~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/bluetooth/hidp/core.c

Version: ~ [ linux-5.2-rc1 ] ~ [ linux-5.1.2 ] ~ [ linux-5.0.16 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.43 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.119 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.176 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.179 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.139 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.67 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.39.4 ] ~ [ linux-2.6.38.8 ] ~ [ linux-2.6.37.6 ] ~ [ linux-2.6.36.4 ] ~ [ linux-2.6.35.14 ] ~ [ linux-2.6.34.15 ] ~ [ linux-2.6.33.20 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2    HIDP implementation for Linux Bluetooth stack (BlueZ).
  3    Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
  4 
  5    This program is free software; you can redistribute it and/or modify
  6    it under the terms of the GNU General Public License version 2 as
  7    published by the Free Software Foundation;
  8 
  9    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
 10    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 11    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
 12    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
 13    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
 14    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 15    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 16    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 17 
 18    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
 19    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
 20    SOFTWARE IS DISCLAIMED.
 21 */
 22 
 23 #include <linux/module.h>
 24 
 25 #include <linux/types.h>
 26 #include <linux/errno.h>
 27 #include <linux/kernel.h>
 28 #include <linux/sched.h>
 29 #include <linux/slab.h>
 30 #include <linux/poll.h>
 31 #include <linux/freezer.h>
 32 #include <linux/fcntl.h>
 33 #include <linux/skbuff.h>
 34 #include <linux/socket.h>
 35 #include <linux/ioctl.h>
 36 #include <linux/file.h>
 37 #include <linux/init.h>
 38 #include <linux/wait.h>
 39 #include <linux/mutex.h>
 40 #include <linux/kthread.h>
 41 #include <net/sock.h>
 42 
 43 #include <linux/input.h>
 44 #include <linux/hid.h>
 45 #include <linux/hidraw.h>
 46 
 47 #include <net/bluetooth/bluetooth.h>
 48 #include <net/bluetooth/hci_core.h>
 49 #include <net/bluetooth/l2cap.h>
 50 
 51 #include "hidp.h"
 52 
 53 #define VERSION "1.2"
 54 
 55 static DECLARE_RWSEM(hidp_session_sem);
 56 static LIST_HEAD(hidp_session_list);
 57 
 58 static unsigned char hidp_keycode[256] = {
 59           0,   0,   0,   0,  30,  48,  46,  32,  18,  33,  34,  35,  23,  36,
 60          37,  38,  50,  49,  24,  25,  16,  19,  31,  20,  22,  47,  17,  45,
 61          21,  44,   2,   3,   4,   5,   6,   7,   8,   9,  10,  11,  28,   1,
 62          14,  15,  57,  12,  13,  26,  27,  43,  43,  39,  40,  41,  51,  52,
 63          53,  58,  59,  60,  61,  62,  63,  64,  65,  66,  67,  68,  87,  88,
 64          99,  70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103,  69,
 65          98,  55,  74,  78,  96,  79,  80,  81,  75,  76,  77,  71,  72,  73,
 66          82,  83,  86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
 67         191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
 68         136, 113, 115, 114,   0,   0,   0, 121,   0,  89,  93, 124,  92,  94,
 69          95,   0,   0,   0, 122, 123,  90,  91,  85,   0,   0,   0,   0,   0,
 70           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
 71           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
 72           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
 73           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
 74           0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
 75          29,  42,  56, 125,  97,  54, 100, 126, 164, 166, 165, 163, 161, 115,
 76         114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
 77 };
 78 
 79 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
 80 
 81 static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr)
 82 {
 83         struct hidp_session *session;
 84         struct list_head *p;
 85 
 86         BT_DBG("");
 87 
 88         list_for_each(p, &hidp_session_list) {
 89                 session = list_entry(p, struct hidp_session, list);
 90                 if (!bacmp(bdaddr, &session->bdaddr))
 91                         return session;
 92         }
 93         return NULL;
 94 }
 95 
 96 static void __hidp_link_session(struct hidp_session *session)
 97 {
 98         __module_get(THIS_MODULE);
 99         list_add(&session->list, &hidp_session_list);
100 
101         hci_conn_hold_device(session->conn);
102 }
103 
104 static void __hidp_unlink_session(struct hidp_session *session)
105 {
106         hci_conn_put_device(session->conn);
107 
108         list_del(&session->list);
109         module_put(THIS_MODULE);
110 }
111 
112 static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
113 {
114         memset(ci, 0, sizeof(*ci));
115         bacpy(&ci->bdaddr, &session->bdaddr);
116 
117         ci->flags = session->flags;
118         ci->state = session->state;
119 
120         ci->vendor  = 0x0000;
121         ci->product = 0x0000;
122         ci->version = 0x0000;
123 
124         if (session->input) {
125                 ci->vendor  = session->input->id.vendor;
