1 /*
2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4 Copyright (C) 2013 David Herrmann <dh.herrmann@gmail.com>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22 */
23
24 #include <linux/kref.h>
25 #include <linux/module.h>
26 #include <linux/file.h>
27 #include <linux/kthread.h>
28 #include <linux/hidraw.h>
29
30 #include <net/bluetooth/bluetooth.h>
31 #include <net/bluetooth/hci_core.h>
32 #include <net/bluetooth/l2cap.h>
33
34 #include "hidp.h"
35
36 #define VERSION "1.2"
37
38 static DECLARE_RWSEM(hidp_session_sem);
39 static LIST_HEAD(hidp_session_list);
40
41 static unsigned char hidp_keycode[256] = {
42 0, 0, 0, 0, 30, 48, 46, 32, 18, 33, 34, 35, 23, 36,
43 37, 38, 50, 49, 24, 25, 16, 19, 31, 20, 22, 47, 17, 45,
44 21, 44, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 28, 1,
45 14, 15, 57, 12, 13, 26, 27, 43, 43, 39, 40, 41, 51, 52,
46 53, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 87, 88,
47 99, 70, 119, 110, 102, 104, 111, 107, 109, 106, 105, 108, 103, 69,
48 98, 55, 74, 78, 96, 79, 80, 81, 75, 76, 77, 71, 72, 73,
49 82, 83, 86, 127, 116, 117, 183, 184, 185, 186, 187, 188, 189, 190,
50 191, 192, 193, 194, 134, 138, 130, 132, 128, 129, 131, 137, 133, 135,
51 136, 113, 115, 114, 0, 0, 0, 121, 0, 89, 93, 124, 92, 94,
52 95, 0, 0, 0, 122, 123, 90, 91, 85, 0, 0, 0, 0, 0,
53 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
54 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
55 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
56 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
57 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
58 29, 42, 56, 125, 97, 54, 100, 126, 164, 166, 165, 163, 161, 115,
59 114, 113, 150, 158, 159, 128, 136, 177, 178, 176, 142, 152, 173, 140
60 };
61
62 static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
63
64 static int hidp_session_probe(struct l2cap_conn *conn,
65 struct l2cap_user *user);
66 static void hidp_session_remove(struct l2cap_conn *conn,
67 struct l2cap_user *user);
68 static int hidp_session_thread(void *arg);
69 static void hidp_session_terminate(struct hidp_session *s);
70
71 static void hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
72 {
73 memset(ci, 0, sizeof(*ci));
74 bacpy(&ci->bdaddr, &session->bdaddr);
75
76 ci->flags = session->flags;
77 ci->state = BT_CONNECTED;
78
79 ci->vendor = 0x0000;
80 ci->product = 0x0000;
81 ci->version = 0x0000;
82
83 if (session->input) {
84 ci->vendor = session->input->id.vendor;
85 ci->product = session->input->id.product;
86 ci->version = session->input->id.version;
87 if (session->input->name)
88 strncpy(ci->name, session->input->name, 128);
89 else
90 strncpy(ci->name, "HID Boot Device", 128);
91 }
92
93 if (session->hid) {
94 ci->vendor = session->hid->vendor;
95 ci->product = session->hid->product;
96 ci->version = session->hid->version;
97 strncpy(ci->name, session->hid->name, 128);
98 }
99 }
100
101 /* assemble skb, queue message on @transmit and wake up the session thread */
102 static int hidp_send_message(struct hidp_session *session, struct socket *sock,
103 struct sk_buff_head *transmit, unsigned char hdr,
104 const unsigned char *data, int size)
105 {
106 struct sk_buff *skb;
107 struct sock *sk = sock->sk;
108
109 BT_DBG("session %p data %p size %d", session, data, size);
110
111 if (atomic_read(&session->terminate))
112 return -EIO;
113
114 skb = alloc_skb(size + 1, GFP_ATOMIC);
115 if (!skb) {
116 BT_ERR("Can't allocate memory for new frame");
117 return -ENOMEM;
118 }
119
120 *skb_put(skb, 1) = hdr;
121 if (data && size > 0)
122 memcpy(skb_put(skb, size), data, size);
123
124 skb_queue_tail(transmit, skb);
125 wake_up_interruptible(sk_sleep(sk));
126
127 return 0;
128 }
129
130 static int hidp_send_ctrl_message(struct hidp_session *session,
131 unsigned char hdr, const unsigned char *data,
132 int size)
133 {
134 return hidp_send_message(session, session->ctrl_sock,
135 &session->ctrl_transmit, hdr, data, size);
136 }
137
138 static int hidp_send_intr_message(struct hidp_session *session,
139 unsigned char hdr, const unsigned char *data,
140 int size)
141 {
142 return hidp_send_message(session, session->intr_sock,
143 &session->intr_transmit, hdr, data, size);
144 }
145
146 static int hidp_input_event(struct input_dev *dev, unsigned int type,
147 unsigned int code, int value)
148 {
149 struct hidp_session *session = input_get_drvdata(dev);
150 unsigned char newleds;
151 unsigned char hdr, data[2];
152
153 BT_DBG("session %p type %d code %d value %d",
154 session, type, code, value);
155
156 if (type != EV_LED)
157 return -1;
158
159 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
160 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
161 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
162 (!!test_bit(LED_CAPSL, dev->led) << 1) |
163 (!!test_bit(LED_NUML, dev->led));
164
165 if (session->leds == newleds)
166 return 0;
167
168 session->leds = newleds;
169
170 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
171 data[0] = 0x01;
172 data[1] = newleds;
173
174 return hidp_send_intr_message(session, hdr, data, 2);
175 }
176
177 static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
178 {
179 struct input_dev *dev = session->input;
180 unsigned char *keys = session->keys;
181 unsigned char *udata = skb->data + 1;
182 signed char *sdata = skb->data + 1;
183 int i, size = skb->len - 1;
184
185 switch (skb->data[0]) {
186 case 0x01: /* Keyboard report */
187 for (i = 0; i < 8; i++)
188 input_report_key(dev, hidp_keycode[i + 224], (udata[0] >> i) & 1);
189
190 /* If all the key codes have been set to 0x01, it means
191 * too many keys were pressed at the same time. */
192 if (!memcmp(udata + 2, hidp_mkeyspat, 6))
193 break;
194
195 for (i = 2; i < 8; i++) {
196 if (keys[i] > 3 && memscan(udata + 2, keys[i], 6) == udata + 8) {
197 if (hidp_keycode[keys[i]])
198 input_report_key(dev, hidp_keycode[keys[i]], 0);
199 else
