;
586
587 default:
588 __hidp_send_ctrl_message(session,
589 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
590 break;
591 }
592
Alan Ott0ff17312011-01-18 03:04:40 -0500[diff] [blame]593 if (free_skb)
594 kfree_skb(skb);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]595}
596
Andrew Morton91f5cca2008-02-05 03:07:58 -0800[diff] [blame]597static void hidp_recv_intr_frame(struct hidp_session *session,
598 struct sk_buff *skb)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]599{
600 unsigned char hdr;
601
602 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
603
604 hdr = skb->data[0];
605 skb_pull(skb, 1);
606
607 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
608 hidp_set_timer(session);
Marcel Holtmanne1aaadd2007-02-17 23:58:49 +0100[diff] [blame]609
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]610 if (session->input)
611 hidp_input_report(session, skb);
Marcel Holtmanne1aaadd2007-02-17 23:58:49 +0100[diff] [blame]612
613 if (session->hid) {
614 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
615 BT_DBG("report len %d", skb->len);
616 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]617 } else {
618 BT_DBG("Unsupported protocol header 0x%02x", hdr);
619 }
620
621 kfree_skb(skb);
622}
623
624static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
625{
626 struct kvec iv = { data, len };
627 struct msghdr msg;
628
629 BT_DBG("sock %p data %p len %d", sock, data, len);
630
631 if (!len)
632 return 0;
633
634 memset(&msg, 0, sizeof(msg));
635
636 return kernel_sendmsg(sock, &msg, &iv, 1, len);
637}
638
Gustavo F. Padovan679344e2011-10-06 20:51:37 -0300[diff] [blame]639static void hidp_process_intr_transmit(struct hidp_session *session)
640{
641 struct sk_buff *skb;
642
643 BT_DBG("session %p", session);
644
645 while ((skb = skb_dequeue(&session->intr_transmit))) {
646 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
647 skb_queue_head(&session->intr_transmit, skb);
648 break;
649 }
650
651 hidp_set_timer(session);
652 kfree_skb(skb);
653 }
654}
655
656static void hidp_process_ctrl_transmit(struct hidp_session *session)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]657{
658 struct sk_buff *skb;
659
660 BT_DBG("session %p", session);
661
662 while ((skb = skb_dequeue(&session->ctrl_transmit))) {
663 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
664 skb_queue_head(&session->ctrl_transmit, skb);
665 break;
666 }
667
668 hidp_set_timer(session);
669 kfree_skb(skb);
670 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]671}
672
Andrew Morton91f5cca2008-02-05 03:07:58 -0800[diff] [blame]673static int hidp_setup_input(struct hidp_session *session,
674 struct hidp_connadd_req *req)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]675{
Jiri Slabyc500c972008-05-16 11:49:16 +0200[diff] [blame]676 struct input_dev *input;
Gustavo F. Padovan3415a5f2011-10-06 21:17:32 -0300[diff] [blame]677 int i;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]678
Jiri Slabyc500c972008-05-16 11:49:16 +0200[diff] [blame]679 input = input_allocate_device();
680 if (!input)
681 return -ENOMEM;
682
683 session->input = input;
684
Marcel Holtmann5be39462007-05-09 09:15:30 +0200[diff] [blame]685 input_set_drvdata(input, session);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]686
Dmitry Torokhov34abf912005-09-15 02:01:40 -0500[diff] [blame]687 input->name = "Bluetooth HID Boot Protocol Device";
688
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]689 input->id.bustype = BUS_BLUETOOTH;
690 input->id.vendor = req->vendor;
691 input->id.product = req->product;
692 input->id.version = req->version;