126                 ci->product = session->input->id.product;
127                 ci->version = session->input->id.version;
128                 if (session->input->name)
129                         strncpy(ci->name, session->input->name, 128);
130                 else
131                         strncpy(ci->name, "HID Boot Device", 128);
132         }
133 
134         if (session->hid) {
135                 ci->vendor  = session->hid->vendor;
136                 ci->product = session->hid->product;
137                 ci->version = session->hid->version;
138                 strncpy(ci->name, session->hid->name, 128);
139         }
140 }
141 
142 static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev,
143                                 unsigned int type, unsigned int code, int value)
144 {
145         unsigned char newleds;
146         struct sk_buff *skb;
147 
148         BT_DBG("session %p type %d code %d value %d", session, type, code, value);
149 
150         if (type != EV_LED)
151                 return -1;
152 
153         newleds = (!!test_bit(LED_KANA,    dev->led) << 3) |
154                   (!!test_bit(LED_COMPOSE, dev->led) << 3) |
155                   (!!test_bit(LED_SCROLLL, dev->led) << 2) |
156                   (!!test_bit(LED_CAPSL,   dev->led) << 1) |
157                   (!!test_bit(LED_NUML,    dev->led));
158 
159         if (session->leds == newleds)
160                 return 0;
161 
162         session->leds = newleds;
163 
164         skb = alloc_skb(3, GFP_ATOMIC);
165         if (!skb) {
166                 BT_ERR("Can't allocate memory for new frame");
167                 return -ENOMEM;
168         }
169 
170         *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
171         *skb_put(skb, 1) = 0x01;
172         *skb_put(skb, 1) = newleds;
173 
174         skb_queue_tail(&session->intr_transmit, skb);
175 
176         hidp_schedule(session);
177 
178         return 0;
179 }
180 
181 static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
182 {
183         struct hid_device *hid = input_get_drvdata(dev);
184         struct hidp_session *session = hid->driver_data;
185 
186         return hidp_queue_event(session, dev, type, code, value);
187 }
188 
189 static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value)
190 {
191         struct hidp_session *session = input_get_drvdata(dev);
192 
193         return hidp_queue_event(session, dev, type, code, value);
194 }
195 
196 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
197 {
198         struct input_dev *dev = session->input;
199         unsigned char *keys = session->keys;
200         unsigned char *udata = skb->data + 1;
201         signed char *sdata = skb->data + 1;
202         int i, size = skb->len - 1;
203 
204         switch (skb->data[0]) {
205         case 0x01:      /* Keyboard report */
206                 for (i = 0; i < 8; i++)
207                         input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
208 
209                 /* If all the key codes have been set to 0x01, it means
210                  * too many keys were pressed at the same time. */
211                 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
212                         break;
213 
214                 for (i = 2; i < 8; i++) {
215                         if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
216                                 if (hidp_keycode[keys[i]])
217                                         input_report_key(dev, hidp_keycode[keys[i]], 0);
218                                 else
219                                         BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
220                         }
221 
222                         if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
223                                 if (hidp_keycode[udata[i]])
224                                         input_report_key(dev, hidp_keycode[udata[i]], 1);
225                                 else
226                                         BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
227                         }
228                 }
229 
230                 memcpy(keys, udata, 8);
231                 break;
232 
233         case 0x02:      /* Mouse report */
234                 input_report_key(dev, BTN_LEFT,   sdata[0] & 0x01);
235                 input_report_key(dev, BTN_RIGHT,  sdata[0] & 0x02);
236                 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
237                 input_report_key(dev, BTN_SIDE,   sdata[0] & 0x08);
238                 input_report_key(dev, BTN_EXTRA,  sdata[0] & 0x10);
239 
240                 input_report_rel(dev, REL_X, sdata[1]);
241                 input_report_rel(dev, REL_Y, sdata[2]);
242 
243                 if (size > 3)
244                         input_report_rel(dev, REL_WHEEL, sdata[3]);
245                 break;
246         }
247 
248         input_sync(dev);
249 }
250 
251 static int __hidp_send_ctrl_message(struct hidp_session *session,
252                         unsigned char hdr, unsigned char *data, int size)
253 {
254         struct sk_buff *skb;
255 
256         BT_DBG("session %p data %p size %d", session, data, size);
257 
258         skb = alloc_skb(size + 1, GFP_ATOMIC);
259         if (!skb) {
260                 BT_ERR("Can't allocate memory for new frame");
261                 return -ENOMEM;
262         }
263 
264         *skb_put(skb, 1) = hdr;