200 BT_ERR("Unknown key (scancode %#x) released.", keys[i]);
201 }
202
203 if (udata[i] > 3 && memscan(keys + 2, udata[i], 6) == keys + 8) {
204 if (hidp_keycode[udata[i]])
205 input_report_key(dev, hidp_keycode[udata[i]], 1);
206 else
207 BT_ERR("Unknown key (scancode %#x) pressed.", udata[i]);
208 }
209 }
210
211 memcpy(keys, udata, 8);
212 break;
213
214 case 0x02: /* Mouse report */
215 input_report_key(dev, BTN_LEFT, sdata[0] & 0x01);
216 input_report_key(dev, BTN_RIGHT, sdata[0] & 0x02);
217 input_report_key(dev, BTN_MIDDLE, sdata[0] & 0x04);
218 input_report_key(dev, BTN_SIDE, sdata[0] & 0x08);
219 input_report_key(dev, BTN_EXTRA, sdata[0] & 0x10);
220
221 input_report_rel(dev, REL_X, sdata[1]);
222 input_report_rel(dev, REL_Y, sdata[2]);
223
224 if (size > 3)
225 input_report_rel(dev, REL_WHEEL, sdata[3]);
226 break;
227 }
228
229 input_sync(dev);
230 }
231
232 static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
233 {
234 unsigned char hdr;
235 u8 *buf;
236 int rsize, ret;
237
238 buf = hid_alloc_report_buf(report, GFP_ATOMIC);
239 if (!buf)
240 return -EIO;
241
242 hid_output_report(report, buf);
243 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
244
245 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
246 ret = hidp_send_intr_message(session, hdr, buf, rsize);
247
248 kfree(buf);
249 return ret;
250 }
251
252 static int hidp_get_raw_report(struct hid_device *hid,
253 unsigned char report_number,
254 unsigned char *data, size_t count,
255 unsigned char report_type)
256 {
257 struct hidp_session *session = hid->driver_data;
258 struct sk_buff *skb;
259 size_t len;
260 int numbered_reports = hid->report_enum[report_type].numbered;
261 int ret;
262
263 if (atomic_read(&session->terminate))
264 return -EIO;
265
266 switch (report_type) {
267 case HID_FEATURE_REPORT:
268 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_FEATURE;
269 break;
270 case HID_INPUT_REPORT:
271 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_INPUT;
272 break;
273 case HID_OUTPUT_REPORT:
274 report_type = HIDP_TRANS_GET_REPORT | HIDP_DATA_RTYPE_OUPUT;
275 break;
276 default:
277 return -EINVAL;
278 }
279
280 if (mutex_lock_interruptible(&session->report_mutex))
281 return -ERESTARTSYS;
282
283 /* Set up our wait, and send the report request to the device. */
284 session->waiting_report_type = report_type & HIDP_DATA_RTYPE_MASK;
285 session->waiting_report_number = numbered_reports ? report_number : -1;
286 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
287 data[0] = report_number;
288 ret = hidp_send_ctrl_message(session, report_type, data, 1);
289 if (ret)
290 goto err;
291
292 /* Wait for the return of the report. The returned report
293 gets put in session->report_return. */
294 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
295 !atomic_read(&session->terminate)) {
296 int res;
297
298 res = wait_event_interruptible_timeout(session->report_queue,
299 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)
300 || atomic_read(&session->terminate),
301 5*HZ);
302 if (res == 0) {
303 /* timeout */
304 ret = -EIO;
305 goto err;
306 }
307 if (res < 0) {
308 /* signal */
309 ret = -ERESTARTSYS;
310 goto err;
311 }
312 }
313
314 skb = session->report_return;
315 if (skb) {
316 len = skb->len < count ? skb->len : count;
317 memcpy(data, skb->data, len);
318
319 kfree_skb(skb);
320 session->report_return = NULL;
321 } else {
322 /* Device returned a HANDSHAKE, indicating protocol error. */
323 len = -EIO;
324 }
325
326 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
327 mutex_unlock(&session->report_mutex);
328
329 return len;
330
331 err:
332 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
333 mutex_unlock(&session->report_mutex);
334 return ret;
335 }
336
337 static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, size_t count,
338 unsigned char report_type)
339 {
340 struct hidp_session *session = hid->driver_data;
341 int ret;
342
343 if (report_type == HID_OUTPUT_REPORT) {
344 report_type = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
345 return hidp_send_intr_message(session, report_type,
346 data, count);
347 } else if (report_type != HID_FEATURE_REPORT) {
348 return -EINVAL;
349 }
350
351 if (mutex_lock_interruptible(&session->report_mutex))
352 return -ERESTARTSYS;
353
354 /* Set up our wait, and send the report request to the device. */
355 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
356 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
357 ret = hidp_send_ctrl_message(session, report_type, data, count);
358 if (ret)
359 goto err;
360
361 /* Wait for the ACK from the device. */
362 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) &&
363 !atomic_read(&session->terminate)) {
364 int res;
365
366 res = wait_event_interruptible_timeout(session->report_queue,
367 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)
368 || atomic_read(&session->terminate),
369 10*HZ);
370 if (res == 0) {
371 /* timeout */
372 ret = -EIO;
373 goto err;
374 }
375 if (res < 0) {
376 /* signal */
377 ret = -ERESTARTSYS;
378 goto err;
379 }
380 }
381
382 if (!session->output_report_success) {
383 ret = -EIO;
384 goto err;
385 }
386
387 ret = count;
388
389 err:
390 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
391 mutex_unlock(&session->report_mutex);
392 return ret;
393 }
394
395 static void hidp_idle_timeout(unsigned long arg)
396 {
397 struct hidp_session *session = (struct hidp_session *) arg;
398
399 /* The HIDP user-space API only contains calls to add and remove
400 * devices. There is no way to forward events of any kind. Therefore,
401 * we have to forcefully disconnect a device on idle-timeouts. This is
402 * unfortunate and weird API design, but it is spec-compliant and
403 * required for backwards-compatibility. Hence, on idle-timeout, we
404 * signal driver-detach events, so poll() will be woken up with an
405 * error-condition on both sockets.