693
694 if (req->subclass & 0x40) {
695 set_bit(EV_KEY, input->evbit);
696 set_bit(EV_LED, input->evbit);
697 set_bit(EV_REP, input->evbit);
698
699 set_bit(LED_NUML, input->ledbit);
700 set_bit(LED_CAPSL, input->ledbit);
701 set_bit(LED_SCROLLL, input->ledbit);
702 set_bit(LED_COMPOSE, input->ledbit);
703 set_bit(LED_KANA, input->ledbit);
704
705 for (i = 0; i < sizeof(hidp_keycode); i++)
706 set_bit(hidp_keycode[i], input->keybit);
707 clear_bit(0, input->keybit);
708 }
709
710 if (req->subclass & 0x80) {
Jiri Slaby7b19ada2007-10-18 23:40:32 -0700[diff] [blame]711 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
712 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
713 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
714 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
715 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
716 BIT_MASK(BTN_EXTRA);
717 input->relbit[0] |= BIT_MASK(REL_WHEEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]718 }
719
David Herrmann52051852013-04-06 20:28:47 +0200[diff] [blame^]720 input->dev.parent = &session->conn->hcon->dev;
Marcel Holtmann0a85b962006-07-06 13:09:02 +0200[diff] [blame]721
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]722 input->event = hidp_input_event;
723
Marcel Holtmannedad6382009-08-22 14:22:15 -0700[diff] [blame]724 return 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]725}
726
Marcel Holtmannf5ffd462007-02-17 23:58:53 +0100[diff] [blame]727static int hidp_open(struct hid_device *hid)
728{
729 return 0;
730}
731
732static void hidp_close(struct hid_device *hid)
733{
734}
735
Jiri Slabyc500c972008-05-16 11:49:16 +0200[diff] [blame]736static int hidp_parse(struct hid_device *hid)
737{
738 struct hidp_session *session = hid->driver_data;
Jiri Slabyc500c972008-05-16 11:49:16 +0200[diff] [blame]739
Michael Poole15c697c2010-02-05 12:23:43 -0500[diff] [blame]740 return hid_parse_report(session->hid, session->rd_data,
741 session->rd_size);
Jiri Slabyc500c972008-05-16 11:49:16 +0200[diff] [blame]742}
743
744static int hidp_start(struct hid_device *hid)
745{
746 struct hidp_session *session = hid->driver_data;
747 struct hid_report *report;
748
David Herrmann142c69c2011-08-26 13:27:12 +0200[diff] [blame]749 if (hid->quirks & HID_QUIRK_NO_INIT_REPORTS)
750 return 0;
751
Jiri Slabyc500c972008-05-16 11:49:16 +0200[diff] [blame]752 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
753 report_list, list)
754 hidp_send_report(session, report);
755
756 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
757 report_list, list)
758 hidp_send_report(session, report);
759
Jiri Slabyc500c972008-05-16 11:49:16 +0200[diff] [blame]760 return 0;
761}
762
763static void hidp_stop(struct hid_device *hid)
764{
765 struct hidp_session *session = hid->driver_data;
766
767 skb_queue_purge(&session->ctrl_transmit);
768 skb_queue_purge(&session->intr_transmit);
769
Jiri Slabyc500c972008-05-16 11:49:16 +0200[diff] [blame]770 hid->claimed = 0;
771}
772
773static struct hid_ll_driver hidp_hid_driver = {
774 .parse = hidp_parse,
775 .start = hidp_start,
776 .stop = hidp_stop,
777 .open = hidp_open,
778 .close = hidp_close,
779 .hidinput_input_event = hidp_hidinput_event,
780};
781
Alan Ott0f69dca2011-01-18 03:04:37 -0500[diff] [blame]782/* This function sets up the hid device. It does not add it
783 to the HID system. That is done in hidp_add_connection(). */
Jiri Slaby85cdaf52008-05-16 11:49:15 +0200[diff] [blame]784static int hidp_setup_hid(struct hidp_session *session,
Andrew Morton91f5cca2008-02-05 03:07:58 -0800[diff] [blame]785 struct hidp_connadd_req *req)