265         if (data && size > 0)
266                 memcpy(skb_put(skb, size), data, size);
267 
268         skb_queue_tail(&session->ctrl_transmit, skb);
269 
270         return 0;
271 }
272 
273 static inline int hidp_send_ctrl_message(struct hidp_session *session,
274                         unsigned char hdr, unsigned char *data, int size)
275 {
276         int err;
277 
278         err = __hidp_send_ctrl_message(session, hdr, data, size);
279 
280         hidp_schedule(session);
281 
282         return err;
283 }
284 
285 static int hidp_queue_report(struct hidp_session *session,
286                                 unsigned char *data, int size)
287 {
288         struct sk_buff *skb;
289 
290         BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
291 
292         skb = alloc_skb(size + 1, GFP_ATOMIC);
293         if (!skb) {
294                 BT_ERR("Can't allocate memory for new frame");
295                 return -ENOMEM;
296         }
297 
298         *skb_put(skb, 1) = 0xa2;
299         if (size > 0)
300                 memcpy(skb_put(skb, size), data, size);
301 
302         skb_queue_tail(&session->intr_transmit, skb);
303 
304         hidp_schedule(session);
305 
306         return 0;
307 }
308 
309 static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
310 {
311         unsigned char buf[32];
312         int rsize;
313 
314         rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
315         if (rsize > sizeof(buf))
316                 return -EIO;
317 
318         hid_output_report(report, buf);
319 
320         return hidp_queue_report(session, buf, rsize);
321 }
322 
323 static int hidp_get_raw_report(struct hid_device *hid,
324                 unsigned char report_number,
325                 unsigned char *data, size_t count,
326                 unsigned char report_type)
327 {
328         struct hidp_session *session = hid->driver_data;
329         struct sk_buff *skb;
330         size_t len;
331         int numbered_reports = hid->report_enum[report_type].numbered;
332 
333         switch (report_type) {
334         case HID_FEATURE_REPORT:
335                 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
336                 break;
337         case HID_INPUT_REPORT:
338                 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
339                 break;
340         case HID_OUTPUT_REPORT:
341                 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
342                 break;
343         default:
344                 return -EINVAL;
345         }
346 
347         if (mutex_lock_interruptible(&session->report_mutex))
348                 return -ERESTARTSYS;
349 
350         /* Set up our wait, and send the report request to the device. */
351         session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
352         session->waiting_report_number = numbered_reports ? report_number : -1;
353         set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
354         data[0] = report_number;
355         if (hidp_send_ctrl_message(hid->driver_data, report_type, data, 1))
356                 goto err_eio;
357 
358         /* Wait for the return of the report. The returned report
359            gets put in session->report_return.  */
360         while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) {
361                 int res;
362 
363                 res = wait_event_interruptible_timeout(session->report_queue,
364                         !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags),
365                         5*HZ);
366                 if (res == 0) {
367                         /* timeout */
368                         goto err_eio;
369                 }
370                 if (res < 0) {
371                         /* signal */
372                         goto err_restartsys;
373                 }
374         }
375 
376         skb = session->report_return;
377         if (skb) {
378                 len = skb->len < count ? skb->len : count;
379                 memcpy(data, skb->data, len);
380 
381                 kfree_skb(skb);
382                 session->report_return = NULL;
383         } else {
384                 /* Device returned a HANDSHAKE, indicating  protocol error. */
385                 len = -EIO;
386         }
387 
388         clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
389         mutex_unlock(&session->report_mutex);
390 
391         return len;
392 
393 err_restartsys:
394         clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
395         mutex_unlock(&session->report_mutex);
396         return -ERESTARTSYS;
397 err_eio:
398         clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
399         mutex_unlock(&session->report_mutex);
400         return -EIO;
401 }
402 
403 static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
404                 unsigned char report_type)
405 {
406         struct hidp_session *session = hid->driver_data;
407         int ret;
408 
409         switch (report_type) {
410         case HID_FEATURE_REPORT:
411                 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
412                 break;
413         case HID_OUTPUT_REPORT:
414                 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT;
415                 break;
416         default:
417                 return -EINVAL;
418         }
419 
420         if (mutex_lock_interruptible(&session->report_mutex))
421                 return -ERESTARTSYS;