406 */
407
408 session->intr_sock->sk->sk_err = EUNATCH;
409 session->ctrl_sock->sk->sk_err = EUNATCH;
410 wake_up_interruptible(sk_sleep(session->intr_sock->sk));
411 wake_up_interruptible(sk_sleep(session->ctrl_sock->sk));
412
413 hidp_session_terminate(session);
414 }
415
416 static void hidp_set_timer(struct hidp_session *session)
417 {
418 if (session->idle_to > 0)
419 mod_timer(&session->timer, jiffies + HZ * session->idle_to);
420 }
421
422 static void hidp_del_timer(struct hidp_session *session)
423 {
424 if (session->idle_to > 0)
425 del_timer(&session->timer);
426 }
427
428 static void hidp_process_handshake(struct hidp_session *session,
429 unsigned char param)
430 {
431 BT_DBG("session %p param 0x%02x", session, param);
432 session->output_report_success = 0; /* default condition */
433
434 switch (param) {
435 case HIDP_HSHK_SUCCESSFUL:
436 /* FIXME: Call into SET_ GET_ handlers here */
437 session->output_report_success = 1;
438 break;
439
440 case HIDP_HSHK_NOT_READY:
441 case HIDP_HSHK_ERR_INVALID_REPORT_ID:
442 case HIDP_HSHK_ERR_UNSUPPORTED_REQUEST:
443 case HIDP_HSHK_ERR_INVALID_PARAMETER:
444 if (test_and_clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags))
445 wake_up_interruptible(&session->report_queue);
446
447 /* FIXME: Call into SET_ GET_ handlers here */
448 break;
449
450 case HIDP_HSHK_ERR_UNKNOWN:
451 break;
452
453 case HIDP_HSHK_ERR_FATAL:
454 /* Device requests a reboot, as this is the only way this error
455 * can be recovered. */
456 hidp_send_ctrl_message(session,
457 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
458 break;
459
460 default:
461 hidp_send_ctrl_message(session,
462 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
463 break;
464 }
465
466 /* Wake up the waiting thread. */
467 if (test_and_clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags))
468 wake_up_interruptible(&session->report_queue);
469 }
470
471 static void hidp_process_hid_control(struct hidp_session *session,
472 unsigned char param)
473 {
474 BT_DBG("session %p param 0x%02x", session, param);
475
476 if (param == HIDP_CTRL_VIRTUAL_CABLE_UNPLUG) {
477 /* Flush the transmit queues */
478 skb_queue_purge(&session->ctrl_transmit);
479 skb_queue_purge(&session->intr_transmit);
480
481 hidp_session_terminate(session);
482 }
483 }
484
485 /* Returns true if the passed-in skb should be freed by the caller. */
486 static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
487 unsigned char param)
488 {
489 int done_with_skb = 1;
490 BT_DBG("session %p skb %p len %d param 0x%02x", session, skb, skb->len, param);
491
492 switch (param) {
493 case HIDP_DATA_RTYPE_INPUT:
494 hidp_set_timer(session);
495
496 if (session->input)
497 hidp_input_report(session, skb);
498
499 if (session->hid)
500 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 0);
501 break;
502
503 case HIDP_DATA_RTYPE_OTHER:
504 case HIDP_DATA_RTYPE_OUPUT:
505 case HIDP_DATA_RTYPE_FEATURE:
506 break;
507
508 default:
509 hidp_send_ctrl_message(session,
510 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
511 }
512
513 if (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
514 param == session->waiting_report_type) {
515 if (session->waiting_report_number < 0 ||
516 session->waiting_report_number == skb->data[0]) {
517 /* hidp_get_raw_report() is waiting on this report. */
518 session->report_return = skb;
519 done_with_skb = 0;
520 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
521 wake_up_interruptible(&session->report_queue);
522 }
523 }
524
525 return done_with_skb;
526 }
527
528 static void hidp_recv_ctrl_frame(struct hidp_session *session,
529 struct sk_buff *skb)
530 {
531 unsigned char hdr, type, param;
532 int free_skb = 1;
533
534 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
535
536 hdr = skb->data[0];
537 skb_pull(skb, 1);
538
539 type = hdr & HIDP_HEADER_TRANS_MASK;
540 param = hdr & HIDP_HEADER_PARAM_MASK;
541
542 switch (type) {
543 case HIDP_TRANS_HANDSHAKE:
544 hidp_process_handshake(session, param);
545 break;
546
547 case HIDP_TRANS_HID_CONTROL:
548 hidp_process_hid_control(session, param);
549 break;
550
551 case HIDP_TRANS_DATA:
552 free_skb = hidp_process_data(session, skb, param);
553 break;
554
555 default:
556 hidp_send_ctrl_message(session,
557 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
558 break;
559 }
560
561 if (free_skb)
562 kfree_skb(skb);
563 }
564
565 static void hidp_recv_intr_frame(struct hidp_session *session,
566 struct sk_buff *skb)
567 {
568 unsigned char hdr;
569
570 BT_DBG("session %p skb %p len %d", session, skb, skb->len);
571
572 hdr = skb->data[0];
573 skb_pull(skb, 1);
574
575 if (hdr == (HIDP_TRANS_DATA | HIDP_DATA_RTYPE_INPUT)) {
576 hidp_set_timer(session);
577
578 if (session->input)
579 hidp_input_report(session, skb);
580
581 if (session->hid) {
582 hid_input_report(session->hid, HID_INPUT_REPORT, skb->data, skb->len, 1);
583 BT_DBG("report len %d", skb->len);
584 }
585 } else {
586 BT_DBG("Unsupported protocol header 0x%02x", hdr);
587 }
588
589 kfree_skb(skb);
590 }
591
592 static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
593 {
594 struct kvec iv = { data, len };
595 struct msghdr msg;
596
597 BT_DBG("sock %p data %p len %d", sock, data, len);
598
599 if (!len)
600 return 0;
601
602 memset(&msg, 0, sizeof(msg));
603
604 return kernel_sendmsg(sock, &msg, &iv, 1, len);
605 }
606
607 /* dequeue message from @transmit and send via @sock */
608 static void hidp_process_transmit(struct hidp_session *session,
609 struct sk_buff_head *transmit,
610 struct socket *sock)
611 {
612 struct sk_buff *skb;
613 int ret;
614
615 BT_DBG("session %p", session);
616
617 while ((skb = skb_dequeue(transmit))) {
618 ret = hidp_send_frame(sock, skb->data, skb->len);
619 if (ret == -EAGAIN) {
620 skb_queue_head(transmit, skb);
621 break;
622 } else if (ret < 0) {
623 hidp_session_terminate(session);
624 kfree_skb(skb);
625 break;
626 }
627
628 hidp_set_timer(session);
629 kfree_skb(skb);
630 }
631 }
632
633 static int hidp_setup_input(struct hidp_session *session,
634 struct hidp_connadd_req *req)
635 {
636 struct input_dev *input;
637 int i;
638
639 input = input_allocate_device();
640 if (!input)
641 return -ENOMEM;
642
643 session->input = input;
644
645 input_set_drvdata(input, session);
646
647 input->name = "Bluetooth HID Boot Protocol Device";
648
649 input->id.bustype = BUS_BLUETOOTH;
650 input->id.vendor = req->vendor;
651 input->id.product = req->product;
652 input->id.version = req->version;
653
654 if (req->subclass & 0x40) {
655 set_bit(EV_KEY, input->evbit);
656 set_bit(EV_LED, input->evbit);
657 set_bit(EV_REP, input->evbit);
658
659 set_bit(LED_NUML, input->ledbit);
660 set_bit(LED_CAPSL, input->ledbit);
661 set_bit(LED_SCROLLL, input->ledbit);
662 set_bit(LED_COMPOSE, input->ledbit);
663 set_bit(LED_KANA, input->ledbit);
664
665 for (i = 0; i < sizeof(hidp_keycode); i++)
666 set_bit(hidp_keycode[i], input->keybit);
667 clear_bit(0, input->keybit);
668 }
669
670 if (req->subclass & 0x80) {
671 input->evbit[0] = BIT_MASK(EV_KEY) | BIT_MASK(EV_REL);
672 input->keybit[BIT_WORD(BTN_MOUSE)] = BIT_MASK(BTN_LEFT) |
673 BIT_MASK(BTN_RIGHT) | BIT_MASK(BTN_MIDDLE);
674 input->relbit[0] = BIT_MASK(REL_X) | BIT_MASK(REL_Y);
675 input->keybit[BIT_WORD(BTN_MOUSE)] |= BIT_MASK(BTN_SIDE) |
676 BIT_MASK(BTN_EXTRA);
677 input->relbit[0] |= BIT_MASK(REL_WHEEL);
678 }
679
680 input->dev.parent = &session->conn->hcon->dev;
681
682 input->event = hidp_input_event;
683
684 return 0;
685 }
686
687 static int hidp_open(struct hid_device *hid)
688 {
689 return 0;
690 }
691
692 static void hidp_close(struct hid_device *hid)
693 {
694 }
695
696 static int hidp_parse(struct hid_device *hid)
697 {
698 struct hidp_session *session = hid->driver_data;
699
700 return hid_parse_report(session->hid, session->rd_data,
701 session->rd_size);
702 }
703
704 static int hidp_start(struct hid_device *hid)
705 {
706 struct hidp_session *session = hid->driver_data;
707 struct hid_report *report;
708
709 if (hid->quirks & HID_QUIRK_NO_INIT_REPORTS)
710 return 0;
711
712 list_for_each_entry(report, &hid->report_enum[HID_INPUT_REPORT].