Marcel Holtmanne1aaadd2007-02-17 23:58:49 +0100[diff] [blame]786{
Jiri Slabyc500c972008-05-16 11:49:16 +0200[diff] [blame]787 struct hid_device *hid;
Marcel Holtmannedad6382009-08-22 14:22:15 -0700[diff] [blame]788 int err;
Marcel Holtmanne1aaadd2007-02-17 23:58:49 +0100[diff] [blame]789
Michael Poole15c697c2010-02-05 12:23:43 -0500[diff] [blame]790 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
791 if (!session->rd_data)
792 return -ENOMEM;
793
794 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
795 err = -EFAULT;
796 goto fault;
797 }
798 session->rd_size = req->rd_size;
799
Jiri Slabyc500c972008-05-16 11:49:16 +0200[diff] [blame]800 hid = hid_allocate_device();
Michael Poole15c697c2010-02-05 12:23:43 -0500[diff] [blame]801 if (IS_ERR(hid)) {
802 err = PTR_ERR(hid);
803 goto fault;
804 }
Marcel Holtmanne1aaadd2007-02-17 23:58:49 +0100[diff] [blame]805
Jiri Slabyc500c972008-05-16 11:49:16 +0200[diff] [blame]806 session->hid = hid;
Michael Poole15c697c2010-02-05 12:23:43 -0500[diff] [blame]807
Marcel Holtmanne1aaadd2007-02-17 23:58:49 +0100[diff] [blame]808 hid->driver_data = session;
809
Marcel Holtmanne1aaadd2007-02-17 23:58:49 +0100[diff] [blame]810 hid->bus = BUS_BLUETOOTH;
811 hid->vendor = req->vendor;
812 hid->product = req->product;
813 hid->version = req->version;
Jiri Slabyc500c972008-05-16 11:49:16 +0200[diff] [blame]814 hid->country = req->country;
Marcel Holtmanne1aaadd2007-02-17 23:58:49 +0100[diff] [blame]815
Anderson Lizardo0a9ab9b2013-01-06 18:28:53 -0400[diff] [blame]816 strncpy(hid->name, req->name, sizeof(req->name) - 1);
Andrei Emeltchenkofcb73332012-09-25 12:49:44 +0300[diff] [blame]817
818 snprintf(hid->phys, sizeof(hid->phys), "%pMR",
819 &bt_sk(session->ctrl_sock->sk)->src);
820
821 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
822 &bt_sk(session->ctrl_sock->sk)->dst);
Marcel Holtmanne1aaadd2007-02-17 23:58:49 +0100[diff] [blame]823
David Herrmann52051852013-04-06 20:28:47 +0200[diff] [blame^]824 hid->dev.parent = &session->conn->hcon->dev;
Jiri Slabyc500c972008-05-16 11:49:16 +0200[diff] [blame]825 hid->ll_driver = &hidp_hid_driver;
Jiri Slaby85cdaf52008-05-16 11:49:15 +0200[diff] [blame]826
Alan Ott0ff17312011-01-18 03:04:40 -0500[diff] [blame]827 hid->hid_get_raw_report = hidp_get_raw_report;
Jiri Kosina2da31932009-11-26 16:20:56 +0100[diff] [blame]828 hid->hid_output_raw_report = hidp_output_raw_report;
829
Lamarque V. Souza4529eef2012-12-06 12:39:55 -0200[diff] [blame]830 /* True if device is blacklisted in drivers/hid/hid-core.c */
831 if (hid_ignore(hid)) {
832 hid_destroy_device(session->hid);
833 session->hid = NULL;
834 return -ENODEV;
835 }
836
Jiri Slabyc500c972008-05-16 11:49:16 +0200[diff] [blame]837 return 0;
Marcel Holtmannedad6382009-08-22 14:22:15 -0700[diff] [blame]838
Michael Poole15c697c2010-02-05 12:23:43 -0500[diff] [blame]839fault:
840 kfree(session->rd_data);
841 session->rd_data = NULL;
842
Marcel Holtmannedad6382009-08-22 14:22:15 -0700[diff] [blame]843 return err;
Marcel Holtmanne1aaadd2007-02-17 23:58:49 +0100[diff] [blame]844}
845
David Herrmannb4f34d82013-04-06 20:28:46 +0200[diff] [blame]846/* initialize session devices */
847static int hidp_session_dev_init(struct hidp_session *session,
848 struct hidp_connadd_req *req)
849{
850 int ret;
851
852 if (req->rd_size > 0) {
853 ret = hidp_setup_hid(session, req);
854 if (ret && ret != -ENODEV)
855 return ret;
856 }
857
858 if (!session->hid) {
859 ret = hidp_setup_input(session, req);
860 if (ret < 0)
861 return ret;
862 }
863
864 return 0;
865}
866
867/* destroy session devices */
868static void hidp_session_dev_destroy(struct hidp_session *session)