422 
423         /* Set up our wait, and send the report request to the device. */
424         set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
425         if (hidp_send_ctrl_message(hid->driver_data, report_type,
426                         data, count)) {
427                 ret = -ENOMEM;
428                 goto err;
429         }
430 
431         /* Wait for the ACK from the device. */
432         while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) {
433                 int res;
434 
435                 res = wait_event_interruptible_timeout(session->report_queue,
436                         !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags),
437                         10*HZ);
438                 if (res == 0) {
439                         /* timeout */
440                         ret = -EIO;
441                         goto err;
442                 }
443                 if (res < 0) {
444                         /* signal */
445                         ret = -ERESTARTSYS;
446                         goto err;
447                 }
448         }
449 
450         if (!session->output_report_success) {
451                 ret = -EIO;
452                 goto err;
453         }
454 
455         ret = count;
456 
457 err:
458         clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
459         mutex_unlock(&session->report_mutex);
460         return ret;
461 }
462 
463 static void hidp_idle_timeout(unsigned long arg)
464 {
465         struct hidp_session *session = (struct hidp_session *) arg;
466 
467         atomic_inc(&session->terminate);
468         wake_up_process(session->task);
469 }
470 
471 static void hidp_set_timer(struct hidp_session *session)
472 {
473         if (session->idle_to > 0)
474                 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
475 }
476 
477 static inline void hidp_del_timer(struct hidp_session *session)
478 {
479         if (session->idle_to > 0)
480                 del_timer(&session->timer);
481 }
482 
483 static void hidp_process_handshake(struct hidp_session *session,
484                                         unsigned char param)
485 {
486         BT_DBG("session %p param 0x%02x", session, param);
487         session->output_report_success = 0; /* default condition */
488 
489         switch (param) {
490         case HIDP_HSHK_SUCCESSFUL:
491                 /* FIXME: Call into SET_ GET_ handlers here */
492                 session->output_report_success = 1;
493                 break;
494 
495         case HIDP_HSHK_NOT_READY:
496         case HIDP_HSHK_ERR_INVALID_REPORT_ID:
497         case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
498         case HIDP_HSHK_ERR_INVALID_PARAMETER:
499                 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) {
500                         clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
501                         wake_up_interruptible(&session->report_queue);
502                 }
503                 /* FIXME: Call into SET_ GET_ handlers here */
504                 break;
505 
506         case HIDP_HSHK_ERR_UNKNOWN:
507                 break;
508 
509         case HIDP_HSHK_ERR_FATAL:
510                 /* Device requests a reboot, as this is the only way this error
511                  * can be recovered. */
512                 __hidp_send_ctrl_message(session,
513                         HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
514                 break;
515 
516         default:
517                 __hidp_send_ctrl_message(session,
518                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
519                 break;
520         }
521 
522         /* Wake up the waiting thread. */
523         if (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) {
524                 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
525                 wake_up_interruptible(&session->report_queue);
526         }
527 }
528 
529 static void hidp_process_hid_control(struct hidp_session *session,
530                                         unsigned char param)
531 {
532         BT_DBG("session %p param 0x%02x", session, param);
533 
534         if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
535                 /* Flush the transmit queues */
536                 skb_queue_purge(&session->ctrl_transmit);
537                 skb_queue_purge(&session->intr_transmit);
538 
539                 atomic_inc(&session->terminate);
540                 wake_up_process(current);
541         }
542 }
543 
544 /* Returns true if the passed-in skb should be freed by the caller. */
545 static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
546                                 unsigned char param)
547 {
548         int done_with_skb = 1;
549         BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
550 
551         switch (param) {
552         case HIDP_DATA_RTYPE_INPUT:
553                 hidp_set_timer(session);
554 
555                 if (session->input)
556                         hidp_input_report(session, skb);
557 
558                 if (session->hid)
559                         hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
560                 break;
561 
562         case HIDP_DATA_RTYPE_OTHER:
563         case HIDP_DATA_RTYPE_OUPUT:
564         case HIDP_DATA_RTYPE_FEATURE:
565                 break;
566 
567         default:
568                 __hidp_send_ctrl_message(session,