713 report_list, list)
714 hidp_send_report(session, report);
715
716 list_for_each_entry(report, &hid->report_enum[HID_FEATURE_REPORT].
717 report_list, list)
718 hidp_send_report(session, report);
719
720 return 0;
721 }
722
723 static void hidp_stop(struct hid_device *hid)
724 {
725 struct hidp_session *session = hid->driver_data;
726
727 skb_queue_purge(&session->ctrl_transmit);
728 skb_queue_purge(&session->intr_transmit);
729
730 hid->claimed = 0;
731 }
732
733 static struct hid_ll_driver hidp_hid_driver = {
734 .parse = hidp_parse,
735 .start = hidp_start,
736 .stop = hidp_stop,
737 .open = hidp_open,
738 .close = hidp_close,
739 };
740
741 /* This function sets up the hid device. It does not add it
742 to the HID system. That is done in hidp_add_connection(). */
743 static int hidp_setup_hid(struct hidp_session *session,
744 struct hidp_connadd_req *req)
745 {
746 struct hid_device *hid;
747 int err;
748
749 session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
750 if (!session->rd_data)
751 return -ENOMEM;
752
753 if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
754 err = -EFAULT;
755 goto fault;
756 }
757 session->rd_size = req->rd_size;
758
759 hid = hid_allocate_device();
760 if (IS_ERR(hid)) {
761 err = PTR_ERR(hid);
762 goto fault;
763 }
764
765 session->hid = hid;
766
767 hid->driver_data = session;
768
769 hid->bus = BUS_BLUETOOTH;
770 hid->vendor = req->vendor;
771 hid->product = req->product;
772 hid->version = req->version;
773 hid->country = req->country;
774
775 strncpy(hid->name, req->name, sizeof(req->name) - 1);
776
777 snprintf(hid->phys, sizeof(hid->phys), "%pMR",
778 &bt_sk(session->ctrl_sock->sk)->src);
779
780 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
781 &bt_sk(session->ctrl_sock->sk)->dst);
782
783 hid->dev.parent = &session->conn->hcon->dev;
784 hid->ll_driver = &hidp_hid_driver;
785
786 hid->hid_get_raw_report = hidp_get_raw_report;
787 hid->hid_output_raw_report = hidp_output_raw_report;
788
789 /* True if device is blacklisted in drivers/hid/hid-core.c */
790 if (hid_ignore(hid)) {
791 hid_destroy_device(session->hid);
792 session->hid = NULL;
793 return -ENODEV;
794 }
795
796 return 0;
797
798 fault:
799 kfree(session->rd_data);
800 session->rd_data = NULL;
801
802 return err;
803 }
804
805 /* initialize session devices */
806 static int hidp_session_dev_init(struct hidp_session *session,
807 struct hidp_connadd_req *req)
808 {
809 int ret;
810
811 if (req->rd_size > 0) {
812 ret = hidp_setup_hid(session, req);
813 if (ret && ret != -ENODEV)
814 return ret;
815 }
816
817 if (!session->hid) {
818 ret = hidp_setup_input(session, req);
819 if (ret < 0)
820 return ret;
821 }
822
823 return 0;
824 }
825
826 /* destroy session devices */
827 static void hidp_session_dev_destroy(struct hidp_session *session)
828 {
829 if (session->hid)
830 put_device(&session->hid->dev);
831 else if (session->input)
832 input_put_device(session->input);
833
834 kfree(session->rd_data);
835 session->rd_data = NULL;
836 }
837
838 /* add HID/input devices to their underlying bus systems */
839 static int hidp_session_dev_add(struct hidp_session *session)
840 {
841 int ret;
842
843 /* Both HID and input systems drop a ref-count when unregistering the
844 * device but they don't take a ref-count when registering them. Work
845 * around this by explicitly taking a refcount during registration
846 * which is dropped automatically by unregistering the devices. */
847
848 if (session->hid) {
849 ret = hid_add_device(session->hid);
850 if (ret)
851 return ret;
852 get_device(&session->hid->dev);
853 } else if (session->input) {
854 ret = input_register_device(session->input);
855 if (ret)
856 return ret;
857 input_get_device(session->input);
858 }
859
860 return 0;
861 }
862
863 /* remove HID/input devices from their bus systems */
864 static void hidp_session_dev_del(struct hidp_session *session)
865 {
866 if (session->hid)
867 hid_destroy_device(session->hid);
868 else if (session->input)
869 input_unregister_device(session->input);
870 }
871
872 /*
873 * Create new session object
874 * Allocate session object, initialize static fields, copy input data into the
875 * object and take a reference to all sub-objects.
876 * This returns 0 on success and puts a pointer to the new session object in
877 * \out. Otherwise, an error code is returned.
878 * The new session object has an initial ref-count of 1.