869{
870 if (session->hid)
871 put_device(&session->hid->dev);
872 else if (session->input)
873 input_put_device(session->input);
874
875 kfree(session->rd_data);
876 session->rd_data = NULL;
877}
878
879/* add HID/input devices to their underlying bus systems */
880static int hidp_session_dev_add(struct hidp_session *session)
881{
882 int ret;
883
884 /* Both HID and input systems drop a ref-count when unregistering the
885 * device but they don't take a ref-count when registering them. Work
886 * around this by explicitly taking a refcount during registration
887 * which is dropped automatically by unregistering the devices. */
888
889 if (session->hid) {
890 ret = hid_add_device(session->hid);
891 if (ret)
892 return ret;
893 get_device(&session->hid->dev);
894 } else if (session->input) {
895 ret = input_register_device(session->input);
896 if (ret)
897 return ret;
898 input_get_device(session->input);
899 }
900
901 return 0;
902}
903
904/* remove HID/input devices from their bus systems */
905static void hidp_session_dev_del(struct hidp_session *session)
906{
907 if (session->hid)
908 hid_destroy_device(session->hid);
909 else if (session->input)
910 input_unregister_device(session->input);
911}
912
913/*
914 * Create new session object
915 * Allocate session object, initialize static fields, copy input data into the
916 * object and take a reference to all sub-objects.
917 * This returns 0 on success and puts a pointer to the new session object in
918 * \out. Otherwise, an error code is returned.
919 * The new session object has an initial ref-count of 1.
920 */
921static int hidp_session_new(struct hidp_session **out, const bdaddr_t *bdaddr,
922 struct socket *ctrl_sock,
923 struct socket *intr_sock,
924 struct hidp_connadd_req *req,
925 struct l2cap_conn *conn)
926{
927 struct hidp_session *session;
928 int ret;
929 struct bt_sock *ctrl, *intr;
930
931 ctrl = bt_sk(ctrl_sock->sk);
932 intr = bt_sk(intr_sock->sk);
933
934 session = kzalloc(sizeof(*session), GFP_KERNEL);
935 if (!session)
936 return -ENOMEM;
937
938 /* object and runtime management */
939 kref_init(&session->ref);
940 atomic_set(&session->state, HIDP_SESSION_IDLING);
941 init_waitqueue_head(&session->state_queue);
942 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
943
944 /* connection management */
945 bacpy(&session->bdaddr, bdaddr);
946 session->conn = conn;
947 session->user.probe = hidp_session_probe;
948 session->user.remove = hidp_session_remove;
949 session->ctrl_sock = ctrl_sock;
950 session->intr_sock = intr_sock;
951 skb_queue_head_init(&session->ctrl_transmit);
952 skb_queue_head_init(&session->intr_transmit);
953 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl)->chan->omtu,
954 l2cap_pi(ctrl)->chan->imtu);
955 session->intr_mtu = min_t(uint, l2cap_pi(intr)->chan->omtu,
956 l2cap_pi(intr)->chan->imtu);
957 session->idle_to = req->idle_to;
958
959 /* device management */
960 setup_timer(&session->timer, hidp_idle_timeout,
961 (unsigned long)session);
962
963 /* session data */
964 mutex_init(&session->report_mutex);
965 init_waitqueue_head(&session->report_queue);
966
967 ret = hidp_session_dev_init(session, req);
968 if (ret)
969 goto err_free;
970
971 l2cap_conn_get(session->conn);
972 get_file(session->intr_sock->file);
973 get_file(session->ctrl_sock->file);
974 *out = session;
975 return 0;
976
977err_free:
978 kfree(session);
979 return ret;
980}
981
982/* increase ref-count of the given session by one */
983static void hidp_session_get(struct hidp_session *session)
984{
985 kref_get(&session->ref);
986}
987
988/* release callback */