569                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
570         }
571 
572         if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
573                                 param == session->waiting_report_type) {
574                 if (session->waiting_report_number < 0 ||
575                     session->waiting_report_number == skb->data[0]) {
576                         /* hidp_get_raw_report() is waiting on this report. */
577                         session->report_return = skb;
578                         done_with_skb = 0;
579                         clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
580                         wake_up_interruptible(&session->report_queue);
581                 }
582         }
583 
584         return done_with_skb;
585 }
586 
587 static void hidp_recv_ctrl_frame(struct hidp_session *session,
588                                         struct sk_buff *skb)
589 {
590         unsigned char hdr, type, param;
591         int free_skb = 1;
592 
593         BT_DBG("session %p skb %p len %d", session, skb, skb->len);
594 
595         hdr = skb->data[0];
596         skb_pull(skb, 1);
597 
598         type = hdr & HIDP_HEADER_TRANS_MASK;
599         param = hdr & HIDP_HEADER_PARAM_MASK;
600 
601         switch (type) {
602         case HIDP_TRANS_HANDSHAKE:
603                 hidp_process_handshake(session, param);
604                 break;
605 
606         case HIDP_TRANS_HID_CONTROL:
607                 hidp_process_hid_control(session, param);
608                 break;
609 
610         case HIDP_TRANS_DATA:
611                 free_skb = hidp_process_data(session, skb, param);
612                 break;
613 
614         default:
615                 __hidp_send_ctrl_message(session,
616                         HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
617                 break;
618         }
619 
620         if (free_skb)
621                 kfree_skb(skb);
622 }
623 
624 static void hidp_recv_intr_frame(struct hidp_session *session,
625                                 struct sk_buff *skb)
626 {
627         unsigned char hdr;
628 
629         BT_DBG("session %p skb %p len %d", session, skb, skb->len);
630 
631         hdr = skb->data[0];
632         skb_pull(skb, 1);
633 
634         if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
635                 hidp_set_timer(session);
636 
637                 if (session->input)
638                         hidp_input_report(session, skb);
639 
640                 if (session->hid) {
641                         hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
642                         BT_DBG("report len %d", skb->len);
643                 }
644         } else {
645                 BT_DBG("Unsupported protocol header 0x%02x", hdr);
646         }
647 
648         kfree_skb(skb);
649 }
650 
651 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
652 {
653         struct kvec iv = { data, len };
654         struct msghdr msg;
655 
656         BT_DBG("sock %p data %p len %d", sock, data, len);
657 
658         if (!len)
659                 return 0;
660 
661         memset(&msg, 0, sizeof(msg));
662 
663         return kernel_sendmsg(sock, &msg, &iv, 1, len);
664 }
665 
666 static void hidp_process_transmit(struct hidp_session *session)
667 {
668         struct sk_buff *skb;
669 
670         BT_DBG("session %p", session);
671 
672         while ((skb = skb_dequeue(&session->ctrl_transmit))) {
673                 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
674                         skb_queue_head(&session->ctrl_transmit, skb);
675                         break;
676                 }
677 
678                 hidp_set_timer(session);
679                 kfree_skb(skb);
680         }
681 
682         while ((skb = skb_dequeue(&session->intr_transmit))) {
683                 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) {
684                         skb_queue_head(&session->intr_transmit, skb);
685                         break;
686                 }
687 
688                 hidp_set_timer(session);
689                 kfree_skb(skb);
690         }
691 }
692 
693 static int hidp_session(void *arg)
694 {
695         struct hidp_session *session = arg;
696         struct sock *ctrl_sk = session->ctrl_sock->sk;
697         struct sock *intr_sk = session->intr_sock->sk;
698         struct sk_buff *skb;
699         wait_queue_t ctrl_wait, intr_wait;
700 
701         BT_DBG("session %p", session);
702 
703         set_user_nice(current, -15);
704 
705         init_waitqueue_entry(&ctrl_wait, current);
706         init_waitqueue_entry(&intr_wait, current);
707         add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
708         add_wait_queue(sk_sleep(intr_sk), &intr_wait);
709         session->waiting_for_startup = 0;
710         wake_up_interruptible(&session->startup_queue);
711         set_current_state(TASK_INTERRUPTIBLE);
712         while (!atomic_read(&session->terminate)) {
713                 if (ctrl_sk->sk_state != BT_CONNECTED ||
714                                 intr_sk->sk_state != BT_CONNECTED)
715                         break;
716 
717                 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
718                         skb_orphan(skb);
719                         hidp_recv_ctrl_frame(session, skb);
720                 }
721 
722                 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