879 */
880 static int hidp_session_new(struct hidp_session **out, const bdaddr_t *bdaddr,
881 struct socket *ctrl_sock,
882 struct socket *intr_sock,
883 struct hidp_connadd_req *req,
884 struct l2cap_conn *conn)
885 {
886 struct hidp_session *session;
887 int ret;
888 struct bt_sock *ctrl, *intr;
889
890 ctrl = bt_sk(ctrl_sock->sk);
891 intr = bt_sk(intr_sock->sk);
892
893 session = kzalloc(sizeof(*session), GFP_KERNEL);
894 if (!session)
895 return -ENOMEM;
896
897 /* object and runtime management */
898 kref_init(&session->ref);
899 atomic_set(&session->state, HIDP_SESSION_IDLING);
900 init_waitqueue_head(&session->state_queue);
901 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
902
903 /* connection management */
904 bacpy(&session->bdaddr, bdaddr);
905 session->conn = conn;
906 session->user.probe = hidp_session_probe;
907 session->user.remove = hidp_session_remove;
908 session->ctrl_sock = ctrl_sock;
909 session->intr_sock = intr_sock;
910 skb_queue_head_init(&session->ctrl_transmit);
911 skb_queue_head_init(&session->intr_transmit);
912 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl)->chan->omtu,
913 l2cap_pi(ctrl)->chan->imtu);
914 session->intr_mtu = min_t(uint, l2cap_pi(intr)->chan->omtu,
915 l2cap_pi(intr)->chan->imtu);
916 session->idle_to = req->idle_to;
917
918 /* device management */
919 setup_timer(&session->timer, hidp_idle_timeout,
920 (unsigned long)session);
921
922 /* session data */
923 mutex_init(&session->report_mutex);
924 init_waitqueue_head(&session->report_queue);
925
926 ret = hidp_session_dev_init(session, req);
927 if (ret)
928 goto err_free;
929
930 l2cap_conn_get(session->conn);
931 get_file(session->intr_sock->file);
932 get_file(session->ctrl_sock->file);
933 *out = session;
934 return 0;
935
936 err_free:
937 kfree(session);
938 return ret;
939 }
940
941 /* increase ref-count of the given session by one */
942 static void hidp_session_get(struct hidp_session *session)
943 {
944 kref_get(&session->ref);
945 }
946
947 /* release callback */
948 static void session_free(struct kref *ref)
949 {
950 struct hidp_session *session = container_of(ref, struct hidp_session,
951 ref);
952
953 hidp_session_dev_destroy(session);
954 skb_queue_purge(&session->ctrl_transmit);
955 skb_queue_purge(&session->intr_transmit);
956 fput(session->intr_sock->file);
957 fput(session->ctrl_sock->file);
958 l2cap_conn_put(session->conn);
959 kfree(session);
960 }
961
962 /* decrease ref-count of the given session by one */
963 static void hidp_session_put(struct hidp_session *session)
964 {
965 kref_put(&session->ref, session_free);
966 }
967
968 /*
969 * Search the list of active sessions for a session with target address
970 * \bdaddr. You must hold at least a read-lock on \hidp_session_sem. As long as
971 * you do not release this lock, the session objects cannot vanish and you can
972 * safely take a reference to the session yourself.
973 */
974 static struct hidp_session *__hidp_session_find(const bdaddr_t *bdaddr)
975 {
976 struct hidp_session *session;
977
978 list_for_each_entry(session, &hidp_session_list, list) {
979 if (!bacmp(bdaddr, &session->bdaddr))
980 return session;
981 }
982
983 return NULL;
984 }
985
986 /*
987 * Same as __hidp_session_find() but no locks must be held. This also takes a
988 * reference of the returned session (if non-NULL) so you must drop this
989 * reference if you no longer use the object.
990 */
991 static struct hidp_session *hidp_session_find(const bdaddr_t *bdaddr)
992 {
993 struct hidp_session *session;
994
995 down_read(&hidp_session_sem);
996
997 session = __hidp_session_find(bdaddr);
998 if (session)
999 hidp_session_get(session);
1000
1001 up_read(&hidp_session_sem);
1002
1003 return session;
1004 }
1005
1006 /*
1007 * Start session synchronously
1008 * This starts a session thread and waits until initialization
1009 * is done or returns an error if it couldn't be started.
1010 * If this returns 0 the session thread is up and running. You must call
1011 * hipd_session_stop_sync() before deleting any runtime resources.
1012 */
1013 static int hidp_session_start_sync(struct hidp_session *session)
1014 {
1015 unsigned int vendor, product;
1016
1017 if (session->hid) {
1018 vendor = session->hid->vendor;
1019 product = session->hid->product;
1020 } else if (session->input) {
1021 vendor = session->input->id.vendor;
1022 product = session->input->id.product;
1023 } else {
1024 vendor = 0x0000;
1025 product = 0x0000;
1026 }
1027
1028 session->task = kthread_run(hidp_session_thread, session,
1029 "khidpd_%04x%04x", vendor, product);
1030 if (IS_ERR(session->task))
1031 return PTR_ERR(session->task);
1032
1033 while (atomic_read(&session->state) <= HIDP_SESSION_IDLING)
1034 wait_event(session->state_queue,
1035 atomic_read(&session->state) > HIDP_SESSION_IDLING);
1036
1037 return 0;
1038 }
1039
1040 /*
1041 * Terminate session thread
1042 * Wake up session thread and notify it to stop. This is asynchronous and
1043 * returns immediately. Call this whenever a runtime error occurs and you want
1044 * the session to stop.
1045 * Note: wake_up_process() performs any necessary memory-barriers for us.
1046 */
1047 static void hidp_session_terminate(struct hidp_session *session)
1048 {
1049 atomic_inc(&session->terminate);
1050 wake_up_process(session->task);
1051 }
1052
1053 /*
1054 * Probe HIDP session
1055 * This is called from the l2cap_conn core when our l2cap_user object is bound
1056 * to the hci-connection. We get the session via the \user object and can now
1057 * start the session thread, register the HID/input devices and link it into
1058 * the global session list.
1059 * The global session-list owns its own reference to the session object so you
1060 * can drop your own reference after registering the l2cap_user object.