989static void session_free(struct kref *ref)
990{
991 struct hidp_session *session = container_of(ref, struct hidp_session,
992 ref);
993
994 hidp_session_dev_destroy(session);
995 skb_queue_purge(&session->ctrl_transmit);
996 skb_queue_purge(&session->intr_transmit);
997 fput(session->intr_sock->file);
998 fput(session->ctrl_sock->file);
999 l2cap_conn_put(session->conn);
1000 kfree(session);
1001}
1002
1003/* decrease ref-count of the given session by one */
1004static void hidp_session_put(struct hidp_session *session)
1005{
1006 kref_put(&session->ref, session_free);
1007}
1008
1009/*
1010 * Search the list of active sessions for a session with target address
1011 * \bdaddr. You must hold at least a read-lock on \hidp_session_sem. As long as
1012 * you do not release this lock, the session objects cannot vanish and you can
1013 * safely take a reference to the session yourself.
1014 */
1015static struct hidp_session *__hidp_session_find(const bdaddr_t *bdaddr)
1016{
1017 struct hidp_session *session;
1018
1019 list_for_each_entry(session, &hidp_session_list, list) {
1020 if (!bacmp(bdaddr, &session->bdaddr))
1021 return session;
1022 }
1023
1024 return NULL;
1025}
1026
1027/*
1028 * Same as __hidp_session_find() but no locks must be held. This also takes a
1029 * reference of the returned session (if non-NULL) so you must drop this
1030 * reference if you no longer use the object.
1031 */
1032static struct hidp_session *hidp_session_find(const bdaddr_t *bdaddr)
1033{
1034 struct hidp_session *session;
1035
1036 down_read(&hidp_session_sem);
1037
1038 session = __hidp_session_find(bdaddr);
1039 if (session)
1040 hidp_session_get(session);
1041
1042 up_read(&hidp_session_sem);
1043
1044 return session;
1045}
1046
1047/*
1048 * Start session synchronously
1049 * This starts a session thread and waits until initialization
1050 * is done or returns an error if it couldn't be started.
1051 * If this returns 0 the session thread is up and running. You must call
1052 * hipd_session_stop_sync() before deleting any runtime resources.
1053 */
1054static int hidp_session_start_sync(struct hidp_session *session)
1055{
1056 unsigned int vendor, product;
1057
1058 if (session->hid) {
1059 vendor = session->hid->vendor;
1060 product = session->hid->product;
1061 } else if (session->input) {
1062 vendor = session->input->id.vendor;
1063 product = session->input->id.product;
1064 } else {
1065 vendor = 0x0000;
1066 product = 0x0000;
1067 }
1068
1069 session->task = kthread_run(hidp_session_thread, session,
1070 "khidpd_%04x%04x", vendor, product);
1071 if (IS_ERR(session->task))
1072 return PTR_ERR(session->task);
1073
1074 while (atomic_read(&session->state) <= HIDP_SESSION_IDLING)
1075 wait_event(session->state_queue,
1076 atomic_read(&session->state) > HIDP_SESSION_IDLING);
1077
1078 return 0;
1079}
1080
1081/*
1082 * Terminate session thread
1083 * Wake up session thread and notify it to stop. This is asynchronous and
1084 * returns immediately. Call this whenever a runtime error occurs and you want
1085 * the session to stop.
1086 * Note: wake_up_process() performs any necessary memory-barriers for us.
1087 */
1088static void hidp_session_terminate(struct hidp_session *session)
1089{
1090 atomic_inc(&session->terminate);
1091 wake_up_process(session->task);
1092}
1093
1094/*
1095 * Probe HIDP session
1096 * This is called from the l2cap_conn core when our l2cap_user object is bound
1097 * to the hci-connection. We get the session via the \user object and can now
1098 * start the session thread, register the HID/input devices and link it into
1099 * the global session list.