723                         skb_orphan(skb);
724                         hidp_recv_intr_frame(session, skb);
725                 }
726 
727                 hidp_process_transmit(session);
728 
729                 schedule();
730                 set_current_state(TASK_INTERRUPTIBLE);
731         }
732         set_current_state(TASK_RUNNING);
733         remove_wait_queue(sk_sleep(intr_sk), &intr_wait);
734         remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
735 
736         down_write(&hidp_session_sem);
737 
738         hidp_del_timer(session);
739 
740         if (session->input) {
741                 input_unregister_device(session->input);
742                 session->input = NULL;
743         }
744 
745         if (session->hid) {
746                 hid_destroy_device(session->hid);
747                 session->hid = NULL;
748         }
749 
750         /* Wakeup user-space polling for socket errors */
751         session->intr_sock->sk->sk_err = EUNATCH;
752         session->ctrl_sock->sk->sk_err = EUNATCH;
753 
754         hidp_schedule(session);
755 
756         fput(session->intr_sock->file);
757 
758         wait_event_timeout(*(sk_sleep(ctrl_sk)),
759                 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
760 
761         fput(session->ctrl_sock->file);
762 
763         __hidp_unlink_session(session);
764 
765         up_write(&hidp_session_sem);
766 
767         kfree(session);
768         return 0;
769 }
770 
771 static struct device *hidp_get_device(struct hidp_session *session)
772 {
773         bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
774         bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
775         struct device *device = NULL;
776         struct hci_dev *hdev;
777 
778         hdev = hci_get_route(dst, src);
779         if (!hdev)
780                 return NULL;
781 
782         session->conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
783         if (session->conn)
784                 device = &session->conn->dev;
785 
786         hci_dev_put(hdev);
787 
788         return device;
789 }
790 
791 static int hidp_setup_input(struct hidp_session *session,
792                                 struct hidp_connadd_req *req)
793 {
794         struct input_dev *input;
795         int err, i;
796 
797         input = input_allocate_device();
798         if (!input)
799                 return -ENOMEM;
800 
801         session->input = input;
802 
803         input_set_drvdata(input, session);
804 
805         input->name = "Bluetooth HID Boot Protocol Device";
806 
807         input->id.bustype = BUS_BLUETOOTH;
808         input->id.vendor  = req->vendor;
809         input->id.product = req->product;
810         input->id.version = req->version;
811 
812         if (req->subclass & 0x40) {
813                 set_bit(EV_KEY, input->evbit);
814                 set_bit(EV_LED, input->evbit);
815                 set_bit(EV_REP, input->evbit);
816 
817                 set_bit(LED_NUML,    input->ledbit);
818                 set_bit(LED_CAPSL,   input->ledbit);
819                 set_bit(LED_SCROLLL, input->ledbit);
820                 set_bit(LED_COMPOSE, input->ledbit);
821                 set_bit(LED_KANA,    input->ledbit);
822 
823                 for (i = 0; i < sizeof(hidp_keycode); i++)
824                         set_bit(hidp_keycode[i], input->keybit);
825                 clear_bit(0, input->keybit);
826         }
827 
828         if (req->subclass & 0x80) {
829                 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
830                 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
831                         BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
832                 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
833                 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
834                         BIT_MASK(BTN_EXTRA);
835                 input->relbit[0] |= BIT_MASK(REL_WHEEL);
836         }
837 
838         input->dev.parent = hidp_get_device(session);
839 
840         input->event = hidp_input_event;
841 
842         err = input_register_device(input);
843         if (err < 0) {
844                 hci_conn_put_device(session->conn);
845                 return err;
846         }
847 
848         return 0;
849 }
850 
851 static int hidp_open(struct hid_device *hid)
852 {
853         return 0;
854 }
855 
856 static void hidp_close(struct hid_device *hid)
857 {
858 }
859 
860 static int hidp_parse(struct hid_device *hid)
861 {
862         struct hidp_session *session = hid->driver_data;
863 
864         return hid_parse_report(session->hid, session->rd_data,
865                         session->rd_size);
866 }
867 
868 static int hidp_start(struct hid_device *hid)
869 {
870         struct hidp_session *session = hid->driver_data;
871         struct hid_report *report;
872 
873         list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
874                         report_list, list)
875                 hidp_send_report(session, report);
876 
877         list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
878                         report_list, list)
879                 hidp_send_report(session, report);
880 
881         return 0;
882 }
883 
884 static void hidp_stop(struct hid_device *hid)
885 {
886         struct hidp_session *session = hid->driver_data;
887 
888         skb_queue_purge(&session->ctrl_transmit);