1061 */
1062 static int hidp_session_probe(struct l2cap_conn *conn,
1063 struct l2cap_user *user)
1064 {
1065 struct hidp_session *session = container_of(user,
1066 struct hidp_session,
1067 user);
1068 struct hidp_session *s;
1069 int ret;
1070
1071 down_write(&hidp_session_sem);
1072
1073 /* check that no other session for this device exists */
1074 s = __hidp_session_find(&session->bdaddr);
1075 if (s) {
1076 ret = -EEXIST;
1077 goto out_unlock;
1078 }
1079
1080 ret = hidp_session_start_sync(session);
1081 if (ret)
1082 goto out_unlock;
1083
1084 ret = hidp_session_dev_add(session);
1085 if (ret)
1086 goto out_stop;
1087
1088 hidp_session_get(session);
1089 list_add(&session->list, &hidp_session_list);
1090 ret = 0;
1091 goto out_unlock;
1092
1093 out_stop:
1094 hidp_session_terminate(session);
1095 out_unlock:
1096 up_write(&hidp_session_sem);
1097 return ret;
1098 }
1099
1100 /*
1101 * Remove HIDP session
1102 * Called from the l2cap_conn core when either we explicitly unregistered
1103 * the l2cap_user object or if the underlying connection is shut down.
1104 * We signal the hidp-session thread to shut down, unregister the HID/input
1105 * devices and unlink the session from the global list.
1106 * This drops the reference to the session that is owned by the global
1107 * session-list.
1108 * Note: We _must_ not synchronosly wait for the session-thread to shut down.
1109 * This is, because the session-thread might be waiting for an HCI lock that is
1110 * held while we are called. Therefore, we only unregister the devices and
1111 * notify the session-thread to terminate. The thread itself owns a reference
1112 * to the session object so it can safely shut down.
1113 */
1114 static void hidp_session_remove(struct l2cap_conn *conn,
1115 struct l2cap_user *user)
1116 {
1117 struct hidp_session *session = container_of(user,
1118 struct hidp_session,
1119 user);
1120
1121 down_write(&hidp_session_sem);
1122
1123 hidp_session_terminate(session);
1124 hidp_session_dev_del(session);
1125 list_del(&session->list);
1126
1127 up_write(&hidp_session_sem);
1128
1129 hidp_session_put(session);
1130 }
1131
1132 /*
1133 * Session Worker
1134 * This performs the actual main-loop of the HIDP worker. We first check
1135 * whether the underlying connection is still alive, then parse all pending
1136 * messages and finally send all outstanding messages.
1137 */
1138 static void hidp_session_run(struct hidp_session *session)
1139 {
1140 struct sock *ctrl_sk = session->ctrl_sock->sk;
1141 struct sock *intr_sk = session->intr_sock->sk;
1142 struct sk_buff *skb;
1143
1144 for (;;) {
1145 /*
1146 * This thread can be woken up two ways:
1147 * - You call hidp_session_terminate() which sets the
1148 * session->terminate flag and wakes this thread up.
1149 * - Via modifying the socket state of ctrl/intr_sock. This
1150 * thread is woken up by ->sk_state_changed().
1151 *
1152 * Note: set_current_state() performs any necessary
1153 * memory-barriers for us.
1154 */
1155 set_current_state(TASK_INTERRUPTIBLE);
1156
1157 if (atomic_read(&session->terminate))
1158 break;
1159
1160 if (ctrl_sk->sk_state != BT_CONNECTED ||
1161 intr_sk->sk_state != BT_CONNECTED)
1162 break;
1163
1164 /* parse incoming intr-skbs */
1165 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
1166 skb_orphan(skb);
1167 if (!skb_linearize(skb))
1168 hidp_recv_intr_frame(session, skb);
1169 else
1170 kfree_skb(skb);
1171 }
1172
1173 /* send pending intr-skbs */
1174 hidp_process_transmit(session, &session->intr_transmit,
1175 session->intr_sock);
1176
1177 /* parse incoming ctrl-skbs */
1178 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
1179 skb_orphan(skb);
1180 if (!skb_linearize(skb))
1181 hidp_recv_ctrl_frame(session, skb);
1182 else
1183 kfree_skb(skb);
1184 }
1185
1186 /* send pending ctrl-skbs */
1187 hidp_process_transmit(session, &session->ctrl_transmit,
1188 session->ctrl_sock);
1189
1190 schedule();
1191 }
1192
1193 atomic_inc(&session->terminate);
1194 set_current_state(TASK_RUNNING);
1195 }
1196
1197 /*
1198 * HIDP session thread
1199 * This thread runs the I/O for a single HIDP session. Startup is synchronous
1200 * which allows us to take references to ourself here instead of doing that in
1201 * the caller.
1202 * When we are ready to run we notify the caller and call hidp_session_run().
1203 */
1204 static int hidp_session_thread(void *arg)
1205 {
1206 struct hidp_session *session = arg;
1207 wait_queue_t ctrl_wait, intr_wait;
1208
1209 BT_DBG("session %p", session);
1210
1211 /* initialize runtime environment */
1212 hidp_session_get(session);
1213 __module_get(THIS_MODULE);
1214 set_user_nice(current, -15);
1215 hidp_set_timer(session);
1216
1217 init_waitqueue_entry(&ctrl_wait, current);
1218 init_waitqueue_entry(&intr_wait, current);
1219 add_wait_queue(sk_sleep(session->ctrl_sock->sk), &ctrl_wait);
1220 add_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1221 /* This memory barrier is paired with wq_has_sleeper(). See
1222 * sock_poll_wait() for more information why this is needed. */
1223 smp_mb();
1224
1225 /* notify synchronous startup that we're ready */
1226 atomic_inc(&session->state);
1227 wake_up(&session->state_queue);
1228
1229 /* run session */
1230 hidp_session_run(session);
1231
1232 /* cleanup runtime environment */
1233 remove_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1234 remove_wait_queue(sk_sleep(session->intr_sock->sk), &ctrl_wait);
1235 wake_up_interruptible(&session->report_queue);
1236 hidp_del_timer(session);
1237
1238 /*
1239 * If we stopped ourself due to any internal signal, we should try to
1240 * unregister our own session here to avoid having it linger until the
1241 * parent l2cap_conn dies or user-space cleans it up.
1242 * This does not deadlock as we don't do any synchronous shutdown.
1243 * Instead, this call has the same semantics as if user-space tried to
1244 * delete the session.
1245 */
1246 l2cap_unregister_user(session->conn, &session->user);
1247 hidp_session_put(session);
1248
1249 module_put_and_exit(0);
1250 return 0;
1251 }
1252
1253 static int hidp_verify_sockets(struct socket *ctrl_sock,
1254 struct socket *intr_sock)
1255 {
1256 struct bt_sock *ctrl, *intr;
1257 struct hidp_session *session;
1258
1259 if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock))
1260 return -EINVAL;
1261
1262 ctrl = bt_sk(ctrl_sock->sk);
1263 intr = bt_sk(intr_sock->sk);
1264
1265 if (bacmp(&ctrl->src, &intr->src) || bacmp(&ctrl->dst, &intr->dst))
1266 return -ENOTUNIQ;
1267 if (ctrl->sk.sk_state != BT_CONNECTED ||
1268 intr->sk.sk_state != BT_CONNECTED)
1269 return -EBADFD;
1270
1271 /* early session check, we check again during session registration */
1272 session = hidp_session_find(&ctrl->dst);
1273 if (session) {
1274 hidp_session_put(session);
1275 return -EEXIST;
1276 }
1277
1278 return 0;
1279 }
1280
1281 int hidp_connection_add(struct hidp_connadd_req *req,
1282 struct socket *ctrl_sock,
1283 struct socket *intr_sock)
1284 {
1285 struct hidp_session *session;
1286 struct l2cap_conn *conn;
1287 struct l2cap_chan *chan = l2cap_pi(ctrl_sock->sk)->chan;
1288 int ret;
1289
1290 ret = hidp_verify_sockets(ctrl_sock, intr_sock);
1291 if (ret)
1292 return ret;
1293
1294 conn = NULL;
1295 l2cap_chan_lock(chan);
1296 if (chan->conn) {
1297 l2cap_conn_get(chan->conn);
1298 conn = chan->conn;
1299 }
1300 l2cap_chan_unlock(chan);
1301
1302 if (!conn)
1303 return -EBADFD;
1304
1305 ret = hidp_session_new(&session, &bt_sk(ctrl_sock->sk)->dst, ctrl_sock,
1306 intr_sock, req, conn);
1307 if (ret)
1308 goto out_conn;
1309
1310 ret = l2cap_register_user(conn, &session->user);
1311 if (ret)
1312 goto out_session;
1313
1314 ret = 0;
1315
1316 out_session:
1317 hidp_session_put(session);
1318 out_conn:
1319 l2cap_conn_put(conn);
1320 return ret;
1321 }
1322
1323 int hidp_connection_del(struct hidp_conndel_req *req)
1324 {
1325 struct hidp_session *session;
1326
1327 session = hidp_session_find(&req->bdaddr);
1328 if (!session)
1329 return -ENOENT;
1330
1331 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG))
1332 hidp_send_ctrl_message(session,
1333 HIDP_TRANS_HID_CONTROL |
1334 HIDP_CTRL_VIRTUAL_CABLE_UNPLUG,
1335 NULL, 0);
1336 else
1337 l2cap_unregister_user(session->conn, &session->user);
1338
1339 hidp_session_put(session);
1340
1341 return 0;
1342 }
1343
1344 int hidp_get_connlist(struct hidp_connlist_req *req)
1345 {
1346 struct hidp_session *session;
1347 int err = 0, n = 0;
1348
1349 BT_DBG("");
1350
1351 down_read(&hidp_session_sem);
1352
1353 list_for_each_entry(session, &hidp_session_list, list) {
1354 struct hidp_conninfo ci;
1355
1356 hidp_copy_session(session, &ci);
1357
1358 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1359 err = -EFAULT;
1360 break;
1361 }
1362
1363 if (++n >= req->cnum)
1364 break;
1365
1366 req->ci++;
1367 }
1368 req->cnum = n;
1369
1370 up_read(&hidp_session_sem);
1371 return err;
1372 }
1373
1374 int hidp_get_conninfo(struct hidp_conninfo *ci)
1375 {
1376 struct hidp_session *session;
1377
1378 session = hidp_session_find(&ci->bdaddr);
1379 if (session) {
1380 hidp_copy_session(session, ci);
1381 hidp_session_put(session);
1382 }
1383
1384 return session ? 0 : -ENOENT;
1385 }
1386
1387 static int __init hidp_init(void)
1388 {
1389 BT_INFO("HIDP (Human Interface Emulation) ver %s", VERSION);
1390
1391 return hidp_init_sockets();
1392 }
1393
1394 static void __exit hidp_exit(void)
1395 {
1396 hidp_cleanup_sockets();
1397 }
1398
1399 module_init(hidp_init);
1400 module_exit(hidp_exit);
1401
1402 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1403 MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>");
1404 MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1405 MODULE_VERSION(VERSION);
1406 MODULE_LICENSE("GPL");
1407 MODULE_ALIAS("bt-proto-6");
1408
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.