1100 * The global session-list owns its own reference to the session object so you
1101 * can drop your own reference after registering the l2cap_user object.
1102 */
1103static int hidp_session_probe(struct l2cap_conn *conn,
1104 struct l2cap_user *user)
1105{
1106 struct hidp_session *session = container_of(user,
1107 struct hidp_session,
1108 user);
1109 struct hidp_session *s;
1110 int ret;
1111
1112 down_write(&hidp_session_sem);
1113
1114 /* check that no other session for this device exists */
1115 s = __hidp_session_find(&session->bdaddr);
1116 if (s) {
1117 ret = -EEXIST;
1118 goto out_unlock;
1119 }
1120
1121 ret = hidp_session_start_sync(session);
1122 if (ret)
1123 goto out_unlock;
1124
1125 ret = hidp_session_dev_add(session);
1126 if (ret)
1127 goto out_stop;
1128
1129 hidp_session_get(session);
1130 list_add(&session->list, &hidp_session_list);
1131 ret = 0;
1132 goto out_unlock;
1133
1134out_stop:
1135 hidp_session_terminate(session);
1136out_unlock:
1137 up_write(&hidp_session_sem);
1138 return ret;
1139}
1140
1141/*
1142 * Remove HIDP session
1143 * Called from the l2cap_conn core when either we explicitly unregistered
1144 * the l2cap_user object or if the underlying connection is shut down.
1145 * We signal the hidp-session thread to shut down, unregister the HID/input
1146 * devices and unlink the session from the global list.
1147 * This drops the reference to the session that is owned by the global
1148 * session-list.
1149 * Note: We _must_ not synchronosly wait for the session-thread to shut down.
1150 * This is, because the session-thread might be waiting for an HCI lock that is
1151 * held while we are called. Therefore, we only unregister the devices and
1152 * notify the session-thread to terminate. The thread itself owns a reference
1153 * to the session object so it can safely shut down.
1154 */
1155static void hidp_session_remove(struct l2cap_conn *conn,
1156 struct l2cap_user *user)
1157{
1158 struct hidp_session *session = container_of(user,
1159 struct hidp_session,
1160 user);
1161
1162 down_write(&hidp_session_sem);
1163
1164 hidp_session_terminate(session);
1165 hidp_session_dev_del(session);
1166 list_del(&session->list);
1167
1168 up_write(&hidp_session_sem);
1169
1170 hidp_session_put(session);
1171}
1172
1173/*
1174 * Session Worker
1175 * This performs the actual main-loop of the HIDP worker. We first check
1176 * whether the underlying connection is still alive, then parse all pending
1177 * messages and finally send all outstanding messages.
1178 */
1179static void hidp_session_run(struct hidp_session *session)
1180{
1181 struct sock *ctrl_sk = session->ctrl_sock->sk;
1182 struct sock *intr_sk = session->intr_sock->sk;
1183 struct sk_buff *skb;
1184
1185 for (;;) {
1186 /*
1187 * This thread can be woken up two ways:
1188 * - You call hidp_session_terminate() which sets the
1189 * session->terminate flag and wakes this thread up.
1190 * - Via modifying the socket state of ctrl/intr_sock. This
1191 * thread is woken up by ->sk_state_changed().
1192 *
1193 * Note: set_current_state() performs any necessary
1194 * memory-barriers for us.