889         skb_queue_purge(&session->intr_transmit);
890 
891         hid->claimed = 0;
892 }
893 
894 static struct hid_ll_driver hidp_hid_driver = {
895         .parse = hidp_parse,
896         .start = hidp_start,
897         .stop = hidp_stop,
898         .open  = hidp_open,
899         .close = hidp_close,
900         .hidinput_input_event = hidp_hidinput_event,
901 };
902 
903 /* This function sets up the hid device. It does not add it
904    to the HID system. That is done in hidp_add_connection(). */
905 static int hidp_setup_hid(struct hidp_session *session,
906                                 struct hidp_connadd_req *req)
907 {
908         struct hid_device *hid;
909         int err;
910 
911         session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
912         if (!session->rd_data)
913                 return -ENOMEM;
914 
915         if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
916                 err = -EFAULT;
917                 goto fault;
918         }
919         session->rd_size = req->rd_size;
920 
921         hid = hid_allocate_device();
922         if (IS_ERR(hid)) {
923                 err = PTR_ERR(hid);
924                 goto fault;
925         }
926 
927         session->hid = hid;
928 
929         hid->driver_data = session;
930 
931         hid->bus     = BUS_BLUETOOTH;
932         hid->vendor  = req->vendor;
933         hid->product = req->product;
934         hid->version = req->version;
935         hid->country = req->country;
936 
937         strncpy(hid->name, req->name, sizeof(req->name) - 1);
938         strncpy(hid->phys, batostr(&bt_sk(session->ctrl_sock->sk)->src), 64);
939         strncpy(hid->uniq, batostr(&bt_sk(session->ctrl_sock->sk)->dst), 64);
940 
941         hid->dev.parent = hidp_get_device(session);
942         hid->ll_driver = &hidp_hid_driver;
943 
944         hid->hid_get_raw_report = hidp_get_raw_report;
945         hid->hid_output_raw_report = hidp_output_raw_report;
946 
947         return 0;
948 
949 fault:
950         kfree(session->rd_data);
951         session->rd_data = NULL;
952 
953         return err;
954 }
955 
956 int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock)
957 {
958         struct hidp_session *session, *s;
959         int vendor, product;
960         int err;
961 
962         BT_DBG("");
963 
964         if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) ||
965                         bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst))
966                 return -ENOTUNIQ;
967 
968         session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL);
969         if (!session)
970                 return -ENOMEM;
971 
972         BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size);
973 
974         down_write(&hidp_session_sem);
975 
976         s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst);
977         if (s && s->state == BT_CONNECTED) {
978                 err = -EEXIST;
979                 goto failed;
980         }
981 
982         bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst);
983 
984         session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->chan->omtu,
985                                         l2cap_pi(ctrl_sock->sk)->chan->imtu);
986         session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->chan->omtu,
987                                         l2cap_pi(intr_sock->sk)->chan->imtu);
988 
989         BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu);
990 
991         session->ctrl_sock = ctrl_sock;
992         session->intr_sock = intr_sock;
993         session->state     = BT_CONNECTED;
994 
995         setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session);
996 
997         skb_queue_head_init(&session->ctrl_transmit);
998         skb_queue_head_init(&session->intr_transmit);
999 
1000         mutex_init(&session->report_mutex);
1001         init_waitqueue_head(&session->report_queue);
1002         init_waitqueue_head(&session->startup_queue);
1003         session->waiting_for_startup = 1;
1004         session->flags   = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
1005         session->idle_to = req->idle_to;
1006 
1007         if (req->rd_size > 0) {
1008                 err = hidp_setup_hid(session, req);
1009                 if (err && err != -ENODEV)
1010                         goto purge;
1011         }
1012 
1013         if (!session->hid) {
1014                 err = hidp_setup_input(session, req);
1015                 if (err < 0)
1016                         goto purge;
1017         }
1018 
1019         __hidp_link_session(session);
1020 
1021         hidp_set_timer(session);
1022 
1023         if (session->hid) {
1024                 vendor  = session->hid->vendor;
1025                 product = session->hid->product;
1026         } else if (session->input) {
1027                 vendor  = session->input->id.vendor;
1028                 product = session->input->id.product;
1029         } else {
1030                 vendor = 0x0000;
1031                 product = 0x0000;
1032         }
1033 
1034         session->task = kthread_run(hidp_session, session, "khidpd_%04x%04x",
1035                                                         vendor, product);
1036         if (IS_ERR(session->task)) {
1037                 err = PTR_ERR(session->task);
1038                 goto unlink;
1039         }
1040 
1041         while (session->waiting_for_startup) {