1195 */
1196 set_current_state(TASK_INTERRUPTIBLE);
1197
1198 if (atomic_read(&session->terminate))
1199 break;
1200
1201 if (ctrl_sk->sk_state != BT_CONNECTED ||
1202 intr_sk->sk_state != BT_CONNECTED)
1203 break;
1204
1205 /* parse incoming intr-skbs */
1206 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
1207 skb_orphan(skb);
1208 if (!skb_linearize(skb))
1209 hidp_recv_intr_frame(session, skb);
1210 else
1211 kfree_skb(skb);
1212 }
1213
1214 /* send pending intr-skbs */
1215 hidp_process_intr_transmit(session);
1216
1217 /* parse incoming ctrl-skbs */
1218 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
1219 skb_orphan(skb);
1220 if (!skb_linearize(skb))
1221 hidp_recv_ctrl_frame(session, skb);
1222 else
1223 kfree_skb(skb);
1224 }
1225
1226 /* send pending ctrl-skbs */
1227 hidp_process_ctrl_transmit(session);
1228
1229 schedule();
1230 }
1231
1232 atomic_inc(&session->terminate);
1233 set_current_state(TASK_RUNNING);
1234}
1235
1236/*
1237 * HIDP session thread
1238 * This thread runs the I/O for a single HIDP session. Startup is synchronous
1239 * which allows us to take references to ourself here instead of doing that in
1240 * the caller.
1241 * When we are ready to run we notify the caller and call hidp_session_run().
1242 */
1243static int hidp_session_thread(void *arg)
1244{
1245 struct hidp_session *session = arg;
1246 wait_queue_t ctrl_wait, intr_wait;
1247
1248 BT_DBG("session %p", session);
1249
1250 /* initialize runtime environment */
1251 hidp_session_get(session);
1252 __module_get(THIS_MODULE);
1253 set_user_nice(current, -15);
1254 hidp_set_timer(session);
1255
1256 init_waitqueue_entry(&ctrl_wait, current);
1257 init_waitqueue_entry(&intr_wait, current);
1258 add_wait_queue(sk_sleep(session->ctrl_sock->sk), &ctrl_wait);
1259 add_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1260 /* This memory barrier is paired with wq_has_sleeper(). See
1261 * sock_poll_wait() for more information why this is needed. */
1262 smp_mb();
1263
1264 /* notify synchronous startup that we're ready */
1265 atomic_inc(&session->state);
1266 wake_up(&session->state_queue);
1267
1268 /* run session */
1269 hidp_session_run(session);
1270
1271 /* cleanup runtime environment */
1272 remove_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1273 remove_wait_queue(sk_sleep(session->intr_sock->sk), &ctrl_wait);
1274 wake_up_interruptible(&session->report_queue);
1275 hidp_del_timer(session);
1276
1277 /*
1278 * If we stopped ourself due to any internal signal, we should try to
1279 * unregister our own session here to avoid having it linger until the
1280 * parent l2cap_conn dies or user-space cleans it up.
1281 * This does not deadlock as we don't do any synchronous shutdown.
1282 * Instead, this call has the same semantics as if user-space tried to
1283 * delete the session.
1284 */
1285 l2cap_unregister_user(session->conn, &session->user);
1286 hidp_session_put(session);
1287
1288 module_put_and_exit(0);
1289 return 0;
1290}
1291
1292static int hidp_verify_sockets(struct socket *ctrl_sock,
1293 struct socket *intr_sock)
1294{
1295 struct bt_sock *ctrl, *intr;
1296 struct hidp_session *session;
1297
1298 if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock))
1299 return -EINVAL;
1300
1301 ctrl = bt_sk(ctrl_sock->sk);
1302 intr = bt_sk(intr_sock->sk);
1303
1304 if (bacmp(&ctrl->src, &intr->src) || bacmp(&ctrl->dst, &intr->dst))
1305 return -ENOTUNIQ;
1306 if (ctrl->sk.sk_state != BT_CONNECTED ||
1307 intr->sk.sk_state != BT_CONNECTED)
1308 return -EBADFD;
1309
1310 /* early session check, we check again during session registration */
1311 session = hidp_session_find(&ctrl->dst);
1312 if (session) {
1313 hidp_session_put(session);
1314 return -EEXIST;
1315 }
1316
1317 return 0;
1318}
1319
1320int hidp_connection_add(struct hidp_connadd_req *req,
1321 struct socket *ctrl_sock,
1322 struct socket *intr_sock)
1323{
1324 struct hidp_session *session;
1325 struct l2cap_conn *conn;
1326 struct l2cap_chan *chan = l2cap_pi(ctrl_sock->sk)->chan;
1327 int ret;
1328
1329 ret = hidp_verify_sockets(ctrl_sock, intr_sock);
1330 if (ret)
1331 return ret;
1332
1333 conn = NULL;
1334 l2cap_chan_lock(chan);
1335 if (chan->conn) {
1336 l2cap_conn_get(chan->conn);
1337 conn = chan->conn;
1338 }
1339 l2cap_chan_unlock(chan);
1340
1341 if (!conn)
1342 return -EBADFD;
1343
1344 ret = hidp_session_new(&session, &bt_sk(ctrl_sock->sk)->dst, ctrl_sock,
1345 intr_sock, req, conn);
1346 if (ret)
1347 goto out_conn;
1348
1349 ret = l2cap_register_user(conn, &session->user);
1350 if (ret)
1351 goto out_session;
1352
1353 ret = 0;
1354
1355out_session:
1356 hidp_session_put(session);
1357out_conn:
1358 l2cap_conn_put(conn);
1359 return ret;
1360}
1361
1362int hidp_connection_del(struct hidp_conndel_req *req)
1363{
1364 struct hidp_session *session;
1365
1366 session = hidp_session_find(&req->bdaddr);
1367 if (!session)
1368 return -ENOENT;
1369
1370 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG))
1371 hidp_send_ctrl_message(session,
1372 HIDP_TRANS_HID_CONTROL |
1373 HIDP_CTRL_VIRTUAL_CABLE_UNPLUG,
1374 NULL, 0);
1375 else
1376 l2cap_unregister_user(session->conn, &session->user);
1377
1378 hidp_session_put(session);
1379
1380 return 0;
1381}
1382
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1383int hidp_get_connlist(struct hidp_connlist_req *req)
1384{
Gustavo F. Padovancd11cdd2011-10-06 17:35:31 -0300[diff] [blame]1385 struct hidp_session *session;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1386 int err = 0, n = 0;
1387
1388 BT_DBG("");
1389
1390 down_read(&hidp_session_sem);
1391
Gustavo F. Padovancd11cdd2011-10-06 17:35:31 -0300[diff] [blame]1392 list_for_each_entry(session, &hidp_session_list, list) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1393 struct hidp_conninfo ci;
1394
David Herrmann52051852013-04-06 20:28:47 +0200[diff] [blame^]1395 hidp_copy_session(session, &ci);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1396
1397 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1398 err = -EFAULT;
1399 break;
1400 }
1401
1402 if (++n >= req->cnum)
1403 break;
1404
1405 req->ci++;
1406 }
1407 req->cnum = n;
1408
1409 up_read(&hidp_session_sem);
1410 return err;
1411}
1412
1413int hidp_get_conninfo(struct hidp_conninfo *ci)
1414{
1415 struct hidp_session *session;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1416
David Herrmann52051852013-04-06 20:28:47 +0200[diff] [blame^]1417 session = hidp_session_find(&ci->bdaddr);
1418 if (session) {
1419 hidp_copy_session(session, ci);
1420 hidp_session_put(session);
1421 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1422
David Herrmann52051852013-04-06 20:28:47 +0200[diff] [blame^]1423 return session ? 0 : -ENOENT;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1424}
1425
1426static int __init hidp_init(void)
1427{
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1428 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1429
Henrik Rydberg8215d552012-04-23 12:07:07 +0200[diff] [blame]1430 return hidp_init_sockets();
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1431}
1432
1433static void __exit hidp_exit(void)
1434{
1435 hidp_cleanup_sockets();
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1436}
1437
1438module_init(hidp_init);
1439module_exit(hidp_exit);
1440
1441MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
David Herrmannb4f34d82013-04-06 20:28:46 +0200[diff] [blame]1442MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>");
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1443MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1444MODULE_VERSION(VERSION);
1445MODULE_LICENSE("GPL");
1446MODULE_ALIAS("bt-proto-6");