1042                 wait_event_interruptible(session->startup_queue,
1043                         !session->waiting_for_startup);
1044         }
1045 
1046         err = hid_add_device(session->hid);
1047         if (err < 0)
1048                 goto err_add_device;
1049 
1050         if (session->input) {
1051                 hidp_send_ctrl_message(session,
1052                         HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0);
1053                 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE);
1054 
1055                 session->leds = 0xff;
1056                 hidp_input_event(session->input, EV_LED, 0, 0);
1057         }
1058 
1059         up_write(&hidp_session_sem);
1060         return 0;
1061 
1062 err_add_device:
1063         hid_destroy_device(session->hid);
1064         session->hid = NULL;
1065         atomic_inc(&session->terminate);
1066         wake_up_process(session->task);
1067 
1068 unlink:
1069         hidp_del_timer(session);
1070 
1071         __hidp_unlink_session(session);
1072 
1073         if (session->input) {
1074                 input_unregister_device(session->input);
1075                 session->input = NULL;
1076         }
1077 
1078         if (session->hid) {
1079                 hid_destroy_device(session->hid);
1080                 session->hid = NULL;
1081         }
1082 
1083         kfree(session->rd_data);
1084         session->rd_data = NULL;
1085 
1086 purge:
1087         skb_queue_purge(&session->ctrl_transmit);
1088         skb_queue_purge(&session->intr_transmit);
1089 
1090 failed:
1091         up_write(&hidp_session_sem);
1092 
1093         input_free_device(session->input);
1094         kfree(session);
1095         return err;
1096 }
1097 
1098 int hidp_del_connection(struct hidp_conndel_req *req)
1099 {
1100         struct hidp_session *session;
1101         int err = 0;
1102 
1103         BT_DBG("");
1104 
1105         down_read(&hidp_session_sem);
1106 
1107         session = __hidp_get_session(&req->bdaddr);
1108         if (session) {
1109                 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
1110                         hidp_send_ctrl_message(session,
1111                                 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
1112                 } else {
1113                         /* Flush the transmit queues */
1114                         skb_queue_purge(&session->ctrl_transmit);
1115                         skb_queue_purge(&session->intr_transmit);
1116 
1117                         atomic_inc(&session->terminate);
1118                         wake_up_process(session->task);
1119                 }
1120         } else
1121                 err = -ENOENT;
1122 
1123         up_read(&hidp_session_sem);
1124         return err;
1125 }
1126 
1127 int hidp_get_connlist(struct hidp_connlist_req *req)
1128 {
1129         struct list_head *p;
1130         int err = 0, n = 0;
1131 
1132         BT_DBG("");
1133 
1134         down_read(&hidp_session_sem);
1135 
1136         list_for_each(p, &hidp_session_list) {
1137                 struct hidp_session *session;
1138                 struct hidp_conninfo ci;
1139 
1140                 session = list_entry(p, struct hidp_session, list);
1141 
1142                 __hidp_copy_session(session, &ci);
1143 
1144                 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1145                         err = -EFAULT;
1146                         break;
1147                 }
1148 
1149                 if (++n >= req->cnum)
1150                         break;
1151 
1152                 req->ci++;
1153         }
1154         req->cnum = n;
1155 
1156         up_read(&hidp_session_sem);
1157         return err;
1158 }
1159 
1160 int hidp_get_conninfo(struct hidp_conninfo *ci)
1161 {
1162         struct hidp_session *session;
1163         int err = 0;
1164 
1165         down_read(&hidp_session_sem);
1166 
1167         session = __hidp_get_session(&ci->bdaddr);
1168         if (session)
1169                 __hidp_copy_session(session, ci);
1170         else
1171                 err = -ENOENT;
1172 
1173         up_read(&hidp_session_sem);
1174         return err;
1175 }
1176 
1177 static const struct hid_device_id hidp_table[] = {
1178         { HID_BLUETOOTH_DEVICE(HID_ANY_ID, HID_ANY_ID) },
1179         { }
1180 };
1181 
1182 static struct hid_driver hidp_driver = {
1183         .name = "generic-bluetooth",
1184         .id_table = hidp_table,
1185 };
1186 
1187 static int __init hidp_init(void)
1188 {
1189         int ret;
1190 
1191         BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1192 
1193         ret = hid_register_driver(&hidp_driver);
1194         if (ret)
1195                 goto err;
1196 
1197         ret = hidp_init_sockets();
1198         if (ret)
1199                 goto err_drv;
1200 
1201         return 0;
1202 err_drv:
1203         hid_unregister_driver(&hidp_driver);
1204 err:
1205         return ret;
1206 }
1207 
1208 static void __exit hidp_exit(void)
1209 {
1210         hidp_cleanup_sockets();
1211         hid_unregister_driver(&hidp_driver);
1212 }
1213 
1214 module_init(hidp_init);
1215 module_exit(hidp_exit);
1216 
1217 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1218 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1219 MODULE_VERSION(VERSION);
1220 MODULE_LICENSE("GPL");
1221 MODULE_ALIAS("bt-proto-6");
1222 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp